IPSec Va Cac Muc Dich Su Dung - Smith.N Studio

8/3/2019 IPSec Va Cac Muc Dich Su Dung - Smith.N Studio

1/51

IPSec v cc mc ch s dng

Vi cc Administrator , vic hiu Internet Protocol Security-IPSEC, s gip chng ta

bo v thng tin lu chuyn trn Network an ton hn, v cu hnh IPSEC dng

X.509 certificates c th to ra quy trnh xc thc an ton trong giao tip Network

mc ti a.

A. Ci t IPSEC

IPSEC l mt chun an ton trong giao tip thng tin gia cc h thng,

gia cc mng. Vi IPSEC vic kim tra, xc thc, v m ha d liu l nhng chcnng chnh. Tt c nhng vic ny c tin hnh ti cp IP Packet.

Mc ch ca IPSEC:

c dng bo mt d liu cho cc chuyn giao thng tin qua Mng. Admin c th

xc lp mt hoc nhiu chui cc Rules, gil IPSEC Policy, nhng rules ny cha cc

Filters, c trch nhim xc nh nhng loi thng tin lu chuyn no yu cu c

m ha (Encryption), xc nhn (digital signing), hoc c hai. Sau , mi Packet,

c Computer gi i, s c xem xt c hay khng gp cc iu kin ca chnh

sch. Nu gp nhng iu kin ny, th cc Packet c th c m ha, c xc

nhn s, theo nhng quy nh t Policy. Quy trnh ny ha ton v hnh vi User v

Application

kch hot truyn thng tin trn Mng.

Do IPSEC c cha bn trong mi gi IP chun, cho nn c th dng

IPSEC qua Network, m khng yu cu nhng cu hnh c bit trn thit b hoc

gia 2 Computer.

Tuy nhin, IPSEC khng tin hnh m ha mt vi loi giao tip Mng nh:

Broadcast, MultiCast, cc packet dng giao thc xc thc Kerberos.

Nhng thun li khi s dng IPSEC:

Thun li chnh khi dng IPSEC, l cung cp c gii php m ha cho tt c cc

giao thc hot ng ti lp 3 Network Layer (OSI model), v k c cc giao thclp cao hn.

IPSEC c kh nng cung cp:

- Chng thc 2 chiu trc v trong sut qu trnh giao tip. IPSEC quy nh cho c 2

bn tham gia giao tip phi xc nh chnh mnh trong sut quy trnh giao tip.

Smith Nguyen Studio.


2/51

- To s tin cy qua vic m ha, v xc nhn s cc Packet. IPSEC c 2 ch

Encapsulating Security Payload (ESP) cung cp c ch m ha dng nhiu thut ton

khc nhau, v Authentication Header (AH) xc nhn cc thng tin chuyn giao,

nhng khng m ha.

- Tich hp cc thng tin chuyn giao v s loi ngay bt k thng tin no b chnh sa.

C hai loi ESP v AH u kim tra tnh tch hp ca cc thng tin chuyn giao. Numt gi tin chnh sa, th cc xc nhn s s khng trng khp, kt qu gi tin s

b loi. ESP cng m ha a ch ngun v a ch ch nh mt phn ca vic m ha

thng tin chuyn giao.

- Chng li cc cuc tn cng Replay (thng tin chuyn giao qua mng s b attacker

chn, chnh sa, v c gi i sau n ng a ch ngi nhn, ngi nhn

khng h hay bit v vn tin rng y l thng tin hp php. IPSEC dng k thut

nh s lin tip cho cc Packet Data ca mnh (Sequence numbers), nhm lm cho

attacker khng th s dng li cc d liu chn c, vi bt hp php.

Dng Sequence numbers cn gip bo v chng vic chn v nh cp d liu, sau

dng nhng thng tin ly c truy cp hp php vo mt ngy no .V d s dng IPSEC:

Vic mt mt cc thng tin khi cuyn giao qua mng, c th gy thit hi cho hot

ng ca t chc, iu ny cnh bo cc t chc cn trang b v xy dng nhng h

thng mng bo mt cht ch nhng thng tin quan trng nh d iu v Product,

bo c ti chnh, k hoch Marketing. Trong trng hp ny cc t chc c th s

dng IPSEC m bo tnh cht ring t v an ton ca truyn thng Mng (Intranet,

Extranet) bao gm giao tip gia Workstation vi Server, Server vi server.

V d: C th to cc IPSEC policies cho cc Computer kt ni vi Server (nm ginhng d liu quan trng ca t chc: tnh hnh ti chnh, danh sch nhn s, chin

lc pht trin). IPSEC policy s bo v d liu ca t chc chng li cc cuc tn

cng t bn ngoi, v m bo tnh tch hp thng tin, cng nh an ton cho Client.

IPSEC lm vic th no ?

C th cu hnh IPSEC thng qua Local policy, hoc trin khai trn din rng th dng

Active Directory Group Policy (GPO.)

1. Gi s chng ta c 2 Computer : Computer A v Computer B, IPSEC

policy c cu hnh trn 2 computer ny. Sau khi c cu hnh

IPSEC policy s bo cho IPSEC driver cch lm th no vn hnh v

xc nh cc lin kt bo mt gia 2 computer khi ni kt c thit lp.Cc lin kt bo mt nh hng n nhng giao thc m ha s c s dng cho

nhng loi thng tin giao tip no v nhng phng thc xc thc no s c em

ra thng lng.

2. Lin kt bo mt mang tnh cht thng lng. Internet Key Exchange IKE, s

c trch nhim thng lng to lin kt bo mt. IKE kt hp t 2 giao thc:

Internet Security Association and Key Management Protocol (ISAKMP) v Oakley Key



3/51

Determination Protocol. Nu Computer A yu cu xc thc thng qua Certificate v

Computer B yu cu dng giao thc Kerberos, th IKE s khng th thit lp lin kt

bo mt gia 2 Computer. Nu dng Network Monitor theo di IPSEC hot ng,

s khng thy c bt c AH hoc ESP packet no, v giao tip IPSEC cha c

thit lp, c l chng ta ch quan st c cc ISAKMP packets.

3. Nu nh lin kt o mt c thit lp gia 2 computer IPSEC driver s quan sttt c IP traffic, so snh cc traffic c nh ngha trong cc Filter, nu c hng

i tip cc traffic ny s c m ha hoc xc nhn s.

Hnh 1. M t giao tip IPSEC gia 2 computer trong Active Directory

Domain

CHNH SCH BO MT IPSEC:

IPSEC security policy bao gm mt hoc nhiu Rule xc nh cch thc hot ng

IPSEC. Cc Administrator c th c th ci t IPSEC thng qua mt policy. Mi Policy

c th cha mt hoc nhiu Rule, nhng ch c th xc nh mt Policy hot ng ti

Computer ti mt thi im bt k. Cc Administrator phi kt hp tt c nhng Rule

mong mun vo mt single policy. Mi Rule bao gm:- Filter: Filter bo cho Policy nhng thng tin lu chuyn no s p dng vi Filter

action.

V d: Administrator c th to mt filter ch xc nh cc lu thng dng HTTP hoc

FTP.

- Filter Action: Bo cho Policy phi a ra hnh ng g nu thng tin lu chuyn

trng vi nh dang xc nh ti Filter. V d: thng bo cho IPSEC chn tt c



4/51

nhng giao tip FTP, nhng vi nhng giao tip HTTP th d liu s c m ha.

Filter action cng c th xc nh nhng thut ton m ha v hashing (bm) m

Policy nn s dng.

- Authentication method: IPSEC cung cp 3 phng thc xc thc:

Certificates (thng thng cc Computer trin khai dng IPSEC nhn

Certificates t mt Certificate Authority CA server), Kerberos (Giao thc chng thcph bin trong Active directory Domain), Preshared Key (kha ngm hiu, mt

phng thc xc thc n gin). Mi mt Rule ca IPSEC policy c th bao gm

nhiu phong thc xc thc va nu.

NHNG CHNH SCH IPSEC MC NH:

K t Windows 2000 tr i IPSEC cu hnh sn 3 chnh sch, to s

thun tin khi trin khai IPSEC.

- Client (Respond only) : chnh sch th ng, ch phn hi s dng IPSEC nu

partner c yu cu, thng c enable trn cc Workstation. Chnh sch mc nh

ny ch c mt rule c gi l Default Respond Rule.

Rule ny cho php Computer phn hi n cc yu cu IPSEC ESP t

cc Computer c tin cy trong Active directory domain. ESP l mt ch IPSEC

cung cp tin cy cho vic xc thc, tch hp, v chng Replay attack.

- Server (Request Security): Computer hot ng vi chnh sch ny lun ch ng

dng IPSEC trong giao tip, tuy nhin nu i tc khng dng IPSEC, vn c th cho

php giao tip khng bo mt. Chnh sch ny c dng cho c Server hoc

Workstation. Chnh sch c 3 Rules:

Default respond rule (nh trnh by trn), Permit ICMP (internetControlMessage Protocol) rule cho php cc giao tip dng giao thc

ICMP, v d nh Ping (mc d ICMP l mt giao thc kim tra v thngbo tnh trng kt ni Mng, phc v cho x l cc s c, nhng cng c th disable

tng tnh bo mt cho Mng, v c mt s cch thc tn cng ph bin nhm vo

nhng im yu cuq ICMP.), Yu cu ESPcho tt c IP traffic.

- Secure Server (require security): Bt buc dng IPSEC cho giao tip

Mng. C th dng chnh sch ny cho c Server, Workstation. Nu chnh sch c

xc lp, khng cho php giao tip khng bo mt. chnh sch c 3 Rules: 2 chnh

sch u tn t nh trn l Default Respond rule v Permit ICMP, v chnh sch th

3 quy nh: Tt c cc giao tip (tr ICMP) phi c m ha vi ESP, ngc li

Server s khng giao tip.

TH NO L THNG LNG MT LIN KT BO MT (A SECURITYASSOCIATION)

Cc Administrator khng nn quan tm n cc c im mang tnh c nhn ca

Policy . C hai Computer tin hnh thng lng bo mt cn phi c nhng chnh

sch b sung. Nu 2 computer c th thng lng thnh cng, IPSEC s c s

dng. Nu thng lng khng thnh cng do bt ng v chnh sch, 2 computer c

th khng tip tc giao tip hoc chp nhn giao tip khng an ton.



5/51

V d v cch thc hot ng ca cc policy gia 2 Computer A v B:

- Computer A yu cu ESP cho cc giao tip HTTP, Computer B yu cu AH cho HTTP,

nh vy 2 computer s khng th thng lng mt lin kt bo mt.

- Giao thc xc thc Kerberos l phng thc xc thc mc nh cho c 3 phng

thc trnh by. Kerberos protocol, c cc Computer trong cng Active directory

forest s dng , nu mt trong 2 Computer khng cng AD Forest, th khng ththng lng c phng thc bo mt. Tng t, khi Computer A dng Kerberos,

Computer B dng Certificates lm phng thc xc thc IP traffic, thng long cng

s khng c thit lp. Tuy nhin chng ta c th trang b cho computer A hocc B

nhiu phng thc xc thc (c Kerberos v Certificates..), ch cn gp mt phng

thc xc thc tng ng gia 2 Computer, xc thc s bt u.

Ly chnh sch mc nh Secure Server (require Security) lm v d. Nu Computer A

xc nh dng chnh sch ny, n s khng th giao tip vi bt k Computer no

khng c trang b IPSEC. V d: Computer A yu cu kt qu truy vn t DNS

server ca AD Domain (DNS server khng dng IPSEC), truy vn s khng c thc

hin. Computer A cn truy cp SQL server (khng dng IPSEC), cng khng th truy

cp. Nu Computer A dng chnh sch Server (request security), giao tip khng an

ton vi cc Computer khng trang b vn c th thc hin. Trong thc t, cc chnh

sch IPSEC nn c trin khai bo mt nhng thng tin quan trng, v cho php

nhng giao tip c bn c th thc hin.

HNH 2: CC CHNH SCH IPSEC HOT NG VI NHAU NH TH NOK nng bo mt v phn tch s c trn XP, Windows Server 2003. Phn

1

Mng ngang hng c th tng nng sut s dng my tnh bi n c thit k ngin trong vic chia s thng tin v ti nguyn trn mng ca bn. Tuy nhin, khnng ca cc my tnh ngi s dng truy cp vo my tnh ca h c th b nhcp thng tin, xa b d liu hoc thiu thn trng trong vic chia s thng tin. l nguyn nhn ti sao m bn cn thm vo cc chnh sch, quy nh s dng my



6/51

tnh trong cng ty, bn c th chc chn rng bn v nhn vin cng ty hiu c cckin thc c bn v bo mt mng ngang hng.Ni dung cc phn:

1. Gii thiu2. Bo mt h thng tp tin

3. Bo mt ti khon4. S dng tng la5. Cp nht cc bn v li bo mt6. Kim tra tnh bo mt vi cng c phn tch MSBA7. Cc ti liu tham khoPhn 1: Gii thiu tng quan y chng ti mun cung cp cho bn cc kin thc c bn bo mt tt nht baogm:

Cp nht cc bn v li bo mt ca Windows mi nht S dng cc phn mm dit Virus S dng kt ni tng la khi truy cp Internet S dng mt khu an ton Khng chia s file hoc th mc vi cc my ch trn Internet Gii hn quyn trn cc th mc c chia s Hn ch thp nht cc th mc c chia s

Ngt cc chia s khi khng c nhu cuNgy nay vi s gia tng ca cc on m nguy him nh cc su, virus, hackerchng c th lm t lit, ph hy d liu, nh cp thng tin trn my ca ngidng. Ti liu ny vi mc ch a ra cc gii php bo mt cho cc doanh nghipva v nh khi s dng mng ngang hng. Tr gip cc my tnh ca bn s dng hiu hnh Microsoft Windows 2000 Pro c bo mt hn trc cc mi e da bomt nhm m qu trnh lm vic c hiu qu an ton trn my tnhCc vn c hng dn trong ti liu ny bao gm Bo mt h thng tp tin Bo mt ti khon ngi dng Bo mt s truy cp t mng



7/51

Kim tra phn tch nh gi mc bo mt vi phn mm Microsoft BaselineThm vo cc hng dn nng cao tng bc trong ti liu ny, bn s cng tmthy cc thng tin v cc gii thiu bo mt hng u m Microsoft ang lm choton b khch hng, t nhng ngi dng gia nh cho n cc doanh nghipCh quan trng:Ton b cc hng dn tng bc trong ti liu ny c pht trin theo dng mc

nh khi bn ci t h iu hnh. Nu bn c thay i thanh Start menu, cc bchng dn c th s khng cn ngYu cu cp nht cc bn Service PackTi liu ny s dng tt nht cho cc h iu hnh Windows 2000 ProfessionalService Pack 4. Nu bn cha ci t hoc bn khng bit a ch ci t bn c thtruy cp vo a ch Windows Update ca trang web Microsoft ti a ch:http://go.microsoft.com/fwlink/?LinkID=22630, v ti bn c th qut cc bncp nht trn my bn. Nu Service Pack 4 c hin th trn danh sch cc bn vli, bn hy ci t n trcCc yu cu qun trBn phi ng nhp vi ti khon truy cp cao nht l Administrator hoc vi tikhon l thnh vin ca nhm qun tr c th hon thnh cc hng dn ny. Numy tnh ca bn kt ni ti Internet, cc chnh sch thit lp mng cng c thngn cn s hon thnh ca cc hng dn nyBo mt h thng FileMt h thng qun l tp tin l cc phng thc m cc file hoc th mc c tchc trn my tnh ca bn. C mt s phng php bo v h thng tp tin t cctruy cp tri php nhm mc ch thay i hoc xa b d liu. Trong mc ny timun gii thiu vi cc bn tng bc bo v h thng tp tin nh sau: Chuyn i h thng qun l tp tin thnh NTFS S dng cc phn mm dit Virus Bo v cc file c chia s Bo v cc th mc c chia s Ngt hoc xo cc account khng cn thit Chuyn i h thng qun l tp tin thnh NTFS

Trong khi ci t Windows 2000, cc my tnh c cu hnh s dng h thngqun l tp tinFAT32 hoc NTFS. FAT32 l cng ngh c c s dng trong ccphin bn Windows trc y nh Windows 98, Me. H thng qun l tp tin NTFSnhanh hn v bo mt hn FAT32. Gii php ti u nht v thc thi v bo mt hiu hnh l s dng NTFS cho vic qun l tp tin trong my tnh ca bn.Kim tra h thng qun l tp tin trn my tnh ca bn.Trc khi chuyn i h thng qun l tp tin trn my tnh ca bn, bn cn phixc nhn l my tnh ca bn cha c chuyn i thnh NTFS. Bn hy theo cchng dn sau kim tra. Nu cc bc kim tra xc nhn l bn ang s dngNTFS th bn khng cn chuyn i h thng qun l tp tin

Kim tra h thng qun l tp tin hin ti trn my tnh bn:1. Trn mn hnh Desktop, bn kich p chut phi vo My Computer

2. Kch chut phi vo cng m bn cn kim tra, sau chn Properties3. Xc nhn l h thng qun l tp tin NTFS. Nu khng phi, bn c th s dngtin ch chuyn i ( convert.exe) c hng dn bn di chuyn di FAT16hoc FAT32 thnh NTFS

Kim tra ton b cc a cn li trn my tnh ca bn. Trong trng hp nu tonb cc cng hin thi trn my bn l FAT32 bn cng c th d dng chuyn ithnh NTFS theo cc hng dn bn diChuyn i h thng qun l tp tin thnh NTFS chuyn i h thng qun l tp tin thnh NTFS, bn phi ch tn ca a m



8/51

bn t v lm theo cc bc ch dn di y Chuyn i h thng qun l tp tin thnh NTFS1. T menu Start bn kch vo Run g cu lnh cmd sau nhn OK2. Sau khi ca s MS-Prompt DOS hin ra bn g cu lnh sau: ConvertTn__a: /fs:ntfsSau bn phi nhp Volume a . Gi s bn cn Convert D vi tn a l

KIEMTRA bn lm nh sau:Convert D: /fs:ntfsSau mn hnh s nhc bn nhp tn a vo v bn g KIEMTRA3. Tip theo bn nhp tn a v nhn ENTER4. Khi vic chuyn i hon thnh, bn ng ca s bng cu lnh EXITCH : Ch quan trng khi bn ang chy cc chng trnh ca h iu hnh thng nhin h iu hnh s khng chuyn i ngay cho bn ti thi im . Tuynhin h iu hnh s nhc bn rng vic chuyn i ny s c thc hin sau khibn khi ng li my. V bn phi g Y ng S dng cc phn mm dit VirusVirus my tnh l cc chng trnh c ci t hoc ly nhim vo my tnh ngois cho php ca bn. Ngy nay cc virus ngy cng nguy him vi kh nng t saochp v ly nhim qua Internet v email trn ton th gii vi tc rt nhanh trongvi giPhn mm dit s gip bn bo v my tnh ca mnh vi nhiu loi virus, su, trojanv cc on m nguy him. Bng cch ny bn c th qut v dit virus. Tuy nhincc phn mm dit virus ch gii quyt c mt phn vn .Nhiu my tnh mi c mua vi cc phn mm dit virus c ci t sn trnmy tnh. Tuy nhin, phn mm dit virus ny yu cu bn phi ng k c thcp nht cc Virus mi nht. Nu bn khng ng k cp nht, my tnh ca bn sb nguy him trc cc virus miBn hy s dng email an ton bng cch khng m cc file nh km, khng kchvo cc lin kt trn trn email (Tt nht hy copy v paste vo trnh duyt truycp web). Nu bn ci phn mm dit virus th cc chng trnh ny s qut cc filec nh km

bit c cc chng trnh dit virus v cc nh cung cp phn mm dit virus ttnht vi HH Windows mi bn tham kho ti a chhttp://go.microsoft.com/fwlink/?LinkId=22712

K nng bo mt v phn tch s c trn XP, Windows Server 2003. Phn2

Bo v cc file c chia s

Trong bi trc ti a cc khi nim, chuyn i h thng tp tin NTFS. Phn nys tip tc hng n bn cch bo v cc tp tin, th mc c chia s trong mngLAN. Mng ngang hng cho php bn to cc chia s d liu do ngi dng c thgii hn truy cp ch c hoc c th va c, thay i, xa file. Nu bn kt ni viInternet, v khng s dng tng la, bn hy nh rng bt k mt file no bn chias bn cng c th b truy cp t cc ngi dng khc trn mng Internet

Theo mc nh, Windows 2000 cho php ton quyn iu khin, thay i v c vibt k ngi dng no truy cp vo cc th mc c chia s (share). Tuy nhin bnhon tan c th thay i bng cch xa thuc tnh ny trn cc th mc c chias hoc thay i gii hn truy cp ton quyn bng cc truy cp ch c c. Hoc bnc th thm cc ti khon truy cp theo ng ngi cn chia s. Vic xa b quyn

http://go.microsoft.com/fwlink/?LinkId=22712http://go.microsoft.com/fwlink/?LinkId=22712


9/51

Everyone trong Windows bn s c m bo rng khng c ai c th truy cp vocc th mc cn bo v tr khi bn thm mt ngi dng mi vo ti khon truycp.

Hoc bn mun bo v cc chia s n trc ngi dng bn c th thm du $ vo

sau cc th mc chia s. V d bn mun chia s mt th mc Du lieu bn c ththm Du lieu$ vo sau th mc ny khi nu bn mun truy cp vo th mcchia s ny th bn ch vic g tn my Tn chia s ca th mc+$ v d:Computerdata$ khi bn c th truy cp c vo th mc n ny ri. Tuynhin cch ny cha thc s an ton vi mt ngi dng c hiu bit v my tnh.H ch vic xem th mc chia s ny bng cch vo Start, Run, type cmd , G culnh NET SHARE n s lit k ht cc chia s k c chia s n. Vy th bn phi lmg ? Xin mi bn tip tc n vi phn

Bo v cc th mc chia s

Mng ngang hng Windows cho php bn chia s cc thng tin vi my tnh khc

trn mng. Bng mt vi thao tc nh bn c th chia s c cc file v cc thmc. Bng cc thay i mt vi cc thit lp mc nh, bn c th ngn chn cctruy cp bt hp php ti cc file v thc mc ca bn

Cc bc bo v th mc chia s

Bc 1: Trn mn hnh Desktop, kch p vo My Computer, sau m file hoc thmc m bn mun bo v

Bc 2: Kch phi chut vo th mc bn mun bo v v chn sharing

Bc 3: Trn tab Sharing, kch vo Permissions

http://computer/data$/http://computer/data$/


10/51

Bc 4: Chn EveryOne v kch Remove nhm hn ch bt k ngi dng no muntruy cp



11/51

Bc 5: Kch vo Add sau chn ti khon truy cp thch hp m bn mun chongi dng chia s

Sau kch OK



12/51

Bn ch nu th mc bn cn chia s m ch cho ngi dng Copy th tt nht ch

t quyn truy cp Read.

Bc 6: Bn nhn Apply OK. Cng vic chia s by gi hon thnh. Bn c thyn tm rng file ca bn chc chn c bo v ch c nhng ngi c php truycp mi c th truy cp c.

Ch :

Cc file hoc th mc chia s hot ng tt nht vi h thng NTFS

thay i quyn truy cp, bn ch vic thm hoc remove bt User hocthay i quyn truy cp thng tin

Trong cc Account v cc nhm ngi dng (Groups) nu bn t FullControl Permissions th ngi dng c th xa file, xa cc th mc con trongth mc c chia s

Nhn tin y ti mun cnh bo vi cc bn mt iu cc k quan trng rng: Theoch mc nh Windows 2000, XP, 2003 u chia s tt c cc a cng cabn v cc th mc l: IPC, Admin theo hnh thc chia s n (c du $) m trn ti ni vi bn (Bn c th kim tra iu ny bng cch truy cp vo Control Panel



13/51

Administrative Tools Computer management System Tool Share Folder.

Cc chia s mc nh ny mc d khng truy cp c vi ti khan khch nhngnu bn v tnh to Account truy cp vi quyn Administrator cho ngi s dng thng nhin rng may bn s b khai thc ht thng tin. Vy th bn phi lm g xa b cc chia s ny ? Bn ngt cc chia s t Computer Management? Hon tonsai lm! V sau khi khi ng li my chng li xut hin khng tin bn c th mxem.

gii quyt vn ny ti hng dn ban cch xa cc chia s ny n gin mcc k hiu qu. u tin bn to mt File l secure.bat (T File trong My Computer New Text document bn t tn file l secure.bat. Ch rng nu phn mrng ca file khng c hin th th file ca bn vn c phn m rng l *.txt bn

phi vo Tools Folder Options View B nh du Hide file extentions forknown file types. Tip theo bn kch phi chut vo file secure.bat va to chnEdit v thm vo cc dng lnh sau:

net share c$ /delete /y

net share d$ /delete /y



14/51

net share IPC$ /delete /y

net share ADMIN$ /delete /y

Sau Save li. By gi bn th chy file ny v kim tra li cc file share. Kt quth no? Tuyt vi phi khng. Vy th bn hy copy file ny vo mc Startup caWindows mi ln khi ng my s xa b cc mc chia s mc nh ny.

K nng bo mt v phn tch s c trn XP, Windows Server 2003. Phn3

Bo mt ti khon ngi dng, mt khu, thit lptng la.

Phn ny chng ta tip tc hc cc k nng bao gm: V

hiu ho ti khon ngi dng khng cn thit, bo mtcc ti khon, chng truy cp bng cc phn mm tngla, cp nht cc bn v li h iu hnh.

V hiu ha hoc xa cc ti khon khng cn thit

Bn to rt nhiu Account nhng sau mt thi gian ccAccount ny khng c dng hoc c s thay i nhn s t pha ngi dng hoccc chng trnh ci t t ng to Account m bn khng dng n. Vy th giiphp tt nht l bn hy xa hoc v hiu ha cc Account ny nhm bo v mytnh v thng tin.

Cc bc v hiu ha cc ti khan ngi dng:

1. T Start chn Settings, Control Panel

2. Kch p vo Administrative Tools, sau kch p vo ComputerManagement

3. Bn chn Local Users and Groups v kch vo Users

4. Kch phi chut vo cc Account m bn cn v hiu ha chn Properties

5. Trn tab General, bn chn Account is disabled , Apply, Ok



15/51

Ch :

1. Khi ti khon c v hiu ha th ng nhin ti khan ny khng thc s dng ng nhp v biu tng ca ti khan ny s bin thnhdu X gch

2. Ti khon Administrator khng th v hiu ha c

Xa ti khon ngi dng:

1. T Start chn Settings , Control Panel

2. Kch p vo Administrative Tools, sau kch p vo ComputerManagement

3. Bn chn Local Users and Groups v kch vo Users

4. Kch phi chut vo cc Account m bn cn xa b chn Delete

Ch :

1. an ton bn hy v hiu ha cc ti khon trc khi xa chng

2. Mt ti khon b xa s khng c kh nng khi phc



16/51

3. Theo mc nh ti khon Administrator v Guest khng th xa c

Bo mt cc ti khon ngi dng:

Bng cch s dng mt khu, v hiu ha hoc xa b cc ti khon khng cn thitbn c th lm gim nguy c truy cp tri php vo my tnh ca mnh

S dng mt khu

Mt iu cc k quan trng l phi t mt khu cho ton b cc ti khon caWindows vi 02 nguyn nhn ch yu sau:

Nguyn nhn th 1: Nu bt k mt ti khon no khng t mt khu th ngnhin rng bt k mt ngi dng no cng c th truy cp vo my tnh ca bnbng ti khon khng c t mt khu

Nguyn nhn th 2: Theo mc nh, tt c cc ti khon khng t mt khu thngi dng ch c th ng nhp vo my tnh ca bn trc tip khi h ngi trn mybn m khng th ng nhp t xa hoc iu khin my bn t xa. Nhng s giihn ny s khng c hiu lc i voi cc ti khon tn min hoc ti khon Guest.Nu ti khon Guest khng b v hiu ha v khng t mt khu, n s c th b s

dng ng nhp vo bt k mt ti nguyn no trn mng ngang hng

thit lp hoc reset li mt khu ti khon c sn bn lm nh sau:

1. TStart, Settings ,Control panel

2. Kch phi chut chn Set Password . Bn hy nhp mt khu mi



17/51

S dng tng la:

Phn mm tng la hoc phn cng tng la s to hng ro bo v my tnhtrc cc mi e da tim tng trn Internet. Nu my tnh bn s dng h iuhnh Windows 2000 s khng c tng la c ci t trn h iu hnh (tr

Windows XP, Windows 2003), do Microsoft khuyn bn nn ci t tng la trckhi truy cp Internet.

H iu hnh khng c cc hng dn s dng tng la m bn phi c cc ti liuhng dn t chnh cc nh cung cp phn mm hoc phn cng

Cc phn cng v tng la:

Phn cng tng la l la chn tt nht cho h iu hnh Windows trc khi bn c nh s dng Windows XP. Mt s mng my tnh nh cc im truy cp khng dyv cc cc b nh tuyn bng thng rng c xy dng sn tng la. MicrosoftBroadband Networking Wireless l mt v d cho im truy cp khng dy c ci

t sn phn cng tng la v cc mng khc trong tng lai.

Phn mm tng la

Mt phn mm tng la c xy dng bi mt vi cc i tc nh BlackICE PCProection, Computer Associates, McAfee Security, Symantec, Tiny Software, vZoneAlarm.

c th s dng cc phn mm hoc phn cng Firewall ca cc cng ty ny bnc th tham kho ti liu ti

http://go.microsoft.com/fwlink/?LinkId=22496

http://go.microsoft.com/fwlink/?LinkId=19713.

Cp nht cc bn v li

Mt trong nhng iu ti quan trng l "Cp nht y cc bn v li caWindows" trc cn i hng thu: Virus (Blaster,Netsky, Sasser,Lovegate,..), hacker, phn mm gin ip. Nu bn khng tun th quy tcny my tnh ca bn s b h gc ch sau t 10 pht n 30 pht. Bn c tinkhng? Nu bn tin ti th hy tip tc c v cp nht Windows cn nukhng tin tt nht bn hy chuyn sang cc bi c khc th v hn. Nhngnu c iu g xy ra vi my tnh ca bn th ng trch ti khng cnh bo

nh! Cch tt nht gip bn tm hiu v cc bn v li bo mt v cc bnthng bo bo mt t hng Microsoft c m t ti http://go.microsoft.com/fwlink/?LinkId=22339. Ti y bn s ng k c th cp nht cc thng tin v bo mt, cc bn v li bo mt qua email.Thm na n cn cung cp cho bn cc kin thc v cng ngh gip bn tng v li h iu hnh

T ng cp nht

Windows 2000 SP 4, XP, 2003 cung cp cho bn cc tnh nng t ng kim tra v

http://go.microsoft.com/fwlink/?LinkId=22496http://go.microsoft.com/fwlink/?LinkId=19713http://go.microsoft.com/fwlink/?LinkId=22339http://go.microsoft.com/fwlink/?LinkId=22496http://go.microsoft.com/fwlink/?LinkId=19713http://go.microsoft.com/fwlink/?LinkId=22339


18/51

K nng bo mt v phn tch s c trn XP, Windows Server 2003. Phncui



19/51

Kim tra bo mt vi cng c Microsoft Baseline SecurityAnalyzer

Nm trong chin lc bo mt ca Microsoft, phn mm MicrosoftBaseline Security Analyzer (MBSA), s bo co cho bn cc cu

hnh khng bo mt v cc bn v li Windows 2000, XP v WindowsServer 2003. Chng trnh ny bn c th s dng trn my bn hoctrn mt my iu khin t xa. Phn mm ny khng th thiu cho

nhng nh qun tr mng cn phn tch hin trng ca my ch. K c nhng ngidng bnh thng n cng a ra c li khuyn v cc ch dn cn thit v bomt

Cc bc ci t v s dng chng trnh MBSA

ci t MBSA bn cn phi download phn mm ny (Dung lng khong1.56 Mb): Download MBSA

Sau bn ci t bnh thng nh cc phn mm khc theo tng bc. Qu trnhci t c hon thin bn tip tc thc hin cc bc pha di y

Qut cc bn cp nht v v li

1. T Start menu chn Programs Microsoft Baseline SecurityAnalyzer

2. Kch vo Pick a computer to scan

3. B cc la chn sau:

Check for Windows vulnerabilities

Check for weak passwords

Check for IIS vulnerabilities

Check for SQL vulnerabilities

http://www.quantrimang.com/download/MBSASetup-EN.msihttp://www.quantrimang.com/download/MBSASetup-EN.msi


20/51

R sot & v li Bo mt

S kt hp gia GFI LANguard N.S.S v Microsoft

server

GFI LANguard Network Security Scanner l g ?

GFI LANguard N.S.S. l chng trnh r sot cc l hnbo mt hng u hin nay. Mt trong nhng tnh nngquan trng ca GFI LANguard N.S.S l qun l vic v lh thng. R sot bo mt v qun l v li l nhng vikhng th tch ri. S dng mt cng c c th thc

hin c 2 vic quan trng nu trn gip cho cc Admin rt thun tin trong cng vic qun tr vbo mt h thng ca h.

GFI LANguard N.S.S. c th dng cng c chuyn qun l vic v li ca Microsoft l SoftwareUpdate Services (SUS) nhm duy tr v cp nht mt c s d liu trung tm cha cc patches hotfixes.

C th tham kho thm v SUS ti y:

http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/default.m

Ch : Hin nay Software Update Services (SUS 1.0), ch c Microsoft h tr n ht 6.2006.sau thi hn ny chng ta khng cn download c tool ny, Microsoft a ra version mi cSUS gi l WSUS, nhng t chc ang s dng Microsoft SUS nn tin hnh nng cp ln WSUS

trc thi hn trn.

C th tham kho chi tit v WSUS v Download ti y:

http://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspx

Ti sao li c s kt hp gia GFI LANguard N.S.S. v Microsoft SUS server ?

Microsoft SUS server l gii php tt trong vic qun l v tin hnh v cc l hng cho h iuhnh. Khng ch h tr patches cho h iu hnh, m cn bao gm patches cho nhiu applicationh: IIS v IE. Tuy nhin, Microsoft SUS li thiu mt s tnh nng m GFI LANguard N.S.S cuncp cho ngi s dng:

Trin khai service packs Trin khai cc patches n cc my ang chy Windows NT Trin khai phn mm 3rd cho cc my Clients v cc 3rd patches Trin khai patches v service packs cho cc ng dng Microsoft nh: Microsoft Office,

http://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/default.mspxhttp://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspxhttp://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspxhttp://www.microsoft.com/windowsserversystem/updateservices/evaluation/previous/default.mspxhttp://www.microsoft.com/windowsserversystem/updateservices/downloads/WSUS.mspx


21/51

Microsoft SQL Server, Microsoft Exchange Server & Microsoft ISA server.

C kh nng kim tra li tt c cc patches ci ng hay cha.V do vy, s kt hp gia GFI LANguard N.S.S. v Microsoft SUS nhm tng cng hn na ckh nng qun l v tin hnh v li cho OS v Applications trn cc h thng Windows2000/XP/.NET, gip cc h thng v ng dng ang vn hnh c cp nht nhanh chng tt ccc OS service packs, Microsoft application patches v service packs, k c cc software patchesca cc hng phn mm th 3 (3rd party software).

Lm th no ci t h thng qun l v li trn Mng ?

Step 1: Ci t Microsoft SUS server

Bi v Microsoft SUS server khng thc s l mt ng dng qut trn desktop, m hi thin v mserver t ng lm vic di dng dch v nn (background), nh vy hi kh khn cho cc Admt cht trong vic setup so vi cc cng c qun l v li khc than other. Tuy nhin mt khi

set-up hon thnh, th quy trnh qun l v li s c t ng, v cc Admin s c n b xng vi cng sc b ra ban u.

ci t Microsoft SUS server (yu cu IIS), v cu hnh kim tra cc cp nht. Cng phim bo rng cc my trm workstations v servers phi c Windows 2000 SP3, Windows XP Shoc Windows .NET, hoc phi ci Microsoft SUS client. Cn lu rng Windows NT khng c tr.

C th tin hnh ci t xa cc SUS client software thng qua vic dng Group Policy dung lngfile ci t ch 1 MB. Sau khi ci SUS client trn cc my s lm vic vi SUS Server, li tip tcdng Group Policy cu hnh cho cc SUS client t ng cp nht cc bn v t SUS server. Xin nli cc Admin c th tham kho v cch cu hnh ny nh link cung cp trn.

Qun l Microsoft SUS server

Vic qun l Microsoft SUS server tt c thng qua giao din Web, v cho php qun l t xa.Microsoft SUS server tin hnh download tt c updates hon ton t ng v c th thng bocho bn cc new updates qua e-mail. Cc New updates c th c chp thun cho trin khai holoi b, m bo rng bn c y quyn i vi nhng g s c ci t trn network. Giaodin qun l ca SUS cng kh n gin.



22/51

Microsoft SUS Client

Mt khi tin hnh ci t c 2 Microsoft SUS server v Microsoft SUS client, th tt c ccupdates s c cp nht t ng. Vi quyn administrator cu hnh vn ny s xy ra nh tno cho thun tin vi hin trng Network ca bn. C th xc lp mt lch biu cho cp nht,thm ch c th cho php User tng tc , hoc iu khin trong tin trnh ny nu Admin munHy xem hnh m t, v d nhin nhng la chn ny c th b Group Policy kha (locked).



23/51

Sau khi cu hnh cho Microsoft SUS client, cc patches s c trin khai t ng. User s thng bo qua message nh trn hnh.

Nhng hn ch ca Microsoft SUS Server

Mc d c nhiu u im, nhng , Microsoft SUS vn bc l nhng hn ch nht nh:

Khng tin hnh cp nht c cc service packs cho Clients; Admin cn tm gii phpkhc ?

Ch qun l c cc patches cp h iu hnh (v bao gm cc ng dng InterneExplorer v IIS), nhng patch cc ng dng khc nh : Microsoft Office, MicrosoftExchange Server, Microsoft SQL Server, etc, th khng th

Yu cu dng Windows 2000 tr ln, khng th patch cc h thng Windows NT 4systems.

Khng th trin khai cc bn v cho 3rd party software. Khng cho php qut ton b Network, tm kim nhng l hng cha v, V v vy Adm



24/51

kh c th kim tra c cc bn v ci t ng cch hay cha. H thng bo co v ny li khng d s dng.

V iu ny c ngha l cc Admin s trng i vo mt gii php khc c th khc phc cnhng nhc im trn ca SUS. Microsoft khng c nh thm cc tnh nng trn, v nu cc

Admin mun dng nhng tnh nng trn phi tr ph dng mt gii pp ton din ca h l:Microsoft SMS server . V nh vy tnh nng chnh thch hp nht ca Microsoft SUS server s dng v cho H iu hnh v nn s dng thm cc cng c v khc nhm hon chnh h

Step 2: Qun l patch vi GFI LANguard N.S.S.

Mt khi Microsoft SUS server ang hot ng trn network, Admin cn ci thm GFI LANguardN.S.S tin hnh qun l vic v li v cp nht hon thin hn:

Trin khai service packs. Trin khai patches n cc my Windows NT. Trin khai patches cho cc 3rd party software. Trin khai Microsoft application patches v service packs cho c Microsoft Office, Micros

SQL Server, Microsoft Exchange Server v Microsoft ISA server.

Kim tra li cc patches v service packs cn thiu cha c ci v tin hnh bo coqua HTML report v cc vn ny.

Kim tra cc patches v service packs ci t



25/51

Mt khi cc chng trnh qun l cc bn v c ci t, th Admin cng cn ch n victhng qut Mng kim tra cc patches v service packs c trin khai bi Microsoft SUSGFI LANguard N.S.S. s nhanh chng r sot Mng v lit k ra tt c patches v service packscha cp nht thng qua cc biu tng cnh bo- Alerts node.

qut Mng, n vo dy IP m Mng ang dng (IP range) trc tip vo box pha trn cng GFI, hoc dng Scan Wizard (m t File menu) xc nh cc computers cn qut. Admin cnc th qut domains, hoc mt my tnh c bit hoc ton th dy IP. Click Finish start tintrnh qut. Mi Computer trn Mng c GFI LANguard N.S.S. tm thy s xut hin khung trikhung phi cung cp thng tin chi tit m tin trnh qut thu thp c.

Mt khi network scan hon thnh, cc missing patches v service packs s c lit k di khucnh bo Alerts node. Nu Microsoft SUS tin hnh cp nht cho cc client machines ng, thchng ta ch thy cc application patches v service packs xut in y.

Right-clicking vo mt patch hoc mt service pack no s cho php Admin trin khai missinservice pack / patch ti computer hoc tt c cc computers. Hp thoi Deploy Patches dialo

ch ra m t ngn, cho php chng ta d dng xc nh patches no s c cp nht chocomputers no.

(Deploying patches vi GFI LANguard N.S.S.)



26/51

(Patches download)

Sau khi xc nh cc patches no cn cp nht, GFI LANguard N.S.S. s cung cp mt list ccservice packs v patches cn c download v s copy vo GFI LANguard N.S.S downloaddirectory.

Step 3: Bo co

Mt khi Mng c qut, Admin cng c th to ra mt bo co ngn gn danh sch tt c cpatches v service packs cha cp nht. to bn bo co ny, chn File menu > Filters anselect Missing patches.



27/51

(The GFI LANguard N.S.S. missing patches/service packs) report

Kt lun

Microsoft SUS l mt cng c qun l v rt tt. hn na li l min ph. Tuy nhin li thiu i ctnh nng trin khai service packs, patches cho cc application software nh Office, Exchange hoSQL Server. Ngoi ra cng thiu kh nng qut Mng tm kim cc missing patch, Admin cn phxem li logs cc patches no trin khai cc patches no cha, gy kh khn khng t.

Microsoft SUS Server kh hon ho khi cp nht patch cho h iu hnh.Mc d c th dng sphm khc thay th, tuy nhin v lu di, bn s thy dng Microsoft SUS Server s tit kim thgian: Mt khi set-up h thng s cp nht t ng. Th nhng, Microsoft SUS Server khng tl cng c gip qun l v trin khai tt c cc loi patches. V do vy cn s dng thm cc c



28/51

c qun l v cp nht v li h tr cho Microsoft SUS Server.

GFI LANguard N.S.S. l gii php kt hp tt vi Microsoft SUS cung cp nhng tnh nng xut strong qun l v li vi chi ph c th chp nhn c. Hu ht cc gii php dng ny c chi phkhong t 15.000 $ cho khong 100-500 machine ... S kt hp gia GFI LANguard N.S.S. v

Microsoft SUS cho php Admin cp nht patches cho h iu hnh dng Microsoft SUS(Windows 2000, XP, .NET, IIS, IE, Windows Media) v service packs, Microsoftapplication patches, Windows NT patches v 3rd party software dng GFI LANguardN.S.S.

Gii php kt hp ny khng ch am li sc mnh, kh nng d thay i m cn m bo chi pb ra kh hiu qu.

Hin GFI cung cp phin bn mi nht: GFI LANguard Network Security Scanner 7

C th download th nghim ti y:http://www.gfi.com/downloads/register.aspx?pid=LANSS&vid=7&lid=EN

GFI

GFI (www.gfi.com) l nh cung cp gii php bo mt hng u hin nay: cc phn mm bo mcho h thng Email, bo mt Mng v thng tin. Cc sn phm chnh l: GFI FAXmaker faxconnector h tr cho Exchange v fax server; GFI MailSecurity e-mail v anti-virus software chomail; GFI LANguard network security. Cc khch hng ln bao gm Microsoft, Telstra, Time WarCable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, US IRS, v USAF.

Hai su my tnh nguy him lan trn ti Vit Nam

Theo cnh bo ca cc chuyn gia bo mt Cng ty Misoft,Trendmicro hin nay, cc h thng mng ti Vit Nam angnhim nhiu hai loi su WORM_RONTOKBRO.B vWORM_RBOT.AZM.

Sau y chng ti xin cung cp cc thng tin v hai loivirus ny cc bn phng chng my tnh v h thngmng ca mnh.Su WORM_RONTOKBRO.B c nh gic mc nguy him cao. Tc ly nhim cao, ly nhimvo h iu hnh: Windows 95, 98, ME, NT, 2000, XP,Server 2003.

Phng thc pht tn: gi bn sao ca ntrong file nhkm ca email. File cch a su sdung Bi u tng thmc ca Microsoft nh la ngi dng mnvsu

tin hnh cc tn cng. Khtinh vi, su c ng mc a sWindows Explorer nh m che ducc tin trnh noth c hin ln my tnh ca nn nhn.Su thr t nhiu cc bn sao ca nln c c th mc vi nhiu tn khc nhau. Trn ccmy ly nhim chy hi u hnh Windows 2000, XP, and Server 2003, su thb n saovo ng dn c mh a cng pha di th mc User Profile. Sau t o mt th

http://www.gfi.com/http://www.gfi.com/


29/51

mc trong ng dn ny.

Hin tng my tnh bnhi m su WORM_RONTOKBRO.BLoi su ny sth c hin khi ng li my tnh ca nn nhn khi thy trn thanh tiu(title bar) c a ca scc c cm t".EXE" and "REGISTRY". WORM_RONTOKBRO.B

chn thm lnh PAUSE vo file AUTOEXEC.BAT (trong a C:) khi n cho cc my bnhim chy Windows 95, 98, vME bt m dng trong qutr nh khi ng, buc ngidng phi n mt phm bt kkh i ng Windows. ng thi, su cng thay i gitrtrong Registry l m mt mc Folder Options trn menu ca tt cc c ca sWindowsExplorer vControl Panel. Do ng i dng khng thm c hp thoi FolderOptions. c bit hn, WORM_RONTOKBRO.B lm v hiu ha Registry khin cho ngidng khng thmc a sRegistry thay i cc gitrmsu c y thm vo.Gii php dit th cngBc 1: Khi ng ch Safe Mode Trn Windows 951. Khi ng li my tnh.2. Bm F8 mn hnh Starting Windows 95.3. Chn ch Safe Mode t Windows 95 Startup Menu sau bm Enter. Trn Windows 98 v ME1. Khi ng li my tnh.2. Bm phm CTRL cho n khi menu startup xut hin.3. Chn ch Safe Mode sau bm Enter.

Trn Windows NT (ch VGA)1. Bm Start>Settings>Control Panel.2. Bm nhy chut vo biu tng System.3. Bm vo thanh Startup/Shutdown.

4. t trng Show List l 10 giy v bm OK lu s thay i ny.5. Tt my v khi ng li my tnh.6. Chn ch VGA t menu startup.

Trn Windows 20001. Khi ng li my tnh.2. Bm phm F8 cho n khi nhn thy thanh Starting Windows cui mn hnh.3. Chn ch Safe Mode t Windows Advanced Options Menu sau bm Enter. Trn Windows XP1. Khi ng li my tnh.2. Bm phm F8 sau khi Power-On Self Test (POST) c thc hin. Nu WindowsAdvanced Options Menu khng xut hin, c gng khi ng li my v bm phm F8

nhiu ln sau mn hnh POST.3. Chn ch Safe Mode t Windows Advanced Options Menu sau bm Enter.Bc 2: Xo cc du vt nh hng n qutr nh khi ng my tnh trong Registry.1. M Registry Editor.Chn Start>Run, g Regedit, bm Enter.2. Bn tri ca s, kch p chn ng dn sau:HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Run3. Bn phi ca s, tm v xo li vo.



30/51

Trnd Windows ME, 2000, XP & Server 2003:Bron-Spizaetus = "%Windows%INFnorBtok.exe"Trn Windows 98 & NT:Bron-Spizaetus = "INFnorBtok.exe"(Lu : %Windows% l ng dn mc nh n th mc Windows, thng thnglC:Windows hoc C:WINNT.)

4. Bn tri ca s, kch p chn ng dn sau:HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run5. Bn phi ca s, tm v xo li vo:Trnd Windows 2000, XP & Server 2003:Tok-Cirrhatus = "%UserProfile%Application Datasmss.exe"Trnd Windows ME:Tok-Cirrhatus = "%Windows%Application Datasmss.exe"

Bc 3: Xo cc du vt ca su trong Registry1. Vn trong c a sRegistry, bn tri, kch p chn ng dn sau:HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>Explorer2. Bn phi ca s, tm v xo li vo:NoFolderOptions = "dword:00000001"3. Bn tri ca s, kch p chn ng dn sau:HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Policies>System4. Bn phi ca s, tm v xo li vo:DisableRegistryTools = "dword:00000001"5. ng ca sRegistry.

Bc 4: Khi phc li file AUTOEXEC.BAT1. Mfile AUTOEXEC.BAT b ng Notepad. Click Start>Run, g:notepad c:autoexec.bat2. n Enter.3. Xa gitrsau:pause

4. ng file AUTOEXEC.BAT.5. Click Yes ghi l i.

Lu : i vi cc my chy Windows XP/ME ngt tnh nng System Restore.V su WORM_RBOT.AZM

Su WORM_RBOT.AZM c tc ly nhim cao. Ly nhim vo HH: Windows 95, 98,ME, NT, 2000, XP, Server 2003. Su ly nhim trn mng chia s. WORM_RONTOKBRO.Bthb n sao vc c th mc c chia sm c nh:ADMIN$system32C$Windowssystem32C$WINNTsystem32

Nu th mc c t password truy cp, su tp hp trong danh sch mn nh nghatrc user ames vpasswords thtruy c p li. Nguy him hn, WORM_RONTOKBRO.Bcn khai thc cc lh ng th c hin pht tn cc bn sao c a ntrong m ng:LSASS VulnerabilityRPC/DCOM Vulnerability

Ngoi ra, loi su ny cn ckhnng n c p ID ca Windows trn my tnh ca nnnhn vCD key c a nhiu trchi phbi nnh FIFA, Command and Conquer, James



31/51

Bond 007, Half-Life ....nu nh chng c ci trn my bnhi m.

Gii php dit th cngBc 1: Xc nh vd ng tin trnh hot ng ca Su:Dng tin trnh hot ng ca su

1. M Windows Task Manager.Trn Windows 95, 98, and ME, bmCTRL+ALT+DELETE Trn Windows NT, 2000, 2003 and XP, bmCTRL+SHIFT+ESC, sau bm vo mc Processes.2. Trn danh sch cc chng trnh ang chy, bm nt End Task hay End Process, tuthuc vo phin bn Windows ang chy vi tin trnh scrtkfg.exe.3. kim tra liu cc chng trnh virus dng hay cha, ng Task Manager, sau m li ln na.4. ng Task Manager.

Bc 2: Xo cc du vt nh hng n qutr nh khi ng my tnh trong Registry.1. M Registry Editor.Chn Start>Run, g Regedit, bm Enter.2. Bn tri ca s, kch p chn ng dn sau:HKEY_CURRENT_USER>Software>Microsoft>OLE3. Bn phi ca s, tm v xo li voSystem CSRSS Patch = "scrtkfg.exe"4. Bn tri ca s, kch p chn ng dn sauHKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run5. Bn phi ca s, tm v xo li vo:System CSRSS Patch = "scrtkfg.exe"6. Bn tri ca s, kch p chn ng dn sauHKEY_LOCAL_MACHINE>Software>Microsoft>Windows>CurrentVersion>RunServices7. Bn phi ca s, tm v xo li vo:

System CSRSS Patch = "scrtkfg.exe"8. ng ca sRegistry.

Bc 3: Thit lp li cc gitrbsu thay i trong Registry1. Vn trong c a sRegistry, bn tri, kch p chn ng dn sau:HKEY_LOCAL_MACHINE>Software>Microsoft>OLE2. Bn phi ca s, chut phi vo EnableDCOM vch n Modify:3. Bn tri ca s, kch p chn ng dn sau:HKEY_CURRENT_USER>Software>Microsoft>Windows>CurrentVersion>Run4. Trong text box di Value Date, gY:5. ng ca sRegistry.

Lu : i vi cc my chy Windows XP/ME ngt tnh nng System Restore.

Nu cha c phn mm dit virus no ca Trend Micro, bn c th vohttp://housecall.trendmicro.com/ ti v.(VnMedia)

Admin qun Domain Admin Password trn Windows 2003 Server

http://housecall.trendmicro.com/http://housecall.trendmicro.com/


32/51

Ti thi im ny bn c th restart Windows, v SRVANY se chy lnh netusercommand tin hnh reset li domain admin password.

3 Khi ng li Windows ch thng -normal mode

Ch khi mn hnh login xut hin. bn s khng nhn thy command promptxuthin khi thc hin lnh net user command. Nhng ng lo lng, command vn cthc thi bn trong h thng -background.

Log on vi ti khon Administrator, password bn va xc lp mi trn. H thngs ban y quyn truy cp cho bn. Nu khng quay li bc 2 v m bo rngbn khng qun password mi xc lp hoc xc lp sai cc values khc.



33/51

C th dng IPSEC trn Windows 2000/XP/2003 ngn chn Pingpackets?

Cc computer Windows 2000/XP/2003 c phng tin bomt IP c tch hp c gi l IPSec (IP Security).IPSec l mt giao thc c thit k bo v cc TCP/IPpackets truyn qua mng bng cch dng m ha khacng -public key encryption. C th hnh dung n ginnh sau: Cc gi IP packet thng thng c bao bc bigi Ipsec m ha -encrypted IPSec packet. V packet

ny sau vn gi thuc tnh m ha cho n khi packet c nhn Computer ubn kia.

Chng ti khng cp qu chi tit v cc tnh nng IPSec y, nhng cc bn ghinh rng bn cnh kh nng m ha cc gi IP, th IPSec cn gip bn bo vserver/workstation thng qua vic cu hnh mt s chc nng tng t firewall.

Vy th lm sao bn c th bo v Computer mnh vi IPSec? Ch n gin bngcch thc hin mt policy ra lnh cho Computer hy ngn chn-block tt c cclu thng IP c ch nh trong cc quy tc s thit lp -rules.

Chn PING trn mt computer

thc hin vic chn PING ti v t mt computer , bn cn to mt IPSecpolicy cho php block tt c ICMP traffic (Internet Control Message protocol, giao

thc m Ping traffic s dng). Hnh di l cu trc ca ICMP packet m Ping sdng

PING n mt Server v nhn phn hi:



34/51

cu hnh trn mt computer tin hnh cc bc sau:

Cu hnh cc IP Filter Lists v Filter actions (danh sch cc Ip filter vcc hnh ng a ra trn mi Ip filter )

1. M MMC: Start > Run > nh lnh MMC.



35/51

2. Chn File, Add/Remove Snap-in, chn tip Add v chn IP Securityand Policy Management.

3. Trong Select which computer this policy will manage (chn mytnh chnh sch ny s qun l) chn local computer. Click Close v clickOk.



36/51

4. Right-click IP Security Policies trong khung tri ca MMC console.Chn Manage IP Filter Lists and Filter Actions.



37/51

5. Bn khng cn phi cu hnh mt IP Filter ring cho ICMP (protocol cs dng cho lnh PING) bi v mt filter mc nh c sn tn ca nl All ICMP Traffic.



38/51

Tuy nhinnu bn mun c th chng ta s mun cu hnh nhiu hn mt IPFilter cho ICMP. V d nh, bn mun ngn chn mt server tr li tt c ccPINGS, ngoi tr cc PINGs c th xc nh c gi t mt computer thuc

phng h tr k thut ca cty- Help Desk department. Trong trng hp ny,

bn nn thm vo mt IP Filter mi xc nh r IP address ngun (help desk), IPAddresses ch (server ca bn) , v giao thc ICMP c nhn s phn hi. Sauy l v d to cc IP Filters.

6. Trong Manage IP Filter Lists v Filter actions xem li cc filters cubn xc lp v , click vo Manage Filter Actions tab. By gi bncn a ra quyt nh c th (filter action) tin hnh ngn chn cc trafficmong mun, click Add.



39/51

7. Trong Welcome screen, click Next.8. Trong Filter Action Name , in vo Block v click Next.



40/51

9. Trong Filter Action General Options , click Block , click Next.

10. Quay tr liManage IP FilterLists v Filteractions, xem li ccfilters ca bn, clickClose. Bn c thadd Filters v FilterActions ti bt cthi im no .



41/51

Bc k tip l cu hnh IPSec Policy v p t.

Cu hnh chnh sch IPSec Policy

1. Trong MMC console, right-click IP Security Policies on LocalComputer , chn Create IP Security Policy.



42/51

2. Trong Welcome screen , click Next3. Trong IP Security Policy Name , in vo tn m t policy, chng hn

nh "Block PING". Click Next



43/51

4. Trong Request for Secure Communication window, click xaActive the Default Response Rule trong check-box. Click Next

5. Trong CompletingIP Security PolicyWizard window,click Finish.



44/51

6. By gi chng ta cn thm vo cc IP Filters v Filter Actions khc nhaucho IPSec Policy. Trong IPSec Policy window mi ny, click Add btu thm vo cc IP Filters v Filter Actions.



45/51

7. Trong Welcome window, click Next.8. Trong Tunnel Endpoint , m bo rng xc lp mc nh -default

setting, c chn v click Next.



46/51

9. Trong Network Type windows, chn All Network Connections vclick Next.



47/51

10. Trong IP Filter List window chn "All ICMP Traffic" (hoc bt c IPFilter no config bc #5). V mt l do no , nu bn chaconfig IP Filter trc , gi y c th nhn Add v bt u khi to. Khi thc hin, click Next.



48/51

11. Trong Filter Action window chn "Block". (nu trc bn chacuhnh Filter Action ng c th thc hin li y, bng cch nhn Addv khi ta. Khi thc hin, click Next.



49/51

12. Nhn thy IP Filter c to.



50/51

Ngoi nhng cu hnh thc hin, bn c th to tip bt k s kt hp no

gia IP Filters v Filter Actions m bn mun.Bn c nhn thy rng bn khng th thay i trnh t sp xp ca chng nhtrn cc firewalls thc th ?. Bt chp iu ny, cu hnh chng ta va thc hins lm vic hon ho ...

Giai on k tip l p t IPSec Policy.

p t IPSec Policy

1. Ti cng MMC console, right-click vo IPSec Policy mi v chnAssign.



51/51

Thc hin xong, gi y bn c th kim tra cu hnh bng cch thc hin lnhping v kim tra kt qu phn hi.


Documents

IPSec Va Cac Muc Dich Su Dung - Smith.N Studio