Bao Mat May Tinh Va Mang 5111

  • Published on
    30-Dec-2014

  • View
    30

  • Download
    0

Embed Size (px)

Transcript

<p>Bo mt my tnh v mng</p> <p>Bi: Khoa CNTT HSP KT Hng Yn</p> <p>Phin bn trc tuyn: &lt; http://voer.edu.vn/content/col10207/1.1/ &gt;</p> <p>Hoc lieu Mo Vietnam - Vietnam Open Educational Resources</p> <p>Ti liu ny v s bin tp ni dung c bn quyn thuc v Khoa CNTT HSP KT Hng Yn. Ti liu ny tun th giy php Creative Commons Attribution 3.0 (http://creativecommons.org/licenses/by/3.0/). Ti liu c hiu nh bi: August 5, 2010 Ngy to PDF: August 5, 2010 bit thng tin v ng gp cho cc module c trong ti liu ny, xem tr. 75.</p> <p>Ni dung1 Gii thiu 1.1 Gii thiu mc tiu, ni dung, phng php hc bo mt my tnh . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.2 Mt s khi nim c bn trong bo mt thng tin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 Cc ch lm tiu lun . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 2 Nhn dng, xc thc v kim sot truy xut 2.1 Nhn dng v xc thc in t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2 Kim sot truy sut . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 3 Cc m hnh bo mt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4 K thut mt m 4.1 4.2 4.3 4.4 nh ngha h thng mt m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Mt s h mt m n gin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Mt s phng php thm m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 L thuyt Shannon v mt m . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 30</p> <p>5 Gii thiu l thuyt S-M . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 6 H mt m v s ch k RSA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 7 Phn phi kha v tha thun kha . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . . . . . . 39 8 Bo mt dch v thng mi in t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 9 Virus my tnh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 10 Mt s m hnh bo mt x l virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 11 Mt s loi virus my tnh in hnh 11.1 B-virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 11.2 Virus ly nhim trn file thi hnh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 11.3 Virus macro . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 62 11.4 Virus ly nhim qua th in t . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . . . . 63 11.5 Chin lc phng chng virus . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 12 Ti liu tham kho-Bo mt my tnh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71 Attributions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75</p> <p>iv</p> <p>Chng 1</p> <p>Gii thiu1.1 Gii thiu mc tiu, ni dung, phng php hc bo mt my tnh11.1.1 Mc tiuModule Bo mt my tnh v Mng c a vo ging dy nhm gip ngi hc c kh nng: M t cc nguyn l bo mt v cc m hnh bo mt; Phn tch ri ro cho mt h thng thng tin; Trin khai cc k thut bo mt bo v h thng thng tin; T vn v cc vn bo mt cho doanh nghip.</p> <p>Theo quan im nng lc, module ny gip ngi hc pht trin cc nng lc: Phn tch (4); T vn (4); Thc hin (3) v Bo tr (3).</p> <p>1.1.2 Ni dungModule gii thiu cc vn bo mt my tnh v mng my tnh. Cc ch (khng hn ch) bao gm: Cc k thut m bo an ton cho cc h thng my tnh a ngi dng v cc h thng my tnh phn tn; S nhn dng v xc thc in t; Cc m hnh bo mt; H mt m: kha b mt, kha cng khai, ch k in t; Bo mt h iu hnh; Bo mt phn mm; Bo mt th in t v WWW; Thng mi in t: giao thc thanh ton, tin in t; Pht hin xm nhp: virus my tnh; Tng la; nh gi ri ro.1 This</p> <p>content is available online at .</p> <p>1</p> <p>2</p> <p>CHNG 1. GII THIU</p> <p>1.1.3 Phng php hc tp ng k hc module ny, trc ngi hc phi tch ly tn ch ca cc module Mng my tnh, Kin trc my tnh, C s k thut lp trnh, Ton chuyn ngnh, v K ngh phn mm. Thi lng ca module tng ng 3 tn ch, c kt cu dng l thuyt kt hp lm bi tp ln, do vy ngi hc phi ng k ch nghin cu theo nhm (t 2 n 3 ngi) ngay t bui hc u tin. Trong qu trnh hc tp, sinh vin tham gia hc tp trn lp v lm vic nhm theo cc ch ng k. Sau khi kt thc 11 bui hc l thuyt, cc nhm sinh vin bo co kt qu nghin cu trc lp trong 4 bui cn li.</p> <p>1.2 Mt s khi nim c bn trong bo mt thng tin2Bo mt (security) l vic bo v nhng th c gi tr [1]. Bo mt thng tin (information security) l mt ch rng bao gm tt c cc vn bo mt c lin quan n lu tr v x l thng tin. Lnh vc nghin cu chnh ca bo mt thng tin gm cc vn php l nh h thng chnh sch, cc quy nh, yu t con ngi; cc vn thuc t chc nh kim ton x l d liu in t, qun l, nhn thc; v cc vn k thut nh k thut mt m, bo mt mng, cng ngh th thng minh. . . Bo mt my tnh (computer security) l lnh vc lin quan n vic x l ngn nga v pht hin nhng hnh ng bt hp php/tri php (i vi thng tin v ti nguyn h thng) ca ngi dng trong mt h thng my tnh. C nhiu nh ngha khc nhau v bo mt my tnh nhng hu ht u cp n ba kha cnh sau y: S b mt (confidentiality): ngn nga vic lm l tri php thng tin S ton vn (Integrity): ngn nga vic sa i tri php i vi thng tin S sn sng (Availability): ngn nga vic chim dng tri php thng tin hoc ti nguyn. Trn thc t, k thut mt m c trin khai rng ri m bo tnh b mt v ton vn ca thng tin c lu tr hay truyn nhn nhng k thut ny khng bo m cho tnh sn sng ca h thng. Mng my tnh c trin khai nhm gip my tnh m rng giao tip vi mi trng bn ngoi ng ngha vic tng nguy c ri ro. Chng ta v th mun kim sot cch ngi dng h thng truy cp vo mng, cch ngi dng trn mng truy cp vo h thng ca chng ta v cch thng tin c bo v trn ng truyn. Do vy, bo mt mng (network security) khng ch n gin l mt m m cn i hi nhiu yu cu mi v kim sot truy xut</p> <p>1.3 Cc ch lm tiu lun3Sinh vin c th chn cc ch theo gi (trong danh mc) hoc ch ng la chn cc ch nghin cu khc nhng phi c s ng ca gio vin hng dn. Danh mc cc ch bao gm: Mng ring o (Virtual Private Network) Tng la (Hard and Soft-Firewall) Tm hiu k thut lm gi Email (Forged Email) Nghin cu phng php chng th rc (Spam Email) Tm hiu IPSec trong b giao thc Ipv6 Tm hiu mt s cng c (phn mm) dng tn cng h thng t xa Tm hiu mt s cng c (phn mm) bo v h thng Tm hiu mt s k thut tn cng trn mng (V tn cng doanh nghip TMT Viet Co Ltd, v tn cng din n Hacker Vit Nam - HVA) Tm hiu k thut bo mt trong Windows2 This 3 This</p> <p>content is available online at . content is available online at .</p> <p>3 Tm hiu k thut bo mt trong Linux Tm hiu k thut kim sot truy xut trong bo v mng ni b Tm hiu vn bo mt trong mng khng dy v in thoi di ng Tm hiu h mt m DES Tm hiu h mt m IDEA Tm hiu h mt m AES Tm hiu h mt m RC5 Tm hiu gii thut chia MD5, SHA Xy dng chng trnh DEMO mt s h mt m c in Xy dng chng trnh DEMO mt s h mt m s dng kha cng khai Bo mt cc chng trnh CHAT ng dng ch k in t cho cc chng trnh Email Truy tm du vt trn mng Tm l hng ca cc Website Cng c tn cng t xa Cng c bo v h thng Tm hiu Spam Tm hiu Phishing Tm hiu mng botnet Tm hiu Keyloger Tm hiu Malware Tm hiu Spyware Tm hiu Trojan horse Tm hiu Internet worm Tm hiu virus Macro Tm hiu Mobile code Tm hiu mt s k thut s dng trong cc chng trnh dit virus Xy dng ngn hng cu hi v Virus Phn tch virus Bo v an ton mng LAN Nghin cu gii php phng, chng tn cng DDOS Tnh ton tin cy Thy vn s v du vn tay Bo mt vt l Tn cng truyn hnh k thut s qua v tinh Xc thc ngi dng trong h thng file m ha Giu tin trong th rc Bo v phn mm da trn vic thc thi Giu tin trong trng TCP timestamps Xc thc bo mt da trn danh ting Xc thc Cookie Phn tch c ch bo mt ca mng khng dy 802.11 Cc vn bo mt ca Unicode Ch k in t cho th tay Thanh ton qua in thoi GSM Bo v bn quyn truyn thng s Bo mt cc h thng lu tr trn mng Kim tra li bo mt phn mm Thit k mt h thng xc thc th nghim Cc h thng pht hin xm nhp Bo mt in thoi di ng</p> <p>4 </p> <p>CHNG 1. GII THIU H thng kim tra my tnh K thut bo v bn quyn trong DVD + DIVx Cc vn bo mt trong h thng CGI Kim sot truy xut trn mng Tin in t - kh nng dung li trong h thng ngn hng M hnh chnh sch bo mt Tng quan v cng ngh sinh trc hc v ng dng thc tin Tm hiu giao thc bo mt Secure Sockets Layer 3.0 Lc m ha All-or-Nothing bo mt knh phn phi thng tin a ngi dng Tc ng ca l thuyt lng t ti mt m Bo mt cng ngh v in t Bo mt tr chi in t Poker Tm hiu so snh PGP v S/MIME Tm hiu SSH ATM: Mt ci my tin cy? Khung chnh sch bo mt cho Mobile Code S thanh ton in t Tnh ton trn d liu m ha Bo mt h thng bu c t do Tnh kh thi ca tnh ton lng t B phiu in t.</p> <p>Chng 2</p> <p>Nhn dng, xc thc v kim sot truy xut2.1 Nhn dng v xc thc in t1Mt h thng bo mt phi c kh nng lu vt nhn dng hay danh tnh (identifier) ca ngi dng s dng dch v. Xc thc (authenticate) l qu trnh kim chng nhn dng ca ngi dng. C hai l do lm vic ny: Nhn dng ngi dng l mt tham s trong quyt nh kim sot truy xut; Nhn dng ngi dng c ghi li ti b phn kim sot du vt khi ng nhp vo h thng. Trong thc t, kim sot truy xut khng nht thit ch da trn nhn dng ngi dng nhng thng tin ny c s dng rng ri trong phn kim sot du vt. Phn ny s trnh by v nhn dng v xc thc v chng l cc chun mc trong cc h thng my tnh ngy nay.</p> <p>2.1.1 Giao thc xc thcTrong phn ny, chng ta xem xt cch thc mt i tc xc thc i tc cn li khi hai bn thc hin trao i thng tin trn mng. Khi thc hin xc thc trn mng, ngi trao i thng tin khng th da trn cc thng tin sinh hc chng hn nh hnh dng hay ging ni. Thng thng, vic xc thc din ra ti cc thnh phn ca mng chng hn nh router hoc cc qu trnh x l server/client. Qu trnh xc thc ch da duy nht vo nhng thng ip v d liu c trao i nh mt phn ca giao thc xc thc (authentication protocol) [2]. Sau y, chng ta xem xt mt s giao thc xc thc c ng dng trong thc t. Cc giao thc ny thng c chy trc khi ngi dng thc hin cc giao thc khc.1 This</p> <p>content is available online at .</p> <p>5</p> <p>6</p> <p>CHNG 2. NHN DNG, XC THC V KIM SOT TRUY XUT</p> <p>2.1.1.1 Giao thc xc thc ap1.0</p> <p>Figure 2.1: Giao thc xc thc 1.0</p> <p>2.1.1.2 Giao thc xc thc ap2.0</p> <p>Figure 2.2: Giao thc xc thc 2.0</p> <p>7 2.1.1.3 Giao thc xc thc ap3.0</p> <p>Figure 2.3: Giao thc xc thc 3.0</p> <p>2.1.1.4 Giao thc xc thc ap3.1</p> <p>Figure 2.4: Giao thc xc thc 3.1</p> <p>8</p> <p>CHNG 2. NHN DNG, XC THC V KIM SOT TRUY XUT</p> <p>2.1.1.5 Giao thc xc thc ap4.0</p> <p>Figure 2.5: Giao thc xc thc 3.1</p> <p>9 2.1.1.6 Giao thc xc thc ap5.0</p> <p>Figure 2.6: Giao thc xc thc 5.0</p> <p>2.1.2 Tn truy nhp v mt khuThc t, chng ta lm quen vi khi nim bo mt my tnh khi ta thc hin ng nhp vo h thng s dng ti khon gm tn truy nhp v mt khu b mt. Bc u tin l nhn dng, khi bn thng bo mnh l ai. Bc th hai l xc thc. Bn chng minh nhng g bn thng bo.</p> <p>2.2 Kim sot truy sut22.2.1 Khi nimBo mt thc cht l kim sot truy xut Mc ch ca bo mt my tnh l bo v my tnh chng li vic c s dng sai mc ch cc chng trnh v d liu c lu tr trn my tnh. Nguyn l k thut bo v thng tin ca hu ht cc h thng l kim sot truy xut (access control) [3]. Access control c th c hnh dung nh l tnh hung trong mt ch th ch ng (subject) truy xut mt i tng b ng (object) vi mt php truy xut no . Trong khi mt b iu khin tham chiu (reference monitor) s cho php hoc t chi cc yu cu truy xut [1]. M hnh c s ca access control c a ra bi Lampson nh hnh2 This</p> <p>content is available online at .</p> <p>10</p> <p>CHNG 2. NHN DNG, XC THC V KIM SOT TRUY XUT</p> <p>Figure 2.7: M hnh c s ca kim sot truy xut</p> <p>Trong cc h thng my tnh, ch th l ngi s dng hay cc tin trnh. i tng l file, b nh, cc thit b ngoi vi, cc nt mng... Cc php truy xut in hnh l c (read), ghi (write), b sung (append) v thc thi (execute). Quyn thc hin mt php truy xut nht nh trn mt i tng c gi l quyn truy xut (access right). Cc lut bo mt (security policy) c nh ngha nh mt b iu phi quyn truy xut cho cc ch th. biu din kim sot truy xut, trong ti liu ny chng ta s dng cc quy c sau y: S l tp cc ch th O l tp cc i tng A l tp cc thao tc</p> <p>2.2.2 Ci t kim sot truy xut2.2.2.1 Ma trn Nhn chung, quyn truy xut c th hon ton c nh ngha n gin bng mt ma trn kim sot truy xut. M = (Mso )sS,oO vi Mso A. im vo Mso xc nh tp cc php truy xut ch th s c th thc hin trn i tng o. Nhng trong thc t, cc ma trn kim sot truy xut l mt khi nim tru tng v khng thc s ph hp cho vic ci t trc tip nu s lng ch th v i tng ln hoc cc tp ny thay i thng xuyn [1]. V d sau y (ly t [1]) s ch ra cch thc cc ma trn kim sot truy xut c trin khai trong m hnh bo mt Bell-LaPadula. V d : Ma trn kim sot truy xut Chng ta s dng mt bng biu din ma trn, trong hai ngi dng Bob v Alice x l ba file, ln lt l bill.doc, edit.exe v fun.com. Cc quyn truy xut trn cc file ny c th c m t nh sau: Bob c quyn c hoc ghi file bill.doc trong khi Alice khng c quyn truy xut. Bob v Alice ch c quyn thc thi file edit.exe. Bob v Alice c quyn thc thi v quyn c file fun.com nhng ch c Bob c quyn ghi ln file ny. By gi, chng ta c mt ma trn kim sot truy xut nh sau:</p> <p>11</p> <p>Figure 2.8: Ma trn kim sot truy xut</p> <p>2.2.2.2 Kh nng Phn trc, chng ta ch ra hn ch ca vic ci t trc tip ma trn kim sot truy xut. gii quyt vn ny, c nhiu gii php kh thi c xut. Hai trong s cc gii php c tho lun trong ti liu ny l kh nng v danh sch kim sot truy xut. Trong cch tip cn theo kh nng, cc quyn truy xut c kt hp vi cc ch th hay ni cch khc mi ch th c cp mt kh nng, mt th nh xc nh cc quyn truy xut [1]. Kh nng ny tng ng vi cc dng ca ch th trong ma trn kim sot truy xut. Cc quyn truy xut trong V d 2.1 by gi c th c biu din theo quan im kh nng nh sau: Kh nng ca Alice: edit.exe: execute; fun.com: execute, read Kh nng ca Bob: bill.doc: read, write; edit.exe: execute; fun.com: execute, read, write 2.2.2.3 Danh sch kim sot truy xut Trong danh sch kim sot truy xut (Access Control List - ACL), cc quyn truy xut c lu tr ti tng i tng [1]. Danh sch kim sot truy xut v vy tng ng vi mt ct trong ma trn kim sot truy xut v cho bit ai c quyn truy xut mt i tng no . Cc quyn truy xut ca V d 2.1 c th c m t theo danh sch kim sot truy xut nh sau: ACL cho bill.doc Bob: read, write ACL cho edit.exe Bob...</p>