Escolar Documentos
Profissional Documentos
Cultura Documentos
Ban u, IEEE 802.11 s dng gii php bo mt bng nhng kho tnh
(static keys) cho c qu trnh m ho v xc thc. Phng thc xc thc nh vy l
khng mnh, cui cng c th b tn cng. Bi v cc kho c qun l v
khng thay i, iu ny khng th p dng trong mt gii php doanh nghip ln
c.
Cisco gii thiu v cho php s dng IEEE 802.1x l giao thc xc thc v
s dng kho ng (dynamic keys), bao gm 802.1x Extensible Authentication
Protocol (EAP). Cisco cng gii thiu phng thc chng li vic tn cng
bng cch s dng qu trnh bm (hashing) (Per Packet Key PPK) v Message
Integrity Check (MIC). Phng thc ny c bit n nh Cisco Key Integrity
Protocol (CKIP) v Cisco Message Integrity Check (CMIC).
Ngi dung c xc thc thong qua giao thc 802.1x. Vi chun 802.1x
hay EAP cn thit trn WLAN client. Access Point cng c th nh mt my ch
p ng vic xc thc cho ngi dng, hoc c th lien kt ti my ch RADIUS
nh xc thc h, hoc c th lm vic vi Cisco Secure ACS. Lightweight Access
Pont s giao tip vi WLAN controller, v n lm vic nh mt my ch xc cung
cp xc thc cho cc users.
Client v my ch cung cp xc thc trin khai vi hai phin bn EAP khc nhau.
Thng tin EAP s c truyn t Access point ti my ch xc thc
4
Vi ngi dng s dng mng WLAN cho gia nh, mt phng thc bo
mt vi WPA passphare hay preshared key c khuyn co s dng.
Vi gii php doanh nghip, ti u qu trnh bo mt vi 802.1x EAP
lm phng thc xc thc v TKIP hay AES lm phng thc m ho. c da
theo chun WPA hay WPA2 v 802.11i security.
Nhng im yu ca WPA
im yu u tin ca WPA l n vn khng gii quyt c denial-ofservice (DoS) attack [5]. K ph hoi c th lm nhiu mng WPA WiFi bng cch
gi t nht 2 gi thng tin vi mt kha sai (wrong encryption key) mi giy. Trong
trng hp , AP s cho rng mt k ph hoi ang tn cng mng v AP s ct
tt c cc ni kt trong vng mt pht trch hao tn ti nguyn mng. Do , s
tip din ca thng tin khng c php s lm xo trn hot ng ca mng v
ngn cn s ni kt ca nhng ngi dng c cho php (authorized users).
Ngoi ra WPA vn s dng thut tan RC4 m c th d dng b b v bi
FMS attack ngh bi nhng nh nghin cu trng i hc Berkeley [6]. H
thng m ha RC4 cha ng nhng kha yu (weak keys). Nhng kha yu ny
cho php truy ra kha encryption. c th tm ra kha yu ca RC4, ch cn thu
thp mt s lng thng tin truyn trn knh truyn khng dy.
WPA-PSK l mt bin bn yu ca WPA m n gp vn v qun l
password hoc shared secret gia nhiu ngi dng. Khi mt ngi trong nhm
(trong cng ty) ri nhm, mt password/secret mi cn phi c thit lp.
III. Tng cng bo mt vi chun 802.11i (WPA2)
Chun 802.11i c ph chun vo ngy 24 thng 6 nm 2004 nhm tng
cng tnh mt cho mng WiFi. 802.11i mang y cc c im ca WPA. Tp
hp nhng giao thc ca 802.11i cn c bit n vi tn gi WPA 2. Tuy nhin,
802.11i s dng thut ton m ha AES (Advanced Encryption Standard) thay v
RC4 nh trong WPA. M kha ca AES c kch thc l 128, 192 hoc 256 bit.
Tuy nhin thut ton ny i hi mt kh nng tnh ton cao (high computation
power). Do , 802.11i khng th update n gin bng software m phi c mt
dedicated chip. Tuy nhin iu ny c c tnh trc bi nhiu nh sn xut
nn hu nh cc chip cho card mng Wifi t u nm 2004 u thch ng vi tnh
nng ca 802.11i.
Bi 2 Tn cng DDoS
Ni dung s trnh by ni dung chi tit v mng Bot, cc dng mng Bot v
cch to ra mng Botnet. Khi hiu v mng Botnet bn c th hnh dung ra phng
thc tn cng DDoS chi tit cc phng thc tn cng DDoS cc thc hin cc
phng thc tn cng ny. Nhng bi vit ny ch c tc dng gip cc bn hiu
bit su v tn cng DDoS m thi, cc tools gii thiu ch mang tnh gii thiu v
n l cc tools DDoS c.
Mng BOT NET
10
13
14
15
18
19
20
TFN2K - Stacheldraht -
Shaft
Tn cng t chi dch v phn tn DDOS s lun l mi e do hng u n cc h thng cng ngh thng tin trn th
gii. V mt k thut, hu nh chng ta ch c th hy vng tin tc s dng nhng cng c bit v c hiu bit km c
v cc giao thc c th nhn bit v loi tr cc traffic gy nn cuc tn cng. Mt iu m cc chuyn gia ai cng
tha nhn, l nu DDOS c thc hin bi mt tin tc c trnh th vic phng trnh l khng th. Cch y 4 nm
gii hacker chnh quy th gii khai t k thut tn cng ny v chm dt mi hot ng nghin cu trnh din hay ph
tn cng c, do chnh bn thn h cng nhn thy mc nguy him v khng cng bng ca kiu tn cng ny. Vi m
h tng mng cng vi thng mi in t va chm hnh thnh, DDOS s l mt mi nguy hi rt ln cho Internet Vi
Nam.
Tn cng t chi dch v (DoS) l cuc tn cng trn h thng mng nhm ngn cn nhng truy xut ti mt dch v nh
l WEB, Email, Tn cng DoS ph hu dch v mng bng cch lm trn ngp s lng kt ni, qu ti server hoc
chng trnh chy trn server, tiu tn ti nguyn ca server, hoc ngn chn ngi dng hp l truy nhp ti cc dch v
mng.
C rt nhiu cc phng cch thc hin cc cuc tn cng t chi dch v v th cng c rt nhiu cch phn loi cc
21
kiu tn cng t chi dch v DoS. Cch phn loi ph bin thng dng da vo giao thc trong hnh thc tn cng
DoS, v d nh trn ngp ICMP vi Smurf, Ping of Death, khai thc im yu ca TCP trong hot ng ca giao thc v
phn mnh gi tin vi SYN flood, LanD attacks, TearDrop, hay cc ng dng lp ng dng nh vi Flash Crowds (hay
tn gi khc l X-flash).
Phn loi theo phng thc tn cng, DoS c th c thc hin bng mt vi gi tin n l gi thng ti server gy r
lon hot ng (nh slammer worm), hoc kch hot gi t nhiu ngun (tn cng t chi dch v phn tn DdoS). Tn
cng c th thc hin trn mng Internet (s dng ngay cc web server), hoc broadcast trong mng t bn trong (inside
attacks nh vi Blaster worm), trn cc mng ngang hng P2P (P2P index poinsioning) hay Wireless (WLAN
authentication rejection attack-spoof sender). Tuy nhin, c th thy cc cch phn loi trn da ch yu vo cch nhn t
s pht sinh ngun tn cng v v th, khng h thng ho c phng thc phng trnh.
Mt cch chung nht, mt c quan hay t chc cn xem xt nhng c im sau y khi i ph vi cc mi e do v
DoS nh sau:
1.
Zombie (hay cn gi l daemons, slaves hoc agent) l cc i tng c li dng tr thnh thnh phn pht sinh
tn cng. Mt s trng hp in hnh nh l thng qua rootkit (mt dng phn mm c kch hot mi khi h thng
khi ng, trc c khi h iu hnh khi ng xong. Rootkit cho php ci mt file c thuc tnh n, mt tin trnh, hoc
mt ti khon ngi s dng ln h iu hnh. Rootkit c kh nng chn bt d liu t cc terminal, t cc kt ni mng
v t bn phm), hay cc thnh phn hot ng nh km trong email, hoc trang Web (v d nh s dng cc file jpeg
khai thc li ca phn mm x l nh, cc on m nh km theo file flash, hoc trojan ci t theo phising, hay thng
qua vic ly lan worm (Netsky, MyDoom, Sophos). phng chng, h thng mng cn c nhng cng c theo di v lc
b ni dung (content filtering) nhm ngn nga vic tuyn m zombie ca cc tin tc.
22
3.
C rt nhiu cc cng c tn cng t chi dch v DoS, ch yu l tn cng t chi dch v phn tn DdoS nh l
TFN, TFN2000 (Trible Flood Network), tn cng da vo nguyn l hot ng ca cc giao thc nh l Smurf, UDP, SYN
hay ICMP (Trinoo cho UDP flood, Stacheldraht cho TCP ACK, TCP NULL, HAVOC, DNS flood, hoc trn ngp TCP v
packets headers ngu nhin. Cc cng c ny c c im l cn phi c cc knh pht ng zombie thc hin tn
cng ti mt my ch c th. H thng cn phi c cc cng c gim st v ngn nga cc knh pht ng .
4.
Khi mt cuc tn cng DDoS c pht ng n thng c pht hin da trn s thay i ng k v bng thng
ca h thng mng. V d, mt h thng mng bnh thng c th c 80% lu lng l ca giao thc TCP, 20% lu lng
cn li l ca UDP. Thng k ny nu c thay i r rt c th l du hiu ca mt cuc tn cng DoS. V d nh, su
Slammer s lm tng lu lng UDP, trong khi su Welchi s to ra ICMP flood. Vic phn tn lu lng gy ra bi cc
su ny gy tc hi ln router, firewall, hoc h tng mng. H thng cn phi c cc cng c gim st v iu phi bng
thng nhm gim thiu tc hi ca tn cng dng ny.
5.
SYN flood l mt trong nhng cch tn cng DoS c nht cn tn ti cho n thi im hin ti, nhng tc hi ca n
gy ra th khng gim. im cn bn phng nga cch tn cng DoS ny l kh nng kim sot c s lng yu
cu SYN/ACK trong c ch kt ni 3-way handshaking ca giao thc TCP ti h thng mng.
6.
23
7.
Mt trong nhng im m cc server thng b li dng l kh nng cc b m gii hn dnh cho tc thit lp k
ni, dn n qu ti khi phi chu s thay i t ngt v s lng kt ni. y, vic p dng b lc gii hn s
lng kt ni c mt vai tr rt quan trng. Mt b lc s xc nh ngng tc kt ni cho tng thnh phn ca mng.
Trong mt h thng, i ph vi cc cuc tn cng t chi dch v, th thnh phn IPS c coi l quan trng nht
Cc cuc tn cng t chi dch v ch yu nhm vo kh nng x l ca h thng mng m u tin l cc thit b an ninh
mng. Nng lc x l ca IPS l mt trong nhng c im cn ch , c bit l s n nh trong vic x l ng thi cc
loi lu lng hn tp vi kch thc gi tin thay i.
24