Main Vulnerabilities and Cyber ​​Attack Methods

1.1.1.2. System security history

There are several events that mark malicious activities on the network, which give rise to system security requirements as follows:

- 1988: A program appeared on the Internet that replicated itself on all computers on the Internet. These programs were called "worms". Although its level of danger was not great, it posed problems for administrators regarding system access rights, as well as software errors.

- 1990: Virus transmission via email addresses appeared commonly on the Internet.

- 1991: Trojan programs discovered.

Maybe you are interested!

• Mobile Phone Usage in Hanoi Inner City Area zt2i3t4l5ee zt2a3gsconsumer,consumption,consumer behavior,marketing,mobile marketing zt2a3ge zc2o3n4t5e6n7ts - Test the relationship between demographic variables and consumer behavior for Mobile Marketing activities The analysis method used is the Chi-square test (χ2), with statistical hypotheses H0 and H1 and significance level α = 0.05. In case the P index (p-value) or Sig. index in SPSS has a value less than or equal to the significance level α, the hypothesis H0 is rejected and vice versa. With this testing procedure, the study can evaluate the difference in behavioral trends between demographic groups. CHAPTER 4 RESEARCH RESULTS During two months, 1,100 survey questionnaires were distributed to mobile phone users in the inner city of Hanoi using various methods such as direct interviews, sending via email or using questionnaires designed on the Internet. At the end of the survey, after checking and eliminating erroneous questionnaires, the study collected 858 complete questionnaires, equivalent to a rate of about 78%. In addition, the research subjects of the thesis are only people who are using mobile phones, so people who do not use mobile phones are not within the scope of the thesis, therefore, the questionnaires with the option of not using mobile phones were excluded from the scope of analysis. The number of suitable survey questionnaires included in the statistical analysis was 835. 4.1 Demographic characteristics of the sample The structure of the survey sample is divided and statistically analyzed according to criteria such as gender, age, occupation, education level and personal income. (Detailed statistical table in Appendix 6) - Gender structure: Of the 835 completed questionnaires, 49.8% of respondents were male, equivalent to 416 people, and 50.2% were female, equivalent to 419 people. The survey results of the study are completely consistent with the gender ratio in the population structure of Vietnam in general and Hanoi in particular (Male/Female: 49/51). - Age structure: 36.6% of respondents are <23 years old, equivalent to 306 people. People from 23-34 years old accounting for the highest proportion: 44.8% equivalent to 374 people, people aged 35-45 and >45 are 70 and 85 people equivalent to 8.4% and 10.2% respectively. Looking at the results of this survey, we can see that the young people - youth account for a large proportion of the total number of people participating in the survey. Meanwhile, the middle-aged people including two age groups of 35 - 45 and >45 have a low rate of participation in the survey. This is completely consistent with the reality when Mobile Marketing is identified as a Marketing service aimed at young people (people under 35 years old). - Structure by educational level: among 835 valid responses, 541 respondents had university degrees, accounting for the highest proportion of ~ 75%, 102 had secondary school degrees, ~ 13.1%, and 93 had post-graduate degrees, ~ 11.9%. - Occupational structure: office workers and civil servants are the group with the highest rate of participation with 39.4%, followed by students with 36.6%. Self-employed people account for 12%, retired housewives are 7.8% and other occupational groups account for 4.2%. The survey results show that the student group has the same rate as the group aged <23 at 36.6%. This shows the accuracy of the survey data. In addition, the survey results distributed by occupational criteria have a rate almost similar to the sample division rate in chapter 3. Therefore, it can be concluded that the survey data is suitable for use in analysis activities. - Income structure: the group with income from 3 to 5 million has the highest rate with 39% of the total number of respondents. This is consistent with the income structure of Hanoi people and corresponds to the average income of the group of civil servants and office workers. Those People with no income account for 23%, income under 3 million VND accounts for 13% and income over 5 million VND accounts for 25%. 4.2 Mobile phone usage in Hanoi inner city area According to the survey results, most respondents said they had used the phone for more than 1 year, specifically: 68.4% used mobile phones from 4 to 10 years, 23.2% used from 1 to 3 years, 7.8% used for more than 10 years. Those who used mobile phones for less than 1 year accounted for only a very small proportion of ~ 0.6%. (Table 4.1) Table 4.1: Time spent using mobile phones Frequency Ratio (%) Valid Percentage Cumulative Percentage Alid <1 year 5 .6 .6 .6 1-3 years 194 23.2 23.2 23.8 4-10 years 571 68.4 68.4 92.2 >10 years 65 7.8 7.8 100.0 Total 835 100.0 100.0 The survey indexes on the time of using mobile phones of consumers in the inner city of Hanoi are very impressive for a developing country like Vietnam and also prove that Vietnamese consumers have a lot of experience using this high-tech device. Moreover, with the majority of consumers surveyed having a relatively long time of use (4-10 years), it partly proves that mobile phones have become an important and essential item in people's daily lives. When asked about the mobile phone network they are using, 31% of respondents said they are using the network of Vietel company, 29% use the network of of Mobifone company, 27% use Vinaphone company's network and 13% use networks of other providers such as E-VN telecom, S-fone, Beeline, Vietnammobile. (Figure 4.1). Figure 4.1: Mobile phone network in use Compared with the announced market share of mobile telecommunications service providers in Vietnam (Vietel: 36%, Mobifone: 29%, Vinaphone: 28%, the remaining networks: 7%), we see that the survey results do not have many differences. However, the statistics show that there is a difference in the market share of other networks because the Hanoi market is one of the two main markets of small networks, so their market share in this area will certainly be higher than that of the whole country. According to a report by NielsenMobile (2009) [8], the number of prepaid mobile phone subscribers in Hanoi accounts for 95% of the total number of subscribers, however, the results of this survey show that the percentage of prepaid subscribers has decreased by more than 20%, only at 70.8%. On the contrary, the number of postpaid subscribers tends to increase from 5% in 2009 to 19.2%. Those who are simultaneously using both types of subscriptions account for 10%. (Table 4.2). Table 4.2: Types of mobile phone subscribers Frequency Ratio (%) Valid Percentage Cumulative Percentage Valid Prepay 591 70.8 70.8 70.8 Pay later 160 19.2 19.2 89.9 Both of the above 84 10.1 10.1 100.0 Total 835 100.0 100.0 The above figures show the change in the psychology and consumption habits of Vietnamese consumers towards mobile telecommunications services, when the use of prepaid subscriptions and junk SIMs is replaced by the use of two types of subscriptions for different purposes and needs or switching to postpaid subscriptions to enjoy better customer care services. In addition, the majority of respondents have an average spending level for mobile phone services from 100 to 300 thousand VND (406 ~ 48.6% of total respondents). The high spending level (> 500 thousand VND) is the spending level with the lowest number of people with only 8.4%, on the contrary, the low spending level (under 100 thousand VND) accounts for the second highest proportion among the groups of respondents with 25.4%. People with low spending levels mainly fall into the group of students and retirees/housewives - those who have little need to use or mainly use promotional SIM cards. (Table 4.3). Table 4.3: Spending on mobile phone charges Frequency Ratio (%) Valid Percentage Cumulative Percentage Valid <100,000 212 25.4 25.4 25.4 100-300,000 406 48.6 48.6 74.0 300,000-500,000 147 17.6 17.6 91.6 >500,000 70 8.4 8.4 100.0 Total 835 100.0 100.0 The statistics in Table 4.3 are similar to the percentages in the NielsenMobile survey results (2009) with 73% of mobile phone users having medium spending levels and only 13% having high spending levels. The survey results also showed that up to 31% ~ nearly one-third of respondents said they sent more than 10 SMS messages/day, meaning that on average they sent 1 SMS message for every working hour. Those with an average SMS message volume (from 3 to 10 messages/day) accounted for 51.1% and those with a low SMS message volume (less than 3 messages/day) accounted for 17%. (Table 4.4) Table 4.4: Number of SMS messages sent per day Frequency Ratio (%) Valid Percentage Cumulative Percentage Valid <3 news 142 17.0 17.0 17.0 3-10 news 427 51.1 51.1 68.1 >10 news 266 31.9 31.9 100.0 Total 835 100.0 100.0 Similar to sending messages, those with an average message receiving rate (from 3-10 messages/day) accounted for the highest percentage of ~ 55%, followed by those with a high number of messages (over 10 messages/day) ~ 24% and those with a low number of messages received daily (under 3 messages/day) remained at the bottom with 21%. (Table 4.5) Table 4.5: Number of SMS messages received per day Frequency Ratio (%) Valid Percentage Cumulative Percentage Valid <3 news 175 21.0 21.0 21.0 3-10 news 436 55.0 55.0 76.0 >10 news 197 24.0 24.0 100.0 Total 835 100.0 100.0 When comparing the data of the two result tables 4.4 and 4.5, we can see the reasonableness between the ratio of the number of messages sent and the number of messages received daily by the interview participants. 4.3 Current status of SMS advertising and Mobile Marketing According to the interview results, in the 3 months from the time of the survey and before, 94% of respondents, equivalent to 785 people, said they received advertising messages, while only a very small percentage of 6% (only 50 people) did not receive advertising messages (Table 4.6). Table 4.6: Percentage of people receiving advertising messages in the last 3 months Frequency Ratio (%) Valid Percentage Cumulative Percentage Valid Have 785 94.0 94.0 94.0 Are not 50 6.0 6.0 100.0 Total 835 100.0 100.0 The results of Table 4.6 show that consumers in the inner city of Hanoi are very familiar with advertising messages. This result is also the basis for assessing the knowledge, experience and understanding of the respondents in the interview. This is also one of the important factors determining the accuracy of the survey results. In addition, most respondents said they had received promotional messages, but only 24% of them had ever taken the action of registering to receive promotional messages, while 76% of the remaining respondents did not register to receive promotional messages but still received promotional messages every day. This is the first sign indicating the weaknesses and shortcomings of lax management of this activity in Vietnam. (Table 4.7) div.maincontent .s1 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s2 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s3 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .p { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; margin:0pt; } div.maincontent p { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; margin:0pt; } div.maincontent .s4 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9.5pt; vertical-align: 6pt; } div.maincontent .s5 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s6 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s7 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s8 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s9 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s10 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 12pt; } div.maincontent .s11 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; font-size: 14pt; } div.maincontent .s12 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s13 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s14 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 13pt; } div.maincontent .s15 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 9.5pt; vertical-align: 6pt; } div.maincontent .s16 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 5.5pt; vertical-align: 3pt; } div.maincontent .s17 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 8.5pt; } div.maincontent .s18 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; font-size: 14pt; } div.maincontent .s19 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; font-size: 14pt; } div.maincontent .s20 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s21 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s22 { color: black; font-family:"Courier New", monospace; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s23 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s24 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s25 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s26 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s27 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 1.5pt; } div.maincontent .s28 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 11pt; } div.maincontent .s29 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 13pt; } div.maincontent .s30 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 13pt; } div.maincontent .s31 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s32 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s33 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 11pt; } div.maincontent .s35 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 10.5pt; } div.maincontent .s36 { color: #F00; font-family:Arial, sans-serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 10.5pt; } div.maincontent .s37 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 10.5pt; } div.maincontent .s38 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 8.5pt; vertical-align: 5pt; } div.maincontent .s39 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s40 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 7pt; vertical-align: 4pt; } div.maincontent .s41 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 10.5pt; } div.maincontent .s42 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 11pt; } div.maincontent .s43 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 7.5pt; vertical-align: 5pt; } div.maincontent .s44 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 7pt; vertical-align: 5pt; } div.maincontent .s45 { color: #F00; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 10.5pt; } div.maincontent .s46 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 7pt; vertical-align: 5pt; } div.maincontent .s47 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 11pt; } div.maincontent .s48 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s49 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 9.5pt; vertical-align: -2pt; } div.maincontent .s50 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9.5pt; } div.maincontent .s51 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 9.5pt; vertical-align: -1pt; } div.maincontent .s52 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9.5pt; vertical-align: -2pt; } div.maincontent .s53 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s54 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9.5pt; vertical-align: -1pt; } div.maincontent .s55 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s56 { color: #00F; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; font-size: 14pt; } div.maincontent .s57 { color: #00F; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s58 { color: #00F; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; font-size: 14pt; } div.maincontent .s59 { color: #00F; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s60 { color: #00F; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; font-size: 13pt; } div.maincontent .s61 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s62 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s63 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .content_head2 { color: #F00; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s64 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 13pt; } div.maincontent .s67 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9.5pt; } div.maincontent .s68 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 12pt; } div.maincontent .s69 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 12pt; } div.maincontent .s70 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; tex
• Qos Assurance Methods for Multimedia Communications zt2i3t4l5ee zt2a3gs zt2a3ge zc2o3n4t5e6n7ts low. The EF PHB requires a sufficiently large number of output ports to provide low delay, low loss, and low jitter. EF PHBs can be implemented if the output port's bandwidth is sufficiently large, combined with small buffer sizes and other network resources dedicated to EF packets, to allow the router's service rate for EF packets on an output port to exceed the arrival rate λ of packets at that port. This means that packets with PHB EF are considered with a pre-allocated amount of output bandwidth and a priority that ensures minimum loss, minimum delay and minimum jitter before being put into operation. PHB EF is suitable for channel simulation, leased line simulation, and real-time services such as voice, video without compromising on high loss, delay and jitter values. Figure 2.10 Example of EF installation Figure 2.10 shows an example of an EF PHB implementation. This is a simple priority queue scheduling technique. At the edges of the DS domain, EF packet traffic is prioritized according to the values ​​agreed upon by the SLA. The EF queue in the figure needs to output packets at a rate higher than the packet arrival rate λ. To provide an EF PHB over an end-to-end DS domain, bandwidth at the output ports of the core routers needs to be allocated in advance to ensure the requirement μ > λ. This can be done by a pre-configured provisioning process. In the figure, EF packets are placed in the priority queue (the upper queue). With such a length, the queue can operate with μ > λ. Since EF was primarily used for real-time services such as voice and video, and since real-time services use UDP instead of TCP, RED is generally not suitable for EF queues because applications using UDP will not respond to random packet drop and RED will strip unnecessary packets. 2.2.4.2 Assured Forwarding (AF) PHB PHB AF is defined by RFC 2597. The purpose of PHB AF is to deliver packets reliably and therefore delay and jitter are considered less important than packet loss. PHB AF is suitable for non-real-time services such as applications using TCP. PHB AF first defines four classes: AF1, AF2, AF3, AF4. For each of these AF classes, packets are then classified into three subclasses with three distinct priority levels. Table 2.8 shows the four AF classes and 12 AF subclasses and the DSCP values ​​for the 12 AF subclasses defined by RFC 2597. RFC 2597 also allows for more than three separate priority levels to be added for internal use. However, these separate priority levels will only have internal significance. PHB Class PHB Subclass Package type DSCP AF4 AF41 Short 100010 AF42 Medium 100100 AF43 High 100110 AF3 AF31 Short 011010 AF32 Medium 011100 AF33 High 011110 AF2 AF21 Short 010010 AF22 Medium 010100 AF23 High 010110 AF1 AF11 Short 001010 AF12 Medium 001100 AF13 High 001110 Table 2.8 AF DSCPs The AF PHB ensures that packets are forwarded with a high probability of delivery to the destination within the bounds of the rate agreed upon in an SLA. If AF traffic at an ingress port exceeds the pre-priority rate, which is considered non-compliant or “out of profile”, the excess packets will not be delivered to the destination with the same probability as the packets belonging to the defined traffic or “in profile” packets. When there is network congestion, the out of profile packets are dropped before the in profile packets are dropped. When service levels are defined using AF classes, different quantity and quality between AF classes can be realized by allocating different amounts of bandwidth and buffer space to the four AF classes. Unlike EF, most AF traffic is non-real-time traffic using TCP, and the RED queue management strategy is an AQM (Adaptive Queue Management) strategy suitable for use in AF PHBs. The four AF PHB layers can be implemented as four separate queues. The output port bandwidth is divided into four AF queues. For each AF queue, packets are marked with three “colors” corresponding to three separate priority levels. In addition to the 32 DSCP 1 groups defined in Table 2.8, 21 DSCPs have been standardized as follows: one for PHB EF, 12 for PHB AF, and 8 for CSCP. There are 11 DSCP 1 groups still available for other standards. 2.2.5.Example of Differentiated Services We will look at an example of the Differentiated Service model and mechanism of operation. The architecture of Differentiated Service consists of two basic sets of functions: Edge functions: include packet classification and traffic conditioning. At the inbound edge of the network, incoming packets are marked. In particular, the DS field in the packet header is set to a certain value. For example, in Figure 2.12, packets sent from H1 to H3 are marked at R1, while packets from H2 to H4 are marked at R2. The labels on the received packets identify the service class to which they belong. Different traffic classes receive different services in the core network. The RFC definition uses the term behavior aggregate rather than the term traffic class. After being marked, a packet can be forwarded immediately into the network, delayed for a period of time before being forwarded, or dropped. We will see that there are many factors that affect how a packet is marked, and whether it is forwarded immediately, delayed, or dropped. Figure 2.12 DiffServ Example Core functionality: When a DS-marked packet arrives at a Diffservcapable router, the packet is forwarded to the next router based on Per-hop behavior is associated with packet classes. Per-hop behavior affects router buffers and the bandwidth shared between competing classes. An important principle of the Differentiated Service architecture is that a router's per-hop behavior is based only on the packet's marking or the class to which it belongs. Therefore, if packets sent from H1 to H3 as shown in the figure receive the same marking as packets from H2 to H4, then the network routers treat the packets exactly the same, regardless of whether the packet originated from H1 or H2. For example, R3 does not distinguish between packets from h1 and H2 when forwarding packets to R4. Therefore, the Differentiated Service architecture avoids the need to maintain router state about separate source-destination pairs, which is important for network scalability. Chapter Conclusion Chapter 2 has presented and clarified two main models of deploying and installing quality of service in IP networks. While the traditional best-effort model has many disadvantages, later models such as IntServ and DiffServ have partly solved the problems that best-effort could not solve. IntServ follows the direction of ensuring quality of service for each separate flow, it is built similar to the circuit switching model with the use of the RSVP resource reservation protocol. IntSer is suitable for services that require fixed bandwidth that is not shared such as VoIP services, multicast TV services. However, IntSer has disadvantages such as using a lot of network resources, low scalability and lack of flexibility. DiffServ was born with the idea of ​​solving the disadvantages of the IntServ model. DiffServ follows the direction of ensuring quality based on the principle of hop-by-hop behavior based on the priority of marked packets. The policy for different types of traffic is decided by the administrator and can be changed according to reality, so it is very flexible. DiffServ makes better use of network resources, avoiding idle bandwidth and processing capacity on routers. In addition, the DifServ model can be deployed on many independent domains, so the ability to expand the network becomes easy. Chapter 3: METHODS TO ENSURE QoS FOR MULTIMEDIA COMMUNICATIONS In packet-switched networks, different packet flows often have to share the transmission medium all the way to the destination station. To ensure the fair and efficient allocation of bandwidth to flows, appropriate serving mechanisms are required at network nodes, especially at gateways or routers, where many different data flows often pass through. The scheduler is responsible for serving packets of the selected flow and deciding which packet will be served next. Here, a flow is understood as a set of packets belonging to the same priority class, or originating from the same source, or having the same source and destination addresses, etc. In normal state when there is no congestion, packets will be sent as soon as they are delivered. In case of congestion, if QoS assurance methods are not applied, prolonged congestion can cause packet drops, affecting service quality. In some cases, congestion is prolonged and widespread in the network, which can easily lead to the network being "frozen", or many packets being dropped, seriously affecting service quality. Therefore, in this chapter, in sections 3.2 and 3.3, we introduce some typical network traffic load monitoring techniques to predict and prevent congestion before it occurs through the measure of dropping (removing) packets early when there are signs of impending congestion. 3.1. DropTail method DropTail is a simple, traditional queue management method based on FIFO mechanism. All incoming packets are placed in the queue, when the queue is full, the later packets are dropped. Due to its simplicity and ease of implementation, DropTail has been used for many years on Internet router systems. However, this algorithm has the following disadvantages: − Cannot avoid the phenomenon of “Lock out”: Occurs when 1 or several traffic streams monopolize the queue, making packets of other connections unable to pass through the router. This phenomenon greatly affects reliable transmission protocols such as TCP. According to the anti-congestion algorithm, when locked out, the TCP connection stream will reduce the window size and reduce the packet transmission speed exponentially. − Can cause Global Synchronization: This is the result of a severe “Lock out” phenomenon. Some neighboring routers have their queues monopolized by a number of connections, causing a series of other TCP connections to be unable to pass through and simultaneously reducing the transmission speed. After those monopolized connections are temporarily suspended, Once the queue is cleared, it takes a considerable amount of time for TCP connections to return to their original speed. − Full Queue phenomenon: Data transmitted on the Internet often has an explosion, packets arriving at the router are often in clusters rather than in turn. Therefore, the operating mechanism of DropTail makes the queue easily full for a long period of time, leading to the average delay time of large packets. To avoid this phenomenon, with DropTail, the only way is to increase the router's buffer, this method is very expensive and ineffective. − No QoS guarantee: With the DropTail mechanism, there is no way to prioritize important packets to be transmitted through the router earlier when all are in the queue. Meanwhile, with multimedia communication, ensuring connection and stable speed is extremely important and the DropTail algorithm cannot satisfy. The problem of choosing the buffer size of the routers in the network is to “absorb” short bursts of traffic without causing too much queuing delay. This is necessary in bursty data transmission. The queue size determines the size of the packet bursts (traffic spikes) that we want to be able to transmit without being dropped at the routers. In IP-based application networks, packet dropping is an important mechanism for indirectly reporting congestion to end stations. A solution that prevents router queues from filling up while reducing the packet drop rate is called dynamic queue management. 3.2. Random elimination method – RED 3.2.1 Overview RED (Random Early Detection of congestion; Random Early Drop) is one of the first AQM algorithms proposed in 1993 by Sally Floyd and Van Jacobson, two scientists at the Lawrence Berkeley Laboratory of the University of California, USA. Due to its outstanding advantages compared to previous queue management algorithms, RED has been widely installed and deployed on the Internet. The most fundamental point of their work is that the most effective place to detect congestion and react to it is at the gateway or router. Source entities (senders) can also do this by estimating end-to-end delay, throughput variability, or the rate of packet retransmissions due to drop. However, the sender and receiver view of a particular connection cannot tell which gateways on the network are congested, and cannot distinguish between propagation delay and queuing delay. Only the gateway has a true view of the state of the queue, the link share of the connections passing through it at any given time, and the quality of service requirements of the traffic flows. The RED gateway monitors the average queue length, which detects early signs of impending congestion (average queue length exceeding a predetermined threshold) and reacts appropriately in one of two ways: − Drop incoming packets with a certain probability, to indirectly inform the source of congestion, the source needs to reduce the transmission rate to keep the queue from filling up, maintaining the ability to absorb incoming traffic spikes. − Mark “congestion” with a certain probability in the ECN field in the header of TCP packets to notify the source (the receiving entity will copy this bit into the acknowledgement packet). Figure 3. 1 RED algorithm The main goal of RED is to avoid congestion by keeping the average queue size within a sufficiently small and stable region, which also means keeping the queuing delay sufficiently small and stable. Achieving this goal also helps: avoid global synchronization, not resist bursty traffic flows (i.e. flows with low average throughput but high volatility), and maintain an upper bound on the average queue size even in the absence of cooperation from transport layer protocols. To achieve the above goals, RED gateways must do the following: − The first is to detect congestion early and react appropriately to keep the average queue size small enough to keep the network operating in the low latency, high throughput region, while still allowing the queue size to fluctuate within a certain range to absorb short-term fluctuations. As discussed above, the gateway is the most appropriate place to detect congestion and is also the most appropriate place to decide which specific connection to report congestion to. − The second thing is to notify the source of congestion. This is done by marking and notifying the source to reduce traffic. Normally the RED gateway will randomly drop packets. However, if congestion If congestion is detected before the queue is full, it should be combined with packet marking to signal congestion. The RED gateway has two options: drop or mark; where marking is done by marking the ECN field of the packet with a certain probability, to signal the source to reduce the traffic entering the network. − An important goal that RED gateways need to achieve is to avoid global synchronization and not to resist traffic flows that have a sudden characteristic. Global synchronization occurs when all connections simultaneously reduce their transmission window size, leading to a severe drop in throughput at the same time. On the other hand, Drop Tail or Random Drop strategies are very sensitive to sudden flows; that is, the gateway queue will often overflow when packets from these flows arrive. To avoid these two phenomena, gateways can use special algorithms to detect congestion and decide which connections will be notified of congestion at the gateway. The RED gateway randomly selects incoming packets to mark; with this method, the probability of marking a packet from a particular connection is proportional to the connection's shared bandwidth at the gateway. − Another goal is to control the average queue size even without cooperation from the source entities. This can be done by dropping packets when the average size exceeds an upper threshold (instead of marking it). This approach is necessary in cases where most connections have transmission times that are less than the round-trip time, or where the source entities are not able to reduce traffic in response to marking or dropping packets (such as UDP flows). 3.2.2 Algorithm This section describes the algorithm for RED gateways. RED gateways calculate the average queue size using a low-pass filter. This average queue size is compared with two thresholds: minth and maxth. When the average queue size is less than the lower threshold, no incoming packets are marked or dropped; when the average queue size is greater than the upper threshold, all incoming packets are dropped. When the average queue size is between minth and maxth, each incoming packet is marked or dropped with a probability pa, where pa is a function of the average queue size avg; the probability of marking or dropping a packet for a particular connection is proportional to the bandwidth share of that connection at the gateway. The general algorithm for a RED gateway is described as follows: [5] For each packet arrival Caculate the average queue size avg If minth ≤ avg < maxth div.maincontent .s1 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 15pt; } div.maincontent .s2 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 15pt; } div.maincontent .p { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; margin:0pt; } div.maincontent p { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; margin:0pt; } div.maincontent .s3 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s4 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s5 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s6 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s7 { color: black; font-family:Wingdings; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s8 { color: black; font-family:Arial, sans-serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 15pt; } div.maincontent .s9 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s10 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; vertical-align: 6pt; } div.maincontent .s11 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s12 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10pt; } div.maincontent .s13 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-d
• Pre-tax Profit of Bidv Tien Giang in the Period 2011-2015 zt2i3t4l5ee zt2a3gsnon-credit services, joint stock commercial bank zt2a3ge zc2o3n4t5e6n7ts At that time, the Branch had to set aside a provision for credit risks, which reduced the Branch's income. Chart 2.2. Pre-tax profit of BIDV Tien Giang in the period 2011-2015 Unit: Billion VND 140 120 100 80 60 40 20 0 63.3 80.34 89.29 110.08 131.99 2011 2012 2013 2014 2015 Profit before tax (Source: Report on the implementation of the annual business plan of the General Planning Department of BIDV Tien Giang [24]) However, through chart 2.2, it can be seen that BIDV Tien Giang's profit is still increasing continuously, and its operating efficiency is currently leaking. This is a contribution of non-credit services, and this service segment will be increasingly focused on growth by BIDV Tien Giang to ensure the highest profit safety because credit activities have many potential risks. At the same time, focusing on developing non-credit services is consistent with one of the contents of restructuring the financial activities of credit institutions in the project "Restructuring the system of credit institutions in the period 2011-2015" approved by the Prime Minister in Decision No. 254/QD-TTg dated March 1, 2012 [14]: "Gradually shifting the business model of commercial banks towards reducing dependence on credit activities and increasing income from non-credit services". 2.2. Current status of non-credit service development at BIDV Tien Giang. 2.2.1. BIDV Tien Giang has deployed the development of non-credit services in recent times. Along with the development of the Head Office, BIDV Tien Giang's products and services are constantly improved and deployed in a diverse manner to ensure provision for many different customer groups in the area: individual customers, corporate customers, and financial institutions. Typical services are as follows: Payment services, treasury services, guarantee services, card services, trade finance, other services: Western Union, insurance commissions, consulting services, foreign exchange derivatives trading, e-banking services,... 2.2.1.1. Payment services: In accordance with the Prime Minister's Project to promote non-cash payments in Vietnam [15], banks in Tien Giang province have continuously developed payment services to reduce customers' cash usage habits through card services and electronic banking services such as: salary payment through accounts, focusing on developing card acceptance points, developing multi-purpose cards, paying social insurance by transfer, paying bills through banks, etc. Chart 2.3. Net income from payment services in the period 2011-2015 Unit: Million VND 6000 5000 4000 3000 2000 1000 0 3922 4065 4720 5084 5324 2011 2012 2013 2014 2015 Net income from payment services (Source: Report on the implementation of the annual business plan of the General Planning Department of BIDV Tien Giang [24]) Along with the technological development of the entire system, BIDV Tien Giang has a payment system with a fairly stable transaction processing speed, bringing many conveniences to customers. The results of observing chart 2.3 show that the income from payment services that the Branch has achieved has grown over the years but the speed is not high and the products are not outstanding compared to other banks. Domestic payment products such as: Online bill payment, electricity bills, water bills, insurance premiums, cable TV bills, telecommunications fees, airline tickets, etc. bring many conveniences to customers. Regarding international payment, this is an indispensable activity for foreign economic activities, BIDV Tien Giang is providing international payment methods for small enterprises producing agriculture, aquatic food and seafood that have credit relationships with banks in industrial parks in Tien Giang province such as: money transfer, collection, L/C payment. 2.2.1.2. Treasury services: BIDV Tien Giang always focuses on ensuring treasury safety and currency security, always complies with legal regulations, and minimizes risks in operations such as: counting and collecting money from customers, receiving and delivering internal transactions, collecting from the State Bank (SBV) or other credit institutions, receiving ATM funds, bundling money, etc. BIDV Tien Giang's treasury service management department is always fully equipped with modern machinery and equipment such as: money transport vehicles, fire prevention tools, money counters, money detectors, magnifying glasses, etc. to ensure absolute safety in treasury operations, immediately identifying real and fake money and other risks that may affect people and assets of the bank and customers. In addition, implementing regulation 2480/QC dated October 28, 2008 between the State Bank of Tien Giang province and the Provincial Police on coordination in the fight against counterfeit money, in the 3-year review of implementation, BIDV Tien Giang discovered, seized and submitted to the State Bank of Tien Giang province 475 banknotes of various denominations and was commended by the Provincial Police and the State Bank of Tien Giang province [17]. Chart 2.4. Net income from treasury services in the period 2011-2015 Unit: Million VND 350 300 250 200 150 100 50 0 105 122 309 289 279 2011 2012 2013 2014 2015 Net income from treasury services (Source: Report on the implementation of the annual business plan of the General Planning Department of BIDV Tien Giang [24]) However, as shown in Figure 2.4, income from treasury operations is not high and fluctuates. Specifically, in the period 2011-2013, net income increased and increased most sharply in 2013, then in the period 2013-2015, there was a downward trend. This fluctuation is due to the fact that fees collected from treasury services are often very low and can even be waived to attract customers to use other services. 2.2.1.3. Guarantee and trade finance services: BIDV Tien Giang, thanks to the advantages of the province and the favorable location of the Branch, has continuously focused on developing income from guarantee services and trade finance. Chart 2.5. Net income from guarantee and trade finance services in the period 2011-2015 Unit: Million VND 14000 12000 10000 8000 6000 4000 2000 0 5193 5695 2742 3420 8889 3992 11604 12206 5143 5312 2011 2012 2013 2014 2015 Net income from guarantee services Net income from Trade Finance (Source: Report on the implementation of the annual business plan of the General Planning Department of BIDV Tien Giang [24]) Through chart 2.5, we can see that BIDV Tien Giang's income from guarantee services and trade finance has grown over the years. The reason is: Among BIDV Tien Giang's corporate customers, the construction industry is the industry with the highest proportion of customers after the trading industry, this is a group of customers with potential to develop guarantee services. The second group of customers is corporate customers in the fields of agricultural production, livestock and seafood processing with high import and export turnover in the area. are the target of trade finance development. In addition, BIDV Tien Giang also focuses on continuously developing these customer groups to increase revenue for many other products and services in the future. 2.2.1.4. Card and POS services: As a service that BIDV Tien Giang has recently developed strongly, it can be said that this is a very potential market and has the ability to develop even more strongly in the future. Card services with outstanding advantages such as fast payment time, wide payment range, quite safe, effective and suitable for the integration trend and the Project to promote non-cash payments in Vietnam. Cards have become a modern and popular payment tool. BIDV Tien Giang early identified that developing card services is to expand the market to people in society, create capital mobilized from card-opened accounts, contribute to diversifying banking activities, enhance the image of the bank, bring the BIDV Tien Giang brand to people as quickly and easily as possible. BIDV Tien Giang is currently providing card types such as: credit cards (BIDV MasterCard Platinum, BIDV Visa Gold Precious, BIDV Visa Manchester United, BIDV Visa Classic), international debit cards (BIDV Ready Card, BIDV Manu Debit Card), domestic debit cards (BIDV Harmony Card, BIDV eTrans Card, BIDV Moving Card, BIDV-Lingo Co-branded Card, BIDV-Co.opmart Co-branded Card). These cards can be paid via POS/EDC or on the ATM system. In addition, with debit cards, customers can not only withdraw money via ATMs but also perform utilities such as mobile top-up, online payment, money transfer,... through electronic banking services. In order to attract customers with card services, BIDV Tien Giang has continuously increased the installation of ATMs. As of December 31, 2015, BIDV Tien Giang has 23 ATMs combined with 7 ATMs in the same system of BIDV My Tho, so the number of ATMs is quite large, especially in the center of My Tho City, but is not yet fully present in the districts. Basic services on ATMs such as withdrawing money, checking balances, printing short statements,... BIDV ATMs accept cards from banks in the system. Banknetvn and Smartlink, cards branded by international card organizations Union Pay (CUP), VISA, MasterCard and cards of banks in the Asian Payment Network. From here, cardholders can make bill payments for themselves or others at ATMs, by simply entering the subscriber number or customer code, booking code that service providers notify and make bill payments. Chart 2.6. Net income from card services in the period 2011-2015 Unit: Million VND 3500 3000 2500 2000 1500 1000 500 0 687 1023 1547 2267 3104 2011 2012 2013 2014 2015 Net income from card services (Source: Report on the implementation of the annual business plan of the General Planning Department of BIDV Tien Giang [24]) Through chart 2.6, it can be seen that BIDV Tien Giang's card service income is constantly growing because the Branch focuses on developing businesses operating in industrial parks, which are the source of customers for salary payment products, ATMs, BSMS. Specifically, there are companies such as Freeview, Quang Viet, Dai Thanh, which are businesses with a large number of card openings at the Branch, contributing to the increase in card service fees [25]. Table 2.6. Number of ATMs and POS machines in 2015 of some banks in Tien Giang area. Unit: Machine STT Bank name Number of ATMs Cumulative number of ATM cards POS machine 1 BIDV Tien Giang 23 97,095 22 2 BIDV My Tho 7 21,325 0 3 Agribank Tien Giang 29 115,743 77 4 Vietinbank Tien Giang 16 100,052 54 5 Dong A Tien Giang 26 97,536 11 6 Sacombank Tien Giang 24 88,513 27 7 Vietcombank Tien Giang 15 61,607 96 8 Vietinbank - Tay Tien Giang Branch 6 46,042 38 (Source: 2015 Banking Activity Data Report of the General and Internal Control Department of the Provincial State Bank [21]) Through table 2.6, the author finds that the number of ATMs of BIDV Tien Giang is not much, ranking fourth after Agribank Tien Giang, Dong A Tien Giang, Sacombank Tien Giang. The number of POS machines of BIDV Tien Giang is very small, only higher than Dong A Tien Giang and BIDV My Tho in the initial stages of merging the BIDV system. Besides, BIDV Tien Giang has a high number of cards increasing over the years (table 2.7) but the cumulative number of cards issued up to December 31, 2015 is still relatively low compared to Agribank, Vietcombank, Dong A (table 2.6). div.maincontent .content_head3 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .p { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; margin:0pt; } div.maincontent p { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; margin:0pt; } div.maincontent .s1 { color: black; font-family:"Courier New", monospace; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s2 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s3 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s4 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s5 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s6 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s7 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13.5pt; } div.maincontent .s8 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; } div.maincontent .s9 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; vertical-align: -2pt; } div.maincontent .s10 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; vertical-align: 5pt; } div.maincontent .s11 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; vertical-align: -5pt; } div.maincontent .s12 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; vertical-align: -3pt; } div.maincontent .s13 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9pt; vertical-align: -4pt; } div.maincontent .s14 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 7.5pt; } div.maincontent .s15 { color: black; font-family:"Times New Roman", serif; font-style: italic; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s16 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s17 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 9.5pt; } div.maincontent .s18 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -1pt; } div.maincontent .s19 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -5pt; } div.maincontent .s20 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -2pt; } div.maincontent .s21 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10pt; } div.maincontent .s22 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s23 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -3pt; } div.maincontent .s24 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -5pt; } div.maincontent .s25 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s26 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -4pt; } div.maincontent .s27 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -6pt; } div.maincontent .s28 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -1pt; } div.maincontent .s29 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 11.5pt; } div.maincontent .s30 { color: black; font-family:Calibri, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 11pt; } div.maincontent .s31 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 11pt; } div.maincontent .s32 { color: black; font-family:.VnTime, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 14pt; } div.maincontent .s33 { color: black; font-family:Cambria, serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; } div.maincontent .s34 { color: black; font-family:Cambria, serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 10.5pt; vertical-align: -4pt; } div.maincontent .s35 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 11.5pt; } div.maincontent .s36 { color: black; font-family:Arial, sans-serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 14pt; } div.maincontent .s37 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: bold; text-decoration: none; font-size: 13pt; } div.maincontent .s38 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 13pt; } div.maincontent .s39 { color: black; font-family:"Times New Roman", serif; font-style: normal; font-weight: normal; text-decoration: none; font-size: 15pt; } div.maincontent .s40 { color: black; font-family:"Times New Roman", serif; font-style: normal; fo
• Organizing Workshops, Training and Lectures to Disseminate and Share Network Resources and Teaching Methods Using IT
• Main Machinery and Equipment of the Company Used in Production and Business

At the same time, the development of Web services and related technologies such as Java, Javascipts has had many related security error messages such as: vulnerabilities that allow reading the content of user data files, some vulnerabilities allow DoS attacks, spam mail causing service interruption.

- 1998: The Melisa virus spread on the Internet through Microsoft's email programs, causing significant economic damage.

- 2000: A series of large Web Sites such as yahoo.com and ebay.com were paralyzed and stopped providing services for many hours due to DoS attacks.

1.1.2. Main vulnerabilities and network attack methods

1.1.2.1. Vulnerabilities

As presented above, security vulnerabilities on a system are weaknesses that can cause service disruption, add rights to users or allow unauthorized access to the system. Vulnerabilities can also be found in services such as sendmail, web, ftp... In addition, vulnerabilities also exist in the operating system itself such as Windows NT, Windows 95, UNIX or in applications that users frequently use such as word processing, database systems...

There are many different organizations that classify specific types of vulnerabilities. According to the US Department of Defense classification, security vulnerabilities on a system are divided as follows:

- Type C vulnerabilities: these vulnerabilities allow DoS (Denial of Service) attacks to be carried out. The level of danger is low, only affecting the quality of service, can cause system interruption and suspension; does not damage data or gain illegal access.

- Type B vulnerabilities: Vulnerabilities that allow users to gain additional rights on the system without performing validation checks, which can lead to loss or disclosure of security-required information. Medium risk level. These vulnerabilities are often found in applications on the system.

- Type A vulnerabilities: These vulnerabilities allow outside users to access the system illegally. This vulnerability is very dangerous and can destroy the entire system.

The following figure illustrates the risk levels and corresponding vulnerability types:

Figure 6.1: Types of security vulnerabilities and their severity

Below we will analyze some security vulnerabilities that commonly appear on networks and systems.

a) Class C vulnerabilities

Vulnerabilities of this type allow for DoS attacks.

DoS is a form of attack that uses Internet layer protocols in the TCP/IP protocol suite to cause the system to stall, leading to a situation of denying legitimate users access or use of the system. A large number of packets are sent to the server in a continuous period of time, causing the system to become overloaded, resulting in the server responding slowly or being unable to respond to requests sent from clients.

Services with vulnerabilities that allow DoS attacks can be upgraded or fixed with newer versions from service providers. Currently, there is no comprehensive solution to fix these vulnerabilities.

This type of vulnerability exists because the design of the Internet layer protocol (IP) in particular and the TCP/IP protocol suite itself contains the potential risks of these vulnerabilities.

Typical examples of DoS attacks are attacks on some large Web sites that cause their operations to be suspended, such as: www.ebay.com and www.yahoo.com.

However, the danger level of these types of vulnerabilities is classified as C, which is less dangerous because they only interrupt the system's service provision for a period of time without harming data and attackers do not gain illegal access to the system.

Another common type C vulnerability is a service vulnerability that allows an attack to crash the end user's system. This attack is mainly done using Web services. Suppose a Web Server has Web pages that contain Java or JavaScripts, which can crash the system of a Netscape Web browser user by following these steps:

- Write code to identify Web Browsers using Netscape.

- If you use Netscape, it will create an infinite loop, spawning countless windows, each of which connects to different Web Servers.

With this simple attack, the system can hang for 40 seconds (for a client with 64 MB RAM). This is also a DoS attack. The user in this case can only reboot the system.

Another common type C vulnerability in mail systems is the lack of anti-relay mechanisms that allow spam mail to be performed. As we know, the mechanism of email service is to save and forward. Some mail systems do not have authentication when users send mail, leading to the situation where attackers take advantage of these mail servers to perform spam mail. Spam mail is an action to paralyze the system's mail service by sending a large number of messages to an unknown address, because the mail server always has to spend energy to find unreal addresses, leading to service interruption. Messages can be generated from mail bomb programs that are very popular on the Internet.

b) Type B vulnerabilities:

This type of vulnerability is more dangerous than a type C vulnerability, allowing internal users to gain higher privileges or gain unauthorized access.

For example, in Figure 12, a type B vulnerability could exist for a UNIX system where the /etc/passwd file is in plaintext; without using the UNIX password masking mechanism (using the /etc/shadow file).

These types of vulnerabilities often appear in services on the system. A local user is understood as someone who has access to the system with certain permissions.

A class of program permission issues on UNIX also often cause type B vulnerabilities. Because on UNIX systems a program can be executed in two ways:

- The owner of that program activates it to run.

- The owner of the file has the rights to run it.

Another type of type B vulnerability occurs in programs written in C. C programs often use a buffer—a region of memory used to store data before it is processed. Programmers often use a buffer in memory before allocating a block of memory for each block of data. For example, a user might write a program that requires a user name field to be 20 characters long. So they would declare:

char first_name [20];

This declaration will allow the user to enter up to 20 characters. When entering data, the data is first stored in a buffer; if the user enters 35 characters, the buffer overflow will occur and the result is 15 extra characters will be in an uncontrolled location in memory. For attackers, this vulnerability can be exploited to enter special characters, to execute some special commands on the system. Usually, this vulnerability is often exploited by users on the system to gain invalid root privileges.

Tight control over system configuration and programs will limit type B vulnerabilities.

c) Type A vulnerabilities:

Type A vulnerabilities are very dangerous, threatening the integrity and security of the system. These vulnerabilities often appear in weakly managed systems or uncontrolled network configurations.

A common example is on many systems using Web Server is Apache, For this Web Server, the default directory to run scripts is often configured as cgi-bin; in which there is a pre-written Scripts to test the operation of Apache is test-cgi. For older versions of Apache (before version 1.1), there is the following line in the test-cgi file:

echo QUERY_STRING = $QUERY_STRING

The QUERY_STRING environment variable is not set with quotes, so when the client makes a request in which the sent string includes some special characters; for example the character "*", the web server will return the contents of the entire current directory (which are directories containing cgi scripts). The user can see the entire contents of the files in the current directory on the server system.

Another example is similar for Web servers running on Novell operating systems: these web servers have a script called convert.bas, running this script allows reading the entire content of files on the system.

These types of vulnerabilities are extremely dangerous because they already exist in the software used. If administrators do not have a deep understanding of the service and software used, they may overlook these weaknesses.

For older systems, it is often necessary to check the announcements of security newsgroups on the Internet to detect these types of vulnerabilities. A series of commonly used old versions of programs have type A vulnerabilities such as: FTP, Gopher, Telnet, Sendmail, ARP, finger...

1.1.2.2. Some common cyber attack methods

a) Scanner

Scanner is a program that automatically scans and detects security vulnerabilities on a local or remote workstation. With this function, a malicious user using the Scanner program can detect security vulnerabilities on a remote server.

Scanner programs usually have a common mechanism of scanning and detecting TCP/UDP ports used on a system to be attacked, thereby detecting the services used on that system. Then the scanner programs record the responses on the remote system corresponding to the services it detects. Based on this information, attackers can find weaknesses in the system.

The elements for a Scanner program to work are as follows:

- System and device requirements: A Scanner program can work if the environment supports TCP/IP (regardless of whether the system is UNIX, IBM-compatible, or Macintosh).

- The system must be connected to the Internet.

However, it is not simple to build a Scanner program, the attackers need to have deep knowledge of TCP/IP, knowledge of C programming, PERL and some shell programming languages. In addition, the programmer (or user) needs to have knowledge of socket programming, the operation method of client/server applications.

Scanner programs play an important role in a security system, as they are able to detect weaknesses in a network system. For network administrators, this information is extremely useful and necessary; for saboteurs, this information is extremely dangerous.

b) Password Cracker

A password cracker is a program that can decrypt an encrypted password or can disable the password protection of a system.

To understand how password cracking programs work, we need to understand how encryption is used to generate passwords. Most password encryption is created using an encryption method. Encryption programs use encryption algorithms to encrypt passwords.

The working process of the cracking programs is illustrated in the following figure:

Figure 6.2: How jailbreak programs work

According to the above diagram, a list of words is generated and encrypted for each word. After each encryption, the program will compare it with the encrypted password that needs to be cracked. If there is no match, the process is repeated. This cracking method is called brute-force.

Hardware factor: In the figure above, the computer that executes the cracking programs is a 66MHz or higher PC. In practice, very powerful hardware is required for professional crackers. An alternative method is to perform the cracking on a distributed system; thus reducing the hardware requirements compared to the single-machine method.

The principles of some cracking programs may be different. Some programs create a list of limited words, apply some encryption algorithms, from the results compare with the encrypted password that needs to be cracked to create another list according to the logic of the program, this method is not standard but quite fast because based on the principle when setting passwords, users often follow some rules for convenience when using.

In the final stage, if it matches the encrypted password, the cracker will have the plain text password. In the image above, the plain text password is written to a file.

To evaluate the success rate of cracking programs, we have the following formula:

P = L x R /S

In there:

P: Probability of success

L: Lifetime of a password R: Test speed

S: Password space = A M (M is password length)

For example, on UNIX systems it has been proven that if the password is longer than 8 characters, the probability of cracking is almost = 0. Specifically as follows:

If using about 92 possible password characters, the possible password space is S = 92 8

With a test speed of 1000 passwords per second, R = 1000/s, the life time of a password is 1 year.

We have the probability of success is:

P = 1x 365 x 86400 x 1000/92 8 = 1/1,000,000

So password cracking is impossible because it would take about 100 years to find the correct password.

Usually, cracking programs often combine some other information in the password detection process such as:

- Information in the /etc/passwd file

- Some dictionaries

- Repeated words and sequentially listed words, changing the pronunciation of a word...

The remedy for this type of attack is to establish a proper password protection policy.

c) Trojans

Based on the ancient Greek myth of the Trojan Horse, Trojans are programs that run on a system in a way that looks like a legitimate program. These programs perform functions that are not intended or legitimate by the system's users. Typically, Trojans are run because legitimate programs have had their code modified with illegal code.

Virus programs are a typical type of Trojans. Virus programs hide code within legitimate programs.

When these programs are activated, hidden codes are executed to perform certain functions without the user's knowledge.

A standard definition of Trojans is as follows: a trojan is a program that performs a task without the user's prior knowledge, such as stealing passwords or copying files without the user's knowledge.

The authors of trojan programs build a plan. In terms of Internet security, a trojan program will do one of the following:

- Perform some functions or help programmers detect important or personal information on a system or some components of that system

- Hide some functions or help programmers detect important or personal information on a system or some components of that system

Some trojans can perform both of these functions. In addition, some trojans can also destroy the system by corrupting information on the hard drive (for example, the case of the Melissa virus spread through e-mail).

Nowadays with many new techniques, these types of trojan programs are easily detected and are not able to take effect. However, in UNIX, the development of trojan programs is still very popular.

Trojan programs can spread through many methods, operating on many different operating system environments (from Unix to Windows, DOS). In particular, trojans often spread through some popular services such as Mail, FTP... or through free utilities and programs on the Internet.

It is difficult to assess the impact of trojans. In some cases, it is as simple as affecting customer access, such as trojans that steal the contents of passwd files and send emails to the attacker. The simplest fix is ​​to replace the entire contents of the programs that are affected by the trojans and replace the passwords of system users.

However, in more serious cases, attackers create security holes through trojans programs. For example, attackers gain root access to the system and exploit it to destroy all or part of the system. They use root access to change logfiles, install other trojans programs that the administrator cannot detect. In this case, the level of impact is serious and the system administrator has no choice but to reinstall the entire system.

d) Sniffer

For system security, sniffers are understood as tools (can be hardware or software) that "capture" information flowing on the network and from