Nghiên cứu và triển khai hệ thống WebServer sử dụng IIS, nền tảng Windows Server 2003

TRNG I HC HNG HI VIT NAM KHOA CNG NGH THNG TIN
BO CO BI TP LN
HC PHN THIT K V QUN TR MNG
ti:
NGHIN CU V TRIN KHAI H THNG WEBSERVER S DNG IIS, NN TNG WINDOWS SERVER 2003
Ngi hng dn: Sinh vin thc hin:
inh c Thin ng i h n h ng nh
Ph m Quc Song
Hi Phng, thng 12 nm 2013
[BO CO BI TP LN THIT K V QUN TR MNG]
MC LC MC LC ................................................................................................. 2 Chng I. Tm hiu v dch v Web Server, ng dng IIS ...................... 4 I. Dch v Web Server........................................................................... 4 II. ng dng IIS .................................................................................... 5 1. IIS l g? ........................................................................................ 5 2. IIS c th lm c g? ................................................................. 5 3. IIS hot ng nh th no? ........................................................... 5 Chng II. Ci t, to Web Site, Virtual Host ........................................ 6 I. Ci t IIS .......................................................................................... 6 1. Ci t ........................................................................................... 6 2. Lm quen vi giao din ca IIS .................................................. 13 II. To website..................................................................................... 13 1. To mi mt Web Site ................................................................ 13 2. To Virtual Directory .................................................................. 18 3. Kim tra....................................................................................... 21 III. To virtual host ............................................................................. 37 1. Virtual host l g? ........................................................................ 37 2. Ci t Virtual host ..................................................................... 37 Chng III. Cu hnh bo mt cho Web Server ..................................... 39 I. Bo mt cho website vi SSL.......................................................... 39 1. SSL l g? .................................................................................... 40 2. Giao thc SSL ............................................................................. 41 3. Cc thut ton dng trong SSL ................................................... 42 4. Cu hnh SSL cho Web Site........................................................ 42 II. S dng ISA Server ........................................................................ 54 1. Ci t ISA Server ...................................................................... 54 2. To Rules v Public cc dch v ................................................. 63 III. Bo mt AdminCP vi tools IIS Password ................................... 86 1. Ci t IIS Password ................................................................... 86 2. S dng IIS Password. ................................................................ 90 IV. Bo mt Webserver vi tools ServerMask ................................... 92 2 MC LC
1. Ci t ServerMask ..................................................................... 92 2. S dng ServerMask ................................................................... 97 V. Cc hiu chnh bo mt khc ....................................................... 100 1. Rename ti khon Administrator thnh tn khc ...................... 100 2. Hiu chnh Local Security Policy ............................................. 103
MC LC
Chng I. Tm hiu v dch v Web Server, ng dng IIS I. Dch v Web Server Web Server (my phc v Web): my tnh m trn ci t phn mm phc v Web, i khi ngi ta cng gi chnh phn mm l Web Server. Tt c cc Web Server u hiu v chy c cc file *.htm v *.html, tuy nhin mi Web Server li phc v mt s kiu file chuyn bit chng hn nh IIS ca Microsoft dnh cho *.asp, *.aspx...; Apache dnh cho *.php...; Sun Java System Web Server ca SUN dnh cho *.jsp... My Web Server l my ch c dung lng ln, tc cao, c dng lu tr thng tin nh mt ngn hng d liu, cha nhng website c thit k cng vi nhng thng tin lin quan khc. (cc m Script, cc chng trnh, v cc file Multimedia) Web Server c kh nng gi n my khch nhng trang Web thng qua mi trng Internet (hoc Intranet) qua giao thc HTTP - giao thc c thit k gi cc file n trnh duyt Web (Web Browser), v cc giao thc khc. Tt c cc Web Server u c mt a ch IP (IP Address) hoc cng c th c mt Domain Name. Gi s khi bn nh vo thanh Address trn trnh duyt ca bn mt dng http://www.abc.com sau g phm Enter bn s gi mt yu cu n mt Server c Domain Name l www.abc.com. Server ny s tm trang Web c tn l index.htm ri gi n n trnh duyt ca bn. Bt k mt my tnh no cng c th tr thnh mt Web Server bi vic ci t ln n mt chng trnh phn mm Server Software v sau kt ni vo Internet. Khi my tnh ca bn kt ni n mt Web Server v gi n yu cu truy cp cc thng tin t mt trang Web no , Web Server Software s nhn yu cu v gi li cho bn nhng thng tin m bn mong mun. Ging nh nhng phn mm khc m bn tng ci t trn my tnh ca mnh, Web Server Software cng ch l mt ng dng phn mm. N c ci t, v chy trn my tnh dng lm Web Server, nh c chng trnh ny m ngi s dng c th truy cp n cc thng tin ca trang Web t mt my tnh khc trn mng (Internet, Intranet). Web Server Software cn c th c tch hp vi CSDL (Database), hay iu khin vic kt ni vo CSDL c th truy cp v kt xut thng tin t CSDL ln cc trang Web v truyn ti chng n ngi dng. Server phi hot ng lin tc 24/24 gi, 7 ngy mt tun v 365 ngy mt nm, phc v cho vic cung cp thng tin trc tuyn. V tr t server 4 Tm hiu v dch v Web Server, ng dng IIS
ng vai tr quan trng trong cht lng v tc lu chuyn thng tin t server v my tnh truy cp. II. ng dng IIS 1. IIS l g? IIS l vit tt ca t (Internet Information Services), l cc dch v dnh cho my ch chy trn nn H iu hnh Window nhm cung cp v phn tn cc thng tin ln mng, n bao gm nhiu dch v khc nhau nh Web Server, FTP Server, ... IIS c s dng xut bn ni dung ca cc trang Web ln Internet/Intranet bng vic s dng Phng thc chuyn giao siu vn bn Hypertext Transport Protocol (HTTP). Nh vy, sau khi bn thit k xong cc trang Web ca mnh, nu bn mun a chng ln mng mi ngi c th truy cp v xem chng th bn phi nh n mt Web Server, y l IIS. Nu khng th trang Web ca bn ch c th c xem trn chnh my ca bn hoc thng qua vic chia s tp (file sharing) nh cc tp bt k trong mng ni b m thi. 2. IIS c th lm c g? Nhim v ca IIS l tip nhn yu cu ca my trm v p ng li yu cu bng cch gi v my trm nhng thng tin m my trm yu cu. Bn c th s dng IIS : - Xut bn mt Website ca bn trn Internet - To cc giao dch thng mi in t trn Internet (hin cc catalog v nhn c cc n t hng t ngui tiu dng) - Chia s file d liu thng qua giao thc FTP. - Cho php ngi xa c th truy xut database ca bn (gi l Database remote access). - V rt nhiu kh nng khc ... 3. IIS hot ng nh th no? IIS s dng cc giao thc mng ph bin l HTTP (Hyper Text Transfer Protocol) v FPT (File Transfer Protocol) v mt s giao thc khc nh SMTP, POP3,... tip nhn yu cu v truyn ti thng tin trn mng vi cc nh dng khc nhau. Mt trong nhng dch v ph bin nht ca IIS m chng ta quan tm nht l dch v WWW (World Wide Web), ni tt l dch v Web.
Tm hiu v dch v Web Server, ng dng IIS
Dch v Web s dng giao thc HTTP tip nhn yu cu (Requests) ca trnh duyt Web (Web browser) di dng mt a ch URL (Uniform Resource Locator) ca mt trang Web v IIS phn hi li cc yu cu bng cch gi v cho Web browser ni dung ca trang Web tng ng. Chng II. Ci t, to Web Site, Virtual Host I. Ci t IIS 1. Ci t T nt Start => Programs => Administrative Tool => Manage Your Server
Chn biu tng Add or remove a role, xut hin hp thoi Preliminitary Steps chn Next
Ci t, to Web Site, Virtual Host
Trnh ci t s kim tra h thng mng, v s xut hin 1 dialog box yu cu xc nhn h thng mng ang hot ng ng n, nhn Continue (nu gp)
Chn Application server (IIS, ASP .NET) trong hp thoi Server role, nhn Next
Chn 2 mc ci t FrontPage Server Extensions v Enable ASP.NET, nhn Next, nhn Next trong hp thoi tip theo
Chng trnh s tin hnh ci t
10
Lu : Chng trnh s tm Source I386 ci IIS, nu khng tm c, n s hin yu cu ch nh ng dn cha b ngun. Ch n b ngun I386 trong a CD ci t Windows Server 2003 ca bn. Chn OK. Nhn Finish kt thc qu trnh ci t
10
11
Khi ci t xong m ca s lm vic ca IIS bng cch Administrative Tool => IIS
11
12
12
13
2. Lm quen vi giao din ca IIS
Application Pools: Cha cc ng dng x l cc yu cu ca HTTP request Website: cha danh sch cc Website c to trn IIS Web Service Extensions: Cha danh sch cc Web Service cho php hay khng cho php thc thi 1 s ng dng nh ASP, ASP.NET II. To website 1. To mi mt Web Site Kch chut phi vo th mc Web site => New => Web site => Next
13
14
Xut hin hp thoi Welcome to the Web Site Creation Wizard, nhn Next
Cung cp tn cho Web Site trong hp thoi Description, nhn Next 14 Ci t, to Web Site, Virtual Host
15
Ch nh cc thng s: 1. Enter the IP address to user for this Website: ch nh a ch s dng cho Web site 2. TCP port this Web site should user: ch nh cng hot ng cho dch v (mc nh l 80) 3. Host header for this Web site: Tn nhn din Web Site khi ta mun to nhiu Web site s dng chung 1 a ch.
15
16
Ch nh th mc lu tr ni dung ca Web site v ch nh Anonymous c c quyn truy xut khng
Ch nh qun hn truy xut cho Web site
16
17
Nhn Next v Finish kt thc qu trnh to mi 1 Web site. Ta s thy Web site xut hin trong ca s IIS
17
18
Ch : Web site hot ng c ta phi Stop Default Web Site v Start Web Site ta mun a vo hot ng ln, bng cch kch chut phi v n ri Stop hoc Start.
2. To Virtual Directory nh x 1 ti nguyn t ng dn th mc vt l thnh ng dn URL, cho php ta truy xut ti nguyn ny qua Wsb browser Kch chut phi v Website cn to => New => Virtual Directory xut hin hp thoi Welcome, chn Next.
18
19
Nhp vo tn Alias cn to, nhn Next
Ch nh th mc cc b hoc ng dn mng cn nh x 19 Ci t, to Web Site, Virtual Host
20
Ch inh cc quyn truy xut cho Alias ny nhn Next v Finish kt thc
Virtual va to s xut hin trong khung phi ca IIS
20
21
3. Kim tra Ti y ta c th dng IE hoc trnh duyt bt k truy cp vo trang Web va to.
21
22
Lu : Nu khng th truy cp trang web m bn va to, rt c th bn cha cu hnh DNS cho n. lm vic ny bn lm theo hng dn pha di. Vo menu Start => All Programs => Administrative Tool => DNS
22
23
Ca s dnsmgmt hin ra, nhy p vo mc Forward Lookup Zone kim tra xem c domain ca trang web va to cha. Nu cha nhp phi chut vo mc Forward Lookup Zone, chn New Zone...
23
24
Hp thoi New Zone Wizard hin ra, Nhn Next.
Chn Primary zone v tch vo Store the zone in Active Directory (nu server ca bn l mt Domain Controller) kch vo Next. 24 Ci t, to Web Site, Virtual Host
25
Chn To all domain controller in Active Directory Domain ... Nhn Next.
in vo tn min ca bn mc Zone name
25
26
Chn Allow both nonsecure and secure dynamic updates, Nhn Next
Qu trnh to hon tt hp thoi Completing the New Zone Wizard hin ra, bn kim tra cc thng tin xem c sai st g khng, nu khng ci nhn Finish kt thc qu trnh. 26 Ci t, to Web Site, Virtual Host
27
Tr li ca s dnsmgmt, bn s thy tn min ca mnh trong mc Forward Lookup Zones, nhp phi chut vo tn min ca bn v chn New Host (A)...
27
28
in thng tin cho bn ghi New Host ca bn tng t nh hnh di, vi ip l ip tnh ca Server. Tch vo Allow any authenticated user to update DNS records with the sam owner name. Kch Add Host
Bn tip tc to 2 bn ghi CNAME cho tn min, nhp phi chut vo tn min ca bn v chn New Alias (CNAME)...
Nhp tng t nh 2 di to CNAME www v CNAME ftp 28 Ci t, to Web Site, Virtual Host
29
29
30
Tip theo ta to bn ghi MX cho mail server, bn c th b qua bc ny nu server khng phi l mail server.
30
31
Sau cc bc to trn cc bn ghi ca tn min s hin th tng t nh hnh di. Ta tip tc to bn ghi cho Reverse Lookup Zones
Nhy phi chut vo Reverse Lookup Zones chn New Zone...
31
32
Hp thoi New Zone hin ln, nhn Next tip tc.
Chn Primary zone v tch vo Store the zone in Active Directory (nu server ca bn l mt Domain Controller) nhn Next.
32
33
Tch vo To all domain controllers in the Active Directory domain ..., nh n Next
in a ch mng ca bn vo Network ID, nhn Next.
Tch vo Allow both nonsecure and secure dynamic updates, nhn Next 33 Ci t, to Web Site, Virtual Host
34
Nhn Finish kt thc.
Sau bn to bn ghi PTR nh hng dn pha di. Nhp chut phi vo Zone va to, chn New Pointer (PTR)... 34 Ci t, to Web Site, Virtual Host
35
in a ch host (Host IP) v tn host (Host name) tng t nh hnh di, tch chn allow any authenticated user to update ... v nhn OK.
35
36
Bn ghi PTR c to hin th nh hnh di l xong.
36
37
III. To virtual host 1. Virtual host l g? Virtual host l mt dch v cho php lu tr nhiu trang web vi tn min khc nhau trn cng mt a ch IP. 2. Ci t Virtual host T ca s Internet Information Services (IIS) Manager, kch chut phi vo mt trang web v chn Properties
Trong hp thoi Properties ca trang web, nhp vo nt Advanced...
37
38
Trong hp thoi Advanced Web Site Identification, chn Default v nhp vo nt Edit sa i hoc nt Add thm mi
38
39
Nhp tn min trang web trong Host Header value
Nhp vo nt OK trong tt c cc hp thoi lu cc thay i ca bn Chng III. Cu hnh bo mt cho Web Server I. Bo mt cho website vi SSL Vi nhng website c thng tin nhy cm nh thng tin v n hng, username, mt khu Vic cc user ng nhp di hnh thc thng thng http rt d b l mt khu nu hacker s dng phng thc tn cng MAN IN THE MIDDLE ATTACK. Vi kiu tn cng ny, d liu ca bn hon ton c th b hacker c c thng tin, ng ngha vi vic hacker c c thng tin user v mt khu ca bn. S dng chng ch SSL c th gip website ca bn bo mt thng tin trc hacker. 39 Cu hnh bo mt cho Web Server
40
1. SSL l g? SSL vit tt ca Secure Socket Layer l mt giao thc (protocol) cho php bn truyn t thng tin mt cch bo mt v an ton qua mng. Vic kt ni gia mt Web browser ti bt k im no trn mng Internet i qua rt nhiu cc h thng c lp m khng c bt k s bo v no vi cc thng tin trn ng truyn. Khng mt ai k c ngi s dng ln Web server c bt k s kim sot no i vi ng i ca d liu hay c th kim sot c liu c ai thm nhp vo thng tin trn ng truyn. bo v nhng thng tin mt trn mng Internet hay bt k mng TCP/IP no, SSL kt hp nhng yu t sau thit lp c mt giao dch an ton: - Xc thc: m bo tnh xc thc ca trang m bn s lm vic u kia ca kt ni. Cng nh vy, cc trang Web cng cn phi kim tra tnh xc thc ca ngi s dng. - M ho: m bo thng tin khng th b truy cp bi i tng th ba. loi tr vic nghe trm nhng thng tin nhy cm khi n c truyn qua Internet, d liu phi c m ho khng th b c c bi nhng ngi khc ngoi ngi gi v ngi nhn. - Ton vn d liu: m bo thng tin khng b sai lch v n phi th hin chnh xc thng tin gc gi n. - Vi vic s dng SSL, cc Web site c th cung cp kh nng bo mt thng tin, xc thc v ton vn d liu n ngi dng. SSL c tch hp sn vo cc browser v Web server, cho php ngi s dng lm vic vi cc trang Web ch an ton. 40 Cu hnh bo mt cho Web Server
41
2. Giao thc SSL SSL c pht trin bi Netscape, ngy nay giao thc SSL c s dng rng ri trn World Wide Web trong vic xc thc v m ho thng tin gia client v server. T chc IETF (Internet Engineering Task Force ) chun ho SSL v t li tn l TLS (Transport Layer Security). Mc d l c s thay i v tn nhng TSL ch l mt phin bn mi ca SSL. Phin bn TSL 1.0 tng ng vi phin bn SSL 3.1. Tuy nhin SSL l thut ng c s dng rng ri hn SSL c thit k nh l mt giao thc ring cho vn bo mt c th h tr cho rt nhiu ng dng. Giao thc SSL hot ng bn trn TCP/IP v bn di cc giao thc ng dng tng cao hn nh l HTTP, IMAP v FTP. SSL khng phi l mt giao thc n l, m l mt tp cc th tc c chun ho thc hin cc nhim v bo mt sau: - Xc thc server: Cho php ngi s dng xc thc c server mun kt ni. Lc ny, pha browser s dng cc k thut m ho cng khai chc chn rng certificate v public ID ca server l c gi tr v c cp pht bi mt CA (certificate authority) trong danh sch cc CA ng tin cy ca client. iu ny rt quan trng i vi ngi dng. V d nh khi gi m s credit card qua mng th ngi dng thc s mun kim tra liu server s nhn thng tin ny c ng l server m h nh gi n khng. - Xc thc Client: Cho php pha server xc thc c ngi s dng mun kt ni. Pha server cng s dng cc k thut m ho cng khai kim tra xem certificate v public ID ca server c gi tr hay khng v c cp pht bi mt CA (certificate authority) trong danh sch cc CA ng tin cy ca server khng. iu ny rt quan trng i vi cc nh cung cp. V d nh khi mt ngn hng nh gi cc thng tin ti chnh mang tnh bo mt ti khch hng th h rt mun kim tra nh danh ca ngi nhn. - M ho kt ni: Tt c cc thng tin trao i gia client v server c m ho trn ng truyn nhm nng cao kh nng bo mt. iu ny rt quan trng i vi c hai bn khi c cc giao dch mang tnh ring t. Ngoi ra, tt c cc d liu c gi i trn mt kt ni SSL c m ho cn c bo v nh c ch t ng pht hin cc xo trn, thay i trong d liu. ( l cc thut ton bm hash algorithm). Giao thc SSL bao gm 2 giao thc con: - Giao thc SSL record: xc nh cc nh dng dng truyn d liu 41 Cu hnh bo mt cho Web Server
42
- Giao thc SSL handshake (gi l giao thc bt tay) : s dng SSL record protocol trao i mt s thng tin gia server v client vo ln u tin thit lp kt ni SSL 3. Cc thut ton dng trong SSL Cc thut ton m ho v xc thc ca SSL c s dng bao gm: - DES (Data Encryption Standard) l mt thut ton m ho c chiu di kho l 56 bit. - 3-DES (Triple-DES): l thut ton m ho c di kho gp 3 ln di kho trong m ho DES - DSA (Digital Signature Algorithm): l mt phn trong chun v xc thc s ang c c chnh ph M s dng. - KEA (Key Exchange Algorithm) l mt thut ton trao i kho ang c chnh ph M s dng. - MD5 (Message Digest algorithm) c pht thin bi Rivest. - RSA: l thut ton m ho cng khai dng cho c qu trnh xc thc v m ho d liu c Rivest, Shamir, and Adleman pht trin. - RSA key exchange: l thut ton trao i kho dng trong SSL da trn thut ton RSA. - RC2 and RC4: l cc thut ton m ho c pht trin bi Rivest dng cho RSA Data Security. - SHA-1 (Secure Hash Algorithm): l mt thut ton bm ang c chnh ph M s dng. - Khi mt client v server trao i thng tin trong giai on bt tay (handshake), h s xc nh b m ho mnh nht c th v s dng chng trong phin giao dch SSL 4. Cu hnh SSL cho Web Site a) To Certificate Signing Request (CSR) Trong ca s IIS6, chn website m bn mun to CSR, kch chut phi vo n, chn Properties.
42
Cu hnh bo mt cho Web Server
43
Ca s Default Web Site Properties hin ln, ta chn tab Directory Security.
43
44
mc Secure communications , kch Server certificate. Ca s Web server certificate wizard hin th, Nhn Next
44
45
Chn Create a new certificate v Nhn Next
Chn Prepare the request now, but send it later , ri Nhn Next
Nhp tn ca chng ch, v d: martinleung.com Chn Bit length , bn nn chn l 2048, hu ht cc chng ch thng dng 2048 bit, sau Nhn Next 45 Cu hnh bo mt cho Web Server
46
Chn Microsoft RSA SChannel Cryptographic Provider
Nhp thng tin v t chc (Organization) v n v ca t chc (Organization Unit) . Nhn Next
46
47
Nhp tn min ca bn vo mc Common name. Nhn Next
Nhp quc gia , thnh ph, bang. Thng tin ny phi chnh xc khng c vit rt gn, v d Hi Phng bn khng c nhp l HP
47
48
Chn file lu key, Nhn Next.
Mn hnh di y hin th chi tit thng tin ng k ca bn . Hy chc chn rng thng tin ca bn cung cp l ng, Nhn Next
48
49
Gi bn c CSR. Chn Finish.
Hy s dng file CSR ca bn va mi c to nhp vo website nh cung cp chng ch
49
50
b) ng k chng ch SSL ti c quan chng thc C quan chng thc s yu cu bn nhp CSR. Bn hy s dng CSR to bc 1 v in vo form ng k. Bn s nhn c file ci t, thng thng file ny c ui m rng l *.cer c) Ci t chng ch SSL Kch chut phi vo website bn mun ci t SSL, chn property
Trong ca s property, chn tab Directory Security -> Server Certificate
50
51
Trong ca s IIS certificate wizard, chn Process the pending request and install the certificate , Nhn Next
51
52
Chn ng dn ti file cn ci t
Nhn Next, i mt lt qu trnh xc thc hon tt. Sau nhn Finish. Bn c th xem li chng nhn s SSL ca mnh bng cch kch vo View Certificate..., mt ca s hin ra cho bit cc thng tin v c quan chng thc v thi hn ca chng nhn nh pha di.
52
53
By gi th website ca bn c th truy cp thng qua SSL vi giao thc https://yourdomain.com
53
54
II. S dng ISA Server mt WebServer an ton trc nhng tn cng t bn ngoi th ta cn c mt tng la (ISA Server). Theo nhng g ta bit th ta cn phi c 2 my (1 my lm WebServer, 1 my lm Firewall), tuy nhin v i m hnh doanh nghip va v nh ta ch c c mt Server t trn cc ISP (FPT, VDC, ). Hng dn di y s trnh by cch cu hnh ISA trn my ch ci sn IIS. 1. Ci t ISA Server Disable NetBIOS over TCP/IP trn card WAN : Trong phn chnh IP chn Advance, chn WINS, chn Diasble NetBIOS Over TCP/IP
54
55
Download b ci t ISA Server t a ch http://goo.gl/9zXf2P. Gii nn b ci t ra mt th mc tm no , chy file setup.exe, chn Install ISA Server 2004.
55
56
56
57 Chn Next
Chn I Accept
in tn ngi dng, t chc v key ci t, chn Next. 57 Cu hnh bo mt cho Web Server
58
Chn Custom
mc nh, chn Next
58
59
Khai bo phm vi a ch l cc my trong mng LAN vi Server
mc nh cc gi tr v Next n khi ci t
59
60
Qu trnh ci t hon tt
60
61
61
62
i mt lc chng trnh ci t, xong chn Finish kt thc qu trnh.
Bn cng c th ci thm cc Services Pack ca ISA v cc l hng bo mt. Cc Services Pack l min ph v c th ti v t trang ch ca microsoft ( y khng gii thiu thm v cc Service Pack). Cui cng bn Restart li Server my ch lu thit lp v hon tt qu trnh ci t ISA.
62
63
2. To Rules v Public cc dch v a) Chuyn hng port 80 M ISA Management, Nhp phi chut ln Firewall Policy, chn Web Server Publishing Rule.
t tn cho rules l : WebServer, chn Next
63
64
Action chn Allow
64
65
Define Webserver to Publish : in vo domain ca trang web
Public Name Details chn Accept requests for : Any domains name
65
66
Web Listener chn vo nt New
66
67
t tn l Port 80
67
68
Cho lng nghe External, chn next
68
69
Enable HTTP port 80, chn next, chn finish
69
70
Chn Port 80 cho Web Listerner, chn next
70
71
All Users, chn Next, chn Finish
71
72
72
73
Nhp phi chut ln Rules WebServer, chn Bridging, i port 80 thnh port 2013
Chn tab To, check vo Forward the original host header instead of the actual one. Chn Requests appear to come from the original client. Chn Finish.
73
74
b) Thit lp Firewall s dng cc dch v c bn y v d vi dch v Remote Desktop Bt dch v Remote Desktop
74
75
Nhp phi chut trn Firewall Policy, chn New, chn Server Publishing Rule
75
76
t tn cho Rules l Remote Desktop
76
77
in IP ca card WAN l 222.222.222.222
Protocol chn RDP (Terminal Services) Server 77 Cu hnh bo mt cho Web Server
78
Cho lng nghe trn External
Chn Finish 78 Cu hnh bo mt cho Web Server
79
79
80
c) Thit lp my ch c th truy cp internet Nhp phi chut ln Firewall Policy, chn New, chn Access Rules.
t tn cho Rules l Internet
Action : chn Allow 80 Cu hnh bo mt cho Web Server
81
Protocols chn All outbound traffic
Source : Internal v Localhost
81
82
Destination chn New, chn URL Set
82
83
t tn l Trusted Sites v cho truy cp cc trang, v d: + http://microsoft.com/* + http://*.microsoft.com/*
83
84
Chn Trusted Sites
User sets : chn All Users
84
85
Chn Finish
Sp xp cc rules theo th t Webserver, Remote Desktop, Internet.V Apply 85 Cu hnh bo mt cho Web Server
86
III. Bo mt AdminCP vi tools IIS Password Website ca bn l mt website tin tc, do s c ti khon admin vit bi (tm gi l Admin1). Website ca bn s c mt ni ng nhp ca admin, bn cn bo mt ni ng nhp bng mt lp username/password na (tm gi l Admin2), nu hacker bit c username/password admin1 ca bn cng khng th ng nhp vo c. chng thc khi vo ng dn Admin bn c th kt dng quyn NTFS v IIS Basic Authentication, y ti khng dng 2 cch ny m dng tool IIS Password .Nu ti dng cch NTFS v IIS Basic Authentication th khi b sniff cng s l username/password ca windows, cn IIS Password s to ra mt username/password ring khng ph thuc vo Windows chng thc khi ngi dng khi truy cp vo link chn. 1. Ci t IIS Password Bn ti v b ci t IIS Password t a ch http://goo.gl/3jgL5f. Khi chy file IISPassword.exe. option theo mc nh, Next theo hng dn n khi hon tt.
86
87
87
88
88
89
89
90
2. S dng IIS Password. M Internet Information Services, trn Default Web Site, Nhp phi chut chn properties, chn tab IISPassword.
90
91
Chn nt Add, thm vo username/password
t title l Amin Zone, chn apply
91
92
IV. Bo mt Webserver vi tools ServerMask Trc khi tn cng Website ca bn, cc hacker thng dng cc thao tc Footprinting v Scanning, khi c thng tin cn thit, hacker s chn cch nh vo website ca bn hay Server cha website ca bn. gim thiu v gy lc hng cc hacker khi tin hnh Footprinting v Scanning ti s che Server Header li, khng cho hacker bit ti ang dng IIS 6. 1. Ci t ServerMask Bn ti v b ci t ServerMask t a ch http://goo.gl/tdhca1. Khi chy file SMSetup.exe. option theo mc nh, Next theo hng dn n khi hon tt.
92
93
93
94
94
95
95
96
96
97
2. S dng ServerMask Khi ng ServerMask t menu Start. Nh trn hnh ta thy ServerMask cung cp cho ta 3 loi dch v Hide, Emulate v Randomize tng ng vi Loi b Server header t hi p HTTP, thay th Server header IIS thnh server header ca cc my ch khc v cui cng l t ng thay i Server header 97 Cu hnh bo mt cho Web Server
98
sau mi mt khong thi gian, ngoi ra bn c th t thay i phn Server header theo mnh qua mc Customize, tuy nhin khuyn co bn nn s dng cc dch v sn c nu cha nm r v Server header.
Bn c th chn loi dch v cho tng trang web ca mnh bng cch nhp chut vo tn website tng ng sau trang hin ra chuyn mc Security Profile qua dch v m bn mun.
98
99
y ti chuyn ton b website sang s dng dch v Randomize.
99
100
Nhn OK lu v ng ca s ServerMask V. Cc hiu chnh bo mt khc trnh hacker c th ng nhp vo server ca bn, bn nn i tn ti khon Administrator v thc hin mt vi chnh sch nhm tng cng bo mt cho ti khon ny khi ng nhp. (Hng dn di y, thc hin cho my nng cp ln Domain Controller. Bn c th nng cp ln Domain Controller bng cch vo Command Prompt g dcpromo nhn enter v ci t.) 1. Rename ti khon Administrator thnh tn khc Vo menu Start => Administrative Tools => Active Directory Users and Computers.
100
101
T ca s hin ln chn mc User, nhp phi chut vo Administrator chn Rename
101
102
G vo tn mi cho ti khon. Nhn OK hon tt.
Tn ti khon mi c hin th trog danh sch ti khon.
102
103
Bn s cn Log out vic i tn c hon thnh. Sau ng nhp vo vi tn mi v mt khu ca bn. 2. Hiu chnh Local Security Policy Vo menu Start => Administrative Tools => Domain Controller Security Policy.
103
104
T mc Local Policies => Security ta thay i cc thit lp sau Interactive logon: Display user infomation when the session is locked > Do not display user infomation. Khng hin th thng tin ngi dng khi phin b kha. Interactive logon: Do not display last user name > Enabled. Khng hin th tn ngi s dng cui cng Network access: Sharing and security model for local accounts > Guest only. Chia s v m hnh bo mt cho cc ti khon a phng > Ch cho ti khon khch.
104
105
HT
105

Nghiên cứu và triển khai hệ thống WebServer sử dụng IIS, nền tảng Windows Server 2003

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Nghiên cứu và triển khai hệ thống WebServer sử dụng IIS, nền tảng Windows Server 2003

Uploaded by

Copyright:

Available Formats

TRNG I HC HNG HI VIT NAM KHOA CNG NGH THNG TIN

Ngi hng dn: Sinh vin thc hin:

Hi Phng, thng 12 nm 2013

[BO CO BI TP LN THIT K V QUN TR MNG]

[BO CO BI TP LN THIT K V QUN TR MNG]

[BO CO BI TP LN THIT K V QUN TR MNG]

[BO CO BI TP LN THIT K V QUN TR MNG]

Tm hiu v dch v Web Server, ng dng IIS

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Chng trnh s tin hnh ci t

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

2. Lm quen vi giao din ca IIS

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ch nh th mc lu tr ni dung ca Web site v ch nh Anonymous c c quyn truy xut khng

Ch nh qun hn truy xut cho Web site

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Nhp vo tn Alias cn to, nhn Next

Ch nh th mc cc b hoc ng dn mng cn nh x 19 Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Virtual va to s xut hin trong khung phi ca IIS

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Hp thoi New Zone Wizard hin ra, Nhn Next.

[BO CO BI TP LN THIT K V QUN TR MNG]

in vo tn min ca bn mc Zone name

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Ci t, to Web Site, Virtual Host

[BO CO BI TP LN THIT K V QUN TR MNG]

Nhy phi chut vo Reverse Lookup Zones chn New Zone...