phát triển chiến lược an ninh mạng - có 3 cách ... · pdf...
Post on 06-Feb-2018
219 Views
Preview:
TRANSCRIPT
Pht Trin Chin Lc An Ninh Mng
1
Chng 2,"Phn tch cc mc tiu k thut v Cn bng
h thng mng" xc nh ti sn mng, phn tch ri
ro an ninh, pht trin v yu cu bo mt.
Mc tiu ca chng ny l gip chng ta lm vic
vi khch hng thit k h thng mng ca mnh trong
vic pht trin cc chin lc bo mt hiu qu.
Chng ny m t cc bc pht trin mt chin lc
an ninh v bao gm mt s nguyn tc bo mt c bn.
2
Pht Trin Chin Lc An Ninh Mng
Network Security Design
The 12 Step Program
C nhiu chin lc an ninh c pht trin mt cch
ba bi v khng thc s an ton v ti sn p ng
cc mc tiu chnh ca khch hng bo mt. Ph v cc
quy trnh bo mt, cc bc sau y s gip chng ta c k
hoch hiu qu v thc hin mt chin lc an ninh:
1. Xc nh cc ti sn mng.
2. Phn tch ri ro an ninh.
3. Phn tch cc yu cu an ninh v cn bng.
4. Xy dng mt k hoch an ninh.
5. Xc nh mt chnh sch an ninh.
3
Network Security Design
The 12 Step Program
6. Xy dng cc quy trnh p dng chnh sch bo mt.
7. Xy dng mt chin lc thc hin k thut.
8. t c t ngi s dng, qun l, cn b k thut.
9. Ngi s dng, cc nh qun l v nhn vin k thut.
10. Thc hin cc qui trnh chin lc v an ninh k thut.
11. Kim tra an ninh v cp nht nu c vn c tm
thy.
12. Duy tr an ninh.
4
Xc nh ti sn mng
Phn cng.
Phn mm ng dng.
D liu.
S hu tr tu.
B mt thng mi.
Danh ting ca cng ty.
5
Security Risks (ri ro an ninh)
Thit b mng Hacked.
- D liu c th b chn, phn tch, thay i, hoc xa.
- Mt khu ngi dng c th b tn hi.
- Cu hnh thit b c th thay i.
Tn cng trinh st.
6
Security Tradeoffs (Cn bng an ninh)
Cn bng phi c thc hin gia cc mc tiu an ninh v
cc mc tiu khc:
- Kh nng chi tr.
- Kh nng s dng.
- Hiu sut.
- Kh nng qun l.
7
Pht trin mt k hoch an ninh
Ti liu xut nhng g mt t chc s lm p ng
yu cu bo mt.
Quy nh c th thi gian, con ngi v cc ngun lc
khc s c yu cu pht trin mt chnh sch an ninh
v thc hin chnh sch.
i vi mt k hoch an ninh c ch, n cn phi c s h
tr ca tt c cc cp ca nhn vin trong t chc.
8
Pht trin mt chnh sch bo mt
Bo mt vt l.
Xc thc.
y quyn.
Cng ngh my tnh v mng li kim ton
M ha d liu.
B lc gi tin.
Tng la.
H thng pht hin xm nhp (IDS).
H thng ngn chn xm nhp (IPS).
9
Bo mt vt l.
Bo mt vt l dng hn ch quyn truy cp vo ti
nguyn mng.
Ty thuc vo khch hang ta thit k mng, bo mt vt
l nn c ci t bo v cc b nh tuyn, im
phn gii cm mc, cp, modem, my ch, my ch, lu
tr d phng.
10
Pht trin mt chnh sch bo mt
Xc thc.
Xc nh ngi ang yu cu cc dch v mng.
Xc thc truyn thng c da trn mt trong ba cch sau:
1. mt ngi s dng mt password, mt m PIN hoc mt
kha mt m ring.
2. Ngi s dng c th mt khu, th an ninh.
3. Xc minh ca mt c tnh vt l c o ca ngi s dng,
chng hn nh du vn tay, hnh vng mc, ging ni, hoc
khun mt.
11
Pht trin mt chnh sch bo mt
Kim ton.
phn tch hiu qu an ninh ca mt mng li v ng ph s c
an ninh, th tc cn c thit lp thu thp d liu hot ng
mng c gi l kim ton.
i vi cc mng chnh sch an ninh nghim ngt, d liu kim
ton phi bao gm tt c xc thc v y quyn ca bt k ngi
no.
Qu trnh kim ton khng nn thu thp mt khu. Thu thp mt
khu to ra mt tim nng cho mt vi phm an ninh.
Mt phn m rng ca kim ton l khi nim v nh gi an ninh.
Vi nh gi an ninh, mng c kim tra t bn trong bi cc
chuyn gia
12
Pht trin mt chnh sch bo mt
M ha d liu.
L mt qu trnh m ha d liu bo v n khi b c bi
bt c ai.
M ha l mt tnh nng bo mt hu ch bo mt d liu.
N cng c th c s dng xc nh ngi gi d liu.
Trn cc mng ni b v mng s dng Internet ch n gin
l duyt web, email, v chuyn tp tin, m ha thng l
khng cn thit. i vi cc t chc kt ni cc trang web t
nhn thng qua Internet, s dng mng ring o (VPN), m
ha c khuyn khch bo v tnh bo mt ca d liu ca
t chc.
13
Pht trin mt chnh sch bo mt
M ha cho bo mt, ton vn
14
Figure 8-1. Public/Private H thng quan trng cho m bo bo mt d liu
Figure 8-2. Public/Private H thng chnh cho vic gi mt Signatur k thut s
Firewalls tng la
firewallis mt thit b dng thi hnh cc chnh sch an
ninh ti cc ranh gii gia hai hoc nhiu mng.
Mt bc tng la c th l mt router, mt thit b phn
cng, hoc cc phn mm chy trn my tnh hoc h
thng Linux. Tng la l c bit quan trng ranh gii
gia cc mng doanh nghip v Internet.
15
Pht trin mt chnh sch bo mt
Modularizing Security Design
(thit k bo mt)
Mng li an ninh nn c nhiu lp vi nhiu k thut
khc nhau c s dng bo v mng.
Bo v tt c cc thnh phn ca mt thit k m un:
- Kt ni Internet.
- My ch thng tin v cc my ch thng mi in t.
- Mng truy cp t xa v mng ring o VPN.
- Cc dch v mng v qun l mng.
- Cc mng khng dy.
16
Bo mt cc kt ni Internet
Kt ni Internet phi c bo m bng mt tp hp cc
chng cho c ch bo mt, bao gm tng la, b lc
gi tin, bo mt vt l, bn ghi kim ton, xc thc v y
quyn.
Mt nguy c ph bin lin quan n vic kt ni Internet
l mi e da trinh st t Internet, theo k tn cng c
thm d mng v my ch ca n khm ph mng
kt ni, my ch, v cc dch v chy trn my ch tip
xc, v pht trin mt bn mng.
17
m bo truy cp t xa v mng
ring o VPN
Vt l an ninh.
Tng la.
Xc thc, cp php v kim ton.
M ha.
Giao thc bo mt
- CHAP.
- RADIUS
- IPSec
18
m bo dch v mng
Hy i x vi mi thit b mng (router, switch, ) nh
l mt my ch c gi tr cao v lm vng chc chng li
s xm nhp c th.
Yu cu ng nhp ID v mt khu truy cp cc thit
b Yu cu y quyn thm cho cc lnh cu hnh nguy
him.
S dng SSH thay v Telnet.
19
m bo my ch
Trin khai mng li v t chc IDS gim st mng con
v my ch c nhn.
Sa cha cc li bo mt c bit n trong cc h thng
iu hnh my ch.
Yu cu xc thc v y quyn truy cp v qun l my
ch.
20
Dch v bo v
- Xc nh cc ng dng c php chy trn my tnh trn
mng trong chnh sch bo mt.
- Yu cu tng la c nhn v phn mm chng virus trn
my tnh.
- Thc hin cc th tc bng vn bn nh r cc phn
mm c ci t v lu gi hin ti.
- Khuyn khch ngi dng ng xut khi ri khi bn lm
vic.
- Xem xt s dng 802.1X cng an ninh.
21
Bo mt mng khng dy
Mng LAN khng dy Place (WLAN) trong subnet hoc VLAN ca mnh.
n gin ha vic gii quyt v lm cho n d dng hn
cu hnh b lc gi tin.
Yu cu tt c my tnh xch tay khng dy (v c dy)
chy tng la c nhn v phn mm chng virus.
V hiu ho cnh bo rng pht sng SSID, v yu cu
xc thc a ch MAC.
22
Xc thc trong mng khng dy
Cc tiu chun IEEE 802.11 cung cp mt phng php
cho cc thit b thm nh mt im truy cp khng
dy.
Qu trnh khi to 802.11 khch hng bao gm cc bc
sau:
Bc 1. Cc khch hang, chng trnh pht sng mt
khung thm d yu cu trn mi knh.
Bc 2. im truy cp trong phm vi phn ng vi mt
khung.
23
Xc thc trong mng khng dy
Qu trnh khi to 802,11 khch hng bao gm cc bc
sau:
Bc 3. Cc khch hng s quyt nh im truy cp l tt
nht cho vic truy cp v gi mt khung chng thc.
Bc 4. Cc im truy cp s gi mt khung chng thc.
Bc 5. Sau khi xc thc thnh cng, khch hng s gi mt
yu cu ti khung hnh n cc im truy cp.
Bc 6. Cc im truy cp tr li vi mt khung hnh. By
gi khch hng c th chuyn giao cho cc im truy cp.
24
VPN Software on Wireless ClientsPhn mm VPN trn khch hng khng dy
Khch hng khng dy i hi phn mm VPN
Kt ni vi VPN tp trung.
To ra mt ng hm gi tt c lu lng truy cp bo
mt VPN cung cp:
- Xc thc ngi dng.
- M ha mnh d liu.
- Tch hp d liu.
25
Summary
S dng mt phng php tip cn t trn xung.
Chng ny m phn v k hoch an ninh, chnh sch v
th tc bao gm c ch bo mt v chn cc c ch ph
hp vi cc thnh phn khc nhau ca thit k h thng
mng.
26
Review Questions
Lm th no nn k hoch an ninh khc vi mt chnh sch
bo mt?
Ti sao n quan trng t c t ngi s dng , qun l,
cn b k thut cho chnh sch bo mt ?
Mt s phng php gi cho hacker xem v thay i router
v cu hnh chuyn i thng tin l g?
Lm th no mt ngi qun l mng c th bo v mng
khng dy?
27
top related