Está en la página 1de 43

Contents

Cu 1: Cu trc v chc nng ca HT AT con trong Windows ( Security Subsystem ) .............................. 2 Cu 2: Tnh cn thit ca ATHH ............................................................................................................... 4 Cu 3 : Cc tn cng i vi bo mt v xc thc. Gii php phng chng ................................................ 4 Cu 4: Giao thc xc thc WEP ................................................................................................................... 6 Cu 5: Cc phng php tn cng in hnh vo HH ................................................................................ 7 Cu 6: H thng thanh tra, kim ton ........................................................................................................... 9 Cu 7: So snh 2 giao thc xc thc trong mng khng dy WEP v WPA .............................................. 10 Cu 8: Cc phng php xc thc c s dng trong HH .................................................................... 11 Cu 9:Pht hin xm nhp ch ng, b ng.u, nhc im ca chng. ............................................... 13 Cu 10 : Chi tit v XC THC NG NHP CC B trong Windows ( v s , trnh by cc bc theo s ).................................................................................................................................................. 15 Cu 11: tng quan v cc k thut s dng mng khng dy ................................................................ 16 Cu 12: H pht hin xm nhp my ch HIDS v NIDS .......................................................................... 20 Cu 13 : Giao thc xc thc KERBEROS ( s hot ng , trnh by cc bc , nhn xt ) : .............. 24 Cu 14 : Vn kim sot truy nhp . Cc phng php cp quyn truy nhp ......................................... 26 Cu 15: Phn tch cc tn cng mng Wlan................................................................................................ 28 Cu 16: Gi tr xc thc NTLM ( tham kho thm cu 10 ) ...................................................................... 30 Cu 17: Cy tn cng WLAN ..................................................................................................................... 31 Cu 18: C ch bo v cng trong hdh ....................................................................................................... 31 Cu 19 : Cc kiu tn cng vo mt khu h iu hnh : ........................................................................... 32 Cu 20 : V cc m c hi ph bin :........................................................................................................ 34 Cu 21: Cc phng php bo v HH t pha ngi dng. ..................................................................... 36 Cu 22: Nu /n, chc nng, cc phng php pht hin tn cng ca IDS/IPS. ...................................... 37 Cu 23 : Cc hnh thc tn cng mng c bn ( c rt nhiu kiu , y ch l 1 s thi nh ) ................... 40 Cu 24 : Cc khi nim c bn trong an ton h iu hnh ........................................................................ 41

Cu 1: Cu trc v chc nng ca HT AT con trong Windows ( Security Subsystem )


1. S khi chc nng ( chn 1 trong 2 hnh )

2. Trnh by chc nng cc thnh phn - LSA ( Local Security Authority ) : o Qun l chnh sch an ton trn my cc b o Mt khu : di ti thiu, b kha sau bnhieu ln ng nhp sai o To th truy cp an ton : SAT ( Security Access Token ) o Qun l chnh sch kim ton , ghi li cc thng bo kim ton n t kernel o Truyn thng hoc lin lc ( cung cp SAT cho SRM ) vi SRM ( Security Reference Monitor ) b gim st AT HH - Win32 + thc thi Win32 API + mi ng dng win32 chy trn khng gian a ch c phn chia t khng gian a ch ca win32 subsystem + cung cp mi trng chy cc ng dng MSDOS & WIN16 - SRM ( Security Reference Monitor ) + kim tra quyn hp php trc khi cho pht truy cp ti cc i tng thng qua vic s dng danh sch kim sot truy cp ACL + cung cp thng tin cho Object Manager ( OM ) . OM s hi SRM khi c mt tin trnh c quyn hp l trong vic thc thi hnh ng trn cc object

Win logon ( Logon Process) o Chp nhn cc yu cu ng nhp o Khi ng v xut hin giao din mn hnh ch ng nhp xc thc o Tip nhn cc thng s xc thc ( min, tn, pass ) o Tnh hp l ca ngi dng , xc nh ngi dng hp l SAM : lu tr CSDL , thng tin mt khu , giao tip v cung cp cc d liu v ti khon ngi dng cho LSA

Cu 2: Tnh cn thit ca ATHH


An ton HDH l cn thit v cc h thng my tnh v mng lu gi, qun l rt nhiu thng tin v ti nguyn khc nhau, nu HH khng an ton th h thng d b e da, d dn ti mt trm, l, sa i ni dung thng tin Mi h thng ln, b, mnh, n l u phi c HH: an ton h thng ni chung phi gn lin vi ATHH. Mc ch ca an ton H iu hnh c th c chia thnh cc nhm: Bo v thng tin v ti nguyn: bo v d liu c cha thng tin ca ngi dng, d liu quan trng ca cng ty, t chc. Vic bo m an ton HDH rt quan trng, nu nh tnh an ton ca HDH b ph v s dn n mt, l thng tin, ti nguyn ca c nhn, cng ty, t chc. Bo m tnh ring t: bo m tnh ring t ca ngi dng ny vi ngi dng khc. i vi c nhn, nu nh my tnh ca h s dng h iu hnh c tnh bo mt k m th kh nng b mt thng tin c nhn hay d liu c nhn rt cao . Kch thch lung cng vic: khi mt HDH b tn cng v b lm cho t lit iu ny lm nh hng n lung cng vic ang c thc hin. Vic m bo an ton cho HDH gi p cho lung cng vic c lin tc, thng sut, khng b gin on. Pht hin cc l hng an ton v g ri phn mm: Vic cp nht, pht hin cc l hng an ton, g ri phn mm lm tng kh nng an ton ca HDH, c th gi p cho hiu sut hot ng ca h thng cao hn. Tn tht v li hay s bt cn ca con ngi: trong qu trnh s dng, do cha c o to k l ng hoc s bt cn trong qu trnh s dng. c ny con ngi v tnh to ra cc l hng gi p cho k xu li dng tn cng, hoc lm cho h thng b t lit, nh hng n hiu sut ca h thng.

Cu 3 : Cc tn cng i vi bo mt v xc thc. Gii php phng chng


a) Cc phng php tn cng

- Tn cng vt cn: Phng php ny kt hp cc k t vi nhau xc nh mt khu ca mt khon mc. trc tin n thu thp thng tin v khon mc sau dng tn cng vt cn on mt khu ca khon mc ngi dng. Mt s k tn cng t vit cc on chng trnh on mt khu, mt s k khc li s dng nhng cng c c sn trn mng nh Xavior, brute_ssl, brute_web, Authforce, - Truy nhp thng tin mt khu trn HH: K tn cng ginh quyn truy nhp vo CSDL hoc cc tp trn HH cha mt khu c m ha, nh tp /etc/password, /etc/shadow trong cc h thng Unix/Linux, hoc CSD SAM trong Windows. tn cng, trc tin k tn cng phi truy nhp vo HH dng 1 khon mc c c quyn truy nhp nhng CSDL ny. Nhng cng c m ch ng thng s dng l L0phtCrack trong Windows NT/2000/XP/2003, Crack trong Unix/Linux - on mt khu n gin: K tn cng thu thp thng tin v ngi dng ri c gng on mt khu da trn nhng thng tin thu thp c nh ngy sinh, tn, tui, . - Kha yu: Khi 1 phng php m ha s dng kha yu hoc kha ngn ( 56bit chng hn), k tn cng c th s dng cc cng c c gng tm ra kha m - Tn cng thut ton m: K tn cng s dng cc chng trnh tn cng tm ra thut ton m, thu c mt lng ln cc vn bn c m cng mt thut ton, kt hp vi tn cng kha yu s gip cho chng truy nhp c vo h thng b) Gii php phng chng Cc k thut m ha v xc thc nh AES, SS , Kerberos v IPSec c thit k chng li cc tn cng tt hn cc k thut trc nh DES, NT M. Mt s phng php chng li tn cng bao gm: - S dng cc khon mc kh on v mt khu mnh, c bit ch n cc khon mc c c quyn qun tr - S dng k thut m kha v xc thc mnh nht m HH cho ph p s dng trn mng nh AES, 3DES - S dng kha c di ti a c th - Thng xuyn pht trin cc phng php m ha v xc thc mi, v ng tt c l hng pht hin c - Ngi qun tr nn trnh dng trc tip cc khon mc qun tr m ch nn dng cc khon mc c nhn c c quyn qun tr. Khi s dng my tnh ca ngi khc, ch nn dng dng lnh truy nhp cc khon mc qun tr nh runas trong Windows 2000/XP/2003 hoc lnh su trong Unix/Linux

Cu 4: Giao thc xc thc WEP


WEP (Wired Equivalent Privacy) l mt thut ton bo v s trao i thng tin chng li s nghe ln, chng li nhng kt ni mng khng c php... client

S hot ng ca WEP
1. Yu cu xc thc 2. Thng ip th thch 3. Thng ip m ha 4. tr li kt qu AP

Cc bc thc hin Bc 1: C gi yu cu xc thc n AP Bc 2: AP gi li thng ip th thch cho client Bc 3: C m ha thng ip th thch bng kha chia s trc v gi li cho AP Bc 4: AP gii m thng ip nhn c t pha client cng bng kha chia s trc v thc hin xc thc C c im S dng thut ton RC4 : thc hin cng tng bit, sau thc hin php OR (XOR) to bn m. Vi u vo l cc bn r ging nhau cho ra cc bn m khc nhau Vector khi to kha IV: c di 24bit Khng gian kha: 224 di kha: key c di cho php trong khong 40-104 bit, kt hp vi IV c di 24bit khi kha WEP seed c di 64 hoc 128 bit, l di ca kha WEP: WEP Seed = key + IV Qun l kha: kha c to bng cch s dng hm gi ngu nhin, sau c gn vo gi tin ri gi i. m bo tnh ton vn d liu nh gi v WEP im mnh: Vi phng thc m ha RC4, WEP cung cp tnh bo mt v an ton ng thi c xem nh mt phng thc kim sot truy cp im yu: Chiu di ca vector khi to ngn, gi tr ca IV ch giao ng trong khong 224 trng hp. iu ny khin cho WEP khng cn an ton v d dng b tn cng v k tn cng c th c c d liu

Cu 5: Cc phng php tn cng in hnh vo HH


a) Tn cng vo my ch hoc my trm c lp Cch n gin nht tn cng 1 HH l li dng 1 my ang trng thi ng nhp ca ngi no khi ngi b ra ngoi hoc bn lm vic khc. Nhiu ngi dng khng tt my hoc ng xut khi i ra ngoi v khng ci mt khu mn hnh ch. Nhiu HH cho ph p ngi dng cu hnh mn hnh ch xut hin sau 1 thi gian khng s dng, mn hnh ch ny c th c ci t yu cu ngi dng nhp mt khu trc khi thao tc li vi my. My trm v my ch khng c bo v theo cch ny l mc tiu d dng tn cng khi khng c ngi xung quanh b) Tn cng mt khu HH Qu trnh truy cp vo HH c bo v bng 1 khon mc ngi dng v mt khu, i khi ngi dng lm mt i mc ch bo v ca n v l ti khon v mt khu. Nhng k tn cng cn c nhiu cch khc tm mt khu truy cp, trong cc HH u c khon mc mc nh, nu khng thay i th c th b li dng cc khon mc ny ng nhp, hoc do khon mc v mt khu ca ngi dng n gin d on, k tn cng c th s dng cc cng c ph, d, on mt khu nh Xavior, Authforce, Hypnopaedia, - Tn cng th ng trc tuyn: thc hin qua vic nghe l n ng dy v thu thp lung thng tin xc thc v s dng k thut vt cn d mt khu - Man in the middle attack, replay attack: tm cch truy cp vo knh truyn, thu thp thng tin xc thc, chuyn hng lung thng tin xc thc, khng s dng k thut vt cn - on v b kha mt khu: thc hin d on mt khu t du nhc ng nhp, phng php ny c tc chm v d b pht hin v khng hiu qu. Vic thc hin dch ngc m hash cho tc nhanh nhng ch thc hin c nu attacker ly c m hash - Tn cng ch ng trc tuyn: thc hin d on mt khu, c gng th cc mt khu cho n khi chn c mt khu ng -> mt nhiu t/g, ch thnh cng vi cc mt khu yu - Tn cng khng trc tuyn: s dng t in, thc hin d tm mt khu da vo CSDL c sn v mt khu, thc hin th vi cc mt khu c sn trong CSD -> d thnh cng vi mt khu yu Tn cng lai (Hybrid attack): chn d liu ngu nhin, bt u vi vic s dng t in sau ni thm cc k t v s -> Tc tng i nhanh v mnh hn kiu tn cng t in Tn cng vt cn: ln lt th cc kh nng xut hin ca mt khu, tt c mt khu cui cng s c tm tm thy vi kiu tn cng vet cn ny

Tn cng bng cch tnh trc cc m hash: to ra trc tt c cc m hash c th, thc hin so snh m hash thu c vi gi tr m hash trong csdl c trc. Yu cu c b nh lu tr m hash cc ln - Tn cng phy k thut: Nhn trm, xem 1 ai g mt khu ca h, s dng phn mm keylog ly trm mt khu. c) Tn cng s dng m c hi Virus l chng trnh gn trong a hoc tp c kh nng nhn bn trn ton h thng, chng ph hoi cc tp v a. Su mng l chng trnh nhn bn khng ngng trong mt my tnh hoc gi chnh n n my khc trong mng. S khc nhau gia su mng v virus l su mng tip tc to cc tp mi, cn virus th nhim vo a hoc tp ri tip tc nhim vo a v tp khc, su mng thng c thit k cho php k tn cng truy cp vo my tnh m n ang chy v kim sot my tnh . Trojan, backdoor: ngm thu thp thng tin c gi tr v h thng hay thng tin ngi dng d) Tn cng b m Nhiu HH s dng b m lu d liu tm thi cho n khi n sn sng c s dng, cc thit b mng nh switch, router cng s dng b m. Tn cng b m l cch m k tn cng la cho phn mm m lu tr nhiu thng tin trong b m hn kch c ca n (trn b m). Phn thng tin tha c th l 1 phn mm gi mo sau s truy cp vo my tnh ch. Tn cng b m c thc hin nh sau: Cc frame v packet l cc n v thng tin c truyn i trn mng, mt phn ca thng tin trong frame v packet ni ln kch thc ca n. Khi 1 my tnh hay thit b mng lu m d liu, thng tin ny s bo cho thit b phi dnh bao nhiu khng gian b m lu. Trong tn cng b m, kch thc ca frame v packet l nh nn mt on m c c th gn o cui frame v packet m bn nhn khng bit c. Khi c lu trong b m, on m ny bung ra lm trn b m chim quyn iu khin h thng. e) Tn cng qut cng Sau khi k tn cng bit c IP ca my ang tn ti trn mng, chng chy phn mm qut cng tm ra cng no ang m li dng cng xm nhp vo h thng. C 2 phn mm qut cng thng dng l Nmap v Strobe, Nmap c th dng qut cc my tnh chy Unix/Linux v c Windows, Strobe c dng trn Unix/ inux. hn ch xm nhp thng qua cng m th phi dng cc dch v khng s dng n. f) Tn cng s dng email

Trong tn cng s dng email, attacker gi email cho nn nhn km theo tp nh km cha m c hi c ni dung d nh la nn nhn m ra hoc lin kt ti mt trang thu thp thng tin c nhn hoc trang cha m c hi. Khi nn nhn m tp nh km hay nhn vo lin kt th m c hi s c kch hot g) Tn cng t chi dch v Tn cng t chi dch v c s dng ngn chn ngi dng hp php truy cp n my tnh, trang web hay s dng 1 dch v no bng cch lm tc nghn ng truyn hay chim dng ti nguyn h thng, lm h thng khng cn kh nng phc v ngi dng khc. Tn cng t chi dch v vo mt HH c th c thc hin trong chnh mng ni b m HH c ci t. Attacker ginh quyn truy cp vi khon mc c quyn qun tr v dng cc dch v trn my ch lm ngi dng khng th s dng c dch v , mt cch khc l lm y a trn h thng khng ci t chc nng Disk quota lm a b trn bi cc tp Vi tn cng t xa, attacker huy ng cc my tnh ma gi tht nhiu gi tin lm cn kit bng thng lm gim ti a yu cu s dng dch v hp l n c h thng cung cp dch v (thng qua cc k thut tn cng nh UDP Flood Attack, ICMP Flood Attack, Smuft attack, Fraggle Attack) hay chim dng ngun ti nguyn h thng nh CPU, RAM, khin cho h thng khng cn ti nguyn phc v ngi dng khc (thng qua cc k thut tn cng nh TCP SYN Attack, PUSH ACK Attack, IP address attack, IP packet options attack) Tn cng t chi dch v khng nh hng n thng tin ca h thng m ch lm gin on hot ng ca h thng, hin nay khng c bin php chng li hon ton m ch c th hn ch loi tn cng ny h) Tn cng gi mo Tn cng gi mo lm thay i a ch ngun ca gi tin thnh a ch khc c tin cy, s dng tn cng gi mo, attacker c th truy cp c vo h thng c bo v. Tn cng DdoS lm lt mt mng bng cc gi tin c a ch ngun gi mo cng l mt dng tn cng gi mo.

Cu 6: H thng thanh tra, kim ton


H thng thanh tra: L h thng pht hin xm nhp bng cch kim tra cc nht k, cc d liu chn bt c hoc thng tin khc c ghi li xc nh xem c xm nhp vo h thng hay khng, hoc hin c hay khng xm nhp vo h thng bng cch thc no . Cc h thng thanh tra tm kim bt k 1 s kin no di y: o Cc tp b thay i hoc c to mi bi nhng trng hp kh nghi o Cc quyn b thay i khng nh mong mun

o Vic s dng qu nhiu ti nguyn my tnh nh CPU hoc b nh o Cc du hiu xm nhp trn cc cng, thng qua phn u ca gi tin hay Frame hoc qua dng lnh o N lc thay i cc tp quan trng H thng kim ton: l mt h thng pht hin xm nhp theo di mt s d liu v cc s kin lin quan n h iu hnh v mng. Mt h thng kim ton thng l phn mm t ng ghi tt cc thng tin ra nht k. Cc thng tin c th tm thy trong nht k kim ton bao gm: o Mi thi im dch v c khi ng v dng hot ng o Mi thi im cc dch v c cu hnh li hoc cu hnh sai o Cc s kin v phn cng, nh cc thit b ngoi vi c kch hot hay khi a b y o Cc vn v phn cng nh a, cng b li hoc cc vn khc o Mi thi im cc tp hoc th mc c sao lu d phng o Cc s kin lin quan n dch v mng nh DNS, DHCP, Web server o Mi thi im h iu hnh tt hoc khi ng li o Mi n lc ng nhp o Mi thi im cc quyn trn mt i tng b thay i o Mi thi im m cng vic in n c thc hin thnh cng hay tht bi o Cc s kin kt ni mng

Cu 7: So snh 2 giao thc xc thc trong mng khng dy WEP v WPA


Ging nhau: u l giao thc xc thc mng khng dy s dng thut ton m ha RC4 WPA Thut ton m ha: RC4, IV 48bit Khng gian kha: 248 M bo m tnh ton vn ca gi tin l MIC S dng giao thc phn phi v qun l kha

WEP - Thut ton m ha : RC4, IV 24bit - Khng gian kha m: 224 - Bo m tnh ton vn d liu: WEP s dng CRC32 sa li truyn tin trong vin thng

- Tnh bo mt km, d b tn cng d mt khu, gi mo thng bo do vector khi to b.

TKPI - bo mt cao hn WEP, c kh nng chng li tn cng gi mo thng bo, thay i ni dung, pht hin li.

Cu 8: Cc phng php xc thc c s dng trong HH


Xc thc phin - Mc ch ca xc thc phin l m bo tnh chnh xc ca qu trnh truyn thng ang din ra. - Xc nhn tnh xc thc ca ti nguyn truyn thng - c thc hin bng cch cung cp cho cc gi tin mt nh danh hoc mt s th t. C th m ha nh danh, STT trn nhm chng k tn cng dng li c thng bo t vic thu hoc ghp cc gi tin li vi nhau hoc nhm chng k tn cng lm gi mo thng tin vi cc thng s thu c Chng ch s - Mt chng ch s l tp cc thng tin nhn dng duy nht thng c gn vo cui ca mt tp hoc lin quan n mt phin truyn thng. - Mc ch ca n l chng minh ngun gc ca mt tp v phin truyn thng l hp php - S dng mt tp thng tin s duy nht xc thc cc bn truyn thng tham gia v m ha bng kha cng khai. Xc thc ng nhp NT Lan Manager - y l phng php xc thc ng nhp cc b c s dng t HH windows 3.1 n windows server 2003 - Ngy nay c s dng ch m bo tnh tng thch vi cc HH c ca Windows - NTLM l kt hp s dng gia xc thc phin v xc thc dng hi p Phng php xc thc Kerberos - Kerberos l giao thc xc thc ng nhp, l nn tng xc thc chnh ca HH hin nay: Unix, Linux, Windows - Kerberos s dng kha b mt l cc v c trao i gia ngi dng (ngi s dng dch v) vi cc dch v mng, my ch, ng dng, ng vai tr l ngi cp quyn truy nhp. - Dng v xc thc phin truyn thng gia my khch v my ch v m ha bng kha b mt. - Dng mt my ch trung tm xc thc ngi dng & cp pht v dch v ngi dng c th truy nhp vo ti nguyn h thng

Tnh an ton cao nh dng thut ton m ha mnh, s dng tham s thi gian xc thc

Giao thc xc thc m rng EAP (Extensible Authentication Protocol) - S dng xc thc trn cc mng v cc kt ni t xa - Dng my ch xc thc Radius - C th s dng nhiu phng php m ha khc nhau DES, 3DES, xc thc phin, KCK, cc chng ch - Dng xc thc trn mng LAN : EAPoL (EAP over LAN) - EAP c thc hin bng cch cung cp mt phin truyn thng xc thc gia mt my khc v mt my ch c s dng xc thc truy nhp ca my khch - My ch xc thc thng l my ch Radius, cho php n xc thc ngi dng thc hin kt ni qua ng quay s hoc qua kt ni mng internet An ton tng phin (SSL Secure Sockets Layer) - SSL l mt dng ca xc thc khng ph thuc vo dch v - Khng lin quan n nh tuyn hay kim tra tin cy - SS c lin quan n vic khi to v duy tr kt ni trong qu trnh truyn thng - SS c tnh c lp dch v, c th s dng vi rt nhiu ng dng nh FTP, HTTP, HTTPS - SSL hin nay c s dng ph bin nht l m bo an ton cho cc giao dch Web - SSL s dng thut ton m ha - S dng giao thc bt tay v n s dng thm cc tn hiu gia cc bn tham gia truyn thng tha thun v xc nhn cc kt ni an ton. Vic tha thun trong giai on bt tay ca SSL s quyt nh di ca kha m : 40 bit, 56 bit, 128 bit - SSL yu cu s dng dch v chng ch s An ton tng vn ti (Transport Layer Security - TLS) - c pht trin sau SS , cng c lp vi cc ng dng, cc trnh duyt web hin nay v cc my ch web u h tr TSL - TSL s dng mt m kha i xng v giao thc bt tay , s dng thut ton RSA - TS c s dng m bo an ton trong truyn thng Shell an ton (Secure Shell - SSH) - S dng RSA v chng ch s xc thc phin truyn thng c s dng mt khu - Sau khi phin truyn thng c xc thc, SSH s dng 3DES m ha lung thng tin c truyn i trong phin truyn thng - Shell an ton c pht trin trn cc h thng Unix, inux bo v an ton xc thc cho cc ng dng TCP/IP nh FTP v Telnet Th an ton (Security token) - L mt thit b vt l sinh mt khu, dng cho qu trnh xc thc, hin c s dng nhiu trong cc giao dch ngn hng, chng khon (xc thc ng nhp qua web)

Khi lp vo my tnh, th an ton s lin lc vi my ch xc thc to mt khu v s dng m ha bo v thng tin v mt khu c to Mi ln ngi dng khi to mt phin lin lc mi bng cch lp th an ton vo my tnh , th mt khu mi s c to ra. Ngi gi th c th s dng mt khu trong sut phin lin lc v s ht hn trong mt thi gian ngn Th an ton c hai u im chnh: Ngi dng khng phi nh mt khu v mt khu s thay i sau mi ln s dng th Nu b l mt khu th mt khu ch c gi tr trong mt phin lin lc

Cu 9:Pht hin xm nhp ch ng, b ng.u, nhc im ca chng.


Pht hin xm nhp l qu trnh thit lp cc h thng pht hin xm nhp nhn bit, xc nh, v a ra cnh bo v kh nng xm nhp v tn cng vo mng h thng my tnh. a-Ch ng Pht hin xm nhp 1 cch b ng bao gm cc cch pht hin v ghi li nhng l lc xm nhp nhng ko a ra cc hnh ng vi nhng pht hin .Thng thng cc cng c pht hin xm nhp b ng cho php kha cc hot ng sau: -n lc ng nhp v thnh cng hoc tht bi -nhng n lc kh nghi khi c gng truy cp vi ti khon ca ngi qun tr. -thay i cc tp, ti khon, dch v DNS -tt h thng bt ng -thm d mng, qut cng .vv Pht hin xm nhp b ng ch hiu qu khi ngi qun tr hoc my ch thng xuyn kim tra cc tp nht k v cc thng tin c ghi li v nhng l lc xm nhp c th.V trong h thng thng c rt nhiu s gim st nn cc h thng pht hin xm nhp b ng cho php ngi qun tr to ra cc b lc(filter) hoc cc thit b by(trap).Filter v trap thng c trong phn mm qun l mng SNMP.Mt s cng c pht hin xm nhp b ng khc nh: +klaxon:pht hin cc cuc tn cng qut cng v c th bo co ngun gc ca cc cuc tn cng +loginlog:ghi li cc l lc ng nhp thnh cng hoc tht bi

+realSecure:gim st cc hot ng ca mng v cung cp cc cng c xc nh k tn cng *u im:+pht hin hiu qu cc cuc xm nhp tri php +cc phn mm hoc cc cng c pht hin xm nhp b ng c thit k n gin ha qu trnh qun l, hot ng c lp. *nhc im:+ch pht hin xm nhp m ko a ra hnh ng vi cc xm nhp ->ch hiu qu khi ngi qun tr thng xuyn kim tra b-pht hin xm nhp ch ng Pht hin xm nhp ch ng l nhng cng c pht hin cc cuc tn cng v gi bo ng n ngi qun tr hoc a ra hnh ng ngn chn cc cuc tn cng mc thp pht hin xm nhp ch ng thng bo cho my ch hoc ngi qun tr bit v cc cuc tn cng, xm nhp->ngi qun tr c th a ra hnh ng mc cao hn cng c pht hin xm nhp ch ng c th c cu hnh a ra hnh ng nhm cn tr cc cuc tn cng hoc xm nhp.Cc hnh ng c th l t chi truy cp n ng dng hoc kt thc phin ng nhp, hoc chuyn hng k tn cng n nhng mc tiu an ton v d v cc cng c pht hin xm nhp ch ng: -appshield: gim st cc hot ng HTM v ngn chn cc cuc tn cng -snort:gim st cc hot ng ca mng, gi bo co n ngi qun tr *u im: -cc cng c pht hin xm nhp ch ng ch nh hng ti ngi qun tr-ngi ci t n -ko ch pht hin m cn a ra c hnh ng vi nhng xm nhp n->h thng mng an ton hn *Nhc im: tuy c cu hnh cn thn t mc ch ngn chn nhng k tn cng nhng n ko c cu hnh cht ch ti mc ngi dng hp php ko th hon thnh cng vic ca h.

Cu 10 : Chi tit v XC THC NG NHP CC B trong Windows ( v s , trnh by cc bc theo s )


- Giao thc NTLM ( NT Lan Manager ) l giao thc ng nhp cc b ( ng nhp vo chnh my ) - Xc thc ng nhp gia cc my tnh trong mng theo m hnh Client-Server - S dng giao Challenge/response thch thc/ p ng c m ha xc thc ngi dng m khng gi mt khu ca ngi dng qua mng ,thay vo h thng xc thc yu cu phi thc hin mt ph p tnh chng minh n c th truy nhp cc thng tin NT M vo y. - Cc phin bn l NTLM - V1 ,NTLM - V2 ( ph bin ) , NTLM V2 session - S hot ng
Client Server

Miu t cc mi tn t trn xung : - Authentication Request - Service - Challenge Nonce - NTLM Response - Authentication Result

B1: ti my trm ngi dng cung cp thng tin xc thc : tn ngi dng , tn min , mt khu . . Tnh m Hash ca mt khu ngi dng va g . B2: my trm gi tn ng nhp ca ngi dng ti my ch ( dng r ) B3: my ch s to ra mt s gm 16 Byte ngu nhin gi l Challenge ( hay cn gi l nonce ) ri gi li cho my trm

B4: my trm m ha cc nonce nhn c t my ch B3 vi m Hash ca mt khu ngi dng ti B1 ri gi kt qu ti my ch gi l Response. B5: my ch gi ba thng tin l : tn ngi dng , thch thc , p ng cho my trm ti b iu khin tn min B6: b iu khin tn min s dng tn ngi dng ly m Hash ca ngi dng t CSDL qun l ti khon an ton. N s dng m Hash m ha thch thc. B7 : so snh m ha B6 vi p ng nhn c B4 . Nu ng th thnh cng.

Cu 11: tng quan v cc k thut s dng mng khng dy


1. SSID Khi chng ta mua cc thit b khng dy, cc hng cung cp h tr dch v thit lp nh danh( SSID). Dch v thit lp nh danh l mt gi tr nh danh c trng v l mt chui c di c th ln ti 32 k t. SSID khng phi l mt khu, song gi tr ny c dng ch r cc thit b thuc mt mng logic no. S trin khai SSID khng ging nh mt cch ngn cn cc k tn cng mng nguy him nhng n cng c tc dng lm kh khn hn cho k tn cng Tham kho thm Mt trong nhng khuyn co bo mt ph bin nht cho mng khng dy l nn v hiu ha vic qung b SSID. SSID l t c vit tt t thut ng Service Set Identifier. SSID xut hin vi t cch l mt t hoc mt cm t c s dng nhn dng mt mng khng dy. L do ti sao c rt nhiu chuyn gia CNTT khuyn nn v hiu ha vic qung b SSID l v SSID gn ging nh mt nhn m bn c th s dng phn bit mt mng khng dy. SSID thc l mt b mt v c s dng hn ch vic truy cp vo mt mng khng dy no . Ni theo cch khc, tr khi ai bit b mt, bng khng h khng th kt ni vi mng khng dy ca bn. Cn lu rng, mc d SSID l mt b mt nhng n khc vi cc kha WEP hoc WPA.Nu SSID thc s l mt kha mt c s dng bo v s truy cp cho mt mng khng dy th ti sao hu ht cc im truy cp li qung b SSID? L do ti sao SSID li c qung b nh vy l s pht trin ca vic kt ni mng khng dy. D SSID c th ban u c to nh mt c ch bo mt, nhng n nhanh chng c qung b tr thnh mt c ch cho vic phn bit gia cc mng khng dy vi nhau. Thm ch h iu hnh Windows cn coi SSID l thnh phn ch s tn ti ca mt mng khng dy.

Khi bn v hiu ha vic qung b, im truy cp khng dy s c gng khng qung b khi gp cc gi yu cu s p tr. Ni cch khc, SSID s khng c hin th trn danh sch cc mng khng dy c sn ca Windows. Cch thc ny c th tng mc bo mt, nhng thm ch nu bn v hiu ha qung b SSID th SSID vn c truyn ti trong cc khung Association v Re-association cng nh cc khung Probe Response. Nu ai c mt b nh hi gi d liu, h u c th khm ph ra SSID mng khng dy mng ca bn v bt c thi im no khi c ngi dng hp php kt ni vi mng khng dy ca bn th SSID cng u c pht di dng vn bn trong sng. Tt c nhng g cc hacker cn thc hin l ngi v i. 2. Lc a ch MAC( phn ch xanh l tham khi thm nha !) Mt trong nhng k thut bo mt hiu qu hn cho cc mng khng dy mc im truy cp l s dng lc a ch MAC. tng c bn ca k thut ny cng ging nh mt card mng chy dy, tt c cc NIC khng dy u c mt a ch MAC (Media Access Control) duy nht. K thut lc a ch MAC l qu trnh bn to mt danh sch trng ch r cc a ch MAC no l xc thc v c quyn kt ni vi im truy cp. Mt u im ca k thut ny l d c ai bit SSID mng khng dy ca bn v mt khu WEP hoc WPA th h cng khng th kt ni vi mng tr khi h s dng card mng m bn xc thc. Chnh v vy lc a ch MAC l mt c ch bo mt kh tt m c th bn cha c nghe nhiu v n. Mt l do ti sao lc a ch MAC khng c s dng rng di trn cc mng khng dy l v c rt nhiu vn i km trong vic thc thi v duy tr c ch ny. K thut lc a ch MAC ch lm vic thc s tt trong cc t chc nh, n khng thc t khi s dng trong cc mng lp doanh nghip c ln v mi ln a vo s dng mt card mng mi, a ch MAC ca card phi c thm vo b lc a ch MAC. Tng t nh vy, bt c khi no laptop hoc card khng dy khng lm vic, qun tr vin phi ch ra c a ch MAC no thuc v thit b v remove n khi danh sch trng. Hn th na, trong cc cng ty ln, thng c rt nhiu cc chuyn gia, nhn vin thm nh v khch gh thm, y l nhng ngi cn truy cp qua mng khng dy. Nu bn s dng k thut lc a ch MAC th iu ny v tnh lm cn tr cc v khch ny truy cp vo mng khng dy. Qu trnh qun l danh sch ca b lc MAC l kh cng phu, tuy nhin nhng nhc im ny khng ngn cc t chc s dng n. C hai vn c th minh chng l nhng nhc im trong vic s dng k thut lc a ch MAC. Mt trong hai vn l k thut lc a ch MAC c thc thi mc im truy cp. iu ny s khng thnh vn i vi cc t chc nh hoc trung bnh, tuy nhin vi

cc t chc ln hn, cc t chc c nhiu im truy cp khng dy o v vt l th vic qun l danh sch trng cho mi thit b ny s l mt nhim v khng h n gin. Mt nhc im khc trong vic s dng k thut lc a ch MAC l cc im truy cp yu cu khi ng li mi ln c s thay i i vi danh sch lc. Nhng ln khi ng li ny s rt kh chu nu mt t chc no thc hin nhiu thay i cho danh sch lc. C mt s ngi cho rng nhng im bt thut li ny vn ng gi vi nhng u im thu c trong vic s dng lc a ch MAC. Ni chung, hacker thng khng c kh nng thay i NIC ca h gn cho n mt a ch MAC khc. Tng t nh vy, hacker cng khng c kh nng thay i danh sch lc ca bn nu danh sch ngn chn h truy cp vo mng ca bn ngay t u. L do ti sao vic lc a ch MAC khng c coi hon ton tin cy l v c nhiu cch c th gi mo a ch MAC bng phn mm. Cho v d, ch ng ti tng thy cc driver Windows cho cc NIC khng dy c mt ty chn i km ch nh mt a ch MAC khc. Nu hacker nh hi thy mng khng dy ca bn, chng c th d dng ly c a ch MAC ca NIC c xc thc. Khi c c a ch ny ri, chng c th cu hnh my tnh gi mo a ch v tng truy cp vo mng ca bn. Vy iu ny c ngha l chng ta khng nn s dng k thut lc a ch MAC na? Khng phi ! Bn cn bit rng khng c mt tnh nng bo mt no l hon ho. Bo mt cn phi c nhiu lp v c chiu su. N theo cch khc, bn nn c nhiu bin php bo mt trnh ai c th t nhp vo mng ca mnh. C th vic lc a ch MAC l mt ty chn khng thc t cho cc t chc ln nhng n li l mt ty chn ph hp vi cc t chc nh v trung bnh. 3. S dng giao thc xc thc WEB (tham kho thm cu 4 ca ng tng) WEP (Wired Equivalent Privacy) l thut ton m ha u tin ca mng khng dy. Ngy nay, hu ht cc im truy cp khng dy vn cung cp c ch m ha WEP ny. C 3 chc nng chnh sau: - Chng l cc gi tin trong qu trnh truyn - Chng sa i gi tin trong qu trnh truyn - Cung cp kh nng kim sot truy nhp mng 4. WPA-PSK [TKIP] WPA (Wi-Fi Protected Access) c thit k vi t cch mt c ch khc phc nhng thiu st ca WEP. C mt s dng thc ca WPA nhng dng thc c bit n nhiu nht l WPA-PSK, m ha s dng kha tin chia s. Mt s dng thc khc ca WPA s dng giao thc c tn TKIP, y l tn c vit tt cho cm t Temporal Key Integrity Protocol. TKIP s to ra kha 128-bit cho mi mt gi d liu. 5. WPA2-PSK

WPA2-PSK l phin bn k tip ca WPA. Mc d vn s dng kha tin chia s nhng WPA2 thay th giao thc m ha TKIP bng CCMP tng cng thm bo mt. CCMP da trn thut ton Advanced Encryption Standard (AES) s dng 10 vng m ha to ra kha 128-bit. WPA2 hin l c ch m ha c u thch. 6. Xc thc h thng m Trong h thng m, hai trm tham gia truyn thng c th xc thc ln nhau. Tram gi s gi i mt thng bo n gin yu cu xc thc bi trm ch hoc im truy nhp (AP), khi trm ch xc nhn yu cu th qu trnh xc thc s hon thnh. Trong phng thc ny, mt trm bt k khi yu cu xc thc th n s cng nhn lun qu trnh xc thc . Trong xc thc h thng m, tnh an ton c cung cp rt thp v y l thnh phn ngm nh ca cc thit b khng dy. 7. Xc thc kha chung Xc thc kha chung( kha chia s trc) s dng mt m kha i xng, vi vic s dng cng mt kha (hoc mm kha) m ha v gii m. K thut s dng l thch v p ng(challenge/ response ), vi cc bc: - My tnh khi to kt ni s gi mt khung yu cu qun l xc thc ti thit b ch - Thit b ch gi mt khung yu cu qun l xc thc i hi tham s b mt - My tnh khi to gi tr li cho thit b ch tham s b mt cng vi tng tra CRC xc nhn tnh chnh xc ca tham s b mt - Thit b ch s kim tra tham s b mt t my tnh truy nhp, nu chnh xc th s gi tr li cho my tnh ch mt thng bo xc nhn qu trnh xc thc thnh cng v qu trnh truyn nhn d liu s bt u. 8. An ton 802.1x, 802.1i Chun 802.11 I l nng cao ca chun 802.11 cung cp thm nhiu c ch an ton mi m bo tnh b mt v ton vn ca thng tin. Cc c tnh mi: - Hai kiu mng mi c gi l transition security network( TSN) v robust security network( RSN) - Cc phng php m ha v ton vn d liu mi: temporal key integrity protocol( TKIP) v counter mode/ CBC-MAC protocol( CCMP) - C ch xc thc mi s dng giao thc EAP - Qun l kha thng qua cc giao thc bt tay an ton c thc hin trn 802.1x TKIP l mt b mt m v c cha mt thut ton trn kha v mt b m gi bo v cc kha mt m. CCMP l mt thut ton da trn thut ton AES dng m ha v m bo ton vn d liu. Chun 802.1 1i ch r tc dng ca chc nng qun l cng 802.1x chc nng ny da vo EAP xc thc. sau khi xc thc EAP thnh cng, cc kha ch c th dk thit lp. sau khi cc kha ch dk thit lp, qu trnh qun l kha dk thc hin bi mt hay nhiu giai on bt tay.

Cu 12: H pht hin xm nhp my ch HIDS v NIDS


1. NIDS (Network Base IDS ) c t gia kt ni h thng mng bn trong v mng bn ngoi gim st ton b lu lng vo ra. C th l mt thit b phn cng ring bit c thit lp sn hay phn mm ci t trn my tnh. Ch yu dng o lu lng mng c s dng. Tuy nhin c th xy ra hin tng nghn c chai khi lu lng mng hot ng mc cao Li th ca Network-Based IDS: - Qun l c c mt network segment (gm nhiu host) - "Trong sut" vi ngi s dng ln k tn cng - Ci t v bo tr n gin, khng nh hng ti mng - Trnh DOS nh hng ti mt host no . - C kh nng xc nh li tng Network (trong m hnh OSI) - c lp vi OS Hn ch ca Network-Based IDS - C th xy ra trng hp bo ng gi (false positive), tc khng c intrusion m NIDS bo l c intrusion. - Khng th phn tch cc traffic c encrypt (vd: SS , SSH, IPSec ) - NIDS i hi phi c cp nht cc signature mi nht thc s an ton - C tr gia thi im b attack vi thi im pht bo ng. Khi bo ngc pht ra, h thng c th b tn hi. - Khng cho bit vic attack c thnh cng hay khng.Mt trong nhng hn ch l gii hn bng thng. Nhng b d mng phi nhn tt c cc lu lng mng,sp xp li nhng lu lng cng nh phn tch ch ng. Khi tc mng tngln th kh nng ca u d cng vy. Mt gii php l bo m cho mng c thit k chnh xc cho php s sp t ca nhiu u d. Khi m mng pht trin, th cng nhiu u d c lp thm vo bo m truyn thng v bo mt tt nht.Mt cch m cc hacker c gng nhm che y cho hot ng ca h khi gp h thng IDS da trn mng l phn mnh nhng gi thng tin ca h. Mi giaothc c mt kch c gi d liu gii hn, nu d liu truyn qua mng ln hn kch c ny th gi d liu s c phn mnh. Phn mnh n gin ch l qu trnh chia nh d liu ra nhng mu nh. Th t ca vic sp xp li khng thnh vn min l khng xut hin hin tng chng cho. Nu c hin tng phn mnh chng cho, b cm bin phi bit qu trnh ti hp li cho ng. Nhiu hacker c gng ngn chn pht hin bng cch gi nhiu gi d liu phn mnhchng cho. Mt b cm bin s khng pht hin cc hot ng xm nhp nu b cm bin khng th sp xp li nhng gi thng tin mt cch chnh xc 2. HIDS (Host Based IDS )

HIDS thng c ci t trn mt my tnh nht inh. Thay v gim st hot ng ca mt network segment, HIDS ch gim st cc hot ng trn mt my tnh. HIDS thng c t trn cc host xung yu ca t chc, v cc server trong vng DMZ - thng l mc tiu b tn cng u tin. Nhim v chnh ca HIDS l gim st cc thay i trn h thng, bao gm (not all): - Cc tin trnh. - Cc entry ca Registry. - Mc s dng CPU. - Kim tra tnh ton vn v truy cp trn h thng file. - Mt vi thng s khc.Cc thng s ny khi vt qua mt ng ng nh trc hoc nhng thay i kh nghi trn h thng file s gy ra bo ng. Li th ca HIDS: - C kh nng xc inh user lin quan ti mt event. - HIDS c kh nng pht hin cc cuc tn cng din ra trn mt my, NIDS khng c kh nng ny. - C th phn tch cc d liu m ho. - Cung cp cc thng tin v host trong lc cuc tn cng din ra trn host ny. Hn ch ca HIDS: - Thng tin t HIDS l khng ng tin cy ngay khi s tn cng vo host ny thnh cng. - Khi OS b "h" do tn cng, ng thi HIDS cng b "h". - HIDS phi c thit lp trn tng host cn gim st . - HIDS khng c kh nng pht hin cc cuc d qut mng (Nmap, Netcat ). - HIDS cn ti nguyn trn host hot ng. - HIDS c th khng hiu qu khi b DOS. - a s chy trn h iu hnh Window. Tuy nhin cng c 1 s chy c trn UNIX v nhng h iu hnh khc So snh NIDS v HIDS: y l so snh theo hng dn ca thy Trin khai Phm vi bo v Qun tr Bng thng, hiu nng mng Nn tng NIDS Phuc tp hn nhng ko hiu qu hn Pht hin dk tn cng n t bn ngoi mng Tp trung Chim nhiu bng thng---> qun l hiu nng mng thp C th chy trn nhiu phn cng or phn mm thuc v ko ph thuc vo nn tng hdh HIDS n gin hn, nhng mt nhiu thi gian trin khai bn trong mng Phn tn Khng chim dng Thng l phn mm v thuc h iu hnh v cc my tnh trong mng

v cc my tnh trong mng So snh theo nhm bi tp ln:

Cu 13 : Giao thc xc thc KERBEROS ( s hot ng , trnh by cc bc , nhn xt ) :

AS = My ch chng thc (authentication server), TGS = My ch cp v (ticket granting server), SS = My ch dch v (service server). User Client-based Logon 1. Ngi s dng nhp tn v mt khu ti my tnh ca mnh (my khch). 2. Phn mm my khch thc hin hm bm mt chiu trn mt khu nhn c. Kt qu s c dng lm kha b mt ca ngi s dng. Client Authentication 3. Phn mm my khch gi mt gi tin (khng mt m ha) ti my ch dch v AS yu cu dch v. Ni dung ca gi tin i : "ngi dng XYZ mun s dng dch v". Cn ch l c kha b mt ln mt khu u khng c gi ti AS. 4. AS kim tra nhn dnh ca ngi yu cu c nm trong c s d liu ca mnh khng. Nu c th AS gi 2 gi tin sau ti ngi s dng:

Gi tin A: "Kha phin TGS/my khch" c mt m ha vi kha b mt ca ngi s dng.

Gi tin B: "V chp thun" (bao gm ch danh ngi s dng (ID), a ch mng ca ngi s dng, thi hn ca v v "Kha phin TGS/my khch") c mt m ha vi kha b mt ca TGS.

5. Khi nhn c 2 gi tin trn, phn mm my khch gii m gi tin A c kha phin vi TGS. (Ngi s dng khng th gii m c gi tin B v n c m ha vi kha b mt ca TGS). Ti thi im ny, ngi dng c th nhn thc mnh vi TGS. Client Service Authorization 6. Khi yu cu dch v, ngi s dng gi 2 gi tin sau ti TGS:

Gi tin C: Bao gm "V chp thun" t gi tin B v ch danh (ID) ca yu cu dch v. Gi tin D: Phn nhn thc (bao gm ch danh ngi s dng v thi im yu cu), mt m ha vi "Kha phin TGS/my khch". Gi tin E: "V " (bao gm ch danh ngi s dng, a ch mng ngi s dng, thi hn s dng v "Kha phin my ch/my khch") mt m ha vi kha b mt ca my ch cung cp dch v. Gi tin F: "Kha phin my ch/my khch" mt m ha vi "Kha phin TGS/my khch".

7. Khi nhn c 2 gi tin C v D, TGS gii m D ri gi 2 gi tin sau ti ngi s dng:

Client Service Request 8. Khi nhn c 2 gi tin E v F, ngi s dng c thng tin nhn thc vi my ch cung cp dch v SS. My khch gi ti SS 2 gi tin:

Gi tin E thu c t bc trc (trong c "Kha phin my ch/my khch" mt m ha vi kha b mt ca SS). Gi tin G: phn nhn thc mi, bao gm ch danh ngi s dng, thi im yu cu v c mt m ha vi "Kha phin my ch/my khch".

9. SS gii m "V " bng kha b mt ca mnh v gi gi tin sau ti ngi s dng xc nhn nh danh ca mnh v khng nh s ng cung cp dch v:

Gi tin H: Thi im trong gi tin yu cu dch v cng thm 1, mt m ha vi "Kha phin my ch/my khch".

10. My khch gii m gi tin xc nhn v kim tra thi gian c c cp nht chnh xc. Nu ng th ngi s dng c th tin tng vo my ch SS v bt u gi yu cu s dng dch v. 11. My ch cung cp dch v cho ngi s dng.

u im : - s dng kha b mt v cc v trao i gia ngi dng vi dch v mng my ch ng dng hay dch v th ng vai tr l ngi truy nhp - dng v xc thc phin truyn thng gia my ch v my khch - dng mt my ch trung tm xc thc ngi dng v cp pht v - c tnh an ton cao nh dng thut ton m ha mnh - s dng tham s thi gian xc nh tnh xc thc ca ngi dng Nhc im : - Tn ti mt im yu: Nu my ch trung tm ngng hot ng th mi hot ng s ngng li. im yu ny c th c hn ch bng cch s dng nhiu my ch Kerberos. - Giao thc i hi ng h ca tt c nhng my tnh lin quan phi c ng b. Nu khng m bo iu ny, c ch nhn thc gia trn thi hn s dng s khng hot ng. Thit lp mc nh i hi cc ng h khng c sai lch qu 10 ph t. - C ch thay i mt khu khng c tiu chun ha.

Cu 14 : Vn kim sot truy nhp . Cc phng php cp quyn truy nhp


1. Vn kim sot truy nhp Khi nim: Kim sot truy nhp l phng php bo v thng tin bng cch iu khin vic s dng tt c cc ti nguyn ca HT ( cc phng tin k thut , cc chng trnh phn mm,cc CSDL. Cc qu trnh kim sot truy nhp: - nh danh xc thc ngi dng - Gim st truy nhp - Gii hn kim sot 2. Cc phng php cp quyn truy nhp DAC ( truy nhp ty ) Discretionary Access Control - L chnh sch truy nhp m ch nhn thng tin c quyn cho ph p ai c truy cp n. - Hai khi nim c dng:

o S hu thng tin l chnh sch truy cp cc i tng do ch nhn thng tin quyt nh o Quyn v php truy cp l quyn khng ch nhng thng tin do ch nhn thng tin ch nh cho mi ngi hoc nhm ngi K thut dng trong kim sot truy cp ty l sanh sch kim sot truy kim ( ACL ) : nh danh cc quyn cc php c ch nh cho 1 ch th hay i tng.

- C ch cp quyn DAC: Vi mi cp (S O) phi lit k r v n ngha cc loi tip cn (c, vit) tc l cc tip cn -c php ca ch th S ti i t-ng O. C ch ny -c thc hin nh lit k quyn hoc nh ma trn quyn. MAC ( truy nhp bt buc) L chnh sch truy cp do HT quyt nh,khng phi do c nhn s hu ti nguyn quyt nh. c s dng trong cc HT a tng, l nhng HT x l cc loi d liu nhy cm nh thng tin c phn hng v mc bo mt trong chnh ph hay qun i Nhn hiu nhy cm : ch nh mt nhn hiu cho mt ch th v mi i tng trong HT.Nhn hiu nhy cm ca mt ch th xc nh mc tin cy cn thit truy cp. truy cp vo mt i tng no , ch th phi c mt mc nhy cm tng ng hoc cao hn mc ca i tng yu cu. Xut v nhp d liu: y l chc nng trng yu trong cc HT s dng kim sot bt buc.Vic nhp xut phi m bo cc nhn hiu nhy cm c m bo gi gn mt cch ng n,cc thng tin nhy cm c bo v. Cc pp c p dng l: o Kim sot truy cp dung theo lut: nh ngha thm iu kin c th vi vic truy cp mt i tng, quyt nh cho php hay t chi yu cu truy cp, bng cch i chiu nhn nhy cm ca i tng vi ca ch th. o Kim sot truy cp dng li: M hnh li l mt cu trc ton hc, inh ngha gi tr cn di ln nht,cn trn nh nht cho nhng cp nguyn t ( gm mt ch th v mt i tng)

- C ch cp quyn MAC: C ch ny da trn s phn cp theo mt cc TT cha trong cc i t-ng O ca HT v s cho php chnh thc cc ch th S -c tip cn ti TT vi mt t-ng ng. Ni cch khc, mi ch th S v mi i t-ng O -c gn cho cc nhn an ton, phn nh v tr ca S v O trong cc tp c th t ca chng. Cc nhn an ton c cha cc c tr-ng trong phn cp c th t (tc mt) v c cc c tr-ng phi th t (tc hng mc an

ton). MAC -c thc hin nh ph-ng php phn gii theo mc () mt v theo hng mc an ton. RBAC ( truy nhp vai tr ) Ch nh t cch nhm ngi dng da trn vai tr ca t chc hoc chc nng ca vai tr. u im: o Ti gim vic iu hnh qun l quyn v php truy cp o Hn ch ngi dng bt hp php truy cp HT Cc vai tr m nhn cc chc nng cng vic khc nhau.Mi vai tr c gn vi mt s quyn hn cho php n thao tc mt s hot ng.Ngi dng thng qua c nhng chc nng nht nh thi hnh vi HT. Ngi dng khng c cp php trc tip .V vy vic qun l quyn ngi dng tr nn n gin, ch cn ch nh nhng vai tr thch hp cho ngi dng. RBAC khc vi cc danh sch kim sot ACL trong DAC, n ch nh cc quyn hn ti tng hot ng c th vi ngha trong c quan t chc,thay v cc i tng d liu h tng

Cu 15: Phn tch cc tn cng mng Wlan


1. Cc tn cng thm d: - u im chnh ca mng Wlan l: bt c ai cng c th thu c dl bt c u trong vng ph sng v tuyn. Tn hiu c th i qua tng, ra ngoi cc ton nh hay vt qua tt c cc ro cn. - Nhng k tn cng dng phng php thm d khm ph v phn tch cc mc tiu tn cng. Trong qu trnh phn tch, k tn cng s bit c giao thc v nhng c ch an ton no ang c sd t chn cng c tn cng ph hp. 2. Cc tn cng Dos - Dos l dng tn cng nhm ph v chc nng ca mt dch v. S ph v c th l ph hoc v vt l, cc thit b mng hoc cc tn cng nhm chim ton b bng thng ca mng. N cng c th l hnh ng nhm ngn ko cho mt ng dng no sd mt dch v. a. Cc tn cng ngt trnh bo v ngt xc thc. - Khi mt trm lm vic kt ni vo Acess Point, trc ht n phi trao i cc frame xc thc v sau l cc frame trnh bo. N ch c ph p tham giao vo mng sau khi xc thc v trnh bo thnh cng. - Tuy nhin, bt c mt trm no cng c th lm gi1 thng bo ngt trnh bo v ngt xc thc. Khi Acess Point s loi trm ra khi mng v do n ko gi c dl cho n khi n trnh bo li. Bng cch gi cc frame ny lp i lp li nhiu ln, k tn cng c th lo c nhiu my ra khi mng.

b. Tn cng thi gian pht - Transmit Duration l c ch chng xung t dng cng b cho cc trm khc bit khi no tgian pht kt thc. - K tn cng c th gi 1 lot cc gi c gi tr Transmit Duration ln nht (1/30 giy), gi tr ny lm cho cc trm khc ko pht c dl trong khong tgian --> chim mng. 3. Cc tn cng xc thc a. Tn cng xc thc bng kha b mt - Xc thc bng kha b mt chia s l c ch xc thc hai chiu m trong mi bn s gi 1 gi tr ngu nhin (Random Challenge) v sau m gi tr bng mt kha WEP m bn kia cung cp. - K tn cng thu thp thng tin bng cch quan st mt phin xc thc thnh cng s to ra nhng Response xc thc hp l sd trong tng lai. - Bng 1 php tnh XOR gia challenge v response, k tn cng c th tm ra c chui kha tng ng vi vecto khi to . Gi y, k tn cng c thng tin xc thc v hn c th dng li vecto khi to v chui kha m hn tnh ra. Hn ch n gin m tt c cc challenge chuyn n bng chui kha ny v do hn xc thc thnh cng. b. Tn cng gi mo a ch MAC - Nhiu Acess Point c kh nng gii hn kt ni ca cc trm lm vic da trn a ch MAC. Tuy nhin 1 k tn cng li d dng gi mo a ch MAC v rt nhiu Card 802.11 cho php ng dng t t cc a ch MAC m h mun. K tn cng c th d dng c c mt c MAC hp l bng cch sd cng ngh Sniffer. c. Tn cng khi phc kha WEP v khi phc bn r - C 2 cch gii m dl m bng WEP Khm ph ra ng mm kha. Tm ra tt c cc kha c th m mm kha to ra. - M kha RC4 l php tnh XOR gia kha (K) vi dl r (P) to ra bn m (C). Nu k tn cng bit c 2 trong 3 thnh phn ny, hn s tnh c thnh phn t3. V k tn cng lun lun bit c bn m C, do n c pht qung b trn mng. d. T in kha - Vn an ton ca RC4 chnh l ko c s dng trng kha. WEP thc hin iu ny bng cch s dng vecto khi to cho php 224 kha ng vi mi mm kha. - K tn cng xy dng mt t din bao gm 16 triu kha, hn c th gii m bt c dl no gi i trn mng c m bng kha WEP . T in ny ch c di 1500 byte v ch phi mt 24GB lu tr. e. Tn cng khi phc mm kha WEP - Do im yu ca giao thc v mt s li khi thc hin, nn c rt nhiu tn cng c thc hin nhm vo kha WEP. Mt trong nhng tn cng nguy him nht l tn cng

Fluhrer-Mantin-Shamr, n cho php dng 1 Sniffer th ng tm ra c mm kha WEP ch trong vng 9pht thc hin. 4. Cc tn cng trn giao thc EAP - Nhiu nh sn xut pht trin cc giao thc ko dy da trn giao thc EAP. Tt c cc giao thc ny u cn n mt my ch xc thc, Acess Point ng vai tr ch yu trung chuyn cc thng bo xc thc. - K tn cng c th nhm vo cc giao thc ny vi mt trong hai t cch K tn cng th ng quan st lung thng tin v c gng thu thp cc thng tin c ch; K tn cng ch ng ng vai tr l ng trong cuc. theo cch ny, hn s c ng gi mt client, mt my ch hoc c 2. 5. Cc im truy nhp gi mo Cc im truy cp gi mo l cc Acess Point ko hp l trong mng Cc Acess Point gi ko cn phi ci t trong phm vi vt l ca mng Mt s Acess Point ng vai tr nh cc cng truy nhp cng cng u yu cu cung cp username v password xc thc s dng dch v ko dy. Mt k tn cng cng c th dng ln cc Acess Point gi thu thp cc thng tin v khon mc. Nu ng dng ko c cch no xc thc Acess Pont th ko c cch no chng li kiu tn cng ny. K tn cng cng c th sd Acess Point gi lm n by lm tn thng n mt mng no . Nu k tn cng c quyn truy nhp vt l n mt mng, hn cng c th dng ln mt Acess Point gi trn mt mng c dy. Sau Acess Point ny c th cho php truy nhp vo mng m ko cn phi truy nhp vt l vo mng .

Cu 16: Gi tr xc thc NTLM ( tham kho thm cu 10 )


Giao thc xc thc NTLM s dng mt c ch thch thc-p ng (challenge-response) xc thc ngi dng v my tnh chy Windows Me hoc h iu hnh trc , hoc my tnh chy Windows 2000 hoc sau m khng phi l mt phn ca doamin. Mt ngi dng c thch thc (challenge) c cung cp mt s phn thng tin c nhn duy nht cho ngi s dng (response). Windows Server 2003 h tr ba phng php xc thc theo kiu challenge- response sau y: LAN Manager (LM): c pht trin bi IBM v Microsoft s dng trong OS2 v Windows cho Workgroups (Windows 95, Windows 98 v Windows Me). y l hnh thc km an ton ca xc thc challenge-response v n l d b k tn cng nghe trm, v my ch chng thc ngi dng phi lu tr cc thng tin trong LMHash . NTLM version 1: Mt hnh thc an ton hn so vi kiu M. N c s dng kt ni vi my ch chy Windows NT vi Service Pack 3 hoc sm hn. NT Mv1 s dng

giao thc m ha 56-bit. My ch xc thc ngi dng vi bt k phin bn ca NTLM no, vic xc thc phi lu tr cc thng tin trong mt Hash NT. NTLM version 2: Hnh thc an ton nht c sn trong chng thc challenge-response. Phin bn ny bao gm mt knh an ton bo v qu trnh xc thc. N c s dng kt ni vi my ch chy Windows 2000, Windows XP, v Windows NT vi Service Pack 4 hoc cao hn. NT Mv2 s dng m ha 128-bit m bo cc giao thc an ton.

Cu 17: Cy tn cng WLAN


Tn cng thm d: o Nhng k tn cng c th bt v pht tn hiu khng dy trong mng WLAN min l chng trong vng ph sng. Vi cc Antena mnh, k tn cng c th nhn v pht cc gi tin khong cch xa nhiu km. o Nhng k tn cng dng phng php thm d khm ph v phn tch cc mc tiu tn cng. Trong qu trnh phn tch, k tn cng s bit c giao thc v nhng c ch an ton no ang c s dng t chn cng c tn cng ph hp. Cho d cc chng trnh nh sniffing v wardriving khng phi l chng trnh tn cng v c cc nh qun tr h thng s dng vi mc ch hp php, nhng ch ng cng l cng c thc hin cc tn cng thm d Tn cng DoS: Tn cng DoS c bit nghim trng trong mng khng dy do tnh d dng truy nhp mng ca n nhm ph v chc nng ca 1 dch v o Tn cng ngt trnh bo v ngt xc thc: Khi 1 trm lm vic kt ni vo Access Point, trc ht n phi trao i cc frame xc thc v sau l cc frame trnh bo. N ch c php tham gia vo mng sau khi xc thc v trnh bo thnh cng. Tuy nhin bt c 1 trm no cng c th lm gi 1 thng bo ngt trnh bo v ngt xc thc, khi Access Point s loi trm ra khi mng v do n khng gi c d liu cho n khi n trnh bo li. Bng cch gi cc frame ny lp i lp li nhiu ln, k tn cng c th loi c nhiu my ra khi mng o Tn cng thi gian pht: Transmit Duration l c ch chng sung t dng cng b cho cc trm khc bit khi no thi gian pht kt thc. K tn cng c th gi 1 lot cc gi c gi tr Transmit Duration ln nht (1/30s) gi tr ny lm cho cc trm khng pht c dl trong thi gian . Do , ch cn gi i cc gi vi s lng 30goi/s l c th chim c mng

Cu 18: C ch bo v cng trong hdh


C ch bo v cc tin trnh:

- Phn lp (chia tch) cc tin trnh chy trong system mode v user mode: - Phn lp tc n nh v an ton cho h thng - Thc hin cc chc nng thng qua li gi h thng - C ch qun l tin trnh : to, ngt, tm dng, thu hi, - To c ch lin lc gia cc tin trnh : Trao i thng tin d liu gia tin trnh, gii quyt vn tranh chp xung t ti nguyn - Bo m khng c bt c c chim CPU no C ch bo v b nh: Qun l b nh h thng thng qua phn trong b nh Logic cho cc tin trnh hin thi Mc ch ch yu l chng li cc xung t b nh Chia nh b nh chnh thnh cc trang nh bng nhau gi l trang nh bng cch dng b nh o Mi trang nh c lu tr trong 1 vng bt k ca b nh vt l c gn c Mi tin trnh c 1 khng gian iu khin ring c lu gi v thc thi trong b nh Mi tin trnh c 1 trang iu khin ring c lu gi Nu c nhiu tin trnh ang chy ng thi th cc trang nh phi c bo v hoc trang nh ny ang ri Tin trnh ny khng th truy cp n trang nh ca tin trnh khc Hdh thc hin vic chuyn i s hu cc trang nh ca cc tin trnh Tin trnh ny khng c php s dng trang nh ca tin trnh khc

C ch bo v cc thit b a: Cc tin trnh ngi dng khng c php truy cp trc tip n cc ti nguyn phn cng (thit b, nh) H thng s qun l tt c cc truy cp n thit b trn

Cu 19 : Cc kiu tn cng vo mt khu h iu hnh :


1. Tn cng th ng trc tuyn : Nghe n n ng dy :

+ Truy cp v ghi li cc lung/ cc mng + Ch i cho n khi ghi c lung thng tin xc thc gia 2 my + S dng phng php tn cng vt cn d mt khu Man in the middle; relay attacks : + Tm cch truy cp vo cc knh truyn thng. + Chui thng tin xc thc, chuyn hng lung thng tin xc thc .

+ khng cn s dng k thut tn cng vt cn . D on & b kha MK: Thc hin d on MK t du nhc ng nhp : + Tc chm + D b pht hin (Qu 5 ln sai MK -> lock 60s) + Khng hiu qu c vi MK t kh ( di+ kt hp cc nhm k t) + Thc hin dch ngc cc hashed.

2. Tn cng ch ng trc tuyn : D on MK (c gng th cc MK cho n khi chn c MK ng) Mt nhiu thi gian, ch d tn cng vi cc MK yu i hi c bng thng .

3. Tn cng khng trc tuyn : C 1 s kiu nh l tn cng t in, tn cng vt cn,tn cng byte . Tn cng t in : thc hin d tm ra MK da vo CSDL c sn trong MK, thc hin th cc MK c sn trong CSD . Vd: son sn cc k tc -> tc d tn cng vi MK yu Tn cng lai (chn dl ngu nhin Hybrid attack) Bt u vi vic s dng t in (DL c sn) sau thm vo cc k t -> mnh hn kiu tn cng t in. Tn cng vt cn : + Ln lt thc hin th cc kh nng xut hin ca MK + THng c s dng tn cng cc MK dng LM hash v kh thc hin hn so vi MK dng NT hash. + Tt c cc MK cui cng s c tm thy -> Tc chm, mt nhiu thi gian. Tn cng bng cch tnh trc cc m haskes : Tnh trc cc m hask (to ra trc tt c cc m hask c th ), thc hin so snh m hask thu c vi gi tr m hask thu c vi gi tr m hask trong CSD tnh trc. -> yu cu c b nh lu tr m hask cc ln . + i vi LM hash cn khng gian lu tr cc m hash tnh trc l 310 Tera byte. + vi NT hash : vi MK < 15 ksy tc cn khng gian lu tr m hash tnh trc 5652837009 exa byte. 4. Tn cng phi k thut : + Nhn trm : xem 1 ai g MK ca h, ni MK khi ang g.

+ S dng phn mm keyboard Sniffing (nh hi MK ) -> kh b pht hin , c th iu khin t xa . + Tn cng bng yu t con ngi : Tnh d di khi s dng MK nh : ko t MK d on, ngn, trng ngy thng nm sinh .

Cu 20 : V cc m c hi ph bin :
Virus : l on m c ly nhim vo mt chng trnh, tp tin. Khi bn kch hot chng trnh, tp tin km theo e-mail, cc tr chi, hnh nh... virus s t nhn bn, ly lan v ph hoi. Mc ch : + mt s loi ph hoi cc tp hoc a + mt s khc ch nhn bn m khng gy ra ph hoi thng trc no. + mt virus hoax l 1 email cnh bo sai v 1 virus : la ngi dng chuyn tip cc cnh bo cho nhau, lm tng 1 lng ln email trn mng to lo ngi khng cn thit v gy ra nhng rc ri v lu lng mng. Su my tnh : cng l virus, nhng n khng t nhn bn. Chng l mt chng trnh

him c t ng ly lan cc my tnh ni mng vi nhau. Su my tnh ph hoi, lm gim hiu sut hot ng ca my tnh, h thng mng v thng km theo cc phn mm gin ip backdoor trn my tnh b ly nhim. Trojan: phn mm gin ip n mnh di dng mt chng trnh hu ch. N b mt tin hnh cc thao tc m bn khng mong mun, chng hn m ch iu khin t xa. Trojan khng c chc nng t sao ch p nhng li c kh nng ph hoi tng t virus. Bn c th b nhim trojan thng qua tp tin nh km trn IM, email, cc chng trnh mn hnh nn, phn mm dng th, tp tin phim, nhc...

Backdoor: l chng trnh cho ph p k tn cng gi ng truy cp v sau vo my tnh ca bn. Spyware: c kh nng cp quyn iu khin my tnh, thu thp thng tin, t ci t thm phn mm, chuyn lin kt trang web, hin ca s qung co, thay i cc thit lp my tnh... m bn khng mong mun.

Adware: l phn mm qung co km trong cc chng trnh ci t bn ti t trn mng. Chng hin th y thng tin qung co trn mn hnh. Rootkit: gip k xm nhp h thng n np trnh khng b pht hin. Rootkit thng sa i mt s phn ca h iu hnh hoc t ci t ch ng thnh cc trnh iu khin hay m-un trong .

* Cc bin php t bo v : + Ci t chng trnh chng virus hiu qu . + Ci t chng trnh bo v chng spyware thi gian thc. chng trnh chng spyware chuyn nghip, c bn quyn, bn s c bo v thi gian thc, ngn chn xm nhp, ly lan ngay khi va xut hin.

+ Lun cp nht d liu, danh sch virus mi Cp nht d liu, danh sch virus, spyware mi thng xuyn, v nu khng chng trnh s khng th nhn bit cc virus, spyware mi. + Qut virus my tnh hng ngy D cc chng trnh chng virus, spyware c thit lp kim tra, ngn chn virus ngay khi xut hin nhng bn cng nn thit lp ch qut my tnh hng ngy v i khi bn v tnh cho php mt chng trnh, tp tin nhim virus, spyware hot ng. Bn c th lp lch biu chng trnh t hot ng qut ton b cc cng. + Tt chc nng autorun ca Windows Nhiu virus n mnh trong vit lu tr, th nh, cng gn ngoi s dng cng USB hoc virus nhim trong tp tin c ghi vo a CD, DVD... li dng chc nng autorun ca Windows ly nhim pht tn v vy bn nn tt chc nng ny (tham kho ID: A0801_92 hoc Microsoft Knowledge Base v ) + Tt tnh nng m hnh nh trong Outlook Outlook mc nh t ng m hnh nh km trong e-mail, do khi nhn e-mail km hnh nh b ly nhim, virus s kch hot v pht tn. + Khng click vo ng lin kt, tp tin nh km + Lt web thng minh

Khi truy cp web, hn ch ng nhp, a thng tin c nhn, ti khon mt khu ln mng. Khi ng nhp ti khon bn cn m bo my tnh hon ton "sch s, chng trnh chng virus, spyware, phishing cp nht y , bt chc nng chn cc trang ph (pop-up). Khng ci t cc phn m rng (plug-in) khng r ngun gc trn trnh duyt web. Truy cp ng trang web c m ha theo hng dn ca nh cung cp dch v, nu thy bt thng cn ngng vic ng nhp. + Thay i ti khon Windows mc nh - Mc nh, trong Windows ti khon "Administrator" khng mt khu c y quyn qun tr. Bn nn t password, i tn ti khon Administrator hoc thay i ti khon ng nhp (ID: A0504_139) v virus c th li dng quyn qun tr iu khin t xa my tnh bn. + S dng tng la kim sot ca ng Internet h thng mng cn c thm tng la ngn chn xm nhp ngay t ca ng gia mng Internet v mng ni b, m bo an ton cho h thng. + S dng DNS an ton My tnh cn DNS xc nh trang web truy cp, nu DNS "nhim c

Cu 21: Cc phng php bo v HH t pha ngi dng.


S dng HH v cc phn mm c bn quyn. Thng xuyn cp nht cc bn v li hh. H iu hnh Windows (chim a s) lun lun b pht hin cc li bo mt chnh bi s thng dng ca n, tin tc c th li dng cc li bo mt chim quyn iu khin hoc pht tn virus v cc phn mm c hi. Ngi s dng lun cn cp nht cc bn v li ca Windows thng qua trang web Microsoft Update (cho vic nng cp tt c cc phn mm ca hng Microsoft) hoc Windows Update (ch cp nht ring cho Windows). Cch tt nht hy t ch nng cp (sa cha) t ng (Automatic Updates) ca Windows. Tnh nng ny ch h tr i vi cc bn Windows m Microsoft nhn thy rng chng hp php. S dng cc phn mm dit virus. Bo v bng cch trang b thm mt phn mm dit virus c kh nng nhn bit nhiu loi virus my tnh v lin tc cp nht d liu phn mm lun nhn bit c cc virus mi. Trn th trng hin c rt nhiu phn mm dit virus. Mt s hng ni ting vit cc phn mm dit virus c nhiu ngi s dng c th k n l: McAfee, Symantec, Kaspersky, Norton, Bitdefender, AVG, .

Vn dng kinh nghim s dng my tnh. Ngi s dng my tnh cn s dng trit cc chc nng, ng dng sn c trong h iu hnh v cc kinh nghim khc bo v cho h iu hnh v d liu ca mnh. Mt s kinh nghim nh sau: +Pht hin s hot ng khc thng ca my tnh: Nhn thy s hot ng chm chp ca my tnh, nhn thy cc kt ni ra ngoi khc thng . Mi s hot ng khc thng ny nu khng phi do phn cng gy ra th cn nghi ng s xut hin ca virus. Ngay khi c nghi ng, cn kim tra bng cch cp nht d liu mi nht cho phn mm dit virus hoc th s dng mt phn mm dit virus khc qut ton h thng. +Kim sot cc ng dng ang hot ng: Kim sot s hot ng ca cc phn mm trong h thng thng qua Task Manager hoc cc phn mm ca hng th ba (chng hn: ProcessViewer) bit mt phin lm vic bnh thng h thng thng np cc ng dng no, chng chim lng b nh bao nhiu, chim CPU bao nhiu, tn file hot ng l g...ngay khi c iu bt thng ca h thng (d cha c biu hin ca s nhim virus) cng c th c s nghi ng v c hnh ng phng nga hp l. Tuy nhin cch ny i hi mt s am hiu nht nh ca ngi s dng. +Loi b mt s tnh nng ca h iu hnh c th to iu kin cho s ly nhim virus: Theo mc nh Windows thng cho ph p cc tnh nng autorun gi p ngi s dng thun tin cho vic t ng ci t phn mm khi a a CD hoc a USB vo h thng. Chnh cc tnh nng ny c mt s loi virus li dng ly nhim ngay khi va cm USB hoc a a CD phn mm vo h thng (mt vi loi virus lan truyn rt nhanh trong thi gian gn y thng qua cc USB bng cch to cc file Autorun.inf trn USB t chy cc virus ngay khi cm USB vo my tnh). Cn loi b tnh nng ny bng cc phn mm ca hng th ba nh TWEAKUI hoc sa i trong Registry.

Cu 22: Nu /n, chc nng, cc phng php pht hin tn cng ca IDS/IPS.
*/N: -h thng pht hin xm nhp (Intrusion Detection System-IDS) c /n l mt phn mm hoc thit b chuyn dng lm nhim v t ng thc hin cc hnh ng pht hin xm nhp vo h thng mng. - Intrusion Prevention system ( IPS ) l mt h thng bao gm c chc nng pht hin xm nhp (Intrusion Detection-ID) v kh nng ngn chn cc xm nhp tri php da trn s kt hp cc thnh phn khc nh Antivirus, Firewall hoc s dng cc tnh nng ngn chn tch hp. *Chc nng ca IDS/IPS. -cc ng dng c bn ca IDS/IPS. Nhn din cc nguy c c th xy ra. Ghi nhn thng tin, ghi log phc v cho vic kim sot nguy c. Nhn din cc hot ng thm d h thng Nhn din cc yu khuyt ca cc chnh sch bo mt. Ngn chn vi phm chnh sch bo mt

-cc tnh nng chnh ca IDS/IPS. u gi thng tin lin quan n cc i tng quan st. Cnh bo nhng s kin quan trng lin quan n i tng quan st. *cc phng php pht hin tn cng ca IDS/IPS -Nhn din da vo du hiu(Signature-based):l phng php pht hin cc nguy c da trn vic so snh cc hot ng ca i tng quan st vi hot ng ca cc mi nguy hi bit.Phng php ny c hiu qu i vi cc mi nguy hi bit nhng li ko c hiu qu vi cc mi nguy hi cha bit hay cc mi nguy hi s dng k thut ln trnh(evasion techniques) hoc cc bin th.Signature-based ko th theo vt v nhn din trng thi ca cc truyn thng phc tp. -Nhn din bt thng (Anomaly-based):so snh cc hnh vi c coi l trng thi bnh thng ca cc host, user, kt ni mng vi cc hnh vi hin c trn mng.->hiu qu vi cc mi nguy hi cha bit -Phn tch trng thi giao thc(Statefull protocol analysic): so snh cc hnh ng v hi c chp nhn i vi giao thc v cc hnh ng thc t pht hin c.Phng php ny da trn s phn tch v hiu r cu trc ca mt giao thc mng. *Phn loi IDS/IPS: Cch thng thng nht phn loi cc h thng IDS (cng nh IPS) l da vo c im ca ngun d liu thu thp c. Trong trng hp ny, cc h thng IDS c chia thnh cc loi sau: Host-based IDS (HIDS): S dng d liu kim tra t mt my trm n phthinxmnhp. Network-based IDS (NIDS): S dng d liu trn ton b lu thng mng, cng vi d liu kim tra t mt hoc mt vi my trm pht hin xm nhp. aNetwork-based IDS (NIDS): NIDS thng bao gm c hai thnh phn logic : -B cm bin Sensor : t ti mt on mng, kim sot cc cuc lu thng nghi ng trn on mng . - Trm qun l : nhn cc tn hiu cnh bo t b cm bin v thng bo cho mt iu hnh vin. u im: +Chi ph thp : Do ch cn ci t NIDS nhng v tr trng yu l c th gim st lu lng ton mng nn h thng khng cn phi np cc phn mm v qun l trn cc my ton mng. + Pht hin c cc cuc tn cng m HIDS b qua: Khc vi HIDS, NIDS kim tra header ca tt c cc gi tin v th n khng b st cc du hiu xut pht t y. + Kh xo b du vt (evidence): Cc thng tin lu trong log file c th b k t nhp sa i che du cc hot ng xm nhp, trong tnh hung ny HIDS kh c thng tin hot ng. NIDS s dng lu thng hin hnh trn mng pht hin xm nhp. V th, k t nhp khng th xo b c cc du vt tn cng. Cc thng tin bt c khng ch cha cch thc tn cng m c thng tin h tr cho vic xc minh v buc ti k t nhp. + Pht hin v i ph kp thi : NIDS pht hin cc cuc tn cng ngay khi xy ra, v th vic cnh bo v i ph c th thc hin c nhanh hn. VD : Mt hacker thc hin tn cng DoS

da trn TCP c th b NIDS pht hin v ngn chn ngay bng vic gi yu cu TCP reset nhm chm dt cuc tn cng trc khi n xm nhp v ph v my b hi. + C tnh c lp cao: Li h thng khng c nh hng ng k no i vi cng vic ca cc my trn mng. Chng chy trn mt h thng chuyn dng d dng ci t; n thun ch m thit b ra, thc hin mt vi s thay i cu hnh v cm chng vo trong mng ti mt v tr cho php n kim sot cc cuc lu thng nhy cm. Nhc im: + B hn ch vi Switch: Nhiu li im ca NIDS khng pht huy c trong cc mng chuyn mch hin i. + Hn ch v hiu nng: NIDS s gp kh khn khi phi x l tt c cc gi tin trn mng rng hoc c mt lu thng cao, dn n khng th pht hin cc cuc tn cng thc hin vo lc "cao im". + Tng thng lng mng: Mt h thng pht hin xm nhp c th cn truyn mt dung lng d liu ln tr v h thng phn tch trung tm, c ngha l mt gi tin c kim sot s sinh ra mt lng ln ti phn tch. + Mt h thng NIDS thng gp kh khn trong vic x l cc cuc tn cng trong mt phin c m ho. Li ny cng tr nn trm trng khi nhiu cng ty v t chc ang p dng mng ring o VPN. bHost based IDS HIDS: Host-based IDS tm kim du hiu ca xm nhp vo mt host cc b; thng s dng cc c ch kim tra v phn tch cc thng tin c logging. N tm kim cc hot ng bt thng nh login, truy nhp file khng thch hp, bc leo thang cc c quyn khng c chp nhn. Kin tr c IDS ny thng da trn cc lut (rule-based) phn tch cc hot ng. u im: + Xc nh c kt qu ca cuc tn cng: Do HIDS s dng d liu log lu cc s kin xy ra, n c th bit c cuc tn cng l thnh cng hay tht bi vi chnh xc cao hn NIDS. V th, HIDS c th b sung thng tin tip theo khi cuc tn cng c sm pht hin vi NIDS + Gim st c cc hot ng c th ca h thng: HIDS c th gim st cc hot ng m NIDS khng th nh: truy nhp file, thay i quyn, cc hnh ng thc thi, truy nhp dch v c phn quyn. + Pht hin cc xm nhp m NIDS b qua: chng hn k t nhp s dng bn phm xm nhp vo mt server s khng b NIDS pht hin. + Thch nghi tt vi mi trng chuyn mch, m ho: Vic chuyn mch v m ho thc hin trn mng v do HIDS ci t trn my nn n khng b nh hng bi hai k thut trn. + Khng yu cu thm phn cng: c ci t trc tip ln h tng mng c sn (FTP Server, WebServer) nn HIDS khng yu cu phi ci t thm cc phn cng khc. Nhc im: +Kh qun tr : cc h thng host-based yu cu phi c ci t trn tt c cc thit b c bit m bn mun bo v. y l mt khi lng cng vic ln cu hnh, qun l, cp nht.

+ Thng tin ngun khng an ton: mt vn khc kt hp vi cc h thng host-based l n hng n vic tin vo nht k mc nh v nng lc kim sot ca server. Cc thng tin ny c th b tn cng v t nhp dn n h thng hot ng sai, khng pht hin c xm nhp. + H thng host-based tng i t : nhiu t chc khng c ngun ti chnh bo v ton b cc on mng ca mnh s dng cc h thng host-based. Nhng t chc phi rt thn trng trong vic chn cc h thng no bo v. N c th li cc l hng ln trong mc bao ph pht hin xm nhp. + Chim ti nguyn h thng : Do ci t trn cc my cn bo v nn HIDS phi s dng cc ti nguyn ca h thng hot ng nh: b vi x l, RAM, b nh ngoi.

Cu 23 : Cc hnh thc tn cng mng c bn ( c rt nhiu kiu , y ch l 1 s thi nh )


a) Social Engineering: Tn cng ny vi hai mc ch chnh l a ct v trc li . K thut ny ph thuc nhiu vo s h ca nhn vin, hacker c th gi in thoi hoc gi email gi danh ngi qun tr h thng t ly mt khu ca nhn vin v tin hnh tn cng h thng. Cch tn cng ny rt kh ngn chn. Cch duy nht ngn chn n l gio dc kh nng nhn thc ca nhn vin v cch phng. b) Impersonation(mo danh) l n cp quyn truy cp ca ngi s dng c thm quyn. C nhiu cch k tn cng nh mt hacker c th mo danh mt ngi dng hp php. V d, hacker c th nghe ln mt phin telnet s dng cc cng c nghe l n nh tcpdump hoc nitsniff. D nhin sau khi ly c password, hacker c th ng nhp h thng nh l ngi dng hp php. c) Nghe trm ( Eavesdropping ) Ban u, k thut ny c cc qun tr vin dng theo di, kim tra, pht hin cc s c nhm ci thin h thng mng. Sau ny th n tr thnh cng c hu ch cho vic thu thp tri php cc thng tin cm, tn ti khon, mt khu, creditcard K thut ny khng tn cng trc tip vo cc my ngi dng m n nhm vo khng gian truyn d liu gia cc my. Vic nghe trm thng c tin hnh ngay sau khi k tn cng chim c quyn truy nhp h thng, hacker c th nghe trm t xa thng qua mt my tnh trong mng b ci trnh nghe ln. d) Gi mo a ch ( Identify Spoofing - IP address Spoofing ) Hacker s gi mo a ch my tnh ca mnh l mt trong nhng my tnh ca h thng cn tn cng. Chng t t IP trng vi IP ca my tnh trong mng. Nu nh lm c iu ny, hacker c th ly d liu, ph hy thng tin hay ph hoi h thng mng. e) Tn cng da vo mt khu Phng php chung ca hu ht cc h iu hnh v cc gii php ninh mng l kim sot truy cp da trn mt khu. Quyn truy cp vo ti nguyn my tnh v mng c

xc nh bi username v password. Mt h thng khi mi cu hnh th s c mt hoc mt vi user v password mc nh. Nu admin khng thay i, y l c hi cho hacker tn cng mt cch d dng, hoc bng cch no hacker tm thy mt ti khon ngi dng hp l, khi hacker s c cc quyn nh ngi s dng thc s. Khi xm nhp c vo h thng, hacker c th to thm user, password, ly cp, chnh sa d liu, ci backdoor cho cc ln tn cng sau f) Denial of Service (tn cng T chi dch v): y l k thut tn cng rt c a chung ca hacker. Loi tn cng ny ch yu tp trung lu lng lm ngng tr cc dch v ca h thng mng. H thng c chn s b tn cng dn dp bng cc gi tin vi cc a ch IP gi mo. thc hin c iu ny hacker phi nm quyn kim sot mt s lng ln cc host trn mng (thc t cc host ny khng h bit mnh b nm quyn kim sot bi hacker) t tp trung yu cu n dch v ca h thng ch cho n khi dch v b ngng tr hon ton. g) Exploits (khai thc l hng): tn cng ny lin quan n vic khai thc li trong phn mm hoc h iu hnh. Do gp r t hon thnh p ng nhu cu ca th trng, cc phn mm thng cha c kim tra li k ngay c trong d n phn mm ln nh h iu hnh li ny cng rt ph bin. Cc hacker thng xuyn qut cc host trong mng tm cc li ny v tin hnh thm nhp. h) Man in the middle attacks Tn cng theo kiu thu ht - Man in the middle attacks c ngha l dng mt kh nng mnh hn chen vo gia hot ng ca cc thit b v thu ht, ginh ly s trao i thng tin ca thit b v mnh. Thit b chn gia phi c v tr, kh nng thu pht tri hn cc thit b sn c ca mng. Mt c im ni bt ca kiu tn cng ny l ngi s dng khng th pht hin ra c cuc tn cng, v lng thng tin m thu nht c bng kiu tn cng ny l gii hn. Phng thc thng s dng theo kiu tn cng ny l Mo danh AP (AP rogue), c ngha l chn thm mt AP gi mo vo gia cc kt ni trong mng. Tn cng man in the middle nhm mc ch: nh cp d liu ,Ginh ly mt phin giao dch , Phn tch traffic trong mng

Cu 24 : Cc khi nim c bn trong an ton h iu hnh


a) H iu hnh an ton ( secure OS ) : bao gm phn mm , phn cng v cc chc nng nhm m bo kh nng bo v CSDL , bo v ngun ti nguyn m HH qun l mc no thch hp. b) S xc thc ( authentication ) : xc inh t cch ( danh tnh ) ca 1 c nhn hay 1 my khch no trong vic truy cp i vi ngun ti nguyn m HH qun l

c) Truy nhp (Access) : l kiu tng tc gia ch th (S gm tin trnh + user ) vi i tng (O - gm file v th mc) dn ti kt qu c lung thng tin chy t thc th ny sang thc th khc. d) Danh sch truy nhp ( access control list ) : l 1 danh sch cc thc th cng quyn truy nhp ca n ti ti nguyn e) Cp quyn truy nhp ( access authorization ) : l s cho php hay cp pht 1 thc th c thc hin 1 tp cc quyn truy nhp f) Nhn truy nhp (access labels) : l 1 on thng tin biu din mc an ton ca i tng v m t tnh nhy cm ca thng tin trong i tng. g) Nhn an ton ( security labels ) : l vic nh du ngun ti nguyn = cch gn tn hay thuc tnh an ton. h) Quyn truy nhp ( access right ) : s cho php truy nhp t ch th n i tng i) S cho php truy nhp ( access permission ) : nh ngha ch th no c kh nng cp quyn truy nhp hay chuyn quyn truy cp t thc th ny sang thc th khc j) C ch kim sot quyn truy nhp : tp hp phn mm phn cng , cc th tc iu hnh , qun l ca 1 c ch nhm : cho php cc truy nhp hp php ti h thng v ngn chn cc truy nhp bt hp php ti h thng k) M hnh ma trn truy nhp ( access matrix model ) : thng c biu din theo quy c : gi tr cc l quyn truy nhp ; y l m hnh biu din mi quan h gia cc ch th , i tng , cc kiu quyn truy nhp vi cc nh ngha nh sau : + ch th l thc th c kh nng truy nhp ti i tng + i tng l thc th m quyn truy nhp b kim sot + kiu truy nhp l loi truy nhp vo i tng. S1 S2 S3 O1 O2 O3 R F W F R R W W W

l) M hnh an ton ( security model ) : - l m hnh inh ngha cc quy tc an ton bt buc ca h thng - ch r kim sot truy nhp trong vic s dng thng tin v cch cho php thc th c lu thng nh th no - cung cp c ch nh r cc thay i ng , cc kim sot truy nhp v cc giao din khng lm nh hng n an ton ca h thng m) Nhn an ton : - bao gm cc c ch phn cng phn mm , ti nguyn c khoanh vng nhm kim sot truy cp ca ngi dng nhm ly thng tin trong h thng hay kt ni vi h thng - l phn trung tm ca 1 h thng hot ng chnh xc tin cy thc hin cc th tc an ton kim sot truy cp ti ti nguyn

n) Bn ghi an ton ( security log ) : l nht k ghi li ton b cc bin c ca h thng c em l c lin quan ti an ton v c duy tr pht hin xm nhp hay iu tra nghin cu logic o. o) Dch v an ton : l cc dch v do 1 tng ca cc h thng truyn thng m cung cp , n m bo an ton y cho h thng hay cc phin truyn d liu