BO gido dye va dio tao Ban co yeu chinh pha Hoc vién KY thuat Mat Ma Do AN T6T NGHI€P Nghién ciru danh gid hé thong an ninh mang va sir dung Foundstone dé danh gia diém yéu an ninh Nganh: Tin hoc (ma so: 01.02.01) Chuyén nganh: An toan théng tin Khéa; 01 om 2009) Cain b6 luring dain khoa PGS. TS Lé My Ta lige Sinh vién thee hign : | Pham Minh Thuan Ha NGI, 05/2009 MuC Luc MuC LuC 1 DANH Mut IH Ve 6 Lol Ma 10 CHUONG I: MéT $6 Ly THUYET CO BAN 13 LLMOHINHOSI = 13 13 13 1.2.GIAO THGC TCPIP 17 1.2.1, Khai nigm giao thitc TCP/IP 17 1.2.2. ng trong giao thire TCP/IP 17 13.GIAO THC UDP 19 1.4. DiACHiIP 19 15. TI T 20 15.1, Telnetligi? 20 1.5.2. Méts6 lénh cin bin cia Telnet — 20 1.6. DNS Va DNS SERVER — 21 16. 21 16. Server 21 L7.PING — 2217.1. Pinglagi? — 22 ‘ich thire hoat dng cla Ping 23 1.8. Hé DIGU HANH UNIX 23 1.9. Hé DlgU HaNH LINUX 24 1.10. Hé DIEU HaNH WINDOWS ~—25 CHUONG II: NHONG U TRONG BaO 2.1, PHAN LOal L6 HONG BAO MAT 27 2.1.2. Cac 16 hong loai B 27 2.1.3. Cac 16 hong loai A 29 2.2. NHWNG DIEM YéU TRONG BiO MAT 29 2.2.1, Cac ké ho trong giao tht 29 2.2.1.1. Giao thite SMTP (RFC 821, 2821 30 2.2.1.2. Giao thie LDAP (RFC 1777, 3384) 30 2.2.1.3. Giao thite DHCP (RFC 2131, 2132, 2224) 30 2.2.1.4. Giao thite FTP (RFC 959, 2228, 2640, 2773) 31 2.2.1 'iao thire Telnet (RFC 4-861 32 2.2.1.6. Giao thite IPSec va SSH 32 2.2.1.7. Giao thite ICMP (REC 792) 32 2.2.1.8. Giao thite NTP v3 (RFC 1305) 33 2.2.1.9. Giao thite SNMP (RFC 792) 33 2.2.2. Cac ké ho t6n tai trong hé digu hinh == 33 2.2.2.1. Hé diguhinh Unix 33 2.2.2.2. Hé hanh Linux 34 2.2.2.3. Hé diéu hinh Windows 34 2.2.3. Diém yéu trong cdc trang thiétbimang 35 2.2.4, Diém yéukhicduhinh — 36 2.2.5. Chinh sich yeu 37 2.2.6. Cac kt ho do ngudi sitdung 37 CHUONG III: CaC phuong phap TaN CONG MaNG 39 3.1 TONG QUAN Vé CC BUSC TaN CONG CiA HACKER 39 3.1.1. Thu thap thong tin 39 3.1.2. Dé quét 40 3.1.3. iémdanh mang 42 3.2. TAN CONG VaO Hé DIEU HANH WINDOWS 43 3.2.1. Tan céng khéng xc thuc 43 3.2.1.1. Tan cOng théng qua cdc tii nguyén chia sé 44 3.2.1.2, Tan c6ng théng qua 16 hong MSPRC 48 3.2.2. Tin cng hé digu hanh Windows sau khi da vot qua xéc the 52 3.2.2.1, Leo thang dic quvén 53 3.2.2.2. Crack Password trong Windows 35 3.3. TAN CONG VaO Hé DIéU HaNH LINUX 573.4. TAN CONG TRAN BO DEM 59 3.4.1. Khai niém tran b6 dém 59 3.42. Tochite bo nhs — 60 3.4.3. Cich lim vigeciahim — 62 3.4.4. Chuong trinh tran b6 dém 64 3.4.5, Chong tin céng tran bg dém 67 3.5. TAN CONG Tir CHOI DiCH Vi 70 35.1.Khainiém = 70 a 3.5.2. Nhiing kha ning bj tin eng bing DOS 71 3.5.3. Nhimg kiéu tin congDOS 71 3.5.3.1. Tan c6ng dura vao 10i lap trinh (Programing Flaws) 71 3.5.3.2. Tan c6ng kigu SYN Flood = 72 3.5.3.3. Kigu tin cong Land Attack —_72 73 3.5.3.5. Tan cong kiéu Teardrop 73 3.5.3.6. Kiéu tn céng Smurf Attack — 74 3.5.3.7. Tan cong kiéu Winnuke 75 3.5.3.8. Distributed DoS Attacks (DDos 75 3.5.4. Tan céng DDOS théng qua Trin00 75 3.5.5. Cac bién phap phong chong DOS 76 3.6. TAN CONG QUA MaNG KHONG DAY (WLAN) 78 3.6.1. Tan cong bi déng 19 3.6.1.1. Quét bi dong 80, 3.6.1.2. Phat hién SSID 80 3.6.1 hi chi MAC 3.6.2. Tan cong chi dong 82 3.6.3. Tan céng Man in the middle 82 3.6.4. Tan cong gia mao (Wireless Spoofing) 83 3.6.4.1. Gia mao dia chi IP 84 3.6.4.2. Gid mao dia chi MAC 85 3.6.4.3. Chéng tin céng git mao 86 CHUONG IV: DaNH Gli Hé THONG AN NINH MaNG 87 4.1, KHAO SaT 87 4.2. XC DINH NGUY CO GAY MaT AN TOaN TéI Hé THONG 88 4.3. XC DiNH CéC DIeM YEU TON Tal TRONG Hé THONG MaNG 88 81 43.1, Danh gid mie d6 an toan hé thong 88 4.3.2. Danh gia mite d6 an toan mang, 89 Dinh gid mite d6-an toin img dung 90 4.3.4. Dinh gid mite d6 an toin vatly 90 4.4. PHAN TiCH CaC BIéN PHAP Da aP DuNG Dol Vol Hé THONG MaNG 91AN NINH. iH Gla Dl 5.2.1. Tim kiém tat ci ¢ tai nguyén dang hién hitu trong hé théng mang 95 5.2.2. Xéc dinh diém yéu trén tdi nguyén mang 95 5.2.3. Phan tich tong quan moi nguy hiém trong hé thing 96 5.3. DaNH Gla DleM YeU AN NINH CuA Hé THONG MaNG TaNG 5 — KHOA AN TOaN THONG TIN — HoC VIEN K¥ THU&T MaT Ma 98 5.3.1. Khao sat 98 5.3.1.1. Pham vi khao sat 98 5.4.1.3. N6i dung khao sat 98 5.3.2. Két qua danh gid tir hé thong do quét diém yéu Foundstone 99 5.5. M6T é KéT QUA DaNH Gla KHaC 102 5.5.1. Ket qua danh gia tai Ngan hang Nong nghiép va phat trién Nong thon 102 5.5.1, Két qua danh gia tai Ngan hang cong thuong Viét Nam 106 109 LI HAM KHaO ul PHu LuC 112 DANH MuC HiNH Vé os! 14 tang trong giao thire TCP/IP 18 Hinh3:ViduvePing 23 Hinh 4: Bat tay ba bude trong két ndi TCP 42 Hinh 5: Vi du ve sir dung nbtstat 45 Hinh 6: Vidu vé sit dung net view 46 Hinh 7: Noi dung file Password.txt. 47 Hinh 8: Vi du ding nhdp thinh cong v6i lénh for 48 Hinh 9: Vi du quét 16 hong bing phan mém Retina Network Security Scanner 50 Hinh 10: Kiém tra dia chi sau IP Kkhi da khai thae thanh eng vio may 192,168.18 33 Hinh 11; Tan céng Smurf Attack 75 94 95 i Hign thi dang dé hoa trong Foundstone Threat Compliance View 97Hinh 16: Mite dé mii ro bao mat trong timg théi diém va mired6 bién thién theo thdi gian trong Foundstone 98, Hinh 17; Céc su kién trong Foundstone Threat Corelation Module 98 Hinh 18: So dé hé thong mang ting 5—khoa ATTT- HVKTMM — 99. Hinh 19: Danh sach 15 hé digu hinh xuat hién nhiéunhdt 101 Hinh 20: Sé Ivgng ee diém yéu duge phat hién bi Foundstone 101 Hinh 21; Danh sich 15 node mang xuit hign nhiéu diém yéu an ninh nhit Hinh 22: So dé mang tai Ngan hang Nong nghiép va phat trién Nong thon Hinh 23: So d6 mang tai Ngan hang céng thyong VietNam 107 DANH MyC CaC SO DO nite b6 nhs 60 So d6 2: Push mét gid tri vio stack 61 So. ‘op mot gid tri rakhdistack 62 So d6-4: So d6 vi du vé chuong trinh tran b6.dém 65 Glal THiCH THUAT NG& Danh muc cic tit vit 102 104 * OSI :] Open Systems Interconnection : PP Internet Protocol TCP > | Transmission Control Protocol PC >| Personal Computer > DNS 7 | Domain Name System > ICMP _ || _ Internet Control Message Protocol + SMTP [=| Simple Mail Transfer Protocol > SNMP || Simple Network Management Protocol > IPSec Internet Protocol Security > SSE | Secure Socket Layer SSH | Secure Socket Shell NAT >| Network Address TranslationNIP. :] Network Time Protocol PAT : | Port Address Translation NIS :| Network Information Service NFS. =| Network File System TTL’ =| Time to live’ CTpT |: | Chuyén titn dign ur TBDLDT |: | Trao doi dit igu dign tir HH [:) He diéu hank CSDL |: | Casedirligu Danh muc cdc tie chuyén mon — thuGt ngi Server: May chii Client: May tram Host: Mot may tinh nio d6, ¢6 thé 1a may chit hofe may tram hoge may tinh ca nhan Hacker: Ké tin cong Victim: Déi turgng tan céng ciia hacker User: Ngui sir dung Username va Password: La tén dang nhap va mat khau dé nguéi str dung cé thé truy nhap vao hé théng Account: Tai khodn ciia ngudi sit dung, duvge xée dinh diya trén username va password Daemon: La mot chuong trinh chay trén mt cdng nhit dinh nao d6. N6 sé chju dip img Iai moi yéu cau ciia client khi client két noi dén server trén céng d6. Vi dy nhur smtp daemon theo mic dinh chay trén céng 25. Dé c6 thé check mail, may tinh phai két ndi dén server nay trén cong 25, céng ma smtp daemon dang nim git. Sequence number: La nhiing sé xuat hién trong phan header ctia 1 géi tin TCP. Muc dich cia sequence number 1a dé cac géi tin duge nhan theo ding. trinh ty nhu khi ching duge giri di+ Root: Quyén cao nhat trong cac hé théng ma nguén m6. Quyén nay ngang, véi quyén Administrator trong hé digu hanh Windows. + IP Spoofing: La mot ki thudt ding dé dat quyén truy nhap dén cic mai cach lira router hoac firewall ring théng tin dugc dén tir mang dugc ti + Man in the Middle: ngudi dimg gita. Gia str khi 2 méy dang trao déi dat liu, ngudi thir ba dimg 6 gitta thyc hign chan bat va xem trdm thong tin cua 2 miy d6 thi ngudi dimg gitta d6 goi la Man in the Middle va hanh dong chan bat, xem trom dé goi li tin cong Man in the Middle = Session Replay: la loai tan céng ma ngudi tan céng can thiép vao chudi va bat gid m6t chudi géi tin hoac cac lénh ca mét img dung nao do, bién déi théng tin nim duge va goi ngugc tré lai nhim lira hé thong. + Buffer: La mot phan duge dit trude (xée dinh cho m6t myc dich cu thé nio 46) cia b6 nhé ding dé chita dir ligu khi dit ligu duge xtr ly. + Port: La ede img dung chay trén giao thire TCP/IP ma cae két ndi t6i ede miy tinh khéc. Cée port li mt tap hgp eae con s6, ditng sau dia chi IP. Vi dy: dich vu HTTP t6n tai trén port mac dinh la port 80, + Systemroot: La thr mye chita file hg théng cia Windows _ + Registry: La mot co sé dir ligu ding dé iru trer thong tin vé nhimg str thay Gi, nhiing Iya chon, nhting thiét I§p tir ngudi sir dung Windows. Registry bao gm tat ed cdc théng tin vé phan cing, phin mém, gui sir dung Registry ludn durge cp nhat khi ngudi str dung tién hanh sw thay d6i trong cae thinh phan ciia Control Panel, File Associations, vi m6t s6 thay doi trong menu Options ctia mét s6 img dung... + Command line: La cdc dong lénh dé thyc hign mt hanh déng nao 46. Trong Windows, command line la Command Prompt cdn trong Linux, command line ki Shell + Shellcode: La mt doan ma chuong trinh ding dé thye hign mot mue dich nio dé. Thi dy nhu doan Shellcode dé lam trin b dém, Lol Mé DAU Trong xu thétodn cdu héa céng nghé théng tin nhw hién nay, hau nhu bit ‘ky mét co quan, 6 chire nao dit Ion hay nhé déu trang bi cho minh mét hé thong mang dé phye vu nhu cau trao d6i théng tin, truyén tai dir Tigu ho&e buén ban tryc tuyén qua mang Internet. Ngay ca trong cée co quan chinh phi, vige sir dung Internet dé am phuong tign ign Ie cing Ki m6t trong nhing nhu cdu rit cin thiét. Dé 1a cu n6i dé ngudi trong nude cé thé lign hg va trao doi théng tin véi ngudi nude ngoai, ngudi trong khu vue nay 66 thé lign he va trao d6i théng tin v6i ngudi 6 kiu vue khdc, ... Nhu vay, vige sirdung cong nghé thong tin va nhat 1a hG théng mang, hé théng Internet 1 vO cing can thiét. Thé nhung, vin dé dat ra 1a lim théniodécé thé bio van toinduge cho héthéng mang? Limthé nao dé thong tin trao doi gitta noi nay véi noi khde kh6ng bj ké khde dnh © Lam thé nao dé c6 thé tao. ra mot hg théng mang an toan én dinh va ¢6 thé van hanh m6t céch tron tru, khong c6 khiém khuyét? Tir d6, thudt ngit an toan thong tin rad@i. An toan théng tin la mét trong nhing van dé quan trong hang dau, khi thye hign két n6i mang ndi bG cia cée co quan, doanh nghigp, t6 chite v6i Internet. Ngiy nay, cdc bién phép an toan théng tin cho may tinh e4 nhan cing nhu cde mang ndi b6 da duoc nghién ctu va trién khai, Tuy nhién, van thudng xuyén c6 ce mang bj tin céng, c6 cée 18 chire bj dan cép thong tin,... gay nén nhing hau qua vé ciing nghiém trong. Nhing vu tin céng nay nhim vao tit ca cde may tinh e6 mat trén Internet, cde miy tinh cua cde edng ty lin nh AT&T, IBM, cdc trudng dai hge vi ede co quan nha nude, cde 16 chire quin sy, nha bing.... vai trong d6, ¢6 nhimg vy tin cong duge xay dug voi quy m6 khong 15 (c6 t6i 100.000 may tinh bj tin céng). Nhiing con sénmiy chili phin noi cia tang bang trai. Kho c6 thé thu thip durge day dui céc s6 ligu tin cdy vé cc vu dot nhap cia hacker va céc sy c6 an ninh khdc, vi chinh cac nan nhan tir chéi khéng ty nhan ho bi thiét hai. Co thé thay xu hudng gia tang ctia cc vu dot nhap nhap mang internet qua cc s6 ligu thong ké yécie sycdan ninhdyoc hru trittai iy Ban Chju Trach Nhigm Vé Cac Van Dé Khan Cp Cae May Tinh Mang Internet (Internet Computer Emergency Response Team, viét tit i CERT): Nam Sé sued 1989 132 1990 252 1991 406 1992 723 Tir cde sycd véan toin, cdc nhu cu véan toan nhu vay, viée dnh gid hé thong mang c6 dim bao duge yéu cau an toan hay khng lé mot vie lam rat cn thiét cho bat kyhéthéng mang nao. Bai vay, emda quyét dinh chon de tais"Nghién ctu dink git he théng an ninh mang”, dé c6 the gitip cho céc cOng ty, cic t6 chite hay bat ky mét hé thong mang nao cé thé xac dinh duge céc nguy co, cae hiém hoa tiém tang trong hé thong tir dé dua ra cde bign php nhim khac phuc, giam thiéu cde nguy co ¢6 thé de doa dén hé théng mang. Dong thoi, em cling di tim hiéu vé Foundstone ~ m6t cng cu dnh gid an toin hé théng mang manh nat hign nay dé tro gitip trong qué trinh dénh gid duoc nhanh chéng va chinh xéc. ‘ Noi dung chinh eta dé din duge chia lim 5 chuong nhu sau: Chuong 1: Téng quan vé cic diém yéu trong hé thing mang Chuong nay trinh bay mot cach téng quan vé cfc diém yéu xuit hign trong hé thong mang. Day li nhimg diém yéu pho bign trong cae giao thtte, cde hé diéuhanh, cdc thiét bi mang dang duge sir dung. Chuong nay cing dua ra cach phan Jogi cdc 16 hong bio m@t dé lam nén ting cho qué trinh dénh gid hé théng mang Chuong 2: Cac phuong phap tin cong mang Diy la chong m6 ta ve mot, 0 phuong phip tin céng mi hacker thuing sir dung dé khai thac vao cde 18 héng cia hé diéu hanh Windows, Linux, tin cong tirchdi dich vu va mot sé cach Khai the qua hé théng mang khong day. Tir vige nghién ciru cic phuong phip tin cong, d6 an c6 dua ra mdt 6 bién phip nhim phong chéng gidm thiéu céc rai ro gay mat an toan tir cdc 16 héng nay. Chuong 3: Danh gia hé thong an ninh mang Chuong nay néi vécdc bude dé dinh gid duge mét hé thing an ninh mang. Dé dinh gid duge mot hé théng mang, ngudiddnh cin phai e6 mot quy trinh cu thé vé cde cong vige sé phai thye hign tude khi tién hanh danh gid mot hé thong mang. Chuong 4: ing dyng thie té: Danh gid diém yéu an ninh eiia hé thong mang va str dung Foundstone dé danh gi: Cie chuong trrée méi chi li co sé ly thuyét truée khi tién hinh danh gid mot hg thong mang. Bay gid li viée ap dung tat ca cae co saly thuyét dé dé dua vao dinh gid m6t hé thang thye té. Trong chong nay, do an cé trinh bay vé danh gid diém yéu an ninh mang cho hé thong mang ting 5 — khoa An todn thong tin — hoc vign Ky thugt Mat Ma cé str dung Foundstone dé danh gid. Ngoai ra, do an con dura ra mdt s6 két qua dinh gid tir hé théng mang cua Ngan hing Nong nghiép va phat trién néng théng; hé thong mang ciia Ngan hang cng throng Vigt Nam. ‘The nhung do gidi han nén dé an chi dua ra mét sé két qua chinh chit chu dura ra chi tiét toan bd céc két qua da tién hanh danh gid trong thyc tin Sau hon 3 thang nghién ciru cling v6i sir hudng dn nhiét tinh cua PGS. TS Lé MY Tii - Gidim déc hoe vign Ky thuit Mat Ma, TS. Trin Dite Sy-- truéng khoa An toan théng tin va céc thy c6 trong khoa An toan thong tin - Hoc vign Ky thudt Mat ‘MA, cudi cing em da hoan thanh xong 6 dn cia minh, Day la mét dé tai TS. Trin Dire Sy . . - . CHUONG I: tong quan vé cac DIEM YEU TRONG hé thong mang Cae diém yéu bio mat trong mot hé thong mang la cdc diém yéu c6 thé tao nén swngung tré ciia dich vu, thm quyén di vai ngudi sir dung hode cho phép cdc tray c§p bat hgp phap vio hg thong. Ci diém yeu bio mit c6 thé nim ngay tai cde dich vy cung cap nhu web, email, dich vu chia sé tap tin, ... hay trén céc giao thire nh SMTP, LDAP, DHCP, ... va ngay chinh trén cde hé diéu hinh cing ton tai rit nhiéu diém yéu. Cac hé diéu hanh nhu Unix, Linux, Windows Server 2000, Windows Server 2003, Windows XP va cac phién ban saudéu cé ton tai nhitng diém yéu nghiém trong ma ké tan céng hoan toan cé tthéc, chiém quyén diéu khién hg thong, Ngoai ra, trén cae trang thiét bj mang ding dé cung cap swan toan cho hé thdng cing o6 thé t6n tai cée diém yéu ma ngudi quan tri khong thé nao biét hét duge. Trong chuongdéu tién nay, em sé trinh bay mét cach téng quan vé m9t s6 cde diém yéu trong giao thuic, trong hé diéu hanh, trong cae trang thiét bj mang va céch phan loai cae 16 héng béo mat khi thye hign phan tich danh gia mire an toan hé théng mang 2.1. NHENG DIM YéU TRONG BiO MAT : Hiéu duge nhimg diém yéu trong hé thdng mang la mot vandé hét site quan trong dé tién hanh nhiing chinh sch bao mat c6 higu qua va con gitip cho ngudi quan tri béo métduge mang truée Khi bi hacker tin céng. Cisco xée dinh nhting diém yéu bao mat gbm c6: + Ci ke ho trong gio thie + Cac 15 héng tn tai trong hé diéu hanh + Céc diém yéu trong cdc trang thiét bj mang + Cae diém yéu khi cdu hinh + Chinh sich yéu 2.1.1, Cae ké hé trong giao thite Dé ndi két céc hé thong cé nguén géc khac nhau thi nhiing hé théng nay phai mé, vi dy nhw dé bg sin phim Norton Anti Virus ¢6 thé edi dat va chay duge ten hé diéu hanh Windows thi Norton phai hiéu duge edu tnic cing nh nén tang cua Windows thi méi cé thé tg0 ra mét phin mém tuong thich voi Windows. Digu 46 6 nghia la cae giao thite cing nhw giao dién Windows phai duge chudn héa; ma chudn héa dng nghia véi viée céng bé cae dic ta ky thuat cho ai nay déu bit, Mat trai cua vige céng bé va Ap dung rong rai céc tigu chuin Ia céc hacker 6 thé biét cae nhuge diém ¢6 trong cae giao thite va trigt Oi chiéu timg e6ng nghé cita nhiing mang tin hoe cu thé véi md hinh OSI, ta 6 thé thay ring cée méi nguy hiém c6 thé tiém ting ngay trong timg b6 phén, de bigt 6 céc giao dign va giao thire duge str dung pho bién nhdt. Dudi day 1 mét vi du vécéc keho di duge phét hign trong nhiing giao thie chi:chét thude ho TCP/IP: 2.1.1.1. Giao thice SMTP (RFC 821, 2821) Trong giao thie chuyén thu dign tir don gian SMTP yén khong c6 co ché xie thye, cho nén thu dign tir rt d& bj ké xdu mao danh, Néu mail server duge thiét lap dé cho _phép két ndi céng SMTP thi bat cit ai cing c6 thé dua dén dé nhing Ignh chuyén mét bite thur dign tir voi dja chi ngudi giti ty y, gdy ra lin lon that gid rat tai hai (trudng hgp cita phan lén cae virus méi). 2.1.1.2. Giao thice LDAP (RFC 1777, 3384)trong giao thite LDAP (phién ban 2 va 3) duge client thuc hign ing 389, true khi yéu cau LDAP lam nhiing vige nhur tim ki (search), bé sung (add),... Khong ¢6 gi bao dim ring client s® két néi dén ding server LDAP, boi vi trong CSDL tén mién, hacker cé thé thay ddi tén server LDAP thanh server LDAP khac. Hode hacker ciing ¢6 thé cai dat m6t server LDAP khdie ‘va gia lam server LDAP thue su. Mat khac, moi théng tin trao déi gitta client va server LDAP¢éu & rang 19 (plain text), tire 14 chua duge ma héa, nén hacker c6 thé d ding doe va thay di 2.1.1.3. Giao thite DHCP (RFC 2131, 2132, 2224) Giao thie DHCP cung cap eo ché gin cae dia chi IP dng cho nhimg thiét bj dé chung c6 thé e6 dia chi khdc nhau mdi khi ching ndi vao mang. Ney 08/5/2002, trung tm digu phi citu hd an ninh may tinh (CERTICC) da inh bio vé mot k& ho cia giao thite d6. Trung tam CERT/CC cho biét ring nhiing ké ho nay 1a kiéu 161 tran b> dém huéng ngan xép (stack - based) va c6 thé bj khai thc bing céch giri mt thong digp DHCP 6 chia mot gid tri hostname len. Mae dit thu vign “minires” din xuit tirthu vign “resolver” cua phin mém BIND 8, nhung nhing ké ho néi trén khong anh hudng t6i cde phién ban hign hanh cia BIND. Nzgiy 16/01/2003, tp doan phiin mém ISC (Internet Software Consortium), mot t6 chite phi Igi nhudn, cing da thita nhn sit tn tai ctia mét s6 1di tran bG dm trong phin mém ma nguén mé ndi tiéng thuc hign giao thite DHCP. Ngoai vige hinh, phin mém nay con cho phép may chii dich vy DHCP cp nhat d6ng cho may chi dich vy tén mién DNS, do dé kh6ng cn cap nhat thi cong DNS nia, Trong khi kiém tra, ISC da tim thay cae 19; cua nhiig chwong trinh con xii Iy sai sot (error handling routines) trong thu vién “minires"duge ding boi him NSUpdate dé gidi quyét van dé tén may (hotname). Ngay sau dd, céc phién ban 3.0pl2 va 3.0.IRCI1 cia phan mém ISC DHCP da duge sta 18i. 2.1.1.4, Giao thite FTP (RFC 959, 2228, 2640, 2773) FTP Li mot giao thire e6 nhiéu ké hé lon, ké ca khi duge ting eudng bang cde co ché an ninh nhu IPSec vi SSH. Nhung dit bat én nhu thé, cho dén nay trong thye tign FTP vin rat hayduge ding dé tai cde tép 1én may chit xa, Sau day 1a m6t s6 trudng hgp so hé cia FTP: a. Khi giti inh PASV Khi client FTP giti inh PASV, m6t hacker ¢6 thé nhanh tay két n TCP ctia server FTP trude client niy C6 thé so sinh dia chi 46 véi dia chi IP cua client dé phat hign tin tac, nhung bign phap ny s¢ v6 nghia néu haker ding chung (6 ché d6 multiuser) eiing mot miy tram hoje may proxy véi nan nhan vao céngC6. thé phong bing cdch thiét lap cdu hinh sao cho HDH tirchéi moi tin higu yéu cdu SYN sau yéu cdu dau tién, nhung mot sé HDH lai khéng cho thiét lap nhu vay. Cé thé cit bé cudc truyén néu kiém tra thay co nhiéu két néi cing duge chip nhan bing ACK trén mét céng, nhung bign phap nay khéng chic chin vi tin higu ACK ciing cé khi bi mat hoac b. Giri Ignh PORT Khi client FTP gui lénh PORT rdi cha, mét hacker c6 thé kip két ndi ri server va durge server cho truy cap vao céng TCP ciia client. Client khéng t Digt vi no la Két ndi eta may chi hop phap. c. Khi may chi: két ndi M6t hacker co thé yéu cdu may chi FTP cho két néi vao céng TCP vai dia chi IP bat ky va giti mot file duge chon bai chinh hacker. Dé la ké ho nghiém trong server niy c6 quyén ndi két tung lira hoae eae cing dae bigt khie. 2.1.1.5. Giao thite Telnet (RFC 854-861) Ban thin giao thite Telnet khdng c6 co ché dam bao an ninh. Khi cai dat phan mém thye hign giao thite Telnet ching ta thuing phai bd sung cic tiry chon, thi dy theo dé xuat RFC 1091, 1184, 1372 cua IETF. Trong trudng hop pho bién nhat, hur mot terminal 6 ché d6 truy cp tir xa qua cong TCP sé 23, phn mém thye hign Telnet két ndi dén server yéu cdu xée thye ngudi str dung bing cich kiém tra tén ‘va mat khau & ché d6 16, nhung server Iai khdng thé ty xc thye duge cho minh, Theo Microsoft, phan mém thye hign giao thie Telnet cdi sin trong HDH Windows 2000 ciia hg ciing khéng bit duge cic ké hd ciia giao thite nay. Phan mém Telnet trong HDH Windows 2000 qua that da tiém an tdi 7 ké ho, bao gdm 4 16i khdng chéng néi tn céng tir chéi dich vu, 2 16i vé dae quyén wu tién va 1 16i dé 16 théng tin. 2.1.1.6. Giao thitc IPSec vi SSH Céng nghé an toan lép trén nhu IPSec, SSL vi SSH cung ep cho cae img dung mang mot mite an ninh theo chiéu ngang (end - to - end security), xét quan hé gitta hai cho thé bén nguén va bén dich. Tuy nhién trong thye té ching phu thude vao hai digu kign sau: + Mot ha ting an toan tong img, + Nhiing ngudi sir dung ¢6 hiéu biét cao vé tin hoc va ludn thao tac ding din ké cd trong nhiing truéng hop bat thudng c6 thé thye hign duge (thi du bing ha cOng khai), nhung diéu thtr hai thi hién nay khong ¢6 ai dam chic. Nhu d& n6i 6 trén, an toan cn phai duge xét theo chiéu doc trong mé hinh mang OSI. Mite an ninh tir g6c dén dich duge xay dymng 6 tang img dung trén cing 1g ma héa khéava phy thuge vio swan toan ctia nhiing ting duéi, néué dudi li mét mang bd tuyén kiéu Wi-fi véi ché d6 broadcast thi khéng c6 gi dam bao ring hacker khong thu ndi tin higu trong viing phi séng va khéng giai ma duge 2.1.1.7. Giao thie ICMP (RFC 792) Giao thie ICMP 1a m6t mé rng cia giao thite lién mang IP. ICMP cung edp mot co ché cho cae thong bio diéu khién va thong bao 16i, Thi dulénh ping sir dung cée g6i ICMP dé kiém tra vige két ndi gita hai dia chi IP. Nhung hacker 6 thé loi dung cée g6i tin ICMP khéng dén dich dé do thm mot mang. Noi chung cn phai ngan can hoae chi it phai loc nhing géi tin ICMP khéng dén dich va nhitng géi tin ICMP déi hudng (redirect) trong Router. 2.1.1.8. Giao thite NTP v3 (RFC 1305) Giao thite NTP duge ding dé dong b6 va cap nhit thoi gian trén cdc may chii va thiét bj mang tir mot s6 may chi NTP. Giao thite nay mo cho hacker mot cach tin céng bang che diu hoac thay ddi gid nham lam sai thi gian trong cde tép ky su. 2.1.1.9. Giao thite SNMP (RFC 792) Giao thite SNMP duge diing dé quan tri, theo doi va lip céu hinh cho cde thiét bj mang, Dang tiée 14 nhimng file cau hinh mac dinh cia SNMP thurimg khong may an toiin vi c6 vai Khiém Khuyét va hacker 06 thé loi dung. 2.1.2. Cac ké ho ton tai trong hé diéu hanh Thue té hién nay cho phép ligt ké hing trm ké hé an ninh tr hanh 1a phin mém co ban nhat cia cdc may tinh; tuy ching con nhung da sé thi phan chi thudc vé mét vai hé diéu hanh ni tiéng va trong sé dé nhiing HDH chay trén may cht cé anh huéng quan trong dén anh ninh mang, 2.1.2.1. Hé diéu hanh Unix : Trong thy té, cdc phién bin Unix chua phé bién nhiéu tai Vigt Nam, Ngoai 2 san phim IBM AIX va Sun Solaris thuéngduge sit dung 6 nhimg noi cé yéu cau cao vadiéu kign dau tw nhucée nganh ngan hang, tai chinh, vién théng, hing khdng, dién lye, ... Tuy nhién, cde phién bin Unix cing bj tin cong do c mot sék@hoan ninh, di ring phan lénda nhanh chéngduge bit lai. Nhimg ké ho sau duge coi la nguén géc chung cua cde Idi da xay ra: + Cac thi tye goi him tir xa RPC (Remote Procedure Calls) + Cae dich vu 6 dang van ban 16 (Clear Text Services) + Giao thre SNMP (Simple Network management Protocol) + Lép an ninh SSH (Secure Shell) + Lép SSL mé (Open Secure Sockets Layer) + Cae tai khodn xc thye chung (General Authentication Accounts) khong cd mat khéu hode chi c6 mat khéu dé doan (weak password)+ Cau hinh sai (misconfiguration) 6 cap eo quan doanh nghiép cho nhiing dich vy vé mang nhu NIS hoge NFS. Negoai ra cn mot s6 cic ke hé riéng, nhung ching chi xuit hign trong ting phién ban cia Unix: + Rmail (IBM AIX 3.2), lam dung stadt (AIX 3.2, 4.1), mount, xdat, xlock (AIX 4.1.3, 4.1.4, 4.2.0, 4.2.1) + MGE UPS, rwall daemon, automound (Sun Solaris 2.5.1), printd tmpfile, Iprm, ufsdump, ufsrestore, fip mget (Solaris 2.6) + Fip client, tmpfile, tran b6 dém véi Xaw va Xterm (HP/UX 10.20), Rdist, chfn (HP/UX 9.x, 10.x), xwereate/destroy ee + Core dump/dbx, leak usernames trong sshd va rshd, vin dé symlink véi fstab va advisd trong giao dign OSF1 (Digital Unix 4.0) + Loi dung routed file, pfdispaly CGI (IRIX 5.2, 5.3, 6.2), IPX tools, suid_exec (IRX 6.3). 2.1.2.2. Hé diéu hénh Linux Hign nay c6 khé nhiéu Website hd try cho HDH Linux va ho cting thudng thong bdo cdc bin v4 151 dé ngudi sir dung cp nhit. Ngoai cde Idi chung gidng nhur ¢6 trong Unix, ¢6 thé ligt ké mt s6 cdc ké hé an ninh rigng trong ting phién ban ciia Linux nhur sau: + GNOME display manager (Redhat Linux), do_mremap (cdc phién ban Linux kernel true 2.4.25) + FreeRADIUS (cic phién ban truée 0.9.3) trong Redhat Enterprise Linux AS3 va Redhat Enterprise Linux ES3 + Rsyne bufler overflow (cae phién ban Linux kernel tir 2.x dén trudie 2.5.7w) + Phién ban Redhat Linux 8.0 duge phat hanh cing véi phin mém DHCP cia ISC c6 chita 18i tran bédém hudng ngin xép (Stack — based buffer overflow). ién quan dén ham goi hé théng waitd() co mat trong moi chuong trinh may tinh Linux. . 2.1.2. . He diéu hanh Windows Hau hét may PC déu c: tia cfc cuge tn cng vao HDH nay ¢6 kha nding nhan rong va nhanh hon cae cuge tan cdng vao nhing HDH khic. Ngoai ra, rit nhigu hacker cé mau thuin véi Microsoft nén ho luén tim cach moi méc va khai thac cdc ké hé cia Windows.Tir vai nim nay, Microsoft da cé ban tin thong béo vé nhiing 18i an ninh cia minh, Sau day 1a m6t s6 théng béo dang ché ¥: + Thing 12/2008, Microsoft ednh bio vé 16i Zero-day va ede hacker da ra site khai thie 1éi nay + Thang 6/2004, ban tin canh bao ve mét 16i an ninh trong tinh nang DirectPlay trén mang ngang hang cia Microsoft. L6i ny xuat hign trong tit ca cde HDH cia Microsoft nhu: Windows 2000, XP, Windows Server 2003 32 bit, 64 bit + Thang 4/2004, ké ha trong hé théng giam sat an ninh ngi b6 LSASS ciia cic HDH Windows 2003, Windows 2000 v: Windows XP da cho phép hacker thong qua séu Sasser r6i virus Bobax dé tin céng bing kiéu DoS va spam + Thing 7/2003, Microsoft da cénh bao vé 316i an ninh kha nghiém trong trong cae HDH cia ho. Day la nhiing ké hé cho phép hacker pha hoai cdc hé thing théng tin + Thing 9/2002, Microsoft di thong béo nhigu 151 nghiém trong do nhimg kéhé 6 trong hau hét céc phién bin cia HDH Windows. Théng qua nhing ké hé dé, cde hé théng théng tin ding Microsoft Windows 6 thé bi tn cing theo kiéu IPSpoofing + Thang 8/2002, Microsoft céng bé mét ké hé mdi trong thinh phan Active- X duge phat hign én Windows, cé thé cho phép hacker tin cong kiéu DoS. 2.1.3, Diém yéu trong cae trang # : _ Hau hét cdc thiét bi mang nhw la server, switch, router... déu c6 diém yéu trong bao mgt. Hacker c6 thé loi dung nhiing diém yéu nay dé thue hign tin céng vio hé théng nhur tin céng ARP, tan cng theo kiéu man in the middle, ... Néu cd mét chinh sach tét cho viée cdu hinh va Kip dat cho céc thiét bi mang sé lam giam di rit nhieu su anh hudng ciia diém yéu nay. Vi dy nhu vi Cisco — mot hang cung cp thiét bi mang hingdau thé gidi, Trong cae sin phim tudng hia PIX, cé mt sé phién bin cd thé bj “treo” va phai kh@i d6ng lai néu bj tan céng kiéu tir choi dich vu bang nhiing thong digp Khai thc giao thie SNMP phién ban 3. Day 1a ban nang cp moi nhat eta SNMP, cho phép theo doi tinh trang thiét bj trong mang. Tuy nhién, tudng Ita PIX khong hé try SNMPv3. Vi thé, mot mdy chit SNMP phai duge edi dat truse dé dinh rigng cho tudng lita Cisco thi méi 6 thé thye hign duge cude tin céng. Hay trong cde Router ca Cisco, qua cude kiém tra ndi b6, Cisco da phat hién duge nhiing thiét bi dinh tuyén ctia ho chay hé diéu hanh lién mang IOS (Internetworking Operating System) c6 thé bj tin céng kiéu tir chéi dich vy. Bing vige khai théc ke ho trén, hacker c6 thé giri nhimg géi tin truc tigp ti mét thiét bj cla Cisco va dinh lita, khién cho thiét bi nay ngimg ki phai ido | hi 2.1.4. Diém yéu khi cdu hinh Day 1a Ii do nha quan tri tao ra. Ldi nay do cac thiéu sét trong vide cdu hinh nhu la: khéng bao mat tai khoain khach hang, hé théng tai khosin v6i password ling doan biét, khéng bao mat cae cau hinh mie dinh trén thiét bj hay 1di trong vige cdu hinh thiét bi. Tai khoan ngudi sir dung khong an toan: MGi user account cin c6 usename va password cho mucdich bio mét, Cac username vi password niy thudng duge truyén di & dang clear text trén mang Do d6, cin c6 chinh séch bao mat user account nhu ma hod, xc thye ... Tai khoan hg thong dgt mat khdu dé doan: M@t diém yéu trong 16i céu hinh khde 1a bio mét account véi password dé ding bj dinh cp. Dé ngan chan tinh trang 46, ngudi quan tri cdn c6 chinh sich dé khong cho phép mét password c6 higu le mai mai ma password nay phai c6 mt thoi han nic. Dich vy Internet bj 1di cau hinh: M6t vai céng ty da sir dung dja chi tht trén mang Internetdé danh dia chi cho host va server. Digu niy to nén diém yéu ma cde hacker sé dé ding Khai thie thong tin : Sir dyng giao thie NAT ho%e PAT 6 thé giai qu; trén, Sir dung dia chi rigng cho phép dinh dia chi host va server ma khong can ding dia chi that trén mang, trong khi dia chi tht thi duge border router dinh tuyén ra mang internet. ‘Thé nhung day ciing chua phai la bign php t6i wu. Port trén interface két ndi ra internet phai ¢ trang thai mé cho phép user vao mang internet va nguge lai D6 la 16 hdng trén Firewall ma hacker e6 the tn e6ng vio, Thigt d3¢ edu hinh mic dinh trong céc san pha Nhiéu san phim phan cimg duge cung cap mi khong 6 password hoge I password sin c6 giip cho nha quan tri dé ding edu hinh thiét bi, vi du nhu mot 86 thiét bi chi can cm vio va hoat dng. Digu nay sé gitp cho cae hacker dé ding tn céng, Do 46, ta cin phai thiét lip mot chinh sich cdu hinh bio mét tén mdi thiét bi truée khi thiét bi duge kip dat vao hé thing mang. Cau hinh trang thiét bj mang bj 10i L6i cu hinh thiét bj la mét 16 héng c6 thé khai thac dé tin céng mang nhu: password yéu, khéng cé chinh sdch bao mat hode khéng béo mat user account... déu la Idi cau hinh thiét bj. : Phan cimg va nhimg giao thire chay trén thiét bj ciing tao ra 13 hong bao mat trong mang. Néu ta kh6ng ¢6 chinh sich bio mit cho phin cig va nhing giao thire nay thi hacker sé lai dung dé tan cong mang. soat cdc kénh dit ligu va budeHon nifa, néu sirdung SNMP duge mac dinh thiét lap thi thong tin c6 thé bj dinh cp mét céch dé ding va nhanh chong. Dodé dé tang tinh bao mat, ta cin phai lim mit higu luc ctia SNMP hoi la thay di mac dinh thiét ip SNMP cé sin, 2.1.5. Chinh seh yéu i i Khi thiét ké mt hé théng mang nao, bude dau tién cin nghi dén d6 la chinh sich dim bio an toan cho hé thong mangd6. Chinh sich nay khong chi cho cde trang thiét bj ma cén li chinh sich ap dung déi véi toan b6 nhiing ngudi sir dung trong hé thong mang. Néu nhu chinh séch bao mét yéu kém thi rat ¢ co hoi cho hacker tin cng khai thie he thing mang. Diém yéu trong chinh sich bao gm: Thiéu khi thiét dat chinh sich an toan, sweanh tranh trong t6 chite, syléng [é0 cia ngudi quin trj an toan thong tin, khdng c6 ké hoach khi mudn thiét lap va 4p dung chinh sach cing nhur ké hoach phue hdi sau tham hoa, 2.1.6. Cac ké ho do ngwoi str dung Nguii str dung, dit v6 tinh hoae cé ¥ cing co thé gay ra su cé cue b6 hoac toan dign trong mang véi hau qua la xdm haidén dit tigu ctia minh hode cia ngurti Khac. Sau day li mét s6 nhing ké ho lin nhét do ngudi sirdung tao nén mi mot ngudidanh gid an toin cin biét dé c6 thé cd cée bign phapdanh gid va han cché tuong img: a. Céc thu dign tir khong ré nguén gée , hoke cée file dinh kem (ké ca cc file anh, file mm nhge va file nén), hod ce duéng lién két dia chi mang Internet c6 trong thw dign tir thi nguy co tai hga da nhan len gp bGi.D6 Ia vi bon tin the c6 thé gai sn céc chyong trinh tan céng hode danh lira (hoax) ngay trong nhiing b6 phan ndi trén. Negay nay, thu dién tir 4 phuong tién tin hoc duoc str dung nhiéu nhat boi nhing ngudi khéng chuyén lam tin hoe, do vay cling la cdich don gin 48 phat tin, nhigm virus va khing bé bing cae phan mém. Theo béo chi, chi riéng trong Khong nim 2007-2008 nhiing vu tin céng ndi tiéng nh siu Conficker, Sobig, Sasser, Blast, NetSky, ... da lim thigt hai hang chuc ty d6 la MY. Cé thé ké ra hang trim trudng hop dindén nhiing méi de doa nhu vay, trong dé dic biét 1a hang ty thu rac tung ra mdi ngay trén Internet. b. Cae thong tin ed nhan bj 1p Viée danh hoac dé I mat khau, tén dang nhap hé thong, s ai, di chi mang cua minh hoae ciia nguii khae (déi tie, ban bé, ...) déu tao nén nhimg ké ho rat dé bj ké xdu Igi dung. Nhiing thong tin nhw thé thuong nim ngay trong may tinh, thir dign tit, file vin ban, s6 dia chi, so d6 mang, ... thim chi trong cuén lich dé ban hoje s6 tay, 'n, titi sich cia nhiéu ngudi sir dung vé y.“u may tinh cua ngudi sir dung cé néi mang thi hacker cing c6 thé ty tim ra thong tin ¢4 nhan chir khong cho dgi sy v6 y cia ho. Hacker thuing str dung cic céng cy phin mém chuyén dung nhu bg quét (scanner), b6 do (sniffer) va 9 phan tich (analyzer), ... dé lim vige d6, Nhting phan mém nay c6 day ray trén mang Internet va phan Ién la mién phi, cho nén bon tin tie 06 thé dé dang tai nap vé ding. ‘ac két ndi mang sai quy céch : D6i khi ngudi str dung do soy hoae khong ndm ving quy trinh thao tac trén mang, nén da két néi dén nhimng dia chi c6 vé binh thudng nhung thuc chat la cde cai bay nguy hiém gai sin trén Internet, nhu vay khéng khac gi tu din thin nép mang cho hacker. Mét trong nhiig thi dogn quen thude ciia ho la str dung ede virus, trojan xdm nhip qua cdc trinh giti thu dign tir (vi dy Outlook Express) houie cae trinh duyét Web (thi dy Internet Explorer) dé rinh thai co tn c6ng.... 2.2. PHAN LOal Lé HONG BiO MAT. C6 rat nhieu cae t6 chite da tién hanh phan loai cae dang 16 hong bao mat. Theo cach phan loai cia béquée phong MY, cdc loai 15 hong bao mat trén mot hg théng duge chia lam ba logi sau: + Céic 18 héng loai C + Céic 16 héng loai A Cie 15 héng loai C ‘ie 16 hong logi C c6 mite 49 nguy hiém thép, chi anh huongdén chit lugng dich vy ho&e lim gidn doan hé thong. 18 héng logi nay khéng kim pha hong dir ligu hay cho phép quyén truy hgp phip vao may tinh, Dién hinh cia 16 hdng loai C la tn cng tir chdi dich vu (Dinal of Services) goi tat la DoS. 2.2.2. Cae 16 héng loai B z Cac 16 héng loai B cho phép ngudii sit dung e6 thém cde quyén trén hé thong ma Khéng cin kiém tra tinh hop Ié din dén mat mat théng tin yeu bao mat. L6 hong nay thudng ¢6 trong cfc (mg dung trén he tl L6 hong loai B nay o6 mite d nguy hiém hon 15 hong loai C vi né cho phép ngudi sit dung n6i bd c6 thé chiém duge quyén cao hon hose truy nhap bat hop phap vio hé théng. Nhtng 16 héng loai nay thudng xudt hign trong ec dich vu trén hg thong. Nguii sir dung ndi bo duge higu li ngudi da e6 quyén truy nhap vio hé thong v6i mot s6 quyén han nhat dinh. . M6t trong nhimg 16 héng loai B thudng duge bit gap nhat la trong ing dung Sendmail. Sendmail li mt chuong trinh duge ding kha phd bién trén hé thong Linux dé thye hign giti thy dign tir cho nhing ngudi sir dyng trong mang noi bo. Thong thung, sendmail 1 m6t deamon chay & ché d6 nén duge kich hoat khiAi hoat dong, chong trinh sendmail sé mo céng 25 doi mot yéu cau t6i sé thye hign né hoge guri chuyén tigp thyu dén ep ea0 han, Sendmail khi duge kich hoat sé chay dudi quyén root hoc quyén tuong ting vi lién quan dén hinh dong tao file ding nhip. Lgi dung dic diém nay va mt s6 Id héng phat sinh tir eée doan ma cia sendmaildé doat quyén root trong hé thong. Trong hé diéu hanh UNIX cing xuat hién cae 16 héng logi B. Cac 16 héng nay chi yéu xoay quanh vin dé vé quyén strdung chuong trinh, Vi wen hé théng UNIX, mot chuong trinh cé thé duge thye thi véi hai kha nang sau: khéi dng hé théng. Trong trang tl + Ngudi quan tri hé théng cé kich hoat hoc chay chuong trinh + Chu so hitu chuong trinh c6 kich hoat hoac chay chuong trinh M6t dang khie ciia 16 héng loai B xay ra véi cée chuong trinh viét bing ma nguén C. Nhing chuong trinh viét bing ma nguén C thudng sir dung mot viing dém la mot ving trong b6 nh sir dung dé hu trir dir ligu true khi xit ly. Nguoi lip trinh thug sir dung ving dém trong b6 nhé trude khi gin mét kho’ing Khong gian b9 nhé cho timg khoi dot ligu. Vi du khi viét chuong trinh nhap tnrémg tén ngudi sir dung quy dinh trudmg nay dai 20 ky tir bing khai bio: