Txuas mus rau lwm qhov chaw ntawm kev kawm
- (Koj nyob ntawm no)
Kab lus no ua tiav cov ntawv tshaj tawm uas tau mob siab rau kom ntseeg tau cov ntaub ntawv kev nyab xeeb ntawm cov nyiaj hauv tuam txhab uas tsis yog nyiaj ntsuab. Ntawm no peb yuav saib cov qauv kev hem thawj raug xa mus rau hauv :
- .
- .
- .
- .
HABRO-WARNING!!! Nyob zoo Khabrovites, qhov no tsis yog ib qho kev lom zem tshaj tawm.
40+ nplooj ntawv ntawm cov ntaub ntawv muab zais hauv qab txiav yog npaj rau pab ua haujlwm lossis kawm cov neeg tshwj xeeb hauv tuam txhab nyiaj lossis cov ntaub ntawv kev ruaj ntseg. Cov ntaub ntawv no yog cov khoom kawg ntawm kev tshawb fawb thiab sau rau hauv ib lub suab qhuav, formal tone. Hauv qhov tseeb, cov no yog qhov khoob rau cov ntaub ntawv kev ruaj ntseg hauv cov ntaub ntawv.Zoo, tsoos - "Kev siv cov ntaub ntawv los ntawm tsab xov xwm rau lub hom phiaj tsis raug cai raug txim los ntawm txoj cai". Kev nyeem ntawv zoo!
Cov ntaub ntawv rau cov neeg nyeem uas paub txog qhov kev kawm pib nrog qhov kev tshaj tawm no.
Txoj kev kawm yog dab tsi?
Koj tab tom nyeem phau ntawv qhia rau tus kws tshaj lij lub luag haujlwm kom paub meej cov ntaub ntawv kev nyab xeeb ntawm kev them nyiaj hauv tuam txhab nyiaj.
Logic ntawm kev nthuav qhia
Thaum pib hauv ΠΈ piav qhia txog cov khoom tiv thaiv tau muab. Ces nyob rau hauv piav qhia txog yuav ua li cas los tsim kom muaj kev ruaj ntseg thiab tham txog qhov xav tau los tsim cov qauv kev hem thawj. IN tham txog cov qauv kev hem thawj dab tsi tshwm sim thiab lawv tsim li cas. IN ΠΈ Kev tshuaj xyuas ntawm kev tawm tsam tiag yog muab. ΠΈ muaj cov lus piav qhia ntawm tus qauv kev hem thawj, tsim los rau hauv tus account cov ntaub ntawv los ntawm txhua qhov chaw dhau los.
TYPICAL THREAT MODEL. NETWORK CONNECTION
Cov khoom tiv thaiv uas tus qauv kev hem thawj (scope) raug siv
Lub hom phiaj ntawm kev tiv thaiv yog cov ntaub ntawv xa mus los ntawm kev sib txuas hauv lub network ua haujlwm hauv cov ntaub ntawv network tsim los ntawm TCP / IP pawg.
architecture
Kev piav qhia ntawm architectural element:
- "End Nodes" - nodes pauv cov ntaub ntawv tiv thaiv.
- "Intermediate nodes" - cov ntsiab lus ntawm cov ntaub ntawv sib txuas lus: routers, keyboards, nkag mus rau servers, proxy servers thiab lwm yam khoom siv - los ntawm kev sib txuas hauv network. Feem ntau, kev sib txuas hauv lub network tuaj yeem ua haujlwm yam tsis muaj qhov nruab nrab ntawm qhov nruab nrab (ncaj ntawm qhov kawg nodes).
Sab saum toj-theem kev ruaj ntseg hem
Decomposition
U1. Tsis tso cai nkag mus rau cov ntaub ntawv xa mus.
U2. Tsis tso cai hloov kho cov ntaub ntawv xa mus.
U3. Infringement ntawm authorship ntawm kis cov ntaub ntawv.
U1. Tsis tso cai nkag mus rau cov ntaub ntawv xa mus
Decomposition
U1.1. , nqa tawm ntawm qhov kawg lossis nruab nrab ntawm:
Ua 1.1.1. los ntawm kev nyeem cov ntaub ntawv thaum nws nyob hauv cov chaw cia khoom:
U1.1.1.1. hauv RAM.
Kev piav qhia rau U1.1.1.1.
Piv txwv li, thaum lub sij hawm ua cov ntaub ntawv los ntawm tus tswv tsev lub network pawg.
U1.1.1.2. nyob rau hauv lub cim xeeb tsis-volatile.
Kev piav qhia rau U1.1.1.2.
Piv txwv li, thaum khaws cov ntaub ntawv xa mus rau hauv lub cache, cov ntaub ntawv ib ntus lossis cov ntaub ntawv sib pauv.
Ua 1.2. , ua tiav ntawm cov neeg thib peb ntawm cov ntaub ntawv network:
U1.2.1. los ntawm txoj kev ntes tag nrho cov pob ntawv tuaj txog ntawm tus tswv tsev lub network interface:
Kev piav qhia rau U1.2.1.
Kev ntes tag nrho cov pob ntawv yog ua los ntawm kev hloov daim npav network mus rau hom promiscuous (promiscuous hom rau wired adapters lossis saib hom rau wi-fi adapters).
U1.2.2. los ntawm kev ua haujlwm ntawm tus txiv neej-hauv-tus-nruab nrab (MiTM) tawm tsam, tab sis tsis hloov cov ntaub ntawv xa mus (tsis suav cov ntaub ntawv kev pabcuam network).
U1.2.2.1. Txuas: .
Ua 1.3. , ua tiav vim cov ntaub ntawv xa tawm los ntawm kev tshaj lij (TKUI) los ntawm lub cev los yog kab sib txuas lus.
ua 1.4. , nqa tawm los ntawm kev txhim kho kev tshwj xeeb txhais tau tias (STS) ntawm qhov kawg lossis nruab nrab ntawm, npaj rau kev sau cov ntaub ntawv zais cia.
U2. Tsis tso cai hloov kho cov ntaub ntawv xa mus
Decomposition
U2.1. , nqa tawm ntawm qhov kawg lossis nruab nrab ntawm:
U2.1.1. los ntawm kev nyeem ntawv thiab hloov pauv cov ntaub ntawv thaum nws nyob hauv cov khoom siv cia ntawm cov nodes:
U2.1.1.1. hauv RAM:
U2.1.1.2. nyob rau hauv tsis-volatile nco:
U2.2. , ua tiav ntawm cov neeg thib peb ntawm cov ntaub ntawv xa tawm network:
U2.2.1. los ntawm kev ua tus txiv neej-hauv-tus-nruab nrab (MiTM) tawm tsam thiab hloov tsheb mus rau cov neeg tawm tsam cov node:
U2.2.1.1. Kev sib txuas ntawm lub cev ntawm cov cuab yeej tawm tsam ua rau kev sib txuas ntawm lub network tawg.
U2.2.1.2. Ua tawm kev tawm tsam ntawm network raws tu qauv:
U2.2.1.2.1. kev tswj hwm virtual hauv zos network (VLAN):
U2.2.1.2.1.1. .
U2.2.1.2.1.2. Kev hloov pauv tsis tau tso cai ntawm VLAN chaw ntawm cov keyboards lossis routers.
U2.2.1.2.2. kev khiav tsheb khiav:
U2.2.1.2.2.1. Kev hloov pauv tsis raug tso cai ntawm static routing tables ntawm routers.
U2.2.1.2.2.2. Tshaj tawm ntawm txoj kev tsis tseeb los ntawm cov neeg tawm tsam los ntawm dynamic routing raws tu qauv.
U2.2.1.2.3. tsis siv neeg configuration:
U2.2.1.2.3.1. .
U2.2.1.2.3.2. .
U2.2.1.2.4. chaw nyob thiab lub npe daws teeb meem:
U2.2.1.2.4.1. .
U2.2.1.2.4.2. .
U2.2.1.2.4.3. Kev hloov pauv tsis tau tso cai rau cov ntaub ntawv lub npe hauv zos (tus tswv, lmhosts, thiab lwm yam)
U3. Ua txhaum cai ntawm cov ntaub ntawv xa mus
Decomposition
ua 3.1. Neutralization ntawm cov txheej txheem rau kev txiav txim siab txog kev tso cai ntawm cov ntaub ntawv los ntawm kev qhia cov ntaub ntawv tsis tseeb txog tus sau lossis qhov chaw ntawm cov ntaub ntawv:
Ua 3.1.1. Hloov cov ntaub ntawv hais txog tus sau muaj nyob rau hauv cov ntaub ntawv xa mus.
U3.1.1.1. Neutralization ntawm kev tiv thaiv cryptographic ntawm kev ncaj ncees thiab kev tso cai ntawm cov ntaub ntawv xa mus:
U3.1.1.1.1. Txuas: .
U3.1.1.2. Neutralization ntawm kev tiv thaiv kev cai lij choj ntawm cov ntaub ntawv xa mus, siv los ntawm kev lees paub ib zaug:
U3.1.1.2.1. .
U3.1.2. Hloov cov ntaub ntawv hais txog lub hauv paus ntawm cov ntaub ntawv xa mus:
U3.1.2.1. .
U3.1.2.2. .
TYPICAL THREAT MODEL. INFORMATION SYSTEM UA HAUJ LWM NTAWM LUB CHAW UA HAUJ LWM-SERVER ARCHITECTURE
Cov khoom tiv thaiv uas tus qauv kev hem thawj (scope) raug siv
Cov khoom ntawm kev tiv thaiv yog cov ntaub ntawv kaw lus tsim los ntawm cov neeg siv khoom-neeg rau zaub mov architecture.
architecture
Kev piav qhia ntawm architectural element:
- "Client" - ib qho khoom siv uas tus neeg siv khoom ntawm cov ntaub ntawv kaw lus ua haujlwm.
- "Server" - ib lub cuab yeej uas lub server ib feem ntawm cov ntaub ntawv kaw lus ua haujlwm.
- "Cov ntaub ntawv khaws cia" - ib feem ntawm server infrastructure ntawm cov ntaub ntawv system, tsim los khaws cov ntaub ntawv ua tiav los ntawm cov ntaub ntawv kaw lus.
- "Network kev twb kev txuas" - cov ntaub ntawv sib pauv channel ntawm Client thiab Server dhau los ntawm cov ntaub ntawv network. Cov lus piav qhia ntxaws ntxiv ntawm cov qauv qauv tau muab rau hauv .
Kev txwv
Thaum ua qauv ib yam khoom, cov kev txwv hauv qab no tau teeb tsa:
- Tus neeg siv cuam tshuam nrog cov ntaub ntawv kaw lus tsis pub dhau lub sijhawm, hu ua kev sib ntsib ua haujlwm.
- Thaum pib ntawm txhua qhov kev sib ntsib ua haujlwm, tus neeg siv tau txheeb xyuas, txheeb xyuas thiab tso cai.
- Tag nrho cov ntaub ntawv tiv thaiv tau muab khaws cia rau hauv server ib feem ntawm cov ntaub ntawv kaw lus.
Sab saum toj-theem kev ruaj ntseg hem
Decomposition
U1. Ua qhov tsis tau tso cai los ntawm cov neeg tawm tsam sawv cev ntawm tus neeg siv raug cai.
U2. Kev hloov pauv tsis raug tso cai ntawm cov ntaub ntawv tiv thaiv thaum nws ua tiav los ntawm tus neeg rau zaub mov ib feem ntawm cov ntaub ntawv kaw lus.
U1. Ua qhov tsis tau tso cai los ntawm cov neeg tawm tsam sawv cev ntawm tus neeg siv raug cai
Cov lus piav qhia
Feem ntau hauv cov ntaub ntawv kaw lus, kev ua haujlwm yog cuam tshuam nrog tus neeg siv uas tau ua lawv siv:
- kev khiav haujlwm log (cov log).
- tshwj xeeb tus cwj pwm ntawm cov ntaub ntawv cov khoom uas muaj cov ntaub ntawv hais txog tus neeg siv uas tsim lossis hloov kho lawv.
Nrog rau kev sib tham ua haujlwm, qhov kev hem thawj no tuaj yeem decomposed rau hauv:
- ua nyob rau hauv cov neeg siv kev sib kho.
- raug tua sab nraum cov neeg siv kev sib kho.
Ib tus neeg siv sijhawm tuaj yeem pib:
- Los ntawm tus neeg siv nws tus kheej.
- Cov neeg phem.
Nyob rau theem no, qhov nruab nrab decomposition ntawm qhov kev hem thawj no yuav zoo li no:
U1.1. Cov kev ua tsis tau tso cai tau ua nyob rau hauv kev sib ntsib neeg siv:
Ua 1.1.1. ntsia los ntawm tus neeg siv tawm tsam.
U1.1.2. ntsia los ntawm cov neeg tawm tsam.
Ua 1.2. Cov kev ua tsis tau tso cai tau ua nyob sab nraud ntawm cov neeg siv kev sib tham.
Los ntawm qhov pom ntawm cov ntaub ntawv infrastructure cov khoom uas tuaj yeem cuam tshuam los ntawm cov neeg tawm tsam, qhov kev puas tsuaj ntawm cov kev hem thawj nruab nrab yuav zoo li no:
Cov khoom
Kev Nyuaj Siab Decomposition
U1.1.1.
U1.1.2.
U1.2.
Neeg
U1.1.1.1.
U1.1.2.1.
Kev sib txuas network
U1.1.1.2.
Neeg rau zaub mov
U1.2.1.
Decomposition
U1.1. Cov kev ua tsis tau tso cai tau ua nyob rau hauv kev sib ntsib neeg siv:
Ua 1.1.1. ntsia los ntawm tus neeg siv tawm tsam:
U1.1.1.1. Cov neeg tawm tsam tau ua nws tus kheej los ntawm Client:
U1.1.1.1.1 Cov neeg tawm tsam siv cov txheej txheem cov ntaub ntawv nkag mus rau cov cuab yeej:
Ib 1.1.1.1.1.1. Cov neeg tawm tsam siv tus neeg siv khoom lub cev tawm tswv yim / tso tawm txhais tau tias (keyboard, nas, saib lossis kov lub vijtsam ntawm lub xov tooj ntawm tes):
U1.1.1.1.1.1.1. Cov neeg tawm tsam tau ua haujlwm nyob rau lub sijhawm thaum lub sijhawm sib tham, I / O cov chaw muaj, thiab cov neeg siv tsis nyob.
Ib 1.1.1.1.1.2. Cov neeg tawm tsam tau siv cov cuab yeej tswj hwm chaw taws teeb (tus qauv lossis muab los ntawm cov cai tsis zoo) los tswj cov neeg siv khoom:
U1.1.1.1.1.2.1. Cov neeg tawm tsam tau ua haujlwm nyob rau lub sijhawm thaum lub sijhawm sib tham, I / O cov chaw muaj, thiab cov neeg siv tsis nyob.
Ib 1.1.1.1.1.2.2. Cov neeg tawm tsam tau siv cov cuab yeej tswj hwm chaw taws teeb, kev ua haujlwm uas pom tsis tau rau tus neeg siv tawm tsam.
U1.1.1.2. Cov neeg tawm tsam tau hloov cov ntaub ntawv hauv kev sib txuas network ntawm Client thiab Server, hloov kho nws hauv txoj hauv kev uas nws tau pom tias yog kev ua ntawm tus neeg siv raug cai:
U1.1.1.2.1. Txuas: .
U1.1.1.3. Cov neeg tawm tsam yuam kom tus neeg siv ua cov yeeb yam uas lawv tau teev tseg los ntawm kev siv social engineering txoj hauv kev.
Π£1.1.2 ntsia los ntawm cov neeg tawm tsam:
U1.1.2.1. Cov neeg tawm tsam tau ua los ntawm Client (Π):
U1.1.2.1.1. Cov neeg tawm tsam neutralized kev nkag mus tswj qhov system ntawm cov ntaub ntawv system:
U1.1.2.1.1.1. Txuas: .
Ib 1.1.2.1.2. Cov neeg tawm tsam tau siv cov ntaub ntawv txheej txheem nkag mus rau cov cuab yeej
U1.1.2.2. Cov neeg tawm tsam ua haujlwm los ntawm lwm qhov ntawm cov ntaub ntawv network, los ntawm kev sib txuas network rau Server tuaj yeem tsim tau (Π):
U1.1.2.2.1. Cov neeg tawm tsam neutralized kev nkag mus tswj qhov system ntawm cov ntaub ntawv system:
U1.1.2.2.1.1. Txuas: .
U1.1.2.2.2. Cov neeg tawm tsam tau siv cov txheej txheem tsis yog kev nkag mus rau cov ntaub ntawv kaw lus.
Kev piav qhia U1.1.2.2.2.
Cov neeg tawm tsam tuaj yeem txhim kho tus qauv tus neeg siv khoom ntawm cov ntaub ntawv xov xwm ntawm tus neeg thib peb ntawm tus neeg thib peb lossis tuaj yeem siv cov software uas tsis yog tus qauv uas siv cov txheej txheem sib pauv ntawm tus neeg siv khoom thiab tus neeg rau zaub mov.
U1.2 Cov kev ua tsis tau tso cai tau ua sab nraum cov neeg siv kev sib tham.
U1.2.1 Attackers tau ua qhov tsis tau tso cai thiab tom qab ntawd hloov pauv tsis tau tso cai rau cov ntaub ntawv kaw lus ua haujlwm lossis cov yam ntxwv tshwj xeeb ntawm cov ntaub ntawv cov khoom, qhia tias cov kev ua uas lawv tau ua tau ua los ntawm tus neeg siv raug cai.
U2. Kev hloov pauv tsis raug tso cai ntawm cov ntaub ntawv tiv thaiv thaum nws ua tiav los ntawm tus neeg rau zaub mov ib feem ntawm cov ntaub ntawv kaw lus
Decomposition
U2.1. Cov neeg tawm tsam hloov kho cov ntaub ntawv tiv thaiv siv cov ntaub ntawv txheej txheem cov cuab yeej thiab ua qhov no sawv cev ntawm tus neeg siv raug cai.
U2.1.1. Txuas: .
U2.2. Cov neeg tawm tsam hloov kho cov ntaub ntawv tiv thaiv los ntawm kev siv cov ntaub ntawv nkag mus rau cov txheej txheem tsis tau muab los ntawm kev ua haujlwm ib txwm muaj ntawm cov ntaub ntawv kaw lus.
U2.2.1. Attackers hloov kho cov ntaub ntawv uas muaj cov ntaub ntawv tiv thaiv:
U2.2.1.1. , siv cov ntaub ntawv tuav cov txheej txheem muab los ntawm lub operating system.
U2.2.1.2. los ntawm kev ua kom rov qab kho cov ntaub ntawv los ntawm qhov tsis tau tso cai hloov pauv hloov pauv.
U2.2.2. Attackers hloov kho cov ntaub ntawv tiv thaiv khaws cia hauv database (Π):
U2.2.2.1. Attackers neutralize DBMS nkag tswj qhov system:
U2.2.2.1.1. Txuas: .
U2.2.2.2. Cov neeg tawm tsam hloov kho cov ntaub ntawv siv tus qauv DBMS interfaces kom nkag mus rau cov ntaub ntawv.
U2.3. Cov neeg tawm tsam hloov kho cov ntaub ntawv tiv thaiv los ntawm kev hloov kho tsis raug tso cai ntawm kev khiav hauj lwm algorithms ntawm software uas ua rau nws.
U2.3.1. Lub hauv paus code ntawm lub software yuav raug hloov kho.
U2.3.1. Lub tshuab code ntawm software yuav raug hloov kho.
ua 2.4. Cov neeg tawm tsam hloov kho cov ntaub ntawv tiv thaiv los ntawm kev siv qhov tsis zoo hauv cov ntaub ntawv system software.
ua 2.5. Cov neeg tawm tsam hloov kho cov ntaub ntawv tiv thaiv thaum nws raug xa mus ntawm cov khoom ntawm cov neeg rau zaub mov ib feem ntawm cov ntaub ntawv kaw lus (piv txwv li, database server thiab daim ntawv thov server):
U2.5.1. Txuas: .
TYPICAL THREAT MODEL. TSEV KAWM NTAWV SYSTEM
Cov khoom tiv thaiv uas tus qauv kev hem thawj (scope) raug siv
Cov khoom tiv thaiv uas tus qauv kev hem thawj no raug siv sib raug rau cov khoom tiv thaiv ntawm tus qauv kev hem thawj: βCov qauv kev hem thawj. Cov ntaub ntawv kaw lus tsim los ntawm cov neeg siv khoom-neeg rau zaub mov architecture. "
Hauv cov qauv kev hem thawj no, tus neeg siv kev nkag mus rau kev tswj hwm txhais tau tias yog ib feem ntawm cov ntaub ntawv kaw lus uas siv cov haujlwm hauv qab no:
- Kev txheeb xyuas tus neeg siv.
- Cov neeg siv authentication.
- Cov neeg siv kev tso cai.
- Kev sau cov neeg siv kev ua.
Sab saum toj-theem kev ruaj ntseg hem
Decomposition
U1. Tsis tso cai tsim kev sib kho rau sawv cev ntawm tus neeg siv raug cai.
U2. Tsis tso cai nce rau cov neeg siv cov cai hauv cov ntaub ntawv xov xwm.
U1. Tsis tso cai tsim kev sib kho rau sawv cev ntawm tus neeg siv raug cai
Cov lus piav qhia
Qhov kev puas tsuaj ntawm qhov kev hem thawj no feem ntau yog nyob ntawm hom kev txheeb xyuas tus neeg siv thiab kev siv cov cuab yeej siv pov thawj.
Hauv cov qauv no, tsuas yog kev txheeb xyuas tus neeg siv thiab kev lees paub qhov system uas siv cov ntawv nkag thiab lo lus zais yuav raug txiav txim siab. Hauv qhov no, peb yuav xav tias tus neeg siv nkag mus yog cov ntaub ntawv tshaj tawm uas paub rau cov neeg tawm tsam.
Decomposition
U1.1. vim muaj kev cuam tshuam ntawm daim ntawv pov thawj:
Ua 1.1.1. Cov neeg tawm tsam tau cuam tshuam cov neeg siv cov ntaub ntawv pov thawj thaum khaws cia.
Kev piav qhia U1.1.1.
Piv txwv li, cov ntawv pov thawj tuaj yeem sau rau ntawm daim ntawv nplaum daig rau ntawm lub monitor.
U1.1.2. Tus neeg siv yuam kev lossis ua phem dhau ntawm cov ntsiab lus nkag mus rau cov neeg tawm tsam.
U1.1.2.1. Tus neeg siv tau hais cov ntawv pov thawj nrov nrov thaum lawv nkag mus.
U1.1.2.2. Tus neeg siv txhob txwm tshaj tawm nws daim ntawv pov thawj:
U1.1.2.2.1. mus ua hauj lwm cov npoj yaig.
Kev piav qhia U1.1.2.2.1.
Piv txwv li, kom lawv hloov tau thaum muaj mob.
U1.1.2.2.2. rau tus tswv ntiav cov neeg ua haujlwm ua haujlwm ntawm cov ntaub ntawv kev tsim kho vaj tse.
U1.1.2.2.3. rau peb tog.
Kev piav qhia U1.1.2.2.3.
Ib qho, tab sis tsis yog tib txoj kev xaiv rau kev siv qhov kev hem thawj no yog kev siv social engineering txoj kev los ntawm cov neeg tawm tsam.
U1.1.3. Cov neeg tawm tsam tau xaiv cov ntawv pov thawj uas siv txoj hauv kev brute force:
U1.1.3.1. siv cov txheej txheem nkag mus.
U1.1.3.2. siv cov lej cuam tshuam yav dhau los (piv txwv li, lo lus zais hashes) rau khaws cov ntawv pov thawj.
U1.1.4. Cov neeg tawm tsam tau siv cov cai tsis zoo los cuam tshuam cov neeg siv cov ntaub ntawv pov thawj.
U1.1.5. Cov neeg tawm tsam tau rho tawm cov ntawv pov thawj los ntawm kev sib txuas network ntawm Client thiab Server:
U1.1.5.1. Txuas: .
U1.1.6. Cov neeg tawm tsam tau rho tawm cov ntaub ntawv pov thawj los ntawm cov ntaub ntawv ntawm kev saib xyuas kev ua haujlwm:
U1.1.6.1. video soj ntsuam systems (yog hais tias keystrokes ntawm cov keyboard tau kaw thaum lub sijhawm ua haujlwm).
U1.1.6.2. systems rau saib xyuas cov neeg ua haujlwm ua haujlwm ntawm lub computer
Kev piav qhia U1.1.6.2.
Ib qho piv txwv ntawm xws li ib qho system yog .
U1.1.7. Attackers cuam tshuam cov neeg siv cov ntaub ntawv pov thawj vim qhov tsis zoo hauv cov txheej txheem kis.
Kev piav qhia U1.1.7.
Piv txwv li, xa cov passwords hauv cov ntawv ntshiab ntawm email.
ua 1.1.8. Cov neeg tawm tsam tau txais daim ntawv pov thawj los ntawm kev saib xyuas tus neeg siv qhov kev sib tham siv cov kev tswj hwm chaw taws teeb.
Ua 1.1.9. Cov neeg tawm tsam tau txais daim ntawv pov thawj raws li qhov tshwm sim ntawm lawv cov xau los ntawm kev tshaj lij (TCUI):
U1.1.9.1. Cov neeg tawm tsam tau pom tias tus neeg siv nkag mus rau cov ntaub ntawv pov thawj los ntawm cov keyboard:
U1.1.9.1.1 Cov neeg tawm tsam tau nyob ze rau ntawm tus neeg siv thiab pom qhov nkag ntawm cov ntawv pov thawj nrog lawv tus kheej ob lub qhov muag.
Kev piav qhia U1.1.9.1.1
Cov xwm txheej zoo li no suav nrog kev ua haujlwm ntawm cov npoj yaig ua haujlwm lossis rooj plaub thaum tus neeg siv cov keyboard pom rau cov neeg tuaj saib hauv lub koom haum.
U1.1.9.1.2 Cov neeg tawm tsam tau siv cov cuab yeej cuab tam ntxiv, xws li lub koob yees duab lossis lub tsheb tsis muaj neeg tsav tsheb, thiab pom qhov nkag ntawm cov ntaub ntawv pov thawj los ntawm lub qhov rais.
U1.1.9.2. Cov neeg tawm tsam tau rho tawm cov ntaub ntawv pov thawj los ntawm kev sib txuas lus hauv xov tooj cua ntawm cov keyboard thiab lub computer system thaum lawv txuas nrog lub xov tooj cua interface (piv txwv li, Bluetooth).
U1.1.9.3. Cov neeg tawm tsam cuam tshuam cov ntaub ntawv pov thawj los ntawm kev xau los ntawm cov channel ntawm spurious electromagnetic tawg thiab cuam tshuam (PEMIN).
Kev piav qhia U1.1.9.3.
Piv txwv ntawm kev tawm tsam ΠΈ .
U1.1.9.4. Tus neeg tawm tsam cuam tshuam qhov nkag ntawm cov ntaub ntawv pov thawj los ntawm cov keyboard los ntawm kev siv cov txheej txheem tshwj xeeb (STS) tsim los zais cov ntaub ntawv.
Kev piav qhia U1.1.9.4.
piv txwv .
U1.1.9.5. Cov neeg tawm tsam cuam tshuam cov tswv yim ntawm cov ntaub ntawv pov thawj los ntawm cov keyboard siv
tsom xam ntawm Wi-Fi teeb liab modulated los ntawm tus neeg siv cov txheej txheem keystroke.
Kev piav qhia U1.1.9.5.
Piv Txwv: .
U1.1.9.6. Cov neeg tawm tsam cuam tshuam cov tswv yim ntawm cov ntaub ntawv pov thawj los ntawm cov keyboard los ntawm kev tshuaj xyuas lub suab ntawm keystrokes.
Kev piav qhia U1.1.9.6.
Piv Txwv: .
U1.1.9.7. Cov neeg tawm tsam cuam tshuam qhov nkag ntawm cov ntaub ntawv pov thawj los ntawm cov keyboard ntawm lub xov tooj ntawm tes los ntawm kev txheeb xyuas cov ntsuas ntsuas ntsuas.
Kev piav qhia U1.1.9.7.
Piv Txwv: .
U1.1.10. , yav tas los khaws tseg rau ntawm Cov Neeg Siv Khoom.
Kev piav qhia U1.1.10.
Piv txwv li, tus neeg siv yuav txuag tau tus ID nkag mus thiab lo lus zais hauv browser kom nkag mus rau qhov chaw tshwj xeeb.
U1.1.11. Attackers cuam tshuam cov ntaub ntawv pov thawj vim qhov tsis zoo hauv cov txheej txheem rau tshem tawm cov neeg siv nkag.
Kev piav qhia U1.1.11.
Piv txwv li, tom qab tus neeg siv raug rho tawm haujlwm, nws cov nyiaj tseem tsis tau thaiv.
Ua 1.2. los ntawm kev siv qhov tsis zoo hauv kev tswj kev nkag.
U2. Tsis tau tso cai nce ntawm cov neeg siv cov cai hauv cov ntaub ntawv xov xwm
Decomposition
U2.1 los ntawm kev hloov pauv tsis tau tso cai rau cov ntaub ntawv uas muaj cov ntaub ntawv hais txog cov cai ntawm cov neeg siv.
U2.2 los ntawm kev siv qhov tsis zoo hauv kev tswj xyuas kev nkag.
U2.3. vim qhov tsis txaus ntawm cov txheej txheem kev tswj xyuas cov neeg siv.
Kev piav qhia U2.3.
Piv txwv 1. Tus neeg siv tau txais kev nkag mus rau kev ua haujlwm ntau dua li qhov nws xav tau rau kev lag luam.
Piv txwv 2: Tom qab tus neeg siv tau hloov mus rau lwm txoj haujlwm, yav tas los tso cai nkag mus tsis raug tshem tawm.
TYPICAL THREAT MODEL. INTEGRATION MODULE
Cov khoom tiv thaiv uas tus qauv kev hem thawj (scope) raug siv
Ib qho kev sib koom ua ke module yog ib txheej ntawm cov ntaub ntawv infrastructure cov khoom tsim los npaj kev sib pauv ntawm cov ntaub ntawv ntawm cov ntaub ntawv xov xwm.
Xav txog qhov tseeb tias nyob rau hauv cov koom tes sib koom tes nws tsis yog ib txwm ua tau kom tsis meej pem cais ib qho kev qhia ntawm lwm tus, cov kev sib koom ua ke kuj tseem tuaj yeem suav tias yog kev sib txuas ntawm cov khoom sib txuas hauv ib qho kev qhia.
architecture
Daim duab dav dav ntawm kev sib koom ua ke module zoo li no:
Kev piav qhia ntawm architectural element:
- "Exchange Server (SO)" - lub node / kev pabcuam / cov khoom siv ntawm cov ntaub ntawv xov xwm uas ua haujlwm ntawm kev sib pauv cov ntaub ntawv nrog lwm cov ntaub ntawv xov xwm.
- "Mediator" - lub node / kev pabcuam tsim los tsim kev sib cuam tshuam ntawm cov ntaub ntawv xov xwm, tab sis tsis yog ib feem ntawm lawv.
Piv txwv "Intermediaries" tej zaum yuav muaj kev pabcuam email, tsheb thauj mus los hauv kev lag luam (kev pabcuam tsheb npav / SoA architecture), tus neeg thib peb cov ntaub ntawv servers, thiab lwm yam. Feem ntau, kev sib koom ua ke module yuav tsis muaj "Intermediaries". - "Cov ntaub ntawv ua software" β ib txheej ntawm cov kev pab cuam uas siv cov ntaub ntawv pauv raws tu qauv thiab hloov hom ntawv.
Piv txwv li, hloov cov ntaub ntawv los ntawm UFEBS hom ntawv mus rau ABS hom, hloov cov xwm txheej thaum sib kis, thiab lwm yam. - "Network kev twb kev txuas" sib raug rau cov khoom tau piav qhia hauv tus qauv "Network connection" hem qauv. Qee qhov kev sib txuas hauv network tau qhia hauv daim duab saum toj no yuav tsis muaj nyob.
Piv txwv ntawm kev sib koom ua ke modules
Scheme 1. Integration of ABS and AWS KBR via a third-party file server
Txhawm rau kom them nyiaj, tus neeg ua haujlwm hauv tuam txhab tso cai rub tawm cov ntaub ntawv them nyiaj hluav taws xob los ntawm cov tuam txhab nyiaj hauv tuam txhab thiab khaws cia rau hauv cov ntaub ntawv (hauv nws tus kheej hom, piv txwv li SQL pob tseg) ntawm lub network folder (... SHARE) ntawm cov ntaub ntawv server. Tom qab ntawd cov ntaub ntawv no tau hloov dua siab tshiab siv cov ntawv hloov pauv mus rau hauv ib txheej ntawm cov ntaub ntawv hauv UFEBS hom, uas tom qab ntawd nyeem los ntawm CBD chaw ua haujlwm.
Tom qab no, cov neeg ua haujlwm tau tso cai - tus neeg siv ntawm qhov chaw ua haujlwm automated KBR - encrypts thiab kos npe rau cov ntaub ntawv tau txais thiab xa mus rau cov nyiaj them poob haujlwm ntawm Bank of Russia.
Thaum cov nyiaj tau txais los ntawm Lub Txhab Nyiaj Txiag ntawm Russia, qhov chaw ua haujlwm automated ntawm KBR decrypts lawv thiab tshawb xyuas cov ntawv kos npe hluav taws xob, tom qab ntawd nws sau lawv hauv daim ntawv ntawm cov ntaub ntawv hauv UFEBS hom ntawm cov ntaub ntawv server. Ua ntej xa cov ntaub ntawv them nyiaj rau hauv ABS, lawv tau hloov dua siab tshiab siv cov ntawv hloov pauv los ntawm UFEBS hom ntawv rau ABS hom.
Peb yuav xav tias nyob rau hauv cov tswv yim no, ABS ua haujlwm ntawm ib lub cev neeg rau zaub mov, KBR chaw ua haujlwm ua haujlwm ntawm lub khoos phis tawj siab, thiab cov ntawv hloov pauv ua haujlwm ntawm cov ntaub ntawv server.
Kev sib txuas lus ntawm cov khoom ntawm daim duab txiav txim siab rau cov ntsiab lus ntawm kev sib koom ua ke module qauv:
"Xaiv neeg rau zaub mov los ntawm ABS sab" - ABS server.
βExchange server from AWS KBR sideβ - Computer workstation KBR.
"Mediator" - tus neeg thib peb cov ntaub ntawv server.
"Cov ntaub ntawv ua software" - converter tsab ntawv.
Scheme 2. Kev sib koom ua ke ntawm ABS thiab AWS KBR thaum tso ib daim nplaub tshev sib koom nrog kev them nyiaj ntawm AWS KBR
Txhua yam zoo ib yam li Scheme 1, tab sis tsis siv cov ntaub ntawv sib cais; hloov pauv, lub network folder (... SHARE) nrog cov ntaub ntawv them nyiaj hluav taws xob tau muab tso rau hauv lub computer nrog lub chaw ua haujlwm ntawm CBD. Tsab ntawv converter kuj ua haujlwm ntawm CBD workstation.
Kev sib txuas lus ntawm cov khoom ntawm daim duab txiav txim siab rau cov ntsiab lus ntawm kev sib koom ua ke module qauv:
Zoo ib yam li Scheme 1, tab sis "Mediator" tsis siv.
Scheme 3. Kev koom ua ke ntawm ABS thiab chaw ua haujlwm automated KBR-N ntawm IBM WebSphera MQ thiab kos npe rau cov ntaub ntawv hluav taws xob "ntawm ABS sab"
ABS ua haujlwm ntawm lub platform uas tsis tau txais kev txhawb nqa los ntawm CIPF SCAD Kos Npe. Kev kos npe ntawm cov ntaub ntawv hluav taws xob tawm yog ua tiav ntawm lub tshuab hluav taws xob tshwj xeeb kos npe (ES Server). Tib neeg rau zaub mov xyuas cov kos npe hauv hluav taws xob ntawm cov ntaub ntawv tuaj ntawm Bank of Russia.
ABS xa cov ntaub ntawv nrog cov ntaub ntawv them nyiaj hauv nws tus kheej hom rau ES Server.
ES server, siv cov ntawv hloov pauv, hloov cov ntaub ntawv mus rau hauv cov lus hauv hluav taws xob hauv UFEBS hom, tom qab ntawd cov lus hluav taws xob tau kos npe thiab xa mus rau IBM WebSphere MQ.
KBR-N chaw ua haujlwm nkag mus rau IBM WebSphere MQ thiab tau txais cov lus kos npe them nyiaj los ntawm qhov ntawd, tom qab ntawd tus neeg ua haujlwm tau tso cai - tus neeg siv ntawm KBR chaw ua haujlwm - encrypts lawv thiab xa lawv mus rau lub txhab nyiaj ntawm Russia.
Thaum cov nyiaj tau txais los ntawm Bank of Russia, qhov chaw ua haujlwm automated KBR-N decrypts lawv thiab txheeb xyuas qhov kos npe hauv hluav taws xob. Ua tiav cov nyiaj them poob haujlwm nyob rau hauv daim ntawv ntawm decrypted thiab kos npe cov lus hauv hluav taws xob hauv UFEBS hom ntawv raug xa mus rau IBM WebSphere MQ, los ntawm qhov uas lawv tau txais los ntawm Electronic Signature Server.
Cov neeg siv kos npe hauv hluav taws xob txheeb xyuas qhov kos npe hluav taws xob ntawm cov nyiaj tau txais thiab khaws cia rau hauv cov ntaub ntawv hauv ABS hom. Tom qab no, tus neeg ua haujlwm tau tso cai - tus neeg siv ABS - upload cov ntaub ntawv tshwm sim mus rau ABS raws li qhov tau teev tseg.
Kev sib txuas lus ntawm cov khoom ntawm daim duab txiav txim siab rau cov ntsiab lus ntawm kev sib koom ua ke module qauv:
"Xaiv neeg rau zaub mov los ntawm ABS sab" - ABS server.
βExchange server from AWS KBR sideβ - computer workstation KBR.
"Mediator" - ES server thiab IBM WebSphere MQ.
"Cov ntaub ntawv ua software" - script converter, CIPF SCAD Kos Npe ntawm ES Server.
Scheme 4. Kev koom ua ke ntawm RBS Server thiab cov tub ntxhais hauv tuam txhab lag luam ntawm API muab los ntawm kev sib pauv neeg rau zaub mov
Peb yuav xav tias lub txhab nyiaj siv ntau lub txhab nyiaj nyob deb nroog (RBS):
- "Internet Client-Bank" rau cov tib neeg (IKB FL);
- "Internet Client-Bank" rau cov koom haum raug cai (IKB LE).
Txhawm rau kom ntseeg tau cov ntaub ntawv muaj kev ruaj ntseg, txhua qhov kev sib cuam tshuam ntawm ABS thiab cov tuam txhab lag luam tej thaj chaw deb tau ua los ntawm kev sib pauv neeg rau zaub mov ua haujlwm nyob rau hauv lub moj khaum ntawm ABS cov ntaub ntawv system.
Tom ntej no, peb yuav xav txog cov txheej txheem ntawm kev sib cuam tshuam ntawm RBS system ntawm IKB LE thiab ABS.
RBS neeg rau zaub mov, tau txais daim ntawv lees paub them nqi raws cai los ntawm tus neeg siv khoom, yuav tsum tsim cov ntaub ntawv sib xws hauv ABS raws li nws. Txhawm rau ua qhov no, siv API, nws xa cov ntaub ntawv mus rau kev sib pauv server, uas, dhau los, nkag mus rau cov ntaub ntawv rau hauv ABS.
Thaum tus neeg siv cov nyiaj tshuav nyiaj hloov pauv, ABS tsim cov ntawv ceeb toom hluav taws xob, uas tau xa mus rau cov tuam txhab lag luam nyob deb nroog siv cov neeg siv khoom sib pauv.
Kev sib txuas lus ntawm cov khoom ntawm daim duab txiav txim siab rau cov ntsiab lus ntawm kev sib koom ua ke module qauv:
"Txuas server los ntawm RBS sab" - RBS server ntawm IKB YUL.
"Xaiv neeg rau zaub mov los ntawm ABS sab" - pauv server.
"Mediator" - tsis tuaj.
"Cov ntaub ntawv ua software" - RBS Server Cheebtsam lub luag haujlwm rau kev siv pauv server API, pauv cov khoom siv server lub luag haujlwm rau kev siv cov tub ntxhais kawm ntawv API.
Sab saum toj-theem kev ruaj ntseg hem
Decomposition
U1. Txhaj cov ntaub ntawv cuav los ntawm cov neeg tawm tsam los ntawm kev sib koom ua ke module.
U1. Txhaj cov ntaub ntawv cuav los ntawm cov neeg tawm tsam los ntawm kev sib koom ua ke module
Decomposition
U1.1. Kev hloov pauv tsis raug cai ntawm cov ntaub ntawv raug cai thaum kis tau los ntawm kev sib txuas hauv network:
U1.1.1 Link: .
U1.2. Kev xa cov ntaub ntawv tsis tseeb los ntawm kev sib txuas lus los ntawm cov neeg koom nrog kev sib pauv raug cai:
U1.1.2 Link: .
Ua 1.3. Kev hloov pauv tsis raug cai ntawm cov ntaub ntawv raug cai thaum nws ua tiav ntawm Exchange Servers lossis Intermediary:
U1.3.1. Txuas: .
ua 1.4. Tsim cov ntaub ntawv cuav ntawm Exchange Servers lossis Intermediary sawv cev ntawm tus neeg koom nrog kev sib pauv raws cai:
U1.4.1. Txuas:
ua 1.5. Tsis tso cai hloov kho cov ntaub ntawv thaum ua tiav siv cov ntaub ntawv ua software:
U1.5.1. vim cov neeg tawm tsam ua qhov hloov pauv tsis tau tso cai rau cov chaw (configuration) ntawm cov ntaub ntawv ua software.
U1.5.2. vim cov neeg tawm tsam ua qhov hloov pauv tsis tau tso cai rau cov ntaub ntawv ua tiav ntawm cov ntaub ntawv ua software.
U1.5.3. vim muaj kev sib tham sib tswj ntawm cov ntaub ntawv ua software los ntawm attackers.
TYPICAL THREAT MODEL. CRYPTOGRAPHIC INFORMATION PROTECTION SYSTEM
Cov khoom tiv thaiv uas tus qauv kev hem thawj (scope) raug siv
Cov khoom ntawm kev tiv thaiv yog ib qho kev tiv thaiv cov ntaub ntawv cryptographic siv los ua kom muaj kev ruaj ntseg ntawm cov ntaub ntawv kaw lus.
architecture
Lub hauv paus ntawm txhua qhov system yog daim ntawv thov software uas siv nws lub hom phiaj ua haujlwm.
Kev tiv thaiv Cryptographic feem ntau yog siv los ntawm kev hu rau cryptographic primitives los ntawm kev lag luam logic ntawm daim ntawv thov software, uas nyob rau hauv cov tsev qiv ntawv tshwj xeeb - crypto cores.
Cryptographic primitives suav nrog qib qis cryptographic ua haujlwm, xws li:
- encrypt/decrypt ib thaiv ntawm cov ntaub ntawv;
- tsim / txheeb xyuas qhov kos npe hluav taws xob ntawm cov ntaub ntawv thaiv;
- xam cov hash muaj nuj nqi ntawm cov ntaub ntawv thaiv;
- tsim / thauj khoom / upload cov ntaub ntawv tseem ceeb;
- thiab ua li ntawd.
Kev lag luam logic ntawm daim ntawv thov software siv cov haujlwm siab dua siv cryptographic primitives:
- encrypt cov ntaub ntawv siv tus yuam sij ntawm cov neeg tau txais kev xaiv;
- tsim kom muaj kev ruaj ntseg network txuas;
- qhia txog cov txiaj ntsig ntawm kev txheeb xyuas qhov kos npe hauv hluav taws xob;
- thiab yog li ntawd
Kev sib cuam tshuam ntawm kev lag luam logic thiab crypto core tuaj yeem ua tiav:
- ncaj qha, los ntawm kev lag luam logic hu rau cryptographic primitives los ntawm cov tsev qiv ntawv dynamic ntawm crypto kernel (.DLL rau Windows, .SO rau Linux);
- ncaj qha, los ntawm cryptographic interfaces - wrappers, piv txwv li, MS Crypto API, Java Cryptography Architecture, PKCS # 11, thiab lwm yam. Nyob rau hauv cov ntaub ntawv no, lub lag luam logic nkag mus rau hauv lub crypto interface, thiab nws txhais cov kev hu mus rau tus coj crypto core, uas nyob rau hauv cov ntaub ntawv no. cov ntaub ntawv no yog hu ua crypto provider. Kev siv cryptographic interfaces tso cai rau daim ntawv thov software kom paub daws teeb meem ntawm cov cryptographic algorithms tshwj xeeb thiab hloov tau yooj yim dua.
Muaj ob lub tswv yim zoo rau kev teeb tsa cov tub ntxhais crypto:
Scheme 1 - Monolithic crypto core
Scheme 2 β Split crypto core
Cov ntsiab lus hauv daim duab saum toj no tuaj yeem yog ib tus neeg software modules khiav ntawm ib lub khoos phis tawj lossis kev pabcuam network cuam tshuam hauv lub computer network.
Thaum siv cov tshuab tsim raws li Scheme 1, daim ntawv thov software thiab cov tub ntxhais crypto ua haujlwm nyob rau hauv ib qho chaw ua haujlwm rau cov cuab yeej crypto (SFC), piv txwv li, ntawm tib lub computer, khiav tib lub operating system. Tus neeg siv lub kaw lus, raws li txoj cai, tuaj yeem khiav lwm cov kev pab cuam, suav nrog cov uas muaj cov cai tsis zoo, hauv tib qhov chaw ua haujlwm. Nyob rau hauv cov xwm txheej zoo li no, muaj kev pheej hmoo loj ntawm kev xau ntawm cov yuam sij cryptographic ntiag tug.
Txhawm rau txo qhov kev pheej hmoo tsawg, cov phiaj xwm 2 yog siv, uas cov tub ntxhais crypto tau muab faib ua ob ntu:
- Thawj ntu, ua ke nrog cov ntawv thov software, ua haujlwm hauv qhov chaw tsis ntseeg siab uas muaj kev pheej hmoo kis kab mob nrog cov lej tsis zoo. Peb yuav hu qhov no yog "software part".
- Qhov thib ob ua haujlwm nyob rau hauv ib puag ncig kev ntseeg siab ntawm ib lub cuab yeej tshwj xeeb, uas muaj qhov tseem ceeb cia. Txij ntawm no mus peb yuav hu qhov no "hardware".
Kev faib cov crypto core rau hauv software thiab hardware qhov chaw yog heev arbitrary. Muaj cov txheej txheem ntawm kev ua lag luam ua raws li lub tswv yim nrog kev sib faib crypto core, tab sis "hardware" ib feem ntawm uas tau nthuav tawm hauv daim duab ntawm lub tshuab virtual - virtual HSM ().
Kev sib cuam tshuam ntawm ob qho tib si ntawm cov tub ntxhais crypto tshwm sim nyob rau hauv xws li ib txoj kev uas tus kheej cryptographic yuam sij tsis tau pauv mus rau qhov software thiab, raws li, tsis tuaj yeem raug nyiag siv cov cai phem.
Kev sib cuam tshuam sib cuam tshuam (API) thiab cov txheej txheem cryptographic primitives muab rau daim ntawv thov software los ntawm crypto core yog tib yam hauv ob qho tib si. Qhov sib txawv yog nyob rau hauv txoj kev uas lawv siv.
Yog li, thaum siv lub tswv yim nrog kev sib faib crypto core, kev sib cuam tshuam ntawm software thiab kho vajtse yog ua raws li cov hauv qab no:
- Cryptographic primitives uas tsis tas yuav siv tus yuam sij ntiag tug (piv txwv li, suav cov hash muaj nuj nqi, txheeb xyuas qhov kos npe hluav taws xob, thiab lwm yam) yog ua los ntawm software.
- Cryptographic primitives uas siv tus yuam sij ntiag tug (tsim ib qho hluav taws xob kos npe, decrypting cov ntaub ntawv, thiab lwm yam) yog ua los ntawm hardware.
Cia peb piav qhia txog kev ua haujlwm ntawm kev sib faib crypto core siv tus piv txwv ntawm kev tsim hluav taws xob kos npe:
- Lub software ib feem xam cov hash muaj nuj nqi ntawm cov ntaub ntawv kos npe thiab xa cov nqi no mus rau lub hardware ntawm kev sib pauv channel ntawm crypto cores.
- Cov khoom siv kho vajtse, siv tus yuam sij ntiag tug thiab hash, ua kom muaj txiaj ntsig ntawm kev kos npe hauv hluav taws xob thiab xa mus rau software feem ntawm kev sib pauv channel.
- Lub software ib feem xa rov qab tus nqi tau txais mus rau daim ntawv thov software.
Cov yam ntxwv ntawm kev txheeb xyuas qhov tseeb ntawm kev kos npe hauv hluav taws xob
Thaum tus neeg txais kev pab tau txais cov ntaub ntawv kos npe hauv hluav taws xob, nws yuav tsum ua ntau kauj ruam pov thawj. Qhov txiaj ntsig zoo ntawm kev txheeb xyuas qhov kos npe hauv hluav taws xob tsuas yog ua tiav yog tias txhua theem ntawm kev txheeb xyuas tiav tiav.
Theem 1. Tswj cov ntaub ntawv ncaj ncees thiab cov ntaub ntawv authorship.
Cov ntsiab lus ntawm theem. Kev kos npe hluav taws xob ntawm cov ntaub ntawv raug txheeb xyuas siv qhov tsim nyog cryptographic algorithm. Kev ua tiav ntawm theem no qhia tau hais tias cov ntaub ntawv tsis tau hloov kho txij li lub sijhawm nws tau kos npe, thiab tseem hais tias kos npe tau tsim nrog tus yuam sij ntiag tug sib raug rau pej xeem tus yuam sij rau kev txheeb xyuas qhov kos npe hluav taws xob.
Qhov chaw ntawm theem: crypto core.
Theem 2. Tswj kev ntseeg siab ntawm tus neeg kos npe tus yuam sij rau pej xeem thiab tswj lub sijhawm siv tau ntawm tus yuam sij ntiag tug ntawm kos npe hluav taws xob.
Cov ntsiab lus ntawm theem. Cov theem muaj ob theem nrab substages. Thawj qhov yog los txiav txim seb tus yuam sij pej xeem rau kev txheeb xyuas qhov kos npe hauv hluav taws xob puas ntseeg tau thaum lub sijhawm kos npe cov ntaub ntawv. Qhov thib ob txiav txim siab seb tus yuam sij ntiag tug ntawm kev kos npe hluav taws xob puas siv tau thaum lub sijhawm kos npe rau cov ntaub ntawv. Feem ntau, lub sijhawm siv tau ntawm cov yuam sij no yuav tsis sib haum (piv txwv li, rau daim ntawv pov thawj tsim nyog ntawm cov yuam sij kos npe hauv hluav taws xob). Cov txheej txheem los tsim kev ntseeg siab rau tus neeg kos npe rau pej xeem tus yuam sij yog txiav txim siab los ntawm cov cai ntawm kev tswj hwm cov ntaub ntawv hluav taws xob tau txais los ntawm cov neeg sib tham.
Qhov chaw ntawm theem: daim ntawv thov software / crypto core.
Theem 3. Kev tswj ntawm tus neeg kos npe txoj cai.
Cov ntsiab lus ntawm theem. Raws li cov cai tsim los ntawm kev tswj cov ntaub ntawv hluav taws xob, nws raug tshuaj xyuas seb tus neeg kos npe puas muaj cai lees paub cov ntaub ntawv tiv thaiv. Ua piv txwv, cia peb muab qhov xwm txheej ntawm kev ua txhaum cai. Piv txwv tias muaj ib lub koom haum uas txhua tus neeg ua haujlwm tau kos npe hauv hluav taws xob. Cov txheej txheem tswj xyuas cov ntaub ntawv hluav taws xob sab hauv tau txais kev txiav txim los ntawm tus thawj tswj hwm, tab sis tau kos npe nrog kos npe hauv hluav taws xob ntawm tus thawj tswj hwm lub tsev khaws khoom. Yog li ntawd, cov ntaub ntawv no tsis tuaj yeem suav tias yog qhov raug cai.
Qhov chaw ntawm theem: daim ntawv thov software.
Cov kev xav tau ua thaum piav txog qhov khoom ntawm kev tiv thaiv
- Cov ntaub ntawv kis tau tus mob, nrog rau kev zam ntawm cov kev pauv pauv tseem ceeb, kuj dhau los ntawm daim ntawv thov software, API thiab crypto core.
- Cov ntaub ntawv hais txog kev ntseeg siab rau pej xeem cov yuam sij thiab (lossis) daim ntawv pov thawj, nrog rau cov ntaub ntawv hais txog lub hwj chim ntawm cov tswv tseem ceeb ntawm pej xeem, muab tso rau hauv lub khw tseem ceeb rau pej xeem.
- Daim ntawv thov software ua haujlwm nrog lub khw tseem ceeb rau pej xeem los ntawm crypto kernel.
Ib qho piv txwv ntawm cov ntaub ntawv xov xwm tiv thaiv siv CIPF
Txhawm rau ua piv txwv cov duab qhia yav dhau los, cia peb xav txog cov ntaub ntawv qhia kev ntseeg siab thiab hais txog tag nrho cov txheej txheem ntawm nws.
Kev piav qhia ntawm cov ntaub ntawv system
Ob lub koom haum txiav txim siab los qhia txog kev tswj hwm cov ntaub ntawv tseem ceeb hauv hluav taws xob (EDF) ntawm lawv tus kheej. Ua li no, lawv tau nkag mus rau hauv kev pom zoo uas lawv tau teev tseg tias cov ntaub ntawv yuav raug xa los ntawm email, thiab tib lub sijhawm lawv yuav tsum tau encrypted thiab kos npe nrog tus tsim nyog kos npe hauv hluav taws xob. Cov kev pabcuam hauv chaw ua haujlwm los ntawm Microsoft Office 2016 pob yuav tsum tau siv los ua cov cuab yeej tsim thiab ua cov ntaub ntawv, thiab CIPF CryptoPRO thiab encryption software CryptoARM yuav tsum tau siv los ua kev tiv thaiv cryptographic.
Kev piav qhia ntawm lub koom haum cov txheej txheem 1
Lub koom haum 1 txiav txim siab tias nws yuav nruab CIPF CryptoPRO thiab CryptoARM software ntawm tus neeg siv lub chaw ua haujlwm - lub computer lub cev. Encryption thiab hluav taws xob kos npe tus yuam sij yuav muab khaws cia rau hauv ruToken cov xov xwm tseem ceeb, ua haujlwm hauv hom tseem ceeb rov qab tau. Tus neeg siv yuav npaj cov ntaub ntawv hluav taws xob hauv zos hauv nws lub computer, tom qab ntawd encrypt, kos npe thiab xa lawv siv tus neeg siv email hauv zos.
Kev piav qhia ntawm lub koom haum cov txheej txheem 2
Lub koom haum 2 tau txiav txim siab txav cov encryption thiab hluav taws xob kos npe ua haujlwm rau lub tshuab virtual uas muaj siab. Hauv qhov no, tag nrho cov haujlwm cryptographic yuav ua tiav.
Ua li no, ob lub network folders raug teeb tsa ntawm lub tshuab virtual: "... Hauv", "... Tawm". Cov ntaub ntawv tau txais los ntawm tus neeg koom nrog hauv daim ntawv qhib yuav raug muab tso rau hauv lub network nplaub tshev "β¦ Hauv". Cov ntaub ntawv no yuav raug decrypted thiab kos npe hluav taws xob yuav raug txheeb xyuas.
Tus neeg siv yuav muab cov ntaub ntawv tso rau hauv "...Tawm" nplaub tshev uas yuav tsum tau encrypted, kos npe thiab xa mus rau tus neeg sab nrauv. Tus neeg siv yuav npaj cov ntaub ntawv lawv tus kheej ntawm nws qhov chaw ua haujlwm.
Txhawm rau ua encryption thiab kos npe hluav taws xob ua haujlwm, CIPF CryptoPRO, CryptoARM software thiab email tus neeg siv khoom raug teeb tsa ntawm lub tshuab virtual. Tsis siv neeg tswj tag nrho cov ntsiab lus ntawm lub tshuab virtual yuav ua tiav siv cov ntawv sau tsim los ntawm cov thawj coj hauv lub cev. Kev ua haujlwm ntawm scripts yog nkag rau hauv cov ntaub ntawv teev cia.
Cov yuam sij Cryptographic rau kos npe hauv hluav taws xob yuav muab tso rau hauv lub token nrog tus yuam sij JaCarta GOST, uas tus neeg siv yuav txuas rau nws lub computer hauv zos.
Lub token yuav raug xa mus rau lub tshuab virtual siv tshwj xeeb USB-dhau-IP software ntsia ntawm tus neeg siv lub chaw ua haujlwm thiab ntawm lub tshuab virtual.
Lub moos system ntawm tus neeg siv lub chaw ua haujlwm hauv lub koom haum 1 yuav raug kho manually. Lub moos kaw lus ntawm lub tshuab virtual tshwj xeeb hauv Lub Koom Haum 2 yuav raug synchronized nrog lub moos hypervisor, uas nyob rau hauv lem yuav synchronized hauv Internet nrog rau pej xeem lub sij hawm servers.
Kev txheeb xyuas cov txheej txheem ntawm CIPF
Raws li cov lus piav qhia saum toj no ntawm IT infrastructure, peb yuav qhia txog cov txheej txheem ntawm CIPF thiab sau rau hauv ib lub rooj.
Table - Kev sib sau ntawm CIPF cov qauv ntsiab lus rau cov ntaub ntawv txheej txheem
Cov khoom npe
Lub koom haum 1
Lub koom haum 2
Daim ntawv thov software
CryptoARM software
CryptoARM software
Software ib feem ntawm crypto core
CIPF CryptoPRO CSP
CIPF CryptoPRO CSP
Crypto core hardware
tsis muaj
JaCarta GOST
API
MS CryptoAPI
MS CryptoAPI
Public Key Store
Tus neeg siv lub chaw ua haujlwm:
- HDD;
- txheem Windows daim ntawv pov thawj khw.
Hypervisor:
- HDD.
Virtual tshuab:
- HDD;
- txheem Windows daim ntawv pov thawj khw.
Private key cia
ruToken tus neeg nqa khoom tseem ceeb ua haujlwm hauv hom tseem ceeb rov qab tau
JaCarta GOST tus neeg nqa khoom tseem ceeb ua haujlwm hauv hom tsis tshem tawm tau
Public key pauv channel
Tus neeg siv lub chaw ua haujlwm:
- RAM.
Hypervisor:
- RAM.
Virtual tshuab:
- RAM.
Private key pauv channel
Tus neeg siv lub chaw ua haujlwm:
- USB tsheb npav;
- RAM.
tsis muaj
Sib pauv channel ntawm crypto cores
ploj lawm (tsis muaj crypto core hardware)
Tus neeg siv lub chaw ua haujlwm:
- USB tsheb npav;
- RAM;
- USB-dhau-IP software module;
- network interface.
Lub koom haum network ntawm lub koom haum 2.
Hypervisor:
- RAM;
- network interface.
Virtual tshuab:
- network interface;
- RAM;
- USB-dhau-IP software module.
Qhib Cov Ntaub Ntawv Channel
Tus neeg siv lub chaw ua haujlwm:
- input-output txhais tau tias;
- RAM;
- HDD.
Tus neeg siv lub chaw ua haujlwm:
- input-output txhais tau tias;
- RAM;
- HDD;
- network interface.
Lub koom haum network ntawm lub koom haum 2.
Hypervisor:
- network interface;
- RAM;
- HDD.
Virtual tshuab:
- network interface;
- RAM;
- HDD.
Ruaj ntseg cov ntaub ntawv pauv channel
Is Taws Nem.
Lub koom haum network ntawm lub koom haum 1.
Tus neeg siv lub chaw ua haujlwm:
- HDD;
- RAM;
- network interface.
Is Taws Nem.
Lub koom haum network ntawm lub koom haum 2.
Hypervisor:
- network interface;
- RAM;
- HDD.
Virtual tshuab:
- network interface;
- RAM;
- HDD.
Lub sijhawm channel
Tus neeg siv lub chaw ua haujlwm:
- input-output txhais tau tias;
- RAM;
- system timer.
Is Taws Nem.
Lub koom haum network ntawm lub koom haum 2,
Hypervisor:
- network interface;
- RAM;
- system timer.
Virtual tshuab:
- RAM;
- system timer.
Tswj hais kom ua kis tau tus mob channel
Tus neeg siv lub chaw ua haujlwm:
- input-output txhais tau tias;
- RAM.
(Graphical neeg siv interface ntawm CryptoARM software)
Virtual tshuab:
- RAM;
- HDD.
(Automation scripts)
Channel kom tau txais cov txiaj ntsig ua haujlwm
Tus neeg siv lub chaw ua haujlwm:
- input-output txhais tau tias;
- RAM.
(Graphical neeg siv interface ntawm CryptoARM software)
Virtual tshuab:
- RAM;
- HDD.
(Log cov ntaub ntawv ntawm automation scripts)
Sab saum toj-theem kev ruaj ntseg hem
Cov lus piav qhia
Cov kev xav tau ua thaum decomposing hem:
- Muaj zog cryptographic algorithms yog siv.
- Cryptographic algorithms yog siv ruaj ntseg hauv cov kev ua haujlwm raug (piv txwv li. tsis yog siv rau encrypting loj ntim ntawm cov ntaub ntawv, qhov tso cai load ntawm tus yuam sij yog coj mus rau hauv tus account, thiab lwm yam).
- Cov neeg tawm tsam paub tag nrho cov algorithms, cov txheej txheem thiab cov yuam sij pej xeem siv.
- Attackers tuaj yeem nyeem tag nrho cov ntaub ntawv encrypted.
- Attackers muaj peev xwm rov tsim dua txhua yam software hauv lub cev.
Decomposition
U1. Kev sib haum xeeb ntawm tus kheej cryptographic yuam sij.
U2. Encrypting cov ntaub ntawv cuav sawv cev ntawm tus neeg xa khoom raug cai.
U3. Decryption ntawm encrypted cov ntaub ntawv los ntawm cov neeg uas tsis raug cai txais cov ntaub ntawv (tus neeg tawm tsam).
U4. Tsim ib qho hluav taws xob kos npe ntawm tus neeg kos npe raug cai raws li cov ntaub ntawv cuav.
U5. Tau txais qhov txiaj ntsig zoo los ntawm kev txheeb xyuas cov ntawv kos npe hluav taws xob ntawm cov ntaub ntawv forged.
U6. Kev lees paub yuam kev ntawm cov ntaub ntawv hluav taws xob rau kev ua tiav vim muaj teeb meem hauv kev tswj hwm cov ntaub ntawv hluav taws xob.
U7. Tsis tso cai nkag mus rau cov ntaub ntawv tiv thaiv thaum lawv ua los ntawm CIPF.
U1. Kev sib haum xeeb ntawm tus yuam sij cryptographic
U1.1. Retrieving tus yuam sij ntiag tug los ntawm lub khw muag khoom ntiag tug.
Ua 1.2. Tau txais tus yuam sij ntiag tug los ntawm cov khoom hauv crypto-tool qhov chaw ua haujlwm, uas nws yuav nyob ib ntus.
Kev piav qhia U1.2.
Cov khoom uas tuaj yeem khaws tus yuam sij ib ntus yuav suav nrog:
- RAM,
- cov ntaub ntawv ib ntus,
- swap cov ntaub ntawv,
- hibernation cov ntaub ntawv,
- snapshot cov ntaub ntawv ntawm lub xeev "kub" ntawm lub tshuab virtual, suav nrog cov ntaub ntawv ntawm cov ntsiab lus ntawm RAM ntawm lub tshuab virtual nres.
U1.2.1. Tshem tawm cov yuam sij ntiag tug los ntawm kev ua haujlwm RAM los ntawm khov RAM modules, tshem tawm lawv thiab tom qab ntawd nyeem cov ntaub ntawv (khov nres).
Kev piav qhia U1.2.1.
Piv Txwv: .
Ua 1.3. Tau txais tus yuam sij ntiag tug los ntawm kev sib pauv tus yuam sij ntiag tug channel.
Kev piav qhia U1.3.
Ib qho piv txwv ntawm kev siv qhov kev hem thawj no yuav muab .
ua 1.4. Kev hloov pauv tsis raug tso cai ntawm cov tub ntxhais crypto, vim tias cov yuam sij ntiag tug tau paub rau cov neeg tawm tsam.
ua 1.5. Kev sib haum xeeb ntawm tus yuam sij ntiag tug raws li kev siv cov ntaub ntawv xov xwm xa tawm (TCIL).
Kev piav qhia U1.5.
Piv Txwv: .
ua 1.6. Kev cuam tshuam ntawm tus yuam sij ntiag tug los ntawm kev siv cov txheej txheem tshwj xeeb (STS) tsim los rau kev nyiag cov ntaub ntawv ("cov kab").
ua 1.7. Kev cuam tshuam ntawm cov yuam sij ntiag tug thaum lawv khaws cia sab nraum CIPF.
Kev piav qhia U1.7.
Piv txwv li, tus neeg siv khaws nws cov xov xwm tseem ceeb hauv lub tub rau khoom desktop, uas lawv tuaj yeem muab tau yooj yim los ntawm cov neeg tawm tsam.
U2. Encrypting cov ntaub ntawv cuav sawv cev ntawm tus neeg xa khoom raug cai
Cov lus piav qhia
Qhov kev hem thawj no tsuas yog txiav txim siab rau cov ntaub ntawv encryption schemes nrog tus xa ntawv lees paub. Piv txwv ntawm cov tswv yim zoo li no tau qhia nyob rau hauv cov lus pom zoo ntawm cov qauv . Rau lwm cov txheej txheem cryptographic, qhov kev hem thawj no tsis muaj nyob, vim tias kev encryption tau ua ntawm tus neeg tau txais cov yuam sij pej xeem, thiab lawv feem ntau paub rau cov neeg tawm tsam.
Decomposition
U2.1. Compromising tus sender tus kheej tus yuam sij:
U2.1.1. Txuas: .
U2.2. Hloov cov ntaub ntawv tawm tswv yim hauv qhov qhib cov ntaub ntawv sib pauv channel.
Notes U2.2.
Piv txwv ntawm kev siv qhov kev hem thawj no tau muab hauv qab no. ΠΈ .
U3. Decryption ntawm cov ntaub ntawv encrypted los ntawm cov neeg uas tsis yog cov neeg tau txais cov ntaub ntawv raug cai (tus neeg tawm tsam)
Decomposition
ua 3.1. Kev cuam tshuam ntawm tus yuam sij ntiag tug ntawm tus neeg tau txais cov ntaub ntawv encrypted.
U3.1.1 Link: .
ua 3.2. Hloov cov ntaub ntawv encrypted nyob rau hauv ib tug ruaj ntseg cov ntaub ntawv pauv channel.
U4. Tsim ib qho hluav taws xob kos npe ntawm tus neeg kos npe raug cai raws li cov ntaub ntawv cuav
Decomposition
ua 4.1. Kev cuam tshuam ntawm tus yuam sij ntiag tug ntawm hluav taws xob kos npe ntawm tus neeg kos npe raug cai.
U4.1.1 Link: .
ua 4.2. Hloov cov ntaub ntawv kos npe rau hauv qhov qhib cov ntaub ntawv sib pauv channel.
Nco tseg U4.2.
Piv txwv ntawm kev siv qhov kev hem thawj no tau muab hauv qab no. ΠΈ .
U5. Tau txais qhov txiaj ntsig zoo los ntawm kev txheeb xyuas cov ntawv kos npe hluav taws xob ntawm cov ntaub ntawv forged
Decomposition
ua 5.1. Cov neeg tawm tsam cuam tshuam cov lus hauv channel rau kev xa cov txiaj ntsig ua haujlwm txog qhov tsis zoo ntawm kev kuaj xyuas hluav taws xob kos npe thiab hloov nws nrog cov lus uas tau txais txiaj ntsig zoo.
ua 5.2. Cov neeg tawm tsam tawm tsam kev ntseeg siab hauv kev kos npe rau daim ntawv pov thawj (SCRIPT - tag nrho cov ntsiab lus yuav tsum tau):
U5.2.1. Cov neeg tawm tsam tsim ib tus yuam sij rau pej xeem thiab ntiag tug rau kev kos npe hauv hluav taws xob. Yog hais tias lub kaw lus siv hluav taws xob kos npe daim ntawv pov thawj tseem ceeb, ces lawv tsim ib daim ntawv pov thawj hluav taws xob kos npe uas zoo ib yam li daim ntawv pov thawj ntawm cov neeg xa khoom xav tau ntawm cov ntaub ntawv uas lawv xav tau forge.
U5.2.2. Cov neeg tawm tsam tau hloov pauv tsis tau tso cai rau pej xeem lub khw tseem ceeb, muab cov yuam sij rau pej xeem lawv tsim kom muaj kev ntseeg siab thiab muaj cai.
ua 5.2.3. Cov neeg tawm tsam kos npe cov ntaub ntawv tsis tseeb nrog tus yuam sij hluav taws xob kos npe yav dhau los thiab muab tso rau hauv cov ntaub ntawv sib pauv hloov pauv kev nyab xeeb.
ua 5.3. Cov neeg tawm tsam tau tawm tsam siv cov yuam sij hluav taws xob kos npe tas sij hawm ntawm tus neeg kos npe raug cai (SCRIPT - tag nrho cov ntsiab lus yuav tsum tau):
ua 5.3.1. Cov neeg tawm tsam cuam tshuam tau tas sij hawm (tsis yog tam sim no siv tau) cov yuam sij ntiag tug ntawm cov hluav taws xob kos npe ntawm tus neeg xa khoom raug cai.
ua 5.3.2. Attackers hloov lub sij hawm nyob rau hauv lub sij hawm kis tau tus mob channel nrog rau lub sij hawm ntawm cov yuam sij cuam tshuam tseem siv tau.
ua 5.3.3. Cov neeg tawm tsam kos npe cov ntaub ntawv tsis tseeb nrog rau yav dhau los cuam tshuam hluav taws xob kos npe tus yuam sij thiab txhaj nws mus rau hauv cov ntaub ntawv sib pauv kev nyab xeeb.
ua 5.4. Cov neeg tawm tsam tau tawm tsam siv cov yuam sij hluav taws xob kos npe cuam tshuam ntawm tus neeg kos npe raug cai (SCRIPT - tag nrho cov ntsiab lus yuav tsum tau):
ua 5.4.1. Tus neeg tawm tsam ua ib daim ntawv luam ntawm lub khw tseem ceeb rau pej xeem.
ua 5.4.2. Cov neeg tawm tsam cuam tshuam cov yuam sij ntiag tug ntawm ib tus neeg xa khoom raug cai. Nws pom qhov kev sib haum xeeb, tshem tawm cov yuam sij, thiab cov ntaub ntawv hais txog qhov tseem ceeb tshem tawm tau muab tso rau hauv lub khw tseem ceeb rau pej xeem.
ua 5.4.3. Cov neeg tawm tsam hloov lub khw tseem ceeb rau pej xeem nrog ib qho uas tau theej dhau los.
ua 5.4.4. Cov neeg tawm tsam kos npe cov ntaub ntawv tsis tseeb nrog rau yav dhau los cuam tshuam hluav taws xob kos npe tus yuam sij thiab txhaj nws mus rau hauv cov ntaub ntawv sib pauv kev nyab xeeb.
ua 5.5. vim muaj qhov yuam kev hauv kev ua raws theem 2 thiab theem 3 ntawm kev txheeb xyuas hluav taws xob kos npe:
Kev piav qhia U5.5.
Ib qho piv txwv ntawm kev siv qhov kev hem thawj no tau muab .
ua 5.5.1. Tshawb xyuas kev ntseeg siab hauv daim ntawv pov thawj hluav taws xob kos npe tseem ceeb tsuas yog los ntawm qhov muaj kev ntseeg siab hauv daim ntawv pov thawj uas nws tau kos npe, tsis muaj CRL lossis OCSP cov tshev.
Kev piav qhia U5.5.1.
Kev ua piv txwv .
ua 5.5.2. Thaum tsim kom muaj kev ntseeg siab rau daim ntawv pov thawj, cov tub ceev xwm ntawm kev muab daim ntawv pov thawj tsis raug tshuaj xyuas
Kev piav qhia U5.5.2.
Ib qho piv txwv ntawm kev tawm tsam tawm tsam SSL / TLS daim ntawv pov thawj.
Cov neeg tawm tsam tau yuav daim ntawv pov thawj raug cai rau lawv e-mail. Tom qab ntawd lawv tau ua daim ntawv pov thawj ntawm qhov chaw dag thiab kos npe nrog lawv daim ntawv pov thawj. Yog tias daim ntawv pov thawj tsis raug kuaj xyuas, tom qab ntawd thaum kuaj xyuas cov saw ntawm kev ntseeg siab nws yuav ua kom raug, thiab, raws li, daim ntawv pov thawj kev dag kuj yuav raug.
ua 5.5.3. Thaum tsim ib daim ntawv pov thawj kev ntseeg siab, daim ntawv pov thawj nruab nrab tsis raug kuaj xyuas kom tshem tawm.
ua 5.5.4. CRLs tau hloov kho tsawg dua li lawv tau muab los ntawm cov ntawv pov thawj txoj cai.
ua 5.5.5. Qhov kev txiav txim siab tso siab rau kev kos npe hauv hluav taws xob tau ua ua ntej OCSP cov lus teb txog cov xwm txheej ntawm daim ntawv pov thawj tau txais, xa rau ntawm qhov kev thov tom qab lub sij hawm kos npe tau tsim los yog ntxov dua li CRL tom ntej tom qab kos npe tau tsim.
Kev piav qhia U5.5.5.
Nyob rau hauv cov kev cai ntawm feem ntau CAs, lub sij hawm ntawm kev tshem tawm daim ntawv pov thawj yog suav hais tias yog lub sij hawm ntawm qhov teeb meem ntawm qhov ze tshaj plaws CRL uas muaj cov ntaub ntawv hais txog qhov kev tshem tawm daim ntawv pov thawj.
ua 5.5.6. Thaum tau txais cov ntaub ntawv kos npe, daim ntawv pov thawj belongs rau tus neeg xa ntawv tsis raug kuaj xyuas.
Kev piav qhia U5.5.6.
Piv txwv ntawm kev tawm tsam. Hais txog SSL daim ntawv pov thawj: cov ntawv xov xwm hu ua server chaw nyob nrog tus nqi ntawm CN daim teb hauv daim ntawv pov thawj yuav tsis raug kuaj xyuas.
Piv txwv ntawm kev tawm tsam. Cov neeg tawm tsam tau cuam tshuam cov yuam sij hluav taws xob kos npe ntawm ib qho ntawm cov neeg koom nrog them nyiaj. Tom qab ntawd, lawv tau nyiag nkag mus rau hauv lub network ntawm lwm tus neeg koom nrog thiab, ntawm nws tus kheej, xa cov ntaub ntawv them nqi kos npe nrog cov yuam sij cuam tshuam rau kev sib hais haum server ntawm cov nyiaj them poob haujlwm. Yog tias tus neeg rau zaub mov tsuas yog txheeb xyuas kev ntseeg siab thiab tsis kuaj xyuas kev ua raws cai, ces cov ntaub ntawv cuav yuav raug suav tias yog raug cai.
U6. Kev lees paub yuam kev ntawm cov ntaub ntawv hluav taws xob rau kev ua tiav vim muaj teeb meem hauv kev tswj hwm cov ntaub ntawv hluav taws xob.
Decomposition
ua 6.1. Lub tog txais yuav tsis pom qhov sib npaug ntawm cov ntaub ntawv tau txais.
Kev piav qhia U6.1.
Piv txwv ntawm kev tawm tsam. Cov neeg tawm tsam tuaj yeem cuam tshuam cov ntaub ntawv xa mus rau tus neeg tau txais kev pab, txawm tias nws muaj kev tiv thaiv cryptographically, thiab tom qab ntawd rov xa nws dua ib qho kev ruaj ntseg cov ntaub ntawv xa mus. Yog tias tus neeg txais tsis tau txheeb xyuas qhov sib npaug, ces tag nrho cov ntaub ntawv tau txais yuav raug pom thiab ua tiav raws li cov ntaub ntawv sib txawv.
U7. Tsis tso cai nkag mus rau cov ntaub ntawv tiv thaiv thaum lawv ua los ntawm CIPF
Decomposition
ua 7.1. vim cov ntaub ntawv tawm ntawm sab channel (sab channel nres).
Kev piav qhia U7.1.
Piv Txwv: .
ua 7.2. vim qhov nruab nrab ntawm kev tiv thaiv kev nkag mus rau cov ntaub ntawv ua tiav ntawm CIPF:
ua 7.2.1. Kev ua haujlwm ntawm CIPF ua txhaum txoj cai tau piav qhia hauv cov ntaub ntawv rau CIPF.
ua 7.2.2. , ua tiav vim muaj qhov tsis zoo hauv:
U7.2.2.1. txhais tau tias tiv thaiv kev nkag mus tsis tau tso cai.
U7.2.2.2. CIPF nws tus kheej.
U7.2.2.3. qhov chaw ua haujlwm ntawm crypto-tool.
Piv txwv ntawm kev tawm tsam
Cov xwm txheej tau tham hauv qab no pom tseeb muaj cov ntaub ntawv kev nyab xeeb tsis raug thiab ua haujlwm tsuas yog qhia txog kev tawm tsam.
Scenario 1. Ib qho piv txwv ntawm kev siv cov kev hem thawj U2.2 thiab U4.2.
Kev piav qhia ntawm qhov khoom
AWS KBR software thiab CIPF SCAD Kos Npe yog ntsia rau ntawm lub computer lub cev uas tsis txuas nrog lub computer network. FKN vdToken yog siv los ua tus neeg nqa khoom tseem ceeb hauv hom kev ua haujlwm nrog tus yuam sij tsis tshem tawm.
Cov kev cai daws teeb meem xav tias tus kws kho mob tshwj xeeb los ntawm nws lub khoos phis tawj ua haujlwm rub tawm cov ntawv hluav taws xob hauv cov ntawv ntshiab (cov txheej txheem ntawm KBR lub chaw ua haujlwm qub) los ntawm cov ntaub ntawv tshwj xeeb ruaj ntseg, tom qab ntawd sau lawv mus rau USB flash drive hloov tau thiab hloov mus rau KBR chaw ua haujlwm, qhov twg lawv encrypted thiab kos npe. Tom qab ntawd, tus kws tshaj lij hloov cov ntawv xa hluav taws xob ruaj ntseg mus rau qhov nruab nrab tsis sib xws, thiab tom qab ntawd, los ntawm nws lub computer ua haujlwm, sau lawv mus rau cov ntaub ntawv server, los ntawm qhov chaw lawv mus rau UTA thiab tom qab ntawd mus rau lub txhab nyiaj ntawm Russia.
Hauv qhov no, cov kev sib pauv qhib thiab tiv thaiv cov ntaub ntawv yuav suav nrog: cov ntaub ntawv server, tus kws tshaj lij lub khoos phis tawj ua haujlwm, thiab cov xov xwm tsis sib xws.
Nres
Cov neeg tawm tsam tsis tau tso cai teeb tsa lub chaw tswj hwm chaw taws teeb rau ntawm tus kws tshaj lij lub khoos phis tawj ua haujlwm thiab, thaum lub sijhawm sau ntawv xaj nyiaj (xov tooj hluav taws xob) mus rau qhov nruab nrab hloov pauv, hloov cov ntsiab lus ntawm ib qho ntawm cov ntawv ntshiab. Tus kws tshaj lij hloov cov nyiaj xaj xa mus rau KBR qhov chaw ua haujlwm automated, kos npe thiab encrypts lawv yam tsis tau pom qhov hloov pauv (piv txwv li, vim muaj ntau qhov kev txiav txim them nqi ntawm lub davhlau, qaug zog, thiab lwm yam). Tom qab ntawd, qhov kev txiav txim them nyiaj cuav, tau dhau los ntawm cov cuab yeej thev naus laus zis, nkag mus rau hauv kev them nyiaj ntawm Bank of Russia.
Scenario 2. Ib qho piv txwv ntawm kev siv cov kev hem thawj U2.2 thiab U4.2.
Kev piav qhia ntawm qhov khoom
Lub khoos phis tawj nrog lub chaw ua haujlwm tau teeb tsa KBR, SCAD Kos Npe thiab tus neeg nqa khoom txuas nrog FKN vdToken ua haujlwm hauv chav tshwj xeeb yam tsis muaj kev nkag los ntawm cov neeg ua haujlwm.
Tus kws tshaj lij kev suav suav txuas mus rau CBD chaw ua haujlwm hauv chaw taws teeb nkag los ntawm RDP raws tu qauv.
Nres
Cov neeg tawm tsam cuam tshuam cov ntsiab lus, siv cov kws tshaj lij kev suav txuas thiab ua haujlwm nrog CBD chaw ua haujlwm (piv txwv li, los ntawm cov lej tsis zoo ntawm nws lub computer). Tom qab ntawd lawv txuas rau nws sawv cev thiab xa daim ntawv xaj nyiaj cuav mus rau Bank of Russia them nyiaj system.
Scenario 3. Piv txwv ntawm kev siv hem U1.3.
Kev piav qhia ntawm qhov khoom
Cia peb xav txog ib qho ntawm cov kev xaiv hypothetical rau kev siv ABS-KBR kev sib koom ua ke modules rau lub tswv yim tshiab (AWS KBR-N), uas kos npe hluav taws xob ntawm cov ntaub ntawv tawm mus tshwm sim ntawm ABS sab. Hauv qhov no, peb yuav xav tias ABS ua haujlwm raws li lub hauv paus kev ua haujlwm uas tsis tau txais kev txhawb nqa los ntawm CIPF SKAD Kos Npe, thiab, raws li, kev ua haujlwm cryptographic raug xa mus rau lub tshuab virtual sib cais - "ABS-KBR" kev koom ua ke module.
Ib qho USB token niaj hnub ua haujlwm hauv hom tseem ceeb rov qab tau siv los ua tus cab kuj tseem ceeb. Thaum txuas cov xov xwm tseem ceeb rau lub hypervisor, nws tau pom tias tsis muaj cov chaw nres nkoj USB pub dawb hauv lub kaw lus, yog li nws tau txiav txim siab txuas USB token ntawm lub network USB hub, thiab nruab ib tus neeg siv USB-dhau-IP ntawm lub virtual. tshuab, uas yuav sib txuas lus nrog lub hub.
Nres
Cov neeg tawm tsam cuam tshuam tus yuam sij ntiag tug ntawm cov hluav taws xob kos npe los ntawm kev sib txuas lus ntawm USB hub thiab hypervisor (cov ntaub ntawv tau xa hauv cov ntawv ntshiab). Muaj tus yuam sij ntiag tug, cov neeg tawm tsam tau tsim ib qho kev txiav txim them nyiaj cuav, kos npe nrog lub tshuab hluav taws xob kos npe thiab xa mus rau KBR-N automated chaw ua haujlwm rau kev tua.
Scenario 4. Ib qho piv txwv ntawm kev siv cov kev hem thawj U5.5.
Kev piav qhia ntawm qhov khoom
Cia peb xav txog tib lub voj voog ib yam li hauv qhov xwm txheej dhau los. Peb yuav xav tias cov lus hauv hluav taws xob los ntawm KBR-N chaw ua haujlwm xaus rau hauv ...SHAREIn folder, thiab cov xa mus rau KBR-N chaw ua haujlwm thiab txuas ntxiv mus rau kev them nyiaj ntawm Bank of Russia mus rau ... SHAREout.
Peb kuj tseem yuav xav tias thaum siv cov kev sib koom ua ke, cov npe ntawm cov ntawv pov thawj raug tshem tawm tsuas yog hloov kho thaum cov yuam sij cryptographic tau muab rov qab, thiab tseem hais tias cov lus hauv hluav taws xob tau txais hauv ... SHAREIn folder tsuas yog kuaj xyuas kev ncaj ncees thiab kev ntseeg siab tswj hauv pej xeem tus yuam sij ntawm lub hluav taws xob kos npe.
Nres
Cov neeg tawm tsam, siv cov yuam sij raug nyiag nyob rau hauv qhov xwm txheej dhau los, tau kos npe rau daim ntawv xaj nyiaj cuav uas muaj cov ntaub ntawv hais txog kev txais nyiaj hauv tus account ntawm tus neeg siv khoom dag thiab qhia nws mus rau hauv cov ntaub ntawv sib pauv kev nyab xeeb. Txij li thaum tsis muaj pov thawj tias qhov kev txiav txim them nyiaj tau kos npe los ntawm Bank of Russia, nws raug lees txais rau kev ua tiav.
Tau qhov twg los: www.hab.com