10.ÀüÀÚ ¸ÞÀÏ º¸¾È
1. ¹ÙÀÌ·¯½º °¡´É¼ºÀÌ Àִ ÷ºÎÆÄÀÏÀ» ÀúÀåÇϰųª ¿ ¼ö ¾øµµ·Ï ¼³Á¤ÇÏ¿©¶ó.
=> OutLook Express ½ÇÇà > "µµ±¸" > "¿É¼Ç"
"º¸¾È"ÅÇ¿¡ "¹ÙÀÌ·¯½º °¡´É¼ºÀÌ Àִ ÷ºÎ ÆÄÀÏÀ» ÀúÀåÇϰųª ¿ ¼ö ¾øÀ½" üũ
2. ´Ù¸¥ ÀÀ¿ë ÇÁ·Î±×·¥¿¡¼ ³ª¸¦ ¹ß½ÅÀÎÀ¸·Î ÇÏ´Â ¸ÞÀÏÀ» º¸³¾ ¶§ °æ°íÇϵµ·Ï
¼³Á¤ÇÏ¿©¶ó.
=> OutLook Express ½ÇÇà > "µµ±¸" > "¿É¼Ç"
"º¸¾È"ÅÇ¿¡ "´Ù¸¥ ÀÀ¿ë ÇÁ·Î±×·¥¿¡¼ ³ª¸¦ ¹ß½ÅÀÎÀ¸·Î ÇÏ´Â ¸ÞÀÏ º¸³¾ ¶§ °æ°í" üũ
3. ¼±Á¤ÀûÀÎ HTMLÀ̳ª ¾Ç¼º HTML, ½ºÆÄÀÌ¿þ¾î µîÀ¸·ÎºÎÅÍ ÄÄÇ»Å͸¦ º¸È£Çϱâ À§ÇØ
¼ö½ÅµÈ ¸ðµç ÀüÀÚ¸ÞÀÏÀ» Æò¹®(Text)À¸·Î ÀÐÀ» ¼ö ÀÖµµ·Ï ¼³Á¤ÇÏ¿©¶ó.
=> OutLook Express ½ÇÇà > "µµ±¸" > "¿É¼Ç"
"Àбâ" ÅÇ¿¡ "ÀÏ¹Ý ÅؽºÆ®·Î ¸ðµç ¸Þ½ÃÁö Àбâ" üũ
4. Á¦¸ñÀÌ `[±¤°í], (±¤°í), [±¤ °í], (±¤ °í)`·Î Ç¥±âµÈ ¸ÞÀÏÀ» ¸ðµÎ
`±¤°í¸ÞÀÏ` ÇÔÀ¸·Î À̵¿½ÃÅ°´Â ÇÊÅÍ ±ÔÄ¢À» ¸¸µé°í Àû¿ëÇÏ¿©¶ó.
(´Ü, ±ÔÄ¢ À̸§Àº `±¤°í¸ÞÀÏ` ·Î ÁöÁ¤ÇÑ´Ù.)
=> "µµ±¸" > "¸Þ¼¼Áö ±ÔÄ¢" > "¸ÞÀÏ" Ŭ¸¯
1. ±ÔÄ¢ÀÇ Á¶°Ç ¼±Åà ¿¡¼ "Á¦¸ñ¶õ¿¡ ƯÁ¤ ´Ü¾î Æ÷ÇÔ" ¼±ÅÃ
2. ±ÔÄ¢ÀÇ µ¿ÀÛ ¼±Åà ¿¡¼ "ÁöÁ¤µÈ Æú´õ·Î À̵¿" ¼±ÅÃ
3. ±ÔÄ¢ ¼³¸í¿¡¼ ƯÁ¤´Ü¾î¿Í ÁöÁ¤µÈ Æú´õ Ŭ¸¯À¸·Î µé¾î°¡¼ ¼±ÅÃ
4. ±ÔÄ¢ À̸§¿¡ "±¤°í¸ÞÀÏ" ÀÔ·Â
5. Á¦Ç° µî·Ï Å°¸¦ PGP·Î ¾ÏÈ£ÈÇÏ¿© ¼ö½ÅµÈ E-MailÀÌ ÀÖ´Ù.(°³ÀÎÅ° : kisa12#$)
ÀüÀÚ¸ÞÀÏ ¸Þ½ÃÁö ³»ÀÇ Á¦Ç° Á¤½Ä µî·Ï Å° °ªÀº ¹«¾ùÀΰ¡?
=> ¸ÞÀÏ Àüü º¹»ç
Æ®·¹À̾ÆÀÌÄÜ(ÀÚ¹°¼è) Ŭ¸¯ > "clipboard" > decrypt & verify
"°³ÀÎ Å°"¿¡ kisa12#$¸¦ ÀÔ·Â È®ÀÎ
Á¦Ç° µî·ÏÅ° 123-24-12345
11.ÆÄÀÏ ¹× Æú´õ ¾ÏÈ£È
1. ±â¹Ð ÆÄÀÏÀ» ´ã°í ÀÖ´Â `C:\Documents and Settings\kisa\My Documents`
Æú´õ¸¦ EFS¸¦ »ç¿ëÇÏ¿© ¾ÏÈ£È ÇÏ°íÀÚ ÇÑ´Ù. ¾Æ·¡¿Í °°ÀÌ ¼³Á¤ÇÏ¿©¶ó.
¢º ´Ù¸¥ °èÁ¤À¸·Î ·Î±×¿Â ÇÑ »ç¿ëÀÚ°¡ Á¢±ÙÇÏÁö ¸øÇϵµ·Ï Á¦ÇÑÇÏ¿©¶ó.
¢º ÇöÀç Æú´õ ¹× ÇÏÀ§ Æú´õ¿¡ ¸ðµÎ Àû¿ëµÇµµ·Ï ¼³Á¤ÇÏ¿©¶ó.
[EFS ¾ÏÈ£È]
ÇØ´ç Æú´õ ¿ìŬ¸¯ > ¼Ó¼º > "ÀϹÝ"ÅÇ ¿¡¼ "°í±Þ" Ŭ¸¯
"º¸°ü °¡´É" üũ
"µ¥ÀÌÅÍ º¸È£¸¦ À§ÇØ ³»¿ëÀ» ¾ÏÈ£È" üũ ÈÄ¿¡ È®ÀÎ
ÇöÀç Æú´õ ¹× ÇÏÀ§ Æú´õ Àû¿ë üũ ÈÄ ´Ù½Ã È®ÀÎ
2. `C:\EfsShare`¿¡ EFS·Î ¾ÏȣȵǾî ÀúÀåµÈ ÆÄÀÏ(sis.txt)À»
`sis_admin` »ç¿ëÀÚµµ Àб⠰¡´ÉÇϵµ·Ï ¼³Á¤ÇÏ¿©¶ó.
=>
Æú´õ·Î À̵¿ÇÏ¿© sis.txt ¶ó´Â ÆÄÀÏÀ» »õ·Î ¸¸µç´Ù.
1¹ø°ú µ¿ÀÏÇÏ°Ô ¾ÏÈ£È ÇØÁØ´Ù.
c:\EFShare¾È¿¡ sis.txt ÆÄÀÏÀ» ¸¸µé°í ¶È°°ÀÌ EFS·Î ¾ÏÈ£È Ç쵂 ÀÚ¼¼È÷¸¦ ´·¯ Á¢±Ù °¡´ÉÇÑ »ç¿ëÀÚ¸¦ Ãß°¡ÇØ ÁØ´Ù.
ÀÚ¼¼È÷°¡ Ŭ¸¯ÀÌ ¾ÈµÉ°æ¿ì
¼Ó¼º¿¡ "º¸¾È" ÅÇ¿¡ sis_admin »ç¿ëÀÚ¸¦ Ãß°¡ ÇÑ´Ù.
3. Æнº¿öµå ºÐ½Ç ¹× °èÁ¤ »èÁ¦, µð½ºÅ© Æ÷¸Ëµî°ú °°Àº ¸¸ÀÏÀÇ »çÅ¿¡ ´ëºñÇÏ¿©
¾ÏÈ£ÈÇÑ ÆÄÀÏ ¹× Æú´õ¸¦ º¹±¸ ÇÒ ¼ö ÀÖµµ·Ï ÀÎÁõ¼¸¦ ¹é¾÷(C:\EFSBackup.cer)ÇÏ¿©¶ó
=> "½ÇÇà" > mmc > ÆÄÀÏ > ½º³ÀÀÔ Ãß°¡/Á¦°Å
ÀÎÁõ¼¸¦ Ãß°¡ ÇÑ´Ù.
ÀÎÁõ¼¿¡¼ "½Å·ÚµÈ »ç¿ëÀÚ" > "ÀÎÁõ¼"¿¡¼
"sis_admin" ¿ìŬ¸¯ > ¸ðµçÀÛ¾÷ > ³»º¸³»±â
12.ÀÎÅÍ³Ý ÀͽºÇÃ·Î¾î º¸¾È
1. °ø¿ë ÄÄÇ»ÅÍ¿¡¼ ÀÎÅÍ³Ý ¹ðÅ· »Ó¸¸ ¾Æ´Ï¶ó »çÀûÀÎ
ÄÄÇ»Æà Ȱµ¿À» º¸È£ ÇÏ·Á°í ÇÑ´Ù. À¥ »çÀÌÆ®¿¡¼ ÀÔ·ÂµÈ »çÀÌÆ® ÁÖ¼Ò,
»ç¿ëÀÚ ID ¹× Æнº¿öµå¸¦ ÀúÀå ½ÃÅ°Áö ¾Ê±â À§ÇÑ ¿É¼Ç°ú ÃÖ±Ù ¹æ¹®Çß´ø
¸ðµç »çÀÌÆ®ÀÇ ÁÖ¼Ò¸¦ »èÁ¦ÇÏ¿©¶ó.
=> ÀͽºÇ÷η¯ > ¼Ó¼º > "ÀϹÝ" ÅÇ¿¡¼ ÄíÅ° ¹× ÀÓ½ÃÆÄÀÏ
ÀÎÅÍ³Ý Á¢¼Ó ¸ñ·ÏÀ» ¸ðµÎ »èÁ¦ ÇÑ´Ù.
[»ç¿ëÀÚ ID ¹× Æнº¿öµå¸¦ ÀúÀå ½ÃÅ°Áö ¾Ê±â]
ÀͽºÇ÷η¯ > ¼Ó¼º > "³»¿ë" > "ÀÚµ¿ ¿Ï¼º" Ŭ¸¯
ÀÚµ¿¿Ï¼º ´ë»óÀ» ¸ðµÎ üũ¸¦ ÇØÁ¦ ÇÑ´Ù.
2. °³ÀÎ º¸È£ Á¤Ã¥ÀÌ ¾ø´Â Á¦ 3»ç »çÀÌÆ®·ÎºÎÅÍ ÄíÅ°¸¦ Â÷´Ü ½ÃÅ°°í,
Á¦ 1»ç ÄíÅ°¸¸À» Çã¿ëÇϵµ·Ï ÄíÅ° º¸¾ÈÀ» ¼³Á¤ÇÏ¿©¶ó.
=> ÀͽºÇ÷η¯ > ¼Ó¼º > "°³ÀÎ Á¤º¸" ÅÇ¿¡¼ "°í±Þ" Ŭ¸¯
Á¦ 1»ç ÄíÅ° ´Â "Àû¿ë"
Á¦ 3»ç ÄíÅ° ´Â "Â÷´Ü" À¸·Î Àû¿ëÇÑ´Ù.
13.DoS°ø°Ý ¹æ¾î
¾Æ·¡¿Í °°ÀÌ À¥ ¼¹ö°¡ ÃÊ´ç 1000°³ ÀÌ»óÀÇ SYN ÆÐŶÀ» ¹Þ°í ÀÖ¾ú´Ù.
¾ÕÀ¸·Î ÀÌ·± À¯ÇüÀÇ °ø°ÝÀ»(DoS) ¹æ¾îÇϱâ À§ÇÑ ·¹Áö½ºÆ®¸® °ªÀ» ¼³Á¤ÇÏ¿©¶ó.
C:>netstat -na | findstr ` SYN_RECEIVED`
TCP 211.241.82.71:80 6.55.194.236:51370 SYN_RECEIVED
TCP 211.241.82.71:80 16.192.252.18:22452 SYN_RECEIVED
TCP 211.241.82.71:80 49.5.243.221:52363 SYN_RECEIVED
TCP 211.241.82.71:80 50.145.99.80:46108 SYN_RECEIVED
TCP 211.241.82.71:80 51.53.109.147:28308 SYN_RECEIVED
TCP 211.241.82.71:80 61.58.85.212:52375 SYN_RECEIVED
TCP 211.241.82.71:80 63.33.85.135:32111 SYN_RECEIVED
TCP 211.241.82.71:80 67.206.19.195:28501 SYN_RECEIVED
TCP 211.241.82.71:80 68.79.239.155:42810 SYN_RECEIVED
TCP 211.241.82.71:80 221.29.79.118:36387 SYN_RECEIVED
=>¼ºñ½º °ÅºÎ °ø°ÝÀ» ¿øõÀûÀ¸·Î ¸·À» ¼ö ÀÖ´Â ¹æ¹ýÀº ¾ÆÁ÷ ¾øÁö¸¸
À©µµ¿ì´Â TCP/IP ½ºÅÃÀ» °ÈÇϸé ÀϺΠÁ¤µµ´Â ¸·À»¼ö ÀÖ´Ù.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpip\parameters " ¿¡
´ÙÀ½°ú °°Àº Ç׸ñÀ» Ãß°¡ÇÑ´Ù.
name hex°ª(10Áø)
EnableICMPRedirect 0
SynattackProtect 2
TcpMaxHalfOpen 64(100)
TcpMaxHalfOpenRetried 64(100)
EnableDeadGWDetect 0
EnablePMTUDiscovery 0
KeepAliveTime 493e0(300000)
DisableIPSourceRouting 2
TcpMaxConnectResponseRetransmissions 2
TcpMaxDataRetransmissions 3
PerformRouterDiscovery 0
TcpMaxPortsExhausted 5
NoNameReleaseOnDemand 1
14.IPSec º¸¾È
1. ¿ÜºÎÀÇ Æ¯Á¤ ³×Æ®¿öÅ© ´ë¿ªÀ¸·ÎºÎÅÍ SMB Login Burst Force °ø°ÝÀÌ
Áö¼ÓÀûÀ¸·Î ¹ß»ýµÇ°í ÀÖ´Ù.
ÇØ´ç ³×Æ®¿öÅ© ´ë¿ªÀ¸·ÎºÎÅÍ ¼¹ö¸¦ º¸È£Çϱâ À§ÇÑ IPSec ȯ°æÀ» ±¸¼ºÇÏ¿©¶ó.
(´Ü, º¸¾ÈÁ¤Ã¥ À̸§Àº CIFS_DCOM Deny ·Î ÁöÁ¤ÇÑ´Ù.)
=> ·ÎÄà º¸¾È ¼³Á¤ > "·ÎÄà ÄÄÇ»ÅÍÀÇ IP º¸¾È Á¤Ã¥"¿¡
»õ Á¤Ã¥À» "CIFS_DCOM Deny"·Î µî·Ï ÇÑ´Ù.
2. ´Ù¸¥ ¼¹ö¿¡¼µµ Àû¿ë °¡´ÉÇϵµ·Ï Á¤Ã¥À» ÀúÀåÇÏ¿©¶ó[C:\Default_Care.ipsec].
³»º¸³»±â·Î ÀúÀå
15.TCP/IP ÇÊÅ͸µ
1. °ø°³ÀûÀÎ À¥ ¼ºñ½º¸¦ ±¸ÃàÇϱâ À§ÇØ TCP/IP ÇÊÅ͸µÀ»
»ç¿ëÇÏ¿© ¾Æ·¡¿Í °°ÀÌ ±¸¼ºÇÏ¿©¶ó.
¢º Àç½ÃÀÛ ÈÄ¿¡ À¥ ¼ºñ½º Æ÷Æ®(80/TCP, 443/TCP)¸¸ Á¢±Ù °¡´ÉÇϵµ·Ï ¼³Á¤ÇÏ¿©¶ó.
=> ³×Æ®¿öÅ© ¿¬°á > ·ÎÄà ³×Æ®¿öÅ© ¼Ó¼º > ÀÎÅÍ³Ý ÇÁ·ÎÅäÄÝ ¼Ó¼º >
"°í±Þ" Ŭ¸¯ > °í±Þ tcp/ip ¼³Á¤¿¡ "¿É¼Ç" ÅÇ¿¡ > ¼Ó¼º
TCP/IP ÇÊÅ͸µ »ç¿ë(¸ðµç ¾î´ðÅÍ) üũ
´ÙÀ½¸¸ Çã¿ë üũÈÄ¿¡ Æ÷Æ® Ãß°¡
tcp -> 80, 443
udp -> ¾øÀ½.
ip -> 6
ip¿¡ 6¹øÀ» Ãß°¡ÇÏ´Â ÀÌÀ¯
Decimal Keyword Protocol
======= ======= ==============
0 HOPOPT IPv6 Hop-by-Hop Option
1 ICMP Internet Control Message
2 IGMP Internet Group Management
3 GGP Gateway-to-Gateway
4 IP IP in IP (encapsulation)
5 ST Stream
6 TCP Transmission Control
7 CBT CBT
8 EGP Exterior Gateway Protocol
9 IGP any private interior gateway
(used by Cisco for their IGRP)
2. IPSecÀ» »ç¿ëÇÏ¿© ¾Æ·¡¿Í °°ÀÌ ±¸¼ºÇÏ¿©¶ó.
¢º À¥ ¼¹ö°¡ Ping¿¡ ÀÀ´äµÇÁö ¾Êµµ·Ï ¼³Á¤ÇÏ¿©¶ó.
(´Ü, º¸¾ÈÁ¤Ã¥ À̸§Àº ICMP_ECHO Deny ·Î ÁöÁ¤ÇÑ´Ù.)
=>
¸Ó¸®¼Ó¿¡ ÀÖÀ½.