4 c ch bo mt

1. khin truy cp: qun l cc truy cp vo h thng cc csdl

Cc bc: nh danh -> xc thc -> u quyn
C ch: cch thc 1 truy cp c cho php hay t chi
iu khin truy cp tu quyn
iu khin truy cp bt buc
2. iu khin suy lut: l qun l, iu khin cc truy cp vo nhng c s d liu thng k bi v nhng d liu thng k c
th suy ra c nhng thng tin nhy cm.
3. Knh bin i: l nhng knh truyn m qua dng thng tin c th c truyn ngm ra bn ngoi mt cch bt hp
php. C 2 loi convert channel:
Knh lu tr (Storage channel): thng tin c truyn qua nhng i tng lu tr trung gian
Knh thi gian (Timing channel): mt phn thng tin c th b l ra ngoi thng qua thi gian tnh ton cc d liu
lin quan n thng tin .
4. M ho: l nhng gii thut tnh ton nhm chuyn i nhng vn bn gc (plaintext), dng vn bn c th c c, sang
dng vn bn m ha (cyphertext), dng vn bn khng th c c
M ha d liu c s dng bo v nhng d liu nhy cm
Nhng thch thc trong bo mt:
m bo tnh bo mt ca d liu Bo mt knh truyn
m bo tnh ton vn ca d liu Bo mt mc vt l
m bo tnh sn sng ca d liu Yu t con ngi
Bo mt h thng lu tr d liu Qui trnh bo mt d liu
Bo mt ng dng Kh khn trong vic chng li ti phm mng

Cc loi attacker:
Hacker : Employees :
Nhng chuyn gia v my tnh Mt trong nhng mi e da ln nht v an ton
Tn cng h thng mng my tnh ch r thng tin
nhng l hng ca h thng (White Hats) Mc ch tn cng ca Nhn Vin :
Script Kiddies : Tm kim nhng l hng v khc phc
Khng phi l chuyn gia my tnh Mun chng minh : Ti gii hn mi
S dng phn mm tn cng h thng mng ngi
vi mc ch khng tt V Tin
Spies Cybercriminals :
Nhng chuyn gia v my tnh Nhng ngi c kin thc v my tnh
c thu tn cng h thng, khai thc thng Mc ch tn cng gy hong lon
tin,.
5 bc tn cng
o Thm d thng tin o Tn cng nhng dch v khc trong h
o Thm nhp h thng thng
o Chnh sa chnh sch o Xa vt
 Aaa:
Authentication : cch xc nhn i tng
Thng tin gip nhn din i tng khng trng nhau
Xc thc c th da trn 1 hay nhiu yu t :
Bn bit ci g : Username v Password
Bn c ci g : Smart card, identification device
Bn l ai : xc thc trc sinh hc (vn tay, vng mc ca mt)
Authorization : quyn hn ca i tng
Sau khi xc thc thnh cng th User s c cp quyn hn (Right v Permission) lm vic trong h thng.
Accounting : theo di hnh ng ca i tng
Cc loi xc thc:
One-Time Password (OTP)
One-time password (OTP) l password ch
c gi tr trong 1 ln logon.
Cc phng thc to ra password mi :
Time-synchronized : Hardware +
Clock
Random, Password c, kha b mt
Mathematical algorithms One-
way function
Cc phng thc gi OTP :
SMS
Token
Xc thc sinh trc hc: vn tay, vng mc mt
Standard Biometrics : s dng nhng c tnh vt
l trn c th ca tng c nhn xc thc : vn
tay, vng mc, khun mt,..
Vn tay c s dng rng ri nht.
C 2 loi vn tay :
Static fingerprint scanner
Dynamic fingerprint scanner
Behavioral Biometrics : s dng hnh ng ca c
nhn xc thc h
Keystroke Dynamics
Voice Recognition
Computer Footprinting
Keystroke Dynamics : s dng nhp g bn phm
ca ngi dng xc thc h.
C 2 yu t chnh trong vic xc nh nhp g
:
Dwell time : khong thi gian tnh t khi
nhn mt nt ti khi th nt ra
Flight time : khong thi gian ch nhn
nt tip theo.
Voice Recognition : da vo cht ging xc thc
Voice : cht ging khi ni
Speech : li ni, cch ni
Computer Footprinting
V d : IT Manager phi thng xuyn ng
nhp vo h thng theo di. Anh ta nn ng nhp
nh th no bo mt :
V tr : Ngi ti ni cng cng :
qun c ph, nh bn b, ???
Thi gian : truy cp vo h thng
bt c thi im no ???
My tnh : ngi ti bt c my no
ng nhp ???
Computer Footprinting : da vo v tr a
l, thi gian ng nhp, nh cung cp dch v, thng
tin v cu hnh my tnh.
Cognitive Biometrics : da vo s nhn thc, qu
trnh suy ngh v s hiu bit ca ngi dng xc
thc h