Documentos de Académico
Documentos de Profesional
Documentos de Cultura
CC PHNG PHP PHNG CHNG:.......................................................21 CHNG 2......................................................................................................24 BO MT VI LC GI IP................................................................................24 1. Gi Tin (Packet):......................................................................................24 2. Bo Mt Vi Lc Gi:................................................................................29 Chng 3........................................................................................................42 IPSEC..............................................................................................................42 (Internet protocol security)..............................................................................42 1. Tng quan...............................................................................................42 2. Cu trc bo mt.....................................................................................42 3. Hin trng................................................................................................43 4. Thit k theo yu cu..............................................................................43 5. Technical details......................................................................................44 6. Implementations - thc hin....................................................................46 CHNG 4......................................................................................................49 NAT.................................................................................................................49 (Network Address Translation)........................................................................49 1. Nat L. G ?..............................................................................................49 2. M Hnh Mng Ca Dch V Nat...............................................................49 3. Nguyn L Hot ng Ca NAT ...............................................................49 4. Trin Khai Dch V Nat.............................................................................51 CHNG 5......................................................................................................57 VIRUS..............................................................................................................57 V CCH PHNG CHNG................................................................................57 1 Virus.........................................................................................................57 2. Phng Chng Virus:..................................................................................64
Trang 2
1.2.2. DAC (Discretionary Access Control): L tp cc quyn truy cp trn mt I tng m mt ngI dng hay mt ng dng nh ngha. M hnh DAC cho php ngI dng chia s tp tin v s dng tp tin do ngI khc chia s. M hnh DAC thit lp mt danh sch iu khin truy cp (Access control list) dng nhn ra ngI dng no c quyn truy cp n ti nguyn no. Ngoi ra, m hnh ny cho php ngI dng gn hay loI b quyn truy cp n mI c nhn hay nhm da trn tng trng hp c th. 1.2.3. RBAC (Role Based Access Control): Trong RBAC, vic quyt nh quyn truy cp da trn vai tr ca mI c nhn v trch nhim ca h trong t chc. Quyn hn da trn cng vic v phn nhm ngI dng. Tu thuc vo tng quyn hn ca ngI dng m chng ta s phn quyn cho ph hp. V d: NgI qun tr c ton quyn qun tr trn h thng mng, c quyn thm, xo, sa thng tin trn mng. Nhng nhn vin bnh thng trong mng s ch c quyn s dng my tnh m khng c php lm g c.
Trang 3
1.3.2. CHAP: Do im yu ca User/Pass l thng tin dng b mt khi chuyn trn mng, do cn phi c mt phng php m bo rng d liu c truyn thng an ton trong qu trnh chng thc. CHAP l mt giao thc p ng c yu cu trn. CHAP thng c dng bo v cc thng tin xc nhn v kim tra kt ni n ti nguyn hp l, s dng mt dy cc thch thc v tr li c m ho. y l nghi thc xc nhn truy cp t xa m khng cn gi mt khu qua mng. CHAP c s dng xc nh s hp l bng cch s dng c ch bt tay 3 - Way. C ch ny c s dng khi kt ni c khi to v c s dng nhiu ln duy tr kt ni. - Ni cn xc nhn s gi mt thng ip Challenge - Bn nhn s s dng mt khu v mt hm bm mt chiu tnh ra kt qu v tr li cho bn cn xc nhn. - Bn cn xc nhn s tnh ton hm bm tng ng v i chiu vi gi tr tr v. Nu gi tr l ng th vic xc nhn hp l, ngc li kt ni s kt thc. - Vo mt thi im ngu nhin,bn cnh xc nhn s gi mt Challenge mi kim tra s hp l ca kt ni 1.3.3. Chng ch (Certificates) Trong cuc sng chng ta s dng CMND hay h chiu giao tip vi ngi khc trong x hi nh s dng i du lch, tu xe Trong my tnh chng ta s dng chng ch xc nhn vi nhng my khc rng ngi dng v my tnh hp l v gip cho cc my tnh truyn thng vi nhau c an ton. Chng ch in t l mt dng d liu s cha cc thng tin xc nh mt thc th (thc th c th l mt c nhn, mt server, mt thit b hay phn mm) Chi tit v chng ch chng ta s tham kho trong cc phn sau. 1.3.4. Mutual Authentication (Xc nhnln nhau): a s cc c ch chng thc u thc hin mt chiu, khi vic xc thc rt d b gi lp v d b Hacker tn cng bng phng php gi lp cch thc kt ni (nh Reply Attack ) Trong thc t c rt nhiu ng dng i hi c ch xc nhn qua li. v d mt ngi dng c mt ti khon ti Ngn hng. Khi ngi dng truy xut kim tra ngy np tin vo Ngn hng s kim tra tnh hp l ca Ngn hng ang thao tc. Nu thng tin kim tra l hp l th qu trnh ng nhp thnh cng v ngi dng c th thay i thng tin ti khon ca mnh. Mi thnh phn trong mt giao tip in t c th xc nhn thnh phn kia. Khi , khng ch xc nhn ngi dng vi h thng m cn xc nhn tnh hp l ca h thng i vi ngi dng. 1.3.5. Biometrics: Cc thit b sinh hc c th cung cp mt c ch xc nhn an ton rt cao bng cch s dng cc c tnh v vt l cng nh hnh vi ca mi c nhn chng thc, c s dng cc khu vc cn s an ton cao. Cch thc hot ng ca Biometric: - Ghi nhn c im nhn dng sinh hc Cc c im nhn dng ca i tng c qut v kim tra. Cc thng tin v sinh hc c phn tch v lu li thnh cc mu. - Kim tra i tng cn c kim tra s c qut Trang 4
My tnh s phn tch d liu qut vo v i chiu vi d liu mu. Nu d liu mu i chiu ph hp th ngi dng c xc nh hp l v c quyn truy xut vo h thng. Mt s dng: - Cc c im vt l: Du vn tay Hand geometry Qut khun mt Qut vng mc mt Qut trng en mt - Cc c tnh v hnh vi: Ch k tay Ging ni Hin nay c ch xc nhn sinh hc c xem l c ch mang tnh an ton rt cao. Tuy nhin xy dng c ch xc nhn ny th chi ph rt cao. 1.3.6. Multi Factor: khi mt h thng s dng hai hay nhiu phng php chng thc khc nhau kim tra vic User ng nhp hp l hay khng th c gi l multi factor. Mt h thng va s dng th thng minh va s dng phng php chng thc bng username va password th c gi l mt h thng chng thc two factor. Khi ta c th kt hp hai hay nhiu c ch xc nhn to ra mt c ch xc nhn ph hp vi nhu cu. Ch danh ca mt c nhn c xc nh s dng t nht hai trong cc factors xc nhn sau: - Bn bit g (mt mt khu hay s pin) - Bn c g (smart card hay token) - Bn l ai (du vn tay, vng mc ) - Bn lm g (ging ni hay ch k) 1.3.7. Kerberos: Kerberos l mt dch v xc nhn bo m cc tnh nng an ton, xc nhn mt ln, xc nhn ln nhau v da vo thnh phn tin cy th ba. An ton:
S dng ticket, dng thng ip m ha c thi gian, chng minh s hp l ca ngi dng. V th mt khu ca ngi dng c th c bo v tt do khng cn gi qua mng hay lu trn b nh my tnh cc b.
Xc nhn truy cp mt ln: Ngi dng ch cn ng nhp mt ln v c th truy cp n tt c cc ti nguyn trn mt h thng hay my ch khc h tr nghi thc Kerberos. Thnh phn tin cy th ba: Lm vic thng qua mt my ch xc nhn trung tm m tt c cc h thng trong mng tin cy. Xc nhn ln nhau: Trang 5
Khng ch xc nhn ngi dng i vi h thng m cn xc nhn s hp l ca h thng i vi ngi dng. Xc nhn Kerberos c tch hp trc tip trong cu trc qun l th mc (Active Directory) ca Windows 2000, 2003 server h tr cc my trm c th ng nhp mt ln vo DC v s dng dch v trn cc server khc thuc cng DC m khng cn phi ng nhp. Vic ny hon ton trong sut vI ngI dng nn h khng nhn ra c s h tr ca Kerberos.
2. CC DNG TN CNG:
2.1. Gii thiu:
xy dng mt h thng bo mt, trc ht chng ta phi hiu r cch thc cc Hacker s dng tn cng vo h thng. Vic tm hiu cch thc tn cng gp phn rt nhiu cho cng tc bo mt mt h thng mng, gip vic ngn chn hiu qu hn rt nhiu. Mi trng mng ngy cng pht trin, do nhu cu bo mt, bo m an ninh trn mng lun pht trin. Hin nay, cc phng php tn cng rt a dng v phong ph. Tuy c rt nhiu phng thc tn cng nhng c th tm xp chngvo nhng nhm nh sau: - Theo mc tiu tn cng: ng dng mng hay c hai - Theo cch thc tn cng: Ch ng (Active) hay th ng (Passive) - Theo phng php tn cng: C nhiu loi v d nh b kho, khai thc li, phn mm hay h thng, m nguy him Ranh gii ca cc nhm ny dn kh nhn ra v nhng cch tn cng ngy nay, ngy cng phc tp, tng hp. Tuy nhin, khng phi mi hacker u tn cng nhm mc ch ph hoi h thng. C mt s i tng tn cng vo h thng c mc ch nhm tn ra l hng ca h thng v bo cho ngi qun tr h v l hng li. Nhng hacker dng ny ngi ta gi l White hat, cn hacker dng khc ngi ngi ta gI l Black hat. Mt s ngi li lm tng gia hacker v cracker. Cracker l mt ngi chuyn i tm hiu cc phn mm v b kho cc phn mm , cn hacker l ngi chuyn i tm cc l hng ca h thng.
1. thm d v nh gi h thng
2. Thm nhp
1. Duy tr truy cp
2. Khai thc
Bc 1: Tin hnh thm d v nh gi h thng Bc 2: Thc hin bc thm nhp vo h thng. Sau c th quay li bc 1 tip tc thm d, tm thm cc im yu ca h thng. Bc 3: Tm mi cch gia tng quyn hn. Sau c th quay li bc 1 tip tc thm d, tm thm cc im yu ca h thng hoc sang bc 4 hay bc 5. Bc 4: Duy tr truy cp, theo di hot ng ca h thng Bc 5: Thc hin cc cuc tn cng (v d: t chI dch v )
Tn cng DDos bao gm hai thnh phn: Thnh phn th nht: L cc my tnh gi l zombie (thng thng trn internet) b hacker ci vo mt phn mm dng thc hin tn cng di nhiu dng nh UDP flood hay SYN flood Attacker c th s dng kt hp vi spoofing tng mc nguy him. Phn mm tn cng thng di dng cc daemon. Thnh phn th hai: L cc my tnh khc c ci chng trnh client. Cc my tnh ny cng nh cc zombie tuy nhin cc attacker nm quyn kim sot cao hn.Chng trnh client cho php attacker gi cc ch th n Daemon trn cc zombie.
Khi tn cng attacker s dng chng trnh client trn master gi tn hiu tn cng ng lot ti cc zombie. Daemon process trn zombie s thc hin tn cng ti mc tiu xc nh. C th attacker khng trc tip thc hin hnh ng trn master m t mt my khc sau khi pht ng tn cng s ct kt ni vi cc master phng b pht hin.
Minh ho tn cng DDOS Thng thng mc tiu ca DDos l chim dng bandwidth gy nghn mng. Cc cng c thc hin c th tm thy nhTri00 (Win Trin00), Tribe Flood Network (TFN hay TFN2K), Sharf Hin nay cn pht trin cc dng virus, worm c kh nng thc hin DDos. 2.3.3. Buffer Overflows (trn b m): y l mt dng tn cng lm trn b m ca my tnh. Buffer Overflows xut hin khi mt ng dng nhn nhiu d liu hn chng trnh chp nhn. Trong trng hp ny ng dng c th b ngt. Khi chng trnh b ngt c th cho php h thng gid liu vi quyn truy cp tm thi n nhng mc c c quyn cao hn vo h thng b tn cng. Nguyn nhn ca vic trn b m ny l do li ca chng trnh. Trang 8
2.3.4. Spoofing: Truy cp vo h thng bng cch gi danh (s dng ch danh nh cp ca ngI khc, gi a ch MAC, IP ) L phng php tn cng m attacker cung cp thng tin chng thc hoc gi dng mt user hp l truy cp bt hp l vo h thng. Tuy nhin trong vi trng hp vic cu hnh h thng sai c th gy hu qu tng t. V d cu hnh h thng c li cho user c quyn cao hn quyn c php m user ny khng h c gi mo. C nhiu tn cng bng spoofing. Trong c blind spoofing attacker ch gi thng tin gi mo i v on kt qu tr v. V d IP spoofing sau khi gi packet gi mo a ch attacker khng nhn c tr li. Dng th hai cn quan tm l informed spoofing attacker kim sot truyn thng c hai hng. Tn cng bng cch gi mo thng c nhc n nht l IP spoofing v ARP spoofing hay cn gi l ARP poisoning. Vic gi mo IP xy ra do im yu ca giao thc TCP/IP. Giao thc TCP/IP khng h c tnh nng chng thc a ch packet nhn c c phi l a ch ng hay l a ch gi mo.Mt IP address c coi nh l mt my tnh (thit b) duy nht kt ni vo mng v do cc my tnh c th giao tip vi nhau m khng cn kim tra. Tuy nhin chng ta c th khc phc bng cch s dng Firewall, router, cc giao thc v thut ton chng thc... Vic thc hin gi mo IP c th bng cch s dng Raw IP. ARP poisoning cch tn cng nhm thay I ARP entries trong bng ARP nh c th thay i c ni nhn thng ip. Cc tn cng ny p dng vI LAN switch. Trnh by cch tn cng bng ARP poisoning: ARP (Address Resolution Protocol): L mt giao thc dng lm cho mt a ch IP ph hp vi mt a ch MAC. ARP c dng trong tt c cc trng hp ni m mt nt trn mng TCP/IP cn bit a ch MAC ca mt nt khc trn cng mt mng hay trn mng tng tc. V c bn, ARP cho php mt my tnh gi thng ip ARP trn mng cc b tt c cc nt u nghe thy nhng ch c nt mng c a ch IP tng ng mi tr li. Mt vi h iu hnh khng cp nht thng tin ARP nu n khng c sn trong cache, mt s khc th chp nhn ch mt ln tr li li u tin (v d nh Solaris) Attacker c th gi mo mt packet ICMP bt chc bt buc my trm thc hin mt ARP request. Ngay lp tc sau khi nhn c ICMP, my trm gi li mt ARP. Chng ta c th s dng mt trong cc bin php sau: (Yes: c th s dng c, No: khng th s dng c) Yes Passive monitoring (arp watch) Yes Active monitoring (ettercap) Yes IDS (detect but not avoid) Yes Static ARP entries (avoid it) Yes Secure ARP (puplic key auth) No Port security on the switch No Anticap, antidote, middleware approach
Trang 9
2.3.5. SYN Attacks: L mt trong nhng dng tn cng kinh in nht. Li dng im yu ca bt tay 3 bc TCP. Vic bt tay ba bc nh sau: Bc 1: Client gi gi packet cha c SYN Bc 2: Server gi tr client packet chc SYN/ACK thng bo sn sng chp nhn kt ni ng thi chun b ti nguyn phc v kt ni, ghi nhn li cc thng tin v client Bc 3: Client gi tr server ACK v hon thnh th tc kt ni.
Khai thc li ca c ch bt tay 3 bc ca TCP/IP. Vn y l client khng gi tr cho server packet cha ACK , vic ny gI l half open connection (client ch m kt nI mt na) v vi nhiu packet nh th server s qu ti do ti nguyn c hn. Khi c th cc yu cu hp l s khng c p ng. Vic ny tng t nh mt my tnh b treo do m qu nhiu chng trnh cng mt lc. My tnh khi to kt ni s gI mt thng ip SYN + Spoofing IP My nhn c s tr li lI SYN v mt ACK S khng c ngi no nhn c ACK (do a ch gi) Do vy my nhn c s i mt khong thi gian di trc khi xo kt ni Khi s lng to kt ni SYN ny qu nhiu s lm cho hng i to kt ni b y v khng th phc v cc yu cu kt ni khc. Trn Windows nhn bit tn cng SYN c th dng lnh Netstar n p tcp Chng ta s ch SYN Received ca cc connection. Tuy nhin tn cng SYN thng i chung vi IP spoofing. Cch attacker thng s dng l random source IP, khi server thng khng nhn c ACK t cc my c IP khng tht, ng thi server c khi cn phi gi li SYN/ACK v ngh rng client khng nhn c SYN/ACK . L do tip theo l trnh b pht hin source IP , khi nhn vin qun tr s block source IP ny. Gii php: Gim thi gian ch i khi to kt ni. Vic ny c th sinh ra li t chi dch v vi my t xa c bng thng thp truy xut n. Tng s lng cc c gng kt ni S dng tng la gi gi ACK cho my nhn chuyn kt ni ang thc hin sang dng kt ni thnh cng. 2.3.6. Man in the Middle Attacks: K tn cng s ng gia knh truyn thng ca hai my tnh xem trm thng tin v thm ch c th thay I nI dung trao I gia hai my tnh.
Trong khi c hai my tnh u ngh rng mnh ang kt ni trc tip vi my tnh kia.
Cch tn cng Man in the Middle: Tn cng trong mng ni b: ARP Poisoning DNS Spoofing STP mangling Port Stealing Trang 10
Tn cng t cc b n cc my xa (thng qua gateway) ARP Poisoning DNS Spoofing DHCP Spoofing ICMP Redirection IRDP Spoofing Route mangling Tn cng t xa DNS Spoofing Traffic tunneling Route mangling Access Point Reassociation
2.3.7. Replay Attacks: S dng cng c ghi nhn tt c thng tin trao i khi mt my tnh no truy xut n server. Sau s dng cc thng tin bt c trn mng nI kt li n server . y l k thut m Attacker khi nm c mt s lng packet s s dng li nhng packet ny sau . V d Attacker c c packet cha password ca mt user. Password ny c m ho v attacker khng bit c. Tuy nhin h thng chng thc khng c chc nng kim tra Session time hay h thng c TCP Sequence number km. Attacker s thc hin Bypass Authenticate bng cch gi packet mt ln na hay cn gi l replay. 2.3.8. Dumpster Diving: Dumpster Diving l thut ng m t tn cng bng cch thu lm thng tin t nhng th tng nh khng cn gi tr. V d Attacker c th c c nhiu thng tin t Recycle bin t giy t chng t b i Khng ch t nhng thng tin trn my vi tnh, nhng thng tin thu lm c cng c th ly c t cc ti liu, h s do ngI dng b i. T nhng loI giy t thu nhn c c th rt trch ra ly nhng thng tin cn thit cho vic tn cng. 2.3.9. Social Engineering: y l mt dng tn c s dng ph bin nht v rt kh phng nga. Cch tn cng ny khng i hi k tn cng s dng cc cng c hay thit b m vn c th c c cc thng tin cn thit thm nhp vo h thng. a s ngi dng thng t mt khu da vo thng tin c nhn nh h tn, s in thoi, ngy sinh, Khi k tn cng c th thu thp cc thng tin ny thc hin vic on mt khu ca ngi dng. Mt dng khc l khai thc s tin cy hay nh d ca con ngi tm ra cc thng tin quan trong nh gi danh mt khch hng quen thuc ca Cng ty thu thp cc thng tin quan trng Gii php: o to hng dn ngi dng lun cnh gic
Trang 11
2. 4. Tn cng th ng:
2.4.1. D tm l hng: y l bc c bn k tn cng s thc hin nh gi v tm ra cc im yu ca h thng. k thut dng cc cng c qut tm ra im yu tn cng. S dng cc cng c qut cng thm d v pht hin cc thng tin ca h thng nh h iu hnh, phin bn, cc ng dng trin khai Attacker s kim tra ht vng tm ra mt ca no khng kho hoc d dng ph m khng b pht hin. A/ Gii thiu cng c NMAP: NMAP l vit tt ca Network Mapper. Ban u NMAP c thit k ch yu dnh cho System admin nhm scan nhng mng c nhiu my tnh bit my no hot ng, cc service n ang chy v h iu hnh ang s dng. NMAP h tr k thut scan bao gm: UDP, TCP, TCP SYN (half open), FTP Proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas tree, SYN sweep, IP Protocol C th dng xc nh cc thng tin ca my xa, v d nh OS qua TCP/IP Fingerprinting. Cng c NMAP c th d dng tm trn internet v c ci t Mc nh trong cc h iu hnh Unix. NMAP c nhng phin bn chy trn Windows v h tr giao din ho (NMAP Win). Mt s chc nng chnh ca NMAP: Connect Scan (TCP connect): y l mt dng c bn nht ca vic qut TCP. K thut ny c dng qut tt c cc cng trn h thng my tnh. Nu cng ang lng nghe, kt ni thnh cng, ngc li th cng s khng t n c. im mnh ca k thut ny l chng ta khng cn phi c c quyn. Vic qut bng k thut ny s d dng b pht hin bi my c qut. TCP SYN (haft open): K thut ny thng c hiu nh l kiu qut (haft open) bi v bn khng m mt kt ni y TCP. Bn gi mt SYN packet, nu nh bn ang m mt kt ni thc s v bn ang ch hi p. Mt SYN /ACK ch cho bit cng ang lng nghe. Mt RST biu l ca mt Non listener. Nu mt SYN/ACK c nhn, mt RST ngay lp tc gi lin tc n kt ni. Thun li chnh ca k thut qut ny l t site lu li thng tin ca n. thc hin c chng ta phi c quyn root. FTP Proxy (Bounce attack): y l mt c im th v ca giao thc FTP h tr cho nhng kt ni FTP thng qua proxy. Ni mt cch khc chng ta c th kt ni t Evil.com n FTP server ca target.com v yu cu server gi mt file ANYWHERE trn internet. By gi iu ny c thc hin vo nm 1985 khi RFC c vit. Nhng vi h thng ngy nay, chng ta khng c th chim ot FTPserver v gi yu cu n bt k im no trn internet mt cch ty tin. Khi cc khi nim c v FTP server c vit li vo nm 1995, sai lm ca giao thc ny c th c s dng a news v mail gn nh khng th pht hin c, gy nguy him trn nhng server ti nhng site khc nhau, lm y a cng Chng ta s lidng nhng c im ny Scan TCP port t mt proxy FTP server. V th bn c th kt ni n mt FTP server c t sau mt Firewall v sau qut nhng port dng nh b blocked. NuFTP server cho php c v ghi trn mt
Trang 12
vi th mc, bn c th gi bt k d liu n nhng cng m bn tm thy (NMAP th khng lm c vic ny). ICMP (Ping Sweep PingScanning): Thnh thong chng ta ch mun bit mt host trn mng c c m hay khng. NMAP c th lm iu ny bng cch gi ICMP echo request packet n mi a ch IP trn mng m bn ch nh. Nhng host m tr li l nhng host ang m. Mt s site thi block echo request packets. V th NMAPc th gi mt TCP ACK packet theo cng 80. Nu chng ta nhn c mt RST tr v, my tnh ang m. Mt k thut th ba lin quan n vic gi mt SYN packet v ch RST hay SYN/ACK. Mc nh (cho user root) NMAP s dng c hai k thut ACK v ICMP. Bn c th thay i iu ny vi option p. Ch rng thao tc ping c thc hin bt c lc no v ch nhng host hi p c qut. Ch s dng ty chn nu bn mong mun ping sweep m khng cn bt k port scans no thc s hot ng. ACK Sweep (ACK Scan): y l mt phng php thun li thng c s dng vch ra nhng b lut firewall. Trong trng hp c bit, n c th gip xc nh ni firewall khng c hiu qu hay ch l mt b lc packet n gin ch block nhng SYN packet. Cc Scan ny gi mt ACK packet n mt port c ch nh. Nu c RST tr v, port c phn loi l unfiltered. Nu khng c bt c thng tin g tr v (hay nu mt ICMP unreachable c tr v) port c phn loi l filtered. Ch rng NMAP thng khng in ra nhng port c phn loi l unfiltered. Xmas tree, FIN, Null Scan: l nhng ln khi s dng qut SYN nhng khng bo m b mt. mt vi firewall v packet filter c th nhn thy tn hiu SYN v gii hn port v chng trnh ging nh SYN logger v courtney th d dng pht hin ra vic qut ny. Vic s dng nhng cch qut ny (Xmas tree, FIN, Null Scan) s c th vt qua c m khng b cn tr. IP Protocol: Phng php ny c s dng xc nh nhng giao thc IP no c h tr trn host. K thut ny s gi nhng IP packet dng raw m khng cha bt k protocol header n tng giao thc c ch nh ti host ch. Nu chng ta nhn mt ICMP protocol unreachable message, iu c ngha rng giao thc khng c s dng, ngc li chng ta gi s rng n c m. ch rng mt vi host (AIX, HP UX, Digital UNIX) v mt s firewall khng th gi protocol unreachable messages, y l nguyn nhn lm cho hiu lm rng tt c giao thc u c open.
C php chun nh sau: NMAP [Scan type (s)] [option] <host or net #1 [#n]> Scan type bao gm: -sS: TCP SYN -sT: TCP connect () -sU: UDP scan -sO: IP protocol -sF -sX -sN: Stealth FIN, Xmas tree, Null scan -sP: ping scanning -sV: version detection Trang 13
Cc Option chnh nh sau: -PA [portlist] s dng TCP ACK ping xem danh sch cc host ang hot ng -PS [portlist] tng t -PA nhng dng SYN (connection request) -PU [portlist] dng UDP
V d: qut tt c cc cng TCP trn my ch 172.29.14.141 Nmap v 172.29.14.141 Ty chn v: M ch hin th chi tit qu trnh qut. qut mt ng mng lp C m c cha a ch IP 172.29.14.141 dng tn hiu SYN. Ngoi ra cng xc nh lun c h iu hnh m ang s dng ti mi my l g ? C ang hot ng hay khng ? s dng c c im ny, ngi s dng phi c quyn root. Nmap sS O 172.29.14.141 2.4.2. Nghe ln (Sniffing): K nghe ln phi nm trong cng ng mng hoc c t cc v tr cng truy cp c cc thng tin c truyn trn mng. S dng phn mm n bt cc thng tin quan trng (v d tn truy cp, mt khu, cookie) truyn trn mng m khng c m ha hoc ch s dng nhng c ch m ha n gin. Cc qun tr mng c th s dng cc cng c sniff xem xt v nh gi lu thng mng. A/ Gii thiu cng c TCP Dump: L cng c phn tch ph bin trong mi trng Unix hay Linux. TCP Dump h tr cc giao thc TCP, UDP, IP v ICMP. Ngoi ra cn h tr cc dng d liu ca cc ng dng ph bin. Hu ht chng trnh TCP Dump phi chy vi quyn root hay c setuid l root. C php TCP Dump nh sau: TCP Dump [ -adefln Nopq RstuvxX] [ -c count ] [ -C file _size ] [ -F file ] [ -i interface ] [ -m module ] [ - r file ] [ -s snaplen ] [ -T type ] [ -U user ] [ - w file ] [ -E algo: secret ] [ expression ] Cc lu : Trang 14
-c s dng khi bt s gi tin - C trc khi save raw packet vo file s kim tra file hin ti c kch thc ln hn file _size hay khng. Nu c th m mt file mi vi tn ch nh l w cng vi kch thc pha sau. n v ca file _size l 1000000 bytes.
V d: in ra tt c nhng packet c nhn v gi i t my c tn l sundown: # tcpdump host sundown in ra s lu thng gia hai h thng my tnh c tn l sundown v moondown: # tcpdump host sundown and moodown in ra tt c nhng gi tin IP gia sundown v bt k nhng host khc ngoi tr my c tn l testking: # tcpdump ip host sundown and not testking B/ Gii thiu cng c Ethereal: L mt trong nhng cng c phn tch giao thc protocol analyzer mi nht hin nay, pht trin nm 1998. Ethereal c c phin bn cho Unix/Linux v windows. Mt khi thc hin bt gi tin, packet s c gi trong buffer v sau c hin th ln mn hnh. Mt tnh nng ca Ethereal l live decodes ngay packet cho n khi dng vic bt gi tin. Chng ta c th thy iu nay qua Network monitor ca windows s trnh by sau. Tuy nhin y cng l tnh nng khng tt lm nu lu lng mng kh nhiu 10000 packet chng hn m khng thc hin bin php lc gi no. Khi chng ta khng th no theo di kp cc thng tin trnh by. C/ Gii thiu cng c Network monitor ca windows: Windows 2000, 2003 c h tr cng c Network monitoring h tr cc qun tr mng theo di v phn tch cc gi tin c gi ra ngoi cng nh cc kt ni truy xut n. Thng thng nu c ci t NW s c t ti. Trong trng hp khng c ta c th d dng ci t thm bng cch: Start Setting Control pannel Add/Remove Program Add/Romove Windows Components Management and Monitoring tools. Chy chng trnh: Sau khi chn Network interface nhn start capture bt gi tin. Nhn biu tng Stop and View capture xem cc gi tin bt c. Ngay sau khi bt c chng ta ang panel u l panel lit k tm tt. B chn Zoom panel (thanh toolbar hnh knh lp) xem c 3 panel ca cc gi tin b capture nh sau: Panel th hai l thng tin chi tit v panel cui cng biu din di dng hex. Dng Edit/Display Filter (thanh toolbar hnh ci phu) lc cc gi tin. D/ Gii thiu cng c Cain & Abel: y l cng c lng nghe rt mnh h tr cc tnh nng: Gi mo i ch ARP thu thp c thm nhiu thng tin Kh nng gii m i vi mt s password bt c di dng m ha.
Trang 15
Hng dn s dng Cain & Abel lng nghe thng tin trn mng LAN (thit b s dng trong mng thuc tng 1 v 2) Ci t chng trnh Cain & Abel: Download chng trnh Cain & Abel t website: http://www.oxid.it/ Ci t chng trnh (cn ci t Winpcap v3.1 beta 4 trc khi s dng chng trnh Cain & Abel) S dng chng trnh Cain & Abel lng nghe thng tin trn mng.
Chn mc trn thanh cng c bt u qu trnh lng nghe trn mng, sau chn tab Sniffer. Tab Sniffer , chn mc Add to list Trn thanh cng c qut danh sch cc my tnh trn h thng mng. Mi thng tin trao i t danh sch ny s c lng nghe.
Trang 16
Nu password b m ha chng ta s dng chnh chng trnh Cain & Abel gii m hoc dng chng trnh LC5. C nhiu thut ton gip cho vic gii m thnh cng nh: Trang 17
Gii m dng phng php Dictionary Attack Gii m dng phng php Brute Force Attack Gii m dng phng php Cryptanalysis
Trang 18
Click chut trn user cn ly password, chn mc Brute Force Attack (NTLM)>LM hashes
Trang 19
Ca s Brute Force Attack c hin ra >Chn Start bt u qu trnh d/gii m/on password > Kt qu tr v l 1234
2.6.1. Viruses:
Virus, wrom v trojan horse c gi chun g l nhng on m nguy him. chng c th chim dng ti nguyn lm chm h thng, hoc lm h h thng. Trang 20
Virus l nhng chng trnh c thit k ph hoi h thng c mc h iu hnh v ng dng. 2.6.2. Trojan horse: Trojan horse l mt loi chng trnh c v an ton v hu ch nhng thc s bn trong ca n li c nhng nhng an m nguy him. 2.6.3. Logic Bombs: Nhng on m c tch hp vo cc ng dng v c th c thc hin tn cng khi tha mn mt iu kin no (v d cc Script hay ActiveX c tch hp trong cc trang web) L mt loi malware thng c attacker li trong h thng c tnh nng tng t bom hn gi. Logic bomb khi gp nhng iu kin nht nh s pht huy tnh nng ph hoi ca n. Mt trong nhng logic bomb ni ting l Chemobyl pht huy tnh nng ph hoi ca n vo ngy 26/4. Mt cch dng ca logic bomb m attacker hay dng l hy cc chng c ca t tn cng khi admin h thng bt u pht hin t nhp. 2.6.4. Worms: Worm cng l mt dng virus nhng n c kh nng t to ra cc bn sao pht tn, y lan qua mng. im khc bit ln nht gia worm v virus: Worm l mt chng trnh c lp c th t nhn bn, ly lan qua mng bng nhiu cch nhng thng thng nht l E - mail v Chat. Worm cng c th thc hin cc ph hoi nguy him. Trong khi virus l mt on m nguy him c gn trong mt chng trnh khc. V th virus ch c kch hot khi chng trnh c cha virus c thc thi. 2.6.5. Back door: Mt chng trnh, mt on m hay nhng cu hnh c bit trn h thng m chng ta khng bit cho php attacker c th truy cp m khng cn chng thc hay login.
Ci t MBSA: Kch hot chng trnh MBSA Chn Scan a computer Chn Start Scan bt u d l hng, bn bo co s c tr li nh sau: Vi nhng Score c biu tng
Chn mc Result details xem chi tit v l hng bo mt. chn mc how to correct this tm ra phng thc khc phc vn . Ch : khi mun qut li bo mt t cc h thng khc, chng ta ch cn nhp tn hay IP ca my cn qut.
Ci t chng trnh Tenable NeWT Scanner: Kch hot chng trnh NeWT Security Scanner Chn New Scan task bt u qu trnh qut Nhp vo tn hoc a ch IP ca my cn qut chn Next Chn Scan now bt u scan. Sau khi qu trnh qut thnh cng. Mt thng bo s hin th ra nh sau: Da trn bn bo co tr v, chng ta a ra cc gii php khc phc li.
Trang 22
Trang 23
CHNG 2 BO MT VI LC GI IP
1. Gi Tin (Packet):
1.1 Packet l g?
- Nh chng ta bit cc tn hiu trao i gia hai my tnh l cc tn hiu in di dng cc bt nh phn 0/1. - Vi vic truyn d liu di dng cc bt nh phn n thun th chng ta khng th no bit c thng tin nhn c l thng tin g, n thuc kiu dng d liu no, v n gi cho ng dng mng no trn my nhn gi tin. - khc phc cc kh khn ngi ta a ra khi nim gi tin (data packet). Theo khi nim ny th thng tin d liu trc khi c gi i n s c chia thnh nhiu phn nh, cc phn nh ny trc khi c gi i n s c ng vo mt khun dng no gi l gi tin sau n mi c gi i. Trong gi tin c mt phn dng cha ng cc thng tin v ni gi v nhn, cng nh cc phng php kim sot li, m ha, gi l phn mo u ca gi tin (data packet header) - Giao thc TCP/IP l mt trong nhng giao thc ph bin nht hin nay s dng phng thc truyn d liu di dng gi tin. Trong giao thc ny n c rt nhiu loi gi tin nh: gi TCP, gi IP, gi UDP,
1.2 Gi IP:
y l loi gi tin c s dng trong giao thc IP (internet protocol) lp Internet trong m hnh TCP/IP Gi tin ny c chc nng l m bo cho vic truyn d liu mt cch chnh xc t my n my. Cu trc ca gi IP nh sau:
Trang 24
Version : trng ny c 4 bit n cho bit phin bn ca giao thc IP ang c s dng . S version ny ht sc quan trng nht l ngy nay ta ang tn ti hai phin bn IP song song . Mt s phn mm ng dng trn giao thc ny khi x l mt IP datagram n bt but phi bit c s version , nu n khng nhn bit c s version th coi nh gi tin d b li v khng c chp nhn c x l tip theo . Header Length : trng ny c di 4 bt , n cho bit s word c s dng IP header , ta s dng trng ny bi v IP header c hai cu trc l short_IP_header c 20 byte , long_IP_header c 24 byte do c s dng trng option . Type Of Service : c di 1 byte cho bit cch thc s l gi tin khi n c truyn trn mng .
Ba bt u tin cho bit mc u tin ca gi tin 000 : thp nht 111: cao nht Bit D quy nh v tr 1 : yu cu tr thp 0 : bnh thng Bit T ch thng lng yu cu 1 : yu cu thng lng cao 0 : bnh thng Bt R ch tin cy yu cu 1 : tin cy cao 0 : bnh thng Bit M yu cu v chi ph 1 : chi ph thp 0 : bnh thng Bt Z cha c s dng . Total Length : Cho bit di ca ton b ca mt IP datagram bao gm c header , n v tnh l byte . N c gi tr thp nht l 20byte v ln nht l 65535 byte . Trng ny dng xc nh ln ca phn data . Identification : c di 16 bt , dng cho vic nh s cc gi tin khi truyn i , n cho bit th t ca gi tin , s th t ny c cho bi u pht v khng b thay i trong qu trnh i t ngun ti ch . DF (dont fragment): bt ny cho bit gi tin c c php chia nh trong sut qu trnh truyn hay khng 1 : khng cho php chia nh 0 : cho php chia nh MD (more fragment) : cho bit sau n cn c gi tin no khc hay khng . 1 : cn mt gi tin ng sau n 0 : khng cn gi tin no ng sau n bt ny ch c s dng khi DF c gi tr 0 Fragment offset : c di 13 bt , ng v tnh ca trng ny l octect ( 1 ( 1 octect = 8 byte ) n cho bit v tr ca octect u tin ca gi b phn mnh trong qu trnh truyn so vi v tr ca octect th 0 ca gi gc . Trng ny ch c s dng khi DF c gi tr l 1 . Time To Live : c di 1 byte , n qui nh thi gian sng ca mt gi tin , n v tnh l s nt mng m n i qua , thi gian sng c thuyt lp khi gi tin c gi i , v c mi ln i Trang 25
qua mt nt mng thi gian sng ca n gim i mt , nu thi gian sng bng 0 trc khi gi tin i ti ch th n s b hy . Mc ch l hn ch tc ngn trn ng truyn . Protocol : c di 1 byte , n cho bit giao thc c s dng lp trn . VD : TCP ( 6 ) ; UDP ( 17 ) Header Checksum : c 16 bit dng kim tra li ca IP header , trng ny c th thay i sau mi ln qua mt nt mng nu DF = 1 . Trng ny dng phng php kim tra li CRC . Source/Destination address : chi bit a ch ngun v a ch ch , mi trng c di 32 bt . Option : trng ny c dy t 3 n 4 byte , n c th c hoc khng c s dng . N cung cp cc thng tin v kim tra li , o lng , .
FC (flag copy) : bt ny c chc nng l c sao chp trng option khi phn mnh (on) hay khng . 1 : sao chp trng option cho tt c cc phn on . 0 : ch c phn on u tin c trng option , cc phn on cn li th khng c trng option . Class : c 2 bt n c cc gi tr sau : 00 : dng cho iu khin datagram 10 : dng cho mc ch iu hnh bn gi tr ca trng type ca option : FC 1 1 1 1 1 1 1 1 class 00 00 00 00 00 00 00 10 Number option 00000 00001 00010 00011 00111 01000 01001 00100 ngha Marks the end of the options list No option (used for padding) Security options (military purposes only) Loose source routing Activates routing record (adds fields) Tream ID Strict source routing Timestamping active (adds fields)
Length : cho bit di ca trng option bao gm c trng type v length Option data : dng cha ng cc thng tin lin quan do n trng type . Padding : trng ny c s dng khi trng option c di nh hn 4 byte , trn thc t trng ny ch l b m lt them vo cho dy cu trc khung. Data : dng cha d liu ca gi tin . N c di khng c nh , ty thuc vo ln ca thng tin truyn i cng nh mi trng mng .
1.3. Gi UDP:
Chc nng v cu trc: Chc nng: Trang 26
y l gi tin c s dng trong giao thc UDP chc nng ca n l m bo cho d liu c truyn t ng dng trn host ngun n mt ng dng trn host ch mt cch chnh xc da trn phng php hot ng khng kt ni. Cu trc gi tin:
Source port number : cho bit a ch ca ng dng ngun gi gi UDP i . Destination port number : cho bit a ch ca ng dng ch s nhn gi UDP UDP length : cho bit di ca gi UDP bao gm c phn header v phn data . UDP checksum : y l vng ty chn , n c th c hoc khng c s dng , khi khng c s dng n c gi tr l 0 , nhng khi mun m bo s an ton cng nh chnh xc ca gi tin th trng ny mi c s dng .
Hot ng Ca UDP
ng gi UDP :
hnh 4.2 : qu trnh ng gi UDP Hot ng : y l mt giao thc hot ng theo phng thc khng lin kt . Tc l khi mt ng dng trn host ngun mun gi d liu n host ch m s dng giao thc UDP th n ch vic gi d liu i m khng cn bit d liu c ti c host ch hay khng . UDP ch c s dng vi cc ng dng khng yu cu tin cy cao hoc i hi tnh thi gian thc nh : TFTP , BOOTP , Multimedia (intenet vedeo , VoIP .)
1.4 Gi TCP:
Trang 27
Sequence number : n v tnh l octect , n cho bit v tr ca byte u tin trong trng data trong lung d liu truyn i . Trng ny c gi tr t 0 n 2 32 1 . Khi mi bt u kt ni sequence number cha ng gi tr u tin ca n , gi tr ny do host ngun chn v thng khng c gi tr c nh . Khi gi d liu u tin c gi i n c gi tr bng gi tr u cng thm 1 . Tng qut trng sequence number c th c tnh nh sau : sequence _ numbern = sequence _ numbern 1 + len(data n 1 ) Acknowledgement number : trng ny cho bit gi tin m ni gi mun thng bo cho ni nhn bit l n ang i pha nhn gi cho n gi tin c s sequence number c gi tr bng vi gi tr ca Acknowledgement number , khi nhn c thng bo ny ni nhn xc nh c rng cc gi tin m n gi n u kia trc n ch an ton . Hlen : cho bit di ca phn TCP header , nh vo trng ny m u thu bit c trng Option c c x dng hay khng . Reserved : trng ny hin cha c s dng . Flag bit : trng ny c 6 bt c , mi bt c s dng vo cc mc ch khc nhau , n gm cc bt sau : URG : cho bit trng Urgent pointer c hiu lc hay khng ACK : cho bit ACK number c c s dng hay khng PHS : 1 _ a thng ln lp trn khng cn kim tra . 0 _ kim tra trc khi a ln lp trn . RST : yu cu thit lp li kt ni . SYN : thit lp li s trnh t . FIN : kt thc truyn ti . Window : cho bit ln ca ca host ngun Checksum : dng kim tra li ca ca gi TCP , vic kim tra li do u nhn thc hin . Vic tnh ton do pha g m nhn . TCP s dng m CRC kim tra li . Khi tnh ton trng Header checksum ngi ta thm vo gi UDP mt phn u gi , ni dung ca phn u gi ny ging nh ni dung ca phn u gi ca UDP :
Urgent pointer : y l trng con tr khn cp , n c cc chc nng nh : Ngn cn mt qu trnh no trong qu trnh truyn ti Trang 28
Dng ch ra ranh gii gia gia phn d liu khn cp v1 phn d liu thng (trong TCP phn d liu khn cp c t trc) . Option : trng ny l ty chn , n c cu trc ging nh trng Option ca IP :
Type : cho bit loi thng ip option Length : cho bit di ca trng option Optiondata : cha ni dung ca trng option Cc loi thng ip option : Type number length means 0 Kt thc ca option list 1 Khng s dng 2 4 Cho bit kch thc ti a ca 1 phn on 3 3 Thng bo v s thay i ca ca s 4 2 Shack permit 5 X shack 8 10 Timestamp
2. Bo Mt Vi Lc Gi:
2.1. Khi Qut V Lc Gi:
Bo mt da trn lc gi tin l phng php bo mt da trn cc thng tin phn header ca cc gi tin, thng qua cc thng tin ny m ta c th quy nh gi tin no c php hay khng c php trn qua b lc. Cc thng tin m chng ta quan tm n l cc thng tin nh a ch ca my gi v nhn gi tin, a ch ca ng dng nhn v gi gi tin, giao thc s dng trong sut qua trnh trao i thng tin gia hai my.
Trang 29
chn mc manage ip filter list and filter action chn add tin hnh to b lc mi: Xut hin hp thoi sau:
Trang 30
- name: cho php khai bo tn ca b lc - Description: cho php g vo cc m t chi tit ca b lc - Filters: cho php khai bo cc chc nng ca b lc - Add: cho php thm vo b lc 1 chc nng mi - Edit : cho php hiu chnh (thay i) 1 chc nng c sn ca b lc - Remove: cho php xa 1 chc nng ca b lc Chn add thm 1 chc nng vo b lc next xut hin hp thoi: ip trafic source
Trang 31
Hp thoi ny cho php ta khai bo a ch ip ca my gi gi tin next xut hin hp thoi: ip trafic destination
Hp thoi ny cho php khai bo a ch ip ca my nhn gi tin next xut hin hp thoi: ip protocol type Trang 32
Hp thoi ny cho php xc nh giao thc s dng trong b lc l giao thc g next xut hin hp thoi: ip protocol port
Hp thoi ny cho php khai bo a ch port ca ng dng gi v ng dng nhn gi tin - From any port/ from this port: mc ny cho php khai bo a ch port ca ng dng gi gi tin Trang 33
To any port/ to this port: mc ny cho php khai bo a ch port ca ng dng nhn gi tin. next finish: hon tt vic xy dng 1 chc nng cho b lc Ch :ti bc ny chng ta c th bm ok kt thc vic xy dng b lc, hoc chon add thm vo b lc 1 chc nng lc khc.
Bc 2: xc nh cc hnh ng ca b lc:
Chng ta c 3 loi hnh ng c bn ca b lc: Permit: cho php Block: ngn cm (kha) Negotiate security: m ha d liu khi truyn Ti ca s manage ip filter list and filter action chn manage filter action
Trang 34
Name: cho php khai bo tn ca hnh ng Description: phn m t chi tit cho hnh ng next filter action general option: hp thoi ny cho php khai bo cc hnh ng tng ng ca b lc nh: ngn cn, cho php, m ha d liu: Trang 35
Bc 3: xy dng lut:
right click ln ip security policy local computer chn create ip security policy
xut hin hp thoi: ip security policy name: mc ny cho php khai bo tn ca lut ang c xy dng:
chn add thm vo lut 1 chnh sch mi next xut hin hp thoi
- all net connection: co hiu lc cho tt c cc mng - local area network: co hiu lc ch trong mng ni b - remote access: ch c hiu lc vi cc my s dng dch v truy nhp t xa. next xut hin hp thoi ip filter list hp thoi ny cho php chn b lc.
Trang 37
next xut hin hp thoi filter action: hp thoi ny cho php chng ta chn hnh ng tng ng ca b lc
Trang 38
ti y chng ta c th chn close hon tt vic xy dng 1 lut, hoc chn add thm 1 chnh sch mi vo trong lut.
Trang 39
Sau khi nhp ng user/pass trnh duyt xut hin mng hnh cu hnh thit b nh sau:
Trang 40
IM blocking: kha dch v tin nhn P2P blocking: kha cc dch v chia s file nh: emule, Dos defense: ngn chn tn cng bn DDOS URL conten filter: ngn cm truy nhp mt s a ch web no Web filter: ngn cm truy nhp web site theo thng tin t cc web site bo mt trn mng.
Trang 41
2. Cu trc bo mt
IPsec c trin khai (1) s dng cc giao thc cung cp mt m (cryptographic protocols) nhm bo mt gi tin (packet) trong qu trnh truyn, (2) phng thc xc thc v (3) thit lp cc thng s m ho. Xy dng IPsec s dng khi nim v bo mt trn nn tng IP. Mt s kt hp bo mt rt n gin khi kt hp cc thut ton v cc thng s (v nh cc kho keys) l nn tng trong vic m ho v xc thc trong mt chiu. Tuy nhin trong cc giao tip hai chiu, cc giao thc bo mt s lm vic vi nhau v p ng qu trnh giao tip. Thc t la chn cc thut ton m ho v xc thc li ph thuc vo ngi qun tr IPsec bi IPsec bao gm mt nhm cc giao thc bo mt p ng m ho v xc thc cho mi gi tin IP. Trong cc bc thc hin phi quyt nh ci g cn bo v v cung cp cho mt gi tin outgoing (i ra ngoi), IPsec s dng cc thng s Security Parameter Index (SPI), mi qu trnh Index (nh th t v lu trong d liu Index v nh mt cun danh b in thoi) bao gm Security Association Database (SADB), theo sut chiu di ca a ch ch trong header ca gi tin, cng vi s nhn dng duy nht ca mt tho hip bo mt (tm dch t - security association) cho mi gi tin. Mt qu trnh tng t cng c lm vi gi tin i vo (incoming packet), ni IPsec thc hin qu trnh gii m v kim tra cc kho t SADB. Cho cc gi multicast, mt tho hip bo mt s cung cp cho mt group, v thc hin cho ton b cc receiver trong group . C th c hn mt tho hip bo mt cho mt group, bng cch s dng cc SPI khc nhau, tuy nhin n cng cho php thc hin nhiu mc bo mt cho mt group. Mi ngi gi c th c nhiu tho hip bo mt, cho php xc thc, trong khi ngi nhn ch bit c cc keys c gi i trong d liu. Ch cc
Trang 42
chun khng miu t lm th no cc tho hip v la chn vic nhn bn t group ti cc c nhn.
3. Hin trng
IPsec l mt phn bt bc ca IPv6, c th c la chn khi s dng IPv4. Trong khi cc chun c thit kt cho cc phin bn IP ging nhau, ph bin hin nay l p dng v trin khai trn nn tng IPv4. Cc giao thc IPsec c nh ngha t RFCs 1825 1829, v c ph bin nm 1995. Nm 1998, c nng cp vi cc phin bn RFC 2401 2412, n khng tng thch vi chun 1825 1929. Trong thng 12 nm 2005, th h th 3 ca chun IPSec, RFC 4301 4309. Cng khng khc nhiu so vi chun RFC 2401 2412 nhng th h mi c cung cp chun IKE second. Trong th h mi ny IP security cng c vit tt li l IPsec. S khc nhau trong quy nh vit tt trong th h c quy chun bi RFC 1825 1829 l ESP cn phin bn mi l ESPbis.
Trong Transport mode, ch nhng d liu bn giao tip cc gi tin c m ho v/hoc xc thc. Trong qu trnh routing, c IP header u khng b chnh sa hay m ho; tuy nhin khi authentication header c s dng, a ch IP khng th bit c, bi cc thng tin b hash (bm). Transport v application layers thng c bo mt bi hm bm (hash), v chng khng th chnh sa (v d nh port number). Transport mode s dng trong tnh hung giao tip host-to-host. iu ny c ngha l ng gi cc thng tin trong IPsec cho NAT traversal c nh ngha bi cc thng tin trong ti liu ca RFC bi NAT-T. Tunnel mode Trong tunnel mode, ton b gi IP (bao gm c data v header) s c m ho v xc thc. N phi c ng gi li trong mt dng IP packet khc trong qu trnh routing ca router. Tunnel mode c s dng trong giao tip network-to-network (hay gia cc routers vi nhau), hoc host-to-network v host-to-host trn internet.
5. Technical details.
C hai giao thc c pht trin v cung cp bo mt cho cc gi tin ca c hai phin bn IPv4 v IPv6: IP Authentication Header gip m bo tnh ton vn v cung cp xc thc. IP Encapsulating Security Payload cung cp bo mt, v l option bn c th la chn c tnh nng authentication v Integrity m bo tnh ton vn d liu. Thut ton m ho c s dng trong IPsec bao gm HMAC-SHA1 cho tnh ton vn d liu (integrity protection), v thut ton TripleDES-CBC v AES-CBC cho m m ho v m bo an ton ca gi tin. Ton b thut ton ny c th hin trong RFC 4305. a. Authentication Header (AH) AH c s dng trong cc kt ni khng c tnh m bo d liu. Hn na n l la chn nhm chng li cc tn cng replay attack bng cch s dng cng ngh tn cng sliding windows v discarding older packets. AH bo v qu trnh truyn d liu khi s dng IP. Trong IPv4, IP header c bao gm TOS, Flags, Fragment Offset, TTL, v Header Checksum. AH thc hin trc tip trong phn u tin ca gi tin IP. di y l m hnh ca AH header. Cc modes thc hin
Trang 44
ngha ca tng phn: Next header: Nhn dng giao thc trong s dng truyn thng tin. Payload length: ln ca gi tin AH. RESERVED: S dng trong tng lai (cho ti thi im ny n c biu din bng cc s 0). Security parameters index (SPI): Nhn ra cc thng s bo mt, c tch hp vi a ch IP, v nhn dng cc thng lng bo mt c kt hp vi gi tin. Sequence number: Mt s t ng tng ln mi gi tin, s dng nhm chng li tn cng dng replay attacks. Authentication data: Bao gm thng s Integrity check value (ICV) cn thit trong gi tin xc thc. b. Encapsulating Security Payload (ESP) Giao thc ESP cung cp xc thc, ton vn, m bo tnh bo mt cho gi tin. ESP cng h tr tnh nng cu hnh s dng trong tnh hung ch cn bo m ho v ch cn cho authentication, nhng s dng m ho m khng yu cu xc thc khng m bo tnh bo mt. Khng nh AH, header ca gi tin IP, bao gm cc option khc. ESP thc hin trn top IP s dng giao thc IP v mang s hiu 50 v AH mang s hiu 51.
Trang 45
ngha ca cc phn: Security parameters index (SPI): Nhn ra cc thng s c tch hp vi a ch IP. Sequence number:T ng tng c tc dng chng tn cng kiu replay attacks. Payload data: Cho d liu truyn i Padding: S dng vi block m ho Pad length: ln ca padding. Next header: Nhn ra giao thc c s dng trong qu trnh truyn thng tin. Authentication data: Bao gm d liu xc thc cho gi tin.
Trang 46
D n KAME cng hon thnh vic trin khai s dng IPsec cho NetBSB, FreeBSB. Trnh qun l cc kho c gi l racoon. OpenBSB c to ra ISAKMP/IKE, vi tn n gin l isakmpd (n cng c trin khai trn nhiu h thng, bao gm c h thng Linux). Trong bi vit ny ti s gii thiu vi cc bn tng quan v cch thc lm vic ca Public Key Infrastructure (PKI). Nu bn s dng Active Directory ca cng ngh Windows NT th mi user khi c to ra cng i lin vi n c mt cp Key: Public key v Private key. Ngoi ra cn c nhiu ng dng to ra cp kho ny.
Cp key c to ra ngu nhin vi nhiu ch s hin th. Khi cc keys c to ra t nhiu ch s ngu nhin, s khng th gii m nu ra private key nu bit public key. Nhng c mt s thut ton c th to ra public key t private key. Nhng ch c Public key mi c published cho ton b mi ngi. Hu ht cc cp key c to ra t nhiu s v bng mt thut ton m ho no .
Mt thng tin c m ho vi public key th ch c th gii m bi private key. Nu ch c public key bn s khng th gii m c gi tin. iu ny c ngha khi mt ngi gi
Trang 47
thng tin c m ho ti mt ngi khc th ch c ngi nhn mi m c thng tin m thi. Nhng ngi khc c bt c ton b thng tin th cng khng th gii m c nu ch c Public key.
Mt thng tin c m ho vi private key c th gii m vi public key. Khi public key c public cho ton b mi ngi th ai cng c th c c thng tin nu c public key.
m bo an ton hn trong qu trnh truyn thng tin: Alice kt hp Private key ca c y vi Public key ca Bob to ra v chia s bo mt (share secret). Cng tng t nh vy Bob cng kt hp Private key ca mnh vi Public key ca Alice to ra mt shared secret. Ri hai ngi truyn thng tin cho nhau. Khi Alice truyn thng tin cho Bob bng Shared Secret c to ra, khi Bob nhn c gi tin m ho bi shared secret dng Public key ca Alice kt hp vi Private key ca mnh m thng tin. iu ny cng tng t khi Bob truyn thng tin v cch Alice gii m ly thng tin.
Trang 48
Trang 49
NAT s dng IP ca chnh n lm IP cng cng cho mi my con (client) vi IP ring. Khi mt my con thc hin kt ni hoc gi d liu ti mt my tnh no trn internet, d liu s c gi ti NAT, sau NAT s thay th a ch IP gc ca my con ri gi gi d liu i vi a ch IP ca NAT. My tnh t xa hoc my tnh no trn internet khi nhn c tn hiu s gi gi tin tr v cho NAT computer bi v chng ngh rng NAT computer l my gi nhng gi d liu i. NAT ghi li bng thng tin ca nhng my tnh gi nhng gi tin i ra ngoi trn mi cng dch v v gi nhng gi tin nhn c v ng my tnh (client). NAT thc hin nhng cng vic sau: - Chuyn i a ch IP ngun thnh a ch IP ca chnh n, c ngha l d liu nhn c bi my tnh t xa (remote computer) ging nh nhn c t my tnh c cu hnh NAT. - Gi d liu ti my tnh t xa v nh c gi d liu s dng cng dch v no. - D liu khi nhn c t my tnh t xa s c chuyn ti cho cc my con. NAT c hot ng vi bt k giao thc v ng dng no khng? Giao thc s dng a kt ni hoc a phng tin v nhiu kiu d liu (nh l FTP hoc RealAudio). Vi FTP, khi bn bt u cng vic truyn file, bn thc hin mt kt ni ti FTP server bi FTP client, my client kt ni vo v yu cu c truyn file hoc th mc, vi mt vi FTP client bn s thy mt hin tng g nh lnh port, nhng g m dng lnh ny ang thc hin l thit lp kt ni d liu gi tp tin hoc th mc v li cho FTP client. Cch thc hin cng vic nh vy c ngha l my client ni vi server rng hy kt ni vi ti trn a ch IP ny v trn cng port ny truyn d liu. Vn y l my client ch cho server bit kt ni ngc li trn a ch IP ni b bn trong mng LAN ca chnh n v nh vy server s khng tm c a ch IP ny v tht bi nu server c gng tm kim v kt ni vi a ch ny, y l lc phi cn ti NAT Hu ht cc gii php NAT (trong bao gm c WinGate) u c s h tr c bit i vi giao thc FTP v yu cu i vi my tnh c cu hnh NAT l my tnh phi c a ch IP tnh (static IP).
Trang 50
- Khi ng dch v Nat right click server-radius (tn ca my Nat server) configue and enable routing and remote access
Trang 51
next khi ng hp thoi Nat internet conection: hp thoi ny cho php chng ta chn la giao tip no kt ni vi h thng mng internet
C 2 mc chn la: use this public interface to connect to internet: Chng ta chn la mc ny khi my c t 2 card mng tr ln. Ti list box chng ta chn la card mng dng kt ni internet Create a new demand-dial interface to the internet Mc ny ch c chn la khi giao tip vi internet l 1 modem dialup next finish khi ng dch v Nat
Trang 52
sau khi khi ng dch v nat ta co giao din chng trnh nh sau:
Bc 2: Cu hnh dch v Nat: Cu hnh giao tip internet: right click ln giao tip internet properties m hp thoi cu hnh ca kt ni internet Tab Nat/Basic firewall:
Trang 53
Hp thoi ny cho php thit lp cc bo mt c bn trn giao tip internet o Public interface connect to the internet: Mc ny c chn la khi giao tip ny l giao tip kt ni vi h thng mng bn ngoi. - Enable NAT on this interface: mc ny cho php bt hay tt chc nng NAT, khi tt chc nng ny khi cc my trm trong h thng mng LAN khng th kt ni internet c - Enable basic firewall on this interface: mc ny cho php bt tt ch bo v c bn ca NAT server trn giao tip hin ti. o Static Packet Filter: Mc ny cho php thit lp chnh sch lc cc gi tin i qua nat server - Inbound filter: cho php thit lp b lc gi tin i vo interface ny - Outbound filter: cho php thit lp b lc gi tin i ra interface ny Tab Address pool: Cho php quy nh nhng my c a ch IP no c php truy nhp internet
Trang 54
Tab service and ports: Cho php quy nh loi dch v no m cho php bn ngoi internet truy nhp vo n.
- Add: cho php thm vo loi dch v - Edit: cho php hiu chnh thng tin ca tng loi dch v Tab ICMP: Cho php thit lp cc chnh sch lc vi giao thc h tr nh tuyn ICMP.
Trang 55
Trang 56
1.1 Virus l g ?
Thut ng virus tin hc dng ch mt chng trnh my tnh c th t sao chp chnh n ln ni khc (a hoc file) m ngi s dng khng hay bit. Ngoi ra, mt c im chung thng thy trn cc virus tin hc l tnh ph hoi, n gy ra li thi hnh, thay i v tr, m ho hoc hu thng tin trn a.
a. B-virus.
Khi my tnh bt u khi ng (Power on), cc thanh ghi phn on u c t v 0FFFFh, cn mi thanh ghi khc u c t v 0. Nh vy, quyn iu khin ban u c trao cho on m ti 0FFFFh: 0h, on m ny thc ra ch l lnh nhy JMP FAR n mt on chng trnh trong ROM, on chng trnh ny thc hin qu trnh POST (Power On Self Test - T kim tra khi khi ng). Qu trnh POST s ln lt kim tra cc thanh ghi, kim tra b nh, khi to cc Chip iu khin DMA, b iu khin ngt, b iu khin a... Sau n s d tm cc Card thit b gn thm trao quyn iu khin cho chng t khi to ri ly li quyn iu khin. Ch rng y l on Trang 57
chng trnh trong ROM (Read Only Memory) nn khng th sa i, cng nh khng th chn thm mt on m no khc. Sau qu trnh POST, on chng trnh trong ROM tin hnh c Boot Sector trn a A hoc Master Boot trn a cng vo RAM (Random Acess Memory) ti a ch 0:7C00h v trao quyn iu khin cho on m bng lnh JMP FAR 0:7C00h. y l ch m B-virus li dng tn cng vo Boot Sector (Master Boot), ngha l n s thay Boot Sector (Master Boot) chun bng on m virus, v th quyn iu khin c trao cho virus, n s tin hnh cc hot ng ca mnh trc, ri sau mi tin hnh cc thao tc nh thng thng: c Boot Sector (Master Boot) chun m n ct giu u vo 0:7C00h ri trao quyn iu khin cho on m chun ny, v ngi s dng c cm gic rng my tnh ca mnh vn hot ng bnh thng.
b. F-virus.
Khi DOS t chc thi hnh File kh thi (bng chc nng 4Bh ca ngt 21h), n s t chc li vng nh, ti File cn thi hnh v trao quyn iu khin cho File . F-virus li dng im ny bng cch gn on m ca mnh vo file ng ti v tr m DOS trao quyn iu khin cho File sau khi ti vo vng nh. Sau khi F-virus tin hnh xong cc hot ng ca mnh, n mi sp xp, b tr tr li quyn iu khin cho File cho File li tin hnh hot ng bnh thng, v ngi s dng th khng th bit c. Trong cc loi B-virus v F-virus, c mt s loi sau khi dnh c quyn iu khin, s tin hnh ci t mt on m ca mnh trong vng nh RAM nh mt chng trnh thng tr (TSR), hoc trong vng nh nm ngoi tm kim sot ca DOS, nhm mc ch kim sot cc ngt quan trng nh ngt 21h, ngt 13h,... Mi khi cc ngt ny c gi, virus s dnh quyn iu khin tin hnh cc hot ng ca mnh trc khi tr li cc ngt chun ca DOS.
1.3 c im Ca B-Virus:
Qua phn trc, chng ta a ra cc thng tin ht sc c bn v cu trc a, tin trnh khi ng v cch thc t chc vng nh, t chc thi hnh file ca DOS. Nhng thng tin gip chng ta tm hiu nhng c im c bn ca virus, t a ra cch phng chng, cha tr trong trng hp my b nhim virus.
nh n ln cho nn vng ny thng t c s dng. Ghi vo vng trng trn a, nh du trong bng FAT vng ny l vng b hng DOS khng s dng cp pht na. Cch lm ny an ton hn cc cch lm trn y. Format thm track v ghi vo track va c Format thm. Ty thuc vo ln ca on m virus m B-virus c chia thnh hai loi: - SB-virus. Chng trnh ca SB-virus ch chim ng mt sector khi ng, cc tc v ca SB-virus khng nhiu v tng i n gin. Hin nay s cc virus loi ny thng t gp v c l ch l cc virus do trong nc "sn xut". - DB-virus. y l nhng loi virus m on m ca n ln hn 512 byte (thng thy). V th m chng trnh virus c chia thnh hai phn: - Phn u virus: c ci t trong sector khi ng chim quyn iu hin khi quyn iu khin c trao cho sector khi ng ny. Nhim v duy nht ca phn u l: ti tip phn thn ca virus vo vng nh v trao quyn iu khin cho phn thn . V nhim v n gin nh vy nn phn u ca virus thng rt ngn, v cng ngn cng tt v cng ngn th s khc bit gia sector khi ng chun v sector khi ng b nhim virus cng t, gim kh nng b nghi ng. - Phn thn virus: L phn chng trnh chnh ca virus. Sau khi c phn u ti vo vng nh v trao quyn, phn thn ny s tin hnh cc tc v ca mnh, sau khi tin hnh xong mi c sector khi ng chun vo vng nh v trao quyn cho n my tnh lm vic mt cch bnh thng nh cha c g xy ra c.
b. Mt s k thut c bn ca B-virus.
D l SB-virus hay DB-virus, nhng tn ti v ly lan, chng u c mt s cc k thut c bn nh sau: - K thut kim tra tnh duy nht. Virus phi tn ti trong b nh cng nh trn a, song s tn ti qu nhiu bn sao ca chnh n trn a v trong b nh s ch lm chm qu trnh Boot my, cng nh chim qu nhiu vng nh nh hng ti vic ti v thi hnh cc chng trnh khc ng thi cng lm gim tc truy xut a. Chnh v th, k thut ny l mt yu cu nghim ngt vi B-virus. Vic kim tra trn a c hai yu t nh hng: Th nht l thi gian kim tra: Nu mi tc v c/ghi a u phi kim tra a th thi gian truy xut s b tng gp i, lm Trang 59
gim tc truy xut cng nh gia tng mi nghi ng. i vi yu cu ny, cc virus p dng mt s k thut sau: Gim s ln kim tra bng cch ch kim tra trong trng hp thay i truy xut t a ny sang a khc, ch kim tra trong trng hp bng FAT trn a c c vo. Th hai l k thut kim tra: Hu ht cc virus u kim tra bng gi tr t kho. Mi virus s to cho mnh mt gi tr c bit ti mt v tr xc nh trn a, vic kim tra c tin hnh bng cch c Boot record v kim tra gi tr ca t kho ny. K thut ny gp tr ngi v s lng B-virus ngy mt ng o, m v tr trn Boot Record th c hn. Cch khc phc hin nay ca cc virus l tng s lng m lnh cn so snh lm gim kh nng trng hp ngu nhin. kim tra s tn ti ca mnh trong b nh, cc virus p dng cc k thut sau: n gin nht l kim tra gi tr Key value ti mt v tr xc nh trn vng nh cao, ngoi ra mt k thut khc c p dng i vi cc virus chim ngt Int 21 ca DOS l yu cu thc hin mt chc nng c bit khng c trong ngt ny. Nu c bo li c bt ln th trong b nh cha c virus, ngc li nu virus lu tr trong vng nh th gi tr tr li (trong thanh ghi AX chng hn) l mt gi tr xc nh no . - K thut lu tr. Sau khi thc hin xong chng trnh POST, gi tr tng s vng nh va c Test s c lu vo vng BIOS Data a ch 03h. Khi h iu hnh nhn quyn iu khin, n s coi vng nh m n kim sot l gi tr trong a ch ny. V vy lu tr, mi B-virus u p dng k thut sau y: Sau khi ti phn lu tr ca mnh ln vng nh cao, n s gim gi tr vng nh do DOS qun l ti 03h i mt lng ng bng kch thc ca virus. Tuy nhin nu khng kim tra tt s c mt trong vng nh, khi b Boot mm lin tc, gi tr tng s vng nh ny s b gim nhiu ln, nh hng ti vic thc hin ca cc chng trnh sau ny. Chnh v th, cc virus c thit k tt phi kim tra s tn ti ca mnh trong b nh, nu c mt trong b nh th khng gim dung lng vng nh na. - K thut ly lan. on m thc hin nhim v ly lan l on m quan trng trong chng trnh virus. m bo vic ly lan, virus khng ch ngt quan trng nht trong vic c/ghi vng h thng: l ngt 13h, tuy nhin m bo tc truy xut a, ch cc chc nng 2 v 3 (c/ghi) l dn ti vic ly lan. Vic ly lan bng cch c Boot Sector (Master Boot) ln v kim tra xem b ly cha (k thut kim tra ni trn). Nu sector khi ng cha b nhim th virus s to mt sector khi ng mi vi cc tham s tng ng ca on m virus ri ghi tr li vo v tr ca n trn a. Cn sector khi ng va c ln cng vi thn ca virus (loi DB-virus) s c ghi vo vng xc nh trn a. Ngoi ra mt s virus cn chim ngt 21 ca DOS ly nhim v ph hoi trn cc file m ngt 21 lm vic. Vic xy dng sector khi ng c on m ca virus phi m bo cc k thut sau y: - Sector khi ng b nhim phi cn cha cc tham s a phc v cho qu trnh truy xut a, l bng tham s BPB ca Boot record hay bng phn chng trong trng hp Master boot. Vic Trang 60
khng bo ton s dn n vic virus mt quyn iu khin hoc khng th kim sot c a nu virus khng c mt trong mi trng. - S an ton ca sector khi ng nguyn th v on thn ca virus cng phi c t ln hng u. Cc k thut v v tr ct giu chng ta cng phn tch cc phn trn. - K thut ngy trang v gy nhiu. K thut ny ra i kh mun v sau ny, do khuynh hng chng li s pht hin ca ngi s dng v nhng lp trnh vin i vi virus. V kch thc ca virus kh nh b cho nn cc lp trnh vin hon ton c th d tng bc xem c ch ca virus hot ng nh th no, cho nn cc virus tm mi cch lt lo chng li s theo di ca cc lp trnh vin. Cc virus thng p dng mt s k thut sau y: - C tnh vit cc lnh mt cch rc ri nh t Stack vo cc vng nh nguy him, chim v xo cc ngt, thay i mt cch lt lo cc thanh ghi phn on ngi d khng bit d liu ly t u, thay i cc gi tr ca cc lnh pha sau ngi s dng kh theo di. - M ho ngay chnh chng trnh ca mnh ngi s dng khng pht hin ra quy lut, cng nh khng thy mt cch r rng ngay s hot ng ca virus. - Ngy trang: Cch th nht l on m ci vo sector khi ng cng ngn cng tt v cng ging sector khi ng cng tt. Tuy vy cch th hai vn c nhiu virus p dng: Khi my ang nm trong quyn chi phi ca virus, mi yu cu c/ghi Boot sector (Master boot) u c virus tr v mt bn chun: bn trc khi b virus ly. iu ny nh la ngi s dng v cc chng trnh chng virus khng c thit k tt nu my hin ang chu s chi phi ca virus. - K thut ph hoi. l virus th bao gi cng c tnh ph hoi. C th ph hoi mc a cho vui, cng c th l ph hoi mc nghim trng, gy mt mt v nh tr i vi thng tin trn a. Cn c vo thi im ph hoi, c th chia ra thnh hai loi: - Loi nh thi: Loi ny lu gi mt gi tr, gi tr ny c th l ngy gi, s ln ly nhim, s gi my chy, ... Nu gi tr ny vt qu mt con s cho php, n s tin hnh ph hoi. Loi ny thng nguy him v chng ch ph hoi mt ln. - Loi lin tc: Sau khi b ly nhim v lin tc, virus tin hnh ph hoi, song do tnh lin tc ny, cc hot ng ph hoi ca n khng mang tnh nghim trng, ch yu l a cho vui.
1.4 c im Ca F-Virus:
So vi B-virus th s lng F-virus ng o hn nhiu, c l do cc tc v a vi s h tr ca Int 21 tr nn cc k d dng v thoi mi, l iu kin pht trin cho cc F-virus. Thng th cc F-virus ch ly lan trn cc file kh thi (c ui .COM hoc .EXE), tuy nhin mt nguyn tc m virus phi tun th l: Khi thi hnh mt file kh thi b ly nhim, quyn iu khin phi nm trong tay virus trc khi virus tr n li cho file b nhim, v khi file nhn li quyn iu Trang 61
a. K thut ly lan:
Cc F-virus ch yu s dng hai k thut: Thm vo u v thm vo cui - Thm vo u file. Thng thng, phng php ny ch p dng cho cc file .COM, tc l u vo ca chng trnh lun lun ti PSP0h. Li dng u vo c nh, virus chn on m ca chng trnh virus vo u chng trnh i tng, y ton b chng trnh i tng xung pha di. Cch ny c mt nhc im l do u vo c nh ca chng trnh .COM l PSP0, cho nn trc khi tr li quyn iu khin cho chng trnh, phi y li ton b chng trnh ln bt u t offset 100h. Cch ly ny gy kh khn cho nhng ngi khi phc v phi c ton b file vo vng nh ri mi tin hnh ghi li. - Thm vo cui file. Khc vi cch ly lan trn, trong phng php ny, on m ca virus s c gn vo sau ca chng trnh i tng. Phng php ny c thy trn hu ht cc loi virus v phm vi ly lan ca n rng ri hn phng php trn. Do thn ca virus khng nm ng u vo ca chng trnh, cho nn chim quyn iu khin, phi thc hin k thut sau y: - i vi file .COM: Thay cc byte u tin ca chng trnh (u vo) bng mt lnh nhy JMP, chuyn iu khin n on m ca virus. E9 xx xx JMP Entry virus. - i vi file .EXE: Ch cn nh v li h thng cc thanh ghi SS, SP, CS, IP trong Exe Header trao quyn iu khin cho phn m virus. Ngoi hai k thut ly lan ch yu trn, c mt s t cc virus s dng mt s cc k thut c bit khc nh m ho phn m ca chng trnh virus trc khi ghp chng vo file ngy trang, hoc thm ch thay th mt s on m ngn trong file i tng bng cc on m ca virus, gy kh khn cho qu trnh khi phc. Khi tin hnh ly lan trn file, i vi cc file c t cc thuc tnh Sys (h thng), Read Only (ch c), Hidden (n), phi tin hnh i li cc thuc tnh c th truy nhp, ngoi ra vic truy nhp cng thay i li ngy gi cp nht ca file, v th hu ht cc virus u lu li thuc tnh, ngy gi cp nht ca file sau khi ly nhim s tr li y nguyn thuc tnh v ngy gi cp nht ban u ca n. Ngoi ra, vic c gng ghi ln a mm c dn nhn bo v cng to ra dng thng bo li ca DOS: Retry - Aboart - Ignore, nu khng x l tt th d b ngi s dng pht hin ra s c mt ca virus. Li kiu ny c DOS kim sot bng ngt 24h, cho nn cc virus mun trnh cc Trang 62
thng bo kiu ny ca DOS khi tin hnh ly lan phi thay ngt 24h ca DOS trc khi tin hnh ly lan ri sau hon tr.
c. K thut thng tr
y l mt k thut kh khn, l do l DOS ch cung cp chc nng thng tr cho chng trnh, ngha l ch cho php c chng trnh thng tr. V vy nu s dng chc nng ca DOS, chng trnh virus mun thng tr th c file i tng cng phi thng tr, m iu ny th khng th c nu kch thc ca file i tng qu ln. Chnh v l do trn, hu ht cc chng trnh virus mun thng tr u phi thao tc qua mt DOS trn chui MCB bng phng php "th cng". Cn c vo vic thng tr c thc hin trc hay sau khi chng trnh i tng thi hnh, c th chia k thut thng tr thnh hai nhm: - Thng tr trc khi tr quyn iu khin. Nh ni trn, DOS khng cung cp mt chc nng no cho kiu thng tr ny, cho nn chng trnh virus phi t thu xp. Cc cch sau y c virus dng n: - Thao tc trn MCB tch mt khi vng nh ra khi quyn iu khin ca DOS, ri dng vng ny cha chng trnh virus. - T nh v v tr trong b nh ti phn thng tr ca virus vo, thng th cc virus chn vng nh cao, pha di phn tm tr ca file command.com trnh b ghi khi h thng ti li command.com. V khng cp pht b nh cho phn chng trnh virus ang thng tr, cho nn command.com hon ton c quyn cp pht vng nh cho cc chng trnh khc, ngha l chng trnh thng tr ca virus phi chp nhn s mt mt do may ri. - Thng tr bng chc nng thng tr 31h: y l mt k thut phc tp, tin trnh cn thc hin c m t nh sau: Trang 63
Khi chng trnh virus c trao quyn, n s to ra mt MCB c khai bo l phn t trung gian trong chui MCB cha chng trnh virus, sau li to tip mt MCB mi cho chng trnh b nhim bng cch di chng trnh xung vng mi ny. thay i PSP m DOS ang lu gi thnh PSP m chng trnh virus to ra cho chng trnh i tng, phi s dng chc nng 50h ca ngt 21h. -. Thng tr sau khi ot li quyn iu khin. Chng trnh virus ly tn chng trnh ang thi hnh trong mi trng ca DOS, ri n thi hnh ngay chnh bn thn mnh. Sau khi thi hnh xong, quyn iu khin li c tr v cho virus, v khi n mi tin hnh thng tr mt cch bnh thng bng chc nng 31h ca ngt 21h.
d. K thut ph hoi
Thng thng, cc F-virus cng s dng cch thc v k thut ph hoi ging nh B-virus. C th ph hoi mt cch nh thi, lin tc hoc ngu nhin. i tng ph hoi c th l mn hnh, loa, a,...
Trang 64
Chn Next mng hnh xc nhn bn quyn xut hin chn I accept tip tc qu trnh ci t
Chn Next mng hnh chn la phng thc ci t xut hin: client server option chn server intall
Trang 65
Chn next hp thoi setup type xut hin chn complete ci t y cc tnh nng ca chng trnh
Chn Next hp thoi select server group xut hin trong hp thoi ny, khai bo cc thng tin sau: - server group: cho php khai bo nhm server - username: khai bo user cho php ng nhp server sau khi ci t - Password: cho php khai bo password ca user ng nhp
Trang 66
Trang 67
Trang 68
Trang 69
Trang 70
Trang 71
Trang 72