M?t ?i?m y?u nghi�m tr?ng li�n quan ??n h? th?ng ph�n gi?i t�n mi?n (DNS) v?a ???c CERT (CVE-2008-1447) c�ng b? v�o ng�y 8/7/2008, ?i?m y?u cho ph�p hacker l?i d?ng c�c y�u c?u DNS ch? s? d?ng c?ng ngu?n c? ??nh, t?n c�ng v�ng ??m DNS (DNS cache poisoning).
?�y l� k? thu?t t?n c�ng DNS m?i, c� th? g�y c�c ?nh h??ng r?ng r?t nguy h?i. Tuy nhi�n, ng??i d�ng s?n ph?m Check Point ???c b?o v? tr??c t?n c�ng n�y th�ng qua SmartDefense DNS request scrambling, kh? n?ng ch?ng c�ng n�y ?� ???c Check Point c?p nh?t cho ng??i d�ng t? tr??c, v�o th�ng 3, 2005.
DNS cache poisoning l� b??c ??u ti�n ?? nh?m ?�nh l?a ng??i d�ng truy c?p t?i website gi? m?o ch?a m� ??c h?i. K? thu?t t?n c�ng DNS cache poisoning m?i nh?t l?i d?ng c�c y�u c?u DNS kh�ng s? d?ng c�c c?ng ngu?n ng?u nhi�n, Hacker gi? m?o c�c tr? l?i v� c� th? ch�n c�c b?n ghi v�o v�ng ??m c?a client v� m�y ch? DNS. V?i t?n c�ng n�y, hacker ?�nh l?a m�y ch? DNS g�n t�n mi?n h?p l? v?i ??a ch? IP c?a m?t website c?a k? t?n c�ng.
Do v?y, ng??i d�ng truy c?p t?i website v?i t�n mi?n h?p l? c� th? b? d?n h??ng t?i ??a ch? IP website gi? m?o ???c s? d?ng ?? ?�nh c?p th�ng tin b� m?t c?a ng??i d�ng, ho?c l�m h? th?ng ng??i d�ng b? nhi?m m� ??c. T?n c�ng c� th? b? h?n ch? b?i vi?c kh?i t?o ng?u nhi�n c?ng ngu?n v� c�c ch? s? y�u c?u (request ID). S?n ph?m Check Point v?i d?ch v? SmartDefense ?� c?p nh?t kh? n?ng ch?ng t?n c�ng t? th�ng 3, 2005 tr??c khi ?i?m y?u n�y m?i ???c c�ng b?.
"B?t c? khi n�o ng??i d�ng truy c?p Internet ??u c?n ph?i d�ng m�y ch? DNS ?? �nh x? y�u c?u truy c?p web t?i website th�ch h?p" �ng Oded Gonda - Ph� gi�m ??c s?n ph?m an ninh m?ng c?a Check Point n�i. "T?n c�ng DNS cache poisoning nh?m ?�ng v�o ?i?m quan tr?ng c?a Internet, c� th? d?n h??ng ng??i d�ng t?i c�c trang web ch?a m� ??c. S?n ph?m Check Point ?� c?n ph� ch? ?�ch hacker trong n? l?c s? d?ng k? thu?t t?n c�ng DNS m?i nh?t n�y, b?ng c�ch t?o ng?u nhi�n c�c c?ng ngu?n v� request ID m� kh�ng c?n ph?i c�i ??t ngay t?c th� b?n v� cho r?t nhi?u m�y t�nh c?a c�c t? ch?c".
Check Point SmartDefense cung c?p kh? n?ng ch?ng x�m nh?p v� ???c t�ch h?p v?i c�c t??ng l?a Check Point. SmartDefense li�n t?c ???c c?p nh?t trong th?i gian th?c, b?o v? h? th?ng ngay c? tr??c khi nhi?u ?i?m y?u ch?a ???c c�ng b?.
C�c h? th?ng b? ?nh h??ng b?i ?i?m y?u
Microsoft Windows DNS service
Windows XP SP2
Windows XP SP3
Windows XP Professional x64 Edition
Windows XP Professional x64 Edition SP2
Windows XP Professional x64 Edition SP3
Windows Server 2003 SP1
Windows Server 2003 SP2
Windows Server 2003 x64 Edition
Windows Server 2003 x64 Edition SP2
Windows Server 2003 with SP1 (Itanium)
Windows Server 2003 with SP2 (Itanium)
C�c b?n c� th? truy c?p t?i ?�y ?? c� th�m th�ng tin v? ?i?m y?u v� d?ch v? SmartDefense.
(MH-XHTT)
Other Recommended Posts on This Category
- L?i Joomla: Ch? nguy hi?m v?i webmaster thi?u � th?c!
- Ph�t hi?n h�ng lo?t l? h?ng trong tr�nh duy?t Opera
- ?�o t?o v? b?o m?t cho ng�nh H?i quan
- B? T? ph�p Anh ?�nh m?t th�ng tin
- H?u h?t th? r�c ??u l� m� ??c
- Cisco v� l?i ch??ng tr�nh h?p tr?c tuy?n
- MobileMe l?t v�o t?m ng?m c?a hacker
- ?V�? l? h?ng Joomla b?ng c�ch th? c�ng
- V� l?i DNS v?n ch?a ?? an to�n?
- Hacker Nga k�u g?i t?n c�ng Georgia
- 10 b??c b?o v? PC tr??c khi k?t n?i Internet
- Check Point SmartDefense cung c?p kh? n?ng ch?ng x�m nh?p v� ???c t�ch h?p v?i c�c t??ng l?a Check Point
Đăng nhận xét