CHNG 1........................................................................................................2 TNG QUAN V BO MT V AN TON MNG...................................................2 1. TNG QUAN V AN TON BO MT MNG: ...............................................2 2. CC DNG TN CNG:...............................................................................6 3.

CC PHNG PHP PHNG CHNG:.......................................................21 CHNG 2......................................................................................................24 BO MT VI LC GI IP................................................................................24 1. Gi Tin (Packet):......................................................................................24 2. Bo Mt Vi Lc Gi:................................................................................29 Chng 3........................................................................................................42 IPSEC..............................................................................................................42 (Internet protocol security)..............................................................................42 1. Tng quan...............................................................................................42 2. Cu trc bo mt.....................................................................................42 3. Hin trng................................................................................................43 4. Thit k theo yu cu..............................................................................43 5. Technical details......................................................................................44 6. Implementations - thc hin....................................................................46 CHNG 4......................................................................................................49 NAT.................................................................................................................49 (Network Address Translation)........................................................................49 1. Nat L. G ?..............................................................................................49 2. M Hnh Mng Ca Dch V Nat...............................................................49 3. Nguyn L Hot ng Ca NAT ...............................................................49 4. Trin Khai Dch V Nat.............................................................................51 CHNG 5......................................................................................................57 VIRUS..............................................................................................................57 V CCH PHNG CHNG................................................................................57 1 Virus.........................................................................................................57 2. Phng Chng Virus:..................................................................................64

CHNG 1 TNG QUAN V BO MT V AN TON MNG

1. TNG QUAN V AN TON BO MT MNG:
1.1. Gii thiu v AAA: (Access Control, Authentication v Auditing):
Khi h thng mng c ra i nhu cu cn trao i ti nguyn c t ra v nhng ngi s dng h thng mng c trao i ti nguyn vi nhau. Sau mt khong thI gian s dng, h thng mng ngy cng c m rng v s lng tham gia vo mng ngy cng tng, do vic thc hin cc chnh sch bo mt, thit lp cc chnh sch trong vic truy xut ti nguyn mng c t ra. Cng ngh thng tin c p dng trong nhiu lnh vc nh thng mi, hng hi, Trong s pht trin thng tin l mt phn quan trng nht. MI thit b my tnh nh (Ram, CPU, Mn hnh, a cng ) cng nh h tng mng (router, switch, ) c to ra h tr vic x l, lu tr, trnh by, vn chuyn thng tin V vy vic bo m tnh an ton ca d liu c lu tr trn my tnh cng nh tnh b mt v ton vn ca thng tin c truyn trn mng c ngha rt ln i vi s tn ti v pht trin ca cng ngh thng tin. h tr cho vic bo mt nhm hn ch truy cp d liu ca ngI khc, trnh s mt mt d liu, thut ng AAA (Access Control, Authentication v Auditing) ra i. AAA c vit tc t: Access Control, Authentication v Auditing. AAA l khi nim c bn ca an ninh my tnh v an ninh mng. Nhng khi nim ny c dng bo m cc tnh nng bo mt thng tin, ton vn d liu v tnh sn sng ca h thng.

1.2. iu khin truy cp (Access Control):

iu khin truy cp l mt chnh sch, c s h tr ca phn mm hay phn cng c dng cho php hay t chi truy cp n ti nguyn, qui nh mc truy xut n ti nguyn. C ba m hnh c s dng gii thch cho m hnh iu khin truy cp: - MAC (Mandatory Access Control) - DAC (Discretionary Access Control) - RBAC ( Role Based Access Control) 1.2.1 MAC (Mandatory Access Control): M hnh MAC l mt m hnh tnh s dng cc quyn hn truy cp n tp tin c nh ngha trc trn h thng. Ngi qun tr h thng thit lp cc tham s ny v kt hp chng vi mt ti khon, vi nhiu tp tin hay ti nguyn. M hnh MAC c th b hn ch nhiu. Trong m hnh MAC ngi qun tr thit lp vic truy cp v ngi qun tr cng l ngi c th thay i s truy cp . Ngi dng khng th chia s ti nguyn c tr khi c mt mi quan h vi ti nguyn tn ti trc. V d: i vi Unix h thng qui nh mt tp tin hay th mc s v mt ch s hu (Owner). Khi ta khng th nh ngha mt tp tin hay th mc thuc quyn s hu ca hai hay nhiu ngi. Quyn tp tin, th mc trn Windows 2000 (Full control, Write, Read, List folder content )

Trang 2

1.2.2. DAC (Discretionary Access Control): L tp cc quyn truy cp trn mt I tng m mt ngI dng hay mt ng dng nh ngha. M hnh DAC cho php ngI dng chia s tp tin v s dng tp tin do ngI khc chia s. M hnh DAC thit lp mt danh sch iu khin truy cp (Access control list) dng nhn ra ngI dng no c quyn truy cp n ti nguyn no. Ngoi ra, m hnh ny cho php ngI dng gn hay loI b quyn truy cp n mI c nhn hay nhm da trn tng trng hp c th. 1.2.3. RBAC (Role Based Access Control): Trong RBAC, vic quyt nh quyn truy cp da trn vai tr ca mI c nhn v trch nhim ca h trong t chc. Quyn hn da trn cng vic v phn nhm ngI dng. Tu thuc vo tng quyn hn ca ngI dng m chng ta s phn quyn cho ph hp. V d: NgI qun tr c ton quyn qun tr trn h thng mng, c quyn thm, xo, sa thng tin trn mng. Nhng nhn vin bnh thng trong mng s ch c quyn s dng my tnh m khng c php lm g c.

1.3 Xc thc (Authentication):

Qu trnh dng xc nhn mt my tnh hay mt ngI dng c gng truy cp n ti nguyn, cng nh cch thc ng nhp v s dng h thng. Qu trnh xc thc rt a dng, t cch xc nhn thng thng nh kim tra tn ng nhp/mt khu n vic s dng cc cng ngh tin tin nh th thng minh, thit b sinh hc nhn dng ngI dng. 1.3.1. Username/Password: y l phng thc xc nhn c in v c s dng rt ph bin (do tnh nng n gin v d qun l). MI ngI dng s c xc nhn bng mt tn truy cp v mt khu. Mt khu thng thng c lu trong c s d liu dI dng m ho hoc khng m ho. Tuy nhin mt khu c th d dng b on bng cc phng php vt cn. Chnh sch mt khu: Mc khng an ton: t hn 06 k t Mc an ton trung bnh: 08 n 13 k t Mc an ton cao: 14 k t Kt hp gia cc k t hoa v thng S dng s, k t c bit, khng s dng cc t c trong t in. Khng s dng thng tin c nhn t mt khu (ngy sinh, s in thoi, tn ngI thn ).

Ngoi ra mt khu cn tun theo mt s yu cu sau:

Trang 3

1.3.2. CHAP: Do im yu ca User/Pass l thng tin dng b mt khi chuyn trn mng, do cn phi c mt phng php m bo rng d liu c truyn thng an ton trong qu trnh chng thc. CHAP l mt giao thc p ng c yu cu trn. CHAP thng c dng bo v cc thng tin xc nhn v kim tra kt ni n ti nguyn hp l, s dng mt dy cc thch thc v tr li c m ho. y l nghi thc xc nhn truy cp t xa m khng cn gi mt khu qua mng. CHAP c s dng xc nh s hp l bng cch s dng c ch bt tay 3 - Way. C ch ny c s dng khi kt ni c khi to v c s dng nhiu ln duy tr kt ni. - Ni cn xc nhn s gi mt thng ip Challenge - Bn nhn s s dng mt khu v mt hm bm mt chiu tnh ra kt qu v tr li cho bn cn xc nhn. - Bn cn xc nhn s tnh ton hm bm tng ng v i chiu vi gi tr tr v. Nu gi tr l ng th vic xc nhn hp l, ngc li kt ni s kt thc. - Vo mt thi im ngu nhin,bn cnh xc nhn s gi mt Challenge mi kim tra s hp l ca kt ni 1.3.3. Chng ch (Certificates) Trong cuc sng chng ta s dng CMND hay h chiu giao tip vi ngi khc trong x hi nh s dng i du lch, tu xe Trong my tnh chng ta s dng chng ch xc nhn vi nhng my khc rng ngi dng v my tnh hp l v gip cho cc my tnh truyn thng vi nhau c an ton. Chng ch in t l mt dng d liu s cha cc thng tin xc nh mt thc th (thc th c th l mt c nhn, mt server, mt thit b hay phn mm) Chi tit v chng ch chng ta s tham kho trong cc phn sau. 1.3.4. Mutual Authentication (Xc nhnln nhau): a s cc c ch chng thc u thc hin mt chiu, khi vic xc thc rt d b gi lp v d b Hacker tn cng bng phng php gi lp cch thc kt ni (nh Reply Attack ) Trong thc t c rt nhiu ng dng i hi c ch xc nhn qua li. v d mt ngi dng c mt ti khon ti Ngn hng. Khi ngi dng truy xut kim tra ngy np tin vo Ngn hng s kim tra tnh hp l ca Ngn hng ang thao tc. Nu thng tin kim tra l hp l th qu trnh ng nhp thnh cng v ngi dng c th thay i thng tin ti khon ca mnh. Mi thnh phn trong mt giao tip in t c th xc nhn thnh phn kia. Khi , khng ch xc nhn ngi dng vi h thng m cn xc nhn tnh hp l ca h thng i vi ngi dng. 1.3.5. Biometrics: Cc thit b sinh hc c th cung cp mt c ch xc nhn an ton rt cao bng cch s dng cc c tnh v vt l cng nh hnh vi ca mi c nhn chng thc, c s dng cc khu vc cn s an ton cao. Cch thc hot ng ca Biometric: - Ghi nhn c im nhn dng sinh hc Cc c im nhn dng ca i tng c qut v kim tra. Cc thng tin v sinh hc c phn tch v lu li thnh cc mu. - Kim tra i tng cn c kim tra s c qut Trang 4

 My tnh s phn tch d liu qut vo v i chiu vi d liu mu. Nu d liu mu i chiu ph hp th ngi dng c xc nh hp l v c quyn truy xut vo h thng. Mt s dng: - Cc c im vt l: Du vn tay Hand geometry Qut khun mt Qut vng mc mt Qut trng en mt - Cc c tnh v hnh vi: Ch k tay Ging ni Hin nay c ch xc nhn sinh hc c xem l c ch mang tnh an ton rt cao. Tuy nhin xy dng c ch xc nhn ny th chi ph rt cao. 1.3.6. Multi Factor: khi mt h thng s dng hai hay nhiu phng php chng thc khc nhau kim tra vic User ng nhp hp l hay khng th c gi l multi factor. Mt h thng va s dng th thng minh va s dng phng php chng thc bng username va password th c gi l mt h thng chng thc two factor. Khi ta c th kt hp hai hay nhiu c ch xc nhn to ra mt c ch xc nhn ph hp vi nhu cu. Ch danh ca mt c nhn c xc nh s dng t nht hai trong cc factors xc nhn sau: - Bn bit g (mt mt khu hay s pin) - Bn c g (smart card hay token) - Bn l ai (du vn tay, vng mc ) - Bn lm g (ging ni hay ch k) 1.3.7. Kerberos: Kerberos l mt dch v xc nhn bo m cc tnh nng an ton, xc nhn mt ln, xc nhn ln nhau v da vo thnh phn tin cy th ba. An ton:

S dng ticket, dng thng ip m ha c thi gian, chng minh s hp l ca ngi dng. V th mt khu ca ngi dng c th c bo v tt do khng cn gi qua mng hay lu trn b nh my tnh cc b.
Xc nhn truy cp mt ln: Ngi dng ch cn ng nhp mt ln v c th truy cp n tt c cc ti nguyn trn mt h thng hay my ch khc h tr nghi thc Kerberos. Thnh phn tin cy th ba: Lm vic thng qua mt my ch xc nhn trung tm m tt c cc h thng trong mng tin cy. Xc nhn ln nhau: Trang 5

Khng ch xc nhn ngi dng i vi h thng m cn xc nhn s hp l ca h thng i vi ngi dng. Xc nhn Kerberos c tch hp trc tip trong cu trc qun l th mc (Active Directory) ca Windows 2000, 2003 server h tr cc my trm c th ng nhp mt ln vo DC v s dng dch v trn cc server khc thuc cng DC m khng cn phi ng nhp. Vic ny hon ton trong sut vI ngI dng nn h khng nhn ra c s h tr ca Kerberos.

2. CC DNG TN CNG:
2.1. Gii thiu:
xy dng mt h thng bo mt, trc ht chng ta phi hiu r cch thc cc Hacker s dng tn cng vo h thng. Vic tm hiu cch thc tn cng gp phn rt nhiu cho cng tc bo mt mt h thng mng, gip vic ngn chn hiu qu hn rt nhiu. Mi trng mng ngy cng pht trin, do nhu cu bo mt, bo m an ninh trn mng lun pht trin. Hin nay, cc phng php tn cng rt a dng v phong ph. Tuy c rt nhiu phng thc tn cng nhng c th tm xp chngvo nhng nhm nh sau: - Theo mc tiu tn cng: ng dng mng hay c hai - Theo cch thc tn cng: Ch ng (Active) hay th ng (Passive) - Theo phng php tn cng: C nhiu loi v d nh b kho, khai thc li, phn mm hay h thng, m nguy him Ranh gii ca cc nhm ny dn kh nhn ra v nhng cch tn cng ngy nay, ngy cng phc tp, tng hp. Tuy nhin, khng phi mi hacker u tn cng nhm mc ch ph hoi h thng. C mt s i tng tn cng vo h thng c mc ch nhm tn ra l hng ca h thng v bo cho ngi qun tr h v l hng li. Nhng hacker dng ny ngi ta gi l White hat, cn hacker dng khc ngi ngi ta gI l Black hat. Mt s ngi li lm tng gia hacker v cracker. Cracker l mt ngi chuyn i tm hiu cc phn mm v b kho cc phn mm , cn hacker l ngi chuyn i tm cc l hng ca h thng.

2.2. Minh ho khi qut mt qui trnh tn cng:

Tu thuc vo mc tiu tn cng m hacker s c nhng kch bn tn cng khc nhau. y chng ta ch minh ho mt dng kch bn tng qut tn cng vo h thng.

1. thm d v nh gi h thng

2. Thm nhp

3. Gia tng quyn hn

1. Duy tr truy cp

2. Khai thc

Cc bc c bn ca mt cuc tn cng Trang 6

Bc 1: Tin hnh thm d v nh gi h thng Bc 2: Thc hin bc thm nhp vo h thng. Sau c th quay li bc 1 tip tc thm d, tm thm cc im yu ca h thng. Bc 3: Tm mi cch gia tng quyn hn. Sau c th quay li bc 1 tip tc thm d, tm thm cc im yu ca h thng hoc sang bc 4 hay bc 5. Bc 4: Duy tr truy cp, theo di hot ng ca h thng Bc 5: Thc hin cc cuc tn cng (v d: t chI dch v )

2.3. Tn cng ch ng:

L nhng dng tn cng m k tn cng trc tip gy nguy hi ti h thng mng v ng dng (khng ch my ch, tt cc dch v) ch khng ch nghe ln hay thu thp thng tin. Nhng dng tn cng ph bin nh: Dos, Ddos, Buffer overflow, IP spoofing 2.3.1. DOS: Tn cng t chi dch v, vit tt l DOS (Denial of service) l thut ng gi chung cho nhng cch tn cng khc nhau v c bn lm cho h thng no b qu ti khng th cung cp dch v, hoc phi ngng hot ng. Kiu tn cng ny ch lm gin on hot ng ch rt t kh nng nh cp thng tin hay d liu. Thng thng mc tiu ca tn cng t chi dch v l my ch (FTP, Web, Mail) tuy nhin cng c th l cc thit b mng nh: Router, Switch, Firewall Tn cng t chi dch v khng ch l tn cng qua mng m cn c th tn cng my cc b hay trong mng cc b cn gi l Logcal Dos Against Hosts. Ban u tn cng t chI dch v xut hin khai thc s yu km ca giao thc TCP l Dos, sau pht trin thnh tn cng t chi dch v phn tn Ddos (Distributed Dos). Chng ta c th phn nh tn cng t chi dch v ra thnh cc dng Broadcast stom, SYN, Finger, Ping, Flooding Hai vn ca tn cng t chi dch v l: - Vic s dng ti nguyn (Resource consumption attacks) ca s lng ln yu cu lm h thng qu ti. Cc ti nguyn l mc tiu ca tn cng t chi dch v bao gm: Bandwidth (thng b tn cng nht), Hard disk (mc tiu ca bom mail), Ram, CPU - C li trong vic x l cc String, Input, Packet c bit c attacker xy dng (malfomed packet attack). Thng thng dng tn cng ny s c p dng vi router hay switch. Khi nhn nhng packet hay string dng ny, do phn mm hay h thng b li dn n router hay switch b crash Tn cng t chi dch v khng em li cho attacker quyn kim sot h thng nhng n l mt dng tn cng v cng nguy him, c bit l vi nhng giao dch in t hay thng mi in t. Nhng thit hi v tin v danh d, uy tnh l kh c th tnh c. Nguy him tip theo l rt kh phng dng tn cng ny thng thng chng ta ch bit khi b tn cng. i vi nhng h thng bo mt tt tn cng t chi dch v c coi l phng php cuI cng c attacker p dng trit h h thng. 2.3.2. DDOS: Tn cng t chi dch v phn tn thc hin vi s tham gia ca nhiu my tnh. So vi Dos mc nguy him ca DDos cao hn rt nhiu. Trang 7

Tn cng DDos bao gm hai thnh phn: Thnh phn th nht: L cc my tnh gi l zombie (thng thng trn internet) b hacker ci vo mt phn mm dng thc hin tn cng di nhiu dng nh UDP flood hay SYN flood Attacker c th s dng kt hp vi spoofing tng mc nguy him. Phn mm tn cng thng di dng cc daemon. Thnh phn th hai: L cc my tnh khc c ci chng trnh client. Cc my tnh ny cng nh cc zombie tuy nhin cc attacker nm quyn kim sot cao hn.Chng trnh client cho php attacker gi cc ch th n Daemon trn cc zombie.

Khi tn cng attacker s dng chng trnh client trn master gi tn hiu tn cng ng lot ti cc zombie. Daemon process trn zombie s thc hin tn cng ti mc tiu xc nh. C th attacker khng trc tip thc hin hnh ng trn master m t mt my khc sau khi pht ng tn cng s ct kt ni vi cc master phng b pht hin.

Minh ho tn cng DDOS Thng thng mc tiu ca DDos l chim dng bandwidth gy nghn mng. Cc cng c thc hin c th tm thy nhTri00 (Win Trin00), Tribe Flood Network (TFN hay TFN2K), Sharf Hin nay cn pht trin cc dng virus, worm c kh nng thc hin DDos. 2.3.3. Buffer Overflows (trn b m): y l mt dng tn cng lm trn b m ca my tnh. Buffer Overflows xut hin khi mt ng dng nhn nhiu d liu hn chng trnh chp nhn. Trong trng hp ny ng dng c th b ngt. Khi chng trnh b ngt c th cho php h thng gid liu vi quyn truy cp tm thi n nhng mc c c quyn cao hn vo h thng b tn cng. Nguyn nhn ca vic trn b m ny l do li ca chng trnh. Trang 8

2.3.4. Spoofing: Truy cp vo h thng bng cch gi danh (s dng ch danh nh cp ca ngI khc, gi a ch MAC, IP ) L phng php tn cng m attacker cung cp thng tin chng thc hoc gi dng mt user hp l truy cp bt hp l vo h thng. Tuy nhin trong vi trng hp vic cu hnh h thng sai c th gy hu qu tng t. V d cu hnh h thng c li cho user c quyn cao hn quyn c php m user ny khng h c gi mo. C nhiu tn cng bng spoofing. Trong c blind spoofing attacker ch gi thng tin gi mo i v on kt qu tr v. V d IP spoofing sau khi gi packet gi mo a ch attacker khng nhn c tr li. Dng th hai cn quan tm l informed spoofing attacker kim sot truyn thng c hai hng. Tn cng bng cch gi mo thng c nhc n nht l IP spoofing v ARP spoofing hay cn gi l ARP poisoning. Vic gi mo IP xy ra do im yu ca giao thc TCP/IP. Giao thc TCP/IP khng h c tnh nng chng thc a ch packet nhn c c phi l a ch ng hay l a ch gi mo.Mt IP address c coi nh l mt my tnh (thit b) duy nht kt ni vo mng v do cc my tnh c th giao tip vi nhau m khng cn kim tra. Tuy nhin chng ta c th khc phc bng cch s dng Firewall, router, cc giao thc v thut ton chng thc... Vic thc hin gi mo IP c th bng cch s dng Raw IP. ARP poisoning cch tn cng nhm thay I ARP entries trong bng ARP nh c th thay i c ni nhn thng ip. Cc tn cng ny p dng vI LAN switch. Trnh by cch tn cng bng ARP poisoning: ARP (Address Resolution Protocol): L mt giao thc dng lm cho mt a ch IP ph hp vi mt a ch MAC. ARP c dng trong tt c cc trng hp ni m mt nt trn mng TCP/IP cn bit a ch MAC ca mt nt khc trn cng mt mng hay trn mng tng tc. V c bn, ARP cho php mt my tnh gi thng ip ARP trn mng cc b tt c cc nt u nghe thy nhng ch c nt mng c a ch IP tng ng mi tr li. Mt vi h iu hnh khng cp nht thng tin ARP nu n khng c sn trong cache, mt s khc th chp nhn ch mt ln tr li li u tin (v d nh Solaris) Attacker c th gi mo mt packet ICMP bt chc bt buc my trm thc hin mt ARP request. Ngay lp tc sau khi nhn c ICMP, my trm gi li mt ARP. Chng ta c th s dng mt trong cc bin php sau: (Yes: c th s dng c, No: khng th s dng c) Yes Passive monitoring (arp watch) Yes Active monitoring (ettercap) Yes IDS (detect but not avoid) Yes Static ARP entries (avoid it) Yes Secure ARP (puplic key auth) No Port security on the switch No Anticap, antidote, middleware approach

Bin php i ph:

Trang 9

2.3.5. SYN Attacks: L mt trong nhng dng tn cng kinh in nht. Li dng im yu ca bt tay 3 bc TCP. Vic bt tay ba bc nh sau: Bc 1: Client gi gi packet cha c SYN Bc 2: Server gi tr client packet chc SYN/ACK thng bo sn sng chp nhn kt ni ng thi chun b ti nguyn phc v kt ni, ghi nhn li cc thng tin v client Bc 3: Client gi tr server ACK v hon thnh th tc kt ni.

Khai thc li ca c ch bt tay 3 bc ca TCP/IP. Vn y l client khng gi tr cho server packet cha ACK , vic ny gI l half open connection (client ch m kt nI mt na) v vi nhiu packet nh th server s qu ti do ti nguyn c hn. Khi c th cc yu cu hp l s khng c p ng. Vic ny tng t nh mt my tnh b treo do m qu nhiu chng trnh cng mt lc. My tnh khi to kt ni s gI mt thng ip SYN + Spoofing IP My nhn c s tr li lI SYN v mt ACK S khng c ngi no nhn c ACK (do a ch gi) Do vy my nhn c s i mt khong thi gian di trc khi xo kt ni Khi s lng to kt ni SYN ny qu nhiu s lm cho hng i to kt ni b y v khng th phc v cc yu cu kt ni khc. Trn Windows nhn bit tn cng SYN c th dng lnh Netstar n p tcp Chng ta s ch SYN Received ca cc connection. Tuy nhin tn cng SYN thng i chung vi IP spoofing. Cch attacker thng s dng l random source IP, khi server thng khng nhn c ACK t cc my c IP khng tht, ng thi server c khi cn phi gi li SYN/ACK v ngh rng client khng nhn c SYN/ACK . L do tip theo l trnh b pht hin source IP , khi nhn vin qun tr s block source IP ny. Gii php: Gim thi gian ch i khi to kt ni. Vic ny c th sinh ra li t chi dch v vi my t xa c bng thng thp truy xut n. Tng s lng cc c gng kt ni S dng tng la gi gi ACK cho my nhn chuyn kt ni ang thc hin sang dng kt ni thnh cng. 2.3.6. Man in the Middle Attacks: K tn cng s ng gia knh truyn thng ca hai my tnh xem trm thng tin v thm ch c th thay I nI dung trao I gia hai my tnh.

Trong khi c hai my tnh u ngh rng mnh ang kt ni trc tip vi my tnh kia.
Cch tn cng Man in the Middle: Tn cng trong mng ni b: ARP Poisoning DNS Spoofing STP mangling Port Stealing Trang 10

Tn cng t cc b n cc my xa (thng qua gateway) ARP Poisoning DNS Spoofing DHCP Spoofing ICMP Redirection IRDP Spoofing Route mangling Tn cng t xa DNS Spoofing Traffic tunneling Route mangling Access Point Reassociation

Tn cng trn mng khng dy

2.3.7. Replay Attacks: S dng cng c ghi nhn tt c thng tin trao i khi mt my tnh no truy xut n server. Sau s dng cc thng tin bt c trn mng nI kt li n server . y l k thut m Attacker khi nm c mt s lng packet s s dng li nhng packet ny sau . V d Attacker c c packet cha password ca mt user. Password ny c m ho v attacker khng bit c. Tuy nhin h thng chng thc khng c chc nng kim tra Session time hay h thng c TCP Sequence number km. Attacker s thc hin Bypass Authenticate bng cch gi packet mt ln na hay cn gi l replay. 2.3.8. Dumpster Diving: Dumpster Diving l thut ng m t tn cng bng cch thu lm thng tin t nhng th tng nh khng cn gi tr. V d Attacker c th c c nhiu thng tin t Recycle bin t giy t chng t b i Khng ch t nhng thng tin trn my vi tnh, nhng thng tin thu lm c cng c th ly c t cc ti liu, h s do ngI dng b i. T nhng loI giy t thu nhn c c th rt trch ra ly nhng thng tin cn thit cho vic tn cng. 2.3.9. Social Engineering: y l mt dng tn c s dng ph bin nht v rt kh phng nga. Cch tn cng ny khng i hi k tn cng s dng cc cng c hay thit b m vn c th c c cc thng tin cn thit thm nhp vo h thng. a s ngi dng thng t mt khu da vo thng tin c nhn nh h tn, s in thoi, ngy sinh, Khi k tn cng c th thu thp cc thng tin ny thc hin vic on mt khu ca ngi dng. Mt dng khc l khai thc s tin cy hay nh d ca con ngi tm ra cc thng tin quan trong nh gi danh mt khch hng quen thuc ca Cng ty thu thp cc thng tin quan trng Gii php: o to hng dn ngi dng lun cnh gic

Trang 11

2. 4. Tn cng th ng:
2.4.1. D tm l hng: y l bc c bn k tn cng s thc hin nh gi v tm ra cc im yu ca h thng. k thut dng cc cng c qut tm ra im yu tn cng. S dng cc cng c qut cng thm d v pht hin cc thng tin ca h thng nh h iu hnh, phin bn, cc ng dng trin khai Attacker s kim tra ht vng tm ra mt ca no khng kho hoc d dng ph m khng b pht hin. A/ Gii thiu cng c NMAP: NMAP l vit tt ca Network Mapper. Ban u NMAP c thit k ch yu dnh cho System admin nhm scan nhng mng c nhiu my tnh bit my no hot ng, cc service n ang chy v h iu hnh ang s dng. NMAP h tr k thut scan bao gm: UDP, TCP, TCP SYN (half open), FTP Proxy (bounce attack), ICMP (ping sweep), FIN, ACK sweep, Xmas tree, SYN sweep, IP Protocol C th dng xc nh cc thng tin ca my xa, v d nh OS qua TCP/IP Fingerprinting. Cng c NMAP c th d dng tm trn internet v c ci t Mc nh trong cc h iu hnh Unix. NMAP c nhng phin bn chy trn Windows v h tr giao din ho (NMAP Win). Mt s chc nng chnh ca NMAP: Connect Scan (TCP connect): y l mt dng c bn nht ca vic qut TCP. K thut ny c dng qut tt c cc cng trn h thng my tnh. Nu cng ang lng nghe, kt ni thnh cng, ngc li th cng s khng t n c. im mnh ca k thut ny l chng ta khng cn phi c c quyn. Vic qut bng k thut ny s d dng b pht hin bi my c qut. TCP SYN (haft open): K thut ny thng c hiu nh l kiu qut (haft open) bi v bn khng m mt kt ni y TCP. Bn gi mt SYN packet, nu nh bn ang m mt kt ni thc s v bn ang ch hi p. Mt SYN /ACK ch cho bit cng ang lng nghe. Mt RST biu l ca mt Non listener. Nu mt SYN/ACK c nhn, mt RST ngay lp tc gi lin tc n kt ni. Thun li chnh ca k thut qut ny l t site lu li thng tin ca n. thc hin c chng ta phi c quyn root. FTP Proxy (Bounce attack): y l mt c im th v ca giao thc FTP h tr cho nhng kt ni FTP thng qua proxy. Ni mt cch khc chng ta c th kt ni t Evil.com n FTP server ca target.com v yu cu server gi mt file ANYWHERE trn internet. By gi iu ny c thc hin vo nm 1985 khi RFC c vit. Nhng vi h thng ngy nay, chng ta khng c th chim ot FTPserver v gi yu cu n bt k im no trn internet mt cch ty tin. Khi cc khi nim c v FTP server c vit li vo nm 1995, sai lm ca giao thc ny c th c s dng a news v mail gn nh khng th pht hin c, gy nguy him trn nhng server ti nhng site khc nhau, lm y a cng Chng ta s lidng nhng c im ny Scan TCP port t mt proxy FTP server. V th bn c th kt ni n mt FTP server c t sau mt Firewall v sau qut nhng port dng nh b blocked. NuFTP server cho php c v ghi trn mt

Trang 12

vi th mc, bn c th gi bt k d liu n nhng cng m bn tm thy (NMAP th khng lm c vic ny). ICMP (Ping Sweep PingScanning): Thnh thong chng ta ch mun bit mt host trn mng c c m hay khng. NMAP c th lm iu ny bng cch gi ICMP echo request packet n mi a ch IP trn mng m bn ch nh. Nhng host m tr li l nhng host ang m. Mt s site thi block echo request packets. V th NMAPc th gi mt TCP ACK packet theo cng 80. Nu chng ta nhn c mt RST tr v, my tnh ang m. Mt k thut th ba lin quan n vic gi mt SYN packet v ch RST hay SYN/ACK. Mc nh (cho user root) NMAP s dng c hai k thut ACK v ICMP. Bn c th thay i iu ny vi option p. Ch rng thao tc ping c thc hin bt c lc no v ch nhng host hi p c qut. Ch s dng ty chn nu bn mong mun ping sweep m khng cn bt k port scans no thc s hot ng. ACK Sweep (ACK Scan): y l mt phng php thun li thng c s dng vch ra nhng b lut firewall. Trong trng hp c bit, n c th gip xc nh ni firewall khng c hiu qu hay ch l mt b lc packet n gin ch block nhng SYN packet. Cc Scan ny gi mt ACK packet n mt port c ch nh. Nu c RST tr v, port c phn loi l unfiltered. Nu khng c bt c thng tin g tr v (hay nu mt ICMP unreachable c tr v) port c phn loi l filtered. Ch rng NMAP thng khng in ra nhng port c phn loi l unfiltered. Xmas tree, FIN, Null Scan: l nhng ln khi s dng qut SYN nhng khng bo m b mt. mt vi firewall v packet filter c th nhn thy tn hiu SYN v gii hn port v chng trnh ging nh SYN logger v courtney th d dng pht hin ra vic qut ny. Vic s dng nhng cch qut ny (Xmas tree, FIN, Null Scan) s c th vt qua c m khng b cn tr. IP Protocol: Phng php ny c s dng xc nh nhng giao thc IP no c h tr trn host. K thut ny s gi nhng IP packet dng raw m khng cha bt k protocol header n tng giao thc c ch nh ti host ch. Nu chng ta nhn mt ICMP protocol unreachable message, iu c ngha rng giao thc khng c s dng, ngc li chng ta gi s rng n c m. ch rng mt vi host (AIX, HP UX, Digital UNIX) v mt s firewall khng th gi protocol unreachable messages, y l nguyn nhn lm cho hiu lm rng tt c giao thc u c open.

C php chun nh sau: NMAP [Scan type (s)] [option] <host or net #1 [#n]> Scan type bao gm: -sS: TCP SYN -sT: TCP connect () -sU: UDP scan -sO: IP protocol -sF -sX -sN: Stealth FIN, Xmas tree, Null scan -sP: ping scanning -sV: version detection Trang 13

Cc Option chnh nh sau: -PA [portlist] s dng TCP ACK ping xem danh sch cc host ang hot ng -PS [portlist] tng t -PA nhng dng SYN (connection request) -PU [portlist] dng UDP

V d: qut tt c cc cng TCP trn my ch 172.29.14.141 Nmap v 172.29.14.141 Ty chn v: M ch hin th chi tit qu trnh qut. qut mt ng mng lp C m c cha a ch IP 172.29.14.141 dng tn hiu SYN. Ngoi ra cng xc nh lun c h iu hnh m ang s dng ti mi my l g ? C ang hot ng hay khng ? s dng c c im ny, ngi s dng phi c quyn root. Nmap sS O 172.29.14.141 2.4.2. Nghe ln (Sniffing): K nghe ln phi nm trong cng ng mng hoc c t cc v tr cng truy cp c cc thng tin c truyn trn mng. S dng phn mm n bt cc thng tin quan trng (v d tn truy cp, mt khu, cookie) truyn trn mng m khng c m ha hoc ch s dng nhng c ch m ha n gin. Cc qun tr mng c th s dng cc cng c sniff xem xt v nh gi lu thng mng. A/ Gii thiu cng c TCP Dump: L cng c phn tch ph bin trong mi trng Unix hay Linux. TCP Dump h tr cc giao thc TCP, UDP, IP v ICMP. Ngoi ra cn h tr cc dng d liu ca cc ng dng ph bin. Hu ht chng trnh TCP Dump phi chy vi quyn root hay c setuid l root. C php TCP Dump nh sau: TCP Dump [ -adefln Nopq RstuvxX] [ -c count ] [ -C file _size ] [ -F file ] [ -i interface ] [ -m module ] [ - r file ] [ -s snaplen ] [ -T type ] [ -U user ] [ - w file ] [ -E algo: secret ] [ expression ] Cc lu : Trang 14

-c s dng khi bt s gi tin - C trc khi save raw packet vo file s kim tra file hin ti c kch thc ln hn file _size hay khng. Nu c th m mt file mi vi tn ch nh l w cng vi kch thc pha sau. n v ca file _size l 1000000 bytes.

V d: in ra tt c nhng packet c nhn v gi i t my c tn l sundown: # tcpdump host sundown in ra s lu thng gia hai h thng my tnh c tn l sundown v moondown: # tcpdump host sundown and moodown in ra tt c nhng gi tin IP gia sundown v bt k nhng host khc ngoi tr my c tn l testking: # tcpdump ip host sundown and not testking B/ Gii thiu cng c Ethereal: L mt trong nhng cng c phn tch giao thc protocol analyzer mi nht hin nay, pht trin nm 1998. Ethereal c c phin bn cho Unix/Linux v windows. Mt khi thc hin bt gi tin, packet s c gi trong buffer v sau c hin th ln mn hnh. Mt tnh nng ca Ethereal l live decodes ngay packet cho n khi dng vic bt gi tin. Chng ta c th thy iu nay qua Network monitor ca windows s trnh by sau. Tuy nhin y cng l tnh nng khng tt lm nu lu lng mng kh nhiu 10000 packet chng hn m khng thc hin bin php lc gi no. Khi chng ta khng th no theo di kp cc thng tin trnh by. C/ Gii thiu cng c Network monitor ca windows: Windows 2000, 2003 c h tr cng c Network monitoring h tr cc qun tr mng theo di v phn tch cc gi tin c gi ra ngoi cng nh cc kt ni truy xut n. Thng thng nu c ci t NW s c t ti. Trong trng hp khng c ta c th d dng ci t thm bng cch: Start Setting Control pannel Add/Remove Program Add/Romove Windows Components Management and Monitoring tools. Chy chng trnh: Sau khi chn Network interface nhn start capture bt gi tin. Nhn biu tng Stop and View capture xem cc gi tin bt c. Ngay sau khi bt c chng ta ang panel u l panel lit k tm tt. B chn Zoom panel (thanh toolbar hnh knh lp) xem c 3 panel ca cc gi tin b capture nh sau: Panel th hai l thng tin chi tit v panel cui cng biu din di dng hex. Dng Edit/Display Filter (thanh toolbar hnh ci phu) lc cc gi tin. D/ Gii thiu cng c Cain & Abel: y l cng c lng nghe rt mnh h tr cc tnh nng: Gi mo i ch ARP thu thp c thm nhiu thng tin Kh nng gii m i vi mt s password bt c di dng m ha.

Trang 15

Hng dn s dng Cain & Abel lng nghe thng tin trn mng LAN (thit b s dng trong mng thuc tng 1 v 2) Ci t chng trnh Cain & Abel: Download chng trnh Cain & Abel t website: http://www.oxid.it/ Ci t chng trnh (cn ci t Winpcap v3.1 beta 4 trc khi s dng chng trnh Cain & Abel) S dng chng trnh Cain & Abel lng nghe thng tin trn mng.

Chy chng trnh Cain & Abel:

Chn mc trn thanh cng c bt u qu trnh lng nghe trn mng, sau chn tab Sniffer. Tab Sniffer , chn mc Add to list Trn thanh cng c qut danh sch cc my tnh trn h thng mng. Mi thng tin trao i t danh sch ny s c lng nghe.

Trang 16

Lu : Chng ta ch qut c nhng my tnh thuc cng ng mng vi mnh.

Chn tab password quan st cc thng tin tr v khi c s trao i thng tin trn mng.

Nu password b m ha chng ta s dng chnh chng trnh Cain & Abel gii m hoc dng chng trnh LC5. C nhiu thut ton gip cho vic gii m thnh cng nh: Trang 17

Gii m dng phng php Dictionary Attack Gii m dng phng php Brute Force Attack Gii m dng phng php Cryptanalysis

2.5. Password Attacks:

L phng php tn cng nhm on ra password cn gi l password guessing. Chng ta c th ngh ngay n vic on password t nhng thng tin lin quan n user s dng n: Ngy sinh, tn C hai cch tn cng chnh l Brute Force Attack (vt cn) v Dictionary based Attack (da trn danh sch mt khu xy dng trc) 2.5.1. Brute Force Attacks: S dng cc cng c on mt khu bng cc qut cn Kh nng tm ra mt khu s rt cao nu mt khu n gin

2.5.2. Dictionary Based Attacks:

Cc mt khu c trong cc t trong t in rt d b ph mt khu Cch ph mt khu s dng mt danh sch cc t nm trong t in c tnh gi tr bm trc. Danh sch cc t v gi tr bm c th tm thy trn internet.

2.5.3. Mt s cng c tn cng password:

tn cng password, chng ta s dng cc cng c c kh nng gii m c cc password. Nhng cng c mnh c kh nng tn cng password nh Cain & Able (xem phn trn), LC5 V d: Cch tn cng mt khu bng phng php vt cn S dng chng trnh Cain & Able Mc tiu: Ly mt khu ca cc user trn my cc b. Cch thc hin: B1: Kch hot chng trnh Cain & Abel B2: Chn tab Cracker ti panel bn tri, chn mc LM & NTLM Hash. Sau chn trn thanh cng c chc nng add to list

Trang 18

Chn mc Import Hashes from local machine chn Next

Click chut trn user cn ly password, chn mc Brute Force Attack (NTLM)>LM hashes

Trang 19

Ca s Brute Force Attack c hin ra >Chn Start bt u qu trnh d/gii m/on password > Kt qu tr v l 1234

2.6. Malicous Code Attacks:

2.6.1. Viruses:
Virus, wrom v trojan horse c gi chun g l nhng on m nguy him. chng c th chim dng ti nguyn lm chm h thng, hoc lm h h thng. Trang 20

Virus l nhng chng trnh c thit k ph hoi h thng c mc h iu hnh v ng dng. 2.6.2. Trojan horse: Trojan horse l mt loi chng trnh c v an ton v hu ch nhng thc s bn trong ca n li c nhng nhng an m nguy him. 2.6.3. Logic Bombs: Nhng on m c tch hp vo cc ng dng v c th c thc hin tn cng khi tha mn mt iu kin no (v d cc Script hay ActiveX c tch hp trong cc trang web) L mt loi malware thng c attacker li trong h thng c tnh nng tng t bom hn gi. Logic bomb khi gp nhng iu kin nht nh s pht huy tnh nng ph hoi ca n. Mt trong nhng logic bomb ni ting l Chemobyl pht huy tnh nng ph hoi ca n vo ngy 26/4. Mt cch dng ca logic bomb m attacker hay dng l hy cc chng c ca t tn cng khi admin h thng bt u pht hin t nhp. 2.6.4. Worms: Worm cng l mt dng virus nhng n c kh nng t to ra cc bn sao pht tn, y lan qua mng. im khc bit ln nht gia worm v virus: Worm l mt chng trnh c lp c th t nhn bn, ly lan qua mng bng nhiu cch nhng thng thng nht l E - mail v Chat. Worm cng c th thc hin cc ph hoi nguy him. Trong khi virus l mt on m nguy him c gn trong mt chng trnh khc. V th virus ch c kch hot khi chng trnh c cha virus c thc thi. 2.6.5. Back door: Mt chng trnh, mt on m hay nhng cu hnh c bit trn h thng m chng ta khng bit cho php attacker c th truy cp m khng cn chng thc hay login.

3. CC PHNG PHP PHNG CHNG:

3.1. Gii thiu cng c Essential NetTools:
Essential NetTools l mt b cng c bao gm Netstat , Nslookup, Tracert, Ping, Vic s dng cc lnh ny trn windows th rt l phc tp kh nh gi c. Tuy nhin, vi b cng c ny, vic s dng tng i n gin nh giao din thn thin, d dng v ti lu hng dn chi tit v y . Vi cng c Essential NetTools, ngi qun tr mng c th gim st mi hot ng xy ra trn h thng my tnh (kim tra xem c ngi no ang tn cng bng SYN flood) Gii php: Loi b nhng dch v khng cn thit S dng tng la hay IP Sec lc thng tin khng cn thit S dng IDS pht hin cc thm d v thng bo cc truy cp kh nghi Trang 21

3.2. Gii thiu cng c Microsoft Baseline Security Analyzer:

Mc tiu: Tm hiu cch thc pht hin l hng bo mt trn my cc b v mng, din gii c cc bn bo co tr v. Cch thc hin: S dng cng c Microsoft Baseline Security Analyzer (MBSA) kim tra l hng trn h iu hnh windows. Nghin cu cc l hng bo mt c tm thy v cung cp cch v nhng l hng . S dng MBSA qut nhng im yu ca h thng windows

Ci t MBSA: Kch hot chng trnh MBSA Chn Scan a computer Chn Start Scan bt u d l hng, bn bo co s c tr li nh sau: Vi nhng Score c biu tng

l nhng l hng nghim trng nht.

Chn mc Result details xem chi tit v l hng bo mt. chn mc how to correct this tm ra phng thc khc phc vn . Ch : khi mun qut li bo mt t cc h thng khc, chng ta ch cn nhp tn hay IP ca my cn qut.

3.3. S dng cng c Tenable NeWT Scanner:

Mc tiu: Tm hiu cch thc pht hin l hng bo mt trn my cc b, din gii c cc bo co tr v. Cch thc hin: S dng NeWT d nhng l hng bo mt trn my cc b Tm hiu cc l hng c tm thy v cung cp cch v l hng S dng NeWT qut nhng ni b tn cng trn h thng cc b

Ci t chng trnh Tenable NeWT Scanner: Kch hot chng trnh NeWT Security Scanner Chn New Scan task bt u qu trnh qut Nhp vo tn hoc a ch IP ca my cn qut chn Next Chn Scan now bt u scan. Sau khi qu trnh qut thnh cng. Mt thng bo s hin th ra nh sau: Da trn bn bo co tr v, chng ta a ra cc gii php khc phc li.

Trang 22

3.4. Xy dng Firewall hn ch tn cng:

ngn chn s xm nhp bt hp php ca ngi dng mng, chng ta cn xy dng cc h thng phng th. Firewall l mt gii php tt cho vn ny. Vic xy dng firewall c th dng thit b phn cng hoc s dng gii php phn mm. Trong phn ny chng ta s hiu hai gii php ny. 3.4.1. Gii php phn cng: Hin nay trn th trng c rt nhiu sn phm cho php thit lp firewall t n gin n phc tp. Cc firewall c tch hp trong cc thit b ni ng truyn ADSL hay trong cc thit b Load Balance Router cng nh cc sn phm firewall chuyn dng nh Fotinex, Juniper, Check Point, Ty vo mc ca h thng mng m chng ta s s dng cc loi firewall tng ng. Trong phn ny, chng ta s tm hiu mt s tnh nng ca firewall trn sn phm Load Balance Router. Vi thit b Load Balance Router ca hng Dray tek (vigor 3300V) s dng cc tnh nng hn ch ngi dng trong v ngoi mng nh: A/ IP Filter: y l mt tnh nng lc cc thng tin t mng trong i ra ngoi v ngc li. B/ Dos: y l mt tnh nng cho php gii hn s tn cng ca cc my tnh bn ngoi s dng Dos. C/ URL Filter: y l mt tnh nng cho php lc ni dung a ch website truy cp D/ Bind IP to MAC: y l mt tnh nng gii hn nhng ngi dng khng hp l c th truy cp s dng ng internet hin ti. E/ IM/P2P Blocking: y l mt tnh nng cho php cm mt hoc mt vi a ch IP truy cp vo cc dch v tin nhn, VoIP hay cc dch v chia s d liu ngang hng. 3.4.2. Gii php phn mm: Ngoi cc gii php s dng phn cng, chng ta cn c th s dng cc gii php phn mm hn ch s xm nhp t cc my khc. T Windows XP tr v sau ny, cc phin bn u tch hp cch thc thit lp firewall c bn bo v my tnh. Nu chng ta mong mun bo v an ton trn mng, c mt s phn mm gii quyt cc gii php nh ISA, Kerio Win Route Firewall, Zone Alam, Trong phn ny chng ta s s dng ISA 2004 xy dng firewall. Phn mm ISA 2004 cung cp cho chng ta nhiu gii php xy dng firewall v hn ch s xm nhp bt hp php ca ngi dng trn mng. Cc mn hc trc chng ta tm hiu cch thc thit lp b lc hn ch ngi dng trong mng truy cp ra ngoi cng nh m mt s cng dch v cn thit cho php cc my bn ngoi mng truy cp vo trong ni b. ngoi ra trn ISA 2004 chng ta cn c th gii hn c s lng phin (session) c m ng thi cng nh hn ch c cc tn cng theo dng Dos.

Trang 23

CHNG 2 BO MT VI LC GI IP
1. Gi Tin (Packet):
1.1 Packet l g?
- Nh chng ta bit cc tn hiu trao i gia hai my tnh l cc tn hiu in di dng cc bt nh phn 0/1. - Vi vic truyn d liu di dng cc bt nh phn n thun th chng ta khng th no bit c thng tin nhn c l thng tin g, n thuc kiu dng d liu no, v n gi cho ng dng mng no trn my nhn gi tin. - khc phc cc kh khn ngi ta a ra khi nim gi tin (data packet). Theo khi nim ny th thng tin d liu trc khi c gi i n s c chia thnh nhiu phn nh, cc phn nh ny trc khi c gi i n s c ng vo mt khun dng no gi l gi tin sau n mi c gi i. Trong gi tin c mt phn dng cha ng cc thng tin v ni gi v nhn, cng nh cc phng php kim sot li, m ha, gi l phn mo u ca gi tin (data packet header) - Giao thc TCP/IP l mt trong nhng giao thc ph bin nht hin nay s dng phng thc truyn d liu di dng gi tin. Trong giao thc ny n c rt nhiu loi gi tin nh: gi TCP, gi IP, gi UDP,

1.2 Gi IP:
y l loi gi tin c s dng trong giao thc IP (internet protocol) lp Internet trong m hnh TCP/IP Gi tin ny c chc nng l m bo cho vic truyn d liu mt cch chnh xc t my n my. Cu trc ca gi IP nh sau:

Trang 24

 Version : trng ny c 4 bit n cho bit phin bn ca giao thc IP ang c s dng . S version ny ht sc quan trng nht l ngy nay ta ang tn ti hai phin bn IP song song . Mt s phn mm ng dng trn giao thc ny khi x l mt IP datagram n bt but phi bit c s version , nu n khng nhn bit c s version th coi nh gi tin d b li v khng c chp nhn c x l tip theo . Header Length : trng ny c di 4 bt , n cho bit s word c s dng IP header , ta s dng trng ny bi v IP header c hai cu trc l short_IP_header c 20 byte , long_IP_header c 24 byte do c s dng trng option . Type Of Service : c di 1 byte cho bit cch thc s l gi tin khi n c truyn trn mng .

Ba bt u tin cho bit mc u tin ca gi tin 000 : thp nht 111: cao nht Bit D quy nh v tr 1 : yu cu tr thp 0 : bnh thng Bit T ch thng lng yu cu 1 : yu cu thng lng cao 0 : bnh thng Bt R ch tin cy yu cu 1 : tin cy cao 0 : bnh thng Bit M yu cu v chi ph 1 : chi ph thp 0 : bnh thng Bt Z cha c s dng . Total Length : Cho bit di ca ton b ca mt IP datagram bao gm c header , n v tnh l byte . N c gi tr thp nht l 20byte v ln nht l 65535 byte . Trng ny dng xc nh ln ca phn data . Identification : c di 16 bt , dng cho vic nh s cc gi tin khi truyn i , n cho bit th t ca gi tin , s th t ny c cho bi u pht v khng b thay i trong qu trnh i t ngun ti ch . DF (dont fragment): bt ny cho bit gi tin c c php chia nh trong sut qu trnh truyn hay khng 1 : khng cho php chia nh 0 : cho php chia nh MD (more fragment) : cho bit sau n cn c gi tin no khc hay khng . 1 : cn mt gi tin ng sau n 0 : khng cn gi tin no ng sau n bt ny ch c s dng khi DF c gi tr 0 Fragment offset : c di 13 bt , ng v tnh ca trng ny l octect ( 1 ( 1 octect = 8 byte ) n cho bit v tr ca octect u tin ca gi b phn mnh trong qu trnh truyn so vi v tr ca octect th 0 ca gi gc . Trng ny ch c s dng khi DF c gi tr l 1 . Time To Live : c di 1 byte , n qui nh thi gian sng ca mt gi tin , n v tnh l s nt mng m n i qua , thi gian sng c thuyt lp khi gi tin c gi i , v c mi ln i Trang 25

qua mt nt mng thi gian sng ca n gim i mt , nu thi gian sng bng 0 trc khi gi tin i ti ch th n s b hy . Mc ch l hn ch tc ngn trn ng truyn . Protocol : c di 1 byte , n cho bit giao thc c s dng lp trn . VD : TCP ( 6 ) ; UDP ( 17 ) Header Checksum : c 16 bit dng kim tra li ca IP header , trng ny c th thay i sau mi ln qua mt nt mng nu DF = 1 . Trng ny dng phng php kim tra li CRC . Source/Destination address : chi bit a ch ngun v a ch ch , mi trng c di 32 bt . Option : trng ny c dy t 3 n 4 byte , n c th c hoc khng c s dng . N cung cp cc thng tin v kim tra li , o lng , .

FC (flag copy) : bt ny c chc nng l c sao chp trng option khi phn mnh (on) hay khng . 1 : sao chp trng option cho tt c cc phn on . 0 : ch c phn on u tin c trng option , cc phn on cn li th khng c trng option . Class : c 2 bt n c cc gi tr sau : 00 : dng cho iu khin datagram 10 : dng cho mc ch iu hnh bn gi tr ca trng type ca option : FC 1 1 1 1 1 1 1 1 class 00 00 00 00 00 00 00 10 Number option 00000 00001 00010 00011 00111 01000 01001 00100 ngha Marks the end of the options list No option (used for padding) Security options (military purposes only) Loose source routing Activates routing record (adds fields) Tream ID Strict source routing Timestamping active (adds fields)

Length : cho bit di ca trng option bao gm c trng type v length Option data : dng cha ng cc thng tin lin quan do n trng type . Padding : trng ny c s dng khi trng option c di nh hn 4 byte , trn thc t trng ny ch l b m lt them vo cho dy cu trc khung. Data : dng cha d liu ca gi tin . N c di khng c nh , ty thuc vo ln ca thng tin truyn i cng nh mi trng mng .

1.3. Gi UDP:
Chc nng v cu trc: Chc nng: Trang 26

y l gi tin c s dng trong giao thc UDP chc nng ca n l m bo cho d liu c truyn t ng dng trn host ngun n mt ng dng trn host ch mt cch chnh xc da trn phng php hot ng khng kt ni. Cu trc gi tin:

Source port number : cho bit a ch ca ng dng ngun gi gi UDP i . Destination port number : cho bit a ch ca ng dng ch s nhn gi UDP UDP length : cho bit di ca gi UDP bao gm c phn header v phn data . UDP checksum : y l vng ty chn , n c th c hoc khng c s dng , khi khng c s dng n c gi tr l 0 , nhng khi mun m bo s an ton cng nh chnh xc ca gi tin th trng ny mi c s dng .

Hot ng Ca UDP
ng gi UDP :

hnh 4.2 : qu trnh ng gi UDP Hot ng : y l mt giao thc hot ng theo phng thc khng lin kt . Tc l khi mt ng dng trn host ngun mun gi d liu n host ch m s dng giao thc UDP th n ch vic gi d liu i m khng cn bit d liu c ti c host ch hay khng . UDP ch c s dng vi cc ng dng khng yu cu tin cy cao hoc i hi tnh thi gian thc nh : TFTP , BOOTP , Multimedia (intenet vedeo , VoIP .)

1.4 Gi TCP:

Trang 27

Sequence number : n v tnh l octect , n cho bit v tr ca byte u tin trong trng data trong lung d liu truyn i . Trng ny c gi tr t 0 n 2 32 1 . Khi mi bt u kt ni sequence number cha ng gi tr u tin ca n , gi tr ny do host ngun chn v thng khng c gi tr c nh . Khi gi d liu u tin c gi i n c gi tr bng gi tr u cng thm 1 . Tng qut trng sequence number c th c tnh nh sau : sequence _ numbern = sequence _ numbern 1 + len(data n 1 ) Acknowledgement number : trng ny cho bit gi tin m ni gi mun thng bo cho ni nhn bit l n ang i pha nhn gi cho n gi tin c s sequence number c gi tr bng vi gi tr ca Acknowledgement number , khi nhn c thng bo ny ni nhn xc nh c rng cc gi tin m n gi n u kia trc n ch an ton . Hlen : cho bit di ca phn TCP header , nh vo trng ny m u thu bit c trng Option c c x dng hay khng . Reserved : trng ny hin cha c s dng . Flag bit : trng ny c 6 bt c , mi bt c s dng vo cc mc ch khc nhau , n gm cc bt sau : URG : cho bit trng Urgent pointer c hiu lc hay khng ACK : cho bit ACK number c c s dng hay khng PHS : 1 _ a thng ln lp trn khng cn kim tra . 0 _ kim tra trc khi a ln lp trn . RST : yu cu thit lp li kt ni . SYN : thit lp li s trnh t . FIN : kt thc truyn ti . Window : cho bit ln ca ca host ngun Checksum : dng kim tra li ca ca gi TCP , vic kim tra li do u nhn thc hin . Vic tnh ton do pha g m nhn . TCP s dng m CRC kim tra li . Khi tnh ton trng Header checksum ngi ta thm vo gi UDP mt phn u gi , ni dung ca phn u gi ny ging nh ni dung ca phn u gi ca UDP :

Urgent pointer : y l trng con tr khn cp , n c cc chc nng nh : Ngn cn mt qu trnh no trong qu trnh truyn ti Trang 28

Dng ch ra ranh gii gia gia phn d liu khn cp v1 phn d liu thng (trong TCP phn d liu khn cp c t trc) . Option : trng ny l ty chn , n c cu trc ging nh trng Option ca IP :

Type : cho bit loi thng ip option Length : cho bit di ca trng option Optiondata : cha ni dung ca trng option Cc loi thng ip option : Type number length means 0 Kt thc ca option list 1 Khng s dng 2 4 Cho bit kch thc ti a ca 1 phn on 3 3 Thng bo v s thay i ca ca s 4 2 Shack permit 5 X shack 8 10 Timestamp

2. Bo Mt Vi Lc Gi:
2.1. Khi Qut V Lc Gi:
Bo mt da trn lc gi tin l phng php bo mt da trn cc thng tin phn header ca cc gi tin, thng qua cc thng tin ny m ta c th quy nh gi tin no c php hay khng c php trn qua b lc. Cc thng tin m chng ta quan tm n l cc thng tin nh a ch ca my gi v nhn gi tin, a ch ca ng dng nhn v gi gi tin, giao thc s dng trong sut qua trnh trao i thng tin gia hai my.

2.2 Cc Bc Xy Dng Lut Bo Mt Trong IPSEC: Bc 1: Xc nh b lc gi tin:

- B lc gi tin c chc nng cho php hay ngn cm mt hay mt s loi gi tin c php hay khng c php truyn qua n. - Cc bc xy dng b lc nh sau: > Khi ng IPSEC: vo administrative tool Local security policy Right click ln IP security policies manage ip filter list ..

Trang 29

 xut hin hp thoi:

chn mc manage ip filter list and filter action chn add tin hnh to b lc mi: Xut hin hp thoi sau:

Trang 30

- name: cho php khai bo tn ca b lc - Description: cho php g vo cc m t chi tit ca b lc - Filters: cho php khai bo cc chc nng ca b lc - Add: cho php thm vo b lc 1 chc nng mi - Edit : cho php hiu chnh (thay i) 1 chc nng c sn ca b lc - Remove: cho php xa 1 chc nng ca b lc Chn add thm 1 chc nng vo b lc next xut hin hp thoi: ip trafic source

Trang 31

Hp thoi ny cho php ta khai bo a ch ip ca my gi gi tin next xut hin hp thoi: ip trafic destination

Hp thoi ny cho php khai bo a ch ip ca my nhn gi tin next xut hin hp thoi: ip protocol type Trang 32

Hp thoi ny cho php xc nh giao thc s dng trong b lc l giao thc g next xut hin hp thoi: ip protocol port

Hp thoi ny cho php khai bo a ch port ca ng dng gi v ng dng nhn gi tin - From any port/ from this port: mc ny cho php khai bo a ch port ca ng dng gi gi tin Trang 33

To any port/ to this port: mc ny cho php khai bo a ch port ca ng dng nhn gi tin. next finish: hon tt vic xy dng 1 chc nng cho b lc Ch :ti bc ny chng ta c th bm ok kt thc vic xy dng b lc, hoc chon add thm vo b lc 1 chc nng lc khc.

Bc 2: xc nh cc hnh ng ca b lc:
Chng ta c 3 loi hnh ng c bn ca b lc: Permit: cho php Block: ngn cm (kha) Negotiate security: m ha d liu khi truyn Ti ca s manage ip filter list and filter action chn manage filter action

Trang 34

 chn add to hnh ng mi cho b lc:

Name: cho php khai bo tn ca hnh ng Description: phn m t chi tit cho hnh ng next filter action general option: hp thoi ny cho php khai bo cc hnh ng tng ng ca b lc nh: ngn cn, cho php, m ha d liu: Trang 35

 next finish hon tt vic to action filter

Bc 3: xy dng lut:
right click ln ip security policy local computer chn create ip security policy

xut hin hp thoi: ip security policy name: mc ny cho php khai bo tn ca lut ang c xy dng:

next finish Trang 36

 xut hin hp thoi:

chn add thm vo lut 1 chnh sch mi next xut hin hp thoi

- all net connection: co hiu lc cho tt c cc mng - local area network: co hiu lc ch trong mng ni b - remote access: ch c hiu lc vi cc my s dng dch v truy nhp t xa. next xut hin hp thoi ip filter list hp thoi ny cho php chn b lc.

Trang 37

 next xut hin hp thoi filter action: hp thoi ny cho php chng ta chn hnh ng tng ng ca b lc

next finish xut hin hp thoi new rule properties

Trang 38

 chn ok hon tt qu trnh ci t 1 chnh sch lc cho lut (rule)

ti y chng ta c th chn close hon tt vic xy dng 1 lut, hoc chn add thm 1 chnh sch mi vo trong lut.

2.3 Lc Gi IP Da Trn Thit B Phn Cng

Chng ta s dng modem Drayteck 2800 Truy nhp vo modem drayteck: http:\\[IP ca modem]

Trang 39

Sau khi nhp ng user/pass trnh duyt xut hin mng hnh cu hnh thit b nh sau:

Chn filterwall mng hnh xut hin nh sau:

Trang 40

IM blocking: kha dch v tin nhn P2P blocking: kha cc dch v chia s file nh: emule, Dos defense: ngn chn tn cng bn DDOS URL conten filter: ngn cm truy nhp mt s a ch web no Web filter: ngn cm truy nhp web site theo thng tin t cc web site bo mt trn mng.

Trang 41

Chng 3 IPSEC (Internet protocol security)

1. Tng quan
Giao thc IPsec c lm vic ti tng Network Layer layer 3 ca m hnh OSI. Cc giao thc bo mt trn Internet khc nh SSL, TLS v SSH, c thc hin t tng transport layer tr ln (T tng 4 ti tng 7 m hnh OSI). iu ny to ra tnh mm do cho IPsec, giao thc ny c th hot ng t tng 4 vi TCP, UDP, hu ht cc giao thc s dng ti tng ny. IPsec c mt tnh nng cao cp hn SSL v cc phng thc khc hot ng ti cc tng trn ca m hnh OSI. Vi mt ng dng s dng IPsec m (code) khng b thay i, nhng nu ng dng bt buc s dng SSL v cc giao thc bo mt trn cc tng trn trong m hnh OSI th on m ng dng s b thay i ln.

2. Cu trc bo mt
IPsec c trin khai (1) s dng cc giao thc cung cp mt m (cryptographic protocols) nhm bo mt gi tin (packet) trong qu trnh truyn, (2) phng thc xc thc v (3) thit lp cc thng s m ho. Xy dng IPsec s dng khi nim v bo mt trn nn tng IP. Mt s kt hp bo mt rt n gin khi kt hp cc thut ton v cc thng s (v nh cc kho keys) l nn tng trong vic m ho v xc thc trong mt chiu. Tuy nhin trong cc giao tip hai chiu, cc giao thc bo mt s lm vic vi nhau v p ng qu trnh giao tip. Thc t la chn cc thut ton m ho v xc thc li ph thuc vo ngi qun tr IPsec bi IPsec bao gm mt nhm cc giao thc bo mt p ng m ho v xc thc cho mi gi tin IP. Trong cc bc thc hin phi quyt nh ci g cn bo v v cung cp cho mt gi tin outgoing (i ra ngoi), IPsec s dng cc thng s Security Parameter Index (SPI), mi qu trnh Index (nh th t v lu trong d liu Index v nh mt cun danh b in thoi) bao gm Security Association Database (SADB), theo sut chiu di ca a ch ch trong header ca gi tin, cng vi s nhn dng duy nht ca mt tho hip bo mt (tm dch t - security association) cho mi gi tin. Mt qu trnh tng t cng c lm vi gi tin i vo (incoming packet), ni IPsec thc hin qu trnh gii m v kim tra cc kho t SADB. Cho cc gi multicast, mt tho hip bo mt s cung cp cho mt group, v thc hin cho ton b cc receiver trong group . C th c hn mt tho hip bo mt cho mt group, bng cch s dng cc SPI khc nhau, tuy nhin n cng cho php thc hin nhiu mc bo mt cho mt group. Mi ngi gi c th c nhiu tho hip bo mt, cho php xc thc, trong khi ngi nhn ch bit c cc keys c gi i trong d liu. Ch cc
Trang 42

chun khng miu t lm th no cc tho hip v la chn vic nhn bn t group ti cc c nhn.

3. Hin trng
IPsec l mt phn bt bc ca IPv6, c th c la chn khi s dng IPv4. Trong khi cc chun c thit kt cho cc phin bn IP ging nhau, ph bin hin nay l p dng v trin khai trn nn tng IPv4. Cc giao thc IPsec c nh ngha t RFCs 1825 1829, v c ph bin nm 1995. Nm 1998, c nng cp vi cc phin bn RFC 2401 2412, n khng tng thch vi chun 1825 1929. Trong thng 12 nm 2005, th h th 3 ca chun IPSec, RFC 4301 4309. Cng khng khc nhiu so vi chun RFC 2401 2412 nhng th h mi c cung cp chun IKE second. Trong th h mi ny IP security cng c vit tt li l IPsec. S khc nhau trong quy nh vit tt trong th h c quy chun bi RFC 1825 1829 l ESP cn phin bn mi l ESPbis.

4. Thit k theo yu cu.

IPsec c cung cp bi Transport mode (end-to-end) p ng bo mt gia cc my tnh giao tip trc tip vi nhau hoc s dng Tunnel mode (portal-to-portal) cho cc giao tip gia hai mng vi nhau v ch yu c s dng khi kt ni VPN. IPsec c th c s dng trong cc giao tip VPN, s dng rt nhiu trong giao tip. Tuy nhin trong vic trin khai thc hin s c s khc nhau gia hai mode ny. Giao tip end-to-end c bo mt trong mng Internet c pht trin chm v phi ch i rt lu. Mt phn b l do tnh ph thng ca no khng cao, hay khng thit thc, Public Key Infrastructure (PKI) c s dng trong phng thc ny. IPsec c gii thiu v cung cp cc dch v bo mt: 1. M ho qu trnh truyn thng tin 2. m bo tnh nguyn vn ca d liu 3. Phi c xc thc gia cc giao tip 4. Chng qu trnh replay trong cc phin bo mt. 5. Modes Cc mode C hai mode khi thc hin IPsec l: Transport mode v tunnel mode. Transport mode
Trang 43

Trong Transport mode, ch nhng d liu bn giao tip cc gi tin c m ho v/hoc xc thc. Trong qu trnh routing, c IP header u khng b chnh sa hay m ho; tuy nhin khi authentication header c s dng, a ch IP khng th bit c, bi cc thng tin b hash (bm). Transport v application layers thng c bo mt bi hm bm (hash), v chng khng th chnh sa (v d nh port number). Transport mode s dng trong tnh hung giao tip host-to-host. iu ny c ngha l ng gi cc thng tin trong IPsec cho NAT traversal c nh ngha bi cc thng tin trong ti liu ca RFC bi NAT-T. Tunnel mode Trong tunnel mode, ton b gi IP (bao gm c data v header) s c m ho v xc thc. N phi c ng gi li trong mt dng IP packet khc trong qu trnh routing ca router. Tunnel mode c s dng trong giao tip network-to-network (hay gia cc routers vi nhau), hoc host-to-network v host-to-host trn internet.

5. Technical details.
C hai giao thc c pht trin v cung cp bo mt cho cc gi tin ca c hai phin bn IPv4 v IPv6: IP Authentication Header gip m bo tnh ton vn v cung cp xc thc. IP Encapsulating Security Payload cung cp bo mt, v l option bn c th la chn c tnh nng authentication v Integrity m bo tnh ton vn d liu. Thut ton m ho c s dng trong IPsec bao gm HMAC-SHA1 cho tnh ton vn d liu (integrity protection), v thut ton TripleDES-CBC v AES-CBC cho m m ho v m bo an ton ca gi tin. Ton b thut ton ny c th hin trong RFC 4305. a. Authentication Header (AH) AH c s dng trong cc kt ni khng c tnh m bo d liu. Hn na n l la chn nhm chng li cc tn cng replay attack bng cch s dng cng ngh tn cng sliding windows v discarding older packets. AH bo v qu trnh truyn d liu khi s dng IP. Trong IPv4, IP header c bao gm TOS, Flags, Fragment Offset, TTL, v Header Checksum. AH thc hin trc tip trong phn u tin ca gi tin IP. di y l m hnh ca AH header. Cc modes thc hin

Trang 44

 ngha ca tng phn: Next header: Nhn dng giao thc trong s dng truyn thng tin. Payload length: ln ca gi tin AH. RESERVED: S dng trong tng lai (cho ti thi im ny n c biu din bng cc s 0). Security parameters index (SPI): Nhn ra cc thng s bo mt, c tch hp vi a ch IP, v nhn dng cc thng lng bo mt c kt hp vi gi tin. Sequence number: Mt s t ng tng ln mi gi tin, s dng nhm chng li tn cng dng replay attacks. Authentication data: Bao gm thng s Integrity check value (ICV) cn thit trong gi tin xc thc. b. Encapsulating Security Payload (ESP) Giao thc ESP cung cp xc thc, ton vn, m bo tnh bo mt cho gi tin. ESP cng h tr tnh nng cu hnh s dng trong tnh hung ch cn bo m ho v ch cn cho authentication, nhng s dng m ho m khng yu cu xc thc khng m bo tnh bo mt. Khng nh AH, header ca gi tin IP, bao gm cc option khc. ESP thc hin trn top IP s dng giao thc IP v mang s hiu 50 v AH mang s hiu 51.

Trang 45

 ngha ca cc phn: Security parameters index (SPI): Nhn ra cc thng s c tch hp vi a ch IP. Sequence number:T ng tng c tc dng chng tn cng kiu replay attacks. Payload data: Cho d liu truyn i Padding: S dng vi block m ho Pad length: ln ca padding. Next header: Nhn ra giao thc c s dng trong qu trnh truyn thng tin. Authentication data: Bao gm d liu xc thc cho gi tin.

6. Implementations - thc hin

IPsec c thc hin trong nhn vi cc trnh qun l cc key v qu trnh thng lng bo mt ISAKMP/IKE t ngi dng. Tuy nhin mt chun giao din cho qun l key, n c th c iu khin bi nhn ca IPsec. Bi v c cung cp cho ngi dng cui, IPsec c th c trin khai trn nhn ca Linux. D n FreeS/WAN l d n u tin hon thnh vic thc hin IPsec trong m ngun m c th l Linux. N bao gm mt nhn IPsec stack (KLIPS), kt hp vi trnh qun l key l deamon v rt nhiu shell scripts. D n FreeS/WAN c bt u vo thng 3 nm 2004. Openswan v strongSwan tip tc d n FreeS/WAN.

Trang 46

D n KAME cng hon thnh vic trin khai s dng IPsec cho NetBSB, FreeBSB. Trnh qun l cc kho c gi l racoon. OpenBSB c to ra ISAKMP/IKE, vi tn n gin l isakmpd (n cng c trin khai trn nhiu h thng, bao gm c h thng Linux). Trong bi vit ny ti s gii thiu vi cc bn tng quan v cch thc lm vic ca Public Key Infrastructure (PKI). Nu bn s dng Active Directory ca cng ngh Windows NT th mi user khi c to ra cng i lin vi n c mt cp Key: Public key v Private key. Ngoi ra cn c nhiu ng dng to ra cp kho ny.

Cp key c to ra ngu nhin vi nhiu ch s hin th. Khi cc keys c to ra t nhiu ch s ngu nhin, s khng th gii m nu ra private key nu bit public key. Nhng c mt s thut ton c th to ra public key t private key. Nhng ch c Public key mi c published cho ton b mi ngi. Hu ht cc cp key c to ra t nhiu s v bng mt thut ton m ho no .

Mt thng tin c m ho vi public key th ch c th gii m bi private key. Nu ch c public key bn s khng th gii m c gi tin. iu ny c ngha khi mt ngi gi
Trang 47

thng tin c m ho ti mt ngi khc th ch c ngi nhn mi m c thng tin m thi. Nhng ngi khc c bt c ton b thng tin th cng khng th gii m c nu ch c Public key.

Mt thng tin c m ho vi private key c th gii m vi public key. Khi public key c public cho ton b mi ngi th ai cng c th c c thng tin nu c public key.

m bo an ton hn trong qu trnh truyn thng tin: Alice kt hp Private key ca c y vi Public key ca Bob to ra v chia s bo mt (share secret). Cng tng t nh vy Bob cng kt hp Private key ca mnh vi Public key ca Alice to ra mt shared secret. Ri hai ngi truyn thng tin cho nhau. Khi Alice truyn thng tin cho Bob bng Shared Secret c to ra, khi Bob nhn c gi tin m ho bi shared secret dng Public key ca Alice kt hp vi Private key ca mnh m thng tin. iu ny cng tng t khi Bob truyn thng tin v cch Alice gii m ly thng tin.
Trang 48

CHNG 4 NAT (Network Address Translation)

1. Nat L. G ?
NAT hay cn gi l Network Address Translation l mt k thut c pht minh lc khi u dng gii quyt vn IP shortage. Khi c hai my tnh trn cng mt lp mng (cng subnet), cc my tnh ny kt ni trc tip vi nhau, iu ny c ngha l chng c th gi v nhn d liu trc tip vi nhau. Nu nhng my tnh ny khng trn cng mt lp mng v khng c kt ni trc tip th d liu s c chuyn tip qua li gia nhng lp mng ny v nh th phi cn mt router (c th l phn mm hoc phn cng) y l trng hp khi mt my tnh no mun kt ni ti mt my khc trn internet.

2. M Hnh Mng Ca Dch V Nat

3. Nguyn L Hot ng Ca NAT

NAT lm vic nh mt router, cng vic ca n l chuyn tip cc gi tin (packets) gia nhng lp mng khc nhau trn mt mng ln. Bn cng c th ngh rng Internet l mt mng n nhng c v s subnet. Routers c kh nng hiu c cc lp mng khc nhau xung quanh n v c th chuyn tip nhng gi tin n ng ni cn n.

Trang 49

NAT s dng IP ca chnh n lm IP cng cng cho mi my con (client) vi IP ring. Khi mt my con thc hin kt ni hoc gi d liu ti mt my tnh no trn internet, d liu s c gi ti NAT, sau NAT s thay th a ch IP gc ca my con ri gi gi d liu i vi a ch IP ca NAT. My tnh t xa hoc my tnh no trn internet khi nhn c tn hiu s gi gi tin tr v cho NAT computer bi v chng ngh rng NAT computer l my gi nhng gi d liu i. NAT ghi li bng thng tin ca nhng my tnh gi nhng gi tin i ra ngoi trn mi cng dch v v gi nhng gi tin nhn c v ng my tnh (client). NAT thc hin nhng cng vic sau: - Chuyn i a ch IP ngun thnh a ch IP ca chnh n, c ngha l d liu nhn c bi my tnh t xa (remote computer) ging nh nhn c t my tnh c cu hnh NAT. - Gi d liu ti my tnh t xa v nh c gi d liu s dng cng dch v no. - D liu khi nhn c t my tnh t xa s c chuyn ti cho cc my con. NAT c hot ng vi bt k giao thc v ng dng no khng? Giao thc s dng a kt ni hoc a phng tin v nhiu kiu d liu (nh l FTP hoc RealAudio). Vi FTP, khi bn bt u cng vic truyn file, bn thc hin mt kt ni ti FTP server bi FTP client, my client kt ni vo v yu cu c truyn file hoc th mc, vi mt vi FTP client bn s thy mt hin tng g nh lnh port, nhng g m dng lnh ny ang thc hin l thit lp kt ni d liu gi tp tin hoc th mc v li cho FTP client. Cch thc hin cng vic nh vy c ngha l my client ni vi server rng hy kt ni vi ti trn a ch IP ny v trn cng port ny truyn d liu. Vn y l my client ch cho server bit kt ni ngc li trn a ch IP ni b bn trong mng LAN ca chnh n v nh vy server s khng tm c a ch IP ny v tht bi nu server c gng tm kim v kt ni vi a ch ny, y l lc phi cn ti NAT Hu ht cc gii php NAT (trong bao gm c WinGate) u c s h tr c bit i vi giao thc FTP v yu cu i vi my tnh c cu hnh NAT l my tnh phi c a ch IP tnh (static IP).

Trang 50

4. Trin Khai Dch V Nat

4.1 Yu Cu:
- My phi c t hai giao tip network tr ln C hai card mng C 1 card mng v 1 giao tip thng qua modem dialup - My phi ci t HH window server

4.2 Trin khai dch v Nat:

Bc 1: khi ng dch v Nat: - Khi ng chng trnh Routing and Remote Access: menu start all program administrative tools routing and remote access

- Khi ng dch v Nat right click server-radius (tn ca my Nat server) configue and enable routing and remote access

Trang 51

 next nextwork address translation

next khi ng hp thoi Nat internet conection: hp thoi ny cho php chng ta chn la giao tip no kt ni vi h thng mng internet

C 2 mc chn la: use this public interface to connect to internet: Chng ta chn la mc ny khi my c t 2 card mng tr ln. Ti list box chng ta chn la card mng dng kt ni internet Create a new demand-dial interface to the internet Mc ny ch c chn la khi giao tip vi internet l 1 modem dialup next finish khi ng dch v Nat

Trang 52

 sau khi khi ng dch v nat ta co giao din chng trnh nh sau:

Bc 2: Cu hnh dch v Nat: Cu hnh giao tip internet: right click ln giao tip internet properties m hp thoi cu hnh ca kt ni internet Tab Nat/Basic firewall:

Trang 53

Hp thoi ny cho php thit lp cc bo mt c bn trn giao tip internet o Public interface connect to the internet: Mc ny c chn la khi giao tip ny l giao tip kt ni vi h thng mng bn ngoi. - Enable NAT on this interface: mc ny cho php bt hay tt chc nng NAT, khi tt chc nng ny khi cc my trm trong h thng mng LAN khng th kt ni internet c - Enable basic firewall on this interface: mc ny cho php bt tt ch bo v c bn ca NAT server trn giao tip hin ti. o Static Packet Filter: Mc ny cho php thit lp chnh sch lc cc gi tin i qua nat server - Inbound filter: cho php thit lp b lc gi tin i vo interface ny - Outbound filter: cho php thit lp b lc gi tin i ra interface ny Tab Address pool: Cho php quy nh nhng my c a ch IP no c php truy nhp internet

Trang 54

 Tab service and ports: Cho php quy nh loi dch v no m cho php bn ngoi internet truy nhp vo n.

- Add: cho php thm vo loi dch v - Edit: cho php hiu chnh thng tin ca tng loi dch v Tab ICMP: Cho php thit lp cc chnh sch lc vi giao thc h tr nh tuyn ICMP.

Trang 55

Trang 56

CHNG 5 VIRUS V CCH PHNG CHNG

1 Virus
Virus tin hc hin nay ang l ni bn khon lo lng ca nhng ngi lm cng tc tin hc, l ni lo s ca nhng ngi s dng khi my tnh ca mnh b nhim virus. Khi my tnh ca mnh b nhim virus, h ch bit trng ch vo cc phn mm dit virus hin c trn th trng, trong trng hp cc phn mm ny khng pht hin hoc khng tiu dit c, h b lm phi tnh hung rt kh khn, khng bit phi lm nh th no. V l do , c mt cch nhn nhn c bn v c ch v cc nguyn tc hot ng ca virus tin hc l cn thit. Trn c s , c mt cch nhn ng n v virus tin hc trong vic phng chng, kim tra, cha tr cng nh cch phn tch, nghin cu mt virus mi xut hin.

1.1 Virus l g ?
Thut ng virus tin hc dng ch mt chng trnh my tnh c th t sao chp chnh n ln ni khc (a hoc file) m ngi s dng khng hay bit. Ngoi ra, mt c im chung thng thy trn cc virus tin hc l tnh ph hoi, n gy ra li thi hnh, thay i v tr, m ho hoc hu thng tin trn a.

1.2 Phn Loi:

Thng thng, da vo i tng ly lan l file hay a m virus c chia thnh hai nhm chnh: - B-virus: Virus ch tn cng ln Master Boot hay Boot Sector. - F-virus: Virus ch tn cng ln cc file kh thi. Mc d vy, cch phn chia ny cng khng hn l chnh xc. Ngoi l vn c cc virus va tn cng ln Master Boot (Boot Sector) va tn cng ln file kh thi. c mt cch nhn tng quan v virus, chng ta xem chng dnh quyn iu khin nh th no.

a. B-virus.
Khi my tnh bt u khi ng (Power on), cc thanh ghi phn on u c t v 0FFFFh, cn mi thanh ghi khc u c t v 0. Nh vy, quyn iu khin ban u c trao cho on m ti 0FFFFh: 0h, on m ny thc ra ch l lnh nhy JMP FAR n mt on chng trnh trong ROM, on chng trnh ny thc hin qu trnh POST (Power On Self Test - T kim tra khi khi ng). Qu trnh POST s ln lt kim tra cc thanh ghi, kim tra b nh, khi to cc Chip iu khin DMA, b iu khin ngt, b iu khin a... Sau n s d tm cc Card thit b gn thm trao quyn iu khin cho chng t khi to ri ly li quyn iu khin. Ch rng y l on Trang 57

chng trnh trong ROM (Read Only Memory) nn khng th sa i, cng nh khng th chn thm mt on m no khc. Sau qu trnh POST, on chng trnh trong ROM tin hnh c Boot Sector trn a A hoc Master Boot trn a cng vo RAM (Random Acess Memory) ti a ch 0:7C00h v trao quyn iu khin cho on m bng lnh JMP FAR 0:7C00h. y l ch m B-virus li dng tn cng vo Boot Sector (Master Boot), ngha l n s thay Boot Sector (Master Boot) chun bng on m virus, v th quyn iu khin c trao cho virus, n s tin hnh cc hot ng ca mnh trc, ri sau mi tin hnh cc thao tc nh thng thng: c Boot Sector (Master Boot) chun m n ct giu u vo 0:7C00h ri trao quyn iu khin cho on m chun ny, v ngi s dng c cm gic rng my tnh ca mnh vn hot ng bnh thng.

b. F-virus.
Khi DOS t chc thi hnh File kh thi (bng chc nng 4Bh ca ngt 21h), n s t chc li vng nh, ti File cn thi hnh v trao quyn iu khin cho File . F-virus li dng im ny bng cch gn on m ca mnh vo file ng ti v tr m DOS trao quyn iu khin cho File sau khi ti vo vng nh. Sau khi F-virus tin hnh xong cc hot ng ca mnh, n mi sp xp, b tr tr li quyn iu khin cho File cho File li tin hnh hot ng bnh thng, v ngi s dng th khng th bit c. Trong cc loi B-virus v F-virus, c mt s loi sau khi dnh c quyn iu khin, s tin hnh ci t mt on m ca mnh trong vng nh RAM nh mt chng trnh thng tr (TSR), hoc trong vng nh nm ngoi tm kim sot ca DOS, nhm mc ch kim sot cc ngt quan trng nh ngt 21h, ngt 13h,... Mi khi cc ngt ny c gi, virus s dnh quyn iu khin tin hnh cc hot ng ca mnh trc khi tr li cc ngt chun ca DOS.

1.3 c im Ca B-Virus:
Qua phn trc, chng ta a ra cc thng tin ht sc c bn v cu trc a, tin trnh khi ng v cch thc t chc vng nh, t chc thi hnh file ca DOS. Nhng thng tin gip chng ta tm hiu nhng c im c bn ca virus, t a ra cch phng chng, cha tr trong trng hp my b nhim virus.

a. Phn loi B-virus.

Nh chng ta bit, sau qu trnh POST, sector u tin trn a A hoc a C c c vo vng nh ti 0: 7C00, v quyn iu khin c trao cho on m trong sector khi ng ny. B-virus hot ng bng cch thay th on m chun trong sector khi ng ny bng on m ca n chim quyn iu khin, sau khi ci t xong mi c sector khi ng chun c virus ct gi u vo 0:7C00 v tr li quyn iu khin cho on m chun ny. Vic ct gi sector khi ng ti v tr no trn a tu thuc loi a v cch gii quyt ca tng loi virus. i vi a cng, thng thng n c ct gi u trong Side 0, Cylinder 0 v trong c track ny, DOS ch s dng sector u tin cho bng Partition. Trn a mm, v tr ct gi s phc tp hn v mi ch u c kh nng b ghi thng tin. Mt s hng sau y c cc virus p dng: S dng sector cui Root Directory, v n thng t c s dng. S dng cc sector cui cng trn a, v khi phn b vng trng cho file, DOS tm vng trng t Trang 58

nh n ln cho nn vng ny thng t c s dng. Ghi vo vng trng trn a, nh du trong bng FAT vng ny l vng b hng DOS khng s dng cp pht na. Cch lm ny an ton hn cc cch lm trn y. Format thm track v ghi vo track va c Format thm. Ty thuc vo ln ca on m virus m B-virus c chia thnh hai loi: - SB-virus. Chng trnh ca SB-virus ch chim ng mt sector khi ng, cc tc v ca SB-virus khng nhiu v tng i n gin. Hin nay s cc virus loi ny thng t gp v c l ch l cc virus do trong nc "sn xut". - DB-virus. y l nhng loi virus m on m ca n ln hn 512 byte (thng thy). V th m chng trnh virus c chia thnh hai phn: - Phn u virus: c ci t trong sector khi ng chim quyn iu hin khi quyn iu khin c trao cho sector khi ng ny. Nhim v duy nht ca phn u l: ti tip phn thn ca virus vo vng nh v trao quyn iu khin cho phn thn . V nhim v n gin nh vy nn phn u ca virus thng rt ngn, v cng ngn cng tt v cng ngn th s khc bit gia sector khi ng chun v sector khi ng b nhim virus cng t, gim kh nng b nghi ng. - Phn thn virus: L phn chng trnh chnh ca virus. Sau khi c phn u ti vo vng nh v trao quyn, phn thn ny s tin hnh cc tc v ca mnh, sau khi tin hnh xong mi c sector khi ng chun vo vng nh v trao quyn cho n my tnh lm vic mt cch bnh thng nh cha c g xy ra c.

b. Mt s k thut c bn ca B-virus.
D l SB-virus hay DB-virus, nhng tn ti v ly lan, chng u c mt s cc k thut c bn nh sau: - K thut kim tra tnh duy nht. Virus phi tn ti trong b nh cng nh trn a, song s tn ti qu nhiu bn sao ca chnh n trn a v trong b nh s ch lm chm qu trnh Boot my, cng nh chim qu nhiu vng nh nh hng ti vic ti v thi hnh cc chng trnh khc ng thi cng lm gim tc truy xut a. Chnh v th, k thut ny l mt yu cu nghim ngt vi B-virus. Vic kim tra trn a c hai yu t nh hng: Th nht l thi gian kim tra: Nu mi tc v c/ghi a u phi kim tra a th thi gian truy xut s b tng gp i, lm Trang 59

gim tc truy xut cng nh gia tng mi nghi ng. i vi yu cu ny, cc virus p dng mt s k thut sau: Gim s ln kim tra bng cch ch kim tra trong trng hp thay i truy xut t a ny sang a khc, ch kim tra trong trng hp bng FAT trn a c c vo. Th hai l k thut kim tra: Hu ht cc virus u kim tra bng gi tr t kho. Mi virus s to cho mnh mt gi tr c bit ti mt v tr xc nh trn a, vic kim tra c tin hnh bng cch c Boot record v kim tra gi tr ca t kho ny. K thut ny gp tr ngi v s lng B-virus ngy mt ng o, m v tr trn Boot Record th c hn. Cch khc phc hin nay ca cc virus l tng s lng m lnh cn so snh lm gim kh nng trng hp ngu nhin. kim tra s tn ti ca mnh trong b nh, cc virus p dng cc k thut sau: n gin nht l kim tra gi tr Key value ti mt v tr xc nh trn vng nh cao, ngoi ra mt k thut khc c p dng i vi cc virus chim ngt Int 21 ca DOS l yu cu thc hin mt chc nng c bit khng c trong ngt ny. Nu c bo li c bt ln th trong b nh cha c virus, ngc li nu virus lu tr trong vng nh th gi tr tr li (trong thanh ghi AX chng hn) l mt gi tr xc nh no . - K thut lu tr. Sau khi thc hin xong chng trnh POST, gi tr tng s vng nh va c Test s c lu vo vng BIOS Data a ch 03h. Khi h iu hnh nhn quyn iu khin, n s coi vng nh m n kim sot l gi tr trong a ch ny. V vy lu tr, mi B-virus u p dng k thut sau y: Sau khi ti phn lu tr ca mnh ln vng nh cao, n s gim gi tr vng nh do DOS qun l ti 03h i mt lng ng bng kch thc ca virus. Tuy nhin nu khng kim tra tt s c mt trong vng nh, khi b Boot mm lin tc, gi tr tng s vng nh ny s b gim nhiu ln, nh hng ti vic thc hin ca cc chng trnh sau ny. Chnh v th, cc virus c thit k tt phi kim tra s tn ti ca mnh trong b nh, nu c mt trong b nh th khng gim dung lng vng nh na. - K thut ly lan. on m thc hin nhim v ly lan l on m quan trng trong chng trnh virus. m bo vic ly lan, virus khng ch ngt quan trng nht trong vic c/ghi vng h thng: l ngt 13h, tuy nhin m bo tc truy xut a, ch cc chc nng 2 v 3 (c/ghi) l dn ti vic ly lan. Vic ly lan bng cch c Boot Sector (Master Boot) ln v kim tra xem b ly cha (k thut kim tra ni trn). Nu sector khi ng cha b nhim th virus s to mt sector khi ng mi vi cc tham s tng ng ca on m virus ri ghi tr li vo v tr ca n trn a. Cn sector khi ng va c ln cng vi thn ca virus (loi DB-virus) s c ghi vo vng xc nh trn a. Ngoi ra mt s virus cn chim ngt 21 ca DOS ly nhim v ph hoi trn cc file m ngt 21 lm vic. Vic xy dng sector khi ng c on m ca virus phi m bo cc k thut sau y: - Sector khi ng b nhim phi cn cha cc tham s a phc v cho qu trnh truy xut a, l bng tham s BPB ca Boot record hay bng phn chng trong trng hp Master boot. Vic Trang 60

khng bo ton s dn n vic virus mt quyn iu khin hoc khng th kim sot c a nu virus khng c mt trong mi trng. - S an ton ca sector khi ng nguyn th v on thn ca virus cng phi c t ln hng u. Cc k thut v v tr ct giu chng ta cng phn tch cc phn trn. - K thut ngy trang v gy nhiu. K thut ny ra i kh mun v sau ny, do khuynh hng chng li s pht hin ca ngi s dng v nhng lp trnh vin i vi virus. V kch thc ca virus kh nh b cho nn cc lp trnh vin hon ton c th d tng bc xem c ch ca virus hot ng nh th no, cho nn cc virus tm mi cch lt lo chng li s theo di ca cc lp trnh vin. Cc virus thng p dng mt s k thut sau y: - C tnh vit cc lnh mt cch rc ri nh t Stack vo cc vng nh nguy him, chim v xo cc ngt, thay i mt cch lt lo cc thanh ghi phn on ngi d khng bit d liu ly t u, thay i cc gi tr ca cc lnh pha sau ngi s dng kh theo di. - M ho ngay chnh chng trnh ca mnh ngi s dng khng pht hin ra quy lut, cng nh khng thy mt cch r rng ngay s hot ng ca virus. - Ngy trang: Cch th nht l on m ci vo sector khi ng cng ngn cng tt v cng ging sector khi ng cng tt. Tuy vy cch th hai vn c nhiu virus p dng: Khi my ang nm trong quyn chi phi ca virus, mi yu cu c/ghi Boot sector (Master boot) u c virus tr v mt bn chun: bn trc khi b virus ly. iu ny nh la ngi s dng v cc chng trnh chng virus khng c thit k tt nu my hin ang chu s chi phi ca virus. - K thut ph hoi. l virus th bao gi cng c tnh ph hoi. C th ph hoi mc a cho vui, cng c th l ph hoi mc nghim trng, gy mt mt v nh tr i vi thng tin trn a. Cn c vo thi im ph hoi, c th chia ra thnh hai loi: - Loi nh thi: Loi ny lu gi mt gi tr, gi tr ny c th l ngy gi, s ln ly nhim, s gi my chy, ... Nu gi tr ny vt qu mt con s cho php, n s tin hnh ph hoi. Loi ny thng nguy him v chng ch ph hoi mt ln. - Loi lin tc: Sau khi b ly nhim v lin tc, virus tin hnh ph hoi, song do tnh lin tc ny, cc hot ng ph hoi ca n khng mang tnh nghim trng, ch yu l a cho vui.

1.4 c im Ca F-Virus:
So vi B-virus th s lng F-virus ng o hn nhiu, c l do cc tc v a vi s h tr ca Int 21 tr nn cc k d dng v thoi mi, l iu kin pht trin cho cc F-virus. Thng th cc F-virus ch ly lan trn cc file kh thi (c ui .COM hoc .EXE), tuy nhin mt nguyn tc m virus phi tun th l: Khi thi hnh mt file kh thi b ly nhim, quyn iu khin phi nm trong tay virus trc khi virus tr n li cho file b nhim, v khi file nhn li quyn iu Trang 61

khin, tt c mi d liu ca file phi c bo ton. i vi F-virus, c mt s k thut c nu ra y:

a. K thut ly lan:
Cc F-virus ch yu s dng hai k thut: Thm vo u v thm vo cui - Thm vo u file. Thng thng, phng php ny ch p dng cho cc file .COM, tc l u vo ca chng trnh lun lun ti PSP0h. Li dng u vo c nh, virus chn on m ca chng trnh virus vo u chng trnh i tng, y ton b chng trnh i tng xung pha di. Cch ny c mt nhc im l do u vo c nh ca chng trnh .COM l PSP0, cho nn trc khi tr li quyn iu khin cho chng trnh, phi y li ton b chng trnh ln bt u t offset 100h. Cch ly ny gy kh khn cho nhng ngi khi phc v phi c ton b file vo vng nh ri mi tin hnh ghi li. - Thm vo cui file. Khc vi cch ly lan trn, trong phng php ny, on m ca virus s c gn vo sau ca chng trnh i tng. Phng php ny c thy trn hu ht cc loi virus v phm vi ly lan ca n rng ri hn phng php trn. Do thn ca virus khng nm ng u vo ca chng trnh, cho nn chim quyn iu khin, phi thc hin k thut sau y: - i vi file .COM: Thay cc byte u tin ca chng trnh (u vo) bng mt lnh nhy JMP, chuyn iu khin n on m ca virus. E9 xx xx JMP Entry virus. - i vi file .EXE: Ch cn nh v li h thng cc thanh ghi SS, SP, CS, IP trong Exe Header trao quyn iu khin cho phn m virus. Ngoi hai k thut ly lan ch yu trn, c mt s t cc virus s dng mt s cc k thut c bit khc nh m ho phn m ca chng trnh virus trc khi ghp chng vo file ngy trang, hoc thm ch thay th mt s on m ngn trong file i tng bng cc on m ca virus, gy kh khn cho qu trnh khi phc. Khi tin hnh ly lan trn file, i vi cc file c t cc thuc tnh Sys (h thng), Read Only (ch c), Hidden (n), phi tin hnh i li cc thuc tnh c th truy nhp, ngoi ra vic truy nhp cng thay i li ngy gi cp nht ca file, v th hu ht cc virus u lu li thuc tnh, ngy gi cp nht ca file sau khi ly nhim s tr li y nguyn thuc tnh v ngy gi cp nht ban u ca n. Ngoi ra, vic c gng ghi ln a mm c dn nhn bo v cng to ra dng thng bo li ca DOS: Retry - Aboart - Ignore, nu khng x l tt th d b ngi s dng pht hin ra s c mt ca virus. Li kiu ny c DOS kim sot bng ngt 24h, cho nn cc virus mun trnh cc Trang 62

thng bo kiu ny ca DOS khi tin hnh ly lan phi thay ngt 24h ca DOS trc khi tin hnh ly lan ri sau hon tr.

b. K thut m bo tnh tn ti duy nht.

Cng ging nh B-virus, mt yu cu nghim ngt t ra i vi F-virus l tnh tn ti duy nht ca mnh trong b nh cng nh trn file. Trong vng nh, thng thng cc F-virus s dng hai k thut chnh: Th nht l to thm chc nng cho DOS, bng cch s dng mt chc nng con no trong t chc nng ln hn chc nng cao nht m DOS c. kim tra ch cn gi chc nng ny, gi tr tr li trong thanh ghi quyt nh s tn ti ca virus trong b nh hay cha. Cch th hai l so snh mt on m trong vng nh n nh vi on m ca virus, nu c s chnh lch th c ngha l virus cha c mt trong vng nh v s tin hnh ly lan. Trn file, c th c cc cch kim tra nh kim tra bng test logic no vi cc thng tin ca Entry trong th mc ca file ny. Cch ny khng m bo tnh chnh xc tuyt i song nu thit k tt th kh nng trng lp cng hn ch, hu nh khng c, ngoi ra mt u im l tc thc hin kim tra rt nhanh. Ngoi ra c th kim tra bng cch d mt on m c trng (key value) ca virus ti v tr n nh no trn file, v d trn cc byte cui cng ca file.

c. K thut thng tr
y l mt k thut kh khn, l do l DOS ch cung cp chc nng thng tr cho chng trnh, ngha l ch cho php c chng trnh thng tr. V vy nu s dng chc nng ca DOS, chng trnh virus mun thng tr th c file i tng cng phi thng tr, m iu ny th khng th c nu kch thc ca file i tng qu ln. Chnh v l do trn, hu ht cc chng trnh virus mun thng tr u phi thao tc qua mt DOS trn chui MCB bng phng php "th cng". Cn c vo vic thng tr c thc hin trc hay sau khi chng trnh i tng thi hnh, c th chia k thut thng tr thnh hai nhm: - Thng tr trc khi tr quyn iu khin. Nh ni trn, DOS khng cung cp mt chc nng no cho kiu thng tr ny, cho nn chng trnh virus phi t thu xp. Cc cch sau y c virus dng n: - Thao tc trn MCB tch mt khi vng nh ra khi quyn iu khin ca DOS, ri dng vng ny cha chng trnh virus. - T nh v v tr trong b nh ti phn thng tr ca virus vo, thng th cc virus chn vng nh cao, pha di phn tm tr ca file command.com trnh b ghi khi h thng ti li command.com. V khng cp pht b nh cho phn chng trnh virus ang thng tr, cho nn command.com hon ton c quyn cp pht vng nh cho cc chng trnh khc, ngha l chng trnh thng tr ca virus phi chp nhn s mt mt do may ri. - Thng tr bng chc nng thng tr 31h: y l mt k thut phc tp, tin trnh cn thc hin c m t nh sau: Trang 63

Khi chng trnh virus c trao quyn, n s to ra mt MCB c khai bo l phn t trung gian trong chui MCB cha chng trnh virus, sau li to tip mt MCB mi cho chng trnh b nhim bng cch di chng trnh xung vng mi ny. thay i PSP m DOS ang lu gi thnh PSP m chng trnh virus to ra cho chng trnh i tng, phi s dng chc nng 50h ca ngt 21h. -. Thng tr sau khi ot li quyn iu khin. Chng trnh virus ly tn chng trnh ang thi hnh trong mi trng ca DOS, ri n thi hnh ngay chnh bn thn mnh. Sau khi thi hnh xong, quyn iu khin li c tr v cho virus, v khi n mi tin hnh thng tr mt cch bnh thng bng chc nng 31h ca ngt 21h.

c. K thut ngy trang v gy nhiu

Mt nhc im khng trnh khi l file i tng b ly nhim virus s b tng kch thc. Mt s virus ngy trang bng cch khi s dng chc nng DIR ca DOS, virus chi phi chc nng tm kim file (chc nng 11h v 12h ca ngt 21h) gim kch thc ca file b ly nhim xung, v th khi virus ang chi phi my tnh, nu s dng lnh DIR ca DOS, hoc cc lnh s dng chc nng tm kim file trn c thng tin v entry trong bng th mc, th thy kch thc file b ly nhim vn bng kch thc ca file ban u, iu ny nh la ngi s dng v s trong sch ca file ny. Mt s virus cn gy nhiu bng cch m ho phn ln chng trnh virus, ch khi no vo vng nh, chng trnh mi c gii m ngc li. Mt s virus anti-debug bng cch chim ngt 1 v ngt 3. Bi v cc chng trnh debug thc cht phi dng ngt 1 v ngt 3 thi hnh tng bc mt, cho nn khi virus chim cc ngt ny ri m ngi lp trnh dng debug theo di virus th kt qu khng lng trc c.

d. K thut ph hoi
Thng thng, cc F-virus cng s dng cch thc v k thut ph hoi ging nh B-virus. C th ph hoi mt cch nh thi, lin tc hoc ngu nhin. i tng ph hoi c th l mn hnh, loa, a,...

2. Phng Chng Virus:

phng chng virus c nhiu cch khc nhau, cch ph bin nht ngy nay l s dng cc phn mm dit virus. Symantec antivirus l mt trong nhng phn mm dit virus ph bin nht hin nay.

2.1 Ci t Chng Trnh Symantec Antivirus Server (Server Intall):

Chy file ci t setup.exe Mng hnh welcome . xut hin

Trang 64

Chn Next mng hnh xc nhn bn quyn xut hin chn I accept tip tc qu trnh ci t

Chn Next mng hnh chn la phng thc ci t xut hin: client server option chn server intall

Trang 65

Chn next hp thoi setup type xut hin chn complete ci t y cc tnh nng ca chng trnh

Chn Next hp thoi select server group xut hin trong hp thoi ny, khai bo cc thng tin sau: - server group: cho php khai bo nhm server - username: khai bo user cho php ng nhp server sau khi ci t - Password: cho php khai bo password ca user ng nhp

Trang 66

Chn next hp thoi xc nhn password xut hin: g li password li mt ln na.

Chn ok hp thoi intall option xut hin

Trang 67

Chn next hp thoi ready to xut hin xc lp li qu trnh ci t

Chn install bt u qu trnh ci t

2.2 Ci t Chng Trnh Symantec System Center:

a. Chc nng: y l chng trnh cho php qun l cc symantec antivirus server v symantec antivirus client. Thng qua chng trnh ny chng ta c th thc hin cc chc nng qun l nh: - Ci t antivirus v bo v cc l hng bo mt trn my. - Cho php cp nht symantec antivirus client defination - Ci t cc chng trnh bo v trn my trm - . b. Ci t : Cc bc ci t cng ging nh ci t synmantec server. Ti hp thoi select

Trang 68

Chn next . install bt u qu trnh ci t

Sau khi qu trnh ci t hon tt chng trnh s yu cu chng ta khi ng li my :

Chn ok khi ng li my.

Trang 69

2.3 Ci t Symantec Antivirus Client :

Cc bc ci t symantec client ging nh ci t symantec server ch khc ti hp thoi client server option : chn mc client intall

Chn next hp thoi network setup type chn managed next

Hp thoi select server :

Trang 70

Chn browse tm kim symantec server m client cn kt ni n :

Chn server cn kt ni n ok chn next bt u qu trnh ci t

Trang 71

Trang 72