B GIO DC V O TO I HC NGOI NG TIN HC THNH PH H CH MINH

________________________

m toi

LUN VN TT NGHIP C NHN CNTT

CC KIU TN CNG TRN MNG

Gio vin hung dn:

Thy ng Trng Sn

Nhm sinh vin thc hin: ng Phm Phc Duy- MASV:0611180 Nguyn Hong Quc Phong - MASV:0611235

THNH PH H CH MINH NM 2010

M U
Hin nay, cng ngh thng tin ang pht trin ngy cng mnh m. Nhu cu s dng mng trong i sng hng ngy l rt cao, u im ca mng my tnh c th hin kh r trong mi lnh vc ca cuc sng. chnh l s trao i, chia s, lu tr v bo v thng tin. Nhng liu khi tham gia vo hot ng trn mng thng tin ca chng ta c thc s an ton, l cu hi m nhiu ngi thng xuyn t ra v i tm li gii p. Bn cnh nn tng mng my tnh hu tuyn, mng my tnh khng dy ngay t khi ra i th hin nhiu u im ni bt v linh hot, tnh gin n, kh nng tin dng. Do c im trao i thng tin trong khng gian truyn sng nn kh nng thng tin b r r ra ngoi l iu d hiu.Nu chng ta khng khc phc nhng im yu ny th mi trng mng s tr thnh mt mnh t mu m cho nhng hacker xm nhp, gy ra s tht thot thng tin, tin bc. Do bo mt trong mng ang l mt vn nng bng hin nay. n ny chng em s miu t cc cch thc tn cng tng qut trn mng v tm hiu cc cch tn cng c th vo mng khng dy. Qua gip chng ta bit cch phng chng nhng nguy c tim n khi tham gia trao i thng tin trn mng. Chng em rt cm n s hng dn nhit tnh ca thy ng Trng Sn v xin trn trng cm n qu Thy C trong khoa Cng Ngh Thng Tin trng i Hc Ngoi Ng Tin Hc Tp H Ch Minh tn tnh ging dy, truyn t nhng kin thc qu bu trong sut thi gian qua lm nn tng v to iu kin cho chng em hon thnh bi bo co ny. Mc d n lc ht sc mnh, song chc chn bi bo co khng trnh khi nhiu thiu st. Chng em rt mong nhn c s ch bo tn tnh ca qu Thy C v cc bn. Tp.HCM, ngy 22 thng 6 nm 2010 ng Phm Phc Duy Nguyn Hong Quc Phong

NI DUNG BO CO
Chng 1.Gii thiu: Tng quan v tnh hnh an ninh mng trong nhng nm gn y. Cc kiu tn cng ph bin trn mng, ng thi nu ln mc ch, ni dung v ngha ca bo co. Chng 2.Cc kiu tn cng trn mng: Trnh by cc kiu tn cng thng dng trn mng hin nay nh: Sniff, la o trc tuyn (Phishing), SQL Injection, tn cng t chi dch v. Cc phng php phng chng cc kiu tn cng trn. Chng 3.Mng khng dy: Tng quan v Wireless, WLAN, cc cng ngh trong WLAN. Cc m hnh mng WLAN, ng thi cng cho thy u v nhc im ca WLAN. Chng 4.Bo mt mng khng dy: Tng quan v cch thc m ha truyn dn trong WLAN.Nguyn l hot ng, u nhc im ca cc phng thc bo mt cho mng khng dy. Chng 5.Tn cng mng khng dy: Trnh by cc kiu tn cng c th trn mng khng dy, v cch phng chng cc kiu tn cng . Chng 6.Demo: Thc hin tn ly mt khu ca mng khng dy c bo mt bng WEP. Sau thc hin tn cng Man In Middle Attack kt hp vi Phishing trong mng chim ly ti khon truy nhp website ca ngi dng.

MC LC
CHNG 1: GII THIU ..................................................................................... 8 1.1. Tng quan tnh hnh an ninh mng trong nhng nm gn y. ........................ 8 1.2. Cc kiu tn cng ph bin trn mng my tnh. ............................................. 9 1.3. Mc tiu ca bo co. ..................................................................................... 11 CHNG 2: CC KIU TN CNG TRN MNG ...................................... 12 2.1. K thut bt gi tin dung Sniff. ...................................................................... 12 2.1.1 Cc loi Sniff v c ch hot ng........................................................... 12 2.1.2. Cch pht hin Sniff. ................................................................................ 13 2.1.3. Cch phng chng Sniff. .......................................................................... 14 2.1.4. Tng kt Sniff. .......................................................................................... 15 2.2. Phishing........................................................................................................... 16 2.2.1. C ch hot ng. ..................................................................................... 16 2.2.2. Cch phng phng chng. ........................................................................ 17 2.2.3. Tng kt Phishing ..................................................................................... 20 2.3. SQL injection .................................................................................................. 21 2.3.1. Dng tn cng vt qua kim tra ng nhp. ........................................... 22 2.3.2. Dng tn cng s dng cu lnh SELECT. .............................................. 24 2.3.4. Dng tn cng s dng cu lnh INSERT. .............................................. 25 2.3.5. Dng tn cng s dng stored-procedures ............................................... 26 2.3.6. Cch phng chng sql injection. .............................................................. 26 2.4. Tn cng t chi dch v. ............................................................................... 28 2.4.1. SYN Attack .............................................................................................. 29 2.4.2. Flood Attack ............................................................................................. 32 2.4.3. Tn cng t chi dch v kiu phn tn-DDdos....................................... 32 2.4.4. Tn cng t chi dch v phn x nhiu vng DRDOS. .......................... 34

2.4.5. Tng kt tn cng dch v. ....................................................................... 35 CHNG 3: CNG NGH MNG KHNG DY.......................................... 37 3.1. Gii thiu v Wireless .................................................................................... 37 3.2. Cc t chc chnh v knh truyn sng trong mng Wireless. ...................... 37 3.3. Cc chun Wireless......................................................................................... 38 3.3.1. Cc chun ca 802.11. .............................................................................. 38 3.3.1.1. Nhm lp vt l PHY......................................................................... 39 3.3.1.2. Nhm lin kt d liu MAC............................................................... 41 3.3.2. Gii thiu mt s cng ngh mng khng dy. ........................................ 42 3.4. Gii thiu Wireless Lan .................................................................................. 44 3.4.1. Lch s ra i. ........................................................................................... 44 3.4.2. u im ca WLAN. ............................................................................... 45 3.4.3. Nhc im ca WLAN........................................................................... 46 3.4.4. Cc m hnh mng WLAN. ...................................................................... 46 3.4.5. Cc thit b ph tr WLAN. ..................................................................... 49 3.4.6. WireLess Access Point ............................................................................. 49 3.4.7. M hnh thc t ca mng WLAN. .......................................................... 51 3.4.8. Mt s c ch trao i thng tin trong WLAN ........................................ 52 3.5. Tng kt chng ............................................................................................. 53 CHNG 4: BO MT MNG KHNG DY ............................................... 54 4.1. Cch thc tin hnh bo mt cho WLAN ....................................................... 54 4.2. C ch chng thc .......................................................................................... 55 4.2.1. Nguyn l RADIUS SERVER ................................................................. 55 4.2.2. Giao thc chng thc m rng EAP ........................................................ 57 4.3. Tng quan v m ha ...................................................................................... 59 4.3.1. Mt m dng ............................................................................................. 59 4.3.2. Mt m khi .............................................................................................. 60 4.4. Cc phng thc bo mt trong WLAN ........................................................ 62 4.4.1. Bo mt bng WEP .................................................................................. 62

4.4.1.

u v nhc im ca WEP .............................................................. 68

4.4.2. Bo mt bng WPA/WPA2. ..................................................................... 68 4.4.4. Bo mt bng TKIP .................................................................................. 70 4.4.5. Bo mt bng AES ................................................................................... 71 4.4.6 Lc (Filtering). ......................................................................................... 71 4.4.6.1. Lc SSID ............................................................................................ 72 4.4.6.2. Lc a ch MAC................................................................................ 72 4.4.6.3. Lc Giao Thc ................................................................................... 74 4.5. Tng kt chng ............................................................................................. 75 CHNG 5: CC KIU TN CNG TRONG WLAN .................................. 76 5.1. S khc nhau gia tn cng mng c dy v khng dy ................................ 76 5.2. Tn cng b ng (Passive attack) .................................................................. 76 5.2.1. Phng thc bt gi tin (Sniffing). .......................................................... 77 5.3. Tn cng ch ng (Active Attack). .............................................................. 79 5.3.1. Mo danh truy cp tri php ..................................................................... 81 5.3.2. Tn cng t chi dch v-DOS................................................................. 81 5.3.3. Tn cng cng ot iu khin v sa i thng tin. ............................ 84 5.3.4. D mt khu bng t in ........................................................................ 85 5.4. Jamming (tn cng bng cch gy ghn)........................................................ 86 5.5. Tn cng theo kiu ng gia(Man-in-the-middle Attack) ........................... 88 5.4. Tng kt chng ............................................................................................. 89 CHNG 6: DEMO TN CNG VO MNG KHNG DY ..................... 90 6.1. B kha mt khu mng wifi chun WEP ...................................................... 90 6.2. Cc bc thc hin ......................................................................................... 90 6.3. Gi mo DNS (DNS Spoofing) ...................................................................... 96 6.4. Cc bc thc hin ......................................................................................... 98 KT LUN V HNG PHT TRIN .......................................................... 101 TI LIU THAM KHO ................................................................................... 102

DANH MC CH VIT TT
WPA: Wifi Protectedd Access. WEP: Wired Equivalent Privacy. WLAN: Wireless Lan. TKIP: Temporal Key Integrity Protocol. AES: Advanced Encryption Standard. SSID: Service Set identifier. FHSS: Frequency Hopping Spread Spectrum. IEEE: Institute of Electrical and Electronic Engineers. OFMD: Orthogonal frequency-division multiplexing.

CHNG 1: GII THIU

1.1. Tng quan tnh hnh an ninh mng trong nhng nm gn y. C th ni rng th k 21 v ang chng kin s pht trin vt bc trong ngnh cng ngh thng tin (CNTT). CNTT to nn mt cuc cch mng thc s trong mi lnh vc ca khoa hc v i sng. Mng my tnh l mt v d in hnh cho sc mnh ca CNTT. u im ca mng my tnh c th hin kh r trong mi lnh vc ca cuc sng. chnh l s trao i, chia s, lu tr v bo v thng tin. Do mng my tnh tr thnh ming mi ngon cho nhng hacker xm nhp nh chim ot thng tin gy gin on thng tin lin lc. Tnh hnh an ninh mng trong nhng nm gn y chuyn bin rt phc tp, vi s xut hin ca cc loi hnh c ln mi: - Trojans chim ti hn mt na s m c mi: Vn tip tc xu th gn y, trong na u nm 2009, Trojans chim ti 55% tng s lng m c mi, tng 9% so vi na u nm 2008. Trojans nh cp thng tin l loi m c ph bin nht. - Gn mt na s l hng an ninh vn cn cha c v: Ging vi cui nm 2008, gn mt na (49%) tng s l hng an ninh c cng b trong na u nm 2009 vn cha c cc bn v do nh cung cp pht hnh ( Tnh n khi kt thc giai on nghin cu.) - M cc c Conficker: Khi u thng 12 nm 2008 v pht trin mnh vo thng 4 nm 2009, Conficker gy tr ngi cho cc nh nghin cu an ninh v gy ra s hoang mang cho cng ng ngi dng my tnh. Hu qu ny minh chng cho s tinh vi v phc tp ca cc ti phm mng. Theo thng k, Vit Nam ng th nm v Indonesia ng th tm trong cc nc c t l my tnh nhim loi m c ny. - URL spam vn tip tc ng u, nhng spam hnh nh cng ang quay tr li: Sau khi gn nh bin mt vo nm 2008, spam hnh nh (image-based spam) quay tr li trong na u nm 2009, nhng vn ch chim khng y 10% tng s spam. - Xut hin li nhng kiu tn cng c nhng tinh vi hn : Trong nhng tn cng bng su my tnh trn din rng s li ph bin v Trojan vn tip

tc ng vai tr ch yu trong cc hot ng tn cng qua mng. Cc loi hnh tn cng t chi dch v din ra trn quy m ln trong na u nm 2009. - Xut hin cc kiu tn cng mi: u nm 2010 cc mng x hi o cng b tn cng chim ly ti khon thng tin nhiu hn. in ton m my ang c coi l nh ngm ca cc hacker trong nhng thng tip theo (Ngun http://www.pcworld.com.vn). 1.2. Cc kiu tn cng ph bin trn mng my tnh.

- Tn cng trc tip: Nhng cuc tn cng trc tip thng thng c s dng trong giai on u chim quyn truy nhp bn trong. Mt phng php tn cng c in l d tm tn ngi s dng v mt khu. y l phng php n gin, d thc hin v khng i hi mt iu kin c bit no bt u. K tn cng c th s dng nhng thng tin nh tn ngi dng, ngy sinh, a ch, s nh on mt khu. Trong trng hp c c danh sch ngi s dng v nhng thng tin v mi trng lm vic, c mt trng trnh t ng ho v vic d tm mt khu ny. Trong mt s trng hp phng php ny cho php k tn cng c c quyn ca ngi qun tr h thng (root hay administrator). - Nghe trm: Vic nghe trm thng tin trn mng c th a li nhng thng tin c ch nh tn, mt khu ca ngi s dng, cc thng tin mt chuyn qua mng. Vic nghe trm thng c tin hnh ngay sau khi k tn cng chim c quyn truy nhp h thng, thng qua cc chng trnh cho php a card giao tip mng (Network Interface Card-NIC) vo ch nhn ton b cc thng tin lu truyn trn mng. Nhng thng tin ny cng c th d dng ly c trn Internet. - Gi mo a ch: Vic gi mo a ch IP c th c thc hin thng qua vic s dng kh nng dn ng trc tip (source-routing). Vi cch tn cng ny, k tn cng gi cc gi tin IP ti mng bn trong vi mt a ch IP gi mo (thng thng l a ch ca mt mng hoc mt my c coi l

10

an ton i vi mng bn trong), ng thi ch r ng dn m cc gi tin IP phi gi i. - V hiu cc chc nng ca h thng: y l kiu tn cng nhm t lit h thng, khng cho n thc hin chc nng m n thit k. Kiu tn cng ny khng th ngn chn c, do nhng phng tin c t chc tn cng cng chnh l cc phng tin lm vic v truy nhp thng tin trn mng. V d s dng lnh ping vi tc cao nht c th, buc mt h thng tiu hao ton b tc tnh ton v kh nng ca mng tr li cc lnh ny, khng cn cc ti nguyn thc hin nhng cng vic c ch khc. - Li ca ngi qun tr h thng: y khng phi l mt kiu tn cng ca nhng k t nhp, tuy nhin li ca ngi qun tr h thng thng to ra nhng l hng cho php k tn cng s dng truy nhp vo mng ni b. - Tn cng vo yu t con ngi: K tn cng c th lin lc vi mt ngi qun tr h thng, gi lm mt ngi s dng yu cu thay i mt khu, thay i quyn truy nhp ca mnh i vi h thng, hoc thm ch thay i mt s cu hnh ca h thng thc hin cc phng php tn cng khc. Vi kiu tn cng ny khng mt thit b no c th ngn chn mt cch hu hiu, v ch c mt cch gio dc ngi s dng mng ni b v nhng yu cu bo mt cao cnh gic vi nhng hin tng ng nghi. Ni chung yu t con ngi l mt im yu trong bt k mt h thng bo v no, v ch c s gio dc cng vi tinh thn hp tc t pha ngi s dng c th nng cao c an ton ca h thng bo v.

11

1.3.

Mc tiu ca bo co.

Vi s pht trin mnh m ca mng my tnh hin nay, nhu cu s dng mng cho vic trao i v chia s thng tin, tham gia trao i bun bn. Th mng my tnh tr thnh mi trng d tn cng nht cho cc hacker. Do bo mt mng ang tr ang l iu cp thit vi nhu cu hin nay. Bi bo co cc kiu tn cng trn mng c thc hin nhm mc tiu bo co v cc kiu tn cng ph bin trn mng. Tm hiu cng ngh mng khng dy v cc phng php tn cng. V quan trng l cch phng chng nhng cch tn cng trn. Mc tiu ra l: Tm hiu mt s kiu tn cng ph bin trn mng. Tm hiu cng ngh mng khng dy cc phng php tn cng c th vo mng khng dy. Cch phng phng cc kiu tn cng trn.

12

CHNG 2: CC KIU TN CNG TRN MNG

2.1. K thut bt gi tin dung Sniff.

Khi nim: Sniffer l mt hnh thc nghe ln trn h thng mng, da trn nhng c im ca c ch TCP/IP.Sniffer l mt k thut bo mt, c pht trin nhm gip nhng nh qun tr mng (QTM) khai thc mng hiu qu hn v c th kim tra cc d liu ra vo mng, cng nh cc d liu chy trong mng. Chng nng ca Sniff: - c pht trin thu thp cc gi tin trong h thng. - Mc ch ban u l gip cc nh qun tr mng qun l tt h thng, kim tra cc li hay cc gi tin l. - Sau ny cc hacker dng phng php ny ly ti khon, mt khu hay cc thng tin nhy cm khc. - Bin th ca Sniffer l cc chng trnh nghe ln bt hp php nh: Cng c nghe ln Yahoo, MSN, n cp password Email vv Nhng iu kin Sniff xy ra: - Sniff c th hot ng trong mng Lan, mng WAN, mng WLAN. - iu kin cn ch l dng cung Subnet Mark khi Sniffer. - Ngoi ra ta cn cn mt cng c bt v phn tch gi tin nh: Cain&Abel, Ettercap, HTTP sniffer. 2.1.1 Cc loi Sniff v c ch hot ng.

Active sniff: - Mi trng: ch yu hot ng trong mi trng c cc thit b chuyn mch gi.Ph bin hin nay l cc dng mch s dng switch. - C ch hot ng: Ch yu hin nay thng dng c ch ARP v RARP (2 c ch chuyn i t IP sang MAC v t MAC sang IP) bng cch pht i

13

cc gi tin u c, m c th y l pht i cc gi thng bo cho my gi gi tin l ti l ngi nhn mc khng phi l ngi nhn. - c im: do phi gi gi tin i nn c th chim bng thng mng.Nu sniff qu nhiu my trong mng th lng gi gi i s rt ln (do lin tc gi i cc gi tin gi mo) c th dn n nghn mng hay gy qu ti trn chnh NIC ca my ang dng sniff (tht nt c chai). Ngoi ra cc sniffer cn dng mt s k thut p dng d liu i qua NIC ca mnh nh: - MAC fooding: lm trn b nh switch t switch s chy ch forwarding m khng chuyn mch gi. - Gi MAC: cc sniffer s thay i MAC ca mnh thnh MAC ca mt my hp l v qua c chc nng lc MAC ca thit b. - u c DHCP thay i gateway ca client. Passive sniff: - Mi trng: ch yu hot ng trong mi trng khng c cc thit b chuyn mch gi.Ph bin hin nay l cc dng mng s dng hub, hay cc mng khng dy. - C ch hot ng: do khng c cc thit b chuyn mch gi nn cc host phi b broadcast cc gi tin i trong mng t c th bt gi tin li xem (d host nhn gi tin khng phi l ni n ca gi tin ). - c im: do cc my t broadcast cc gi nn hnh thc sniff ny rt kh pht hin. 2.1.2. Cch pht hin Sniff.

i vi active sniff: Da vo qu trnh u c arp ca sniffer pht hin: - V phi u c arp nn sniffer s lin tc gi cc gi tin u c ti cc victim. Do , ta c th dng mt s cng c bt gi trong mng c th pht hin.

14

- Mt cch khc ta c th kim tra bng arp ca host. Nu ta thy trong bng arp ny c hai MAC ging nhau th lc ny c kh nng mng ang b sniffer. Da trn bng thng: - Do qu trnh gi gi tin u c ca sniffer nn qu trnh ny c th chim bng thng, t y ta c th dng mt s cng c kim tra bng thng pht hin. - Tuy nhin cch ny khng hiu qu v chnh xc cng khng cao. Cc cng c pht hin sniff hay pht hin u c arp: - Xarp - Arpwatch - Symantec EndPoint i vi Passive Sniff: - Kh c kh nng pht hin, v bt k host no trong mng cng c th bt c gi tin. - Tuy nhin dng mng loi sniff ny hot ng ch yu dng mng thng dng trong gia nh rt t s dng cho doanh nghip. - Tuy nhin,hin nay cc doanh nghip thng dng mng khng dy cho cc my tnh xch tay th c th s dng thm cc tnh nng lc MAC ca thit b, hay c th xc thc bng ti khon,mt khu hay kha truy cp. 2.1.3. Cch phng chng Sniff.

Active Sniff: - Cng c kim tra bng thng: Nh nu trn cc sniffer c th gy nghn mng do c th dng cc cng c kim tra bng thng. Tuy nhin, cch lm ny khng hiu qu. - Cng c bt gi tin: Cc sniffer phi u c arp nn s gi arp i lin tc, nu dng cc cng c ny ta c th thy c ai ang sniff trong mng.Cch

15

ny tng i hiu qu hn, nhng c mt vi cng c sniff c th gi IP v MAC nh la. - Thit b: i vi thit b ta c th dng cc loi c chc nng lc MAC phng chng.Ring vi switch c th dng thm chc nng VLAN trunking, c th kt hp thm chc nng port security (tng i hiu qu do dng VLAN v kt hp thm cc chc nng bo mt). - Cch khc: Ngoi ra ta c th cu hnh SSL, tuy hiu qu, nhng cha cao vn c kh nng b ly thng tin. i vi ngi dng: - Dng cc cng c pht hin Sniff ( k trn): Khi c thay i v thng tin arp th cc cng c ny s cnh bo cho ngi s dng. - Cn trng vi cc thng bo t h thng hay trnh duyt web: Do mt s cng c sniff c th gi CA (Cain & Abel) nn khi b sniff h thng hay trnh duyt c th thng bo l CA khng hp l. - Tt chc nng Netbios (ngi dng cp cao) qu trnh qut host ca cc sniffer khng thc hin c. Tuy nhin cch ny kh c th p dng thc t nguyn nhn l do switch c th lu MAC trong bng thng tin ca n thng qua qu trnh hot ng. Passive sniff: Dng sniff ny rt kh pht hin cng nh phng chng. Thay th cc hub bng cc switch, lc ny cc gi tin s khng cn broadcast i na , nhng lc ny ta li ng trc nguy c b sniff dng active. Tng kt Sniff.

2.1.4.

- Sniff l hnh thc nghe ln thng tin trn mng nhm khai thc hiu qu hn ti nguyn mng, theo di thng tin bt hp php. Tuy nhin, sau ny cc hacker dng sniff ly cc thng tin nhy cm. Do , sniff cng l mt cch hack.

16

- Sniff thng tc ng n cc gi tin,t tc ng mnh n phn h thng nn sniff rt kh pht hin. Do ,tuy sniff hot ng n gin nhng rt hiu qu. - Do gn nh khng trc tip tc ng ln h thng mng nn cc hnh thc sniff sau khi hot ng thng t li du vt hay hu qu nghim trng. - Tuy hin nay cc c ch sniff c bing php phng chng v pht hin nhng cc bing php ny cng khng thc s hiu qu trong mt vi trng hp, do , ngi khai thc cc h thng mng nn cn thn trong qu trnh khai thc, truy cp mng trnh mt mt thng tin qua trng. - hn ch sniff trn cc h thng, ta nn hn ch nhiu ngi tip xc phn vt l ca h thng, subnet ca LAN, cu hnh VLAN, port secure trn switch. 2.2. Phishing

- Phishing l loi hnh gia ln (thng mi) trn Internet, mt thnh phn ca Social Engineering k ngh la o trn mng. Nguyn tc ca phishing l bng cch no la ngi dng gi thng tin nhy cm nh tn, a ch, mt khu, s th tn dng, m th ATM n k la o (scammer). Cc thc hin ch yu l m phng li giao din trang web ng nhp (login page) ca cc website c tht, k la o s dn d nn nhn (victim) in cc thng tin vo trang dm ri truyn ti n anh ta (thay v n server hp php) thc hin hnh vi nh cp thng tin bt hp php m ngi s dng khng hay bit. - Theo thi gian, nhng cuc tn cng phishing khng cn ch nhm vo cc ti khon Internet ca AOL m m rng n nhiu mc tiu, c bit l cc ngn hng trc tuyn, cc dch v thng mi in t, thanh ton trn mng, v hu ht cc ngn hng ln M, Anh, c hin u b tn cng bi phishing. V cng v nhm vo mc tiu nh cp credit card nn n cn c gi l Carding. 2.2.1. C ch hot ng.

17

Trc y, hacker thng dng trojan (gin ip) n my nn nhn chng trnh ny gi mt khu hay thng tin n k tn cng. Sau ny cch dng la o ly thng tin c s dng nhiu hn. La o th c rt nhiu cch, ph bin v d thc hin vn l phishing. Nu bn tng nghe qua k thut Fake Login Email s thy phishing cng da theo nguyn tc ny. thc hin phishing cn hai bc chnh: - Tm cch d nn nhn m a ch trang web ng nhp gi. Cch lm chnh l thng qua ng lin kt ca email. - To mt web ly thng tin gi tht ging. Khng ch c vy, hacker cn kt hp nhiu xo thut khc nh to nhng email (gi) c a ch ln ni dung sao cho c sc thu ht, m ha ng link (URL) trn thanh addressbar, to IP server gi 2.2.2. Cch phng phng chng.

Phng chng phishing khng kh, quan trng l ngi dng phi cn thn khi nhn c cc trang ng nhp c yu cu in thng tin nhy cm. Nh ni trn, tn cng phishing qua hai giai on th phng chng cng qua hai giai on Vi Email gi chng ta ly mt v d sau l on email ca ngn hng Citibank gi ti cho khch hng:

Received: from host70-72.pool80117.interbusiness.it ([80.117.72.70]) by mailserver with SMTP id <20030929021659s1200646q1e>; Mon, 29 Sep 2003 02:17:00 +0000 Received: from sharif.edu [83.104.131.38] by host7072.pool80117.interbusiness.it (Postfix) with ESMTP id EAC74E21484B for <eresponse@securescience.net>; Mon, 29 Sep 2003 11:15:38 +0000 Date: Mon, 29 Sep 2003 11:15:38 +0000 From: Verify <verify@citibank.com> Subject: Citibank E-mail Verification: e-response@securescience.net To: E-Response <e-response@securescience.net>

18

References: <F5B12412EAC2131E@securescience.net> In-Reply-To: <F5B12412EAC2131E@securescience.net> Message-ID: <EC2B7431BE0A6F48@citibank.com> Reply-To: Verify <verify@citibank.com> Sender: Verify <verify@citibank.com> MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 8bit Dear Citibank Member,This email was sent by the Citibank server to verify your e-mail address. You must complete this process by clicking on the link below and entering in the small window your Citibank ATM/DebitCard number and PIN that you use on ATM. This is done for your protection -t- becaurse some of our members no longer have access to their email addresses and we must verify it.To verify your email address and access your bank account,click on the link below. If nothing happens when you click on the link (or if you use AOL)K, copy and paste the link into the address bar of your web browser. http://www.citibank.com:ac=piUq3027qcHw003nfuJ2@sd96V.pIsEm.NeT/3/? 3X6CMW2I2uPOVQW y--------------------------------------------Thank you for using Citibank! C--------------------------------------------This automatic email sent to: e-response@securescience.net Do not reply to this email. R_CODE: ulG1115mkdC54cbJT469 Nu quan st k, chng ta s thy mt s im th v ca email ny: - V ni dung th: R l cu c, ng php ln xn, c c nhng t sai chnh t, v d becaurse, this automatic.. V ai cng r l iu ny rt kh xy ra i vi mt ngn hng v cc email u c chun ha thnh nhng biu mu thng nht nn chuyn b sai cn phi c xem li. - C cha nhng k t hash-busters, l nhng k t c bit vt qua cc phng trnh lc th rc (spam) da vo k thut hash-based spam nh -t-, K phn chnh th v y, C cui th. Ngi nhn khc nhau s nhn

19

nhng spam vi nhng hash-busters khc nhau. M mt email tht, c ngun gc r rng th u cn phi dng n cc tiu xo . - Phn header ca email khng phi xut pht t mail server ca Citibank. Thay v mango2-a.citicorp.com (mail server chnh ca Citybank Los Angeles) th n li n t Italia vi a ch host 7072.pool80117.interbusiness.it (80.117.72.70) vn khng thuc quyn kim sot ca CityBank. Lu , mc nh Yahoo Mail hay cc POP Mail - Client khng bt tnh nng xem header, cc bn nn bt v s c nhiu iu hu ch. Vi lin kt di: http://www.citibank.com:ac=piUq3027qcHw003nfuJ2@sd96V.pIsEm.NeT /3/?3X6CMW2I2uPOVQ - Nhn thong qu th c v l xut pht t Citibank, nhng thc t bn hy xem on pha sau ch @. mi l a ch tht v sd96V.pIsEm.Net l mt a ch gi t Maxcova, Nga hon ton chng c lin quan g n Citibank. - K tn cng li dng l hng ca trnh duyt web thc thi lin kt gi. Hai im yu thng dng: - S dng k t @. Trong lin kt, nu c cha k t @ th trnh duyt web hiu thnh phn ng trc k t ny ch l ch thch, n ch thc thi cc thnh phn ng sau ch @. V d nh link trn th ng dn thc s l sd96V.pIsEm.NeT/3/?3X6CMW2I2uPOVQW. - S dng k t %01. Trnh duyt s khng hin th nhng thng tin nm sau k t ny. V d <a href=http://www.citibank.com...%01@http://www.sd96V.pIsEm.NeT/3 /?3X6CMW2I2uPOVQW>Tn lin kt </a>. Lc khi bn a tr chut vo Tn lin kt th trn thanh trng thi ch hin th thng tin pha trc k t %01. Vi Website gi ta dng cc cch sau:

20

- Nu nhn vo lin kt email n a bn n mt trang ng nhp (dm). D bn ngoi n ging ht trang tht, ngay c a ch hay thanh trng thi nhn cng c v tht.Nhng nu bn xem k lin kt trn thanh address bar th bn s thy pha sau ch @ mi l a ch tht. Bn m in thng tin vo th xem nh tiu. Tt hn ht l xem m ngun (view source) ca form th r l form thng tin khng phi truyn n citibank m l n mt ni khc. - Vi cch tip cn theo kiu bit cch tn cng phng th trn, chng ta s thy r hn bn cht ca mt cuc tn cng phishing tn cng n gin, nhng hiu qu th rt cao. Mt khi bn hiu c cch thc tn cng th chc rng bn cng s c cch i ph thch hp.

2.2.3.

Tng kt Phishing

- Cn thn vi nhng email l, c bit l nhng email yu cu cung cp thng tin d vn bit l phi trnh nhng khng t trng hp u ch quan. - Xem k ni dung c chnh xc, c ging vi nhng biu mu thng gp khng. Nu sai chnh t nh trn l c vn . - Nu c yu cu xc nhn th xem k lin kt, nu c k t l nh @ hay %01 th c kh nng gi mo. - Nu mun m mt link th nn t khi v copy ri dn vo trnh duyt, v ng thi phi xem k trn thanh a ch xem lin kt c bin i thm cc k t l nh @ hay khng. - Khi c yu cu cung cp thng tin quan trng, tt hn ht l nn trc tip vo website ca pha yu cu cung cp thng tin ch khng i theo ng lin kt c gi n. Cn thn hn th nn email li (khng reply email nhn) vi pha i tc xc nhn hoc lin h vi pha i tc bng phone hi xem c ku mnh gi thng tin khng cho an ton. - Vi cc trang xc nhn thng tin quan trng, h lun dng giao thc

21

http secure (c s sau http) nn a ch c dng https://.... ch khng phi l http:// thng.Ngn hng ku ta xc nhn li dng http:// thng th chc l ngn hng gi. trnh mt ht ti khon, mi ti khon nn t mt khu khc nhau, v nn thay i thng xuyn (xem thm Hng dn t v bo v mt khu). Nn thng xuyn cp nht cc ming v l hng bo mt cho trnh duyt (web browser). Ci thm chng trnh phng chng virus, dit worm, trojan v tng la l khng bao gi tha. Cui cng, v cng l quan trng nht l ng qun kim tra thng xuyn thng tin th ATM, Credit Card, Ti khon ngn hng. Nu b la bn phi thng bo n t chc Anti Phishing Group Phng chng Phishing quc t (www.antiphising.org) nh h gip .

2.3. SQL injection SQL injection l mt k thut cho php nhng k tn cng li dng l hng trong vic kim tra d liu nhp trong cc ng dng web v cc thng bo li ca h qun tr c s d liu "tim vo" (inject) v thi hnh cc cu lnh SQL bt hp php. Hu qu ca n rt tai hi v n cho php nhng k tn cng c th thc hin cc thao tc xa, hiu chnh, do c ton quyn trn c s d liu ca ng dng, thm ch l server m ng dng ang chy. Li ny thng xy ra trn cc ng dng web c d liu c qun l bng cc h qun tr c s d liu nh SQL Server, MySQL, Oracle, DB2, Sysbase. ng v tr l mt ngi lp trnh web v ngi qun tr bn cn phi c nhng hiu bit r rng v sql injection c th ngn nga v v phng trnh n. Cch thc hot ng ca mt ng dng web:

22

Hnh 2.1: Qu trnh gi nhn d liu trong qu trnh user duyt web Bc 1: User (k tn cng) gi mt request n web server vi du ( ) kim tra xem trang web c b dnh li SQL Injection khng. Bc 2: Web Server nhn c request v tin hnh to cu truy vn ly d liu t Database Server. Bc 3: Database Server thc hin cu truy vn v tr v thng bo li cho Web server . Bc 4: Web Server tr v thng bo li cho user (k tn cng). Nhn chung c bn kiu tn cng ph bin sau: - Vt qua kim tra lc ng nhp (authorization by pass). - S dng cu lnh SELECT. - S dng cu lnh INSERT. - S dng cc stored-procedures. 2.3.1. Dng tn cng vt qua kim tra ng nhp.

Vi dng tn cng ny, tin tc c th d dng vt qua cc trang ng nhp nh vo li khi dng cc cu lnh SQL thao tc trn c s d liu ca ng dng web. Xt mt v d in hnh, thng thng cho php ngi dng truy cp vo cc trang web c bo mt, h thng thng xy dng trang ng nhp yu cu ngi dng nhp thng tin v tn ng nhp v mt khu. Sau khi ngi dng nhp thng tin vo, h thng s kim tra tn ng nhp v mt khu c hp l hay khng quyt nh cho php hay t chi thc hin tip. Trong trng hp ny, ngi ta c th dng hai trang, mt trang HTML hin th form nhp liu v mt trang ASP dng x l thng tin nhp t pha ngi dng. V d:

23

Trang HTML.

Trang Asp.

24

Thot nhn, on m trong trang execlogin.asp dng nh khng cha bt c mt l hng v an ton no. Ngi dng khng th ng nhp m khng c tn ng nhp v mt khu hp l. Tuy nhin, on m ny thc s khng an ton v l tin cho mt li SQL injection. c bit, ch s h nm ch d liu nhp vo t ngi dng c dng xy dng trc tip cu lnh SQL. Chnh iu ny cho php nhng k tn cng c th iu khin cu truy vn s c thc hin. V d, nu ngi dng nhp chui sau vo trong c 2 nhp liu username/password ca trang login.htm l: ' OR ' ' = ' '. Lc ny, cu truy vn s c gi thc hin l. SELECT * FROM T_USERS WHERE USR_NAME ='' OR ''='' and USR_PASSWORD= '' OR ''=''. Cu truy vn ny l hp l v s tr v tt c cc bn ghi ca T_USERS v on m tip theo x l ngi dng ng nhp bt hp php ny nh l ngi dng ng nhp hp l. 2.3.2. Dng tn cng s dng cu lnh SELECT.

Dng tn cng ny phc tp hn. thc hin c kiu tn cng ny, k tn cng phi c kh nng hiu v li dng cc s h trong cc thng bo li t h thng d tm cc im yu khi u cho vic tn cng. Xt mt v d rt thng gp trong cc website v tin tc. Thng thng, s c mt trang nhn ID ca tin cn hin th ri sau truy vn ni dung ca tin c ID ny. V d: http://www.myhost.com/shownews.asp?ID=123. M ngun cho chc nng ny thng c vit kh n gin theo dng.

25

Trong cc tnh hung thng thng, on m ny hin th ni dung ca tin c ID trng vi ID ch nh v hu nh khng thy c li. Tuy nhin, ging nh v d ng nhp trc, on m ny l s h cho mt li SQL injection khc. K tn cng c th thay th mt ID hp l bng cch gn ID cho mt gi tr khc, v t , khi u cho mt cuc tn cng bt hp php, v d nh: 0 OR 1=1 (ngha l, http://www.myhost.com/shownews.asp?ID=0 or 1=1). Cu truy vn SQL lc ny s tr v tt c cc article t bng d liu v n s thc hin cu lnh: SELECT * FROM T_NEWS WHERE NEWS_ID=0 or 1=1. 2.3.4. Dng tn cng s dng cu lnh INSERT. Thng thng cc ng dng web cho php ngi dng ng k mt ti khon tham gia. Chc nng khng th thiu l sau khi ng k thnh cng, ngi dng c th xem v hiu chnh thng tin ca mnh. SQL injection c th c dng khi h thng khng kim tra tnh hp l ca thng tin nhp vo. V d, mt cu lnh INSERT c th c c php dng: INSERT INTO TableName VALUES ('Value One', 'Value Two', 'Value Three'). Nu on m xy dng cu lnh SQL c dng:

26

Th chc chn s b li SQL injection, bi v nu ta nhp vo trng th nht v d nh: ' + (SELECT TOP 1 FieldName FROM TableName) + '. Lc ny cu truy vn s l: INSERT INTO TableName VALUES(' ' + (SELECT TOP 1 FieldName FROM TableName) + ' ', 'abc', 'def'). Khi , lc thc hin lnh xem thng tin, xem nh bn yu cu thc hin thm mt lnh na l: SELECT TOP 1 FieldName FROM TableName. 2.3.5. Dng tn cng s dng stored-procedures

Vic tn cng bng stored-procedures s gy tc hi rt ln nu ng dng c thc thi vi quyn qun tr h thng 'sa'. V d, nu ta thay on m tim vo dng: ' ;EXEC xp_cmdshell cmd.exe dir C: '. Lc ny h thng s thc hin lnh lit k th mc trn a C:\ ci t server. Vic ph hoi kiu no tu thuc vo cu lnh ng sau cmd.exe. 2.3.6. Cch phng chng sql injection.

phng chng ta c hai mc sau: - Kim sot cht ch d liu nhp vo. - Thit lp cu hnh an ton cho h qun tr c s d liu.

27

Kim sot cht ch d liu nhp vo: phng trnh cc nguy c c th xy ra, hy bo v cc cu lnh SQL l bng cch kim sot cht ch tt c cc d liu nhp nhn c t i tng Request (Request, Request.QueryString, Request.Form, Request.Cookies, Request.ServerVariables). V d, c th gii hn chiu di ca chui nhp liu, hoc xy dng hm EscapeQuotes thay th cc du nhy n bng hai du nhy n nh:

Trong trng hp d liu nhp vo l s, li xut pht t vic thay th mt gi tr c tin on l d liu s bng chui cha cu lnh SQL bt hp php. trnh iu ny, n gin hy kim tra d liu c ng kiu hay khng bng hm IsNumeric(). Ngoi ra c th xy dng hm loi b mt s k t v t kha nguy him nh: ;, --, select, insert, xp_, ra khi chui d liu nhp t pha ngi dng hn ch cc tn cng dng ny:

28

Thit lp cu hnh an ton cho h qun tr c s d liu: Cn c c ch kim sot cht ch v gii hn quyn x l d liu n ti khon ngi dng m ng dng web ang s dng. Cc ng dng thng thng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn ch, thit hi cng t. Ngoi ra trnh cc nguy c t SQL Injection attack, nn ch loi b bt k thng tin k thut no cha trong thng ip chuyn xung cho ngi dng khi ng dng c li. Cc thng bo li thng thng tit l cc chi tit k thut c th cho php k tn cng bit c im yu ca h thng.

2.4. Tn cng t chi dch v. Gii thiu chung.

29

V c bn, tn cng t chi dch v ch l tn gi chung ca cch tn cng lm cho mt h thng no b qu ti khng th cung cp dch v, hoc phi ngng hot ng. Tn cng kiu ny ch lm gin on hot ng ca h thng ch rt t c kh nng thm nhp hay chim c thng tin d liu ca n.Ty theo phng thc thc hin m n c bit di nhiu tn gi khc nhau. Ban u l li dng s yu km ca giao thc TCP (Transmision Control Protocol) thc hin tn cng t chi dch v c in DoS (Denial of Service), sau l tn cng t chi dch v phn tn DDoS (Distributed Denial of Service) v mi nht l tn cng t chi dch v theo phng php phn x DRDoS (Distributed Reflection Denial of Service). Theo thi gian, xut hin nhiu bin th tn cng DoS nh: Broadcast Storms, SYN, Finger, Ping, Flooding, vi mc tiu nhm chim dng cc ti nguyn ca h thng (my ch) nh: Bandwidth, Kernel Table, Swap Space, Cache, Hardisk, RAM, CPU, lm hot ng ca h thng b qu ti dn n khng th p ng c cc yu cu (request) hp l na. Nh ni, tn cng DoS ni chung khng nguy him nh cc kiu tn cng khc ch n khng cho php k tn cng chim quyn truy cp h thng hay c quyn thay i h thng. Tuy nhin, nu mt my ch tn ti m khng th cung cp thng tin, dch v cho ngi s dng, s tn ti l khng c ngha nn thit hi do cc cuc tn cng DoS do my ch b nh tr hot ng l v cng ln, c bit l cc h thng ph v cc giao dch in t. i vi cc h thng my ch c bo mt tt, rt kh thm nhp vo th tn cng t chi dch v c cc hacker s dng nh l c cht trit h h thng . 2.4.1. SYN Attack

c xem l mt trong nhng kiu tn cng DoS c in (Denial of Service): Li dng s h ca th tc TCP khi bt tay ba chiu, mi khi client (my khch) mun thc hin kt ni (connection) vi server (my ch) th n thc hin vic bt tay ba ln (three ways handshake) thng qua cc gi tin (packet). - Bc 1: Client (my khch) s gi cc gi tin (packet cha SYN=1) n my ch yu cu kt ni.

30

- Bc 2: Khi nhn c gi tin ny, server s gi li gi tin SYN/ACK thng bo cho client bit l n nhn c yu cu kt ni v chun b ti nguyn cho vic yu cu ny. Server s ginh mt phn ti nguyn h thng nh b nh m (cache) nhn v truyn d liu. Ngoi ra, cc thng tin khc ca client nh a ch IP v cng (port) cng c ghi nhn. - Bc 3: Cui cng, client hon tt vic bt tay ba ln bng cch hi m li gi tin cha ACK cho server v tin hnh kt ni.

Hnh 2.2: Qu trnh bt tay ba chiu ca TCP Do TCP l th tc tin cy trong vic giao nhn (end-to-end) nn trong ln bt tay th hai, server gi cc gi tin SYN/ACK tr li li client m khng nhn li c hi m ca client thc hin kt ni th n vn bo lu ngun ti nguyn chun b kt ni v lp li vic gi gi tin SYN/ACK cho client n khi no nhn c hi p ca my client. im mu cht l y l lm cho client khng hi p cho Server, nhiu client nh th trong khi server vn ngy th lp li vic gi packet v ginh ti nguyn ch ngi v trong lc ti nguyn ca h thng l c gii hn. Cc hacker s tm t ti gii hn .

31

Hnh 2.3: Qu trnh hacker thc hin tn cng - Nu qu trnh ko di, server s nhanh chng tr nn qu ti, dn n tnh trng crash (treo) nn cc yu cu hp l s b t chi khng th p ng c. C th hnh dung qu trnh ny cng ging nh khi my tnh c nhn (PC) hay b treo khi m cng lc qu nhiu chng trnh cng lc vy. - Thng, gi a ch IP gi tin, cc hacker c th dng Raw Sockets (khng phi gi tin TCP hay UDP) lm gi mo hay ghi gi ln IP gc ca gi tin. Khi mt gi tin SYN vi IP gi mo c gi n server, n cng nh bao gi tin khc, vn hp l i vi server v server s cp vng ti nguyn cho ng truyn ny, ng thi ghi nhn ton b thng tin v gi gi SYN/ACK ngc li cho Client. V a ch IP ca client l gi mo nn s khng c client no nhn c SYN/ACK packet ny hi p cho my ch. Sau mt thi gian khng nhn c gi tin ACK t client, server ngh rng gi tin b tht lc nn li tip tc gi tip SYN/ACK, c nh th, cc kt ni (connections) tip tc m. - Nu nh k tn cng tip tc gi nhiu gi tin SYN n server th cui cng server khng th tip nhn thm kt ni no na, d l cc yu cu kt ni hp l. Vic khng th phc na cng ng ngha vi vic my ch

32

khng tn ti. Vic ny cng ng ngha vi xy ra nhiu tn tht do ngng tr hot ng, c bit l trong cc giao dch thng mi in t trc tuyn. y khng phi l kiu tn cng bng ng truyn cao, bi v ch cn mt my tnh ni internet qua ng dial-up n gin cng c th tn cng kiu ny. 2.4.2. Flood Attack

Mt kiu tn cng DoS na cng rt hay c dng v tnh n gin ca n v v c rt nhiu cng c sn c h tr c lc cho k tn cng l Flood Attack, ch yu thng qua cc website.V nguyn tc, cc website t trn my ch khi chy s tiu lng ti nguyn my ch nht nh, nht l lng b nh (RAM) v b vi x l (CPU). Da vo vic tiu hao , nhng k tn cng n gin l dng cc phn mm nh smurf chng hn lin tc yu cu my ch phc v trang web chim dng ti nguyn. Cch tn cng ny tuy khng lm my ch ngng cung cp dch v hon ton nhng s lm cho tc phc v ca ton b h thng gim mnh, ngi dng s cm nhn r rng vic phi ch lu hn trang web hin ra trn mn hnh. Nu thc hin tn cng t v c s phi hp nhp nhng, phng thc tn cng ny hon ton c th lm t lit my ch trong mt thi gian di. 2.4.3. Tn cng t chi dch v kiu phn tn-DDdos.

Xut hin vo nm 1999, so vi tn cng DoS c in, sc mnh ca DDoS cao hn gp nhiu ln. Hu ht cc cuc tn cng DDoS nhm vo vic chim dng bng thng (bandwidth) gy nghn mch h thng dn n h thng ngng hot ng. thc hin th k tn cng tm cch chim dng v iu khin nhiu my tnh mng my tnh trung gian (ng vai tr zombie) t nhiu ni ng lot gi o t cc gi tin (packet) vi s lng rt ln nhm chim dng ti nguyn v lm trn ngp ng truyn ca mt mc tiu xc nh no .

33

Hnh 2.4: M hnh kiu tn cng phn tn DDOS

Theo cch ny th d bng thng c bao nhiu i chng na th cng khng th chu ng c s lng hng triu cc gi tin nn h thng khng th hot ng c na v nh th dn n vic cc yu cu hp l khc khng th no c p ng, server s b vng khi internet.

Hnh 2.5: Cch m hacker thc hin tn cng DDos

34

C th ni n ging nh tnh trng kt xe vo gi cao im vy. V d r nht l s cng hng trong ln truy cp im thi H va qua khi c qu nhiu my tnh yu cu truy cp cng lc lm dung lng ng truyn hin ti ca my ch khng ti no p ng ni. Hin nay, xut hin dng virus worm c kh nng thc hin cc cuc tn cng DDoS. Khi b ly nhim vo cc my khc, chng s t ng gi cc yu cu phc v n mt mc tiu xc nh no vo thi im xc nh chim dng bng thng hoc ti nguyn h thng my ch. 2.4.4. Tn cng t chi dch v phn x nhiu vng DRDOS.

Xut hin vo u nm 2002, l kiu tn cng mi nht, mnh nht trong h DoS. Nu c thc hin bi k tn cng c tay ngh th n c th h gc bt c h thng no trn th gii trong pht chc. Mc tiu chnh ca DRDoS l chim ot ton b bng thng ca my ch, tc l lm tc nghn hon ton ng kt ni t my ch vo xng sng ca Internet v tiu hao ti nguyn my ch. Trong sut qu trnh my ch b tn cng bng DRDoS, khng mt my khch no c th kt ni c vo my ch . Tt c cc dch v chy trn nn TCP/IP nh DNS, HTTP, FTP, POP3,... u b v hiu ha.V c bn, DRDoS l s phi hp gia hai kiu DoS v DDoS. N c kiu tn cng SYN vi mt my tnh n, va c s kt hp gia nhiu my tnh chim dng bng thng nh kiu DDoS. K tn cng thc hin bng cch gi mo a ch ca server mc tiu ri gi yu cu SYN n cc server ln nh Yahoo, Micorosoft,chng hn cc server ny gi cc gi tin SYN/ACK n server mc tiu. Cc server ln, ng truyn mnh v tnh ng vai tr zoombies cho k tn cng nh trong DDoS.

35

Hnh 2.6: Tn cng phn x DRDOS Qu trnh gi c lp li lin tc vi nhiu a ch IP gi t k tn cng, vi nhiu server ln tham gia nn server mc tiu nhanh chng b qu ti, bandwidth b chim dng bi server ln. Tnh ngh thut l ch ch cn vi mt my tnh vi modem 56kbps, mt hacker lnh ngh c th nh bi bt c my ch no trong giy lt m khng cn chim ot bt c my no lm phng tin thc hin tn cng. 2.4.5. Tng kt tn cng dch v.

- Nhn chung, tn cng t chi dch v khng qu kh thc hin, nhng rt kh phng chng do tnh bt ng v thng l phng chng trong th b ng khi s vic ri. - Vic i ph bng cch tng cng phn cng cng l gii php tt, nhng thng xuyn theo di pht hin v ngn chn kp thi ci gi tin IP t cc ngun khng tin cy l hu hiu nht. - Khi bn pht hin my ch mnh b tn cng hy nhanh chng truy tm a ch IP v cm khng cho gi d liu n my ch.

36

- Dng tnh nng lc d liu ca router/firewall loi b cc packet khng mong mun, gim lng lu thng trn mng v ti ca my ch. - S dng cc tnh nng cho php t rate limit trn router/firewall hn ch s lng packet vo h thng. - Nu b tn cng do li ca phn mm hay thit b th nhanh chng cp nht cc bn sa li cho h thng hoc thay th. - Dng mt s c ch, cng c, phn mm chng li TCP SYN Flooding. - Tt cc dch v khc nu c trn my ch gim ti v c th p ng tt hn. - Nu c c th nng cp cc thit b phn cng nng cao kh nng p ng ca h thng hay s dng thm cc my ch cng tnh nng khc phn chia ti.Tm thi chuyn my ch sang mt a ch khc.

37

CHNG 3: CNG NGH MNG KHNG DY

3.1. Gii thiu v Wireless Wireless l mt phng php chuyn giao t im ny n im khc m khng s dng ng truyn vt l, s dng radio, cell, hng ngoi v v tinh. Wireless bt ngun t nhiu giai on pht trin ca thng tin v tuyn v ng dng in bo v radio. 3.2. Cc t chc chnh v knh truyn sng trong mng Wireless.

- Federal Communication Commission (FCC): FCC l mt t chc phi chnh ph ca M , FCC quy nh ph tn s, v tuyn m mng WLAN c th hot ng , mc cng sut cho php v cc phn cng WLAN - IEEE (Institute of Electrical and Electronic Engineers): Vin k s in v in t M. IEEE to ra cc chun tun th theo lut ca FCC. - Wireless Ethernet Compatibility Allicance (WECA): Nhim v ca WECA l chng nhn tnh tng thch ca cc sn phm Wi-fi (802.11). - UNLICENSED FREQUENCIES Bng tn ISM v UNII: FCC quy nh rng WLAN c th s dng bng tn cng nghip, khoa hc v y hc ISM ( Industrial, Scientific, and Medical) chnh l bng tn min ph. Bng tn ISM bao gm 900 Mhz, 2.4 Ghz, 5.8 Ghz v c rng khc nhau t 26 Mhz n 150 Mhz. Ngoi bng tn ISM, FCC cng ch nh 3 bng tn UNII (Unlicenced National Information Infrastructure), mi bng tn nm trong vng 5 Ghz v rng 100 Mhz. - Direct Sequence Spread Spectrum (DSSS): L mt phng php truyn d liu trong h thng truyn v h thng nhn u s dng mt tp cc tn s c rng 22 MHz Channels: Knh 1 hot ng t 2.401 GHz n 2.423 GHz (2.412 GHz +/- 11 MHz); knh 2 hot ng t 2.406 GHz n 2.429 GHz (2.417 GHz +/- 11 MHz) Cc knh nm cnh nhau s trng lp vi nhau mt lng ng k.

38

Hnh 3.1: Cc knh trong DSS - Tri ph nhy tn FHSS: Trong tri ph nhy tn, tn hiu d liu ca ngi s dng c iu ch vi mt tn hiu sng mang. Cc tn s sng mang ca nhng ngi s dng ring bit c lm cho khc nhau theo kiu gi ngu nhin trong mt knh bng rng. D liu s c tch thnh cc cm d liu kch thc ging nhau c pht trn cc tn s sng mang khc nhau. rng bng tn tc thi ca cc cm truyn dn nh hn nhiu so vi ton b rng bng tn tri ph.Ti bt k thi im no, mt tn hiu nhy tn chim mt knh n tng i hp. Nu tc thay i ca tn s sng mang ln hn nhiu so vi tc k t th h thng c coi nh l mt h thng nhy tn nhanh. Nu knh thay i ti mt tc nh hn hoc bng tc k t th h thng c gi l nhy tn chm.

3.3.

Cc chun Wireless. Cc chun ca 802.11.

3.3.1.

39

IEEE: L t chc i tin phong trong lnh vc chun ha mng LAN vi n IEEE 802 ni ting bt u trin khai t nm 1980 v kt qu l hng lot chun thuc h IEEE 802.x ra i, to nn mt s hi t quan trng cho vic thit k v ci t cc mng LAN trong thi gian qua. 802.11 l mt trong cc chun ca h IEEE 802.x bao gm h cc giao thc truyn tin qua mng khng dy. Trc khi gii thiu 802.11 chng ta s cng im qua mt s chun 802 khc: - 802.1: Cc Cu ni (Bridging), Qun l (Management) mng LAN, WAN 802.2: iu khin kt ni logic. - 802.3: Cc phng thc hot ng ca mng Ethernet. - 802.4: Mng Token Bus. - 802.5: Mng Token Ring. - 802.6: Mng MAN. - 802.7: Mng LAN bng rng. - 802.8: Mng quang. - 802.9: Dch v lung d liu. - 802.10: An ninh gia cc mng LAN. - 802.11: Mng LAN khng dy Wireless LAN. - 802.12: Phng phc u tin truy cp theo yu cu. - 802.13: Cha c. - 802.14: Truyn hnh cp. - 802.15: Mng PAN khng dy. - 802.16: Mng khng dy bng rng. Chun 802.11 ch yu cho vic phn pht cc MSDU (n v d liu dch v ca MAC) gia cc kt ni LLC (iu khin lin kt logic). Chun 802.11 c chia lm hai nhm: - Nhm lp vt l PHY - Nhm lp lin kt d liu MAC. 3.3.1.1. Nhm lp vt l PHY. - Chun 802.11b: 802.11b l chun p ng cho phn ln cc ng dng ca mng. Vi mt gii php rt hon thin, 802.11b c nhiu c im

40

thun li so vi cc chun khng dy khc. Chun 802.11b s dng kiu tri ph trc tip DSSS, hot ng di tn 2,4GHz, tc truyn d liu ti a l 11 Mbps trn mt knh, tc thc t l khong t 4-5 Mbps. Khong cch c th ln n 500 mt trong mi trng m rng. Khi dng chun ny ti a c 32 ngi dung im truy cp. y l chun c chp nhn rng ri trn th gii v c trn khai rt mnh hin nay do cng ngh ny s dng di tn khng phi ng k cp php phc v cho cng nghip, dch v, y t. Nhc im ca 802.11b l hat ng di tn 2,4 GHz trng vi di tn ca nhiu thit b trong gia nh nh l vi sng , in thoi m con ... nn c th b nhiu. - Chun 802.11a: Chun 802.11a l phin bn nng cp ca 802.11b, hot ng di tn 5 GHz, dng cng ngh tri ph OFDM. Tc ti a t 25 Mbps n 54 Mbps trn mt knh, tc thc t xp x 27 Mbps, dng chun ny ti a c 64 ngi dngim truy cp. y cng l chun c chp nhn rng ri trn th gii. - Chun 802.11g: Cc thit b thuc chun ny hot ng cng tn s vi chun 802.11b l 2,4 Ghz. Tuy nhin chng h tr tc truyn d liu nhanh gp nm ln so vi chun 802.11b vi cng mt phm vi ph sng, tc l tc truyn d liu ti a ln n 54 Mbps, cn tc thc t l khong 7-16 Mbps. Chun 802.11g s dng phng php iu ch OFDM, CCK Complementary Code Keying v PBCC Packet Binary Convolutional Coding. Cc thit b thuc chun 802.11b v 802.11g hon ton tng thch vi nhau. Tuy nhin cn lu rng khi bn trn ln cc thit b ca hai chun vi nhau th cc thit b s hot ng theo chun no c tc thp hn. - Chun 802.11n: Chun mi nht trong danh mc Wi-Fi chnh l 802.11n. y l chun c thit k ci thin cho 802.11g trong tng s bng thng c h tr bng cch tn dng nhiu tn hiu khng dy v cc anten (cng ngh MIMO). Khi chun ny c a ra, cc kt ni 802.11n s h tr tc d liu ln n 100 Mbps. 802.11n cng cung cp phm vi bao ph tt hn so vi cc chun Wi-Fi trc n nh cng tn hiu mnh ca n. Thit b 802.11n s tng thch vi cc thit b 802.11g.

41

3.3.1.2. Nhm lin kt d liu MAC. - Chun 802.11d: Chun 802.11d b sung mt s tnh nng i vi lp MAC nhm ph bin WLAN trn ton th gii. Mt s nc trn th gii c quy nh rt cht ch v tn s v mc nng lng pht sng v vy 802.11d ra i nhm p ng nhu cu . Tuy nhin, chun 802.11d vn ang trong qu trnh pht trin v cha c chp nhn rng ri nh l chun ca th gii. - Chun 802.11e: y l chun c p dng cho c 802.11 a,b,g. Mc tiu ca chun ny nhm cung cp cc chc nng v cht lng dch v - QoS cho WLAN. V mt k thut, cng b sung mt s tnh nng cho lp con MAC. Nh tnh nng ny, WLAN 802.11 trong mt tng li khng xa c th cung cp y cc dch v nh voice, video, cc dch v i hi QoS rt cao. Chun 802.11e hin nay vn ang trong qua trnh pht trin v cha chnh thc p dng trn ton th gii. - Chun 802.11f: y l mt b ti liu khuyn ngh ca cc nh sn xut cc Access Point ca cc nh sn xut khc nhau c th lm vic vi nhau. iu ny l rt quan trng khi quy m mng li t n mc ng k. Khi mi p ng c vic kt ni mng khng dy lin c quan, lin x nghip c nhiu kh nng khng dng cng mt chng loi thit b. - Chun 802.11h: Tiu chun ny b sung mt s tnh nng cho lp con MAC nhm p ng cc quy nh chu u di tn 5GHz. Chu u quy nh rng cc sn phm dng di tn 5 GHz phi c tnh nng kim sot mc nng lng truyn dn TPC - Transmission Power Control v kh nng t ng la chn tn s DFS - Dynamic Frequency Selection. La chn tn s Access Point gip lm gim n mc ti thiu can nhiu n cc h thng radar c bit khc. - Chun 802.11i: y l chun b sung cho 802.11 a, b, g nhm ci thin v mt an ninh cho mng khng dy. An ninh cho mng khng dy l mt giao thc c tn l WEP, 802.11i cung cp nhng phng thc m ha v nhng th tc xc nhn, chng thc mi c tn l 802.1x. Chun ny vn ang trong giai on pht trin.

42

3.3.2.

Gii thiu mt s cng ngh mng khng dy.

- Cng ngh s dng sng hng ngoi: S dng nh sng hng ngoi l mt cch thay th cc sng v tuyn kt ni cc thit b khng dy, bc sng hng ngoi t khong 0.75-1000 micromet. nh sng hng ngoi khng truyn qua c cc vt chn sng, khng trong sut. V hiu sut nh sng hng ngoi c rng bng tn ln, lm cho tn hiu c th truyn d liu vi tc rt cao, tuy nhin nh sng hng ngoi khng thch hp nh sng v tuyn cho cc ng dng di ng do vng ph sng hn ch. Phm vi ph sng ca n khong 10m, mt phm v qu nh. V vy m n thng ng dng cho cc in thoi di ng, my tnh c cng hng ngoi trao i thng tin vi nhau vi iu kin l t st gn nhau. - Cng ngh Bluetooth: Bluetooth hot ng di tn 2.4Ghz, s dng phng thc tri ph FHSS. Trong mng Bluetooth, cc phn t c th kt ni vi nhau theo kiu Adhoc ngang hng hoc theo kiu tp trung, c mt my x l chnh v c ti a l by my c th kt ni vo. Khong cch chun kt ni gia hai u l 10 mt, n c th truyn qua tng, qua cc c v cng ngh ny khng i hi ng truyn phi l tm nhn thng (LOS-Light of Sight). Tc d liu ti a l 740Kbps (tc ca dng bit lc tng ng khong 1Mbps. Nhn chung th cng ngh ny cn c gi c cao. - Cng ngh HomeRF: Cng ngh ny cng ging nh cng ngh Bluetooth, hot ng di tn 2.4GHz, tng bng thng ti a l 1,6Mbps v 650Kbps cho mi ngi dng. HomeRF cng dng phng thc iu ch FHSS. im khc so vi Bluetooth l cng ngh HomeRF hng ti th trng nhiu hn. Vic b xung chun SWAP - Standard Wireless Access Protocol cho HomeRF cung cp thm kh nng qun l cc ng dng multimedia mt cch hiu qu hn. - Cng ngh HyperLAN: HyperLAN High Performance Radio LAN theo chun ca Chu u l tng ng vi cng ngh 802.11. HyperLAN loi mt h tr bng thng 20Mpbs, lm vic di tn 5GHz. HyperLAN 2 cng lm vic trn di tn ny nhng h tr bng thng ln ti 54Mpbs. Cng

43

ngh ny s dng kiu kt ni hng i tng (connection oriented) h tr nhiu thnh phn m bo cht lng, m bo cho cc ng dng Multimedia.

Hnh 3.2: Cc chun ca HyperLan - Cng ngh Wimax: Wimax l mng WMAN bao ph mt vng rng ln hn nhiu mng WLAN, kt ni nhiu to nh qua nhng khong cch a l rng ln. Cng ngh Wimax da trn chun IEEE 802.16 v HiperMAN cho php cc thit b truyn thng trong mt bn knh ln n 50km v tc truy nhp mng ln n 70 Mbps. - Cng ngh WiFi: WiFi l mng WLAN bao ph mt vng rng hn mng WPAN, gii hn c trng trong cc vn phng, nh hng, gia nh, Cng ngh WiFi da trn chun IEEE 802.11 cho php cc thit b truyn thng trong phm vi 100m vi tc 54Mbps. Hin nay cng ngh ny kh ph bin nhng thnh ph ln m c bit l trong cc qun cafe. - Cng ngh 3G: 3G l mng WWAN - mng khng dy bao ph phm phm vi rng nht. Mng 3G cho php truyn thng d liu tc cao v dung lng thoi ln hn cho nhng ngi dng di ng. Nhng dch v t bo th h k tip cng da trn cng ngh 3G. - Cng ngh UWB: UWB (Ultra Wide Band) l mt cng ngh mng WPAN tng lai vi kh nng h tr thng lng cao ln n 400 Mbps phm vi ngn tm 10m. UWB s c li ch ging nh truy nhp USB khng dy cho s kt ni nhng thit b ngoi vi my tnh ti PC. Cc Chun Mng 802.11A 802.11B Bng Tn 5 GHZ 2.4 GHZ 802.11G 2.4 GHZ 802.11N 2.5GHZ -

44

5GHZ Tc Tng Hot ng 3.4. 54 Mbps 25-75 M 30-100 M 25-75 M 50-125 11Mbps 54 Mbps 300Mbps

Gii thiu Wireless Lan

WLAN l mt loi mng my tnh nhng vic kt ni gia cc thnh phn trong mng khng s dng cc loi cp nh mt mng thng thng, mi trng truyn thng ca cc thnh phn trong mng l khng kh. Cc thnh phn trong mng s dng sng in t truyn thng vi nhau. 3.4.1. Lch s ra i.

- Cng ngh WLAN ln u tin xut hin vo cui nm 1990, khi nhng nh sn xut gii thiu nhng sn phm hot ng trong bng tn 900Mhz. Nhng gii php ny (khng c thng nht gia cc nh sn xut) cung cp tc t truyn d liu 1Mbps, thp hn nhiu so vi tc 10Mbps ca hu ht cc mng s dng cp hin thi. - Nm 1992, nhng nh sn xut bt u bn nhng sn phm WLAN s dng bng tn 2.4Ghz. Mc du nhng sn phm ny c tc truyn d liu cao hn nhng chng vn l nhng gii php ring ca mi nh sn xut khng c cng b rng ri. S cn thit cho vic hot ng thng nht gia cc thit b nhng dy tn s khc nhau dn n mt s t chc bt u pht trin ra nhng chun mng khng dy chung. - Nm 1997, Institute of Electrical and Electronics Engineers(IEEE) ph chun s ra i ca chun 802.11, v cng c bit vi tn gi WIFI (Wireless Fidelity) cho cc mng WLAN. Chun 802.11 h tr ba phng php truyn tn hiu, trong c bao gm phng php truyn tn hiu v tuyn tn s 2.4Ghz.

45

- Nm 1999, IEEE thng qua hai s b sung cho chun 802.11 l cc chun 802.11a v 802.11b (nh ngha ra nhng phng php truyn tn hiu). V nhng thit b WLAN da trn chun 802.11b nhanh chng tr thnh cng ngh khng dy vt tri. Cc thit b WLAN - 802.11b truyn pht tn s 2.4Ghz, cung cp tc truyn d liu c th ln ti 11Mbps. IEEE 802.11b c to ra nhm cung cp nhng c im v tnh hiu dng, thng lng (throughput) v bo mt so snh vi mng c dy. - Nm 2003, IEEE cng b thm mt s ci tin l chun 802.11g m c th truyn nhn thng tin c hai dy tn 2.4Ghz v 5Ghz v c th nng tc truyn d liu ln n 54Mbps. Thm vo , nhng sn phm p dng 802.11g cng c th tng thch ngc vi cc thit b chun 802.11b. Hin nay chun 802.11g t n tc 108Mbps-300Mbps. - Nm 2009, ng nh d kin, cui cng T chc IEEE cng thng qua chun Wi-Fi th h mi - 802.11n sau su nm th nghim. Chun 802.11n Wi-Fi c kh nng truyn d liu tc 300Mbps, hay thm ch c th cao hn. - Trn thc t, 802.11n Wi-Fi xut hin cch y by nm nhng mt mt nm u tin nghin cu v nh gi. Chun ch thc s c th nghim trong su nm qua, v trong tng y nm 802.11n Wi-Fi c ti hng chc phin bn th nghim khc nhau. Thng tin trn c cng b bi Ch tch nhm 802.11n Task Group, Bruce Kraemer. Nhm ny gm phn ln cc nh sn xut chip Wi-Fi ln trn th gii, cc nh pht trin phn mm, v nh sn xut thit b gc. Theo Hip hi Wi-Fi Alliance, hu ht cc thit b khng dy hin nay u c th nng cp ln phin bn Wi-Fi Certified N thng qua vic nng cp firmware. 3.4.2. u im ca WLAN. - S tin li: Mng khng dy cng nh h thng mng thng thng. N cho php ngi dng truy xut ti nguyn mng bt k ni u trong khu vc c trin khai (nh hay vn phng). Vi s gia tng s ngi s dng my tnh xch tay (laptop), l mt iu rt thun li.

46

- Kh nng di ng: Vi s pht trin ca cc mng khng dy cng cng, ngi dng c th truy cp Internet bt c u. Chng hn cc qun Cafe, ngi dng c th truy cp Internet khng dy min ph. - Hiu qu: Ngi dng c th duy tr kt ni mng khi h t ni ny n ni khc. - Trin khai: Vic thit lp h thng mng khng dy ban u ch cn t nht mt access point. Vi mng dng cp, phi tn thm chi ph v c th gp kh khn trong vic trin khai h thng cp nhiu ni trong ta nh. - Kh nng m rng: Mng khng dy c th p ng tc th khi gia tng s lng ngi dng. Vi h thng mng dng cp cn phi gn thm cp. 3.4.3. Nhc im ca WLAN.

- Bo mt: Mi trng kt ni khng dy l khng kh nn kh nng b tn cng ca ngi dng l rt cao. - Phm vi: Mt mng chun 802.11g vi cc thit b chun ch c th hot ng tt trong phm vi vi chc mt. N ph hp trong mt cn nh, nhng vi mt ta nh ln th khng p ng c nhu cu. p ng cn phi mua thm Repeater hay access point, dn n chi ph gia tng. - tin cy: V s dng sng v tuyn truyn thng nn vic b nhiu, tn hiu b gim do tc ng ca cc thit b khc (l vi sng.) l khng trnh khi. Lm gim ng k hiu qu hot ng ca mng. - Tc : Tc ca mng khng dy (1- 125 Mbps) rt chm so vi mng s dng cp (100Mbps n hng Gbps). 3.4.4. Cc m hnh mng WLAN.

Mng 802.11 linh hot v thit k, gm ba m hnh mng sau: - M hnh mng c lp (IBSSs) hay cn gi l mng AdHoc. - M hnh mng c s (BSSs). - M hnh mng m rng (ESSs). M hnh mng AD HOC (Independent Basic Service sets (BSSs ): Mng Ad-

47

hoc l: Cc nt di ng(my tnh c h tr card mng khng dy) tp trung li trong mt khng gian nh hnh thnh nn kt ni ngang cp (peer-to-peer) gia chng. Cc nt di ng c card mng wireless l chng c th trao i thng tin trc tip vi nhau, khng cn phi qun tr mng. V cc mng ad-hoc ny c th thc hin nhanh v d dng nn chng thng c thit lp m khng cn mt cng c hay k nng c bit no v vy n rt thch hp s dng trong cc hi ngh thng mi hoc trong cc nhm lm vic tm thi. Tuy nhin chng c th c nhng nhc im v vng ph sng b gii hn, mi ngi s dng u phi nghe c ln nhau.

Hnh 3.3: M hnh mng Adhoc M hnh mng c s (Basic service sets (BSSs)): Baogm cc im truy nhp AP (Access Point) gn vi mng ng trc hu tuyn v giao tip vi cc thit b di ng trong vng ph sng ca mt cell. AP ng vai tr iu khin cell v iu khin lu lng ti mng. Cc thit b di ng khng giao tip trc tip vi nhau m giao tip vi cc AP. Cc cell c th chng ln ln nhau khong 10 n15 % cho php cc trm di ng c th di chuyn m khng b mt kt ni v tuyn v cung cp vng ph sng vi chi ph thp nht. Cc trm di ng s chn AP tt nht kt ni. Mt im truy nhp nm trung tm c th iu khin v phn phi truy nhp cho cc nt tranh chp, cung cp truy nhp ph hp vi mng

48

ng trc, n nh cc a ch v cc mc u tin, gim st lu lng mng, qun l chuyn i cc gi v duy tr theo di cu hnh mng. Tuy nhin giao thc a truy nhp tp trung khng cho php cc nt di ng truyn trc tip ti nt khc nm trong cng vng vi im truy nhp nh trong cu hnh mng WLAN c lp. Trong trng hp ny, mi gi s phi c pht i hai ln (t nt pht gc v sau l im truy nhp) trc khi n ti nt ch, qu trnh ny s lm gim hiu qu truyn dn v tng tr truyn dn.

Hnh 3.4: M hnh mng c s M hnh mng m rng (Extended Service Set (ESSs)): Mng 802.11 m rng phm vi di ng ti mt phm vi bt k thng qua ESS. Mt ESSs l mt tp hp cc BSSs ni m cc Access Point giao tip vi nhau chuyn lu lng t mt BSS ny n mt BSS khc lm cho vic di chuyn d dng ca cc trm gia cc BSS, Access Point thc hin vic giao tip thng qua h thng phn phi. H thng phn phi l mt lp mng trong mi Access Point m n xc nh ch n cho mt lu lng c nhn t mt BSS. H thng phn phi c tip sng tr li mt ch trong cng mt BSS, chuyn tip trn h thng phn phi ti mt Access Point khc, hoc gi ti mt mng c dy ti ch khng nm trong ESS.

49

Cc thng tin nhn bi Access Point t h thng phn phi c truyn ti BSS s c nhn bi trm ch. 3.4.5. Cc thit b ph tr WLAN.

RF Amplifier (B khuch i). RF Attennuator (B suy hao). Lightning Arrestor (B thu st). RF Connector (u ni RF). RF Cable. RF Splitter (b tch RF). WireLess Access Point

3.4.6.

L mt thit b ngoi vi dng thu pht tn hiu, truyn ti thng tin gia cc thit b Wireless, v mng dng dy. Th trng ph bin l Access Point chun B (11MB/s) chun G (54MB/s) chun Super G (108MB/s) dung cng ngh MIMO (Multi Input Multi Output), v chun N l chun c tc cao nht hin nay vi tc ln ti 300MB/s. Access Point c ba ch c bn: Ch gc (Root Node): L kiu thng dng nht, khi Access Point (AP) kt ni trc tip ti mng dy thng thng, trong ch Root mode, AP kt ni ngang hng vi cc on mng dy khc v c th truyn ti thng tin nh trong mt mng dng dy bnh thng.

50

Hnh 3.5: Ch gc Ch lp (Repeater Mode): AP trong ch repeater kt ni vi client nh mt AP v kt ni nh 1 client vi AP server.Ch Repeater thng c s dng m rng vng ph sng nhng 1 im yu ca ch Repeater l phm vi ph sng ca hai AP b trng lp t nht 50%.M hnh di y s din t ch Repeater.

Hnh 3.6: Ch lp

51

Ch cu ni (Bridge Mode): Ch Bridge mode thng c s dng khi mun kt ni hai on mng c lp vi nhau.

Hnh 3.7: Ch cu ni 3.4.7. M hnh thc t ca mng WLAN.

- M hnh mng khng dy kt ni vi mng c dy: Trn thc t th c rt nhiu m hnh mng khng dy t mt vi my tnh kt ni Adhoc n m hnh WLAN, WWAN, mng phc hp. Sau y l hai loi m hnh kt ni mng khng dy ph bin, t hai m hnh ny c th kt hp to ra nhiu m hnh phc tp, a dng khc. AP s lm nhim v tp trung cc kt ni khng dy, ng thi n kt ni vo mng WAN (hoc LAN) thng qua giao din Ethernet RJ45, phm vi hp c th coi AP lm nhim v nh mt router nh tuyn gia hai mng ny.

52

Wireless Station Wireless Network Access Point Wireline Network

WAN

Wireless Station

Hnh 3.7: M hnh mng khng dy kt ni vi mng c dy - Hai mng c dy kt ni vi nhau bng kt ni khng dy: Kt ni khng dy gia hai u ca hai mng WAN s dng thit b Bridge lm cu ni, c th kt hp s dng cho thu pht nh truyn sng viba. Khi khong cch gia hai u kt ni c th t vi trm mt n vi chc km ty vo loi thit b cu ni khng dy.

WAN
Bridge Wireline Network Building

Wireless Network

WAN
Building Bridge Wireline Network

Hnh 3.8: M hnh hai mng khng dy kt ni vi nhau 3.4.8. Mt s c ch trao i thng tin trong WLAN

C ch CSMA-CA: Nguyn tc c bn khi truy cp ca chun 802.11 l s dng c ch CSMA-CA vit tt ca Carrier Sense Multiple Access Collision Avoidance a truy cp s dng sng mang phng trnh xung t. Nguyn tc ny gn ging nh nguyn tc CSMA- CD (Carrier Sense Multiple Access Collision Detect) ca chun 802.3 (cho Ethernet). im khc y l CSMA-CA n s ch truyn d liu khi bn kia sn sng nhn v khng truyn, nhn d liu no khc trong lc , y cn gi l nguyn tc LBT listening before talking nghe trc khi ni

53

Trc khi gi tin c truyn i, thit b khng dy s kim tra xem c cc thit b no khc ang truyn tin khng, nu ang truyn, n s i n khi no cc thit b kia truyn xong th n mi truyn. kim tra vic cc thit b kia truyn xong cha, trong khi i n s hi thm d u n sau cc khong thi gian nht nh. C ch RTS/CTS: gim thiu nguy xung t do cc thit b cng truyn trong cng thi im, ngi ta s dng c ch RTS/CTS Request To Send/ Clear To Send. V d nu AP mun truyn d liu n STA, n s gi 1 khung RTS n STA, STA nhn c tin v gi li khung CTS, thng bo sn sng nhn d liu t AP, ng thi khng thc hin truyn d liu vi cc thit b khc cho n khi AP truyn xong cho STA. Lc cc thit b khc nhn c thng bo cng s tm ngng vic truyn thng tin n STA. C ch RTS/CTS m bo tnh sn sng gia 2 im truyn d liu v ngn chn nguy c xung t khi truyn d liu. C ch ACK: ACK Acknowledging l c ch thng bo li kt qu truyn d liu. Khi bn nhn nhn c d liu, n s gi thng bo ACK n bn gi bo l nhn c bn tin ri. Trong tnh hung khi bn gi khng nhn c ACK n s coi l bn nhn cha nhn c bn tin v n s gi li bn tin . C ch ny nhm gim bt nguy c b mt d liu trong khi truyn gia hai im. 3.5. Tng kt chng Qua chng ny chng ta bit c cu trc c bn ca mt mng WLAN v cc cng ngh thng c dng.Cng nh cc t chc chnh trong WLAN c trch nhim phn phi qui nh cch thc hot ng ca cc chun WLAN. Bn cnh chng ta cng c tm hiu cc chun 802.11, u nhc im ca mng WLAN. Bit c cc m hnh mng WLAN cn bn trn c s gip chng ta c phn no khi c nh xy dng mt m hnh mng khng dy cho c nhn hay mt doanh nghip va v nh.

54

CHNG 4: BO MT MNG KHNG DY

4.1. Cch thc tin hnh bo mt cho WLAN Do nng cp ln t h thng mng c dy truyn thng ln h thng mng khng dy nn c ch bo mt ny sinh ra nhng vn mi cn c gii quyt.V l h thng mng khng dy nn khng ch nhn vin trong cng ty c th s dng m k c ngi ngoi cng c th d dng t nhp vo h thng nu h c thit b thu sng wireless. gii quyt vn ny, ta cn phi thit lp cc c ch bo mt cho h thng mng khng dy ca cng ty. cung cp mt phng thc bo mt ti thiu cho mt mng WAN th ta cn c hai thnh phn sau: - Mt cch thc quyt nh ai hay ci g c th s dng WLAN: Yu cu ny c tha mn bng c ch xc thc (authentication). - Mt phng thc cung cp tnh ring t cho d liu khng dy: Yu cu ny c tha mn bng mt thut ton (encryption). Bo mt mng khng dy bao gm c chng thc v m ha. Nu ch c mt c ch duy nht th khng bo m an ton cho mng khng dy.

Hnh 4.1: iu kin bo mt cho WLAN

55

4.2.

C ch chng thc

Chng thc c ngha l chng nhn, xc thc s hp php ca mt ngi, mt qu trnh tham gia, s dng no qua cc phng thc, cng c nh m kha, cha kha, ti khon, ch k, vn tayQua c th cho php hoc khng cho php cc hot ng tham gia, s dng. Ngi c quyn tham gia, s dng s c cpmt hay nhiu phng thc chng nhn, xc thc trn. Trong mt mng khng dy, gi s l s dng mt AP lin kt cc my tnh li vi nhau, khi mt my tnh mi mun gia nhp vo mng khng dy , n cn phi kt ni vi AP. chng thc my tnh xin kt ni , c nhiu phng php AP c s dng nh MAC Address, SSID, WEP, RADIUS,EAP. 4.2.1. Nguyn l RADIUS SERVER

Vic chng thc ca 802.1x c thc hin trn mt server ring, server ny s qun l cc thng tin xc thc ngi s dng nh tn ng nhp (username), mt khu (password), m s th, du vn tay, .. Khi ngi dng gi yu cu chng thc, server ny s tra cu d liu xem ngi dng ny c hp l khng, c cp quyn truy cp n mc noNguyn l ny c gi l RADIUS (Remote Authentication Dialin User Service) Server My ch cung cp dch v chng thc ngi dng t xa thng qua phng thc quay s. Phng thc quay s xut hin t ban u vi mc ch l thc hin qua ng in thoi, ngy nay khng ch thc hin qua quay s m cn c th thc hin trn nhng ng truyn khc nhng ngi ta vn gi tn RADIUS nh xa. Cc qu trnh lin kt v xc thc c tin hnh nh m t trong hnh trn, v thc hin theo cc bc sau:

56

57

Hnh 4.2: Hot ng ca Radius Server Cc bc thc hin nh sau: My tnh Client gi yu cu kt ni n AP. AP thu thp cc yu cu ca Client v gi n RADIUS server. RADIUS server gi n Client yu cu nhp user/password. Client gi user/password n RADIUS Server. RADIUS server kim tra user/password c ng khng, nu ng th RADIUS server s gi cho Client m kha chung. ng thi RADIUS server cng gi cho AP m kha ny v ng thi thng bo vi AP v quyn v phm vi c php truy cp ca Client ny. Client v AP thc hin trao i thng tin vi nhau theo m kha c cp. nng cao tnh bo mt, RADIUS Server s to ra cc kha dng chung khc nhau cho cc my khc nhau trong cc phin lm vic (session) khc nhau, thm ch l cn c c ch thay i m kha thng xuyn theo nh k. Khi nim kha dng chung lc ny khng phi ch vic dng chung ca cc my tnh Client m ch vic dng chung gia Client v AP. 4.2.2. Giao thc chng thc m rng EAP

58

m bo an ton trong qu trnh trao i bn tin chng thc gia Client v AP khng b gii m trm, sa i, ngi ta a ra EAP (Extensible Authentication Protocol) giao thc chng thc m rng trn nn tng ca 802.1x. Giao thc chng thc m rng EAP l giao thc h tr, m bo an ninh trong khi trao i cc bn tin chng thc gia cc bn bng cc phng thc m ha thng tin chng thc. EAP c th h tr, kt hp vi nhiu phng thc chng thc ca cc hng khc nhau, cc loi hnh chng thc khc nhau v d ngoi user/password nh chng thc bng c im sinh hc, bng th chip, th t, bng kha cng khai, vv...Kin trc EAP c bn c ch ra hnh di y, n c thit k vn hnh trn bt c lp ng dn no v dng bt c cc phng php chng thc no.

Hnh 4.3: Kin trc EAP c bn

Hnh 4.4: Bn tin EAP Cc trng ca bn tin EAP: - Code: Trng u tin trong bn tin, l mt byte di v xc nh loi bn tin ca EAP. N thng c dng th hin trng d liu ca bn tin. - Identifier: L mt byte di. N bao gm mt s nguyn khng du c dng xc nh cc bn tin yu cu v tr li. Khi truyn li bn tin th vn l cc s identifier , nhng vic truyn mi th dng cc s identifier mi.

59

- Length: C gi tr l 2 byte di. N chnh l chiu di ca ton b bn tin bao gm cc trng Code, Identifier, Length, v Data. - Data: L trng cui cng c di thay i. Ph thuc vo loi bn tin, trng d liu c th l cc byte khng. Cch th hin ca trng d liu c da trn gi tr ca trng Code. 4.3. Tng quan v m ha C ch m ha d liu da trn nhng thut ton mt m (cipher) lm cho d liu xut hin theo dng ngu nhin. C hai loi mt m: + Mt m dng (stream cipher). + Mt m khi (block cipher). C hai loi mt m ny hot ng bng cch cch sinh ra mt chui kha (key stream) t mt gi tr kha b mt. Chui kha sau c trn vi d liu ( dng cha m ha gi l plaintext) sinh ra d liu c m ha hay cn gi l ciphertext. Hai loi mt m trn khc nhau v kch thc ca d liu m chng thao tc ti mt thi im. 4.3.1. Mt m dng

Mt m dng pht sinh chui kha lin tc da trn gi tr kha. V d, mt mt m dng c th sinh ra mt chui di 15 byte m ha mt khung v mt chui kha khc di 200 byte m ha mt khung khc. Hnh 1 minh ha hot ng ca mt m dng. Mt m dng kh nh v mt thut ton m ha rt hiu qu, kt qu l n khng s dng nhiu CPU. Mt m dng ph bin l RC4, chnh l nn tng ca thut ton WEP.

60

Hnh 4.3: Hot ng ca mt m dng 4.3.2. Mt m khi

Mt mt m khi sinh ra sinh ra mt chui kha duy nht v c kch thc c nh, chui k t cha m ha (plaintext) s c phn mnh thnh nhng khi (block) v mi khi s c trn vi mt chui kha c lp. Nu nh khi plaintext l nh hn khi chui kha th plaintext s c m thm vo c kch thc thch hp. Hnh 2 minh ha hot ng ca ca mt m khi. Tin trnh phn mnh cng vi cc thoa tc khc ca mt m khi s lm tiu tn nhiu ti nguyn CPU hn l mt m dng. Kt qu l mt m khi s lm gim thng lng ca thit b. Tin trnh m ha c m t y ca mt m dng v mt m khi c gi l ch m ha khi m ha t ECB ( Electronic Code Block). Ch m ha ECB c c im l cng mt u vo plaintext s lun sinh ra cng mt u ra ciphertext. Yu t ny chnh l mt nguy c bo mt tim tng bi v nhng k nghe ln c th nhn thy c dng ca ciphertext c th on c plaintext ban u.

61

Hnh 4.4: Hot ng ca mt m khi Mt s k thut m ha c th khc phc vn ny bao gm: - Vector khi to IV (Initialization vector). - Ch phn hi (FeedBack).

62

Hnh 4.5: M ha vect khi to Mt vector khi to IV l mt s c cng thm vo kha, kt qu cui cng l thay i chui kha. IV s c ni vo vo kha trc khi chui kha c sinh ra. Mi khi IV thay i th chui kha cng thay i theo. Hnh 4.6 minh ha hai trng hp: - Th nht, m ha mt m dng khng s dng IV. Trong trng hp ny th d liu planintext khi trn vi chui kha 12345 s lun lun sinh ra ciphertext l AHGHE. - Th hai, m ha s dng IV. Trong trng hp ny th chui kha s c nhng gi tr khc nhau khi IV thay i, kt qu s c ciphertext khc nhau. Ch phn hi: Ch phn hi (feedback) sa i tin trnh m ha trnh mt vic plaintext sinh ra trong cng mt ciphertext trong sut qu trnh m ha. Ch phn hi thng c s dng vi mt m khi. 4.4. Cc phng thc bo mt trong WLAN 4.4.1. Bo mt bng WEP

63

Phng thc chng thc qua SSID kh n gin, chnh v vy m n cha m bo c yu cu bo mt, mt khc n ch n thun l chng thc m cha c m ha d liu. Do chun 802.11 a ra phng thc mi l WEP. WEP c th dch l chun bo mt d liu cho mng khng dy mc tng ng vi mng c dy, l phng thc chng thc ngi dng v m ha ni dung d liu truyn trn mng LAN khng dy (WLAN).N da trn mt m dng i xng (symmetric) RC4. c im i xng ca RC4 yu cu kha WEP phi khp nhau gia Access Point (AP) v client . WEP l mt thut ton m ha c s dng bi tin trnh xc thc ngi dng v m ha d liu trn phn on mng khng dy ca mng LAN. Chun 802.11 yu cu s dng WEP nh l phng thc bo mt cho mng khng dy.

Hnh 4.6: Khung c m ha bi WEP WEP l mt thut ton n gin s dng b pht sinh s ngu nhin PRNG (Pseudo-Random Number Generator) v mt m dng RC4. RC4 thuc s hu thng mi ca RSADSL. Mt m dng RC4 l kh nhanh m ha v gii m,

64

v th m n tit kim c CPU, RC4 cng n gin cc nh phn mm lp trnh n vo trong sn phm ca mnh. trnh ch ECB trong qu trnh m ha, WEP s dng 24 bit IV, n c ni vo kha WEP trc khi s l bi RC4. Hnh 4 m t mt khung c m ha bi WEP c s dng IV.IV thay i theo tng khung (per-frame basis) trnh hin tng xung t. Xung t IV xut hin khi s dng cng mt IV v kha WEP kt qu l cng mt chui kha c to ra s dng m ha khung. Xung t ny gip hacker on c d liu plaintext bng cch nhn vo tnh tng t trong chui ciphertext. Vic s dng IV l ngn chn trng hp ny, v th m chng ta nn thay i thng xuyn thay i IV. Hu nh cc nh sn xut u h tr tnh nng thay i IV theo tng khung (per-frame IV) cho cc sn phm ca mnh. c t 802.11 yu cu kha WEP (c cu hnh th cng trn AP v cc thit b client) phi khp vi nhau th chng mi truyn thng c. Chng ta c th nh ngha ln bn kha WEP trn mt thit b. Nhng mi thi im chng ta c th s dng mt kha WEP duy nht m ha cc khung pht ra. M ha WEP ch c s dng cho cc khung d liu trong sut tin trnh xc thc kha chia s. WEP m ha nhng trng hp trong khung d liu: - Phn d liu (payload). - Gi tr kim tra tnh ton vn ICV (Integrity Check Value). Tt c cc trng hp khc c truyn m khng c m ha. Gi tr IV phi c gi m khng m ha cho trm nhn c th s dng n gii m phn d liu v ICV. Chi tit tin trnh m ha, truyn, nhn v gii m ca mt khung d liu.

65

Hnh 4.7: Tin trnh m ha v gii m Ngoi vic m ha d liu th chun 802.11 cng cung cp mt gi tr 32 bit c chc nng kim tra tnh ton vn ca khung. Vic kim tra ny cho trm thu bit

66

rng khung nhn m khng c li no xy ra trong qu trnh truyn. Nu b sung cho chc nng FCS (Frame Check Secquence) ca lp mt v lp hai. FCS c thit k kim tra li lin quan n vic truyn d liu. ICV(Integrity check value) c tnh ton da trn tt c cc trng trong khung s dng CRC-32 (Cyclic Redundancy Check 32). Trm pht s tnh ton gi tr v t gi tr v kt qu vo trong trng ICV. ICV s c bao gm trong phn c m ha bi WEP ca khung, v th chng khng nhn thy c bi nhng k nghe ln. Trm thu s gii m khung, tnh ton gi tr ICV v so snh gi tr ICV c trm pht tnh ton trong khung nhn c. Nu trong hai gi tr trng nhau th khung c xem nh cha c thay i hay gi mo.

Hnh 4.8: Hot ng ca ICV4 Tm li ta c s phng thc chng thc wep gia client v AP nh sau:

67

Hnh 4.9: Qu trnh chc thc gia Client v AP Cc bc c th nh sau: Bc 1: Client gi n AP yu cu xin chng thc. - Bc 2: AP s to ra mt chui mi kt ni (challenge text) ngu nhin gi n Client. - Bc 3: Client nhn c chui ny ny s m ha chui bng thut ton RC4 theo m kha m Client c cp, sau Client gi li cho AP chui m ha. - Bc 4: AP sau khi nhn c chui m ha ca Client, n s gii m li bng thut ton RC4 theo m kha cp cho Client, nu kt qu ging vi chui ban u m n gi cho Client th c ngha l Client c m kha ng v AP s chp nhn qu trnh chng thc ca Client v cho php thc hin kt ni.
-

68

4.4.1.

u v nhc im ca WEP

u im ca WEP: - C th a ra rng ri, trin khai n gin. - M ha mnh. - Kh nng t ng b. - Ti u tnh ton, hiu qu ti nguyn b vi x l. - C cc la chn b xung thm. Nhc im ca WEP: - Rt n gin, cc kho m ho ny d dng b "b gy" bi thut ton bruteforce v kiu tn cng th li (trial-and-error). Cc phn mm min ph nh Airsnort hoc WEP Crack s cho php hacker c th ph v kho m ho nu h thu thp t 5 n 10 triu gi tin trn mt mng khng dy. Vi nhng kho m ho 128 bit cng khng kh hn: 24 bit cho khi to m ho nn ch c 104 bit c s dng m ho, v cch thc cng ging nh m ho c di 64 bit nn m ho 128 bit cng d dng b b kho. - Ngoi ra, nhng im yu trong nhng vector khi to kho m ho gip cho hacker c th tm ra mt khu nhanh hn vi t gi thng tin hn rt nhiu. - Ch c chng thc mt chiu: Client chng thc vi AP m khng c chng thc tnh hp php ca AP vi Client - WEP cn thiu c ch cung cp v qun l m kha. Khi s dng kha tnh, nhiu ngi dng kha dng chung trong mt thi gian di. Bng my tnh x l tc cao hin nay k tn cng cng c th bt nhng bn tin m ha ny gii m ra m kha m ha mt cch n gin. Nu gi s mt my tnh trong mng b mt hoc b nh cp s dn n nguy c l kha dng chung m cc my khc cng ang dng. Hn na, vic dng chung kha, th nguy c lu lng thng tin b tn cng nghe trm s cao hn. 4.4.2. Bo mt bng WPA/WPA2.

T chc Lin minh cc nh sn xut ln v thit b wifi Wifi Alliance, c thnh lp gip m bo tnh tng thch gia cc sn phm wifi ca cc hng khc nhau. Nhm ci thin mc an ton v mt thng tin trong mng 802.11 m khng cn yu cu nng cp phn cng, Wifi Alliance thng qua TKIP nh mt

69

tiu chun bo mt cn thit khi trin khai mng li c cp chng nhn Wifi. Kiu bo mt ny c gi vi tn l WPA. WPA ra i trc khi chun IEEE 802.11i 2004 c chnh thc thng qua. N bao gm vic qun l kha v qu trnh xc thc. Tip sau , WPA2 c a ra, nh mt tiu chun bo mt bm st hn theo chun 802.11i ca IEEE. im khc bit ln nht gia WPA v WPA2 l thay v s dng AES m bo tnh bo mt v ton vn d liu th WPA dng TKIP cho vic m ha v thut ton Michael cho vic xc thc trn tng gi d liu. Mi phin bn ca WPA u c chia thnh hai loi: Personal dnh cho h gia nh v vn phng quy m nh, Enterprise dnh cho doanh nghip ln c c s h tng mng y . im khc bit duy nht ng k gia hai loi ny l hnh thc c c kha PMK. Vi Personal, kha PMK sinh ra t kha tnh c nhp vo th cng trn AP v cc STA. R rng cch lm ny l khng kh thi i vi cc mng li c quy m ln. Do trong Enterprise, kha PMK nhn c t qu trnh xc thc IEEE 802.1X/EAP. Vic cp pht kha ny l hon ton t ng v tng i an ton. Sau khi xc thc ln nhau ri, STA v my ch xc thc xy dng kha PMK da trn cc thng tin bit. Kha ny l ging nhau trn c STA v my ch xc thc. My ch xc thc s tin hnh sao chp mt bn kha PMK ny ri gi v cho AP. Lc ny, c AP v STA u nhn c kha PMK ph hp. Trong thc t, my ch xc thc thng c s dng l my ch RADIUS. So snh gia WEP, WPA v WPA2 WEP L thnh phn ty chn trong chun IEE802.11 Kha WEP c cu hnh th cng trn AP v STA WPA Tiu chun an ninh ca Wifi Alliance t ra Khuyn ngh nn s dng xc thc 802.1X/EAP nhn kha t ng. C h tr ci t kha th cng nh WEP Tng t WEP S dng phng php m ha v tin tin hn qu WPA2 Tng t WPA

Tng t WPA S dng m ha khi c s dng m ha dng TKIP Tng t WPA

S dng m ha dng M ha trn tng gi tin da vo vic thay i gi

70

tr IV, gi tr ny c kt hp trc tip vi PMK to thnh kha di kha nh 64 bit hay 128 bit S dng thut ton CRC kim tra tnh ton vn nn mc bo mt thp Khng c kh nng xc thc hai chiu Phng php n gin khng yu cu nng lc cao v phn cng Thch hp vi mng qui m nh

trnh to kha c thng qua kha trung gian PTK di kha ln kt hp nhiu thnh phn thng Tng t WPA tin sinh kha S dng thut ton S dng CCMP/AES Michael tnh ton ra tnh ton m MIC. C m MIC. C tin cy tin cy cao nht hn CRC H tr xc thc hai chiu, Tng t WPA s dng IEE 802.1X/EAP Tng i phc tp hn Phc tp yu cu cao WEP nhng cng khng v nng lc x l yu cao v phn cng phn cng Ph hp vi mng quy m Ph hp mng ln nh v trung bnh nh doanh nghip

WPA c nh gi l km an ton hn so vi ngi anh em WPA2. Tuy nhin, li th ca WPA l khng yu cu cao v phn cng. Do WPA s dng TKIP m ha theo thut ton RC4 ging nh WEP nn hu ht cc card mng khng dy c h tr WEP ch cn c nng cp firmware l c th hot ng tng thch vi tiu chun ca WPA. WPA2 s dng CCMP/AES cho vic m ha d liu v kim tra tnh ton vn ca gi tin. CCMP/AES l mt c ch m ha rt mnh v phc tp do yu cu cao v nng lc x l ca chip. Cng chnh v iu ny m hin nay WPA2 cha c trin khai rng di nh WPA. L do l WPA2 cn phi nng cp v mt phn cng, tn km hn nhiu so vi vic cp nht firmware i vi WPA. Tuy nhin, vi cc h thng mng yu cu mc an ninh cao th khuyn ngh nn s dng WPA2. Vic la chn tiu chun an ninh no l hon ton ph thuc vo s cn bng gia tim lc ti chnh v mc an ton thng tin cn m bo. 4.4.4. Bo mt bng TKIP

71

L gii php ca IEEE c pht trin nm 2004. L mt nng cp cho WEP nhm v nhng vn bo mt trong ci t m dng RC4 trong WEP. TKIP dng hm bm(hashing) IV chng li vic gi mo gi tin, n cng cung cp phng thc kim tra tnh ton vn ca thng ip MIC (message integrity check ) m bo tnh chnh xc ca gi tin. TKIP s dng kha ng bng cch t cho mi frame mt chui s ring chng li dng tn cng gi mo. 4.4.5. Bo mt bng AES

L mt chc nng m ha c ph chun bi NIST (Nation Instutute of Standard and Technology). IEEE thit k mt ch cho AES p ng nhu cu ca mng WLAN. Ch ny c gi l CBC-CTR(Cipher Block Chaining Counter Mode) vi CBC-MAC(Cipher Block Chaining Message Authenticity Check). T hp ca chng c gi l AES-CCM . Ch CCM l s kt hp ca m ha CBC-CTR v thut ton xc thc thng ip CBC-MAC. S kt hp ny cung cp c vic m ha cng nh kim tra tnh ton vn ca d liu gi M ha CBC-CTR s dng mt bin m b sung cho chui kha. Bin m s tng ln 1 sao khi m ha cho mi khi(block). Tin trnh ny m bo ch c duy nht mt kha cho mi khi. Chui k t cha c m ha s c phn mnh ra thnh cc khi 16 byte.CBC-MAC hot ng bng cch s dng kt qu ca m ha CBC cng vi chiu di frame, a ch ngun, a ch ch v d liu. Kt qu s cho ra gi tr 128 bit v c ct thnh 64 bit s dng lc truyn thng.AESCCM yu cu chi ph kh ln cho c qu trnh m ha v kim tra tnh ton vn ca d liu gi nn tiu tn rt nhiu nng lc x l ca CPU kh ln. 4.4.6 Lc (Filtering).

Lc l c ch bo mt c bn c th s dng cng vi WEP. Lc hot ng ging nh Access list trn router, cm nhng ci khng mong mun v cho php nhng ci mong mun. C ba kiu lc c bn c th c s dng trong WLAN: Lc SSID. Lc c a ch MAC.

72

Lc giao thc (Filtering Protocol). 4.4.6.1. Lc SSID Lc SSID l mt phng thc c bn ca lc v ch nn c s dng cho vic iu khin truy cp c bn. SSID ca client phi khp vi SSID ca AP c th xc thc v kt ni vi tp dch v. SSID c qung b m khng c m ha trong cc Beacon nn rt d b pht hin bng cch s dng cc phn mm. Mt s sai lm m ngi s dng WLAN mc phi trong vic qun l SSID gm: - S dng gi tr SSID mc nh to iu kin cho hacker d tm a ch MAC ca AP. - S dng SSID c lin quan n cng ty. - S dng SSID nh l phng thc bo mt ca cng ty. - Qung b SSID mt cch khng cn thit. 4.4.6.2. Lc a ch MAC Hu ht cc AP u c chc nng lc a ch MAC. Ngi qun tr c th xy dng danh sch cc a ch MAC c cho php.Nu client c a ch MAC khng nm trong danh sch lc a ch MAC ca AP th AP s ngn chn khng cho php client kt ni vo mng. Nu cng ty c nhiu client th c th xy dng my ch RADIUS c chc nng lc a ch MAC thay v AP. Cu hnh lc a ch MAC l gii php bo mt c tnh m rng cao. n gin ch nhp a ch MAC vo my ch RADIUS cng vi thng tin nh danh ca ngi dng. My ch RADIUS thng ch n mt ngun chng thc khc, v th mt ngun chng thc l cn thit c th h tr lc a ch MAC.

73

Hnh 4.10: Th hin tin trnh xc thc MAC Lc a ch MAC c th hot ng theo ngc li. V d, ta xem xt trng hp nhn vin ri khi cng ty v mang theo card mng khng dy ca mng khng dy ca h. Card WLAN ny cha dng kha WEP v lc a ch MAC. Ngi qun tr c th to ra bng lc trn tt c cc AP khng cho php a ch MAC ca nhn vin ri khi cng ty. Nu lc a ch MAC c s dng trong mng khi card WLAN b mt, ta c th xo a ch MAC ca card ra khi danh sch cho php.

74

Hnh 4.11: Lc a ch Mac Mc d a ch MAC dng nh l mt phng thc tt bo mt mng WLAN trong mt s trng hp. Tuy nhin vn b tn cng trong cc trng hp sau: nh cp card WLAN c trong danh sch cho php ca AP. Lng nghe lu lng trong mng WLAN, sau n gi mo i ch MAC u gi lm vic. Lc a ch MAC rt thch hp cho gia nh v vn phng nh ni c t client. 4.4.6.3. Lc Giao Thc Mng Lan khng dy c th lc cc gi i qua mng da trn cc giao thc t lp 2 n lp 7. Trong nhiu trng hp cc nh sn xut lm cho lc giao thc c th c cu hnh mt cch c lp cho c on mng c dy v on mng khng dy trn AP.

75

Hnh 4.12: Lc giao thc Hy tng tng trng hp trong c mt cu ni nhm khng dy (Wireless Workgroup Bidge) c t trong mt to nh xa trong mng WLAN campus kt ni ngc li AP to nh chnh. Bi v tt ngi dng trong to nh xa chia s bng thng 5 Mbps gia to nh ny trong mt s phng thc iu khin phi c s dng. Nu cc kt ni ny c ci t vi mc ch c bit ca s truy nhp internet ca ngi s dng, th b lc giao thc s loi tr tt c cc giao thc, ngoi tr HTTP, SMTP, HTTPS, FTP Kh nng lc giao thc nh vy l rt hu ch trong vic qun l s dng mi trng dng chung. 4.5. Tng kt chng Qua chng ny chng ta tm hiu c cch thc m ha, mt m khi mt m dng l cn bn hnh thnh m ha WEP. Bit c u nhc im ca chun m ha WEP cng nh v sao WEP c dung ph bin. Tm hiu c mt s chun bo mt nh WPA, WPA2, TKIP, AES. Kho st mt s k thut lc gim st v hn ch tc nhn bt hp php truy cp vo mng khng dy.

76

CHNG 5: CC KIU TN CNG TRONG WLAN

5.1. S khc nhau gia tn cng mng c dy v khng dy Mng my tnh khng dy cng mang nhng c trng c bn ca mt mng my tnh v hu tuyn v th vic tn cng v cc bin php ngn chn cng da theo cc nguyn l trnh by chng trc, nhn chung c mt s c im sau y: Vic tn cng mng Lan khng i hi nhiu v phn cng, trong khi tn mng WLan th ngc li, n i hi card mng ca bn phi c chc nng monitor v kh nng inject packet. Card wireless vo ch monitor mode tng t nh t mt card Ethernet hu tuyn bnh thng vo ch promiscuous mode. Trong c hai trng hp, bn thy tt c gi i qua dy hoc knh. Tuy nhin, mt s khc bit chnh l khi bn t mt card Ethernet vo ch promiscuous mode bn chc chn thy lu lng ch trn mng m bn ang kt ni. iu ny khng phi nh vy vi cc card wireless bi v ph 2.4 GHz khng c bn quyn, n l mt phng tin chia s. mt card no h tr ch monitor mode cn phi c hai iu kin. Th nht, chipset trong chnh card, h tr ch ny, th hai, driver m bn s dng cho card, cng phi h tr ch monitor mode. R rng chn mt card h tr ch monitor mode l bc u tin quan trng cho vic hack mt mng wireless. Ngoi ra t nhng c th ring ca mng khng dy v khng gian truyn sng nn n chu nhng kiu tn cng khc, mt s kiu tn cng c trng ca mng khng dy l: Tn cng b ng (Nghe ln). Tn cng ch ng (Kt ni, thm d v cu hnh mng). Tn cng gy nghn (Jamming). Tn cng theo kiu ngi ng gia (Man-in-the middle). 5.2. Tn cng b ng (Passive attack)

Tn cng b ng hay nghe ln l mt phng php tn cng WLAN n gin nht nhng rt hiu qu. Tn cng b ng khng th li du vt no chng t c s hin din ca hacker trong mng v hacker khng tht s kt ni vi AP lng

77

nghe cc gi tin truyn trong mng khng dy. Phn mm d thm WLAN hay cc ng dng min ph c th c thu thp thng tin v mng khng dy khong cch xa bng cch s dng anten nh hng. Phng thc ny cho php hacker gi khong cch mng, khng li du vt trong khi lng nghe v thu thp c nhng thng tin qu gi.

Hnh 5.1: Tn cng b ng Cc phng thc thng dng trong tn cng b ng: Nghe trm (Sniffing, Eavesdropping), phn tch lung thng tin (Traffic analyst).

Hnh 5.2: Cc kiu tn cng b ng 5.2.1. Phng thc bt gi tin (Sniffing).

78

Bt gi tin l khi nim c th ca khi nim tng qut Nghe trm Eavesdropping s dng trong mng my tnh.C l l phng php n gin nht, tuy nhin n vn c hiu qu i vi vic tn cng WLAN. Bt gi tin c th hiu nh l mt phng thc ly trm thng tin khi t mt thit b thu nm trong hoc nm gn vng ph sng. Tn cng kiu bt gi tin s kh b pht hin ra s c mt ca thit b bt gi d thit b nm trong hoc nm gn vng ph sng nu thit b khng thc s kt ni ti AP thu cc gi tin.Vic bt gi tin mng c dy thng c thc hin da trn cc thit b phn cng mng, v d nh vic s dng phn mm bt gi tin trn phn iu khin thng tin ra vo ca mt card mng trn my tnh, c ngha l cng phi bit loi thit b phn cng s dng, phi tm cch ci t phn mm bt gi ln , vv.. tc l khng n gin. i vi mng khng dy, nguyn l trn vn ng nhng khng nht thit phi s dng v c nhiu cch ly thng tin n gin, d dng hn nhiu. Bi v i vi mng khng dy, thng tin c pht trn mi trng truyn sng v ai cng c th thu c. Nhng chng trnh bt gi tin c kh nng ly cc thng tin quan trng, mt khu, .. t cc qu trnh trao i thng tin trn my bn vi cc site HTTP, email, cc instant messenger, cc phin FTP, cc phin telnet nu nhng thng tin trao i di dng vn bn khng m ha (clear text). C nhng chng trnh c th ly c mt khu trn mng khng dy ca qu trnh trao i gia Client v Server khi ang thc hin qu trnh nhp mt khu ng nhp. Cng t vic bt gi tin, c th nm c thng tin, phn tch c lu lng ca mng (Traffic analysis) , ph nng lng trong khng gian ca cc vng. T m k tn cng c th bit ch no sng truyn tt, ch no km, ch no tp trung nhiu my. Nh bt gi tin ngoi vic trc tip gip cho qu trnh ph hoi, n cn gin tip l tin cho cc phng thc ph hoi khc. Bt gi tin l c s ca cc phng thc tn cng nh n trm thng tin, thu thp thng tin phn b mng (wardriving), d m, b m (Key crack), vv .. Cng c s dng bt gi tin l wireshark. Wardriving: L mt thut ng ch thu thp thng tin v tnh hnh phn b cc thit b, vng ph sng, cu hnh ca mng khng dy. Ngy nay nhng k tn cng cn c th s dng cc thit b hin i nh b thu pht v tinh GPS xy dng thnh mt bn thng tin trn mt phm vi ln. Phn mm thng dng l NetStumbler.

79

Bin php ngn chn: V bt gi tin l phng thc tn cng kiu b ng nn rt kh pht hin v do c im truyn sng trong khng gian nn khng th phng nga vic nghe trm ca k tn cng. Gii php ra y l nng cao kh nng m ha thng tin sao cho k tn cng khng th gii m c, khi thng tin ly c s thnh v gi tr i vi k tn cng. 5.3. Tn cng ch ng (Active Attack).

Hacker c th tn cng ch ng (active) thc hin mt s tc v trn mng. Mt cuc tn cng ch ng c th c s dng truy cp vo server v ly c nhng d liu c gi tr hay s dng ng kt ni Internet ca doanh nghip thc hin nhng mc ch ph hoi hay thm ch l thay i cu hnh ca h tng mng. Bng cch kt ni vi mng khng dy thng qua AP, hacker c th xm nhp su hn vo mng hoc c th thay i cu hnh ca mng. V d, mt hacker c th sa i thm MAC address ca hacker vo danh sch cho php ca MAC filter trn AP hay v hiu ha tnh nng MAC filter gip cho vic t nhp sau ny d dng hn. Admin thm ch khng bit c thay i ny trong mt thi gian di nu nh khng kim tra thng xuyn. Mt s v d in hnh ca active attack c th bao gm cc Spammer hay cc i th cnh tranh mun t nhp vo c s d liu ca cng ty bn. Mt spammer (k pht tn th rc) c th gi mt lc nhiu mail n mng ca gia nh hay doanh nghip thng qua kt ni khng dy WLAN. Sau khi c c a ch IP t DHCP server, hacker c th gi c ngn bc th s dng kt ni internet ca bn m bn khng h bit. Kiu tn cng ny c th lm cho ISP ca bn ngt kt ni email ca bn v lm dng gi nhiu mail mc d khng phi li ca bn.i th cnh tranh c th mun c c danh sch khch hng ca bn cng vi nhng thng tin lin h hay thm ch l bng lng c mc cnh tranh tt hn hay ginh ly khch hng ca bn. Nhng kiu tn cng ny xy ra thng xuyn m admin khng h hay bit. Mt khi hacker c c kt ni khng dy vo mng ca bn, hn c th truy cp vo server, s dng kt ni WAN, Internet hay truy cp n laptop, desktop ngi dng. Cng vi mt s cng c n gin, hacker c th d dng thu thp c nhng thng tin quan trng, gi mo ngi dng hay thm

80

ch gy thit hi cho mng bng cch cu hnh sai. D tm server bng cch qut cng, to ra phin lm vic NULL chia s hay crack password, sau ng nhp vo server bng account crack c l nhng iu m hacker c th lm i vi mng ca bn.

Hnh 5.3: Th hin tn cng ch ng So vi kiu tn cng b ng th tn cng ch ng c nhiu phng thc a dng hn, v d nh: Tn cng t chi dch v (DOS), Sa i thng tin (Message Modification), ng gi, mo danh, che du (Masquerade), Lp li thng tin (Replay), Bomb, spam mail..

Hnh 5.4: Cc kiu tn cng ch ng

81

5.3.1.

Mo danh truy cp tri php

Nguyn l thc hin: Vic mo danh, truy cp tri php l hnh ng tn cng ca k tn cng i vi bt k mt loi hnh mng my tnh no, v i vi mng khng dy cng nh vy. Mt trong nhng cch ph bin l mt my tnh tn cng bn ngoi gi mo l my bn trong mng, xin kt ni vo mng ri truy cp tri php ngun ti nguyn trn mng. Vic gi mo ny c thc hin bng cch gi mo a ch MAC, a ch IP ca thit b mng trn my tn cng thnh cc gi tr ca my ang s dng trong mng, lm cho h thng hiu nhm v cho php thc hin kt ni. V d vic thay i gi tr MAC ca card mng khng dy trn my tnh s dng h iu hnh Windows hay UNIX u ht sc d dng, ch cn qua mt s thao tc c bn ca ngi s dng. Cc thng tin v a ch MAC, a ch IP cn gi mo c th ly t vic bt trm gi tin trn mng. Bin php ngn chn: Vic gi gn bo mt my tnh mnh ang s dng, khng cho ai vo dng tri php l mt nguyn l rt n gin nhng li khng tha ngn chn vic mo danh ny. Vic mo danh c th xy ra cn do qu trnh chng thc gia cc bn cn cha cht ch, v vy cn phi nng cao kh nng ny gia cc bn. 5.3.2. Tn cng t chi dch v-DOS.

Nguyn l thc hin: Vi mng my tnh khng dy v mng c dy th khng c khc bit c bn v cc kiu tn cng DOS ( Denied of Service ) cc tng ng dng v vn chuyn nhng gia cc tng mng, lin kt d liu v vt l li c s khc bit ln. Chnh iu ny lm tng nguy him ca kiu tn cng DOS trong mng my tnh khng dy. Trc khi thc hin tn cng DOS, k tn cng c th s dng chng trnh phn tch lu lng mng bit c ch no ang tp trung nhiu lu lng, s lng x l nhiu, v k tn cng s tp trung tn cng DOS vo nhng v tr nhanh t c hiu qu hn. Cc kiu tn cng thng dng: - Tn cng DOS tng vt l: Tn cng DOS tng vt l mng c dy mun thc hin c th yu cu k tn cng phi gn cc my tnh trong mng. iu ny li khng ng trong mng khng dy. Vi mng ny, bt k mi

82

trng no cng d b tn cng v k tn cng c th xm nhp vo tng vt l t mt khong cch rt xa, c th l t bn ngoi thay v phi ng bn trong ta nh. Trong mng my tnh c dy khi b tn cng th thng li cc du hiu d nhn bit nh l cp b hng, dch chuyn cp, hnh nh c ghi li t camera, th vi mng khng dy li khng li bt k mt du hiu no. 802.11 PHY a ra mt phm vi gii hn cc tn s trong giao tip. Mt k tn cng c th to ra mt thit b lm bo ha di tn 802.11 vi nhiu. Nh vy, nu thit b to ra nhiu tn s v tuyn th s lm gim tn hiu / t l nhiu ti mc khng phn bit c dn n cc STA nm trong di tn nhiu s b ngng hot ng. Cc thit b s khng th phn bit c tn hiu mng mt cch chnh xc t tt c cc nhiu xy ra ngu nhin ang c to ra v do s khng th giao tip c. Tn cng theo kiu ny khng phi l s e do nghim trng, n kh c th thc hin ph bin do vn gi c ca thit b, n qu t trong khi k tn cng ch tm thi v hiu ha c mng. - Tn cng DOS tng lin kt d liu: Do tng lin kt d liu k tn cng cng c th truy cp bt k u nn li mt ln na to ra nhiu c hi cho kiu tn cng DOS. Thm ch khi WEP c bt, k tn cng c th thc hin mt s cuc tn cng DOS bng cch truy cp ti thng tin lp lin kt. Khi khng c WEP, k tn cng truy cp ton b ti cc lin kt gia cc STA v AP chm dt truy cp ti mng. Nu mt AP s dng khng ng anten nh hng k tn cng c nhiu kh nng t chi truy cp t cc client lin kt ti AP. Anten nh hng i khi cn c dng ph sng nhiu khu vc hn vi mt AP bng cch dng cc anten. Nu anten nh hng khng ph sng vi khong cch cc vng l nh nhau, k tn cng c th t chi dch v ti cc trm lin kt bng cch li dng s sp t khng ng ny, iu c th c minh ha hnh di y.

83

Hnh 5.6: Tn cng Dos tng d liu - Gi thit anten nh hng A v B c gn vo AP v chng c sp t ph sng c hai bn bc tng mt cch c lp. Client A bn tri bc tng, v vy AP s chn anten A cho vic gi v nhn cc khung. Client B bn tri bc tng, v vy chn vic gi v nhn cc khung vi anten B. Client B c th loi client A ra khi mng bng cch thay i a ch MAC ca Client B ging ht vi Client A. Khi Client B phi chc chn rng tn hiu pht ra t anten B mnh hn tn hiu m Client A nhn c t anten A bng vic dng mt b khuch i hoc cc k thut khuch i khc nhau. Nh vy AP s gi v nhn cc khung ng vi a ch MAC anten B. Cc khung ca Client A s b t chi chng no m Client B tip tc gi lu lng ti AP. - Tn cng DOS tng mng: Nu mt mng cho php bt k mt client no kt ni, n d b tn cng DOS tng mng. Mng my tnh khng dy chun 802.11 l mi trng chia s ti nguyn. Mt ngi bt hp php c th xm nhp vo mng, t chi truy cp ti cc thit b c lin kt vi AP. V d nh k tn cng c th xm nhp vo mng 802.11b v gi i hng lot cc gi tin ICMP qua cng gateway. Trong khi cng gateway c th vn thng

84

sut lu lng mng, th di tn chung ca 802.11b li d dng b bo ha. Cc Client khc lin kt vi AP ny s gi cc gi tin rt kh khn. Bin php ngn chn: Bin php mang tnh cc oan hiu qu nht l chn v lc b i tt c cc bn tin m DOS hay s dng, nh vy c th s chn b lun c nhng bn tin hu ch. gii quyt tt hn, cn c nhng thut ton thng minh nhn dng tn cng attack detection, da vo nhng c im nh gi bn tin lin tc, bn tin ging ht nhau, bn tin khng c ngha, ... Thut ton ny s phn bit bn tin c ch vi cc cuc tn cng, c bin php lc b. 5.3.3. Tn cng cng ot iu khin v sa i thng tin.

Nguyn l thc hin: C rt nhiu k thut tn cng cng ot iu khin. Khc vi cc kiu tn cng khc, h thng mng rt kh phn bit u l k tn cng cng ot iu khin, u l mt ngi s dng hp php. nh ngha: C nhiu cc phn mm thc hin Hijack. Khi mt gi tin TCP/IP i qua Switch, Router hay AP, cc thit b ny s xem phn a ch ch n ca gi tin, nu a ch ny nm trong mng m thit b qun l th gi tin s chuyn trc tip n a ch ch, cn nu a ch khng nm trong mng m thit b qun l th gi tin s c a ra cng ngoi (default gateway) tip tc chuyn n thit b khc.Nu k tn cng c th sa i gi tr default gateway ca thit b mng tr vo my tnh ca hn, nh vy c ngha l cc kt ni ra bn ngoi u i vo my ca hn. V ng nhin l k tn cng c th ly c ton b thng tin la chn ra cc bn tin yu cu, cp php chng thc gii m, b kha mt m. mt mc tinh vi hn, k tn cng ch la chn mt s bn tin cn thit nh tuyn n n, sau khi ly c ni dung bn tin, k tn cng c th sa i li ni dung theo mc ch ring sau li tip tc chuyn tip (forward) bn tin n ng a ch ch. Nh vy bn tin b chn, ly, sa i trong qu trnh truyn m pha gi ln pha nhn khng pht hin ra. y cng ging nguyn l ca kiu tn cng thu ht (man in the back), tn cng s dng AP gi mo (rogue AP).

85

Hnh 5.7: Tn cng gi mo AP AP gi mo - Rogue AP: l mt kiu tn cng bng cch s dng 1 AP t trong vng gn vi vng ph sng ca mng WLAN. Cc Client khi di chuyn n gn Rogue AP, theo nguyn l chuyn giao vng ph sng gia m cc AP qun l, my Client s t ng lin kt vi AP gi mo v cung cp cc thng tin ca mng WLAN cho AP. Vic s dng AP gi mo, hot ng cng tn s vi cc AP khc c th gy ra nhiu sng ging nh trong phng thc tn cng chn p, n cng gy tc hi ging tn cng t chi dch v - DOS v khi b nhiu sng, vic trao i cc gi tin s b khng thnh cng nhiu v phi truyn i truyn li nhiu ln, dn n vic tc nghn, cn kit ti nguyn mng. Bin php ngn chn: Tn cng kiu Hijack thng c tc nhanh, phm vi rng v vy cn phi c cc bin php ngn chn kp thi. Hijack thng thc hin khi k tn cng t nhp kh su trong h thng, v th cn phi ngn chn t nhng du hiu ban u. Vi kiu tn cng AP Rogue, bin php ngn chn gi mo l phi c s chng thc hai chiu gia Client v AP thay cho vic chng thc mt chiu t Client n AP. 5.3.4. D mt khu bng t in

86

Nguyn l thc hin: Vic d mt khu da trn nguyn l qut tt c cc trng hp c th sinh ra t t hp ca cc k t. Nguyn l ny c th c thc thi c th bng nhng phng php khc nhau nh qut t trn xung di, t di ln trn, t s n ch, vv... Vic qut th ny tn nhiu thi gian ngay c trn nhng th h my tnh tin tin bi v s trng hp t hp ra l cc k nhiu. Thc t l khi t mt mt m (password), nhiu ngi thng dng cc t ng c ngha, n l hoc ghp li vi nhau, v d nh 123456, abc, 123abc, vv.. Trn c s mt nguyn l mi c a ra l s qut mt khu theo cc trng hp theo cc t ng trn mt b t in c sn, nu khng tm ra lc mi qut t hp cc trng hp. B t in ny gm nhng t ng c s dng trong cuc sng, trong x hi,.... v n lun c cp nht b sung tng kh nng thng minh ca b ph m. Bin php ngn chn: ngn chn vi kiu d mt khu ny, cn xy dng mt quy trnh t mt khu phc tp hn, a dng hn trnh nhng t hp t, v gy kh khn cho vic qut t hp cc trng hp. V d quy trnh t mt khu phi nh sau: - Mt khu di ti thiu mi k t. - C c ch thng v ch hoa. - C c ch, s, v c th l cc k t c bit nh !, @,#,$. - Trnh trng vi tn ng k, tn ti khon, ngy sinh - Khng nn s dng cc t ng ngn n gin c trong t in. 5.4. Jamming (tn cng bng cch gy ghn) Jamming l mt k thut c s dng ch n gin lm hng (shut down) mng khng dy ca bn. Tng t nh nhng k ph hoi s dng tn cng DoS vo mt web server lm nghn server th mng WLAN cng c th b shut down bng cch gy nghn tn hiu RF. Nhng tn hiu gy nghn ny c th l c hay v v c th loi b c hay khng loi b c. Khi mt hacker ch ng tn cng jamming, hacker c th s dng mt thit b WLAN c bit, thit b ny l b pht tn hiu RF cng sut cao hay sweep generator. loi b kiu tn cng ny th yu cu u tin l phi xc nh c ngun tn hiu RF. Vic ny c th lm bng cch s dng mt Spectrum Analyzer (my

87

phn tch ph). C nhiu loi Spectrum Analyzer trn th trng nhng bn nn dng loi cm tay, dng pin cho tin s dng. Mt cch khc l dng cc ng dng Spectrum Analyzer phn mm km theo cc sn phm WLAN cho client. Khi ngun gy ra jamming l khng th di chuyn c v khng gy hi nh thp truyn thng hay cc h thng hp php khc th admin nn xem xt s dng dy tn s khc cho mng WLAN. V d, nu admin chu trch nhim thit k v ci t mng WLAN cho mi trng rng ln, phc tp th cn phi xem xt k cng. Nu nh ngun nhiu RF tri rng hn 2.4 Ghz nh b m, l vi sng th admin nn s dng nhng thit b theo chun 802.11a hot ng trong bng tn 5 Ghz UNII thay v s dng nhng thit b 802.11b/g hot ng trong bng tn 2.4 Ghz s d b nhiu. Jamming do v xut hin thng xuyn do nhiu thit b khc nhau chia s chung bng tn 2.4 ISM vi mng WLAN. Jamming mt cch ch ng thng khng ph bin lm, l do l bi v thc hin c jamming th rt tn km, gi ca thit b rt mc tin, kt qu t c ch l tm thi shutdown mng trong thi gian ngn.

Hnh 5.8: Tn cng gy nghn

88

5.5. Tn cng theo kiu ng gia(Man-in-the-middle Attack) Tn cng theo kiu Man-in-the-middle l trng hp trong hacker s dng mt AP nh cp cc node di ng bng cch gi tn hiu RF mnh hn AP hp php n cc node . Cc node di ng nhn thy c AP pht tn hiu RF tt hn nn s kt ni n AP gi mo ny, truyn d liu c th l nhng d liu nhy cm n AP gi mo v hacker c ton quyn x l. lm cho client kt ni li n AP gi mo th cng sut pht ca AP gi mo phi cao hn nhiu so vi AP hp php trong vng ph sng ca n. Vic kt ni li vi AP gi mo c xem nh l mt phn ca roaming nn ngi dng s khng h bit c. Vic a ngun nhiu ton knh (all-band interference - chng hn nh bluetooth) vo vng ph sng ca AP hp php s buc client phi roaming. Hacker mun tn cng theo kiu Man-in-the-middle ny trc tin phi bit c gi tr SSID l cc client ang s dng (gi tr ny rt d dng c c). Sau , hacker phi bit c gi tr WEP key nu mng c s dng WEP. Kt ni upstream (vi mng trc c dy) t AP gi mo c iu khin thng qua mt thit b client nh PC card hay Workgroup Bridge. Nhiu khi, tn cng Man-in-themiddle c thc hin ch vi mt laptop v hai PCMCIA card. Phn mm AP chy trn my laptop ni PC card c s dng nh l mt AP v mt PC card th hai c s dng kt ni laptop n AP hp php gn . Trong cu hnh ny, laptop chnh l man-in-the-middle (ngi gia), hot ng gia client v AP hp php. T hacker c th ly c nhng thng tin gi tr bng cch s dng cc sniffer trn my laptop. im ct yu trong kiu tn cng ny l ngi dng khng th nhn bit c. V th, s lng thng tin m hacker c th thu c ch ph thuc vo thi gian m hacker c th duy tr trng thi ny trc khi b pht hin.

89

Hnh 5.9: Tn cng Man In Middle Attack Bin php ngn chn: Bo mt vt l l phng php tt nht cho vic phng chng kiu tn cng ny. Chng ta c th s dng cc IDS (h thng ph hin xm nhp) d ra cc thit b dng tn cng. 5.4. Tng kt chng Qua chng ny chng ta bit c mt s kiu tn cng c th vo mng khng dy nh tn cng Jamming, man in middle attack, tn cng ch ng, b ng v mt s kiu tn cng da trn cch thc tn cng trn. Nh i phn tch tng kiu tn cng m chng ta c cch phng chng cc tc nhn gy hi cho h thng mng khng dy ca mnh hay doanh nghip.

90

CHNG 6: DEMO TN CNG VO MNG KHNG DY

6.1. B kha mt khu mng wifi chun WEP B cng c crack (b kha) WEP tt nht c pht trin bi nhm Aircrack-ng, y cng chnh l b cng c m chng ta s dng. Aircrack-ng l b chng trnh c vit vi mc ch cng ph kha mng WEP v WPA-PSK. Trong khi b chng trnh ny gm tng cng by chng trnh c lp v mt vi cng c nh khc, ti y chng ti ch s dng bn cng c sau: airmon-ng: Dng chuyn card wireless sang dng monitor (ch nghe ngng v ghi nhn tn hiu). airodump-ng: Dng pht hin ra WLAN v bt cc gi d liu (packet capture). aireplay-ng: To ra dng tn hiu. aircrack-ng: Tm ra m kha WEP. Cn mt iu kin khng km phn quan trng l h iu hnh BackTrack4. Card WLAN phi c kh nng hot ng ch monitor mode. iu ny ngha l card WLAN c th bt c tt c nhng gi d liu m n pht hin ra m khng ch gii hn nhng gi d liu c gi n a ch MAC ca n. 6.2. Cc bc thc hin Bc 1: Chng ta s dng lnh airmon-ng a card WLAN vo ch monitor . Sau tip tc vi lnh airmon-ng start wlan0 khi ng li adapter ch monitor.

91

Hnh 6.1: a card mng WLAN vo ch monitor Bn c th kim tra rng ch monitor mode ang c kch hot bng cch g lnh iwconfig. By gi, khi adapter ch monitor mode, chng ta c th bt u qut tm ra mng wireless. Trn thc t, nu ai ang c gng tn cng mt mng wireless, u cn c mt s thng tin cn thit. Chng ta ang tm kim cc AP s dng ch m ha WEP v ang c t nht mt my khch (client) ang kt ni ti n. My khch i km ny l quan trng bi v bn cn c c a ch MAC ca client ny s dng n tn cng vi ARP Replay to ra dng d liu. Nu AP khng c client no ang kt ni, hy di chuyn n mt AP khc. Chng ta cn c ba thng tin bt dng d liu, to iu kin cho aircrack hot ng: a ch MAC / BSSID ca AP mc tiu.

92

a ch MAC / BSSID ca my trm kt ni vi AP. Knh (channel) ang c s dng bi AP mc tiu v my trm. Bc 2: Khi ng airodump-ng thu thp thng tin v cc mng chun b tn cng bng cch g lnh: airodump-ng --ivs --write capturefile wlan0. La chn --ivs nhm mc ch ch ghi li nhng gi d liu IVs bt c (mt phn ca dng d liu lu thng cn thit cho vic crack WEP) di dng cc files vi phn u ca tn files c quy nh bng --write "capturefile". Nhng du gch lin tip (--) l mt dng di hn d c hn i vi cc dng lnh ca airodump.

Hnh 6.2: Tm thng tin cho vic b kha Hnh trn cho thy c Mt trm (STA) c BSSID 00:1E:65:73:65:16 kt ni vi AP Kimlong ESSID c BSSID 00:1A:70:D6:54:E4. Bn c th kim tra xem STA no ang kt ni vi AP no bng cch so snh a ch MAC ca AP (BSSID) hai nhm. Hnh 6.2 cng cho thy rng AP Kimlong AP ang dng Channel 6.

93

V nh vy ba thng tin m chng ta cn c c thu thp: a ch MAC / BSSID ca AP mc tiu l 00:1A:70:D6:54:E4. a ch MAC / BSSID ca my trm kt ni vi AP l 00:1E:65:73:65:16. Knh (channel) ang c s dng bi AP mc tiu v my trm l 6. Ct PWR trong nhm cc AP cho thy mc mnh ca tn hiu (signal level). Nu bn mun chn mt AP l mc tiu trong s nhiu AP xut hin trong bng, hy chn AP no c ch s PWR cao v iu ny ng ngha vi mc tn hiu cao v tn hiu mnh bng tc bt gi d liu cao. Khi chng ta xc nh c AP mc tiu s dng ch bo mt WEP, chng ta cn bt cc Ivs bng airodump cho aircrack-ng s dng. Ct #Data trong airodump-ng cho bit c bao nhiu IVs bt c v ct #/s cho bit tc bt d liu trn mi giy. Thng th tc bt Ivs rt chm. Aireplay-ng chng trnh ny c s dng to ra dng d liu lu thng (traffic) bt thng qua vic s dng nhiu k thut nh x khung (frame injection) khc nhau. Chng ta s s dng kiu tn cng lp ARP Request Replay to gi d liu nh x (packet injection). Nu khng c packet injection c th s mt n nhiu ngy thu thp s lng IVs cn thit.Kiu tn cng lp ch n gin l vic bt cc gi d liu to ra bi STA mc tiu, sau pht ra li nh la my trm rng n bt c gi d liu. Qu trnh ny lp i lp li lin tc lm cho lng d liu lu thng tng ln nhiu ln. Bi v dng d liu to ra t my ca bn c ngy trang nh dng d liu ca mt my client thc s nn n khng nh hng n hot ng bnh thng ca mng v nh cng vic to IVs ca n c vn hnh m thm. s dng aireplay-ng, trc ht cn phi khi ng li airodump-ng, nhng vi channel v a ch MAC ca AP mc tiu. Bc 3: Bc chy airodump-ng ln trc, airodump-ng --ivs --channel [AP channel] --bssid [AP BSSID] --write capturefile wlan0. Cc files d liu bt c cng s c lu vo th mc gc /root v c dng capturefile_nn.ivsnn l hai con s, v d nh capturefile_01.ivs. Trong trng hp ca chng ti, dng lnh c th nh sau: airodump-ng --ivs --channel 6 --bssid 00:1A:70:D6:54:E4 --write capturefile wlan0.

94

Hnh 6.3: Qu trnh bt gi tin gia client v AP Nu nhn vo cc ct #Data v #/s th chng ta c th thy c tc bt d liu rt thp nh ni trn. Vy th hy lm cho mi th tng tc vi aireplay-ng. M mt ca s shell khc v g vo cc dng lnh cng vi thng tin v mng WLAN mc tiu nh a ch MAC ca AP [AP BSSID] v MAC ca client c c t airodump. aireplay-ng -3 -b [AP BSSID] -h [client MAC from airodump] wlan0. Bc 4: Aireplay-ng -3 -b 00:1A:70:D6:54:E4 h 00:1E:65:73:65:16 wlan0 Lnh ny s khi ng ARP lp li i vi AP mc tiu bng cch gi mo a ch MAC ca STA kt ni n AP ny.

95

Hnh 6.4: Qu trnh tng lng d liu kt ni Lc ny, bn c th quay li vi ca s airodump v s thy rng ct #/s tng ln ng k, c khi ln ti s 95auk trm. Bn cn cho cc chng trnh ny tip tc chy cho n khi con s trong ct #Data t t t nht 30.000 Ivs i vi kha WEP 64. 95auk hi bt c s lng gi tin cn thit chng ta s m ra ca s shell bt u vi aircrack-ng. aircrack-ng b [AP BSSID] [capture file(s) name] Bc 5: nh lnh aircrack-ng b 00:1A:70:D6:54:E4 capturefile*.ivs. Dng lnh c cha du sao (*) aircrack-ng s dng ton b cc file Ivs bt c c lu trn th mc gc Aircrack s bt u lc li trong s nhng gi d liu bt c tm ra kha WEP. iu ny cng mt thi gian nhng khng nhiu lm nu so vi vic bt v lu d liu. Trong mt s trng hp aircrack-ng s kt thc m khng tm thy kha, nhng a ra cho bn mt s xut m bn c th lm theo. Sau y l kt qu qu trnh b kha wireless key.

96

Hnh 6.5: Kt qu sau khi thc hin lnh aircrack-ng Sau khi vo c mng Wireless Lan ta s thc hin tip tn cng nh cp ti khon ca ngi dng trong mng bng k thut tn cng Man In Middle Attack (MITM). 6.3. Gi mo DNS (DNS Spoofing)

Gi mo DNS Spoofing l mt k thut MITM c s dng nhm cung cp thng tin DNS sai cho mt host khi ngi dng duyt n mt a ch no , v d, http://www.microsoft.com c IP 207.46.232.182, th c gng ny s c gi n mt a ch http://www.microsoft.com gi mo c tr a ch IP 74.125.71.106, y l a ch m k tn cng to trc nh cp cc thng tin ti khon ngn hng trc tuyn t ngi dng. C nhiu cch c th thc hin vn gi mo DNS. Chng ti s s dng mt k thut mang tn gi mo DNS ID. Mi truy vn DNS c gi qua mng u c cha mt s nhn dng duy nht, mc ch ca s nhn dng ny l phn bit cc truy vn v p tr chng. iu

97

ny c ngha rng nu mt my tnh ang tn cng ca chng ta c th chn mt truy vn DNS no c gi i t mt thit b c th, th tt c nhng g chng ta cn thc hin l to mt gi gi mo c cha s nhn dng gi d liu c chp nhn bi mc tiu. Chng ta s hon tt qu trnh ny bng cch thc hin hai bc vi mt cng c n gin. u tin, chng ta cn gi mo ARP cache thit b mc tiu nh tuyn li lu lng ca n qua host ang tn cng ca mnh, t c th chn yu cu DNS v gi i gi d liu gi mo. Mc ch ca kch bn ny l la ngi dng trong mng mc tiu truy cp vo website c thay v website m h ang c gng truy cp. r hn bn c th tham kho thm hnh tn cng bn di.

Hnh 6.6: Tn cng Man In Middle Attack Cng c chng ta c th thc hin mt cuc tn cng gi mo DNS l Ettercap, n c th s dng cho c Windows v Linux trc khi thc thi Ettercap, yu cn bn cn phi thc hin mt cht cu hnh. Ettercap mc li ca n l mt b nh hi (sniffer) d liu, n s dng plug-in thc hin cc tn cng khc nhau. Plugin dns_spoof l nhng g m chng ta s thc hin trong v d ny, v vy chng ta phi iu chnh file cu hnh c lin quan vi plug-in .Trn linux bn c th theo ng dn /usr/share/ettercap/etter.dns chnh sa li file etter.dns, y l mt file kh n gin v c cha cc bn ghi DNS m bn mun gi mo. Chng ta s a ngi dng no ang c gng truy cp vo paypal chuyn hng n mt trang Phising c dng sn trn my chng ta.

98

6.4.

Cc bc thc hin

Bc 1: Trong backtrack4 khi ng Apache xy dng WebServer chy trang web paypal.com gi mo (k thut phishing) bng lnh start-apache sau ci t website phishing paypal.com.

Hnh 6.7: Dng Webserver trn my tn cng Bc 2: M file etter.dns theo ng dn /usr/share/ettercap/etter.dns cu hnh nh sau v lu li file. paypal.com A 192.168.163.133 .*paypal.com A 192.168.163.133 www.paypal.com PTR 192.168.163.133 Vi 192.168.163.133 l a ch IP ca my tn cng. Bc 3: Thc hin tn cng MITM bng Ettercap, cu hnh ettercap theo tun t cc bc nh sau:

99

- Tab Sniff chn Unified Sniffing chn card mng cn tin hnh Sniff v nhn OK. - Tab Host chn Scan for Hosts sau chn Host List, trong chn a ch ip my cn tn cng nhn Add to Target 1, v chn a ch Default getway nhn Add to Target 2. - Tab Mitm chn Arp poisoning tch chn Sniff remote connection sau nhn OK. - Tab Plugins chn Manage the plugins, double click vo dns_spoof. - Tab Start chn start sniffing.

Hnh 6.8: Qu trnh tn cng gi DNS Bc 4: i my nn nhn truy cp paypal.com v thu kt qu.

100

Hnh 6.9: Qu trnh dns-spoof thc hin

Hnh 6.10: Kt qu tn cng DNS-Snoofing

101

KT LUN V HNG PHT TRIN

Qua bi bo co trn gip chng em bit c nhng cch thc m Hacker s dng xm nhp vo mng. Bo co ny cng gip chng em hiu r hn v mng ni chung v cch thc t chc, nguyn l hot ng v cc kiu tn cng mng khng dy ni ring. Thng qua cc kiu tn cng gip chng em c nhng kin thc phng chng s xm nhp chim ot thng tin hay ph hoi ca nhng k xm nhp. Hn ch: n bo co hon tt tuy nhin hiu r su hn v cc kiu tn cng trn mng cn phi c thi gian di nghin cu, do thi gian lm lun vn tt nghip ngn, nhn thc ca bn thn c hn, nn cn nhc im v thiu st, chng em s c gng hon thin hn na. Hng pht trin: Chng em s c gng tm ra mt im yu ca mng khng dy, phn tch tin hnh tn cng v a ra phng n phng chng.

102

TI LIU THAM KHO

[1] Th.S L Tn Lin Minh Qun, K thut xm nhp mng khng dy. [2] Hacking Wireless Networks For Dummies. [3] Oreilly, Wireless Hacks. [4] Bo mt mng WLAN (http://vnpro.org/forum/showthread.php/26264). [5] http://www.backtrack-linux.org/forums/forum.php#backtrack-forums.