Professional Documents
Culture Documents
Bai Giang Mon Mang May Tinh
Bai Giang Mon Mang May Tinh
Bai Giang Mon Mang May Tinh
GII THIU MN HC
Mc ch ca mn hc
Kin thc c bn v mng my tnh M hnh tham kho OSI M hnh TCP/IP
GII THIU MN HC
Ni dung mn hc
Chng 1: Tng quan v mng my tnh Chng 2: Cu trc ca mng Chng 3: Phng tin truyn dn v thit b mng Chng 4: Data link Chng 5: TCP/IP Chng 6: Khi nim c bn v bo mt mng Bi tp
3
CHNG 1:
TNG QUAN V MNG MY TNH Khi nim v mng my tnh ng dng ca mng my tnh Phn loi mng my tnh M hnh OSI
802.3 Ethernet
LANs
10
11
12
Mng khng dy
14
Internet
Mt h thng mng ca cc my tnh c kt ni vi nhau qua h thng vin thng trn phm vi ton th gii trao i thng tin.
15
16
M hnh OSI
17
M hnh OSI
18
M hnh OSI
19
M hnh OSI
Truyn dn nh phn
Dy, u ni, in p Tc truyn d liu Phng tin truyn dn Ch truyn dn (simplex, half-duplex, full-duplex)
20
M hnh OSI
iu khin lin kt, truy xut ng truyn ng Frame Ghi a ch vt l iu khin lung Kim sot li, thng bo li
21
M hnh OSI
a ch mng v xc nh ng i tt nht Tin cy a ch lun l, topo mng nh tuyn (tm ng i) cho gi tin
22
M hnh OSI
Kt ni end-to-end Vn chuyn gia cc host Vn chuyn tin cy Thit lp, duy tr, kt ni cc mch o Pht hin li, phc hi thng tin v iu khin lung
23
M hnh OSI
Truyn thng lin host Thit lp, qun l v kt thc cc phin gia cc ng dng
24
M hnh OSI
Trnh by d liu nh dng d liu Cu trc d liu M ha Nn d liu
25
M hnh OSI
Cc qu trnh mng ca ng dng Xc nh giao din gia ngi s dng v mi trng OSI Cung cp cc dch v mng cho cc ng dng nh email, truyn file
26
M hnh OSI
Nhng lp ny ch tn ti trong my tnh ngun v my tnh ch
27
M hnh OSI
Nhng lp ny qun l thng tin di chuyn trong mng LAN hoc WAN gia my tnh ngun v my tnh ch
28
29
30
31
Broadcast (mt im - nhiu im): tt c cc trm phn chia chung mt ng truyn vt l{.
32
33
u im
Hn ch
Hn ch
Chi ph thc hin cao Phc tp Khi mt my c s c th c th nh hng n cc my tnh khc
35
Hn ch
Khi hub khng lm vic, ton mng cng s khng lm vic S dng nhiu cp
36
C iu khin
Giao thc dng th bi vng (Token Ring) Giao thc dng th bi cho dng ng thng (Token Bus)
37
38
39
40
CHNG 3: PHNG TIN TRUYN DN V CC THIT B LIN KT MNG Mi trng truyn dn Phng tin truyn dn Cc thit b lin kt mng
41
Mi trng truyn dn
L phng tin vt l{ cho php truyn ti tn hiu gia cc thit b. Hai loi phng tin truyn dn chnh:
Hu tuyn V tuyn
42
43
44
Cp ng trc (coaxial)
Cu to Phn loi
Thinnet/Thicknet Baseband/ Broadband
Thng s k thut
Chiu di cp Tc truyn Nhiu Lp t/bo tr Gi thnh Kt ni
45
46
47
Gii thiu
48
Phng thc bm Cp
Gii thiu
49
Phn loi
Multimode stepped index Multimode graded index Single mode (mono mode)
Thng s k thut
Chiu di cp Tc truyn Nhiu Lp t/bo tr Gi thnh Kt ni
Lp ph
Li
Lp m
50
51
Thng s c bn ca cc loi cp
52
Wireless
Wireless? Cc k thut
Radio Microwave Infrared Lightwave
53
Radio
c im
Tn s Thit b: antenna, transceiver
Phn loi
Single-Frequency
Low power High power
Spread-Spectrum
Direct-sequence modulation Frequency-hopping
54
c im Phn loi
Terrestrial Microwave Satellite Microwave
Thng s
55
Thng s
56
Lightwave
57
59
Card mng
Kt ni gia my tnh v cp mng pht hoc nhn d liu vi cc my tnh khc thng qua mng. Kim sot lung d liu gia my tnh v h thng cp. Mi NIC (Network Interface Adapter Card) c mt m duy nht gi l a ch MAC (Media Access Control). MAC address c 6 byte, 3 byte u l m s nh sn xut, 3 byte sau l s serial ca card.
60
Card mng
61
Modem
L tn vit tt ca hai t iu ch (MOdulation) v gii iu ch (DEModulation). iu ch tn hiu s (Digital) sang tn hiu tng t (Analog) gi theo ng in thoi v ngc li. C 2 loi l Internal v External.
62
Modem
63
64
65
Hub (b tp trung)
Chc nng nh Repeater nhng m rng hn vi nhiu u cm cc u cp mng. To ra im kt ni tp trung ni mng theo kiu hnh sao. Tn hiu c phn phi n tt c cc kt ni. C 3 loi Hub: th ng, ch ng, thng minh.
66
Hub (b tp trung)
Hub th ng (Passive Hub): ch m bo chc nng kt ni, khng x l{ li tn hiu. Hub ch ng (Active Hub): c kh nng khuch i tn hiu chng suy hao. Hub thng minh (Intelligent Hub): l Hub ch ng nhng c thm kh nng to ra cc gi tin thng bo hot ng ca mnh gip cho vic qun tr mng d dng hn.
67
Hub (b tp trung)
68
69
Bridge
Hub
Hub
70
71
72
73
Router (B nh tuyn)
Dng ghp ni cc mng cc b li vi nhau thnh mng rng. La chn ng i tt nht cho cc gi tin hng ra mng bn ngoi. Hot ng ch yu lp Network. C 2 phng thc nh tuyn chnh:
nh tuyn tnh: cu hnh cc ng c nh v ci t cc ng i ny vo bng nh tuyn. nh tuyn ng:
Vect khong cch: RIP, IGRP, EIGRP, BGP Trng thi ng lin kt: OSPF
74
Router (B nh tuyn)
75
77
iu khin lung
L k thut nhm m bo rng bn pht khng lm trn d liu bn nhn Hai phng php c s dng:
Phng php dng v ch (Stop and Wait)
n gin nht, Km hiu qu, ch c mt khung tin c truyn ti mt thi im
Khng hiu qu
Bn nhn c th dng qu trnh truyn bng cch khng gi khung tin xc nhn Ti mt thi im ch c mt khung tin trn ng truyn chm Trng hp rng ca knh truyn ln hn rng ca khung tin th n t ra cc kz km hiu qu.
79
80
81
Pht hin li
L{ do mt hay nhiu bit thay i trong khung tin c truyn:
Tn hiu trn ng truyn b suy yu Tc truyn Mt ng b
Vic pht hin ra li khc phc, yu cu pht li l cn thit v v cng quan trng trong truyn d liu.
83
84
85
88
89
90
91
X l{ li
Li: Mt khung, hng khung Kim sot li:
Pht hin li Bo nhn: khung tin tt Truyn li khi ht thi gian nh trc Bo nhn: khung tin li v truyn li
92
93
94
95
Reject hng:
A time-out, A gi RR vi P=1 cho n khi nhn c RRi t B th A s gi li khung i
96
97
99
CHNG 5: TCP/IP
Khi nim v TCP v IP M hnh tham chiu TCP/IP So snh OSI v TCP/IP Cc giao thc trong m hnh TCP/IP Chuyn i gia cc h thng s a ch IP v cc lp a ch NAT Mng con v k thut chia mng con Bi tp
100
101
102
Lp ng dng
Kim sot cc giao thc lp cao, cc ch v trnh by, biu din thng tin, m ha v iu khin hi thoi. c t cho cc ng dng ph bin.
103
Lp vn chuyn
Cung ng dch v vn chuyn t host ngun n host ch. Thit lp mt cu ni lun l gia cc u cui ca mng, gia host truyn v host nhn.
104
Lp Internet
Mc ch ca lp Internet l chn ng i tt nht xuyn qua mng cho cc gi d liu di chuyn ti ch. Giao thc chnh ca lp ny l Internet Protocol (IP).
105
106
Khc nhau
TCP/IP gp lp trnh by v lp phin vo lp ng dng. TCP/IP gp lp vt l v lp lin kt d liu vo lp truy nhp mng. TCP/IP n gin v c t lp hn. OSI khng c khi nim chuyn pht thiu tin cy lp 4 nh UDP ca TCP/IP
107
108
Lp ng dng
FTP (File Transfer Protocol): l dch v c to cu ni, s dng TCP truyn cc tp tin gia cc h thng. TFTP (Trivial File Transfer Protocol): l dch v khng to cu ni, s dng UDP. c dng trn router truyn cc file cu hnh v h iu hnh. NFS (Network File System): cho php truy xut file n cc thit b lu tr xa nh mt a cng qua mng. SMTP (Simple Mail Transfer Protocol): qun l{ hot ng truyn e-mail qua mng my tnh.
109
Lp ng dng
Telnet (Terminal emulation): cung cp kh nng truy nhp t xa vo my tnh khc. Telnet client l host cc b, telnet server l host xa. SNMP (Simple Network Management): cung cp mt phng php gim st v iu khin cc thit b mng. DNS (Domain Name System): thng dch tn ca cc min (Domain) v cc node mng c cng khai sang cc a ch IP.
110
111
Lp vn chuyn
TCP v UDP (User Datagram Protocol):
Phn on d liu ng dng lp trn. Truyn cc segment t mt thit b u cui ny n thit b u cui khc
112
113
114
Lp Internet
IP: khng quan tm n ni dung ca cc gi nhng tm kim ng dn cho gi ti ch. ICMP (Internet Control Message Protocol): em n kh nng iu khin v chuyn thng ip. ARP (Address Resolution Protocol): xc nh a ch lp lin kt s liu (MAC address) khi bit trc a ch IP. RARP (Reverse Address Resolution Protocol): xc nh cc a ch IP khi bit trc a ch MAC.
115
Identification
Time to live
Protocol
Header checksum
ARP
Host A ARP Request - Broadcast to all hosts What is the hardware address for IP address 128.0.10.4?
SIEMENS NIXDORF
ARP Reply
SIEMENS NIXDORF SIEMENS NIXDORF
117
RARP
118
120
121
110010012
122
123
A 1 1 0 0
B 1 0 1 0
A and B 1 0 0 0
124
a ch IP v cc lp a ch
a ch IP l a ch c cu trc vi mt con s c kch thc 32 bit, chia thnh 4 phn mi phn 8 bit gi l octet hoc byte. V d:
172.16.30.56 10101100 00010000 00011110 00111000. AC 10 1E 38
125
a ch IP v cc lp a ch
a ch host l a ch IP c th dng t cho cc interface ca cc host. Hai host nm cng mt mng s c network_id ging nhau v host_id khc nhau. Khi cp pht cc a ch host th lu { khng c cho tt c cc bit trong phn host_id bng 0 hoc tt c bng 1. a ch mng (network address): l a ch IP dng t cho cc mng. Phn host_id ca a ch ch cha cc bit 0. V d: 172.29.0.0 a ch Broadcast: l a ch IP c dng i din cho tt c cc host trong mng. Phn host_id ch cha cc bit 1. V d: 172.29.255.255.
126
Cc lp a ch IP
Khng gian a ch IP c chia thnh 5 lp (class) A, B, C, D v E. Cc lp A, B v C c trin khai t cho cc host trn mng Internet, lp D dng cho cc nhm multicast, cn lp E phc v cho mc ch nghin cu.
127
Lp A (Class A)
Dnh 1 byte cho phn network_id v 3 byte cho phn host_id.
128
Lp A (Class A)
Bit u tin ca byte u tin phi l bit 0. Dng nh phn ca octet ny l 0xxxxxxx Nhng a ch IP c byte u tin nm trong khong t 0 (=00000000(2)) n 127 (=01111111(2)) s thuc lp A. V d: 50.14.32.8.
129
Lp A (Class A)
Byte u tin ny cng chnh l network_id, tr i bit u tin lm ID nhn dng lp A, cn li 7 bit nh th t cc mng, ta c 128 (=27 ) mng lp A khc nhau. B i hai trng hp c bit l 0 v 127. Kt qu l lp A ch cn 126 a ch mng, 1.0.0.0 n 126.0.0.0.
130
Lp A (Class A)
Phn host_id chim 24 bit, ngha l c 224 = 16777216 host khc nhau trong mi mng. B i hai trng hp c bit (phn host_id cha ton cc bit 0 v bit 1). Cn li: 16777214 host. V d i vi mng 10.0.0.0 th nhng gi tr host hp l l 10.0.0.1 n 10.255.255.254.
131
Lp B (Class B)
Dnh 2 byte cho phn network_id v 2 byte cho phn host_id.
132
Lp B (Class B)
Hai bit u tin ca byte u tin phi l 10. Dng nh phn ca octet ny l 10xxxxxx Nhng a ch IP c byte u tin nm trong khong t 128 (=10000000(2)) n 191 (=10111111(2)) s thuc v lp B V d: 172.29.10.1 .
133
Lp B (Class B)
Phn network_id chim 16 bit b i 2 bit lm ID cho lp, cn li 14 bit cho php ta nh th t 16384 (=214) mng khc nhau (128.0.0.0 n 191.255.0.0).
134
Lp B (Class B)
Phn host_id di 16 bit hay c 65536 (=216) gi tr khc nhau. Tr i 2 trng hp c bit cn li 65534 host trong mt mng lp B. V d i vi mng 172.29.0.0 th cc a ch host hp l l t 172.29.0.1 n 172.29.255.254.
135
Lp C (Class C)
Dnh 3 byte cho phn network_id v 1 byte cho phn host_id.
136
Lp C (Class C)
Ba bit u tin ca byte u tin phi l 110. Dng nh phn ca octet ny l 110xxxxx Nhng a ch IP c byte u tin nm trong khong t 192 (=11000000(2)) n 223 (=11011111(2)) s thuc v lp C. V d: 203.162.41.235
137
Cc lp a ch IP
138
Cc lp a ch IP
139
a ch dnh ring
140
Cc lp a ch IP
a ch mng
141
Cc lp a ch IP
a ch broadcast
142
Cc lp a ch IP
Lp
A B C D E
Byte u tin
0xxxxxxx 10xxxxxx 110xxxxx 1110xxxx 11110xxx
143
144
NAT
a ch cc b bn trong (Inside local address): a
ch c phn phi cho cc host bn trong mng ni b.
a ch hp php c cung cp bi InterNIC (Internet Network Information Center) hoc nh cung cp dch v Internet, i din cho mt hoc nhiu a ch ni b bn trong i vi th gii bn ngoi. ch ring ca host nm bn ngoi mng ni b.
145
NAT
146
NAT
phn cn li ca Internet mng cc b (vd: mng gia nh) 10.0.0.0/24
10.0.0.4 138.76.29.7 10.0.0.3 10.0.0.1
10.0.0.2
Tt c datagram i ra khi mng cc b c cng mt a ch IP NAT l: 138.76.29.7, vi cc s hiu cng ngun khc nhau
147
NAT
Mng cc b ch dng 1 a ch IP i vi bn ngoi: khng cn thit dng 1 vng a ch t ISP: ch cn 1 cho tt c cc thit b c th thay i a ch cc thit b trong mng cc b m khng cn thng bo vi bn ngoi c th thay i ISP m khng cn thay i a ch cc thit b trong mng cc b cc thit b trong mng cc b khng nhn thy, khng nh a ch r rng t bn ngoi (tng cng bo mt)
148
NAT
Hin thc: NAT router phi:
cc datagram i ra: thay th (a ch IP v s hiu cng ngun) mi datagram i ra bn ngoi bng (a ch NAT IP v s hiu cng ngun mi)
ghi nh (trong bng chuyn i NAT) mi cp chuyn i (a ch IP v s hiu cng ngun) sang (a ch NAT IP v s hiu cng ngun mi) cc datagram i n: thay th (a ch NAT IP v s hiu cng ngun mi) trong cc trng ch ca mi datagram n vi gi tr tng ng (a ch IP v s hiu cng ngun) trong bng NAT
. . . cc clients/servers xa s dng (a ch NAT IP v s hiu cng ngun mi) nh a ch ch
149
NAT
2: NAT router thay i a ch t 10.0.0.1, 3345 -> 138.76.29.7, 5001 cp nht bng bng chuyn i NAT a ch pha WAN a ch pha LAN
1
10.0.0.4
S: 128.119.40.186, 80 D: 10.0.0.1, 3345
10.0.0.1
10.0.0.2
138.76.29.7
S: 128.119.40.186, 80 D: 138.76.29.7, 5001
10.0.0.3 4: NAT router thay i a ch datagram ch t 138.76.29.7, 5001 -> 10.0.0.1, 3345
150
NAT
Trng s hiu cng 16-bit:
Cho php 60000 kt ni ng thi ch vi mt a ch pha WAN
Mng con
152
Mng con
153
154
Lp A: 22 (= 24 2) bit -> chia c 222 = 4194304 mng con Lp B: 14 (= 16 2) bit -> chia c 214 = 16384 mng con Lp C: 06 (= 8 2) bit -> chia c 26 = 64 mng con
155
156
Mt s khi nim mi
a ch mng con (a ch ng mng): gm c phn network_id v subnet_id, phn host_id ch cha cc bit 0 a ch broadcast trong mt mng con: tt c cc bit trong phn host_id l 1. Mt n mng con (subnet mask): tt c cc bit trong phn host_id l 0, cc phn cn li l 1.
157
Quy c ghi a ch IP
Nu c a ch IP nh 172.29.8.230 th cha th bit c host ny nm trong mng no, c chia mng con hay khng v c nu chia th dng bao nhiu bit chia. Chnh v vy khi ghi nhn a ch IP ca mt host, phi cho bit subnet mask ca n V d: 172.29.8.230/255.255.255.0 hoc 172.29.8.230/24 (c ngha l dng 24 bit u tin cho NetworkID).
158
Bi tp 1
Cho a ch IP sau: 172.16.0.0/16. Hy chia thnh 8 mng con v c ti thiu 1000 host trn mi mng con .
160
Bc 2: S bit cn mn
Cn mn bao nhiu bit:
N = 3, bi v:
S mng con c th: 23 = 8. S host ca mi mng con c th: 2(163) 2 = 213 - 2 > 1000.
hay 255.255.224.0
162
Bc 3: Xc nh vng a ch host
10101100.00010000.00000000.00000001 n ST SubnetID 10101100.00010000.00000000.00000000 Vng HostID Broadcast 10101100.00010000.00011111.11111111 10101100.00010000.00011111.11111110
T 1 2 7 8 172.16.0.0 172.16.32.0 172.16.192.0 172.16.224.0 172.16.0.1 172.16.31.254 172.16.32.1 172.16.63.254 172.16.31.255 172.16.63.255
10101100.00010000.00111111.11111111 10101100.00010000.00100000.00000000
163
Bi tp 2
Cho 2 a ch IP sau: 192.168.5.9/28 192.168.5.39/28
Hy cho bit cc a ch network, host ca tng IP trn? Cc my trn c cng mng hay khng ? Hy lit k tt c cc a ch IP thuc cc mng va tm c?
164
a ch IP th nht: 192.168.5.9/28
Ch {: 28 l s bit dnh cho NetworkID y l IP thuc lp C Subnet mask mc nhin: 255.255.255.0
IP (thp 192 168 5 9 phn) IP (nh 11000000 10101000 00000101 00001001 phn)
165
IP
Subnet 11111111 11111111 11111111 11110000 mask Kt qu 11000000 10101000 00000101 00000000 AND
166
192
168
5
00001001
0 9
167
a ch IP th hai: 192.168.5.39/28
IP 192 168 5 39
11000000 10101000 00000101 00100111 11111111 11111111 11111111 11110000 11000000 10101000 00000101 00100000 192 168 5 32 7
168
Net ID ca a ch th 1 Net ID ca a ch th 2
192 192
168 168
5 5
0 32
169
Lit k tt c cc a ch IP
Mng tng ng vi IP
Vng a ch HostID vi dng nh phn
11000000.10101000.00000101.00000001
Bi tp 3
Hy xt n mt a ch IP class B, 139.12.0.0, vi subnet mask l 255.255.0.0. Mt Network vi a ch th ny c th cha 65534 nodes hay computers. y l mt con s qu ln, trn mng s c y broadcast traffic. Hy chia network thnh 5 mng con.
171
Bc 1: Xc nh Subnet mask
Bc 2: Lit k ID ca cc Subnet mi
11111111.11111111.11100000.00000000
255.255.224.0
173
NetworkID ca bn Subnets mi
TT 1 2 3
4
5
10001011.00001100.01100000.00000000
10001011.00001100.10000000.00000000
139.12.96.0/19
139.12.128.0/19
174
4
5
Bi tp 4
Cho a ch IP: 102.16.10.107/12 Tm a ch mng con? a ch host Di a ch host c cng mng vi IP trn? Broadcast ca mng m IP trn thuc vo?
178
179
Tr li cu hi 1: a ch mng con?
Xt byte k tip l: 16 (10) 00010000 (2) Khi AND byte ny vi Subnet mask, ta c kt qu l: 00010000 (2) Nh vy a ch mng con s l:
102.16.0.0/12
Nh vy a ch host s l:
0.10.107
180
Tr li cu hi 2: Di a ch host? Broadcast?
Di a ch host s t:
(hay 102.16.0.1/12)
n:
(hay 102.31.255.254/12)
Broadcast:
102.31.255.255/12
181
Bi tp 5: Cho IP 172.19.160.0/21
Chia lm 4 mng con Lit k cc thng s gm a ch mng, dy a ch host, a ch broadcast ca cc mng con
182
Gii BT 5
Chia lm 4 mng con nn phi mn 2 bit Do /21 nn 2 byte u tin ca IP cho khng thay i. Xt byte th 3 160 = 10100000(2) Phn 2 bit 00 l ni ta mn lm subnet
183
Gii BT 5 (tt)
Xt byte th 3 Mng con th 1: 10100000(2) Mng con th 2: 10100010(2) Mng con th 3: 10100100(2) Mng con th 4: 10100110(2)
184
Gii BT 5 (tt)
a ch mng
172.19.160.0
Di a ch host
172.19.160.1 n 172.19.161.254
a ch broadcast
172.19.161.255
172.19.162.0
172.19.162.1 n 172.19.163.254
172.19.164.1 n 172.19.165.254 172.19.166.1 n 172.19.167.254
172.19.163.255
172.19.164.0
172.19.165.255
172.19.166.0
172.19.167.255
185
Bi tp 6: Cho IP 172.16.192.0/18
Chia lm 4 mng con Lit k cc thng s gm a ch mng, dy a ch host, a ch broadcast ca cc mng con
186
Gii BT 6
Chia lm 4 mng con nn phi mn 2 bit Do /18 nn 2 byte u tin ca IP cho khng thay i. Xt byte th 3 192 = 11000000(2) Phn 2 bit 00 l ni ta mn lm subnet
187
Gii BT 6 (tt)
Xt byte th 3 Mng con th 1: 11000000(2) Mng con th 2: 11010000(2) Mng con th 3: 11100000(2) Mng con th 4: 11110000(2)
188
Gii BT 6 (tt)
a ch mng
172.16.192.0
Di a ch host
172.16.192.1 n 172.16.207.254
a ch broadcast
172.16.207.255
172.16.208.0
172.16.208.1 n 172.16.223.254
172.16.224.1 n 172.16.239.254 172.16.240.1 n 172.16.255.254
172.16.223.255
172.16.224.0
172.16.239.255
172.16.240.0
172.16.255.255
189
CHNG 6: BO MT MNG
Hiu cc nguyn l{ ca bo mt mng:
mt m chng thc tnh ton vn kha phn b
Bo mt trong thc t:
cc firewall bo mt trong cc lp application, transport, network, data-link
190
Bo mt mng l g?
S bo mt: ch c ngi gi, ngi nhn mi hiu c ni dung thng ip
191
Cc i tng cn bo mt
Trnh duyt Web/server cho cc giao dch in t Client/Server ngn hng trc tuyn DNS servers Cc router trao i thng tin cp nht bng routing .v.v.
192
K xu c th lm nhng vic g?
nghe ln: ngn chn cc thng ip kch hot chn cc thng ip vo trong kt ni gi danh: c th gi mo a ch ngun trong gi (hoc bt kz trng no trong ) cp: tip tc kt ni hin hnh nhng thay ngi gi hoc ngi nhn bng chnh h t chi dch v: dch v hin ti b ngi khc dng (ng ngha qu ti) .v.v.
193
Cc nguyn l m ha
K
kha m ca Alice
vn bn gc
gii thut vn bn m ha m ha
Hacker
kha i xng: kha bn gi v bn nhn ging nhau kha cng cng: kha m chung, kha gii m b mt (ring)
194
M ha kha i xng
mt m thay th: thay th ny thnh th khc
m ha k{ t n: thay th tng k{ t mt
vn bn gc: vn bn m ha: v d: abcdefghijklmnopqrstuvwxyz mnbvcxzasdfghjklpoiuytrewq
vn bn gc: Bob. i love you. Alice m ha thnh: nko. s gktc wky. mgsbc
lm cho DES bo mt hn: dng 3 kha tun t (3-DES) trong mi datum dng c ch lin kt khi m
196
hon v u tin 16 vng ging nhau, mi vng dng kha 48 bit khc nhau hon v cui cng
197
198
199
1 cn
khng th 2 cho kha cng cng K , phi B tnh ton ra c kha ring K B
S chng thc
Mc tiu: Bob mun Alice chng thc nhn dng ca c i vi anh ta
M t cch thc hin thc: Alice ni Ti l Alice Ti l Alice Tht bi s xy ra??
201
S ton vn
Ch k{ s: K thut m ha tng t nh cc ch
k{ bng tay. ngi gi (Bob) nh du (s ha) ti liu, thit lp thuc tnh l ngi s hu/to lp ti liu. c th kim tra, khng th lm gi: ngi nhn (Alice) c th chng thc vi ngi khc l ch c Bob ch ngoi ra khng c ai (k c Alice) k{ trn ti liu .
202
Ch k{ s
Ch k{ s n gin cho thng ip m:
Bob k{ m bng cch m ha vi kha ring ca anh y KB, to thng ip c k{, KB(m)
thng ip ca Bob, m
Dear Alice
Oh, how I have missed you. I think of you all the time! (blah blah blah)
K B kha ring ca
Bob
K B (m)
thng ip ca Bob l m, k (m ha) vi kha ring ca anh y
Bob
203
Ch k{ s (tt)
Gi s Alice nhn c m, vi ch k{ s ha l KB(m) Alice kim tra m c k{ bi Bob bng cch p dng kha cng cng ca Bob l KB cho KB(m) sau + kim-tra KB(KB(m) ) + = m. - ) = m, bt c ai k{ m phi dng kha ring Nu KB+ (KB(m) ca Bob Alice kim tra: Bob k{ m. Khng c ai khc k{ m. Bob k{ m v khng k{ m. Khng th ph nhn: Alice c th gi m v ch k{ KB(m) chng thc rng Bob k{ m.
204
Tnh ton cc thng ip di c chi ph t Mc tiu: du tay s ha c kch thc c nh, d tnh ton c p dng hm bm H vo m, tnh c phn loi thng ip kch thc c nh, H(m).
H: hm bm
H(m)
Cc c tnh hm bm: nhiu-mt sinh ra phn loi thng ip kch thc c nh (du tay) cho phn loi thng ip x, khng th tnh ton tm m dng x = H(m)
205
Gii php:
Trung tm phn b kha (key distribution center-KDC) c tin cy hot ng trung gian gia cc thc th
Vn kha cng cng: Khi Alice ly c kha cng cng ca Bob (t web site, email, a) lm sao bit kha cng cng ca Bob ch khng phi ca Hacker? Gii php: ni cp chng ch (certification authorityCA) c tin cy
206
Cp chng ch
Certification authority (CA): gn kt kha cng cng vi thc th E no . E (ngi, router) ng k{ kha cng cng ca h vi CA.
E cung cp bng chng nhn dng cho CA. CA to ra chng ch rng buc E vi kha cng cng ca n. chng ch cha kha cng cng ca E c k{ s bi CA CA ni y l kha cng cng ca E
kha cng cng ca Bob
KB
ch k s ( m ha)
kha ring CA
K CA
M t chng ch
S th t (duy nht) thng tin v ngi s hu chng ch, bao gm gii thut v chnh gi tr kha (khng hin th ra)
pht hnh chng ch ngy kim tra tnh hp l ch k s bi ngi pht hnh chng ch
208
S dng chng ch
Gii m &
Ti liu Xc nhn ch k
key
Chng nhn Yu cu cp K X.509 chng nhn theo & Chun X.509 M ha Ti Public liuThng tin Private key key
209
S dng chng ch
Kha b mt b
B !
CA
Hy Chng nhn b HY vo 25/3/2009 3:10:22 Cn chng thc giao dch giy chng nhn
Private key
210
Cc Firewall-Tng la
firewall
c lp mng ni b ca t chc vi Internet, cho php mt s gi c truyn qua, ngn chn cc gi khc
211
Service (DoS):
SYN flooding: k tn cng thit lp nhiu kt ni TCP o, khng cn ti nguyn cho cc kt ni tht
liu ni b.
mc ng dng lc gi tin
212
Lc gi tin
mng ni b kt ni vi Internet thng qua router firewall router lc tng gi mt, xc nh chuyn tip hoc b cc gi da trn:
a ch IP ngun, a ch IP ch cc s hiu port TCP/UDP ngun v ch kiu thng ip ICMP cc bit TCP SYN v ACK
213
Lc gi tin
V d 1: chn cc datagram n v i vi trng giao thc IP = 17 v port ngun hoc ch = 23. Tt c cc dng UDP n/i v cc kt ni telnet u b chn li. V d 2: chn cc on Block TCP vi ACK=0. Ngn chn cc client bn ngoi to cc kt ni TCP vi cc client bn trong, nhng cho php cc client bn trong kt ni ra ngoi.
214
Cc ng dng gateway
phin telnet t host n gateway
Lc cc gi trn d liu ng dng cng nh cc trng IP/TCP/UDP. V d: cho php chn cc user bn trong c telnet ra ngoi.
application gateway
router v lc
1. yu cu tt c cc user phi telnet thng qua gateway 2. vi cc user c cp php, gateway thit lp kt ni vi host ch. gateway tip vn d liu gia 2 kt ni. 3. Router lc v chn tt c cc kt ni telnet khng xut pht t gateway.
215
Cc hn ch ca cc firewall v gateway
gi mo IP: router khng cc lc thng dng tt c th bit d liu c thc s hoc khng c chnh sch n t ngun tin cy hay no dnh cho UDP khng s cn bng: mc nu nhiu ng dng cn truyn thng vi bn i x c bit, mi ci s ngoi v s an ton hu gateway ring nhiu site bo v mc cao phn mm client phi bit vn phi chu ng s tn cch tip xc vi gateway. cng
v d: phi thit lp a ch IP ca proxy trong trnh duyt Web
216
Cc mi e da bo mt Internet
Packet sniffing: Nghe ngng gi
NIC promiscuous (hn tp) c tt c cc gi chuyn qua n C th c tt c cc d liu c m ha (nh mt khu) V d: C nghe ngng cc gi ca B
A C
src:B dest:A
payload
B
218
Cc mi e da bo mt Internet
Packet sniffing: Bin php i ph
Tt c cc host trong t chc chy phn mm kim tra nh kz xem host c ch promiscuous 1 host mi on ca phng tin truyn thng
A
C
src:B dest:A
payload
219
Cc mi e da bo mt Internet
IP Spoofing (gi mo IP):
C th sinh ra cc gi IP th trc tip t ng dng, gn gi tr bt kz vo trng a ch IP ngun Bn nhn khng th xc nh ngun b gi mo V d: C gi mo l B
A C
src:B dest:A
payload
B
220
Cc mi e da bo mt Internet
IP Spoofing: lc quyn vo
Router s khng chuyn tip cc gi i vi trng hp cc a ch ngun khng hp l Tuyt vi, nhng lc nh th khng th p dng cho tt c cc mng
A C
src:B dest:A
payload
B
221
Cc mi e da bo mt Internet
Denial of Service (DoS):
Gy ra ngp lt bng cc gi sinh ra bi { xu cho bn nhn Distributed DOS (DDoS): nhiu ngun phi hp lm ngp lt bn nhn V d: C v cc host xa tn cng SYN A
A
SYN SYN SYN
C
SYN SYN
B
SYN SYN
222
Cc mi e da bo mt Internet
Denial of Service (DoS): Bin php i ph?
Lc ra trc cc gi dng lm ngp lt (v d: SYN) Theo di ngc li ngun gy ra ngp lt (c ch ging my pht hin ni di ca M)
A
SYN SYN SYN
C
SYN SYN
B
SYN SYN
223
Bo mt e-mail
Alice mun gi 1 e-mail b mt, m, n Bob.
KS m
K (. )
S
KS(m )
KS(m )
KS( )
KS
Alice:
KB( )
+
KB(KS )
Internet
KB(KS )
KS -
K B( )
K+ B
KB
Bob:
dng kha ring ca anh y gii
nhin, KS. m ha thng ip vi KS cng m ha KS vi kha cng cng ca Bob. gi c KS(m) v KB(KS) cho Bob.
Bo mt e-mail
Alice mun cung cp s ton vn thng ip chng thc ngi gi.
H(. )
KA -
KA ( )
KA(H(m))
KA(H(m))
+ KA +
KA ( )
. .
H(m )
+
m
Internet
compare H( ) H(m )
Bo mt e-mail
Alice mun cung cp s ton vn thng ip chng thc
ngi gi s b mt
m
H( )
KA
KA ( )
.
+
KA(H(m)) KS( )
KS
m KS +
KB( ) K+ B
+
KB(KS )
Internet
Alice dng 3 kha: kha ring ca c y, kha cng cng ca Bob, kha i xng va mi to
226
227
SSL (tt)
M ha phin lm vic SSL : SSL: c s ca IETF Transport Layer Security Trnh duyt sinh ra kha (TLS). phin i xng, m ha n vi kha cng cng ca SSL c th dng cho cc server, gi kha ( m ha) ng dng khng Web, cho server. nh IMAP. Dng kha ring, server gii Chng thc client c th m kha phin hon thnh vi cc chng ch client Trnh duyt, server bit kha phin
Tt c d liu gi vo trong TCP socket (do client hoc server) c m ha bi kha phin.
229
IPSec: bo mt lp Network
Bo mt lp Network: Vi c AH v ESP, ngun ch bt tay nhau: host gi m ha d liu trong IP datagram to knh logic lp network gi l mt security association cc on TCP & UDP; cc (SA) thng ip ICMP & SNMP. Mi SA theo 1 chiu duy nht Chng thc lp Network: host ch c th chng thc duy nht xc nh bi: a ch IP ngun giao thc bo mt (AH hoc ESP) 2 giao thc c bn: a ch IP ngun authentication header (AH) ID ca kt ni 32-bit encapsulation security payload (ESP)
230
Giao thc AH
H tr chng thc ngun, ton vn d liu, khng tin cy AH header c chn vo gia IP header, trng d liu. Trng giao thc: 51 Trung gian x l{ cc datagram nh bnh thng AH header cha: Nhn dng kt ni D liu chng thc: thng ip c k{ t ngun c tnh ton da trn IP datagram gc Trng header k tip: xc nh kiu ca d liu (vd: TCP, UDP, ICMP)
IP header
AH header
232
Bo mt IEEE 802.11
Kho st: 85% vic s dng m khng c m ha/chng thc D dng b pht hin/nghe ngng v nhiu loi tn cng khc! Bo mt 802.11 M ha, chng thc Th nghim bo mt 802.11 u tin l Wired Equivalent Privacy (WEP): c thiu st Th nghim hin ti: 802.11i
233
234
802.11i: ci tin s bo mt
Rt nhiu (v chc chn hn) dng m ha c th H tr phn b kha Dng chng thc server tch ring khi AP
236
wired network