An ton thng tin cho cc cng ty chng khon

ng Thng 11 27th, 2007 bi administrator 27/11/2007 - 9h:40 T nh c Theo cc bo co v th trng ti chnh, ngn hng, chng khon ca Vit Nam cui nm 2006, th trng Chng khon l mt trong nhng lnh vc ti chnh hot ng si ng nht v c s pht trin rt nhanh. Sau hn 6 nm i vo hot ng t 7/2000, TTCK tp trung ca Vit Nam chng kin s pht trin mnh m c bit l trong nm 2006 v d on s cn tng mnh trong nm 2007 c v quy m cng nh cht lng. Cho n nay, trn Trung tm GD Chng khon TP.HCM c ti 106 loi c phiu, sn CK H Ni cng t ti con s 87 loi c phiu. Theo cc chuyn gia d bo, trong thi gian ti, s lng cc cng ty ch ng k nim yt s tng ln rt nhanh ng thi vi s lng cc nh u t cng nhiu v mang tnh chuyn nghip hn. Th trng Chng khon ngy cng pht trin th s lng giao dch v nhu cu tm hiu thng tin ca cc nh u t ngy cng tng. p ng c cc yu cu , ngy cng nhiu cc cng ty Chng khon c thnh lp gip cho cc nh u t d dng hn trong vic tm hiu thng tin v tip cn ti cc c phiu ang c nim yt. Theo bo co tng kt cui nm 2006, hin nay c 55 cng ty Chng khon i vo hot ng, 6 t chc lu k chng khon v 18 ngn hng thanh ton. Cc cng ty chng khon s cnh tranh mnh m thu ht nhiu nh u t v pha mnh bng cch a ra nhiu phng thc cung cp dch v m bo, tin li v y hn. Phng thc giao dch chng khon trc y yu cu nh u t phi n cc trung tm giao dch chng khon (TTGDCK) hoc quy mi gii ca cng ty chng khon t lnh th nay m rng qua cc hnh thc nh t lnh qua in thoi, Internet. Cc dch v ny ngy cng c cc nh u t lun bn bu vi cng vic kinh doanh a chung, v khng t trong s h l nhng nh u t rt ln. H mong ch s xut hin ca cc hnh thc dch v trc tuyn c th d dng bt k u, ti bt k thi im no u c th nhanh chng tra cu cp nht thng tin, thc hin giao dch mua bn chng khon. Chng ta hy nhn li quy trnh mua bn chng khon c nim yt ti cc Trung tm giao dch chng khon. Ton b quy trnh ny c tin hnh theo 5 bc:

Bc 1: Nh u t n m ti khon v t lnh mua hay bn chng khon ti mt cng ty chng khon. Bc 2: Cng ty chng khon chuyn lnh cho i din ca cng ty ti Trung tm giao dch chng khon nhp vo h thng giao dch ca Trung tm.

Bc 3: Trung tm giao dch chng khon thc hin ghp lnh v thng bo kt qu giao dch cho cng ty chng khon. Bc 4: Cng ty chng khon thng bo kt qu giao dch cho nh u t. Bc 5: Nh u t nhn chng khon (nu l ngi mua) hoc tin (nu l ngi bn) trn ti khon ca mnh ti cng ty chng khon sau 3 ngy lm vic k t ngy mua bn.

Bc 1 trong quy trnh c cc cng ty Chng khon a dng ho phng thc dch v, lm cha kho cnh tranh c th thu ht c nhiu nh u t n vi mnh. Tuy vy bn cch cc hnh thc dch v, cc cng ty chng khon cn phi m bo uy tnh cng nh cht lng ca cc thng tin m h cung cp cho nh u t. M hnh trao i thng tin in hnh ca cng ty chng khon:

Hot ng cung cp thng tin ca mt cng ty chng khon khng ch nm trong phm vi cung cp cc dch v ti chnh v mi gii mua bn chng khon m cn lin quan ti cc h thng thng tin ca hai sn giao dch chng khon H ni v Tp.HCM, lin quan ti trao i thng tin vi cc ngn hng lu k Chng khon v thanh ton b tr. Do vy, vn hnh tt cc hot ng ny, h tng CNTT ca cng ty Chng khon lun phi m bo tnh sn sng cao. H thng phi c kh nng ngn chn v phng chng cc nguy c tim n v mt an ton ca h thng CNTT khi d liu x l c truyn ch yu qua h thng mng cng cng l Internet v mng thoi.

Cc nguy c tim n l g? Ni mt cc tng qut c th phn loi cc nguy c nh sau: 1.Nguy c ngng tr hot ng ca h thng mng do tc ngn ng truyn. Cc my tnh b nhim virus s nhanh chng chim ton b bng thng v lm t lit ton b cc hot ng trao i thng tin trong mng my tnh, cc giao dch mua bn chng khon in t. 2.Nguy c cc h thng dch v giao dch trc tuyn b k xu tn cng t ngoi mng Internet bng nhiu hnh thc tn cng t chi dch v (DoS) khc nhau 3.Nguy c b k xu lm sai lch thng tin khi thc hin cc giao dch chng khon in t:

Thng tin giao dch b bt khi truyn t ngun ti ch qua mng Internet. K xu c th thay i thng tin hoc chn thm cc on m c hi. Hin nay nguy c ny c cc hng bo mt khuyn co s dng cc phng php m ho d liu trong khi truyn.

4.Nguy c b ly cp cc thng tin nhy cm nh m s ng nhp ti khon, username/password, s PIN, s th tn dng ... qua cc k thut la o phishing v farming ngy cng c tin tc ci tin tinh vi. Khi cc dch v trc tuyn ngy cng m rng th nguy c ph hoi, tn cng ca tin tc ngy cng nhiu vi tinh vi ngy cng cao. Cc cng ty Chng khon cn phi nhn thc r khi m rng cc loi hnh dch v s phi i i vi vic u t mt h tng CNTT m bo v an ton. T m hnh trao i thng tin ca cc cng ty chng khon, h tng cng ngh thng tin ca cng ty di gc nhn ca cc chuyn gia bo mt s c phn lm nm vng chnh. Cc vng ny c bo v bi cc h thng an ninh thng tin. Tt c chng hot ng di s qun l ca nhng quy nh v chnh sch an ton thng tin c iu chnh ph hp theo c th ca tng cng ty.

Nm phn vng trong m hnh bo mt tng th l: 1. Vng mng LAN bn trong to nh ca cng ty Chng khon, vng ny bao gm: o Mng LAN cc PC ca khi vn phng, khi ti chnh, khi nghip v t vn ti chnh, migii mua bn chng khon. o H thng tng i IP phc v lin lc ca cng ty Chng khon 2. Vng cc my ch DMZ cung cp cc dch v trc tuyn c truy cp qua Internet nh: E-Mail, Web site thng tin th trng, Online Brokerage, Online OTC 3. Vng cc my ch c s d liu v ng dng quan trng vn hnh h thng qun l cc giao dch chng khon. 4. Vng ngi dng truy cp t xa qua Internet vo h thng mng, ng dng ca cng ty, vng ny bao gm: o Nhn vin ca cng ty chng khon hot ng ti 2 trung tm GDCK H Ni v tp. H Ch Minh truy cp VPN (Client to Site) v mng ca cng ty. o Cc nh u t truy cp vo Web site v dch v chng khon trc tuyn (Online Brokerage, Online OTC) ca cng ty. 5. Vng cc i l, chi nhnh ca cng ty kt ni VPN Site to Site hoc WAN vo h thng mng ca cng ty. y cng l vng kt ni mng thng tin t cng ty Chng khon ti mng ca cc Ngn hng thanh ton, lu k trong tng lai.

 m bo an ton cho cc kt ni, trao i thng tin v ngn chn cc tn cng c t bn trong trong v bn ngoi mng, gii php bo mt tng th v sn phm bo mt cho h tng cng ngh thng tin c chng ti xut nh sau: 1. Phn tch cc vng mng v bo v bng h thng Firewall Mng trong phm vi to nh ca cng ty s c chia lm ba vng chnh:

Vng DMZ gm cc Server cho cc dch v trc tuyn nh Web site, Email, cc ng dng Online Brokerage, Online OTC Vng cc Server c s d liu v ng dng quan trng nh BackOffice, CSDL khch hng, giao dch, lu k y l vng cc Servers chnh vn hnh ton b h thng phn mm v CSDL lin quan ti giao dch mua bn chng khon. Vng mng LAN bao gm khi vn phng, nghip v v h thng tng i IP.

Cc vng mng s c quy hoch trn cc di IP ring bit. H thng Firewall s kim sot lung d liu i qua bao gm: Truy cp t ngoi Internet vo vng dch v trc tuyn, ngi dng mng LAN truy cp Internet qua ng LeasedLine, ADSL hoc Wireless, ngi dng mng LAN truy cp vo vng Server ng dng v c s d liu. Firewall s kim sot, xc thc v ngn chn nhng truy cp khng hp l, nhng tn cng ca hacker t ngoi Internet hoc trc tip xut pht t bn trong mng vo cc vng servers. Vi kinh nghim trin khai ca cng ty Misoft, kt hp vi s pht trin ca cng ngh, chng ti xut h thng Firewall s l s kt hp gia Firewall VPN1- UTM ca hng Check Point chy trn phn cng chuyn dng ca hng Crossbeam System. Check Point Firewall VPN1-UTM hi cc yu t bo v mng bao gm cc tnh nng Firewall, AntiVirus, IPS v VPN server ch trong mt sn phm. Check Point Firewall c ci trn mt cp thit b an ninh tch hp chuyn dng ca hng Crossbeam System chy clustering ch HA (High availability) m bo tnh sn sng cao v hiu nng hot ng ca ton mng. 2. Thit lp v bo v cc kt ni VPN. H thng Check Point Firewall VPN1-UTM t ti tr s chnh ca cng ty chng khon bn cnh chc nng kim sot cc lung thng tin ra vo mng cn l h thng VPN Server cho cc kt ni theo c 2 m hnh Client to Site v Site to Site.

Vi m hnh kt ni VPN Site to Site, ti mi chi nhnh hoc i l s s dng thit b Firewall VPN chuyn dng loi nh VPN1-Edge ca hng Check Point. Thit b ny c y tnh nng Firewall v thit lp knh kt ni Site to Site qua ng Leaseline hoc ADSL. Vi m hnh ny, h thng VPN Server ti Headquater s t ng xc thc gia 2 u thit b v kim tra tnh an ton trc khi cho php thit lp knh kt ni. Check Point VPN1-Edge khi thit lp VPN tunnel s s dng cc cng ngh m ho sau

(AES) 128-256 bit Triple DES 56-168 bit SSL Secure Sockets Layer

M hnh Client to Site p dng cho cc nhn vin ca cng ty lm vic ti cc TTGDCK thit lp knh kt ni qua Internet, dial-up v h tr xc thc ngi dng bng nhiu phng thc nh Certificate, Token, Smartcard trc khi cho php kt ni. Ti cc my ca nhn vin s ci phn mm thit lp kt ni VPN client ca Check Point. 3. Thit lp cc h thng phng chng xm nhp cho cc vng thng tin quan trng. Trong m hnh bo mt tng th cho cng ty chng khon, vng my ch c s d liu v my ch ng dng l quan trng nht trong hot ng trao i thng tin ca cng ty chng khon. Nu mt trong cc my ch ny b tn cng hoc c s c, hot ng kinh doanh ca cc cng ty s b nh hng trc tip. Do vy bn cnh h thng Firewall bo v h tng network ca cng ty, nht thit cn trang b b sung h thng phng chng xm nhp (IPS) bo v ring cho vng cc Server ng dng ny. Khc vi Network Firewall, h thng IPS s pht hin v ngn chn cc xm nhp tng ng dng, can thip trc tip vo cc protocols, cc traffice m h thng Firewall khng pht hin c.

H thng IPS c t trong vng mng LAN, do vy h thng phi m bo c tc x l khng lm nghn lung thng tin c trao i vi mt cao ti y. Vi mc quan trng nh trn, chng ti xut trin khai thit b phng chng xm nhp Proventia Network IPS chuyn dng ca hng Internet Security Systems ISS. Thit b ny cho php ngn chn trc cc cuc tn cng cha bit cng nh cc cuc tn cng bit nh DoS, trojan, peer to peer download, backdoor, malicious http v file nh km e-mail m khng nh hng n hot ng ca mng. c bit, thit b Proventia Network IPS c kh nng phn tch v nhn dng cc giao thc c s dng trong VoIP nh SIP, MGCP, H.323, H.225, H.245, Q.931, T.120 v SCCP xc nh cc cuc tn cng. Thit b ny s c t trc vng Server farm bo v cho c vng, kim sot ton b cc yu cu truy cp d liu c mc Network v mc ng dng trn cc Server. C s d liu v cc mu tn cng (attacking Signatures) s lun c h thng update t Internet Security Systems X-Force theo thi gian thc, m bo ngn chn ti a cc tn cng c th xy ra hin nay. Proventia Network IPS c tnh nng Fail-open v h tr cu hnh dng Active/Active, Active/Passive do vy m bo tnh sn sng cao ca ton mng. 4. Ngn chn tn cng ca Virus ti Gateway v trong cc vng mng. Cc con ng m virus c th tn cng v bng pht vo mng ca cng ty chng khon tng i a dng, xut pht t Internet, t ngi dng bn trong, bn ngoi mng v c bit qua email. c mt h thng phng chng c hiu qu cao th cn phng v chng Virus va Spyware ti c 4 lp mng: gateway, mailserver, server, PCs. H thng ny phi c qun l tp trung, thng nht v lun lun c cp nht mu Virus va Spyware t nhng trung tm phng chng Virus va Spyware ln trn th gii. Ngoi ra cn phi c mt chnh sch bo mt chung v kt hp vi cc gii php bo mt khc phng chng Virus va Spyware hiu qu hn.

Gii php tng th c chng ti xut da trn cng ngh v sn phm phng chng virus ca hng Trend Micro. Cc sn phm bao gm:

Trend Micro Client/Server/Messaging Suite for SMB Trend Micro Internet Security InterScan Gateway Security Appliance

i vi ngn chn v phng chng AntiVirus ti Internet Gateway, chng ti s dng thit b chuyn dng InterScan Gateway Appliance (ISGA) ca hng Trend Micro. y l thit b qut virus, spyware, phishing ti Internet Gateway trn cc lung: SMTP, POP3, HTTP, FTP v c bit m bo c tc ti im Gateway m hu ht cc traffice trao i thng tin gia mng trong v mng ngoi u phi i qua. 5. Xc thc mnh v ch k s m bo cc giao dch mua bn chng khon trc tuyn. Trc s si ng ca th trng chng khon v s lng cc nh u t ngy cng tng nhanh, cc cng ty ang rt c gng thu ht c nhiu nh u t n vi mnh bng cch cung cp cc dch v thun li nht nh m ti khon, giao dch qua mng, qua phone. Mt trong nhng yu t thnh cng ca cc hnh thc dch v Online l tnh an ton, nhanh chng v khng lm nh u t mt cc c hi mua bn. Xc thc mnh danh tnh trc tuyn v ng dng cng ngh H tng m kho cng cng (PKI) m ho d liu nhm m bo ti a tnh ton vn, b mt v chng t chi ca cc giao dch in t. Hng Entrust v hng VASCO l 2 cng ty chuyn cung cp cc gii php, sn phm xc thc mnh v m ho d liu cho lnh vc ti chnh, ngn hng. Trong lnh vc chng khon, gii php ca Entrust v VASCO c tch hp vo cc ng dng giao dch mua bn chng kho trc tuyn thc hin nhm cc mc nh:

Xc thc mnh 2 yu t khi ngi dng truy cp ti khon trc tuyn, s dng cc phng thc xc thc nh One-Time-Password token, Grid token, Mobile

Xc thc 2 chiu gia ng dng chng khon trc tuyn v cc nh u t. Cc nh u t c kh nng xc thc li Web site, ng dng c ng l Web site tht ca nh cung cp hay khng. K thut ny gip cho nh u t chng li cc k thut tn cng phishing hoc Farming n cp thng tin ca tin tc. Tch hp ch k s vo cc giao dch quan trng, m bo tnh ton vn, tnh mt, tnh chng t chi trong cc giao dch mua bn chng khon online. Cng ngh ny cng c cc cty chng khon ng dng lm trng ti phn x trong trng hp ny sinh cc vn chi b hoc sai st trong giao dch.

Thng thng, cc gii php xc thc truyn thng s i hi hng trm la u t cho mi mt khch hng, vy cc cng ty chng khon s chu chi ph ny hay nh u t s chu bo mt thng tin ca h? Gii php xc thc mnh IdentityGuard ca Entrust s gip cc cng ty chng khon gii quyt bi ton ny vi mt chi ph ti u nht. Mi mt nh u t s c cp mt th xc thc in ma trn mt bng nh hnh v, mi mt ln giao dch, thay v (hoc thm vo) vic hi mt khu, ng dng chng khon s hi vi gi tr trong mt s ngu nhin trn th. V d: A3=? B5=? C2=?... Nu gi s ln giao dch b l, k xu c ng khng th li dng c ln sau. Tt nhin bng gi tr ny s thng xuyn c thay i v gi n khch. Th xc thc c th cp cho cc nh u t khi s dng giao dch in t, giao dch qua phone, trang b cho cc nhn vin ca cng ty ti trung tm giao dch truy cp VPN v mng ca cng ty, trang b cho cc nhn vin trong cng ty khi mun truy cp vo mt s

ng dng ni b hoc server quan trng. Gii php xc thc IdentityGuard ca Entrust rt ph hp khi trin khai vi mt s lng ln bi chi ph thp v tnh tin dng cao. 6. Kim tra, pht hin cc l hng trong ng dng pht trin Hu ht cc ng dng chng khon trc tuyn hin nay u do cc cng ty phn mm trong nc pht trin v chy trn mi trng Web. Cc ng dng c lp trnh bng cc cng c v ngn ng lp trnh ph bin nh .NET, Oracle v trn thc t cc ng dng lun tim n rt nhiu nhng l hng bo mt xut pht t bn thn cc phn mm c s d liu, trong cc Web server v trong cc on code lp trnh ca lp trnh vin. Cc l hng s to ra cc Backdoor tin tc li dng lm sai lch thng tin, chim ot quyn iu khin ca cc account qun tr ca ng dng hoc thm ch chim ot lun quyn iu khin Server. i vi nhng l hng bo mt loi ny, cc h thng nh Network Firewall, IPS cng kh c th pht hin ra. pht hin v ngn chn cc l hng bo mt trong ng dng Web, c 2 phng php c p dng l:

S dng chng trnh pht hin im yu r sot tt c cc on code lp trnh, cc h iu hnh, cc web server m ng dng Web ang hot ng. Chng trnh s ch ra nhng l hng v xut cc phng n x l. Gii php AppScan 7.0 ca hng WatchFire cho php t ng ho tin trnh phn tch, gip cho thi gian pht hin l hng, ngun gc pht sinh v xut phng hng ngn chn gim 80% so vi vic s dng cc chuyn gia nh gi l hng. Gii php ny l cu ni gia gia chuyn vin bo mt vi nh pht trin ng dng em li tnh an ton bo mt nht cho ng dng Web. Phng php ny c th c p dng ngay khi ng dng ang trong giai on pht trin hoc sau khi ng dng i vo hot ng.

Phng php th hai c s dng kim sot v che cc l hng bo mt trong ng dng l s dng mt th h Firewall mi chuyn dng bo v cho cc ng dng Web. Netcontinnum Application Security l mt sn phm tng la ng dng Web ca hng Netcontinuum vi mc ch pht hin ra cc l hng bo mt, sau s kim sot v ngn chn cc tn cng ti l hng . Khc vi gii php ca WatchFire, Netcontinnum khng yu cu phi ra sot ton b cc m lnh lp trnh m s c t trc ng dng kim sot cc yu cu t pha ngi dng gi ti ng dng Web.

Netcontinuum c kh nng pht hin v x l trn 70 loi l hng v nguy c mt an ton nm bn trong cc ng dng. Cc loi l hng ny u nm trong top 10 l hng tinh vi nht c hip hi pht trin v bo v ng dng Open Web Application Security Project (OWASP: www.owasp.org) nu ra. Kt lun: Theo k hoch pht trin ca ngnh ti chnh, ngnh chng khon s t 30% GPD ca Vit nam n nm 2010. Theo ng k hoch ny th th trng chng khon vit nam s rt si ng v pht trin nhanh chng. Khi giao dch chng khon trc tuyn tr thnh yu t quan trng lm cha kho cnh tranh gia cc cng ty chng khon. y cng l yu t thc y s pht trin chung ca ngnh chng khon Vit Nam tng t nh i vi th trng chng khon quc t. Tuy vy vic u t v trin khai mt h thng CNTT o bm cho cc hot ng chng khon, nht thit cn phi u t mt cch ng b gia h tng thng tin v h thng bo mt mt cch y .

Nu h thng vn cn tn ti nhng l hng cha c bo v th c th s l cc im yu tin tc, hoc thm ch l nhng i th cnh tranh li dng tn cng. Hu qu xy ra nh hng n hot ng kinh doanh l kh c th lng trc c. Song song vi vic u t v cng ngh, cc cng ty chng khon s phi xy dng c ring cho mnh mt h thng qun l an ton thng tin bao gm cc chnh sch ATTT, cc hng dn c th trong vic thc thi chnh sch v b tr ti nguyn con ngi cng vi trch nhim v quyn li c th. H thng qun l ny s gip cho cc cng ty chng khon c th thch ng linh hot vi s thay i ca cc ri ro trong h thng CNTT. H thng ny c m t k lng trong chun ISO17799- chun quc t v an ton thng tin- m cc cng ty chng khon c th xem xt p dng. Vi t cch lm mt trong cc cng ty hng u ca Vit Nam trong lnh vc an ton thng tin, chng ti c th cung cp ti cc cng ty chng khon cc dch v v an ton thng tin sau:

T vn gii php tng th an ton, an ninh thng tin nh gi, kim nh ri ro v ln phng n x l trong h thng CNTT Cung cp phn mm, phn cng v trin khai cc gii php an ton thng tin tng th. o to v lnh vc an ton, an ninh thng tin trong v ngoi nc.

Chng ti hi vng kinh nghim v cc gii php an ton thng tin ca chng ti s gp phn vo s pht trin ca ngnh ti chnh ni chung v th trng chng khon ni ring. Tham kho: Cc web site thng tin v cc sn phm bo mt c xut trong gii php tng th v an ton thng tin cho cc cng ty chng khon: Cc sn phm ca h thng Firewall/VPN

Firewall cho h tng mng Check Point: www.checkpoint.com Crossbeam System www.crossbeamsystems.com

Firewall cho ng dng

Netcontinuum: www.netcontiuum.com Cc sn phm ca h thng phng chng xm nhp (IPS)

Internet Security Systems: www.iss.net

Cc sn phm ca h thng phng chng Virus

Trend Micro:

www.trendmicro.com

Cc sn phm ca h thng xc thc v h tn m kho cng cng (PKI)

VASCO Data Security: Entrust:

www.vasco.com

www.entrust.com

Sn phm d qut l hng bo mt trong ng dng

Watchfire:

www.watchfire.com