Ids/Ips
Total Page:16
File Type:pdf, Size:1020Kb
--,.---------------------------------- EO THONG TIN vA TRUYEN THONG CONG HOA xA HOI CHiT NGHIA VII::T NAM DQc qp -T\I' Do - Hl}.nh Phuc S6:'u5J1BTTTT-VNCERT Ha NQi, ngay • V/v Huang dful dam bao an toan thong : /\p C8AJj S:'~~G'lGrf~P CAOSJ Vi~TNAM tin cho cac C6ng/Trang thOng tin di~n t\r 'IAN PliCl,G Dill J,tN"A NO: ~. s6: .2.-.4.6 . T';ProAN CON~ ~PCSYN DEN Ngay:.OLLi.o.1.-1. .' eJ!. Aj0.,t N "'-I. "/I'<'~~""..•••••••••.•Cac Bi), COquan ngang Bi), COquan trvc thui)c C phu. nr~(c)N) iJE N~y:!l1..W~.ILUBND cac tinh, thanh ph5 trvc thui)c Trung uang, Chuy~n:....I(<r... ~~..r••••••••• .............. Th\Ic hi~n chi d:;to cua Thu tuOng Chinh pM v~ vi~c dam bao an toan 17~ong tin cho cac c6ng thong tin di~n tu, dang thai ~S th5ng nh~t v~ ni)i dung va ~ phuang phap quan Iy an t01m thong tin theo yeu cau cua Nghi diM cua Chinh phu s5 4312011/ND-CP ngay 13/612011, Bi) Thong tin va Truy~n thOng hUOng d~n cac co quan nha nuac triSn khai ap d\lng tM li~u "HuOng d~ mi)t s5 bi~n phap ky thu~t co ban dam bao an t01mcho c6ng/trang thong tin di~n ill". Hi li~u nay bao gam mi)t s5 bi~n phap ky thu~t thiSt ySu nh~t nh~m dam bao xay d\Iilg va v~ hanh an toan cac c6ng/trang thOng tin di~n ill va dugc trinh bay trong van ban gui kern theo cong van nay. Trong qua trinh triSn khai th\IC hi~n, m9i gop Y va d~ xu~t xin dS ngbi Quy co quan phan anh v~ Bi) Thong tin va Truy~n thong, Trung tam lrng CUu khiin cfrp may tinh Vi~t Nam (VNCERT). Xin tran tr9ng cam an.!. ~ KT. Be:>TRUONG Noi nlt(in: ,r"" ~lWTRUONG - Nhu tren; _ , /,'J:;;:~,,:--':"~'. -Ph6TTgCPNguyenThi~nNhan(deb/c); 1.::>///' 7JIc,. ' - BQ TT&TT: BQ truang va cac Thu truang, cac co; ':, (., .•.. , c quan dan vi thuQc BQ; , :.: 1>' "r"t •••....~" l . -VanphongTWDang; ' .. ".,' ., .•.• - Van phong Qu6c hQi; ". • -, <),~ - Van phOng Chinh phil; , "NgIiyl~Minh HBng - Co quan TW cac doan the; - Toa an nhan din t6i cao; - Vi~n ki~m sat nhan din t6i cao; - Ki~m toan nM nu6c; - Ban chi d;to qu6c gia v~ CNTT; - Ban chi d;to CNTT cac co quan Dang; - Dan vi chuyen trach CNTT cac BQ, co quan ngang BQ, co quan chinh phil; - Sa TT&TT cac tinh, TP thuQc TW; - Cac t(ip doan kinh t,s NN; - Luu VT, VNCERT. HUONGDAN M()T SO BIJ):N PHA.P KY THU~ T co BAN DAM BAo AN ToAN CHO CONG/TRANG THONG TIN DIJ):N TlJ' (Kern thea eong win s6l.1JVBTTIT'-VNCERT ngay A~/7/2011 eua Bi) Thong tin va Truy&nthong) 1. PH~M VI VA DOl TU<}NG A.P DT)NG 1.1. Phl].m vi lip d\lng Tai li~u hu6ng dfin nay duQ'c xay d\)11gnh~m m\lc dich cung dp nhfrng kiSn thuc va chi dfin ky thu~t co bi'm vS vi~c dam bao an toan thong tin (ATTT) d6i vai h~ th6ng ph~n Ctrng va ph~n rnSrn thuQc ci'>ng/trang thOng tin di~n tu (TTDT), cac yeu du thiSt l~p h~ th6ng phong thll va bao v~, qua d6 giup cac don vi quan Iy c6ng/trang TTDT c6 thS danh gia muc dQ ATTT va Iva chQn giai phap pM hqp nh~rn xay d\)11grnQtc6ng/trang TTDT an toano 1.2. Dbi tU"qng lip d\lng Cic c6ng/trang TTDT clla cac co quan nM nuac va cac doanh nghi~p dUQc khuySn cao t6 chuc thvc hi~n ap d\lng t6i da cac bi~n phap nay trong diSu ki~n C\lthS cho phep. 2. TONG QUAN VE CA.C BIJ):N PHA.P KY THU~T CO BAN DAM BAo ATTT CHO CONG/TRANG TTDT MQt trng d\lng web n6i chung hay c6ng/trang TTDT n6i rieng khi triSn khai duQ'c tren rn~ng Internet ngoai ySu t6 rna ngu6n trng dl,mg web, con c6 nhfrng thanh ph~n khac nhu: may chll ph\lc V\l web, h~ quan tri co sa dfr li~u,... Do v~y, rnQt c6ng/trang TTDT an toan doi hoi ban than rna ngu6n clla c6ng phai duQ'c I~p trinh an toan, tranh cac 16i bao rn~t xay ra tren trng d\lng web va cac thanh ph~n b6 trQ'nhu may chll ph\lc Y\l web va h~ quan tri co sa dfr li~u cho trng d\lng d6 cling phai dam bao an toano Cac bi~n phap dam bao ATTT cho c6ng/trang TTDT dn duQ'c triSn khai cho tow bQ cac thanh ph~n clla c6ng/trang TTDT, bao g6rn cac nQi dung sau (xern hinh 1): I ": :l ( , 1 ~. '~," ,~l .1 ~t •, .r . "i~ • al•• {,..-:-t ~ ". ',&y,',/"':' I ,J - -H';rrng dh dam baoA.•..IT cho cAng 'nOT " '1 .~ f I < , L ~, h~9 ~.I-~ 4 ~ I '\ Thi~t dilt, vn, cdu J ""II hnnh ling I' Thi~td~lva "f';:f'ffJf t;;Y.!", *~.,~'-'I:~.~ 4_, _ hlnh h~thon" d\l,Iigll'eb.n Ii du hlnh Clr sO' .~.J.';~';-'\ t- .',...:.:•.•• mal' chit an toan loan . it +' /, \ . ",:";t •. ~_~!/~~'.: • . J dii' Ii~uan tonn ~,- "' ' . J (~;t-i ~;(;.., ,~,",' ~ j < .l( ••") ': c. ;-.: . v :{ "jf~ j . .3t " ". r;' . .,' I .•. ... N ~ ~_ Xae djnh eliu Tri~1Ikhai h~ Mal' chli I Ki0m tra hO:,11 I Cilld~tcae ling true web thAh" phiJlI" thii Linux Thi~t I"p cO' eh~ 1 dQ,ng wcb an " d\lng blio v~ sao Itru vii ph \Ie hAi ..I loan r . ,::;-------- /, Phan IO\li M:iyehi, >... ITa chile m~']', I' . .,cau true wcb \. 1Windows Khac ph\IC L C" ch~",10 lUll )11 hlnh Ill\lng ; "I c:ic 16i phIl I. ~ri i 'T'h¥'~ '. hlrr ]5' ... _. , May chli web bi~ntren web ti- CO' eh.! phVe h6i II Cac IMnh ("'r-- .. '::',:;, l' t- $,*.'''<le, o" E) . " p~An trong T6 ehile cae • ''''1Ft'' I eau trllC web h9 thang ~I" , phongthU ~, , <E~,"; -'.~._"; I .. ~. I • Hinh 1. N9i dung &im bao AT1T cho cong/trang TTDT . • ::'1 -I - xac djnh du truc web: giup nguai quan trj xac djnh dugc rna hinh thi~t k~ web cua don vi, qua do co bi~n phap t6 chtrc rna hinh web hgp ly, tranh dugc cac ~~ na.ng t~n co~g leo thang d~c q~y€n. ,~- . -, Trien'khai h~ t~ong phOng thn:, gam hai nOi dung chinh la ~J.':;~~ ,hjnh 'm~hg ITgifly va to chtrc cac h~ thong phong thu, giup n~aj~,uil.n.!!:l,.,c:{)':"i ~ ,,~~', :'cach nhin t6ng quan v€ toan bO rna hinh m~~bYFg!trflng*[~DT cua minh, •qua do t6 chtrc rna, hinh ,m~~J1gpdy ~~~lr t~;et.~~?:~h~ th~ng p~ong t~u quan trQng nhu tU~~[1~et b! phat hl~n/phong, chong xam nh~p (IDS/IPS), tUSm8<irfa'mtrCung d\mg web (WAF-web application firewall). , -.......... ~ ~ ' , . ~'Fifi~t d~t va cau hinh h~ thong may ch~ an toan: day la mOt phan rat 7:=trQng tmng vi" d'm b'" vOn bOnb mot ,ongltroog TIDT '" tolm. NOi ~.. dung nay giup nguai quan trj du hinh h~ thbng may chu mOt cach hgp Iy, giam .~ _. thiSu kha nang bi tin t?C t~n cong VaGmay cM lamanh huang d~n ho~t dOng cua c6ng/trang TTDT. - V~n Mnh ",ng dl]ng web an toan: trinh bay cac nOi dung ca ban Clln th\fc hi~n dS v~n hanh mOt trng d\mg web an toan.,Nguai quan tri co thS tham khao ph~n PhI) II)CI "Muai 16i ATTT ph6 bi~n tren c6ng/trang TTDT" dS qua do nh~n di~n nguy ca m~c 16i cua c6ng/trang TTDT t~i don vi, co bi~n phap , kh~c phl)c hgp Iy ho~c sua d6i rna ngu6n web dS lo~i b6 cac nguyca noitren. .-------- -- . - Thi~t (J~t'va du hinh cO'sO-du' Ii~u an toan: d5.ycling la mQt ph~n r~t quan trQng trong vi~c v~n hanh mOt c6ng/trang TTDT. CO"sa dfr li~u la nO"iluu trfr toan bO dfr li~u quan trQng cua c6ng/trang TTDT, vi v~y thuang bi tin t?C tim cach cin cong va khai thac. NOi dung nay giup nguai quan tri hiSu yeu ClluthiSt d~t hgp ly cho ca sa dfr li~u, tranh cac 16ico thS d~n dSn kha nang bi t~n congo - Cai d~t cac u'ng dl]ng bao v~: ngoai vi~c kh~c phl)c 16i cho cac thanh ph~n cua mOt c6ng/trang TTf)T, nOi dung nay se trinh bay vi~c' cai d~t cac trng dl)ng bao v~ nhu h~ thbng chbng virus (Anti-Virus) hay h~ thbng phat hi~n xam nh~p may tinh (Host Based IDS) nh~m bao v~ c6ng/trang TTDT mOt cach cM dOng va t6ng quat. - Thi~t I~p cO' ch~ sao hru va phl]c hai: Vi~c thiSt l~p cO"chS sao luu thuang xuyen cho h~ thbng nh~m giup luu I~i cac tinh tr~ng khi h~ thbng ho~t dOng 6n dinh.