TR LI

Cu 1: zero-day l j v nh hng ca n? Tn cng kiu Zero-Day: l cc cuc tn cng din ra ngay khi li c cng b v cha pht hin bn v li. Kiu tn cng ny rt nguy him v cc h thng bo mt thng thng khng th pht hin ra. Cu 2: cc kiu tn cng dch v ? Tn cng t chi dch v - Denial Service Attacks: y l kiu tn cng kh phng chng nht v hin nay cha c cch phng chng trit . Nguyn tc chung ca cch tn cng ny l: 1. Hacker s gi lin tc cc yu cu phc v n my nn nhn. 2. My b tn cng s phi tr li cc yu cu ny. 3. Khi yu cu gi n qu nhiu my b tn cng s khng phc v kp thi => vic p ng cc yu cu ca cc my hp l b chm tr, hoc ngng hot ng hoc c th b hacker nm quyn iu khin Tn cng t chi dch v l mt loi hnh tn cng nhm ngn chn nhng ngi dng hp l c s dng mt dch v no . Cc cuc tn cng c th c thc hin nhm vo bt k mt thit b mng no bao gm l tn cng vo cc thit b nh tuyn, web, th in t v h thng DNS. Tn cng t chi dch v c th c thc hin theo mt s cch nht nh. C nm kiu tn cng c bn sau y: 1. Nhm tiu tn ti nguyn tnh ton nh bng thng, dung lng a cng hoc thi gian x l 2. Ph v cc thng tin cu hnh nh thng tin nh tuyn 3. Ph v cc trng thi thng tin nh vic t ng reset li cc phin TCP. 4. Ph v cc thnh phn vt l ca mng my tnh 5. Lm tc nghn thng tin lin lc c ch ch gia cc ngi dng v nn nhn dn n vic lin lc gia hai bn khng c thng sut. /* Mt cuc tn cng t chi dch v c th bao gm c vic thc thi malware nhm: Lm qu ti nng lc x l, dn n h thng khng th thc thi bt k mt cng vic no khc.

Nhng li gi tc th trong microcode ca my tnh. Nhng li gi tc th trong chui ch th, dn n my tnh ri vo trng thi hot ng khng n nh hoc b . Nhng li c th khai thc c h iu hnh dn n vic thiu thn ti nguyn hoc b thrashing. VD: nh s dng tt c cc nng lc c sn dn n khng mt cng vic thc t no c th hon thnh c. Gy crash h thng. Tn cng t chi dch v iFrame: trong mt trang HTML c th gi n mt trang web no vi rt nhiu yu cu v trong rt nhiu ln cho n khi bng thng ca trang web b qu hn.

*/ Cu 3: Cc hnh ng tn cng: Gii phng ni dung thng ip: Pht hnh ni dung thng ip ti mt ngi hoc mt tin trnh no m khng s hu kha mt thch hp. Phn tch ti: xc nh tn sut, thi gian kt ni, s lng v chiu di ca thng ip gia 2 bn. Gi mo: chn tin nhn vo mng t mt ngun gian ln, chng hn nh to ra cc thng ip c mc ch xu bi ngi c thm quyn. Thay i ni dung: Thay i cc ni dung ca tin nhn c, bao gm chn, xa, hon v, v sa i Thay i th t: l bt ky mt s sa i no cho mt chui cc thng ip gia cc bn, bao gm chn, xa, v sp xp li. Thay i thi gian: lm tr hoc pht li cc tin nhn. S t chi dch v: t chi gi cc thng ip t ngun gi hoc t chi nhn cc thng ip ch. Cu 4 Cc m hnh ATAN mng: M hnh an ton mng: bi ton ny c ny sinh khi Cn thit phi bo v qu trnh truyn tin khi cc hnh ng truy cp tri php. m bo tnh ring t, tnh ton vn, tnh xc thc . . . M hnh an ton mng yu cu: Thit k mt gii thut thch hp cho vic chuyn i lin quan n an ton. To ra thng tin b mt (kha) i km vi gii thut Pht trin cc phng php phn b v chia s thng tin b mt c t mt giao thc s dng bi hai bn gi v nhn da trn gii thut an ton v thng tin b mt, lm c s cho mt dch v an ton M hnh an ton truy cp mng: m hnh ny yu cu La chn cc chc nng gc cng thch hp nh danh ngi dng.

Ci t cc iu khin an ton m bo ch nhng ngi dng c php mi c th truy nhp c vo cc thng tin v ti nguyn tng ng. Cu 5 Cc tiu chun xc thc thng ip? Trnh by phng php MAC? Cc tiu chun cn xc minh Thng bo c ngun gc r rng chnh xc Ni dung thng bo ton vn, khng b thay i Thng bo c gi ng trnh t v thi im Mc ch chng li tn cng ch ng (xuyn tc d liu) Cc phng php xc thc thng bo M ho thng bo(1) S dng m xc thc thng bo(2) S dng hm bm(3 Trnh by phng php MAC Dng m xc thc thng bo (MAC Message Authentication Code) L khi c kch thc nh c nh gn vo thng bo to ra t thng bo v kha b mt chung(c to ra t chonhs ni dung thong ip + kha & ch vic m ra ko cn gii m) vd du n Bn nhn thc hin cng gii thut trn thng bo v kho so xem MAC c chnh xc khng Gii thut to MAC ging gii thut m ho nhng khng cn gii ngc. /* C th c nhiu thng bo c cng chung MAC Nhng nu bit 1 thng bo v MAC, rt kh tm ra mt thng bo khc cng MAC Cc thng bo c cng xc sut to ra MAC p ng 3 tiu chun xc thc

 Ti sao dng MAC: Nhiu trng hp ch cn xc thc, khng cn m ha tn thi gian v ti nguyn Thng bo h thng Chng trnh my tnh Tch ring cc chc nng bo mt v xc thc s khin vic t chc linh hot hn Chng hn mi chc nng thc hin mt tng ring Cn m bo tnh ton vn ca thng bo trong sut thi gian tn ti khng ch khi lu chuyn V thng bo c th b thay i sau khi gii m */ Cu 6 V s xc thc thng bo sd m ha i xng ? Trnh by

 Qu trnh m ha v gii m:

Qu trnh m ha: Y=Ek(X) Qu trnh gii m: Bn nhn gii m thng ip bng kha c phn phi: X=DK(Y)=DK(EK,R(X)) Pha tn cng: i phng nhn c thng ip Y, nhng khng c c kha K. Da vo thng ip Y, i phng phi khi phc li hoc K hoc X hoc c hai. * S dng m ha i xng Thng bo gi t ng ngun v ch c ngi gi mi bit kha b mt dng chung Ni dung khng th b thay i v vn bn th c cu trc nht nh Cc gi tin c nh s th t v m ha nn khng th thay i trnh t v thi im nhn c Cu 7 Ch k s l j ? c my loi CKS ? Ch k s khng nhng gip xc thc thng bo m cn bo v mi bn khi bn kia Chc nng ch k s Xc minh tc gi v thi im k thng bo Xc thc ni dung thng bo L cn c gii quyt tranh chp Phn loi Ch k s trc tip Ch k s gin tip /* Ch k s trc tip: Ch lin quan n bn gi v bn nhn Dng kha ring k ton b thng bo hoc gi tr bm
5

 C th m ha s dng kha cng khai ca bn nhn Quan trng l k trc m ha sau Ch c tc dng khi kha ring ca bn gi c m bo an ton K cp c th gi thng bo vi thng tin thi gian sai lch Ch k s gin tip: C s tham gia ca mt bn trng ti Nhn thng bo c ch k s t bn gi, kim tra tnh hp l ca n B xung thng tin thi gian v gi n bn nhn An ton ph thuc ch yu vo bn trng ti Cn c bn gi v bn nhn tin tng C th ci t vi m ha i xng hoc m ha kha cng khai Bn trng ti c th c php nhn thy hoc khng ni dung thng bo */ Cu 8 ng dng xc thc l j ? Phn loi ng dng xc thc ? Trnh by m hnh tng quan of ng dng xc thc kerberos Mc ch ca cc ng dng xc thc l h tr xc thc v ch k s mc ng dng Phn lm 2 loi chnh Da trn m ha i xng Dch v Kerberos Giao thc Needham-Schroeder Da trn kha cng khai c chng thc Dch v X.509 H thng PGP /* Kerberos H thng dch v xc thc pht trin bi MIT Nhm i ph vi cc him ha sau Ngi dng gi danh l ngi khc Ngi dng thay i a ch mng ca client Ngi dng xem trm thng tin trao i v thc hin kiu tn cng lp li Bao gm 1 server tp trung c chc nng xc thc ngi dng v cc server dch v phn tn Tin cy server tp trung thay v cc client Gii phng chc nng xc thc khi cc server dch v v cc client */ M hnh tng quan kerberos:

TGS: server cp th AS: server xc thc /* Hn ch Mt khu truyn t Client n AS khng c bo mt Nu th ch s dng c mt ln th phi in th mi cho mi ln truy nhp cng mt dch v Nu th s dng c nhiu ln th c th b ly cp s dng trc khi ht hn Cn th mi cho mi dch v khc nhau 1. Yu cu th cho TGS cc b 2. Th cho TGS cc b 3. Yu cu th cho TGS xa 4. Th cho TGS xa 5. Yu cu th cho server xa 6. Th cho server xa 7. Yu cu dch v

Kerberos Kerberos authentication dng mt Server trung tm kim tra vic xc thc user v cp pht th thng hnh (service tickets) User c th truy cp vo ti nguyn. Kerberos l mt phng thc rt an ton trong authentication bi v dng cp m ha rt mnh. Kerberos cng da trn chnh xc ca thi gian xc thc gia Server v Client Computer, do cn m bo c mt time server hoc authenticating servers c ng b time t cc Internet time server. Kerberos l nn tng xc thc chnh ca nhiu OS nh Unix, Windows.

*/ Cu 9 Cc thnh phn cua firewall /* Tng la n gin l mt chng trnh phn mm hoc mt thit b phn cng, dng lc nhng thng tin qua internet n mng c nhn hoc h thng my tnh nh ngha: L 1 k thut c tch hp vo h thng mng chng s truy cp tri php nhm bo v thng tin cng nh vic hn ch cc truy cp khng mong mun. N c th l thit b phn cng hoc phn mm: Phn mm: Norton Internet Security, ZoneAlarm,ISA, . . . Phn cng: Cisco Pix 515, 515-DC . . . */ Thnh phn ca firewall: B lc gi tin: cho php hay t chi mi packet m n nhn c. Thc hin kim tra ton b on d liu quyt nh xem on d liu c tha mn mt trong s cc lut l ca lc gi tin hay khng.
8

/* u im: Chi ph thp v c ch lc gi tin c cha trong phn mm nh tuyn. Ngoi ra n trong sut vi ngi s dng v do khng cn o to c bit. Hn ch: nh ngha ch c lc kh phc tp i hi ngi qun tr mng cn hiu bit chi tit v cc dch v trn internet. Khng kim sot c ni dung trn packet */ Cng ng dng: Nguyn l: c thit k tng cng chc nng kim sot dch v, giao thc c cho php truy cp vo h thng mng. C ch hot ng da trn cch thc Proxy Service(dch v y quyn), Proxy service l cc b code c bit ci t trn gateway cho tng ng dng. Nu ngi qun tr mng khng ci t proxy code cho mt ng dng no , dch v tng ng s khng c cung cp v do khng th chuyn thng tin qua firewall. /* u im: Cho php ngi qun tr iu khin c cc dch v trn mng. Cho php kim tra xc thc rt tt. D dng cu hnh v kim tra hn b lc gi tin. Hn ch: Yu cu ngi dng phi thay i thao tc hoc phn mm ci t trn my client cho truy nhp vo cc dch v proxy. */ Cng vng: L mt chc nng c bit c th thc hin c bi 1 cng ng dng. N thc hin chuyn tip cc kt ni TCP m khng thc hin bt k mt hnh ng x l hay lc gi tin no. Thng c s dng cho nhng kt ni ra ngoi, ni m ngi qun tr mng tht s tin tng nhng ngi dng bn trong. u im ln nht ca cng vng l mt bastion host c th c cu hnh nh l mt hn hp cung cp cng ng dng cho nhng kt ni n v cng vng cho cc kt ni i

Cu 10 Nhim v cc thnh phn ca IDS? Phn loi: Cc thnh phn chnh ca mt h thng IDS: Cm ng (Sensor): L b phn lm nhim v pht hin cc s kin c kh nng e da an ninh ca h thng mng, Sensor c chc nng r qut ni dung ca cc gi tin trn mng, so snh ni dung vi cc mu v pht hin ra cc du hiu tn cng hay cn gi l s kin.

Giao din (Console): L b phn lm nhim v tng tc vi ngi qun tr, nhn lnh iu khin hot ng b Sensor, Engine v a ra cnh bo tn cng. B x l (Engine): C nhim v ghi li tt c cc bo co v cc s kin c pht hin bi cc Sensor trong mt c s d liu v s dng mt h thng cc lut a ra cc cnh bo trn cc s kin an ninh nhn c cho h thng hoc cho ngi qun tr. Phn loi Phn loi da trn i tng gim st Host-based IDS: HIDS kim tra lu thng mng ang c chuyn n my trm, bo v my trm thng qua vic ngn chn cc gi tin nghi ng. C kh nng kim tra hot ng ng nhp vo my trm, tm kim cc hot ng khng bnh thng nh d tm password, leo thang c quyn . . . (im yu l cng knh) Network-based IDS: NIDS l mt gii php xc nh cc truy cp tri php bng cch kim tra cc lung thng tin trn mng v gim st nhiu my trm, NIDS truy nhp vo lung thng tin trn mng bng cch kt ni vo cc Hub, Switch bt cc gi tin, phn tch ni dung gi tin v t sinh ra cc cnh bo.( im yu ca NIDS l gy nh hng n bng thng mng do trc tip truy cp vo lu thng mng. NIDS khng c nh lng ng v kh nng x l s tr thnh mt nt c chai gy ch tc trong mng.) Phn loi da trn hnh vi: Pht hin xm nhp da trn du hiu Pht hin xm nhp da trn pht hin bt thng.

Cu 11: So snh NIDS vi HIDS: HIDS NIDS Tnh qun tr thp. Qun tr tp trung. D ci t Kh ci t Tnh bao qut thp. Do mi my trmTnh bao qut cao do c ci nhn ton ch nhn c traffic ca my chodin v traffic mng. nn khng th c ci nhn tng hp v cuc tn cng. Ph thuc vo H iu hnh. Do HIDSKhng ph thuc vo HH ca my c ci t trn my trm nn phtrm. thuc vo H iu hnh trn my . Khng nh hng n bng thngNIDS do phn tch trn lung d liu mng. chnh nn c nh hng n bng thng mng.

10

Khng gp vn v giao thc

Gp vn v giao thc truyn: Packet Fragment, TTL.

Cu 12 Nguyn tc hot ng ca IDS:

Gim st mng (Monitoring): Gim st mng l qu trnh thu thp thng tin v lu thng trn mng. Vic ny thng thng c thc hin bng cc Sensor. Phn tch lu thng (Analyzing): Khi thu thp c nhng thng tin cn thit t nhng im trn mng. IDS tin hnh phn tch nhng d liu thu thp c. Thng thng giai on ny, h thng IDS s d tm trong dng traffic mng nhng du hiu ng nghi ng da trn k thut i snh mu hoc phn tch hn vi bt thng. Nu pht hin ra du hiu tn cng, cc Sensor s gi cnh bo v cho trung tm tng hp Lin lc: Giai on ny gi mt vai tr quan trng trong h thng IDS. Vic lin lc din ra khi Sensor pht hin ra du hiu tn cng hoc B x l thc hin thay i cu hnh, iu khin Sensor. Thng thng cc h thng IDS s dng cc b giao thc c bit trao i thng tin gia cc thnh phn. Cc giao thc ny phi m bo tnh Tin cy, B mt v Chu li tt, v d: SSH, HTTPS, SNMPv3, PostOffice, . . . Cnh bo (Alert): Sau khi phn tch xong d liu, h thng IDS cn phi a ra c nhng cnh bo. V d nh: Cnh bo a ch khng hp l. Cnh bo khi mt my s dng hoc c gng s dng nhng dch v khng hp l.

11

 Cnh bo khi my c gng kt ni n nhng my nm trong danh sch cn theo di trong hay ngoi mng. ... Phn ng (Response): Trong mt s h thng IDS tin tin hin nay, sau khi cc giai on trn pht hin c du hiu tn cng, h thng khng nhng cnh bo cho ngi qun tr m cn a ra cc hnh vi phng v ngn chn hnh vi tn cng . iu ny gip tng cng kh nng t v ca Mng, Cc hnh ng m IDS c th a ra nh: Ngt dch v. Gin on phin. Cm a ch IP tn cng. To log.

Cu 13 Bt thng trong mng l j? Phn loi cc bt thng trong mng

N: Bt thng trong mng l thut ng dng ch tnh trng hot ng ca h thng mng hot ng ngoi trng thi bnh thng PL: Bt thng do hng hc: Li ca cc thit b trong h thng, lm gim hiu nng ca h thng Bt thng do s c an ninh: Xm nhp t bn ngoi: t cc my tnh khng c xc minh Xm nhp t bn trong: Truy cp vo d liu khng c phn quyn Lm quyn: S dng sai quyn truy cp vo h thng Cu 14: Pht hin xm nhp da trn du hiu? Nhc im ca bt thng IDS???(ko r cu hi) Phng php ny nhn dng cc s kin hoc tp hp cc s kin ph hp vi mt mu cc s kin c nh ngha l tn cng. D liu thu bi IDS c so snh vi ni dung ca CSDL Nu ging nhau th a ra cnh bo u nhc im ca pht hin bt thng - L phng php tin tin, khng cn s dng tp mu - C kh nng pht hin cc cuc tn cng mi - Cc bin th ca bt thng c pht hin - T l False positive thng cao hn pht hin du hiu - T l False negative thp hn pht hin da trn du hiu - Khng b overload d liu nh cc phng php m hnh ha d liu v thut ton heuristic Cu 15 Nguyn l u nhc im ca cng ng dng: Nguyn l:
12

 c thit k tng cng chc nng kim sot dch v, giao thc c cho php truy cp vo h thng mng. C ch hot ng da trn cch thc Proxy Service(dch v y quyn), Proxy service l cc b code c bit ci t trn gateway cho tng ng dng. Nu ngi qun tr mng khng ci t proxy code cho mt ng dng no , dch v tng ng s khng c cung cp v do khng th chuyn thng tin qua firewall. /* Mt cng ng dng c coi l mt bastion host, c thit k chng li s tn cng t bn ngoi. Cc bin php m bo an ninh ca 1 bastion host ny l: Lun chy trn cc version an ton ca cc phn mm OS, c thit k c bit chng li s tn cng vo OS. Ch nhng dch v cn thit mi c ci t trn bastion host. V d: Telnet, DNS, FTP, SMTP v xc thc user. C th yu cu nhiu mc xc thc, v d nh user password hay smart card. Mi proxy c cu hnh cho php truy nhp ch 1 s cc my ch nht nh. Mi proxy duy tr 1 quyn nht k ghi chp lu lng, mi s kt ni, khon thi gian kt ni. Mi proxy u c lp vi cc proxy khc trn bastion host. */ u im: Cho php ngi qun tr iu khin c cc dch v trn mng. Cho php kim tra xc thc rt tt. D dng cu hnh v kim tra hn b lc gi tin. Hn ch: Yu cu ngi dng phi thay i thao tc hoc phn mm ci t trn my client cho truy nhp vo cc dch v proxy. Cu 16 S ca m ha cng khai? c im ca n /* (c im mt m cng khai ) Mt m cng khai da trn c s ca cc hm ton hc ch khng phi da trn php thay th v i ch nh trong phng php m ho i xng. M mt cng khai l bt i xng. Trong c ch m mt kho cng khai s dng hai kho: kho mt v kho cng khai. Vic s dng hai kho khng i xng a n nhng h qu su sc trong lnh vc an ton thng tin: tnh ton vn, tnh xc thc, phn phi kho. */ S m ha:

13

S m mt kho cng khai s dng mt kho m ho v mt kho khc c lin quan gii m. Cc thut ton m ho v gii m c mt s c im quan trng sau: Khng th xc nh c kho gii m nu ch bit thut ton m ho v kho m ho. Mt s h m mt kho cng khai (nh RSA) cn cung cp kh nng s dng bt k mt kho trong cp kho lm kho m ho th kho cn li s c dng lm kho gii m.

/*
c im h mt kha cng khai:

Mi h thng u cui to mt cp kho m ho v gii m cc thng ip. Mi h thng u cui cng b mt kho trong cp kho cn kho cn li c gi mt. Nu A mun gi thng ip cho B, A s m ho vn bn bng kho cng khai ca B. Khi B nhn c thng ip, B s gii m bng kho mt. Khng mt bn th ba c th gii m c thng ip v ch c B bit kho mt ca B. */ Cu 17 S xc thc thng ip:

14

Cu 18 Nguy c mt ATTT: Cc nguy c e da: c rt nhiu nguy c anh hng n s an ton ca mt HTTT, cc nguy c ny c th xut pht t bn ngoi hoc t bn thn cc l hng trong HT. Tt c cc HT u mang trong mnh l hng hoc im yu. Phn mm: vic lp trnh phn mm n cha sn cc l hng(c tnh c 1000 dng m s c trung bnh t 10-15 li). Phn cng: li cc thit b phn ng nh firewall, Router, . . .

Chnh sch: a ra cc quy nh khng ph hp, khng m bo an ninh, v d nh chnh sch v xc thc, qui nh v ngha v v trch nhim ngi dng trong h thng. S dng: Cho d h thng c trang b hin i n u th u do nhng con ngi s dng v qun l, s sai st v bt cn ca ngi dng c th gy ra nhng l hng nghim trng.

***Cc c ch ATAN Trn thc t khng tn ti mt c ch duy nht no c th m bo an ton thng tin cho mi h thng. m bo ATAN cho HTTT ngi ta s dng cc k thut m ha: i xng hoc cng khai. S dng Firewall, IDS v cc bin php phi hp khc.

15

***Cc dch v ATAN m bo tnh ring t m bo tnh tin cy Ton vn thng tin Tnh khng th t chi Kim sot truy cp Tnh sn sng

16