Escolar Documentos
Profissional Documentos
Cultura Documentos
AN TON MNG
Ni dung
Nu vn Cc khi nim Cc hnh thc tn cng Bo mt mng
1. Nu vn
Ngy nay, vi s pht trin ca Internet, vn an ninh mng v bo mt d liu cn c quan tm ng mc. Ngoi vic trin khai mt h thng thng tin cho doanh nghip th cn xy dng c c ch bo v cht ch, an ton cho h thng . Cc nhim v chnh ca bo mt mng:
Bo m an ton cho pha server Bo m an ton cho pha client Bo mt thng tin trn ng truyn
3
30/11/2011
Nu vn (2)
Cc yu t cn bo v
D liu Ti nguyn: con ngi, h thng, ng truyn Danh ting
Nu vn (3)
S cn thit phi c an ton mng
Tc hi n doanh nghip
Tn km chi ph Tn km thi gian nh hng n ti nguyn h thng nh hng danh d, uy tn doanh nghip Mt c hi kinh doanh
Cn nhc
Kh nng truy cp v kh nng bo mt h thng t l nghch vi nhau
1. Cc khi nim
D liu l g? Hai trng thi ca d liu:
Truyn Lu tr
Bn yu cu v d liu:
Tnh b mt (Confidentiality): Thng tin phi m bo tnh b mt v c s dng ng i tng. Tnh ton vn (Integrity): Thng tin phi m bo y , nguyn vn v cu trc, khng mu thun Tnh khng khc t (Non- -repudiation): Thng tin c th kim chng c ngun gc hoc ngi a tin Tnh sn sng (Availability): Thng tin phi lun sn sng tip cn, phc v theo ng mc ch v ng cch.
6
30/11/2011
Cc khi nim
An ninh mng l mt thnh phn ch yu ca an ninh thng tin. Mt s lnh va an ninh khc: chnh sch bo mt, kim ton bo mt, nh gi bo mt, bo mt h iu hnh, bo mt c s d liu, bo mt m ngun, Mn hc ny tp trung vo an ninh mng.
30/11/2011
11
12
30/11/2011
13
15
30/11/2011
Cc mi e da (2)
Mc tiu e da tn cng (Target): ch yu l cc dch v cn m bo an ninh (dch v www, dns, )
Kh nng bo mt thng tin: s b e da nu thng tin khng c bo mt Tnh ton vn ca thng tin: e da thay i cu trc thng tin Tnh chnh xc ca thng tin: e da thay i ni dung thng tin Kh nng cung cp dch v ca h thng: lm cho h thng khng th cung cp c dch v (tnh sn sng) Kh nng thng k ti nguyn h thng
16
Cc mi e da (3)
i tng e da tn cng (Agent attrackers) l ch th gy hi n h thng
Kh nng e da tn cng ca i tng: kh nng truy cp khai thc cc l hng h thng to ra mi e da trc tip S hiu bit ca i tng v mc tiu e da tn cng: user ID, file mt khu, v tr file, a ch mng, ng c tn cng ca i tng: chinh phc, li ch c nhn, c tnh
17
Cc mi e da (4)
Hnh vi e da tn cng
Li dng quyn truy nhp thng tin h thng C tnh hoc v tnh thay i thng tin h thng Truy cp thng tin bt hp php C tnh hoc v tnh ph hy thng tin hoc h thng Nghe ln thng tin n cp phn mm hoc phn cng ..
18
30/11/2011
Cc mi e da (5)
Phn loi cc mi e da
C mc ch Khng c mc ch T bn ngoi T bn trong
19
20
Xc nh cc mi e da n h thng
Nguy c h thng
30/11/2011
Thi im tn cng khng bit trc Qui m tn cng khng bit trc
23
24
30/11/2011
25
26
27
30/11/2011
28
30
10
30/11/2011
31
32
33
11
30/11/2011
35
12
30/11/2011
39
13
30/11/2011
Man-in-the-midle attacks
41
14
30/11/2011
43
A normal connection between a user and a server. The three-way handshake is correctly performed.
44
45
15
30/11/2011
TCP hijacking
46
Hnh trn: m t mt frame Ethernet tiu biu. Mt frame gi mo c a ch MAC ngun sai c th nh la cc thit b trn mng.
48
16
30/11/2011
49
50
51
17
30/11/2011
52
53
18
30/11/2011
Smurt attack
57
19
30/11/2011
58
DDoS (2)
59
DDoS (3)
60
20
30/11/2011
61
4. Bo v an ton mng
Cc mc bo v an ton mng M hnh bo mt c bn
62
Cc mc bo v mng
C nhiu lp bo v
63
21
30/11/2011
Cc mc bo v mng (2)
Access rights (quyn truy cp) Login/password (bo v mc ti khon truy cp) Data encryption (m ha d liu) Physical protection (bo v vt l) Firewall (tng la)
64
M hnh bo mt c bn
Gm 4 thnh phn
Cryptosystem Anti-Malicious System software AMS software Intrusion Detection System IDS Firewalls
65
M hnh bo mt c bn (2)
H thng m ho (Cryptosystem):
S dng mt m v cc giao thc bo mt bo v d liu. Cc giao thc bo mt bao gm cc giao thc m ho, cc giao thc chng thc, cc giao thc qun l kho.
22
30/11/2011
M hnh bo mt c bn (2)
H thng tm kim xm nhp (Intrusion Detection System IDS):
Gim st vic ng nhp vo h thng v hnh vi ca ngi dng, phn tch file log nhn din v a ra cnh bo khi khi pht hin c s xm nhp.
Tng la (Firewalls):
Phn cng hoc nhng gi phn mm c bit ci trn my tnh hoc thit b mng Kim tra cc gi tin i vo v i ra trn mng.
67
68
Tng kt
Tng kt Q & A Bi tp
69
23