tap chi security365 so 5
DESCRIPTION
Tap Chi Security365 So 5TRANSCRIPT
-
Th Ng !
i vi cc bn tr chn IT l nh hng ngh nghip ca mnh, nht l nhng ai i v hng qun tr th c hai vn ln h lun quan tm l an tan thng tin v ng dng ngun m. Vy lm g chng nhn mnh l mt chuyn gia trong cc lnh
vc trn ngai bn CV lit k cc kinh nghim hay qu trnh cng tc ? chnh l cc chng ch bo mt uy tn c chng nhn bi cc t chc quc t v c gi tr trn tan th gii. V vy trong Tp Ch Security365 S 5 chng ta s tham kho bi gii thiu v Comptia Security+. Trong phn trc (SMAG 4) cc bn nm v Windows XP vi nhng thao tc qun tr cn bn, chng ta s tip tc tm hiu su hn, cng vi bi vt v Windows Server 2008 v nhng bi vit hay khc Theo thng k, 4 s Tp Ch Security365 u tin u vt mc 1000 lt ti v, y l mt tn hiu vui v l ngun ng lc to ln Ban Bin Tp u n cho xut bn 1 tun 1 s, mi cc bn theo di v n xem ng k nhn tp ch qua th in t ti y : http://www.security365.vn Cc s Tp Ch Security365 cng b:
- Security365 S 1 - Security365 S 2 - Security365 S 3 - Security365 S 4
-
nh Hng Ngh Nghip
Chng Ch Quc T Comptia SECURITY+
Comptia Security+ l mt trong 5 chng ch bo mt danh gi hin nay, l MCSE Security, Comptia SECURITY+, SCNP v CISSP. Trong , chng ch CISSP c xp hng cao nht nhng theo nh gi ca cc t chc quc t nh certcity hay hotcert th
Security+ l mt trong nhng chng ch c nhiu ngi quan tm nht.
c pht trin bi t chc kho th CompTIA (www.comptia.org), h thng chng ch bo mt Security+ khng thin v mt cng ngh c th hay mt dng sn phm no m n tri rng trn nhiu lnh vc khc nhau t h iu hnh Linux cho n Windows hay cc khi nim v c ch chng thc, kim sat truy cpV vy t c chng ch ny th sinh cn c mt kin thc nn tng vng chc v an tan thng tin. Vi l ph thi 250 USD, cc th sinh cn lm 1 bi kim tra trong
vng 2.30 pht vi 100 cu hi v bo mt h thng, th sinh s c cp chng nhn Comptia Security+ nu c s im trn 70% (cp nht thm ti trang web www.comptia.org). hc v thi Security+ trc tin cc bn cn c kin thc tt v h thng windows / linux cng vi t nht l 1 nm kinh nghim thc t trong mi trng cng ngh thng tin. Sau cc bn cn tham kho cc ti liu v Security+, gii cc thi th trong vng 3 n 6 thng l c th ng ki d thi. Tuy nhin t c kt qu tt nht, cc th sinh nn hc hi kinh nghim t nhng ngi i truc, tham kho nhng ti liu hay v bo mt, c bit l nhng ti liu chuyn su v Security+. Nu c iu kin nn tham gia cc trung tm o to v mng v bo mt nh New Horizons, NetPRO hay Trung Tm o To Bo Mt Security365. Trc khi thi nn dnh ra 1 tun n luyn v gii p cc thi mu. Comptia Security+ Bao Gm 5 Ch Sau: Domain 1: Cc khi nim chung v bo mt (General Security Concepts) Trong phn ny cc bn cn nm vng cc khi nim v c ch kim sat truy cp nh RBAC, MAC, nhn dng cc dng tn cng thng dng nh DDOS, Sniifer hay xc nh nhng dch v no l cn thit hay khng cn thit cho mt h thng my tnh. Domain 2: Bo Mt ng Truyn - An Tan Truyn Thng (Comunication Security)
1
-
Phn 2 tp trung v cc kha cnh bo mt thng tin trong qu trnh truyn nh an tan thng tin cho th in t, hay qu trnh truy cp t xa, qu trnh truyn v nhn file Domain 3: An Tan Thng Tin Cho H Thng Mng Bo Mt H Thng Phn 3 tp trung vo cc k thut bo mt h thng nh cc k nng d tm v pht hin xm nhp, nng cao an tan cho cc my ch v dch v .. Domain 4 : C Bn V M Ha Phn ny trnh by nhng khi nim c bn v m ha i xng/ bt i xng, cng ngh PKI hay cc thut tan m ha thng dng nh DES, 3DES Domain 5: An Tan Thng Tin Cho T Chc y l phn cui cng ca h thng Comptia Security +, cc bn cn nm vng nhng kin thc v an tan thng tin mc vt l, cc c ch sao lu v phc hi phng khi din ra tnh trng mt mt thng tin, qun l quyn hay nh gi cc mc thit hi khi c s c. Mt s trung tm thng o to theo cc ti liu chnh thc v Security+ nh ca Syngress hay Sybex thng bm theo 5 ch ny trnh by nn ni dung mang nng tnh l thuyt, gio iu thiu tnh thc tin lm cho cc hc vin kh hiu, kh nh. Vi vy Security365 s dng gio n c bin san bi ElemenK v Security+, y l mt gio trnh rt hay v phong ph v khng nhng nu r v gii quyt nhng yu cu ca 5 module m cn minh ha mt cch kha hc nhng kin thc trn qua cc bi Lab hay nhng ng dng c th. Ni Dung Ca Chng Trnh Hc tp Comptia Security+ Security+ Windows Server 2003 CompTIA Certification
LESSON 1: SECURITY FUNDAMENTALS A. Security Building Blocks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Goals The CIA Triad. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Factors The Four As . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Access Control Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Privilege Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Authentication Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . User Name/Password Authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . Challenge Handshake Authentication Protocol (CHAP) . . . . . . . . . . . . Kerberos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Biometrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multi-Factor Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Mutual Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
2
-
C. Cryptography Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Encryption. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hashing Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hashing Encryption Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Symmetric Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Asymmetric Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Cipher Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Symmetric Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Asymmetric Encryption Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Digital Signatures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Security Policy Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Policy Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Policy Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Common Security Policy Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Document Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Documentation Handling Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 2: SECURITY THREATS A. Social Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Social Engineering Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hackers, Crackers, and Attackers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Attacker Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Software-Based Threats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Scanning Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Eavesdropping Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IP Spoofing Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hijacking Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Replay Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Man-in-the-Middle Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Denial of Service (DoS) Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Distributed Denial of Service (DDoS) Attacks . . . . . . . . . . . . . . . . . . . . . . Types of DoS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Malicious Code Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Malicious Code. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
3
-
Default Security Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Software Exploitation Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Software Exploitation Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . Misuse of Privilege Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Password Attacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Password Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backdoor Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Hardware-Based Threats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Hardware Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 3:HARDENING INTERNAL SYSTEMS AND SERVICES A. Harden Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Vulnerability Categories. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Hardening. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Baselines. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . System Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Security Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Windows Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Services, NLMs, and Daemons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Service, NLM, and Daemon Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . Security Templates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Harden Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Directory Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Common Directory Services. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Lightweight Directory Access Protocol (LDAP) . . . . . . . . . . . . . . . . . . . . Directory Service Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Harden DHCP Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Dynamic Host Configuration Protocol (DHCP). . . . . . . . . . . . . . . . . . . . . DHCP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Harden File and Print Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . File and Print Server Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Server Message Block (SMB) Protocol. . . . . . . . . . . . . . . . . . . . . . . . . SMB Signing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 4:HARDENING INTERNETWORK DEVICES AND SERVICES A. Harden Internetwork Connection Devices. . . . . . . . . . . . . . . . . . . . . . . . . Internetwork Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
4
-
Unnecessary Network Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Firmware Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internetwork Device Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Demilitarized Zones (DMZs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intranets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Extranets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual LANs (VLANs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Address Translation (NAT) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Media . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Network Media Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Harden DNS and BIND Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . DNS and BIND Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. HardenWeb Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HTTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web Server Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web Server Authentication Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . Web Server Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Harden File Transfer Protocol (FTP) Servers . . . . . . . . . . . . . . . . . . . . . . . FTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . FTP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure Shell (SSH). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure FTP (SFTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . E. Harden Network News Transfer Protocol (NNTP) Servers . . . . . . . . . . . . . . NNTP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . NNTP Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F. Harden Email Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. Simple Mail Transfer Protocol (SMTP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Email Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Pretty Good Privacy (PGP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure Multipurpose Internet Mail Extensions (S/MIME) . . . . . . . . . . . . . G. Harden Conferencing and Messaging Servers . . . . . . . . . . . . . . . . . . . . . Conferencing and Messaging Vulnerabilities . . . . . . . . . . . . . . . . . . . . . LESSON 5: SECURINGNETWORK COMMUNICATIONS A. Protect Network Traffic with IP Security (IPSec). . . . . . . . . . . . . .. . . . IPSec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IPSec Algorithms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
5
-
IPSec Transport Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet Key Exchange (IKE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Associations (SAs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IPSec Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Default IPSec Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . IPSec Policy Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. SecureWireless Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . Wireless Protocol Standards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Protocol Implementations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Security Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Wireless Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Harden aWeb Browser . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. Browser Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Internet Explorer Security Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Secure the Remote Access Channel . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Access Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Telecommunications Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Tunneling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Virtual Private Networks (VPNs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VPN Protocols. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . VPN Security Protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Remote Access Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 6:MANAGING PUBLIC KEY INFRASTRUCTURE (PKI) A. Install a Certificate Authority (CA) Hierarchy. . . . . . . . . . . . . . . . . . . . . . Digital Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Certificate Authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Public Key Infrastructure (PKI). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . PKI Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . CA Hierarchies (Trust Models) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Root CA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Public and Private Roots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Subordinate CAs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Centralized and Decentralized CA Hierarchies. . . . . . . . . . . . . . . . . . . . B. Harden a Certificate Authority . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . . Certificate Policies. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Multiple and Dual Key Pairs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Certificate Life Cycle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
6
-
CA Vulnerabilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Back Up a CA. . . . . . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Restore a CA. . . . . .. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 7:MANAGING CERTIFICATES A. Enroll Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . . . . The Certificate Enrollment Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Secure Network Traffic by Using Certificates. . . . . . . . . . . . . . . . . . . .. Secure Sockets Layer (SSL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . HTTPS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Transport Layer Security (TLS) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Renew Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . D. Revoke Certificates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . Certificate Revocation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . The Certificate Revocation List (CRL) . . . . . . . . . . . . . . . . . . . . . . . . . . . . E. Back Up Certificates and Private Keys. . . . . . . . . . . . . . . . . .. . . . . . Private Key Protection Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F. Restore Certificates and Private Keys. . . . . . . . . . . . . . . . . . . . . . . . . Private Key Restoration Methods. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Private Key Replacement. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 8: ENFORCINGORGANIZATIONAL SECURITY POLICIES A. Enforce Corporate Security Policy Compliance . . . . . . . . . . . . . . . . . . . Risk Identification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Enforce Legal Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . Legal Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Forensic Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Human Resources (HR) Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Enforce Physical Security Compliance. . . . . . . . . . . . . . . . . . . . . . . . . . . Physical Security Measures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Storage Media Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Business Continuity Plans (BCPs). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Disaster Recovery Plans (DRPs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Service Level Agreements (SLAs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Alternate Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Secure Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Backup Storage Locations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Educate Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . The Employee Education Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
7
-
8
User Security Responsibilities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . LESSON 9:MONITORING THE SECURITY INFRASTRUCTURE A. Scan for Vulnerabilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . . The Hacking Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Ethical Hacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Security Utilities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Vulnerability Scans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Port Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . B. Monitor for Intruders. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . . . . Intrusion Detection Systems (IDSs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Host, Network, and Application-based IDS . . . . . . . . . . . . . . . . . . . . . . . Passive and Active IDS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Signature and Anomaly IDS Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . C. Set Up a Honeypot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .. . Honeypots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Types of Honeypots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . D. Respond to Security Incidents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Incident Response Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Ngai vic ng dng ti liu Security+ Windows Server 2003 CompTIA Certification trong qu trnh ging dy th SECURITY365 cn cung cp nhng bi Lab v bi ging mang c trng ring ca mnh, tng hp t kin thc v kinh nghim thc t ca cc instructor s gup ch cc hc vin hiu su hn cc l thuyt nu v nng cao kh nng thi t chng ch quc t v bo mt thng tin hng u hin nay l Comptia SECURITY+. Trong qu trnh hc tp hay nghin cu, nu c phn no khng r cc bn c th lin h vi nhng ngi bin san ti liu qua a ch mail [email protected]
-
Tin Cng Ngh Hng trm nghn lt ti bo dnh ring cho iPad Ngy 3/3, tp on News Corp ca ng trm truyn thng Rupert Murdoch t ho thng bo, t bo k thut s u tin dnh cho chic iPad ca h, The Daily, c ti hng trm nghn lt sau khi ra mt ch mt thng trc.
Ti hi ngh paidContent 2011 t chc ti New York, tng bin tp The Daily, GregClayman, pht biu: "Tht l tuyt! Chng ti cha th ch ra chnh xc s lt ti v, song c lng cho thy n nay c hng trm nghn lt ti." D t bo ny ch ko di thi gian khuyn mi "c min ph" ti ngy 21/3, song Clayman khng nh hin c khng t c gi sn sng mc v tr ph thu bao 99 cent mt tun. V tng bin tp ny t chi tit l s lng chnh xc c gi ng k khon mc tr tin. ng ch ni a "nhiu hn 1, nhng cha ti 1 t u." News Corp cho bit h hon ton ng vi iu khon chia s 30% doanh thu cho hng Apple, theo ng tha thun m "Qu to" p dng cho cc nh xut bn khc i vi vic kinh doanh ni dung s trn cc sn phm ca hng ny, ng thi, News Corp cng s ln k hoch cung cp The Daily cho nhng my tnh bng khc chy h iu hnh Google
-
Android, ch khng b buc t bo ny ch dnh ring cho iPad nh hin nay. Clayman cho hay: "Chng ti mun c mt trn tt c my tnh bng cm tay ca khchhng. Hin iPad ang l thit b thng tr vi lng bn hn 15 triu chic, song iu khng c ngha l nhng chic my chy Google Android khng c v th ring ca mnh.News Corp hy vng my tnh bng chy Android s ngy cng khi sc hn, v chng ti c th tn dng c trit ." M t chi tit v t bo ca mnh, Clayman khng nh The Daily c nhng c th rt ring bit, bi n kt hp c cc loi hnh truyn thng gm tin tc hng ngy t cc tbo cng nh mng truyn hnh Fox, tt c u l ngun lc "trc thuc" tp on m News Corp.
Hin nay, d n pht trin The Daily ang c 100 nhn vin tham gia, vi s vn u t ban u khong 30 triu USD. ng ch Murdoch k vng rng t bo "khng ging ai" ny s gii quyt tt bi ton kh hin nay l lm sao c th thu ph hp l i vi cc c gi c ni dung c s ha. V theo "v trm" ny th khi no bn c "hng triu bn," News Corp s khng nh rng h thnh cng. Theo Vietnam+
-
Add-on Firefox mi chim cc phin truy cp Facebook, Twitter Firesheep, mt add-on Firefox mi, cho php "nhiu ngi bt k" qut mng Wi-Fi, tm ngi ang truy cp Internet v cp truy cp ca h ti nhiu trang nh Facebook, Twitter cng nhiu dch v khc.
Add-on ny tn l "Firesheep", c ng Eric Butler - mt nh pht trin ng dng web t do sng ti Seattle (M) - pht hnh hm Ch Nht 24/10/2010 ti hi ngh bo mt ToorCon. ToorCon din ra t ngy 22 - 24/10/2010 ti San Diego (M). ng Butler cho bit to ra Firesheep cho thy s nguy him ca vic truy cp cc website khng c m ha t cc im truy cp Wi-Fi cng cng. Mc d cc website thng m ha ngi dng ng nhp vi HTTPS hay SSL, mt s t li m ha lu lng (traffic) thc t. "iu ny lm cc cookie v ngi s dng d b tn thng", ng Butler vit trong mt bi ng ln blog ca mnh. "Trn mt mng khng dy m, v c bn cc cookie u ht ln trong khng kh, lm cho cc cuc tn cng cc k d dng". Vi cookie ca ngi dng trong tay, mt tn ti phm c th lm bt c iu g ngi dng c th lm trn website, ng Butler lu . Trong s cc website m Firesheep c th cp c quyn truy cp, phi k ti Facebook, Twitter, Flickr, bit.ly, Google v Amazon.
-
Firesheep thm mt thanh sidebar cho trnh duyt Firefox ca Mozilla, hin th thng tin khi c ai trn mt mng m - nh mng Wi-Fi ca qun c ph chng hn - ang thm mt website khng an ton. "Click kp vo ai trong sidebar v bn ngay lp tc ng nhp nh h", ng Butler cho bit. Firesheep dng nh c sc ht khng th cng li: K t khi ng Butler ng add-on ny ln website GitHub hm Ch Nht 24/10/2010, n c ti (min ph) v gn 50.000 ln. Hin Firesheep ch hot ng vi cc phin bn Firefox cho Windows v Mac OS X. ng Butler ang lm vic trn phin bn Firesheep cho Firefox trn Linux. Ngi dng c th t bo v mnh bng cch t chi truy cp vo cc website khng an ton khi trong cc mng m. Theo Pcworld
-
Lm sao chng li Firesheep? Cc chuyn gia xut cc bin php t v phng nga tn cng ca add-on Firefox mi chim quyn truy cp Facebook, Twitter thng qua Wi-Fi.
Hm th Ba ngy 26/10/2010, cc chuyn gia bo mt xut cc bin php m ngi dng c th p dng t bo v chng li Firesheep, mt add-on Firefox mi cho php cc tay m chim quyn truy cp ca ngi ang dng Facebook, Twitter v cc dch v ph bin khc thng qua Wi-Fi. Cu la Firesheep thm mt thanh sidebar cho trnh duyt co la Firefox ca Mozilla. N cho bit bt k ai gh thm mt trang web khng an ton trong mt mng m, chng hn nh mng Wi-Fi cng cng ti mt qun c ph. Ch n gin vi mt c nhp p l tin tc nhanh chng truy cp ti trang nn nhn ng nhp vo, t Twitter v Facebook cho n bit.ly v Flickr. K t khi nh nghin cu Eric Butler pht hnh Firesheep hm Ch nht ngy 24/10/2010, tin ch c ti v gn 220.000 ln. Nhng ngi dng vn cha bit phng v. C mt cch m ngi dng c th t bo v chng li nhng k s dng Firesheep l trnh cc mng Wi-Fi cng cng khng c m ha v ch dng mt khu, cc chuyn gia cho bit vo hm th Ba. Tuy nhin, Ian Gallagher, k s bo mt cao cp ca Security Innovation, phn bc quan im gin n . Gallagher l mt trong hai nh nghin cu trnh din Firesheep cui tun trc ti mt hi ngh San
-
Diego, M. Trong mt bi vit ng trn blog vo hm th Ba, ng cho rng y khng phi l mt l hng trong mng Wi-Fi, m l thiu an ninh t cc trang web m ngi dng truy cp ti. Vy th, nu vn phi dng Wi-Fi, ngi dng cn lm g? Vic phng v tt nht, theo Chet Wisniewski, mt c vn an ninh cao cp ca hng bo mt Sophos, l s dng mt mng ring o (virtual private network - VPN) khi kt ni vi cc mng Wi-Fi cng cng, nh ti sn bay hoc mt qun c ph. Trong khi nhiu ngi dng doanh nghip s dng mt VPN kt ni vi mng vn phng ca h khi h ang trn ng, ngi dng c nhn thng khng c "ng hm" an ton ti Internet. "Nhng c mt s dch v VPN m bn c th ng k s dng vi chi ph 5 USD n 10 USD mi thng", Wisniewski cho bit. Strong VPN, nh cung cp dch v Internet ti M l mt trong s . Mt mng VPN m ha tt c cc lu lng truyn i gia mt my tnh v Internet ni chung, bao gm c cc trang web d b Firesheep cp. "y l mt gii php tt, v thc s khng khc vi vic s dng mng Wi-Fi c m ha", Wisniewski cho bit. Tuy vy, Gallagher cnh bo rng VPN khng phi l mt gii php tng th. "Lu lng truyn ca bn sau s li my ch cng ging nh n s li trn MTXT ca bn, do , bt c ai chy Firesheep hoc cc cng c khc c th truy cp d liu ca bn theo cng mt cch". "Mt li ngh m qung s dng mng ring o VPN khng thc s gii quyt vn v ch c th cung cp mt cm nhn sai lm v bo mt", ng ni. Strong VPN phn i: "Cc my ch ca chng ti c t trong mt trung tm d liu an ton, do vy khng ai c th nh hi lu lng truyn d liu vo/ra. Ly v d, tt c lu lng truy cp t MTXT ca bn San Francisco u c m ha khi i vo mt trong cc my ch M ca chng ti". Andrew Storms, Gim c gim st an ninh ca cng ty bo mt nCircle Security, c tr s San Francisco (M), ph nhn khng nh ca Strong VPN. "Ti c th thy t quan im ca Gallagher, rng mt VPN khng gii quyt c vn tn gc, l dch v giai on cui", ng ni. "Tuy nhin, mc d ng l lu lng truyn s l k t r khi n ri my ch VPN ti cc trang web, khng ly g lm chc chn rng ai s n cp chng". Nu min ph l mc tiu, c qu nhiu nhng la chn, Wisniewski ni. Sean Sullivan (mt nh t vn bo mt ca F-Secure) v Gallagher ch ra nhng add-on Firefox min ph buc trnh duyt s dng mt kt ni c m ha khi truy cp cc trang web nht nh. Mt trong nhng add-on Firefox ny l HTTPS-Everywhere. Tin ch c cung cp bi Electronic Frontier Foundation (EFF), ch lm vic vi mt danh sch cc trang web c xc thc trc, bao gm Twitter, Facebook, PayPal v cng c tm kim ca Google. Mt la chn khc, tin ch Force-TLS, cng cng cch thc hot ng nh vy, nhng cho php ngi dng xc nh cc trang web thi hnh m ha chng (dng vi giao thc HTTPS). Tuy nhin, cc trnh duyt khc nh Internet Explorer ca Microsoft v Google Chrome thiu nhng tin ch tng t. Sullivan xut thm gii php l s dng thit b MiFi. Ngi dng hy mang theo n lm im pht sng Wi-Fi an ton cho
-
chnh mnh, v n c th m ha lu lng truyn. Nhng MiFi khng h r. V d Verizon tng khng phn cng nhng tnh chi ph dch v khong 40 USD - 60 USD mi thng cho vic truy cp vo mng 3G. Cui cng th chnh ngi dng di ng to ra l hng phi by trc Firesheep do s dng cc truy cp khng c m ha. l quan im ca Butler v Gallagher nhm bo v cho hnh ng pht hnh cu la. V ch cc ch trang web v nh cung cp dch v c th khc phc iu . Theo Butler th "thnh cng" ca Firesheep khng phi l s ch m n ginh c, m ri y cc trang web s c bo mt thch hp hn. V thnh cng thc s s l khi Firesheep khng cn tc dng. Nhng, thi im hin ti, ngay c cc chuyn gia bo mt cng cm thy lo lng. Thep PcWorld
-
CONFIGURING WINDOWS SERVER 2008 Managing Server Roles and Features Qun l cc vai tr (Roles) v cc c im (Features) ca my Server chy h iu hnh Windows 2008
Cc cng c s dng cho vic qun tr Cc Server Roles l g ? Cc Server Features l g ? Ci t Server Roles v Features bng cch s dng Server Manager
Microsoft thay i cc cch m cc nh qun tr Administrators dng qun l trong mi trng Server. H iu hnh c ci t trong mi trng an ton v nh qun tr c th la chn trong s 4 phng php cu hnh Server theo mun ca h. Sau khi qu trnh ci t thnh cng v nh qun tr tin hnh ng nhp vo Server, ca s Initial Configuration Tasks hin ln v cho php nh qun tr cu hnh ci t my theo server name, cu hnh cch thng s lin quan n networking configuration, cu hnh t ng cp nht automatic updates v cc thng s cu hnh tng la Windows Firewall setting. Sau khi s dng cng c ny, nh qun tr c th la chn cch khc cu hnh y hn l s dng cng c Microsoft Management Consoles (MMCs) qun l Server, s dng Server Manager ci t hay remove loi b cc Roles i, ngoi ra nh qun tr c th dng Windows Power Shell cu hnh (nu h thch).
Cc cng c s dng cho vic qun tr
-
Hnh 1 Ca s Initial Configuration Tasks cung cp cc cng c cho vic qun tr h thng. Sau khi bn hon thnh vic ci t cho h iu hnh, bn c th qun l h thng vi 4 cng c khc nhau. Khi ng nhp u tin, nh qun tr Administrator bt buc phi nhp password cho ti khon qun tr ca h, sau ca s Initial Configuration Tasks hin ln, trong ny c 3 khu vc qun l nh c tch hp. Hoc bn c th vo Server manager trong start\programs\administrative tools\server manager cu hnh, trong ny cho php bn cu hnh server vi cc tnh nng tng t trong ca s Initial Configuration Tasks. Hoc bn c th dng cng c MMC hay Windows Power Shell cu hnh tng t. S la chn cng c cu hnh Server ty thuc vo nhim v ca cc ngi dng users mong mun thc hin v ph thuc vo kinh nghim m h phi lm vic vi vi cc cng c chuyn bit.
Cc Server Roles l g ? 1 Server Role m t chc nng chnh ca 1 my Server. + Cc nh qun tr Administrator c th hng ton b 1 my tnh ng 1 vai tr no hay ci t nhiu server roles trn 1 my tnh duy nht. + Mi Role c th bao gm 1 hay nhiu dch v Roles hay cc nhn t bn di thuc trong 1 Role + Server Manager l 1 cng c c s dng ci t, cu hnh v loi b cc Server Roles Server Roles trong Windows Server 2008 m t chc nng chnh ca 1 my Server. V d, 1 server role c th ng vai tr l 1 Active Directory Domain Services hoc l 1 Web Server. Bn c th chn ci t 1 hay l nhiu Roles trn Windows Server 2008. Cng c Server Manager c dng cho vic ci t v loi b cc Server Roles trong mi trng Windows Server 2008 Cc Server Features l g ? Server Features cung cp v h tr cc tnh nng m rng n cc Servers + Thng thng cc nh qun tr Administrator thm vo cc Features khng ng vai tr l chc nng chnh ca 1 Server, nhng n l yu t b sung cho cc chc nng ca cc Roles c ci t. + Server Manager l cng c dng ci t, cu hnh v qun l cc Features trong Windows Server 2008 1 Feature khng m t tng qut chc nng chnh ca 1 Server. Thay vo n ng vai tr l 1 chc nng b sung, m rng cho cc Roles c ci t. V d 1 Failover Clustering l 1 feature m Administrator c th la chn ci t sau khi ang ci t cc Roles c bit, v d nh File Services, to nn 1 File Services Role gip tng kh nng chu li. Ci t Server Roles v Features bng cch s dng Server Manager
-
V d: bn hon thnh vic ci t xong Windows Server 2008, trong v d ny bn s ln lt ci t 1 Role tn l : Terminal Services role v 1 Feature tn l Server backup bng cch s dng cng c qun tr h thng Server Manager tool Ci t 1 Role tn l : Terminal Services role B1 : Bn m cng c Server Manager bng cch click vo Start\Programs\Administrative Tools\Server Manager B2: Ca s Server Manager hin ln, trong ny bn thy c 2 khung panel (xem hnh minh ha 2 )
Hnh 2 giao din ca s Server Manager B3: Click phi ngay Roles , chn Add Roles B4: Ca s Add Roles Wizard hin ln chn Next B5 Trong trang Server Roles, nh du check vo Terminal Services (theo hnh minh ha 3 bn di )
-
Hnh 3 ci t Role Terminal Services B6 : Click Next cho n khi bn gp trang Select Role Services, check vo mc Terminal Server, sau click Next (Hnh 4)
-
Hnh 4 La chn Ci t Terminal Server B7: Sau bn tip tc click Next cho n khi gp nt Install, click vo nt Install tin hnh ci t Role Terminal Services (hnh 5)
Hnh 5 Qa Trnh ci t Terminal Services din ra.
B8: Sau khi ci t xong, bn click m rng Roles trong Server Manager, lc ny bn s thy Terminal Services ci t xong (Hnh 6)
Hnh 6 Terminal services ci t xong.
-
Ci t 1 Feature tn l Windows Server backup B1: Click start\programs\administrative tools\server manager. B2: Trong ca s Server Manager, chn dng Features, click phi chut ngay Features ri chn Add Features, giao din Add Features Wizard hin ra, check vo mc con Windows Server Backup trong mc Windows Server Backup Features (xem hnh minh ha 1.1)
Hnh 1.1 Ci t Windows Server Backup B3: Click Next tin hnh ci t Windows Server Backup. Ci t xong, click Close tt ca s Server Manager. B4: Sau khi ci t xong, bn click m rng Features trong Server Manager, lc ny bn s thy Windows Server Backup ci t xong (Hnh minh ha 1.2)
Hnh 1.2 Windows Server Backup Features ci t xong. Tm li :
Ch ci t Roles v Features khi vo nhng mc ch ring bit v cn thit trong vic cu hnh cho my Server.
Ch cho php duy nht cc kt ni inbound (t bn ngoi kt ni v) m nhng kt ni ny i hi nhng Roles v Features ci t trc .
-
Kch hot tnh nng Remote Desktop cho cc nh qun tr Administrator vo trong Windows Server 2008 theo ch ci t CORE installations ( qun l theo c ch dng lnh). Tc l cc Administrator s thit lp cc kt ni Terminal n Shell v qun tr windows server 2008 theo cng c l dng cc dng lnh (command line).
-
FTP Giao Thc Truyn File Hiu Qu
Theo Bch khoa ton th m Wikipedia FTP (vit tt ca ting Anh File Transfer Protocol, "Giao thc truyn tp tin") thng c dng trao i tp tin qua mng li truyn thng dng giao thc
TCP/IP (chng hn nh Internet - mng ngoi b - hoc intranet - mng ni b). Hot ng ca FTP cn c hai my tnh, mt my ch v mt my khch). My ch FTP, dng chy phn mm cung cp dch v FTP, gi l trnh ch, lng nghe yu cu v dch v ca cc my tnh khc trn mng li. My khch chy phn mm FTP dnh cho ngi s dng dch v, gi l trnh khch, th khi u mt lin kt vi my ch. Mt khi hai my lin kt vi nhau, my khch c th x l mt s thao tc v tp tin, nh ti tp tin ln my ch, ti tp tin t my ch xung my ca mnh, i tn ca tp tin, hoc xa tp tin my ch v.v. V giao thc FTP l mt giao thc chun cng khai, cho nn bt c mt cng ty phn mm no, hay mt lp trnh vin no cng c th vit trnh ch FTP hoc trnh khch FTP. Hu nh bt c mt nn tng h iu hnh my tnh no cng h tr giao thc FTP. iu ny cho php tt c cc my tnh kt ni vi mt mng li c nn TCP/IP, x l tp tin trn mt my tnh khc trn cng mt mng li vi mnh, bt k my tnh y dng h iu hnh no (nu cc my tnh y u cho php s truy cp ca cc my tnh khc, dng giao thc FTP). Hin nay trn th trng c rt nhiu cc trnh khch v trnh ch FTP, v phn ng cc trnh ng dng ny cho php ngi dng c ly t do, khng mt tin.
Khi qut
FTP thng chy trn hai cng, 20 v 21, v ch chy ring trn nn ca TCP. Trnh ch FTP lng nghe cc yu cu dch v t nhng kt ni vo my ca cc trnh khch FTP, trn cng 21. ng kt ni trn cng 21 ny to nn mt dng truyn iu khin, cho php cc dng lnh c chuyn qua trnh ch FTP. truyn ti tp tin qua li gia hai my, chng ta cn phi c mt kt ni khc. Ty thuc vo ch truyn ti c s dng, trnh khch ( ch nng ng - active mode) hoc trnh ch ( ch b ng - passive mode) u c th lng nghe yu cu kt ni n t u kia ca mnh. Trong trng hp kt ni ch nng ng, (trnh ch kt ni vi trnh khch truyn ti d liu) , trnh ch phi trc tin ng kt vo cng 20, trc khi lin lc v kt ni vi trnh khch. Trong ch b ng, hn ch ny c gii ta, v vic ng kt trc l mt vic khng cn phi lm. Trong khi d liu c truyn ti qua dng d liu, dng iu khin ng im. Tnh trng ny gy ra mt s vn , c bit khi s lng d liu i hi c truyn ti l mt s lng ln, v ng truyn ti chy thng qua nhng bc tng la. Bc tng la l dng c thng t ng ngt cc phin giao dch sau mt thi gian di im lng. Tuy tp
-
tin c th c truyn ti qua hon thin, song dng iu khin do b bc tng la ngt mch truyn thng gia qung, gy ra bo li. Mc ch ca giao thc FTP Mc ch ca giao thc FTP, nh c phc tho trong bn RFC, l:
1. Khuyn khch vic dng chung tp tin (nh chng trnh ng dng vi tnh hoc d liu)
2. Khuyn khch vic s dng my tnh xa mt cch gin tip / ngm ngm (implicit).
3. Che y s khc bit v h thng lu tr tp tin gia cc my ch, hu cho ngi dng khng cn phi quan tm n nhng s khc bit ring t ca chng.
4. Truyn ti d liu mt cch ng tin cy v c hiu qu cao. Nhng ph bnh v giao thc FTP
1. Mt khu v ni dung ca tp tin c truyn qua ng cp mng dng vn bn thng (clear text), v vy chng c th b chn v ni dung b l ra cho nhng k nghe trm. Hin nay, ngi ta c nhng ci tin khc phc nhc im ny.
2. Cn phi c nhiu kt ni TCP/IP: mt dng dnh ring cho vic iu khin kt ni, mt dng ring cho vic truyn tp tin ln, truyn tp tin xung, hoc lit k th mc. Cc phn mm bc tng la cn phi c ci t thm nhng lgic mi, c th lng trc c nhng kt ni ca FTP.
3. Vic thanh lc giao thng FTP bn trnh khch, khi n hot ng ch nng ng, dng bc tng la, l mt vic kh lm, v trnh khch phi ty ng m mt cng mi tip nhn i hi kt ni khi n xy ra. Vn ny phn ln c gii quyt bng cch chuyn FTP sang dng ch b ng.
4. Ngi ta c th lm dng tnh nng y quyn, c ci t sn trong giao thc, sai khin my ch gi d liu sang mt cng ty chn mt my tnh th ba. Xin xem thm v FXP.
5. FTP l mt giao thc c tnh tr tr rt cao (high latency). S tr tr gy ra do vic, n bt buc phi gii quyt mt s lng ln cc dng lnh khi u mt phin truyn ti.
6. Phn nhn khng c phng php kim chng tnh ton vn ca d liu c truyn sang. Nu kt ni truyn ti b ngt gia lng chng th khng c cch g, trong giao thc, gip cho phn nhn bit c rng, tp tin nhn c l hon chnh hay cn vn cn thiu st. S h tr bn ngoi, nh vic dng kim tra tng MD5, hoc dng kim d tun hon (cyclic redundancy checking) l mt vic cn thit.
Nhng vn v bo an khi dng FTP FTP l mt phng php truyn tp tin c truyn thng phi bo an (khng an ton), v theo nh bn thit k gc c t ca FTP, khng c cch no c th truyn ti d liu di hnh thc mt m ha c. nh hng ny c ngha l, phn ln cc ci t ca
-
mng li truyn thng, tn ngi dng, mt khu, dng lnh FTP v tp tin c truyn ti, u c th b ngi khc trn cng mt mng li, "ngi" hoc quan st, dng phn mm phn tch giao thc (protocol analyzer) (hoc cn gi l "dng c ngi d liu", ting Anh l "sniffer"). Nn ch rng y l vn thng thy cc giao thc ca Internet c thit k trc khi SSL (Secure Sockets Layer) ra i (tm dch l giao thc "tng kt ni bo mt"), nh HTTP, SMTP v Telnet. Gii php thng thy, i vi vn ny, l dng SFTP (Secure Shell File Transfer Protocol - tm dch l "giao thc truyn tp tin dng trnh bao bo mt"), mt giao thc da trn nn ca SSH, hoc trn FTPS (FTP over SSL). SFTP l FTP c cng thm chc nng m ho d liu ca SSL hoc TLS (Transport Layer Security - tm dch l "Bo mt tng giao vn"). FTP nc danh Nhiu my ch chy trnh ch FTP cho php ci gi l "FTP nc danh". B tr ny cho php ngi dng truy nhp vo my ch m khng cn c trng mc. Tn ngi dng ca truy cp nc danh thng l hai ch 'nc danh' hoc mt ch 'ftp' m thi. Trng mc ny khng c mt khu. Tuy ngi dng thng b i hi phi km a ch th in t ca mnh vo, thay th cho mt khu, hng gip phn mm xc minh ngi dng, song th tc xc minh thng l rt s si v hu nh khng c - ty thuc vo trnh ch FTP ang c dng v s ci t ca n. Internet Gopher c ngh tr thnh mt hnh thc thay th ca FTP nc danh. Dng thc ca d liu C hai ch c dng truyn ti d liu qua mng li truyn thng:
1. Ch ASCII 2. Ch Nh phn
Hai ch ny khc nhau trong cch chng gi d liu. Khi mt tp tin c truyn dng ch ASCII, mi mt ch, mi con s, v mi k t u c gi trong dng m ASCII. My nhn tin lu tr chng trong mt tp tin vn bn thng, di dng thc thch hp (chng hn, mt my dng Unix s lu tr n trong dng thc ca Unix, mt my dng Macintosh s lu tr n trong dng thc ca Mac). V th, khi ch ASCII c dng trong mt cuc truyn ti d liu, phn mm FTP s t cho rng cc d liu c truyn gi c dng thc vn bn thng (plain text), v lu tr trn my nhn theo dng thc ca my. Chuyn i gia cc dng thc vn bn thng bao gm vic, thay th m kt dng v m kt tp tin, t nhng m t c dng my ngun, sang nhng m t c dng my ch, chng hn mt my dng h iu hnh Windows, nhn mt tp tin t mt my dng h iu hnh Unix, my dng Windows s thay th nhng ch xung dng (carriage return) bng mt cp m, bao gm m xung dng v m thm hng (carriage return and line feed pairs). Tc truyn ti tp tin dng m ASCII cng nhanh hn mt cht, v bit hng cao nht ca mi byte ca tp tin b b [1]. Gi tp tin dng ch nh phn khc vi ci trn. My gi tp tin gi tng bit mt sang cho my nhn. My nhn lu tr dng bit, y nh n c gi sang. Nu d liu khng
-
phi dng thc vn bn thng, th chng ta phi truyn ti chng ch nh phn, nu khng, d liu s b thoi ha, khng dng c. Theo nh ci t sn, phn ln cc trnh khch FTP dng ch ASCII khi khi cng. Mt s trnh khch FTP xt nghim tn v ni dung ca tp tin c gi, xc nh ch cn phi dng. FTP v cc trnh duyt a s cc trnh duyt web (web browser) gn y v trnh qun l tp tin (file manager) c th kt ni vo cc my ch FTP, mc d chng c th cn thiu s h tr cho nhng m rng ca giao thc, nh FTPS chng hn. iu ny cho php ngi dng thao tc cc tp tin t xa, thng qua kt ni FTP, dng mt giao din quen thuc, tng t nh giao din trong my ca mnh (v d lit k danh sch ca cc tp tin ca my xa trng ging nh phn lit k ca my mnh, ng thi cc thao tc sao bn tp tin (copy), i tn, xa, v.v.. c x l nh l chng trong my mnh vy). Phng php lm l thng qua FTP URL, dng dng thc ftp(s):// (v d: ftp.gimp.org). Tuy khng cn thit, song mt khu cng c th gi km trong URL, v d: ftp(s)://:@:. a s cc trnh duyt web i hi truyn ti FTP ch b ng, song khng phi my ch FTP no cng thch ng c. Mt s trnh duyt web ch cho php ti tp tin xung my ca mnh m khng cho php ti tp tin ln my ch. FTP trn nn SSH "FTP trn nn ca SSH" m ch n mt k thut "o hm" cho mt phin giao dch dng giao thc FTP bnh thng, thng qua mt kt ni dng giao thc SSH. V FTP (mt giao thc kh bt thng, da trn nn ca giao thc TCP/IP, m hin nay ngi ta vn cn dng) s dng nhiu kt ni TCP, cho nn vic i ngm di nn ca SSH l mt vic kh khn. i vi a s cc trnh khch ca SSH, khi "kt ni iu hnh" (kt ni khi u gia my khch ti my ch, dng cng 21) c thit lp, SSH ch c th bo v c ng kt ni ny m thi. Khi vic truyn ti d liu xy ra, trnh FTP mt trong hai u, s thit lp mt kt ni TCP mi ("ng dn d liu") v kt ni ny s b qua kt ni ca SSH, lm cho n khng cn c hng tnh tin cn (confidentiality), s bo v tnh ton vn (integrity protection) ca d liu, hoc nhng tnh nng khc m SSH c. Nu trnh khch FTP c ci t dng ch b ng, v kt ni vi mt my ch dng giao din SOCKS, l giao din m nhiu trnh khch SSH c th dng tin c vic i ngm, vic dng cc ng kt ni ca FTP, trn cc kt ni ca SSH, l mt vic c th lm c. Nu khng, cc phn mm trnh khch SSH phi c kin thc c th v giao thc FTP, gim st v vit li cc thng ip trong kt ni iu khin ca FTP, t ng m cc ng truyn ti d liu cho FTP. Phin bn 3 ca trnh SSH (do cng ty phn mm
-
Communications Security Corp. sn xut) l mt v d in hnh, h tr nhng kh nng ni trn [2].
"FTP trn nn ca SSH" cn i khi c gi l FTP bo an (secure FTP). Chng ta khng nn nhm ci ny vi nhng phng php bo an FTP, nh SSL/TLS hay cn gi l FTPS. Nhng phng php truyn ti cc tp tin khc, dng SSH, khng c lin quan n FTP, bao gm SFTP (SSH file transfer protocol - giao thc truyn ti tp tin dng SSH) hoc SCP (Secure copy - sao chp bo an) - trong c hai ci ny, ton b cuc hi thoi (xc minh ngi dng v truyn ti d liu) u lun lun c bo v bng giao thc SSH.
-
WINDOWS XP PROFESSIONAL Managing File & Print Trong bi hc ny chng ta s thc hin cc chc nng : Thit lp cc quyn ca file/folder (file permision) Chia s folder bi u tin v Windows XP chng ta lm quen vi cc thao tc to user, group v cch thc add mt user vo group. Tip theo cc bn s thc hnh cc thao tc chia s tp tin v gn quyn hn cho cc tp tin ny, bn cnh l thc hnh i vi cc my in nh ci t, chia s v x l s c, gn quyn u tin... Mt trong nhng chc nng ln nht ca h thng mng my tnh l x l thng tin v chia s d liu, trong qu trnh lm vic chc chn chng ta cn phi truy cp d liu trn server, d liu trn my tnh ca ng nghip hay chia s cc folder m nhc ca mnh cho ngi khc cng thng thcV vy vic chia s thng tin v gn nhng quyn hn hp l i vi ngi dng l mt thao tc rt quan trng. u tin chng ta hy kho st cc h thng tp tin chnh c h tr bi Windows XP l FAT/FAT32/NTFS Bng so snh FAT/FAT32/NTFS v.5
Mt a cng khi mi mua v cng ging nh mt ci t cha c nhng vch ngn bn trong, mun s dng n chng ta cn phi ng cc k - nhng vch ngn thch hp ng nhng vt dng nh sch v.., vic ny ging nh qu trnh nh dng (format) a cng. Tu theo kch thc ca a cng m chng ta nn chn nhng c ch vch ngn thch hp c th s dng c ti a dung lng ca n, v chng ta c 3 c ch chnh l: FAT: ch h tr dung lng phn chia ti a 4GB do ngy nay hu nh khng cn (hoc rt t) c s dng.
-
FAT32 : l m rng ca FAT vi kch thc phn chia ti a ln n 2TB, tuy nhin khng h tr vic thit lp cc quyn hn i vi tp tin, folder cho nn chng ta khng nn s dng c ch ny tr mt s tng hp c bit nh mun chia s thng tin gia Windows 9x v Windows XP trn mt h thng dualboot. Cc bn c th download simulation v mt h thng dualboot ti y: www.security365.org/netcenter/download/baitap/dualboot.rar NTFS v.5 : l nh dng c s dng nhiu nht do h tr kch thc phn chia ln (tham kho hnh v), v cho php thit lp cc quyn hn NTSF permission i vi tp tin v th mc.. cho nn cc bn nn s dng NTSF cho h thng ca mnh. Ti sao li c v.5? l do h thng NTFS xut hin t Windows NT, tuy nhin phin bn NTFS trn Windows 2000 c nhiu m rng hn so vi v.4 trn h thng Windows NT nn c t tn l NTFS v.5, v Windows NT phi ci SP6 mi s dng c h thng tp tin ny. V t y, khi ni n cc quyn hn ca ngi dng i vi file/folder tc l chng ta ang ni n cc File/Folder NTFS permission. NTFS Permission qun l cc quyn truy cp trn h thng tp tin chng ta phi gn cc quyn NTFS thng qua mt danh sch cc quyn hn nh Read/ Write hay Modify, danh sch cc quyn hn ny c gi l ACL (Access Control List), v cc quyn ring l nh Read permission hay Write permission gi l cc ACE (Access Control Entry). Chng ta c th gn cc quyn l Allow (cho php) hay Deny (khng cho php) i vi cc ACE. Folder permission : v d di y l quyn hn ca user red komodo i vi folder data, chng ta thy c cc Folder permission nh sau:
Full Controll: c ton quyn i vi folder ( thng th ngi to ra folder s c gn quyn ny) Modify :thay i file trong folder, thay i thuc tnh, chy chng trnh trong folder, xem ni ca folder v cc tp tin ca n. Read& Execute: xem ni ca folder v cc tp tin, chy chng trnh trong folder. List Folder Content :tng t nh Read & Execute Read: xem ni ca folder v cc tp tin ca folder Write: thay i cc file trong folder File Permision : cng ging nh folder, cc file cng c nhng quyn hn nh sau:
-
Khc Vi Folder, Chng Ta Khng C Quyn List Folder Content i Vi Tp Tin. Tuy Nhin Cc Quyn Khc Th Vn Tng T. Full Control: c ton quyn i vi tp tin ( ngi to ra tp tin s c gn quyn ny) Modify : thay i file v cc thuc tnh, thc thi file. Read & Execute :xem ni dung file v thc thi file. Read : xem ni dung file Write : thay i file v cc thuc tnh ca n. Cu hi : y l cc trng hp thng gp trong thc t v trong nhng cu hi ca Microsft khi thi cc chng ch ca MCSE Security. Cc anh/ch hy gi p n v cho [email protected] Nh vy theo cc anh/ch s khc bit chnh gia quyn Full Control v Modify l im no? Nu chng ta c mt folder Data, v chng ta mun user red komodo, group Accounting c php c v ghi trn folder ny c th lu tr d liu nhng khng cho php xo th lm th no? S Tha K Ca Cc File/Folder Permission
Cc quyn NTSF c tc dng k tha i vi cc folder con, nh trong trng hp trn cc folder Middle v Bottom s c cc quyn NTSF ca folder Top + Cc quyn NTSF c thit lp ring cho n. Tuy nhin, chng ta vn c th block khng cho k tha cc quyn NTSF t folder cha nh trng hp ca folder Top. 1. Thit lp File v Folder Permission : Log in h thng vi quyn Full Control i vi file/folder no (v d log in bng account security365 vi quyn full control i vi folder NetSecurity) Click chut phi vo folder NetSecurity v chn Properties
-
Trn hp thoi thuc tnh ca NetSecurity chn tab Security
gn quyn cho mt user hay group no i vi folder chng ta c quyn full control ( thng l cc folder do chng ta to ra hoc c quyn administrator i vi h thng) hy click Add v chn user/group tng ng v d user rk v cho php ch c i vi user ny trn folder NetSecurity v Deny quyn Write:
-
Lu : trong v d trn chng ta gn quyn c i vi rk trn folder NetSecurity v Deny quyn Write, iu ny c ngha l cho d user rk (redkomodo) c thuc v nhng group c quyn Write i vi NetSecurity th rk vn khng c php ghi bt k d liu no trong folder ny v cc folder con ca n v quyn Deny ph chng (overwrite) ln tt c. Trong trng hp mun thay i cc quyn hn thit lp cho rk trn folder NetSecurity cc bn ch cn m li thuc tnh nh trn v gn li cc quyn thch hp. Ngoi cch gn quyn folder/file NTSF cho user theo cch trn chng ta cn c th gn quyn cho mt hoc nhiu user thng qua group cha nhng user ny. V d sau s gn quyn Full Control i vi cc user thuc group Accounting: Sau khi nhn nt Add trn chng ta chn group Accounting v click OK (2 ln)
Trong Permissions for Accounting click Full Control, iu ny c ngha l cc user thuc v group Accouting nh rk, student s c quyn Full Control vi folder
-
NetSecurity. Nhng user rk th khng c php Write v trn chng ta Deny quyn Write ca rk i vi folder NetSecurity. Share Folder: Trong mt h thng mng, chc chn chng ta cn phi chia s mt s d liu trn my ca mnh cng nh truy cp d liu chia s trn my ngi khc. V vy chng ta cn phi bit cch chia s d liu vi nhng quyn hn hp l trnh trng hp cc user khc thc hin cc quyn khng c php i vi d liu ca mnh (v d xo hay ghi ln folder chia s). Trc tin hy m Exploer v chn Tool => Folder Option v chn tab View
Tip theo hy click vo mi tn x xung v b du chn check box Use simple file sharing v click OK.
By gi chng ta hy m khung thuc tnh ca cc folder m mnh mun chia s v d NetSecurity v chn tab Sharing. Cc bn c th t tn trong phn Share name, mc nh h thng s t trng tn vi tn folder. chi tit hn chng ta c th thm mt s ghi ch v folder ny trong phn comment cc user d dng phn bit. Ngoi ra, chng ta c th hn ch s kt ni cng lc n th mc chia s bng cch xc nh trong Allow this number of users.
-
i vi mt folder share c 2 quyn hn c p t, ngoi quyn NTSF cn c Share Permission, mc nh Everyone c quyn Read i vi cc share folder. Chng ta c th xc nh quyn ny bng cch click vo nt Permissions m hp thoi share permission
Cch gn quyn tng t nh i vi NTSF permission. C 3 loi share permission: Read: kt ni n folder, chy chng trnh, m file, m folder Change: kt ni n folder, m file/folder, chy chng trnh, v to, xa file hay sub folder. Full Control : tin hnh bt k hot ng no i vi folder v file/subfolder. Lu : trong trng hp chng ta share folder nhng khng mun hin th cc folder share ny trn mng cc bn c th t tn share name vi k t $ cui. qun l cc share folder, s lng session kt ni n cc share folder v nhng file c m chng ta dng Computer Management Console v chn task Shares:
-
Chng ta c th stop sharing mt folder no , disconnect mt session..thng qua console ny. Mc nh trong phn share folder c rt nhiu mc chia s dnh cho cc thao tc qun tr v c n nh ADMIN$, C$. stop sharing cc mc ny cc bn hy chn chut phi vo chng v click stop sharing, tuy nhin sau khi my tnh khi ng chng vn bt chc nng share ny ln li. V vy nu mun tt hn th cc bn phi to thm mt key trong registry v disable chng. y chng ti khng trnh by chi tit cch thc hin, nu cc bn cn tham kho c th xem trong trang web www.labmice.net .
Security365 Support Team
-
CCH KHNG CH IM VI SSH TUNNELING T/g : Nguyn Trn Tng Vinh
Trong vai tr qun tr h thng hay chuyn vin h tr k thut, i khi chng ta cn kt ni t my tnh trong vn phng n cc my tnh nh hoc cc chi nhnh tin hnh cc thao tc x l s c hc h tr k thut no thng qua cc chng trnh nh VNC,Terminal Service hay RAdmin. Tuy nhin khi cng ty s dng Firewall nh ISA, CheckPoint bo v h thng v kim sat cc lung d liu vo v ra mt cch cht ch th ta s gp tr ngi ln. Chng ta khng th (hoc khng c quyn) m cc TCP Port 4899 (Radmin), hay 5900 (VNC)
thc hin cc kt ni ca mnh. Vy lm cch no chng ta vn c th han thnh c cng vic m vn m bo chnh sch bo mt ca cng ty khng b thay i? Cho d h thng ca bn c cc Firewall bo v th cc TCP Port quan trng nh 110 (pop3), 80 (http), 21 (ftp), 22 (ssh) vn thng m tin hnh cc cng vic cn thit nh duyt web, e-mail.. c bit TCP Port 22 ca dch v SSH c chc nng m ha phin truyn thng c cc firewall u i cho qua, v chng ta s da vo dch v ny to ra mt SSH Tuneling p ng cho cng vic ca mnh. Ta cn c ssh server ci trn cc my xa (remote computer), ssh client trn my iu khin (local computer) v nhng chng trnh remote control nh VNC, Terminal Services hay RAdmin. Trong phn ny ti s dng mt chng trnh rt thng dng l RAdmin (ngai ra VNC cng l mt phn mm remote control 5 sao min ph rt c a thch, cch thc hin tng t ch khc l ta phi dng TCP Port 5900 thay cho 4899). Ci SSH Server trn remote computer thng qua Cygwin
Nu my tnh cn iu khin chy cc h thng nh Linux th bn c th ti v cc gi openSSH t http://sourceforge.net (thng thng trn cc bn Redhat, FC hay Mandrake c sn openSSH trn b a source (ta ch cn vo Add/Remote Application v chn
-
gi openSSH ci t SSH Server. Cn nu nh cc my xa dng h iu hnh Windows th cc bn c th ci Tectia SSH Server hay phn mm Freeware Win_Open-SSH (ti v t http://are-peace.com/v2/download.php ). Trong phn ny ti trnh by gii php cu hnh SSH Server da trn phn mm to mi trng Linux trn Windows l CYGWIN.
Cygwin l mt phn mm tuyt vi c th to mt mi trng linux-like gip cc bn mun nghin cu Linux nhng ngi ci t v vn dng h thng Windows hin c ca mnh. Cygwin c th c ci trc tip t Internet rt d dng, mc d khng phi l mt mi trng Linux thun ty nhng cng gip cc bn nm c cc cu trc v dng lnh ca Linux nhanh chng. Cc thng tin tham kho v ci t cygwin c th xem http://cygwin.com.
Hnh v qu trnh ci t t http://cygwin.com Chn Ftp site v nhn Next sau la cc gi openssh v openssl trong khung Select Packages ca chng trnh ci t, tuy nhin ta c th ci thm cc gi khc nu mun:
-
Hnh v cc gi openssh v openssl trong Seclect Packages
-
Hnh v qu trnh ci t cygwin vi cc package c chn Khi qu trnh ci t han tt ta hy nhp vo biu tng cygwin trn Desktop load shell ca cygwin, v thc thi dng lnh ssh-host-config cu hnh SSH Server nh hnh di y:
Sau khi ng SSHD bng lnh net start sshd thng qua giao din dng lnh ca Windows (nhn Start->Run->CMD ).
Vy l chng ta han tt qu trnh cu hnh remote server phc v cho cng vic ca mnh ( y ti khng trnh by phng php ci t VNC hay RAdmin). Ci t V Cu Hnh SSH Client Trn Local Computer Bng Putty Mt trong cc chng trnh ssh client min ph xut sc l PuTTY c th ti v t www.webattack.com . Sau khi ti v ta ch cn double click vo biu tng PuTTY khi ng v nhp vo cc tham s nh di y:
-
- Host Name (or IP address) 203.210.218.12 l a ch public ca remote server . - Port 22 l TCP Port ca SSH ti tng vn chuyn Tip theo hy chn mc Tunnels t giao din PuTTY thit lp SSH Tunnel theo cc thng s nh hnh bn (nh chn nt Add ghi cc tham s ny vo khung Forwarded ports )
-
Source port l port ca chng trnh remote control ang lng nghe trn my c iu khin (VNC dung port 5900, RAdmin: 4899). Destination l a ch remote server v port ang lng nghe. By gi ta c th tin hnh cng vic remote control vt qua firewall da trn ssh tunneling , hy nhn Open to kt ni ssh n remote server v ng nhp vi ti khan hp l. Sau khi qu trnh ng nhp han tt kim tra li bng lnh netstat na s thy TCP Port 4899 trn my xa c map n my ni b:
To kt ni Remote Control bng RAdmin client :
-
Cui cng, hy m RAdmin client kt ni n TCP Port 4899 ca my ni b (IP 127.0.0.1 ), WoW!, vi ti khan hp l l chng ta c th tng tc c vi mn hnh trn my tnh xa tin hnh thao tc sa cha hay ci t thm phn mm m khng cn thay i policy ca firewall.
Hnh v mn hnh ca remote computer vi public ip 203.210.218.12
Kt Lun :
-
Thng qua bi vit ny ti mun nhn mnh thm mt kha cnh khc thng c nhiu ngi quan tm l : ti sao cng ty ca ti c cc h thng firewall c cu hnh rt cht ch nhng cc hacker vn c th vo/ra nh ch khng ngi , bi v phng php Cch Khng Ch im ny cng thng c cc hacker p dng vt firewall t pha trong mng ni b trn cc my b nhim trojan. V khun kh bi vit c hn v cng khng tin cho vic trnh by gii php ny, tuy nhin cc bn yu thch bo mt ch cn lm ngc li han thin qui tc Bit Ngi Bit Ta.
-
SEO - Hng Dn Add Site Map Ln Google
hng to c sitemap... h gn quyn bng nhiu cch, thng qua Cpanel, Web panel hay
u c cu hi hy gi ln din n tho lun ti y
Trong bi hng dn ny chng ta s thc hnh a sitemap din n ca mnh ln Google, thng thng th kt qu ca chng ta a ln Google Server c th s nm trong vng m c gi l sandbox Google "kim duyt" trc khi cp nht chnh thc vo database. VBB h tr cng c add sitemap kh thun tin, nhng cc bn cn lu khi tin hnh cn phi to 1
folder h thng c th ghi d liu sitemap vo, nu khng s thy thng bo li k Cc bn c tFileZilla ... N
ADPBD51.tmpFTP Giao Thc Truyn File Hiu QuTheo Bch khoa ton th m Wikipedia