2015 01 an ban mua xuan

Download 2015 01 an Ban Mua Xuan

Post on 14-Feb-2018

223 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

  • 7/23/2019 2015 01 an Ban Mua Xuan

    1/31http://fb.com/group/cissp.attt

    2015 - n bn ma xun

    Ngy 30 thng 01 nm 2015

    Ti sao ti gia nhp nhm ny?Cm nhn ca anh Lng Trung Thnh v nhm.

    H thng IDS/IPS v HoneypotL NGC SN - Tip theo phn 1 ng trong n bn ma thu - 2014

    Quy trnh - Cng Ngh - Con NgiBi ngy cn c v d khi ng dng DLP vi bi trang 20

    ISO/IEC-27001Li ch & Tng quan p dng

    Web Application Penetration TestingBi vit ca mt cy bt n u tin n t H Ni.

    cissp.attt@gmail.com

    C

    HIN

    TRAN

    H

    M

    NG

  • 7/23/2019 2015 01 an Ban Mua Xuan

    2/31

    Mc lc

    Tng kt nm 2014

    Chin tranh mng

    H thng pht hin tn cng mng ch ngs dng IDS/IPS v Honeypot - tt

    Defense in depth (tt)

    Quy trnh - cng ngh - con ngi

    ISO/IEC 27001Li ch v tng quan p dng

    DLP trong vng xoyQuy trnh - Cng ngh - Con ngi

    Web Application Penetration Testing

    Ti sao ti gia nhp nhm ny?

    Ban c vn

    NGUYN TRUNG LUNCISSP, CISA - Mi2 JSC.

    TRN NGC MINHCISSP, CISA - Sacombank

    NG XUN QUCISSP - SGBank

    LNG TRUNG THNHCISA, CISM

    TRN NGC MINH

    TRN CH CN

    L NGC SN

    VI MINH TOI

    LNG TRUNG THNH

    PH NGUYN

    LNG TRUNG THNH

    NGUYN TH THU HIN

    LNG TRUNG THNH

    [02]

    [03]

    [05]

    [07]

    [12]

    [14]

    [17]

    [20]

    [22]

    [29]

    022015 - n bn ma xun

    Bt u t n bn ny, chng ti s ch gii thiutc gi mi, cc tc gi vit bi trc y, ccbn xem thng tin v tc gi cc n bn trc

    nh.

  • 7/23/2019 2015 01 an Ban Mua Xuan

    3/312015 - n bn ma xun

    Knh tha Qu Bn c,

    Thay mt Nhm, ti im qua mt s hot ng ni bt trong nm 2014 vtng hp cc xut ca cc thnh vin v chng trnh s thc hin trongnm 2015.

    Nm 2014, chng ta rt mnh m trong vic thc hin cc thay i. u

    tin, Nhm chuyn t hnh thc hot ng online sang offline, chuyn t ccbui trnh by vi cc vn ngn, ri rc sang hnh thc trnh by cc chc chng, hi l ton b chng trnh CISSP. C iu g ti cn ln cntrong vic hon di hn cc sinh hot theo ch bn ngoi (chng trnhCISSP) nhng r rng iu kin cha cho php chng ta chy, x l song songnhiu vn .

    Khi Nhm th Nht c hnh thnh, to mi lin kt nht nh gia ccthnh vin v cng c g ci g k tha cho cc Nhm sau, chng ta quyt tm v pht hnhc Hai k Tp ch. Vi tiu ch va hc va chi v

    khng gii hn, Tp ch ca chng ta bc u c nhng ngi lmngh quan tm. Tht s, ti rt vui khi thnh thong c ai gi in hoc traoi qua cc knh khc nhau c nhc v vi thiu st no ca Tp ch hoc/vc nhng gp lm sao Tp ch ngy cng tt hn.

    Mt trong nhng tiu ch nh gi mc thnh cng chnh l cng vicphi hon thnh v c sn phm u ra nh ra. Nhm th Nht c bn hon thnh ng lch trnh v tuy hin ch mi c mt thnh vin thi u CISSPnhng ti rt tin tng rng trong thi gian ngn tip ngay sau y con s sc nng ln nh k vng, c t nht 4 CISSP cho Nhm th Nht.

    Chng ta l mt nhm m, khng phi l mt t chc nhng hot ng rt ct chc. V th, vic Logo ra i s thc y s gn kt gia cc thnh vin vinhau. Nhn y, Nhm gi li cm n su sc ti anh Trn Ch Cn (cng lthnh vin), ngi a ra tng v thit k Logo cho Nhm. Logo cchn c hnh thc n gin nhng mang nhiu ngha, ph hp vi giai onpht trin hin ti ca Nhm. Ch cn nhn vo trong 03 giy l bn c thnhn ra ngay t tng chnh ca Nhm.

    03

    Tng kt hot ng nm 2014TRN NGC MINH

  • 7/23/2019 2015 01 an Ban Mua Xuan

    4/31

    V K hoch nm 2015:

    Nhm th Hai c cng b v hnh thnh s b. Nhm s chnh thc cnhng hot ng u tin k t ngy 01/03/2015.

    V hnh thc hot ng th c bn vn nh Nhm th Nht trong chng trnh(giai on u). Sau , chng ta c th s m rng bng cch mi gi ccthnh vin khu vc pha bc tham gia cng. Hnh thc sinh hot lc ny vn ltp trung nhng c hai u cu, pha nam v pha bc. tng hnh thnh,c s h tng cng khng phi l iu g qu phc tp. Quan trng vn l sng h, quyt tm ca cc thnh vin tham gia. Nu kt qu ban u cho thy

    chng ta tin nhanh hn, bc tin vng chc hn, chng ta tin n s dnghnh thc phn tn 100% cho cc sinh hot Nhm v sau.

    Trong nm 2015, chng ta vn tip tc cho pht hnh t nht 04 k Tp ch vn bn ma Xun ny c xem l ku tin ca nm. Cc thnh vin chcht vn cho rng y l vic lm thit thc, l sn chi b ch anh em c chi th sc vit, kh nng trnh by ca mnh.

    Mt cch rn luyn mi (vi chng ta) v kh nng trnh by, din thuytangc nghin cu mt cch thn trng lt chc cc trn chin, tranh lun,

    phn bin theo phng php i u trc tip. Phng php ny sc chngta nghin cu k v c th p dng t na sau ca chng trnh sinh hot caNhm th Hai.

    Cng nhau khi ng d n Framework, ti sao khng? Vic xy dng mtFramework An ton thng tin cho mt (vi) lnh vc ngnh ngh vi bn scVit l iu m mt s thnh vin c cng suy ngh, c tm huyt ang tnh n.y cng l vn ang c cn nhc c th khi ng trong nm 2015.Mt d n ln, mt chui cc th thch tuyt vi m d thnh cng hay tht bicng s gp phn rt ln a Nhm ln mt level cao hn.

    Trn trng!

    TRN NGC MINH

    042015 - n bn ma xun

  • 7/23/2019 2015 01 an Ban Mua Xuan

    5/3105

    Trc tin cn phi ni r l ti dng chchin tranh mng y khng ng nghavi my ci Cyber war g m my anhhay nghe tuyn truyn trn bo M, Trung,Nga, Triu Tin, v c Vit Nam gn y.Ti dng ch ny ch ni rng ti dngngn ng ca chin tranh ni n vn bo mt mt doanh nghip. V ti chdng mc . Cn anh no c ngh mtquc gia l mt doanh nghip c (siu) ln

    th ty.

    Chin tranh c ti hiu n gin rng haibn chin vi nhau tranh mt ci g m c hai u mun. Nhng bo mt thli c ngha l c mt ai mun bo vmt ci g b mt. Tt nhin s c bncn li chin c ginh ly ci b mtny. V ti mc nh chng ta y l mtai trong cuc chin gi thnh ny.

    Chin gi thnh, ti ch nghe my t nyt ming ca my anh hay chi game nhtrn, hay trong tiu thuyt kim hip. Lytiu thuyt ni th chc khng hay bngmt cuc chin tht s, nn thi. C lycuc chin tranh bo v t quc ca chngta ra m ni vy. Bt u bng:

    Chin tranh nhn dn

    Bn ch ny l chin lc gip Vit Namchin thng trong tt c cc cuc chintranh bo v t quc t xa n nay. Vy thn c lin quan g n bo mt? Nu chngta xem CSO l mt ng tng, cc SecurityEngineer l cc tinh binh, cc anh IT khc lcc chin binh, th Users s l lc lng cnli : nhn dn. Qun i m khng cs ng h ca nhn dn th khng th nodnh chin thng. Lm bo mt m khng

    c s ng h ca ngi dng th cm chctht bi. Nu nhn dn l cht nc, thngi dng l ch ca my anh security.Gn y, ti hay nghe hi: user bn ti th

    ny, user bn kia mun th n, v tiphi lm sao? Lm sao ai bit lm sao?Ch bit rng l bo mt, my anh ngchm chm i i ph user, v h mi li tng m cc anh cn bo v v phcv ch khng phi i th ca cc anh.Vy lm sao c th c s hp tc caenduser? Chng cn cch no khc ngoivic i vn ng. H s hp tc khi nhnra cng vic ca chng ta mang li li ch

    cho h, v h mt nhiu hn c nunh h thng mt an ton. Thay v ngncm user lm mt vic g y, trc tinhy tm hiu v sao h lm vic , v vmc ch g. Mt khi anh lm bo mthiu c hot ng ca user th mi cc hi thnh cng. Nn nh, user l ngch ca cc anh, khi no c c hi, hytranh th m tm hiu h cng nhiucng tt.

    Kim sot giao thng

    Trong chin tranh, bn no cng s tinhnh kim sot cht ch ti cc cakhu, bn cng, bn xe, Nhng kimsot, khng c ngha l ngn chn. Chintranh khng c ngha l mi hot nggiao thng u b ngng tr. Nu anhnm gi mt vng t m mi hot ng

    giao thng u b nh tr th chngmy chc s chng cn lng thc,hu cn lm l do tn ti ca cucchin. Bo mt, khng phi c ngtinternet l s an ton. M ngc li, cngphi thc y cho cc giao dch nynhanh hn, mnh hn, v nhiu hn.Gio trnh CISSP lun lun c vn bussiness ln hng u, sau mi ncc vn khc l do vy. Khng ai

    mun chim mt ci thnh cht.Nhng nh vy, khng c ngha l aicng thoi mi, lm g cng c m mi

    2015 - n bn ma xun

    TRN CH CN

    CHIN TRANH MNG

  • 7/23/2019 2015 01 an Ban Mua Xuan

    6/3106

    th phi nm trong khun kh. Khng

    cm on iu g, nhng phi bo m miiu u nm trong tm kim sot. Bt khnh ng nghi ng no, bt k lc nocng c thc t vo vng gim st.Gim st g, lc no chnh l trch nhimca chng ta.

    Lut l

    Chin tranh, chng cn phi t qu nhiulut l. Lut l ch dnh cho thi bnh myng quan ngi rnh rang ngi son tronglc chng bit lm g. Chuyn binh ao,tin h th vi cng, trc khi xut binh,phi lm cng vn xin php 7-8 ni ththi nh cho khe. My ci th tc giy tch lm cho cng vic cng ngy cngchm. Nn nu cng vic hin ti vn n,th nn hc theo my anh nh nc cicch hnh chnh, rnh ri ngi kim myci th tc no bc th b. ng ph

    tm c m son thm sinh lm chuyn.n lc user m ku ca l cng vic dony chm qu th my anh xem nh toi.

    Luyn binh

    Trong thi chin, binh s c rn luynthng xuyn qua thc chin. Nhng trongthi bnh th khng c vy. C thi gianri th nn tn dng xy dng mt i

    tinh binh dng khi hu s. Nm va ri, Vit Nam chng c bao nhiu cuc chin.Nhng cuc chin no kt thc, phn thuacng nm pha bn ta. l v nhiu nmri khng c ai tri qua thc chin, ri nlc cn chin, khng c nhiu ngi nhphi chin nh th no. l cn cha ninhiu nm khng tp trn, n lc ra chintrng, khng bit phi hp vi ai, phihp nh th no. Khng thua mi l

    chuyn l.

    Do thm

    Khng c cuc chin no m khng c stham d ca lc lng do thm bo. Bitngi bit ta, trm trn trm thng. Tin tcchnh xc mang v t cc i do thm s gpphn quan trng cho cc quyt nh chin lctrn chin trng. nh ai, nh u, nh lcno u ph thuc vo cc kt qu ny. Vimi trng mng hin nay, nu ch t ccthit b theo di bn trong, hay ti cc cngmng thi th cha . Bi i th ca chng ta

    khng nm , m c mt khp ni trnkhng gian internet ny. Ni th, t thit btheo di c ci internet ny th chc khng ailm ni. Vy nn ch c cch l chng ta philin kt v cng chia s thng tin cho nhau thmi mong nm c tng i tnh hnh. Vchng ta c th tm kim thng tin ti cc imtng hp thng tin trn mng, hoc bt cu c th. T trn bn nhu, t bn b, ngnghip, M nh cao ca ngh thut ny, ccbn hy tm ch anh Dng sensor. (Join vo

    group, ti s gii thiu cho bn anh Dngsensor l ngi no. ).

    K ny, bn nhiu y thi. C thi gian, k sau,chng ta s tip tc vi cc kha cnh: tnh bo,ngy trang, hay cc vn chin lc khc.

    TRN CH CN

    2015 - n bn ma xun

  • 7/23/2019 2015 01 an Ban Mua Xuan

    7/3107

    Bi vit s trc trnh by m hnh tng quan ca h thng pht hin, ngn chnchng xm nhp da vo s phi hp ca cc IDS/IPS v honeypot. Trc khi i vochi tit v s kt hp, chng ta hy tm hiu s qua cc cng ngh ny.

    H thng pht hin xm nhp (Intrusion Detection System - IDS)