30/11/2011

NTU IT Faculty Networks & Communication Technology Dept.

AN TON MNG

Trn Mnh Khang

khangtm@ntu.edu.vn

CHNG I. TNG QUAN V BO MT V AN TON MNG

Ni dung
Nu vn Cc khi nim Cc hnh thc tn cng Bo mt mng

1. Nu vn
Ngy nay, vi s pht trin ca Internet, vn an ninh mng v bo mt d liu cn c quan tm ng mc. Ngoi vic trin khai mt h thng thng tin cho doanh nghip th cn xy dng c c ch bo v cht ch, an ton cho h thng . Cc nhim v chnh ca bo mt mng:
Bo m an ton cho pha server Bo m an ton cho pha client Bo mt thng tin trn ng truyn
3

30/11/2011

Nu vn (2)
Cc yu t cn bo v
D liu Ti nguyn: con ngi, h thng, ng truyn Danh ting

Nu vn (3)
S cn thit phi c an ton mng
Tc hi n doanh nghip
Tn km chi ph Tn km thi gian nh hng n ti nguyn h thng nh hng danh d, uy tn doanh nghip Mt c hi kinh doanh

Cn nhc
Kh nng truy cp v kh nng bo mt h thng t l nghch vi nhau

1. Cc khi nim
D liu l g? Hai trng thi ca d liu:
Truyn Lu tr

Bn yu cu v d liu:
Tnh b mt (Confidentiality): Thng tin phi m bo tnh b mt v c s dng ng i tng. Tnh ton vn (Integrity): Thng tin phi m bo y , nguyn vn v cu trc, khng mu thun Tnh khng khc t (Non- -repudiation): Thng tin c th kim chng c ngun gc hoc ngi a tin Tnh sn sng (Availability): Thng tin phi lun sn sng tip cn, phc v theo ng mc ch v ng cch.
6

30/11/2011

Cc khi nim
An ninh mng l mt thnh phn ch yu ca an ninh thng tin. Mt s lnh va an ninh khc: chnh sch bo mt, kim ton bo mt, nh gi bo mt, bo mt h iu hnh, bo mt c s d liu, bo mt m ngun, Mn hc ny tp trung vo an ninh mng.

Cc khi nim (2)

i tng tn cng mng (Intruder, attracker)
L nhng c nhn, t chc s dng cc kin thc v mng v cc cng c ph hoi (phn mm hoc phn cng) d tm cc im yu, cc l hng bo mt trn h thng nhm xm nhp v chim ot ti nguyn mng tri php. Mt s i tng tn cng mng:
Black-hat hackers Script kiddies Cyber spies Vicious employees Cyber terrorists
8

Cc i tng tn cng mng

Black-hat hackers
Hackers l nhng ngi
C tri thc c bit v h thng my tnh; quan tm n nhng chi tit tinh t ca phn mm, gii thut, mng my tnh v cu hnh h thng. u t, nng ng, c o to tt.

C nhiu loi hacker: m en, m trng v m xm.

30/11/2011

Cc i tng tn cng mng (2)

Script kiddies
L nhng ngi s dng cc script hoc cc chng trnh c pht trin bi cc hacker m en (nhng cng c hack) tn cng cc my tnh v gy thit hi cho ngi khc Ch bit s dng cng c hack tn cng cc mc tiu. Khng c kin thc chuyn su hiu v vit ra cc cng c tng t. a s ch l nhng thanh thiu nin, khng nhn thc v chn chn hiu ht nhng hu qu do mnh gy ra.
10

Cc i tng tn cng mng (3)

Cyber spies
C th hot ng trn lnh vc qun s, kinh t nh chn truyn thng trn mng v ph m cc thng ip c m ho. Nhiu t chc tnh bo ln trn th gii thu cc nh ton hc, cc nh khoa hc my tnh, cc gio s i hc lm vic cho h pht trin cc cng c nhm chng li loi ti phm ny.

11

Cc i tng tn cng mng (4)

Vicious employees
L nhng ngi c tnh vi phm an ninh lm hi nhng ngi s dng h. Tn cng my tnh cng ty kim s quan tm t nhng ngi lnh o. Hot ng nh gin ip mng thu thp v bn b mt ca cng ty.

12

30/11/2011

Cc i tng tn cng mng (5)

Cyber terrorists
L nhng k khng b cc oan s dng my tnh v cng ngh mng lm cng c. Ph hoi ti sn cng cng v cuc sng ca nhng ngi v ti nn cc k nguy him. Vn cha c nhng bo co y v loi ti phm ny.

13

Cc khi nim (3)

Cc l hng bo mt (Vulnerable)
Cc im yu trn h thng hoc trong cc dch v, Da vo k tn cng c th xm nhp tri php v thc hin cc hnh ng ph hoi hoc chim ot ti nguyn bt hp php Nguyn nhn:
Li bn thn h thng Li do phn mm Li do qun tr yu km

Mc nh hng ca cc l hng rt khc nhau:

Ch tc ng ti cht lng cung cp dch v Tc ng ti ton b h thng.
14

Cc khi nim (4)

Cc mi e da (threat) n an ton h thng l cc hnh ng hoc cc s kin/hnh vi c kh nng xm hi n an ton ca mt h thng thng tin
Mc tiu e da tn cng. i tng e da tn cng (ch th tn cng) Hnh vi e da tn cng

15

30/11/2011

Cc mi e da (2)
Mc tiu e da tn cng (Target): ch yu l cc dch v cn m bo an ninh (dch v www, dns, )
Kh nng bo mt thng tin: s b e da nu thng tin khng c bo mt Tnh ton vn ca thng tin: e da thay i cu trc thng tin Tnh chnh xc ca thng tin: e da thay i ni dung thng tin Kh nng cung cp dch v ca h thng: lm cho h thng khng th cung cp c dch v (tnh sn sng) Kh nng thng k ti nguyn h thng
16

Cc mi e da (3)
i tng e da tn cng (Agent attrackers) l ch th gy hi n h thng
Kh nng e da tn cng ca i tng: kh nng truy cp khai thc cc l hng h thng to ra mi e da trc tip S hiu bit ca i tng v mc tiu e da tn cng: user ID, file mt khu, v tr file, a ch mng, ng c tn cng ca i tng: chinh phc, li ch c nhn, c tnh

17

Cc mi e da (4)
Hnh vi e da tn cng
Li dng quyn truy nhp thng tin h thng C tnh hoc v tnh thay i thng tin h thng Truy cp thng tin bt hp php C tnh hoc v tnh ph hy thng tin hoc h thng Nghe ln thng tin n cp phn mm hoc phn cng ..

18

30/11/2011

Cc mi e da (5)
Phn loi cc mi e da
C mc ch Khng c mc ch T bn ngoi T bn trong

19

Cc khi nim (5)

Nguy c h thng (Risk)
c hnh thnh bi s kt hp gia l hng h thng v cc mi e da n h thng

Nguy c = Mi e da + L hng h thng

20

Cc khi nim (6)

nh gi nguy c h thng Xc nh l hng h thng
`

Xc nh cc mi e da n h thng

Nguy c h thng

Cc bin php an ton h thng hin c

21

30/11/2011

nh gi nguy c h thng (2)

Xc nh cc l hng h thng: vic xc nh cc l hng h thng c bt u t cc im truy cp vo h thng nh:
- Kt ni mng Internet - Cc im kt ni t xa - Kt ni n cc t chc khc - Cc mi trng truy cp vt l n h thng - Cc im truy cp ngi dng - Cc im truy cp khng dy

mi im truy cp, ta phi xc nh c cc thng tin c th truy cp v mc truy cp vo h thng

22

nh gi nguy c h thng (3) Xc nh cc mi e da

y l mt cng vic kh khn v cc mi e da thng khng xut hin r rng (n)
Cc hnh thc v k thut tn cng a dng:
DoS/DDoS, BackDoor, Trn b m, Virus, Trojan Horse, Worm Social Engineering

Thi im tn cng khng bit trc Qui m tn cng khng bit trc

23

nh gi nguy c h thng (3)

Kim tra cc bin php an ninh mng
Cc bin php an ninh gm cc loi sau:
- Bc tng la - Firewall - Phn mm dit virus - iu khin truy nhp -H thng chng thc (mt khu, sinh trc hc, th nhn dng,)
- M ha d liu - H thng d xm nhp IDS -Cc k thut khc: AD, VPN, NAT

- thc ngi s dng - H thng chnh sch bo mt v t ng v li h thng

24

30/11/2011

nh gi nguy c h thng (4)

Xc nh mc nguy c
Sau khi xc nh c cc l hng h thng, cc mi e da v cc bin php an ninh hin c, ta c th xc nh c mc nguy c h thng nh sau:
Ti mt im truy cp cho trc vi cc bin php an ninh hin c, xc nh cc tc ng ca cc mi e da n h thng: kh nng bo mt, tnh bo ton d liu, kh nng p ng dch v, kh nng phc hi d liu thng qua im truy cp .

25

nh gi nguy c h thng (4) Xc nh mc nguy c (tt)

Cn c vo 5 tiu ch nh gi (Chi ph, Thi gian, Danh d, Ti nguyn h thng, C hi kinh doanh) ta c th phn nguy c an ton mng mt trong cc mc: cao, trung bnh, thp. Nu h thng kt ni vt l khng an ton th h thng cng mc nguy c cao

26

3. Mt s hnh thc tn cng

Da vo cc l hng bo mt. Da vo cc cng c ph hoi.

27

30/11/2011

Mt s hnh thc tn cng

Mc 1: Tn cng vo cc dch v mng: Web, email Mc 2: Dng ti khon ngi dng thng thng chim ot ti nguyn h thng. Mc 3 Mc 5: Dng nhng ti khon ngi dng cp cao can thip vo h thng. Mc 6: Chim ot quyn root ca h thng

28

Cc k thut tn cng ph bin

(1) Eavesdropping Nghe trm
L mt phng php c, hiu qu Cch thc: S dng mt thit b mng (router, card mng) v mt chng trnh ng dng (Tcpdump, Ethereal, Wireshark) gim st lu lng mng, bt cc gi tin i qua thit b ny. Thc hin d dng vi mng khng dy. Khng c cch no ngn chn vic nghe trm trong mt mng cng cng. Cch phng chng: m ho d liu trc khi truyn trn mng.
Mt s khi nim lin quan: Plaintext, Cyphertext, Key
29

Cc k thut tn cng ph bin (2)

(2)Cryptanalysis:
Ngh thut tm kim thng tin hu ch t d liu m ho m khng cn bit kho gii m. V d: phn tch cu trc thng k ca cc k t trong phng php m ho bng tn sut. Cch thc: S dng cc cng c ton hc v my tnh c hiu sut cao Cch phng chng:
S dng nhng gii thut m ho khng th hin cu trc thng k trong chui mt m. Kho c di ln chng Brute-force attacks.

30

10

30/11/2011

Cc k thut tn cng ph bin (3)

(3) Password Pilfering
C ch chng thc c s dng rng ri nht l dng username v password => Tn cng nh cp username v password. Cch thc:
Guessing Social engineering Dictionary Password sniffing

31

Password Pilfering (2)

Guessing
Hiu qu i vi cc mt khu ngn hoc ngi dng qun i mt khu ngm nh. 10 mt khu ph bin nht trn internet (theo PC Magazine):
1. Password 3. qwerty 5. letmein 7. myspace1 9. blink182 2. 123456 4. abc123 6. monkey 8. password1 10. the user's own first name

32

Password Pilfering (3)

Social engineering: l phng php s dng cc k nng x hi n cp thng tin mt ca ngi khc.
Mo danh (Impersonate) La o (Physing) qua email, websites Thu thp thng tin t giy t b loi b To trang web ng nhp gi

33

11

30/11/2011

Password Pilfering (4)

Dictionary Attacks:
Ch nhng mt khu c m ho mi c lu trn h thng my tnh. H iu hnh UNIX v LINUX: mt khu c m ho vi dng m ASCII ca cc user c lu trong /etc/passwd (cc versions c) v /etc/shadows (cc versions mi hn). H iu hnh Windows NT/XP: tn user v mt khu ca user c m ho c lu trong registry ca h thng vi tn file l SAM. Dictionary attacks: duyt tm t mt t in (thu c t cc file SAM) cc username v password c m ho. 34

35

Password Pilfering (5)

Mt s phng php xc thc:
S dng mt khu b mt (secret passwords): ph bin nht. S dng tn ngi dng v mt khu ca ngi dng. S dng sinh trc hc (biometrics): s dng cc tnh nng c o ca sinh hc nh vn tay, vng mcnh vic kt ni cc thit b sinh trc hc (kh t tin, ch dng ti nhng ni yu cu bo mt mc cao) vo my tnh nh my c du vn tay, my qut vng mc S dng chng thc (authenticating items): dng mt s giao thc xc thc nh Kerberos
36

12

30/11/2011

Password Pilfering (6)

Mt s quy tc bo v mt khu:
S dng mt khu di kt hp gia ch thng, ch hoa, s v cc k t c bit nh $ # & %. Khng dng cc t c trong t in, cc tn v mt khu thng dng. -> gy kh khn cho vic on mt khu (guessing attacks) v tn cng s dng t in (dictionary attacks). Khng tit l mt khu vi nhng ngi khng c thm quyn hoc qua in thoi, th in t-> chng li social engineering. Thay i mt khu nh k v khng s dng tr li nhng mt khu c chng li nhng cuc tn cng t in hoc mt khu c c nhn din. 37

Password Pilfering (7)

Mt s quy tc bo v mt khu:
Khng s dng cng mt mt khu cho cc ti khon khc nhau nhm m bo cc ti khon khc vn an ton khi mt khu ca mt ti khon b l. Khng s dng nhng phn mm ng nhp t xa m khng c c ch m ho mt khu v mt s thng tin quan trng khc. Hu hon ton cc ti liu c lu cc thng tin quan trng. Trnh nhp cc thng tin trong cc ca s popup. Khng click vo cc lin kt trong cc email kh nghi.
38

Cc k thut tn cng ph bin (4)

(4) Identity Spoofing:
K tn cng mo nhn nn nhn m khng cn s dng mt khu ca nn nhn. Cc phng php ph bin bao gm:
Man-in-the-midle attacks Message replays attacks Network spoofing attacks Software exploitation attacks

39

13

30/11/2011

Identity Spoofing (2)

Man-in-the-midle attacks
K tn cng c gng dn xp vi thit b mng (hoc ci t mt thit b ca ring mnh) gia hai hoc nhiu ngi s dng, sau chn v sa i hay lm gi d liu truyn gia nhng ngi s dng ri truyn chng nh cha tng b tc ng bi k tn cng. Cc ngi dng vn tin rng h ang trc tip ni chuyn vi nhau, khng nhn ra rng s bo mt v tnh ton vn d liu ca cc gi tin IP m h nhn c khng cn. M ho v chng thc cc gi IP l bin php chnh ngn chn cc cuc tn cng Man-in-the-midle. Nhng k tn cng khng th c hoc sa i mt gi tin IP c m ho m khng phi gii m n.
40

Man-in-the-midle attacks

41

Identity Spoofing (3)

Message replays:
Trong mt s giao thc xc thc, sau khi ngi dng A chng thc mnh vi h thng l mt ngi dng hp php, A s c cp mt chng thc (giy php) thng qua. Vi giy php ny, A s nhn c nhng dch v cung cp bi h thng. Giy php ny c m ha v khng th sa i. Tuy nhin, nhng k tn cng c th ngn chn n, gi mt bn sao, v s dng n sau ny mo nhn (ng vai) ngi dng A c c cc dch v t h thng.
42

14

30/11/2011

Identity Spoofing (4)

Network Spoofing: IP Spoofing l mt trong nhng k thut la gt chnh trn mng. Bao gm:
SYN flooding: Trong mt cuc tn cng SYN flooding, k tn cng lp y b m TCP ca my tnh mc tiu vi mt khi lng ln cc gi SYN, lm cho my tnh mc tiu khng th thit lp cc thng tin lin lc vi cc my tnh khc. Khi iu ny xy ra, cc my tnh mc tiu c gi l mt my tnh cm.

43

A normal connection between a user and a server. The three-way handshake is correctly performed.
44

Network Spoofing (2)

TCP hijacking:
L mt k thut s dng cc gi tin gi mo chim ot mt kt ni gia my tnh nn nhn v my ch. My nn nhn b treo v hacker c th truyn thng vi my ch nh hacker chnh l nn nhn. ngn chn TCP hijacking, c th s dng phn mm nh TCP Wrappers kim tra a ch IP ti tng TCP (tng Transport).

45

15

30/11/2011

TCP hijacking

46

Network Spoofing (3)

ARP spoofing (ARP poisoning):
ARP l mt giao thc phn gii a ch ti tng lin kt, dng chuyn i a ch IP ch trong header IP n a ch MAC ca my tnh ti mng ch. Tn cng gi mo ARP: k tn cng thay i a ch MAC ch hp php ca mt a ch IP n mt a ch MAC khc c la chn bi nhng k tn cng. Cch phng chng: tng cng kim tra cc tn min, v chc chn rng a ch IP ngun v a ch IP ch trong mt gi tin IP khng c thay i trong khi truyn.
47

ARP spoofing (ARP poisoning)

Hnh trn: m t mt frame Ethernet tiu biu. Mt frame gi mo c a ch MAC ngun sai c th nh la cc thit b trn mng.

48

16

30/11/2011

ARP spoofing (ARP poisoning) (2)

49

Cc k thut tn cng ph bin (5)

(5) Buffer-Overflow Exploitations
L mt l hng phn mm ph bin Li ny xy ra khi qu trnh ghi d liu vo b m nhiu hn kch thc kh dng ca n. Cc hm strcat(), strcpy(), sprintf(), vsprintf(), bcopy(), get(), scanf()trong ngn ng C c th b khai thc v khng kim tra xem liu b m c ln d liu c sao chp vo m khng gy ra trn b m hay khng.

50

51

17

30/11/2011

Cc k thut tn cng ph bin (6)

(6) Repudiation
Ch s hu ca d liu khng tha nhn quyn s hu ca d liu trnh hu qu php l. Cch phng chng: S dng cc thut ton m ha v xc thc c th gip ngn nga cc cuc tn cng bc b.

52

Cc k thut tn cng ph bin (7)

(7) Intrusion
L k xm nhp bt hp php vo mt mng vi mc ch truy cp vo h thng my tnh ca ngi khc, nh cp thng tin v ti nguyn my tnh hoc bng thng ca nn nhn. Cu hnh s h, giao thc sai st, tc dng ph ca phn mm u c th b khai thc bi k xm nhp. M cc cng UDP hoc TCP khng cn thit l mt s h ph bin. ng cc cng ny li c th gim thiu vic xm nhp. IP scan v Port scan l nhng cng c hack ph bin thuc dng ny v cng l nhng cng c gip ngi dng kim tra c cc l hng trong h thng.

53

Cc k thut tn cng ph bin (8)

(8) Denial of Service Attacks
Mc tiu ca cuc tn cng t chi dch v l ngn chn ngi dng hp php s dng nhng dch v m h thng nhn c t cc my ch. Cc cuc tn cng nh vy thng buc my tnh mc tiu phi x l mt s lng ln nhng th v dng, hy vng my tnh ny s tiu th tt c cc ngun ti nguyn quan trng. Mt cuc tn cng t chi dch v c th c pht sinh t mt my tnh duy nht (DoS), hoc t mt nhm cc my tnh phn b trn mng Internet (DDoS).
54

18

30/11/2011

Denial of Service Attacks (2)

Cc hnh thc c bn ca DOS:
Smurf Buffer Overflow Attack Ping of death Teardrop SYN Attack

Cng c thc hin tn cng DoS:

Jolt2, Bubonic.c, Land and LaTierra, Targa, Blast20, Nemesy, Panther2, Crazy Pinger, Some Trouble, UDP Flood, FSMax
55

Denial of Service Attacks (3)

Smurf:
L mt loi tn cng DoS in hnh My ca attacker gi rt nhiu lnh ping n mt s lng ln my tnh khc trong mt thi gian ngn, trong a ch IP ngun ca gi ICMP echo s c thay th bi a ch IP ca nn nhn => Cc my tnh ny s tr li cc gi ICMP reply n my nn nhn. Buc phi x l mt s lng qu ln cc gi ICMP reply trong mt thi gian ngn khin ti nguyn ca my b cn kit v my s b sp
56

Smurt attack

57

19

30/11/2011

Denial of Service Attacks (3)

DDoS (Distributed DoS)
Attackers thng s dng Trojan kim sot cng lc nhiu my tnh ni mng. Attacker ci t mt phn mm c bit (phn mm zombie) ln cc my tnh ny (my tnh zombie) to ra mt i qun zombie (botnet) nhm tn cng DoS sau ny trn my nn nhn. Pht hnh mt lnh tn cng vo cc my tnh zombie khi ng mt cuc tn cng DoS trn cng mt mc tiu (my nn nhn) cng mt lc.

58

DDoS (2)

59

DDoS (3)

Mt cuc tn cng DDoS s dng SYN flooding

60

20

30/11/2011

Cc k thut tn cng ph bin (9)

(9) Malicious Software
Tn cng bng cc phn mm c hi bao gm:
Virus, Worms, Trojan horses, Logic bombs, Backdoors, Spyware.

61

4. Bo v an ton mng
Cc mc bo v an ton mng M hnh bo mt c bn

62

Cc mc bo v mng
C nhiu lp bo v

63

21

30/11/2011

Cc mc bo v mng (2)
Access rights (quyn truy cp) Login/password (bo v mc ti khon truy cp) Data encryption (m ha d liu) Physical protection (bo v vt l) Firewall (tng la)

64

M hnh bo mt c bn
Gm 4 thnh phn
Cryptosystem Anti-Malicious System software AMS software Intrusion Detection System IDS Firewalls

65

M hnh bo mt c bn (2)
H thng m ho (Cryptosystem):
S dng mt m v cc giao thc bo mt bo v d liu. Cc giao thc bo mt bao gm cc giao thc m ho, cc giao thc chng thc, cc giao thc qun l kho.

H thng phn mm chng c hi (AntiMalicious System software AMS software):

Qut cc th mc h thng, tp tin, registry, sau nhn din, cch ly hoc xo cc m c hi.
66

22

30/11/2011

M hnh bo mt c bn (2)
H thng tm kim xm nhp (Intrusion Detection System IDS):
Gim st vic ng nhp vo h thng v hnh vi ca ngi dng, phn tch file log nhn din v a ra cnh bo khi khi pht hin c s xm nhp.

Tng la (Firewalls):
Phn cng hoc nhng gi phn mm c bit ci trn my tnh hoc thit b mng Kim tra cc gi tin i vo v i ra trn mng.

67

M hnh mng ca h thng m ho

68

Tng kt
Tng kt Q & A Bi tp

69

23