Escolar Documentos
Profissional Documentos
Cultura Documentos
AN TO
N
N
M
M
NG M
NG M
Y T
Y T
NH
NH
ThS. T Nguy
ThS. T Nguy
n Nh
n Nh
t Quang
t Quang
Tr
Tr
ng
ng
i H
i H
c Cng Ngh
c Cng Ngh
Thng Tin
Thng Tin
Khoa M
Khoa M
ng M
ng M
y T
y T
nh v
nh v
Truy
Truy
n Thng
n Thng
ATMMT ATMMT - - TNNQ TNNQ 2 2
N
N
I DUNG MN H
I DUNG MN H
C
C
1.
1.
T
T
ng quan v
ng quan v
an ninh m
an ninh m
ng
ng
2.
2.
C
C
c ph
c ph
n m
n m
m gy h
m gy h
i
i
3.
3.
C
C
c gi
c gi
i thu
i thu
t m ho
t m ho
d
d
li
li
u
u
4.
4.
M ho
M ho
kho
kho
cng khai v
cng khai v
qu
qu
n l kho
n l kho
5.
5.
Ch
Ch
ng th
ng th
c d
c d
li
li
u
u
6.
6.
M
M
t s
t s
giao th
giao th
c b
c b
o m
o m
t m
t m
ng
ng
7.
7.
B
B
o m
o m
t m
t m
ng khng dy
ng khng dy
8.
8.
B
B
o m
o m
t m
t m
ng v
ng v
nh ai
nh ai
9.
9.
T
T
m ki
m ki
m ph
m ph
t hi
t hi
n xm nh
n xm nh
p
p
T
T
NG QUAN
NG QUAN
V
V
AN NINH M
AN NINH M
NG
NG
B
B
I 1
I 1
ATMMT ATMMT - - TNNQ TNNQ 4 4
T
T
ng quan v
ng quan v
an ninh m
an ninh m
ng
ng
1.
1.
M
M
t s
t s
kh
kh
i ni
i ni
m
m
2.
2.
C
C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3.
3.
L l
L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
4.
4.
M h
M h
nh b
nh b
o m
o m
t c b
t c b
n
n
5.
5.
B
B
i t
i t
p
p
ATMMT ATMMT - - TNNQ TNNQ 5 5
1. M
1. M
t s
t s
kh
kh
i ni
i ni
m
m
D
D
li
li
u l
u l
g
g
?
?
Hai tr
Hai tr
ng th
ng th
i c
i c
a d
a d
li
li
u:
u:
Transmission state
Transmission state
Storage state
Storage state
B
B
n yu c
n yu c
u c
u c
a d
a d
li
li
u:
u:
Confidentiality
Confidentiality
Integrity
Integrity
Non
Non
-
-
repudiation
repudiation
Availability
Availability
ATMMT ATMMT - - TNNQ TNNQ 6 6
1. M
1. M
t s
t s
kh
kh
i ni
i ni
m
m
An ninh m
An ninh m
ng l
ng l
m
m
t th
t th
nh ph
nh ph
n ch
n ch
y
y
u c
u c
a an ninh
a an ninh
thng tin.
thng tin.
Ngo
Ngo
i an ninh m
i an ninh m
m
m
i quan
i quan
h
h
v
v
i m
i m
t s
t s
lnh v
lnh v
c an ninh kh
c an ninh kh
c, bao g
c, bao g
m ch
m ch
nh
nh
s
s
ch b
ch b
o m
o m
t, ki
t, ki
m to
m to
n b
n b
o m
o m
t,
t,
nh gi
nh gi
b
b
o m
o m
t, h
t, h
i
i
u h
u h
nh tin c
nh tin c
y, b
y, b
o m
o m
t c s
t c s
d
d
li
li
u, b
u, b
o m
o m
t m
t m
ngu
ngu
n,
n,
ng ph
ng ph
kh
kh
n c
n c
p, lu
p, lu
t m
t m
y t
y t
nh, lu
nh, lu
t ph
t ph
n m
n m
m,
m,
kh
kh
c ph
c ph
c th
c th
m h
m h
a
a
Mn h
Mn h
c n
c n
y t
y t
p trung v
p trung v
o an ninh m
o an ninh m
ng, n
ng, n
hng v
hng v
n c
n c
lin h
lin h
v
v
i nh
i nh
ng lnh v
ng lnh v
c cn l
c cn l
i.
i.
ATMMT ATMMT - - TNNQ TNNQ 7 7
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
1. Eavesdropping
Nghe tr
Nghe tr
m l
m l
m
m
t phng ph
t phng ph
p c
p c
nhng
nhng
hi
hi
u qu
u qu
.
.
S
S
d
d
ng m
ng m
t thi
t thi
t b
t b
m
m
ng (router, card
ng (router, card
m
m
ng
ng
) v
) v
m
m
t chng tr
t chng tr
nh
nh
ng d
ng d
ng
ng
(Tcpdump, Ethereal, Wireshark
(Tcpdump, Ethereal, Wireshark
)
)
gi
gi
m
m
s
s
t lu l
t lu l
ng m
ng m
ng, b
ng, b
t c
t c
c g
c g
i tin i qua
i tin i qua
thi
thi
t b
t b
n
n
y.
y.
Th
Th
c hi
c hi
n d
n d
d
d
ng hn v
ng hn v
i m
i m
ng khng
ng khng
dy.
dy.
ATMMT ATMMT - - TNNQ TNNQ 8 8
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
1. Eavesdropping
Khng c
Khng c
c
c
ch n
ch n
o ngn ch
o ngn ch
n vi
n vi
c nghe
c nghe
tr
tr
m trong m
m trong m
t m
t m
ng cng c
ng cng c
ng.
ng.
ch
ch
ng l
ng l
i vi
i vi
c nghe tr
c nghe tr
m, c
m, c
ch t
ch t
t nh
t nh
t l
t l
m ho
m ho
d
d
li
li
u tr
u tr
c khi truy
c khi truy
n ch
n ch
ng trn
ng trn
m
m
ng.
ng.
Plaintext:
Plaintext:
vn b
vn b
n g
n g
c
c
Cyphertext: chu
Cyphertext: chu
i m
i m
t m
t m
Key: kho
Key: kho
m ho
m ho
ho
ho
c gi
c gi
i m
i m
ATMMT ATMMT - - TNNQ TNNQ 9 9
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
2. Cryptanalysis
L
L
ngh
ngh
thu
thu
t t
t t
m ki
m ki
m thng tin h
m thng tin h
u
u
ch t
ch t
d
d
li
li
u
u
m ho
m ho
m
m
khng c
khng c
n bi
n bi
t kho
t kho
gi
gi
i m.
i m.
V
V
d
d
: phn t
: phn t
ch c
ch c
u tr
u tr
c th
c th
ng k c
ng k c
a c
a c
c k t
c k t
trong phng ph
trong phng ph
p m ho
p m ho
b
b
ng t
ng t
n su
n su
t.
t.
Phng ph
Phng ph
p n
p n
y th
y th
ng s
ng s
d
d
ng c
ng c
c cng c
c cng c
to
to
n h
n h
c v
c v
m
m
y t
y t
nh c
nh c
hi
hi
u su
u su
t cao.
t cao.
C
C
ch ch
ch ch
ng l
ng l
i ph
i ph
m:
m:
S S d d ng nh ng nh ng gi ng gi i thu i thu t m ho t m ho khng th khng th hi hi n c n c u tr u tr c c
th th ng k trong chu ng k trong chu i m i m t m. t m.
Kho Kho c c d d i l i l n n ch ch ng Brute ng Brute- -force attacks. force attacks.
ATMMT ATMMT - - TNNQ TNNQ 10 10
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
C ch
C ch
ch
ch
ng th
ng th
c
c
c s
c s
d
d
ng r
ng r
ng ri
ng ri
nh
nh
t l
t l
d
d
ng username v
ng username v
password.
password.
C
C
c phng ph
c phng ph
p thng d
p thng d
ng bao g
ng bao g
m:
m:
Guessing
Guessing
Social engineering
Social engineering
Dictionary
Dictionary
Password sniffing
Password sniffing
ATMMT ATMMT - - TNNQ TNNQ 11 11
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Guessing: hi
Guessing: hi
u qu
u qu
i v
i v
i c
i c
c m
c m
t kh
t kh
u ng
u ng
n
n
ho
ho
c ng
c ng
i d
i d
ng qun
ng qun
i m
i m
t kh
t kh
u ng
u ng
m
m
nh.
nh.
10 m
10 m
t kh
t kh
u ph
u ph
bi
bi
n nh
n nh
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Social engineering: l
Social engineering: l
phng ph
phng ph
p s
p s
d
d
ng c
ng c
c
c
k
k
nng x h
nng x h
i
i
n c
n c
p thng tin m
p thng tin m
t c
t c
a
a
ng
ng
i kh
i kh
c.
c.
Mo danh (Impersonate)
La o (Physing) qua email, websites
Thu thp thng tin t giy t b loi b
To trang web ng nhp gi
ATMMT ATMMT - - TNNQ TNNQ 13 13
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Dictionary Attacks
:
:
Ch nhng mt khu c m ho mi c lu
trn h thng my tnh.
H iu hnh UNIX v LINUX: mt khu c m
ho vi dng m ASCII ca cc user c lu trong
/etc/passwd (cc versions c) v /etc/shadows (cc
versions mi hn).
H iu hnh Windows NT/XP: tn user v mt khu
ca user c m ho c lu trong registry ca
h thng vi tn file l SAM.
Dictionary attacks: duyt tm t mt t in (thu c
t cc file SAM) cc username v password c
m ho.
ATMMT ATMMT - - TNNQ TNNQ 14 14
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Password Sniffing
:
:
L L m m t ph t ph n m n m m d m d ng ng b b t c t c c thng tin ng nh c thng tin ng nh p p
t t xa nh username v xa nh username v password password i v i v i c i c c c ng d ng d ng ng
m m ng ph ng ph bi bi n nh Telnet n nh Telnet, F , FTP, S TP, SMTP, PO MTP, POP3. P3.
gy kh gy kh khn cho vi khn cho vi c Password Sniffing, c c Password Sniffing, c th th
d d ng nh ng nh ng chng tr ng chng tr nh nh c bi c bi t ( t (nh SSH trong nh SSH trong
HTTPS HTTPS ) ) m ho m ho t t t c t c c c c thng i c thng i p truy p truy n. n.
Cain & Abel l Cain & Abel l m m t cng c t cng c khi ph khi ph c m c m t kh t kh u trong h u trong h
i i u h u h nh Microsoft v nh Microsoft v c c ng l ng l m m t cng c t cng c password password
sniffing c sniffing c th th b b t v t v ph ph m c m c c password c password c m c m
ho ho s s d d ng t ng t i i n ho n ho c brute c brute- -force. C force. C th th download download
cng c cng c n n y t y t i http://www.oxid.it/cain.html. i http://www.oxid.it/cain.html.
ATMMT ATMMT - - TNNQ TNNQ 15 15
ATMMT ATMMT - - TNNQ TNNQ 16 16
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Mt s phng php chng minh danh tnh ngi
dng ang c s dng
:
:
S S d d ng m ng m t kh t kh u b u b m m t (secret passwords): ph t (secret passwords): ph bi bi n n
nh nh t. S t. S d d ng tn ng ng tn ng i d i d ng v ng v m m t kh t kh u c u c a ng a ng i i
d d ng. ng.
S S d d ng sinh tr ng sinh tr c h c h c (biometrics): s c (biometrics): s d d ng c ng c c t c t nh nng nh nng
c c o c o c a sinh h a sinh h c nh vn tay c nh vn tay, vng m , vng m c c nh nh vi vi c c
k k t n t n i c i c c thi c thi t b t b sinh tr sinh tr c h c h c (kh c (kh t ti t ti n, ch n, ch d d ng t ng t i i
nh nh ng ni yu c ng ni yu c u b u b o m o m t t m m c c cao) v cao) v o m o m y t y t nh nh
nh m nh m y y c d c d u vn tay, m u vn tay, m y qu y qu t vng m t vng m c c
S S d d ng ch ng ch ng th ng th c ( c (authenticating items): dng mt s
giao thc xc thc nh Kerberos
ATMMT ATMMT - - TNNQ TNNQ 17 17
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Mt s quy tc bo v mt khu
:
:
S S d d ng m ng m t kh t kh u d u d i k i k t h t h p gi p gi a ch a ch th th ng, ch ng, ch
hoa, s hoa, s v v c c c k t c k t c bi c bi t nh t nh $ # & %. Khng d $ # & %. Khng d ng ng
c c c t c t c c trong t trong t i i n, c n, c c tn v c tn v m m t kh t kh u thng d u thng d ng. ng.
- -> gy kh > gy kh khn cho vi khn cho vi c o c o n m n m t kh t kh u (guessing u (guessing
attacks) v attacks) v t t n cng s n cng s d d ng t ng t i i n (dictionary attacks). n (dictionary attacks).
Khng ti Khng ti t l t l m m t kh t kh u v u v i nh i nh ng ng ng ng i khng c i khng c th th m m
quy quy n ho n ho c qua i c qua i n tho n tho i, i, th i th i n t n t - -> ch > ch ng l ng l i i
social engineering. social engineering.
Thay Thay i m i m t kh t kh u u nh k nh k v v khng s khng s d d ng tr ng tr l l i i
nh nh ng m ng m t kh t kh u c u c ch ch ng l ng l i nh i nh ng cu ng cu c t c t n cng t n cng t
i i n ho n ho c m c m t kh t kh u c u c c nh c nh n di n di n. n.
ATMMT ATMMT - - TNNQ TNNQ 18 18
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
3. Password Pilfering
Mt s quy tc bo v mt khu
:
:
Khng s Khng s d d ng c ng c ng m ng m t m t m t kh t kh u cho c u cho c c t c t i kho i kho n n
kh kh c nhau nh c nhau nh m m m b m b o c o c c t c t i kho i kho n kh n kh c v c v n an to n an to n n
khi m khi m t kh t kh u c u c a m a m t t t t i kho i kho n b n b l l . .
Khng s Khng s d d ng nh ng nh ng ph ng ph n m n m m ng nh m ng nh p t p t xa m xa m
khng c khng c c ch c ch m ho m ho m m t kh t kh u v u v m m t s t s thng tin thng tin
quan tr quan tr ng kh ng kh c. c.
Hu Hu ho ho n to n to n c n c c t c t i li i li u c u c lu c lu c c thng tin quan tr c thng tin quan tr ng. ng.
Tr Tr nh nh nh nh p c p c c thng tin trong c c thng tin trong c c c c c a s a s popup. popup.
Khng click v Khng click v o c o c c lin k c lin k t trong c t trong c c email kh c email kh nghi. nghi.
ATMMT ATMMT - - TNNQ TNNQ 19 19
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
L
L
phng ph
phng ph
p t
p t
n cng cho ph
n cng cho ph
p k
p k
t
t
n cng
n cng
m
m
o nh
o nh
n n
n n
n nhn m
n nhn m
khng c
khng c
n s
n s
d
d
ng m
ng m
t
t
kh
kh
u c
u c
a n
a n
n nhn.
n nhn.
C
C
c phng ph
c phng ph
p ph
p ph
bi
bi
n bao g
n bao g
m:
m:
Man Man- -in in- -the the- -midle attacks midle attacks
Message replays attacks Message replays attacks
Network spoofing attacks Network spoofing attacks
Software exploitation attacks Software exploitation attacks
ATMMT ATMMT - - TNNQ TNNQ 20 20
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Man
Man
-
-
in
in
-
-
the
the
-
-
midle attacks
midle attacks
K K t t n cng c n cng c g g ng d ng d n x n x p v p v i thi i thi t b t b m m ng (ho ng (ho c c c c i i
t m t m t thi t thi t b t b c c a ring m a ring m nh) gi nh) gi a hai ho a hai ho c nhi c nhi u ng u ng i i
s s d d ng, s ng, sau au ch ch n v n v s s a a i hay l i hay l m gi m gi d d li li u u
truy truy n gi n gi a nh a nh ng ng ng ng i s i s d d ng r ng r i truy i truy n ch n ch ng nh ng nh
cha t cha t ng b ng b t t c c ng b ng b i k i k t t n cng. n cng.
C C c ng c ng i d i d ng v ng v n tin r n tin r ng h ng h ang tr ang tr c ti c ti p n p n i chuy i chuy n n
v v i nhau, khng nh i nhau, khng nh n ra r n ra r ng s ng s b b o m o m t v t v t t nh to nh to n v n v n n
d d li li u c u c a c a c c g c g i tin IP m i tin IP m h h nh nh n n c khng cn c khng cn. .
M ho M ho v v ch ch ng th ng th c c c c c g c g i IP l i IP l bi bi n ph n ph p ch p ch nh nh
ngn ch ngn ch n c n c c cu c cu c t c t n cng Man n cng Man- -in in- -the the- -midle. Nh midle. Nh ng k ng k
t t n cng khng th n cng khng th c ho c ho c s c s a a i m i m t g t g i tin IP i tin IP
c m ho c m ho m m khng ph khng ph i gi i gi i m n i m n . .
ATMMT ATMMT - - TNNQ TNNQ 21 21
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Man
Man
-
-
in
in
-
-
the
the
-
-
midle attacks
midle attacks
ATMMT ATMMT - - TNNQ TNNQ 22 22
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Message replays:
Message replays:
Trong m
Trong m
t s
t s
giao th
giao th
c x
c x
c th
c th
c,
c,
sau khi ng
sau khi ng
i
i
d
d
ng A ch
ng A ch
ng th
ng th
c m
c m
nh v
nh v
i h
i h
th
th
ng l
ng l
m
m
t ng
t ng
i
i
d
d
ng h
ng h
p ph
p ph
p, A s
p, A s
c c
c c
p m
p m
t ch
t ch
ng th
ng th
c
c
(gi
(gi
y ph
y ph
p) thng qua. V
p) thng qua. V
i gi
i gi
y ph
y ph
p n
p n
y, A s
y, A s
nh
nh
n
n
c nh
c nh
ng d
ng d
ch v
ch v
cung c
cung c
p b
p b
i h
i h
th
th
ng. Gi
ng. Gi
y
y
ph
ph
p n
p n
y
y
c m h
c m h
a v
a v
khng th
khng th
s
s
a
a
i.
i.
Tuy nhin, nh
Tuy nhin, nh
ng k
ng k
t
t
n cng c
n cng c
th
th
ngn ch
ngn ch
n n
n n
,
,
gi
gi
m
m
t b
t b
n sao, v
n sao, v
s
s
d
d
ng n
ng n
sau n
sau n
y
y
m
m
o
o
nh
nh
n
n
(
(
ng vai)
ng vai)
ng
ng
i d
i d
ng A
ng A
c
c
c c
c c
c d
c d
ch
ch
v
v
t
t
h
h
th
th
ng.
ng.
ATMMT ATMMT - - TNNQ TNNQ 23 23
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Network Spoofing: IP Spoofing l
Network Spoofing: IP Spoofing l
m
m
t trong nh
t trong nh
ng
ng
k
k
thu
thu
t l
t l
a g
a g
t ch
t ch
nh trn m
nh trn m
ng. Bao g
ng. Bao g
m:
m:
t cu
t cu
c t
c t
n cng SYN
n cng SYN
flooding, k
flooding, k
t
t
n cng l
n cng l
p
p
y b
y b
m TCP c
m TCP c
a
a
m
m
y t
y t
nh m
nh m
c tiu v
c tiu v
i m
i m
t kh
t kh
i l
i l
ng l
ng l
n c
n c
c
c
g
g
i SYN, l
i SYN, l
m cho m
m cho m
y t
y t
nh m
nh m
c tiu khng th
c tiu khng th
thi
thi
t l
t l
p c
p c
c v
c v
i c
i c
c m
c m
y t
y t
nh
nh
kh
kh
c.
c.
Khi i
Khi i
u n
u n
y x
y x
y ra, c
y ra, c
c m
c m
y t
y t
nh m
nh m
c tiu
c tiu
c g
c g
i l
i l
m
m
t m
t m
y t
y t
nh cm.
nh cm.
ATMMT ATMMT - - TNNQ TNNQ 24 24
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Network Spoofing: l
Network Spoofing: l
m
m
t trong nh
t trong nh
ng k
ng k
thu
thu
t l
t l
a g
a g
t ch
t ch
nh trn m
nh trn m
ng. Bao g
ng. Bao g
m:
m:
TCP hijacking:
TCP hijacking:
L
L
m
m
t k
t k
thu
thu
t s
t s
d
d
ng c
ng c
c g
c g
i tin gi
i tin gi
m
m
o
o
chi
chi
m o
m o
t m
t m
t k
t k
t n
t n
i gi
i gi
a m
a m
y t
y t
nh n
nh n
n
n
nhn v
nhn v
m
m
y
y
ch. M
ch. M
y n
y n
n nhn b
n nhn b
treo v
treo v
hacker c
hacker c
th
th
truy
truy
n thng v
n thng v
i m
i m
y
y
ch nh
ch nh
hacker ch
hacker ch
nh l
nh l
n
n
n nhn.
n nhn.
ngn ch
ngn ch
n TCP hijacking, c
n TCP hijacking, c
th
th
s
s
d
d
ng
ng
ph
ph
n m
n m
m nh TCP Wrappers
m nh TCP Wrappers
ki
ki
m tra
m tra
a ch
a ch
IP t
IP t
i t
i t
ng TCP (t
ng TCP (t
ng Transport).
ng Transport).
ATMMT ATMMT - - TNNQ TNNQ 26 26
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
TCP hijacking
ATMMT ATMMT - - TNNQ TNNQ 27 27
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Network Spoofing: IP Spoofing l
Network Spoofing: IP Spoofing l
m
m
t trong nh
t trong nh
ng k
ng k
thu
thu
t l
t l
a g
a g
t ch
t ch
nh trn m
nh trn m
ng. Bao g
ng. Bao g
m:
m:
m
m
t giao
t giao
th
th
c phn gi
c phn gi
i
i
a ch
a ch
t
t
i t
i t
ng lin k
ng lin k
t c
t c
th
th
chuy
chuy
n
n
i
i
a ch
a ch
IP
IP
ch trong header IP
ch trong header IP
n
n
a ch
a ch
MAC
MAC
c
c
a m
a m
y t
y t
nh t
nh t
i m
i m
ng
ng
ch. Trong m
ch. Trong m
t cu
t cu
c t
c t
n
n
cng gi
cng gi
m
m
o ARP, k
o ARP, k
t
t
n cng thay
n cng thay
i
i
a ch
a ch
MAC
MAC
ch h
ch h
p ph
p ph
p c
p c
a m
a m
t
t
a ch
a ch
IP
IP
n m
n m
t
t
a ch
a ch
MAC kh
MAC kh
c
c
c l
c l
a ch
a ch
n b
n b
i nh
i nh
ng k
ng k
t
t
n cng.
n cng.
ngn ch
ngn ch
n c
n c
c cu
c cu
c t
c t
n
n
ph
ph
i tng c
i tng c
ng ki
ng ki
m tra c
m tra c
c tn mi
c tn mi
n, v
n, v
ch
ch
c ch
c ch
n
n
r
r
ng
ng
a ch
a ch
IP ngu
IP ngu
n v
n v
a ch
a ch
IP
IP
ch trong m
ch trong m
t g
t g
i
i
tin IP khng
tin IP khng
c thay
c thay
n.
n.
ATMMT ATMMT - - TNNQ TNNQ 28 28
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Network Spoofing: IP Spoofing l
Network Spoofing: IP Spoofing l
m
m
t trong nh
t trong nh
ng k
ng k
thu
thu
t l
t l
a g
a g
t ch
t ch
nh trn m
nh trn m
ng. Bao g
ng. Bao g
m:
m:
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
4. Identity Spoofing
Network Spoofing: IP Spoofing l
Network Spoofing: IP Spoofing l
m
m
t trong nh
t trong nh
ng k
ng k
thu
thu
t l
t l
a g
a g
t ch
t ch
nh trn m
nh trn m
ng. Bao g
ng. Bao g
m:
m:
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
5. Buffer-Overflow Exploitations
L
L
m
m
t l
t l
h
h
ng ph
ng ph
n m
n m
m ph
m ph
bi
bi
n. L
n. L
i n
i n
y x
y x
y ra
y ra
khi qu
khi qu
tr
tr
nh ghi d
nh ghi d
li
li
u v
u v
o b
o b
m nhi
m nhi
u hn k
u hn k
ch
ch
th
th
c kh
c kh
d
d
ng c
ng c
a n
a n
.
.
C
C
c h
c h
trong ngn ng
trong ngn ng
C c
C c
th
th
b
b
khai th
khai th
c v
c v
khng ki
khng ki
m tra xem li
m tra xem li
u b
u b
m c
m c
l
l
n
n
d
d
li
li
u
u
c sao ch
c sao ch
p v
p v
o m
o m
khng gy ra
khng gy ra
tr
tr
n b
n b
m hay khng.
m hay khng.
ATMMT ATMMT - - TNNQ TNNQ 31 31
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
6. Repudiation
Trong m
Trong m
t s
t s
tr
tr
ng h
ng h
p ch
p ch
s
s
h
h
u c
u c
a d
a d
li
li
u
u
c
c
th
th
khng th
khng th
a nh
a nh
n quy
n quy
n s
n s
h
h
u c
u c
a d
a d
li
li
u
u
tr
tr
nh h
nh h
u qu
u qu
ph
ph
p l.
p l.
Ng
Ng
i n
i n
y c
y c
th
th
cho
cho
r
r
ng cha bao gi
ng cha bao gi
g
g
i ho
i ho
c nh
c nh
n c
n c
c d
c d
li
li
u
u
.
.
Ngay c
Ngay c
khi d
khi d
li
li
u
u
c ch
c ch
ng th
ng th
c, ch
c, ch
s
s
h
h
u c
u c
a d
a d
li
li
u x
u x
c th
c th
c c
c c
th
th
thuy
thuy
t ph
t ph
c quan
c quan
ta r
ta r
ng v
ng v
nh
nh
ng s h
ng s h
, b
, b
t c
t c
ai c
ai c
ng c
ng c
th
th
d
d
d
d
ng ch
ng ch
t
t
o tin nh
o tin nh
n v
n v
l
l
m cho n
m cho n
trng gi
trng gi
ng
ng
nh th
nh th
t.
t.
S
S
d
d
ng c
ng c
c thu
c thu
t to
t to
n m h
n m h
a v
a v
x
x
c th
c th
c c
c c
th
th
gi
gi
p ngn ng
p ngn ng
a c
a c
c cu
c cu
c t
c t
n cng b
n cng b
c b
c b
.
.
ATMMT ATMMT - - TNNQ TNNQ 33 33
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
7. Intrusion
L
L
k
k
xm nh
xm nh
p b
p b
t h
t h
p ph
p ph
p v
p v
o m
o m
t m
t m
ng v
ng v
i m
i m
c
c
ch truy c
ch truy c
p v
p v
o h
o h
th
th
ng m
ng m
y t
y t
nh c
nh c
a ng
a ng
i kh
i kh
c,
c,
nh c
nh c
p thng tin v
p thng tin v
t
t
i nguyn m
i nguyn m
y t
y t
nh ho
nh ho
c bng
c bng
thng c
thng c
a n
a n
n nhn.
n nhn.
C
C
u h
u h
nh s h
nh s h
, giao th
, giao th
c sai s
c sai s
t, t
t, t
c d
c d
ng ph
ng ph
c
c
a
a
ph
ph
n m
n m
m
m
u c
u c
th
th
b
b
khai th
khai th
c b
c b
i k
i k
xm nh
xm nh
p.
p.
M
M
c
c
c c
c c
ng UDP ho
ng UDP ho
c TCP khng c
c TCP khng c
n thi
n thi
t l
t l
m
m
t
t
s h
s h
ph
ph
bi
bi
n.
n.
ng c
ng c
c c
c c
ng n
ng n
y l
y l
i c
i c
th
th
gi
gi
m
m
thi
thi
u vi
u vi
c xm nh
c xm nh
p.
p.
IP scan v
IP scan v
Port scan l
Port scan l
nh
nh
ng cng c
ng cng c
hack ph
hack ph
bi
bi
n
n
thu
thu
c d
c d
ng n
ng n
y v
y v
c
c
ng l
ng l
nh
nh
ng cng c
ng cng c
gi
gi
p ng
p ng
i
i
d
d
ng ki
ng ki
m tra
m tra
c c
c c
c l
c l
h
h
ng trong h
ng trong h
th
th
ng.
ng.
ATMMT ATMMT - - TNNQ TNNQ 34 34
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
M
M
c tiu c
c tiu c
a cu
a cu
c t
c t
n cng t
n cng t
ch
ch
i d
i d
ch v
ch v
l
l
ngn
ngn
ch
ch
n ng
n ng
i d
i d
ng h
ng h
p ph
p ph
p s
p s
d
d
ng nh
ng nh
ng d
ng d
ch v
ch v
m
m
h
h
th
th
ng nh
ng nh
n
n
c t
c t
c
c
c m
c m
y ch
y ch
.
.
C
C
c cu
c cu
c t
c t
n cng nh v
n cng nh v
y th
y th
ng bu
ng bu
c m
c m
y t
y t
nh
nh
m
m
c tiu ph
c tiu ph
i x
i x
l m
l m
t s
t s
l
l
ng l
ng l
n nh
n nh
ng th
ng th
v
v
d
d
ng, hy v
ng, hy v
ng m
ng m
y t
y t
nh n
nh n
y s
y s
tiu th
tiu th
t
t
t c
t c
c
c
c
c
ngu
ngu
n t
n t
i nguyn quan tr
i nguyn quan tr
ng.
ng.
M
M
t cu
t cu
c t
c t
n cng t
n cng t
ch
ch
i d
i d
ch v
ch v
c
c
th
th
c ph
c ph
t
t
sinh t
sinh t
m
m
t m
t m
y t
y t
nh duy nh
nh duy nh
t (DoS), ho
t (DoS), ho
c t
c t
m
m
t
t
nh
nh
m c
m c
c m
c m
y t
y t
nh phn b
nh phn b
trn m
trn m
ng Internet
ng Internet
(DDoS).
(DDoS).
ATMMT ATMMT - - TNNQ TNNQ 35 35
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
DoS c
DoS c
c
c
c h
c h
nh th
nh th
c c b
c c b
n sau:
n sau:
Smurf
Buffer Overflow Attack
Ping of death
Teardrop
SYN Attack
Cng c
Cng c
th
th
c hi
c hi
n t
n t
n cng DoS c
n cng DoS c
th
th
l
l
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
DoS: Smurf l
DoS: Smurf l
m
m
t lo
t lo
i t
i t
n cng DoS i
n cng DoS i
n
n
h
h
nh. M
nh. M
y c
y c
a attacker s
a attacker s
g
g
i r
i r
t nhi
t nhi
u l
u l
nh
nh
ping
ping
n m
n m
t s
t s
l
l
ng l
ng l
n m
n m
y t
y t
nh trong m
nh trong m
t
t
th
th
i gian ng
i gian ng
n trong
n trong
a ch
a ch
IP ngu
IP ngu
n c
n c
a
a
g
g
i ICMP echo s
i ICMP echo s
c thay th
c thay th
b
b
i
i
a ch
a ch
IP
IP
c
c
a n
a n
n nhn. C
n nhn. C
c m
c m
y t
y t
nh n
nh n
y s
y s
tr
tr
l
l
i c
i c
c
c
g
g
i ICMP reply
i ICMP reply
n m
n m
y n
y n
n nhn. Bu
n nhn. Bu
c ph
c ph
i
i
x
x
l m
l m
t s
t s
l
l
ng qu
ng qu
l
l
n c
n c
c g
c g
i ICMP
i ICMP
reply trong m
reply trong m
t th
t th
i gian ng
i gian ng
n khi
n khi
n t
n t
i
i
nguyn c
nguyn c
a m
a m
y b
y b
c
c
n ki
n ki
t v
t v
m
m
y s
y s
b
b
s
s
p
p
.
.
ATMMT ATMMT - - TNNQ TNNQ 37 37
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
DoS:
DoS:
Smurt attack
ATMMT ATMMT - - TNNQ TNNQ 38 38
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
DDoS (
DDoS (Distributed DoS) c c ch hot ng
:
:
Attackers th
Attackers th
ng s
ng s
d
d
ng Trojan
ng Trojan
ki
ki
m so
m so
t
t
c
c
ng l
ng l
c nhi
c nhi
u m
u m
y t
y t
nh n
nh n
i m
i m
ng.
ng.
Attacker c
Attacker c
i
i
t m
t m
t ph
t ph
n m
n m
m
m
c bi
c bi
t (ph
t (ph
n
n
m
m
m zombie) ln c
m zombie) ln c
c m
c m
y t
y t
nh n
nh n
y (m
y (m
y t
y t
nh
nh
zombie)
zombie)
t
t
o ra m
o ra m
t
t
m t
m t
y trn m
y trn m
y n
y n
n nhn.
n nhn.
Ph
Ph
t h
t h
nh m
nh m
t l
t l
nh t
nh t
n cng v
n cng v
o c
o c
c m
c m
y t
y t
nh
nh
zombie
zombie
kh
kh
i
i
ng m
ng m
t cu
t cu
c t
c t
ng m
ng m
t m
t m
c tiu (m
c tiu (m
y n
y n
n nhn) c
n nhn) c
ng m
ng m
t l
t l
c.
c.
ATMMT ATMMT - - TNNQ TNNQ 39 39
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
C
C
c ph
c ph
n m
n m
m
m
c h
c h
i bao g
i bao g
m:
m:
Virus,
Virus,
Worms,
Worms,
Trojan horses,
Trojan horses,
Logic bombs,
Logic bombs,
Backdoors
Backdoors
Spyware.
Spyware.
ATMMT ATMMT - - TNNQ TNNQ 42 42
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Virus
Virus
L
L
m
m
t ph
t ph
n m
n m
m c
m c
th
th
sao ch
sao ch
p ch
p ch
nh n
nh n
. N
. N
khng
khng
ng m
ng m
t m
t m
nh m
nh m
ph
ph
i g
i g
n v
n v
o m
o m
t t
t t
p tin
p tin
ho
ho
c m
c m
t chng tr
t chng tr
nh kh
nh kh
c.
c.
Khi m
Khi m
t chng tr
t chng tr
nh b
nh b
nhi
nhi
m virus m
m virus m
y t
y t
nh
nh
c
c
th
th
c hi
c hi
n ho
n ho
c m
c m
t t
t t
p tin b
p tin b
nhi
nhi
m
m
c m
c m
ra,
ra,
lo
lo
i virus ch
i virus ch
a trong n
a trong n
s
s
c th
c th
c thi.
c thi.
Khi th
Khi th
c hi
c hi
n, virus c
n, virus c
th
th
l
l
m h
m h
i m
i m
y t
y t
nh v
nh v
sao
sao
ch
ch
p ch
p ch
nh n
nh n
ly nhi
ly nhi
m sang m
m sang m
y kh
y kh
c trong
c trong
h
h
th
th
ng.
ng.
ATMMT ATMMT - - TNNQ TNNQ 43 43
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Worms
Worms
C
C
ng l
ng l
m
m
t chng tr
t chng tr
nh c
nh c
th
th
t
t
sao ch
sao ch
p ch
p ch
nh
nh
n
n
. N
. N
hng khng gi
hng khng gi
ng nh virus
ng nh virus
, Worm l
, Worm l
m
m
t
t
chng tr
chng tr
nh
nh
ng m
ng m
t m
t m
nh (stand alone
nh (stand alone
program). N
program). N
i c
i c
ch kh
ch kh
c l
c l
n
n
khng c
khng c
n v
n v
t ch
t ch
k sinh.
k sinh.
M
M
t Worm c
t Worm c
th
th
t
t
th
th
c thi t
c thi t
i b
i b
t k
t k
th
th
i i
i i
m
m
n
n
o n
o n
mu
mu
n.
n.
Khi th
Khi th
c thi, Worm c
c thi, Worm c
th
th
gy nguy hi
gy nguy hi
m cho h
m cho h
th
th
ng ni n
ng ni n
th
th
ng tr
ng tr
ho
ho
c t
c t
i sinh ch
i sinh ch
nh n
nh n
trn
trn
c
c
c h
c h
th
th
ng qua m
ng qua m
ng.
ng.
ATMMT ATMMT - - TNNQ TNNQ 44 44
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Trojan horses
Trojan horses
:
:
Th
Th
ng ngu
ng ngu
trang m
trang m
nh k
nh k
m theo nh
m theo nh
ng chng
ng chng
tr
tr
nh
nh
ng d
ng d
ng thng th
ng thng th
ng v
ng v
v h
v h
i nh tr
i nh tr
chi ho
chi ho
c nh
c nh
ng cng c
ng cng c
mi
mi
n ph
n ph
ng
ng
i d
i d
ng
ng
t
t
i v
i v
m
m
y.
y.
Trojan khng t
Trojan khng t
sinh s
sinh s
ch
ch
th
th
c hi
c hi
n khi ng
n khi ng
i d
i d
ng ch
ng ch
y chng tr
y chng tr
nh c
nh c
nh k
nh k
m Trojan.
m Trojan.
Ch
Ch
c nng ch
c nng ch
nh c
nh c
a Trojan l
a Trojan l
i
i
u khi
u khi
n m
n m
y t
y t
nh
nh
t
t
xa
xa
,
,
n c
n c
p thng tin c
p thng tin c
a n
a n
n nhn ho
n nhn ho
c l
c l
m
m
nhi
nhi
m v
m v
backdoor.
backdoor.
ATMMT ATMMT - - TNNQ TNNQ 45 45
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Logic bombs
Logic bombs
Bom logic l
Bom logic l
chng tr
chng tr
nh con ho
nh con ho
c l
c l
nh
nh
c nh
c nh
ng
ng
trong m
trong m
t chng tr
t chng tr
nh. S
nh. S
thi h
thi h
nh c
nh c
a n
a n
c k
c k
ch
ch
ho
ho
t b
t b
i cu l
i cu l
nh i
nh i
u ki
u ki
n.
n.
V
V
d
d
, m
, m
m vi
m vi
c trn m
c trn m
t d
t d
n
n
ph
ph
t tri
t tri
n c
n c
th
th
c
c
i
i
t m
t m
t qu
t qu
t chng tr
t chng tr
nh. Qu
nh. Qu
bom
bom
c k
c k
ch ho
ch ho
t ch
t ch
n
n
u
u
nhn vin n
nhn vin n
y khng ch
y khng ch
y chng tr
y chng tr
nh trong m
nh trong m
t
t
th
th
i gian nh
i gian nh
t
t
nh. K
nh. K
hi i
hi i
u ki
u ki
n
n
c
c
p
p
ng, c
ng, c
ngh
ngh
a l
a l
nhn vin n
nhn vin n
y b
y b
sa th
sa th
i m
i m
t th
t th
i gian
i gian
tr
tr
c
c
. Qu
. Qu
ng h
ng h
p n
p n
y
y
c
c
s
s
d
d
ng
ng
tr
tr
th
th
ch
ch
ng l
ng l
i ch
i ch
nhn.
nhn.
ATMMT ATMMT - - TNNQ TNNQ 46 46
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Backdoors
Backdoors
Backdoors l
Backdoors l
nh
nh
ng o
ng o
n chng tr
n chng tr
nh b
nh b
m
m
t th
t th
ng
ng
c
c
nh k
nh k
m v
m v
o nh
o nh
ng chng tr
ng chng tr
nh kh
nh kh
c nh
c nh
m
m
gi
gi
p k
p k
t
t
p
p
c v
c v
o h
o h
th
th
ng m
ng m
s
s
n nh
n nh
ng l
ng l
i v
i v
o (c
o (c
ng h
ng h
u)..
u)..
Khi
Khi
c ch
c ch
y trn m
y trn m
y n
y n
n nhn, Backdoors s
n nhn, Backdoors s
th
th
ng tr
ng tr
c trong b
c trong b
nh
nh
, m
, m
m
m
t port (m
t port (m
c
c
nh
nh
ho
ho
c do k
c do k
t
t
n cng quy
n cng quy
nh) gi
nh) gi
p k
p k
t
t
n cng d
n cng d
d
d
ng
ng
t nh
t nh
p v
p v
o m
o m
y n
y n
y.
y.
ATMMT ATMMT - - TNNQ TNNQ 47 47
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Spywares
Spywares
Spyware l
Spyware l
m
m
t lo
t lo
i ph
i ph
n m
n m
m t
m t
c
c
i
i
t
t
ch
ch
nh n
nh n
trn m
trn m
y t
y t
nh c
nh c
a ng
a ng
i d
i d
ng.
ng.
Spyware th
Spyware th
ng
ng
c s
c s
d
d
ng
ng
theo di
theo di
xem ng
xem ng
i d
i d
ng l
ng l
m g
m g
v
v
qu
qu
y r
y r
i h
i h
v
v
i
i
nh
nh
ng thng i
ng thng i
p thng m
p thng m
i xu
i xu
t hi
t hi
n trong
n trong
nh
nh
ng c
ng c
a s
a s
popup
popup
.
.
Th
Th
ng g
ng g
m c
m c
c lo
c lo
i
i Browser hijacking v
Zombieware.
ATMMT ATMMT - - TNNQ TNNQ 48 48
2. C
2. C
c k
c k
thu
thu
t t
t t
n cng ph
n cng ph
bi
bi
n
n
v
v
c ch
c ch
phng th
phng th
9.
9. Malicious Software
Spywares
Spywares
Browser Hijacking:
l
l
m
m
t k
t k
thu
thu
t c
t c
th
th
thay
thay
i
i
c
c
c thi
c thi
t l
t l
p c
p c
a tr
a tr
nh duy
nh duy
t c
t c
a ng
a ng
i d
i d
ng. N
ng. N
c
c
th
th
thay th
thay th
Website m
Website m
c
c
nh c
nh c
a ng
a ng
i d
i d
ng v
ng v
i
i
m
m
t trang web kh
t trang web kh
c
c
c l
c l
a ch
a ch
n b
n b
i k
i k
t
t
n
n
cng. Ho
cng. Ho
c n
c n
c
c
th
th
ngn ch
ngn ch
n ng
n ng
i d
i d
ng truy
ng truy
c
c
p v
p v
o c
o c
c Websites h
c Websites h
mu
mu
n
n
n thm
n thm
.
.
Zombieware: l
Zombieware: l
ph
ph
n m
n m
m c
m c
trn m
trn m
y t
y t
nh c
nh c
a
a
ng
ng
i d
i d
ng v
ng v
bi
bi
n n
n n
th
th
nh m
nh m
t zombie
t zombie
kh
kh
i
i
ng c
ng c
c cu
c cu
c t
c t
n cng DDoS ho
n cng DDoS ho
c th
c th
c hi
c hi
n c
n c
c
c
ho
ho
t
t
ng c
ng c
h
h
i nh g
i nh g
i th r
i th r
c ho
c ho
c ph
c ph
t t
t t
n
n
virus.
virus.
ATMMT ATMMT - - TNNQ TNNQ 49 49
3. L l
3. L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
C
C
c attacker c
c attacker c
th
th
l
l
:
:
Black
Black
-
-
hat hackers
hat hackers
Script kiddies
Script kiddies
Cyber spies
Cyber spies
Vicious employees
Vicious employees
Cyber terrorists
Cyber terrorists
ATMMT ATMMT - - TNNQ TNNQ 50 50
3. L l
3. L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
Black
Black
-
-
hat hackers
hat hackers
Hackers l
Hackers l
nh
nh
ng ng
ng ng
i c
i c
tri th
tri th
c
c
c
c
bi
bi
t v
t v
h
h
th
th
ng m
ng m
y t
y t
nh. H
nh. H
quan tm
quan tm
n nh
n nh
ng chi ti
ng chi ti
t tinh t
t tinh t
c
c
a ph
a ph
n m
n m
m,
m,
gi
gi
i thu
i thu
t, m
t, m
ng m
ng m
y t
y t
nh v
nh v
c
c
u h
u h
nh h
nh h
th
th
ng. H
ng. H
l
l
m
m
t nh
t nh
m ng
m ng
i u t
i u t
,
,
nng
nng
ng,
ng,
c
c
o t
o t
o t
o t
t.
t.
T
T
y theo m
y theo m
c
c
ch, h
ch, h
ackers
ackers
c chia
c chia
th
th
nh hackers m
nh hackers m
en
en
, hackers m
, hackers m
tr
tr
ng
ng
v
v
hackers m
hackers m
x
x
m.
m.
ATMMT ATMMT - - TNNQ TNNQ 51 51
3. L l
3. L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
Script kiddies
Script kiddies
L
L
nh
nh
ng ng
ng ng
i s
i s
d
d
ng c
ng c
c script ho
c script ho
c c
c c
c
c
chng tr
chng tr
nh
nh
c ph
c ph
t tri
t tri
n b
n b
i c
i c
c hacker m
c hacker m
en
en
(nh
(nh
ng cng c
ng cng c
hack
hack
)
)
t
t
n cng c
n cng c
c m
c m
y
y
t
t
nh v
nh v
gy thi
gy thi
t h
t h
i cho ng
i cho ng
i kh
i kh
c.
c.
Script kiddies ch
Script kiddies ch
bi
bi
t s
t s
d
d
ng cng c
ng cng c
hack
hack
t
t
n cng c
n cng c
c m
c m
c tiu ch
c tiu ch
khng hi
khng hi
u c
u c
ch
ch
th
th
c ho
c ho
t
t
ng v
ng v
c
c
ng khng c
ng khng c
kh
kh
nng vi
nng vi
t
t
ra nh
ra nh
ng cng c
ng cng c
tng t
tng t
.
.
a s
a s
Script kiddies ch
Script kiddies ch
l
l
nh
nh
ng thanh thi
ng thanh thi
u
u
nin, kh
nin, kh
ng
ng
nh
nh
n th
n th
c v
c v
ch
ch
n ch
n ch
n
n
hi
hi
u
u
h
h
t nh
t nh
ng h
ng h
u qu
u qu
do m
do m
nh gy ra.
nh gy ra.
ATMMT ATMMT - - TNNQ TNNQ 52 52
3. L l
3. L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
Cyber spies
Cyber spies
C
C
th
th
ho
ho
t
t
ng trn lnh v
ng trn lnh v
c qun s
c qun s
, kinh t
, kinh t
nh ch
nh ch
n truy
n truy
n thng trn m
n thng trn m
ng v
ng v
ph
ph
m c
m c
c
c
thng i
thng i
p
p
c m ho
c m ho
.
.
Nhi
Nhi
u t
u t
ch
ch
c t
c t
nh b
nh b
o l
o l
n trn th
n trn th
gi
gi
i thu
i thu
c
c
c nh
c nh
to
to
n h
n h
c, c
c, c
c nh
c nh
khoa h
khoa h
c m
c m
y t
y t
nh, c
nh, c
c
c
gi
gi
o s
o s
i h
i h
c l
c l
m vi
m vi
c cho h
c cho h
ph
ph
t tri
t tri
n c
n c
c
c
cng c
cng c
nh
nh
m ch
m ch
ng l
ng l
i lo
i lo
i t
i t
i ph
i ph
m n
m n
y.
y.
ATMMT ATMMT - - TNNQ TNNQ 53 53
3. L l
3. L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
Vicious employees
Vicious employees
L
L
nh
nh
ng ng
ng ng
i c
i c
t
t
nh vi ph
nh vi ph
m an ninh
m an ninh
l
l
m h
m h
i nh
i nh
ng ng
ng ng
i s
i s
d
d
ng h
ng h
.
.
T
T
n cng m
n cng m
y t
y t
nh cng ty
nh cng ty
ki
ki
m s
m s
quan tm t
quan tm t
nh
nh
ng ng
ng ng
i lnh
i lnh
o.
o.
Ho
Ho
t
t
ng nh gi
ng nh gi
n i
n i
p m
p m
ng
ng
thu
thu
th
th
p v
p v
b
b
n b
n b
m
m
t c
t c
a cng ty.
a cng ty.
ATMMT ATMMT - - TNNQ TNNQ 54 54
3. L l
3. L l
ch c
ch c
a nh
a nh
ng k
ng k
t
t
n cng
n cng
Cyber terrorists:
Cyber terrorists:
L
L
nh
nh
ng k
ng k
kh
kh
ng b
ng b
c
c
c oan s
c oan s
d
d
ng m
ng m
y t
y t
nh v
nh v
cng ngh
cng ngh
m
m
ng l
ng l
m
m
cng c
cng c
.
.
Ph
Ph
ho
ho
i t
i t
i s
i s
n cng c
n cng c
ng v
ng v
cu
cu
c s
c s
ng
ng
c
c
a nh
a nh
ng ng
ng ng
i v t
i v t
i nn c
i nn c
c k
c k
nguy
nguy
hi
hi
m.
m.
V
V
n cha c
n cha c
nh
nh
ng b
ng b
o c
o c
o
o
y
y
v
v
lo
lo
i t
i t
i ph
i ph
m n
m n
y.
y.
ATMMT ATMMT - - TNNQ TNNQ 55 55
4. M h
4. M h
nh b
nh b
o m
o m
t c b
t c b
n
n
M h
M h
nh b
nh b
o m
o m
t c b
t c b
n g
n g
m 4 th
m 4 th
nh ph
nh ph
n:
n:
H
H
th
th
ng m ho
ng m ho
(Cryptosystem):
(Cryptosystem):
S
S
d
d
ng m
ng m
t m v
t m v
c
c
c giao th
c giao th
c b
c b
o m
o m
t
t
b
b
o
o
v
v
d
d
li
li
u.
u.
C
C
c giao th
c giao th
c b
c b
o m
o m
t bao g
t bao g
m c
m c
c giao th
c giao th
c m
c m
ho
ho
, c
, c
c giao th
c giao th
c ch
c ch
ng th
ng th
c, c
c, c
c giao th
c giao th
c qu
c qu
n
n
l kho
l kho
.
.
T
T
ng l
ng l
a
a
(Firewalls): l
(Firewalls): l
nh
nh
ng g
ng g
i ph
i ph
n m
n m
m
m
c bi
c bi
t c
t c
i trn m
i trn m
y t
y t
nh ho
nh ho
c thi
c thi
t b
t b
m
m
ng
ng
ki
ki
m tra c
m tra c
c g
c g
i tin i v
i tin i v
o v
o v
i ra trn m
i ra trn m
ng.
ng.
ATMMT ATMMT - - TNNQ TNNQ 56 56
4. M h
4. M h
nh b
nh b
o m
o m
t c b
t c b
n
n
M h
M h
nh b
nh b
o m
o m
t c b
t c b
n g
n g
m 4 th
m 4 th
nh ph
nh ph
n:
n:
H
H
th
th
ng ph
ng ph
n m
n m
m ch
m ch
ng
ng
c h
c h
i
i
(Anti
(Anti
-
-
Malicious
Malicious
System software
System software
AMS software): qu
AMS software): qu
t c
t c
c th m
c th m
c
c
h
h
th
th
ng, t
ng, t
p tin,
p tin,
registry
registry
, s
, s
au
au
nh
nh
n di
n di
n, c
n, c
ch ly
ch ly
ho
ho
c xo
c xo
c
c
c m
c m
c h
c h
i.
i.
H
H
th
th
ng t
ng t
m ki
m ki
m xm nh
m xm nh
p
p
(Intrusion Detection
(Intrusion Detection
System
System
IDS): gi
IDS): gi
m s
m s
t vi
t vi
c ng nh
c ng nh
p v
p v
o h
o h
th
th
ng
ng
v
v
h
h
nh vi c
nh vi c
a ng
a ng
i d
i d
ng, phn t
ng, phn t
ch file log
ch file log
nh
nh
n
n
di
di
n v
n v
a ra c
a ra c
nh b
nh b
o khi khi ph
o khi khi ph
t hi
t hi
n c
n c
s
s
xm
xm
nh
nh
p.
p.
ATMMT ATMMT - - TNNQ TNNQ 57 57
4. M h
4. M h
nh b
nh b
o m
o m
t c b
t c b
n
n
Bn thnh phn ca m hnh bo mt c bn
ATMMT ATMMT - - TNNQ TNNQ 58 58
4. M h
4. M h
nh b
nh b
o m
o m
t c b
t c b
n
n
M hnh mng ca h thng m ho
ATMMT ATMMT - - TNNQ TNNQ 59 59
5. B
5. B
i t
i t
p
p
1.
1.
Ki
Ki
n th
n th
c c b
c c b
n v
n v
m
m
ng m
ng m
y t
y t
nh
nh
1. 1. M t M t c c u tr u tr c c c c a m a m t g t g i TCP v i TCP v gi gi i th i th ch c ch c c ch c ch c nng c nng
c c a TCP header. a TCP header.
2. 2. M t M t c c u tr u tr c c c c a m a m t g t g i IP v i IP v gi gi i th i th ch c ch c c ch c ch c nng c c nng c a a
IP header. IP header.
3. 3. Tr Tr nh b nh b y ch y ch c nng ch c nng ch nh c nh c a giao th a giao th c ARP. c ARP.
4. 4. Tr Tr nh b nh b y ch y ch c nng ch c nng ch nh c nh c a giao th a giao th c ICMP. c ICMP.
5. 5. Tr Tr nh b nh b y ch y ch c nng ch c nng ch nh c nh c a giao th a giao th c SMTP. c SMTP.
6. 6. M t M t giao th giao th c b c b t tay ba b t tay ba b c (Three c (Three- -way handshake). way handshake).
7. 7. Nu s Nu s kh kh c bi c bi t gi t gi a giao th a giao th c TCP v c TCP v UDP. UDP.
8. 8. So s So s nh nh nh nh ng kh ng kh c bi c bi t ch t ch nh gi nh gi a IPv4 v a IPv4 v IPv6. IPv6.
9. 9. Tr Tr nh b nh b y ch y ch c nng c b c nng c b n c n c a router v a router v switch. switch.
ATMMT ATMMT - - TNNQ TNNQ 60 60
5. B
5. B
i t
i t
p
p
2.
2.
S
S
d
d
ng c
ng c
c cng c
c cng c
qu
qu
n tr
n tr
m
m
ng
ng
1. 1. Nu cng d Nu cng d ng v ng v c c ch s ch s d d ng c ng c c l c l nh nh ipconfig, ping, ipconfig, ping,
tracert, nslookup, netstat tracert, nslookup, netstat trong h trong h i i u h u h nh Windows. nh Windows.
2. 2. Trong h Trong h i i u h u h nh UNIX hay LINUX, nu c nh UNIX hay LINUX, nu c ch s ch s d d ng c ng c c c
l l nh nh ping, nlslookup, netstat, arp ping, nlslookup, netstat, arp v v gi gi i th i th ch c ch c c k c k t qu t qu thu thu
c. c.
3. 3. Nu c Nu c ch t ch t m m m m t s t s thng tin nh host name thng tin nh host name, , a ch a ch MAC MAC, ,
a ch a ch IP, subnet mask, default gateway trn m IP, subnet mask, default gateway trn m y PC trong h y PC trong h
i i u h u h nh Windows v nh Windows v Linux. Linux.
4. 4. M M c c a s a s cmd trong h cmd trong h i i u h u h nh Windows v nh Windows v nh nh p l p l nh nh
netstat netstat ano ano. Gi . Gi i th i th ch c ch c c k c k t qu t qu thu thu c. T c. T s s port v port v
PID thu PID thu c nh c nh l l nh netstat, d nh netstat, d ng Windows Task Manager ng Windows Task Manager
nh nh n di n di n chng tr n chng tr nh ang ch nh ang ch y trn port y trn port l l chng chng
tr tr nh n nh n o. o.
ATMMT ATMMT - - TNNQ TNNQ 61 61
5. B
5. B
i t
i t
p
p
3.
3.
S
S
d
d
ng c
ng c
c cng c
c cng c
Network sniffer.
Network sniffer.
1.
1.
Download TCPdump t
Download TCPdump t
www.tcpdump
www.tcpdump
v
v
Wireshark t
Wireshark t
www.wireshark.org
www.wireshark.org
v
v
ti
ti
n h
n h
nh c
nh c
i
i
t c
t c
c ph
c ph
n m
n m
m
m
n
n
y.
y.
2.
2.
S
S
d
d
ng Wireshark, sniff c
ng Wireshark, sniff c
c g
c g
i ARP t
i ARP t
vi
vi
c m
c m
m
m
t
t
tr
tr
nh duy
nh duy
t v
t v
thm m
thm m
t s
t s
trang web n
trang web n
o
o
. Tr
. Tr
nh b
nh b
y
y
c
c
ch th
ch th
c hi
c hi
n v
n v
nu nh
nu nh
n x
n x
t.
t.
3.
3.
T
T
t
t
m hi
m hi
u r
u r
i nu c
i nu c
ch s
ch s
d
d
ng cng c
ng cng c
TCPdump.
TCPdump.
4.
4.
T
T
g
g
i 1 email r
i 1 email r
i l
i l
c c
c c
c g
c g
i tcp t
i tcp t
c
c
ng 25. Nh
ng 25. Nh
n x
n x
t?
t?
5.
5.
Thm v
Thm v
i Websites v
i Websites v
l
l
c tcp
c tcp
c
c
ng 80. Gi
ng 80. Gi
i th
i th
ch k
ch k
t
t
qu
qu
thu
thu
c.
c.
6.
6.
T
T
m c
m c
ch
ch
b
b
t c
t c
c g
c g
i tcp
i tcp
c
c
ng 443. Nh
ng 443. Nh
n x
n x
t?
t?
ATMMT ATMMT - - TNNQ TNNQ 62 62
5. B
5. B
i t
i t
p
p
4.
4.
S
S
d
d
ng Scan port
ng Scan port
ki
ki
m tra c
m tra c
c port
c port
ang m
ang m
trn m
trn m
y t
y t
nh
nh
1. S dng mt phn mm scan port bt k
tm cc port ang m trn my tnh.
2.
2.
X
X
c
c
nh c
nh c
c chng tr
c chng tr
nh ang ch
nh ang ch
y
y
ng v
ng v
i
i
nh
nh
ng port ang m
ng port ang m
.
.
3.
3.
ng l
ng l
i m
i m
t s
t s
c
c
ng ang m
ng ang m
. Nh
. Nh
n x
n x
t.
t.
ATMMT ATMMT - - TNNQ TNNQ 63 63
5. B
5. B
i t
i t
p
p
5.
5.
C
C
i
i
t ph
t ph
n m
n m
m t
m t
ng l
ng l
a ISA 2006
a ISA 2006
trn m
trn m
th
th
c
c
hi
hi
n c
n c
c yu c
c yu c
u sau:
u sau:
1.
1.
So s
So s
nh System Policy v
nh System Policy v
Access Rule.
Access Rule.
2.
2.
Cho bi
Cho bi
t ch
t ch
c nng c
c nng c
c th
c th
nh ph
nh ph
n trn giao di
n trn giao di
n
n
ISA Management Console.
ISA Management Console.
3.
3.
Nu c
Nu c
ch c
ch c
u h
u h
nh ISA trn m
nh ISA trn m
y ch
y ch
ISA v
ISA v
trn
trn
m
m
y t
y t
nh kh
nh kh
c k
c k
t n
t n
i t
i t
xa.
xa.
4.
4.
Th
Th
c hi
c hi
n t
n t
o m
o m
t s
t s
Access Rule c b
Access Rule c b
n.
n.
ATMMT ATMMT - - TNNQ TNNQ 64 64
5. B
5. B
i t
i t
p
p
5.
5.
So s
So s
nh c
nh c
c lo
c lo
i ISA client:
i ISA client:
SecureNAT client SecureNAT client
Web Proxy client Web Proxy client
Firewall client Firewall client
6.
6.
So s
So s
nh cng d
nh cng d
ng v
ng v
c
c
ch ho
ch ho
t
t
ng c
ng c
a c
a c
c lo
c lo
i
i
Network Templates:
Network Templates:
Edge Firewall
3-Leg Perimeter
Front Firewall
Back Firewall
Single Network Adapter
7.
7.
Web caching l
Web caching l
g
g
v
v
ho
ho
t
t
ng nh th
ng nh th
n
n
o?
o?
ATMMT ATMMT - - TNNQ TNNQ 65 65
5. B
5. B
i t
i t
p
p
8.
8.
Th
Th
c hi
c hi
n vi
n vi
c gi
c gi
m s
m s
t v
t v
l
l
p b
p b
o c
o c
o
o
trong ISA server:
trong ISA server:
Cu hnh Intrusion Detection and IP Preferences.
Cu hnh gim st v cnh bo (Logging and
alerts).
Cu hnh v chy bo co (Report).
9.
9.
Gi
Gi
i h
i h
n d
n d
ch v
ch v
v
v
l
l
c n
c n
i dung:
i dung:
Gii hn mng ni b truy cp Internet.
Lc ni dung trang Web.
Cm Internal Network truy xut n trang Web.