Hoc vin: Nguyn Vn Hanh Vn Long Nguyn ng Ninh Giang vin: Hoang ng Hai

Mang

may tinh ngay nay khng con xa la vi chung ta na. Ngi ngi dung mang,nha nha cn mang Vai tro cua mang thi ai cung bit nhng it ngi hiu c cai mt sau cua vic tham gia vao mang
=> tai nay giup moi ngi hiu c nhng nguy c cung nh cach phong tranh nhng him hoa o

 Mi

e doa khng cu truc Mi e doa c cu trc Mi e doa t bn ngoi Mi e doa t bn trong

 Khai

nim tn cng mang: Tn cng mang: l hnh ng lm pha hoai n s an ton cua mt h thng. ng bao v an ton mang: L cc k thut pht hin, ngn chn, khi phc h thng b tn cng. Nhm tng cng bao mt cua h thng

Hnh

liu:Mc tiu,chnh sch an ton cua mt h thng thng tin cung nh i vi d liu bao gm tinh B mt ,Ton vn,Sn sng cua d liu Tai nguyn:Khi chng b nhng ngi khng c thm quyn khai thc mt cch bt hp php th ta ni ti nguyn b xm pham. Danh ting:Bao v danh ting l mt iu qu hin nhin i vi ca c nhn v cc t chc. iu g s xay ra nu nh mt ngy no tn cua chng ta c s dng cho nhng mc ich m m

 Kiu

truyn thng thng thng va n gian nht c dang:

Phn

loai cac kiu tn cng:Gian oan (Interuption), nghe trm (Interception), thay i (modification), gi mao (fabrization)

 Gian

oan (interruption) Tn cng vao tinh kha

dng

cp thng tin (Interception) tn cng vao tinh bao mt

 Thay

i (modification) tn cng vao tinh toan

vn

Gia

mao (fabrization) tn cng vao tinh xac thc

 Bao

mt thng tin:Thng tin c bi mt Dch v chng thc :key xac thc,dch v trng thc s Dch v toan vn d liu:phn quyn ngn chn vic ngi khac sa xa hoc thay i ni dung d liu am bao tinh kha dng:d liu lun trong tinh trang s dng c(tim bin phap ngn chn kiu tn cng DDOS) Dch v iu khin truy cp:gii han s ngi truy cp vao mang ni b thng qua VPN,gii han s lng phin telnet t xa

nhiu dang tn cng khc nhau vo h thng, v cung c nhiu cch phn loai cc dang tn cng ny
dang tn cng lm ba phn c ban : - Xm nhp ( Intrusion ) - T chi dch v ( Denial of Service DoS ) - n trm thng tin ( Information thieft )

Cc

 Tn

cng xm nhp l vic mt ngi hay nhm ngi c gng t nhp hay lam dng h thng. Vi cch tn cng ny, k tn cng thc s c th s dng my tnh cua ta. Tt ca nhng k tn cng u mun s dng my tnh cua ta vi t cch l ngi hp php.(thng thng hacker s chim quyn iu khin may tinh cua chung ta)

bn ngoi Outsider : nhng k xm nhp t bn ngoi h thng. ngn chn chung ta nn s dng pix hoc ASA T bn trong Insider : nhng k xm nhp c quyn truy nhp hp php n bn trong h thng Theo thng k th loai xm nhp ny chim ti 80%.

 Do

thm - Reconnaissance :K tn cng c th dng cc cng c d qut kim tra hay tm kim cc l hng bao mt cua mt mang no . Cc hnh ng qut ny c th l theo kiu ping, qut cng TCP/UDP, chuyn vng DNS, hay c th l qut cc Web server tm kim cc l hng CGI

Li dng Exploits : li dng cc c tnh n hoc li truy cp vo h thng. Firewall c th gip ta ngn chn mt s cch xm nhp trn. Mt cch l tng th Firewall s chn ton b moi nga ng vo h thng m khng cn bit n tn truy cp hay mt khu. Nhng nhn chung, Firewall c cu hnh nhm giam mt s lng cc ti khoan truy cp t pha ngoi vo. Hu ht moi ngi u cu hnh Firewall theo cch one time password nhm trnh tn cng theo cch suy oan.

l kiu tn cng vo tnh sn sng cua h thng, lm h thng can kit ti nguyn hoc chim dng bng thng cua h thng, lm mt i kha nng ap ng tra li cc yu cu n. Trong trng hp ny, nu h thng cn dng n ti nguyn th rt c th h thng s gp li. C mt s c im c bit trong cch tn cng ny l ngi b hai khng th chng lai c kiu tn cng ny v cng c c s dng trong cch tn cng ny l cc cng c m h thng dng vn hnh hng ngy

C th phn bit ra bn dang DoS sau :

Tiu

th bng thng ( bandwidth consumption )

Lm

ngho ti nguyn ( resource starvation ) Programming flaw Tn cng Routing v DNS

Hnh 1-6: Tn cng kiu DOS v DDoS

Hnh 1-7: Tn cng kiu DRDoS

 Gia

mao a ch IP ( IP Spoofing ) SYN flooding Tn cng trn ngp gi tin SYN ICMP flooding Tn cng trn ngp gi tin ICMP

 Quyn

han ti thiu ( Least Privilege ): p dng nguyn tc quyn han ti thiu, ta nn tm cch giam quyn han cn dng cho tng ngi, tng cng vic c th. Bao v theo chiu su ( Defence in Depth ):Chung ta ng ph thuc vo ch mt c ch an ninh, cho d l n manh n u i na. Thay vo l s dng nhiu c ch an ninh chng h tr nhau Nt tht ( Choke Point ):Vi an ninh mang th nt tht chnh l cc Firewall t gia mang cn bao v v Internet

kt yu nht ( Weakest Link ):i vi mt h thng bao v th cho d c nhiu khu c mc an ton cao nhng ch cn mt khu mt an ton th ton b h thng cung s mt an ton. Nhng k tn cng thng minh s tm ra nhng im yu v tp trung tn cng vo . Hong An toan (Fail Safe Stance):c nghia la nu h thng c hng th s hng theo cch chng lai s tn cng cua i phng.Hu ht cc ng dng hin nay u c c ch hng an ton
Lin

d nh nu mt router loc gi b down, n s khng cho bt k mt gi tin no i qua. Nu mt proxy b down, n s khng cung cp mt dch v no ca C hai nguyn tc c ban m ta c th quyt nh n chnh sch an ninh : + Mc nh t chi : Ch quan tm nhng g ta cho php v cm tt ca nhng ci cn lal + Mc nh cho php : Ch quan tm n nhng g m ta ngn cm v cho qua tt ca nhng ci cn lai.
V

at c hiu qua cao, hu ht cc h thng an ton oi hi phai c tnh ton cc cua cc h thng cc b. Nu mt k no c th d dng b gy mt c ch an ton th chng c th thnh cng bng cch tn cng h thng t do cua ai ri tip tc tn cng h thng ni b t bn trong. C rt nhiu hnh thc lm cho hng an ton h thng v chng ta cn c bo lai nhng hin tng la xay ra c th lin quan n an ton cua h thng cc b.

 tng thc s ng sau a dang trong bo v chnh l s dng cc h thng an ninh cua nhiu nh cung cp khc nhau nhm giam s rui ro v cc li ph bin m mi h thng mc phai. Nhng bn canh l nhng kh khn i km khi s dng h thng bao gm nhiu san phm cua nhng nh cung cp khc nhau nh : Ci t, cu hnh kh hn, chi ph s ln hn, b ra nhiu thi gian hn c th vn hnh h thng. Chng ta hy thn trong vi tng a dang ny. V khi s dng nhiu h thng khc nhau nh vy cha chc c s a dang trong bao v m cn c th xay ra trng hp h thng ny han ch hoat ng cua h thng khc m khng h