Professional Documents
Culture Documents
NH TI TR
1. Gii thiu
Khi cc mng wireless LAN c trin khai rng ri v chng ta cng bit nhiu v li
ch ca n, xong i km vi n l vic bo mt cng rt kh khn. Bi vit ny chng ti
ch ch cp v tho lun mt s k thut c bn bo mt h thng ny v mt s gii
php bo mt hu hiu.
2. Ti sao bo mt li rt quan trng
Ti sao chng ta li phi quan tm n vn bo mt ca mng wireless LAN? iu
ny bt ngun t tnh c hu ca mi trng khng dy. kt ni ti mt mng LAN
hu tuyn bn cn phi truy cp theo ng truyn bng dy cp, phi kt ni mt PC
vo mt cng mng. Vi mng khng dy bn ch cn c my ca bn trong vng sng
bao ph ca mng khng dy. iu khin cho mng hu tuyn l n gin: ng truyn
bng cp thng thng c i trong cc ta nh cao tng v cc port khng s dng c
th lm cho n disable bng cc ng dng qun l. Cc mng khng dy (hay v tuyn)
s dng sng v tuyn xuyn qua vt liu ca cc ta nh v nh vy s bao ph l
khng gii hn bn trong mt ta nh. Sng v tuyn c th xut hin trn ng ph,
t cc trm pht t cc mng LAN ny, v nh vt ai c th truy cp nh thit b thch
hp. Do mng khng dy ca mt cng ty cng c th b truy cp t bn ngoi ta nh
cng ty ca h. Hnh 1 th hin mt ngi l c th truy cp n mt LAN khng dy t
bn ngoi nh th no. Gii php y l phi lm sao c c s bo mt cho mng
ny chng c vic truy cp theo kiu ny.
3. Cc im yu trong bo mt 802.11
Chun IEEE 802.11 a ra mt WEP (Wired Equivalent Privacy) bo v s truyn
pht khng dy. WEP c s dng mt chui s 0 i xng m ha cc ngi dng
trong mng khng dy. 802.11 a ra cc kha WEP 64 bit nhng c cung cp thm
ln kha WEP 128 bit. 802.11 khng a ra cc kha c xp xp nh th no. Mt
WEP bao gm 2 phn: vector khi to (IV) 24 bit v key mt. IV c pht trong plain
text phn header ca cc gi 802.11. Tuy nhin n rt d b crack. V vy gii php
tip theo l phi s dng cc kha WEP ng m c th thay i mt cch thng xuyn.
Chun 802.11 xc nhn cc my khch s dng kha WEP. Tip sau chun cng
nghip c a ra thng qua xc nhn 802.1x (bn c th xem phn 7) b sung
cho cc thiu xt ca chun 802.11 trc n. Tuy nhin gn y, trng i hc
Maryland minh chng bng ti liu v s c ca vn bo mt tim n vi giao thc
802.1x ny. Gii php ngy nay l s dng s xc nhn ln nhau ngn cn ai
gia tn cng v cc kha WEP ng, cc kha ny c xp xp mt cch cn thn v
cc knh m ha. C hai k thut ny c h tr bi giao thc (TLS: Transport Layer
Security). Ni bt hn c l vic kha per-packet v kim tra tnh ton vn ca message.
y chnh l chun bo mt 802.11i.
Xem tip: Bo mt mng LAN khng dy (K 2)
Bo mt mng LAN khng dy (K 3)
5. M hnh bo mt khng dy
Kin trc LAN khng dy h tr mt m hnh bo mt m v ton din da trn chun
cng nghip nh th hin trn hnh 4. Mi mt phn t bn trong m hnh u c th cu
hnh theo ngi qun l mng tha mn v ph hp vi nhng g h cn.
6. M ha
M ha l bin i d liu ch c cc thnh phn c xc nhn mi c th gii m
c n. Qu trnh m ha l kt hp vi plaintext vi mt kha to thnh vn bn
mt (Ciphertext). S gii m c bng cch kt hp Ciphertext vi kha ti to li
plaintext gc nh hnh 5. Qu trnh xp xp v phn b cc kha gi l s qun l kha.
Qu trnh m ha v gii m
M hnh xc nhn
802.1x EAP-TLS vi EAS trong Controller Mode c th hin trn hnh 8. Client khng
dy c chng ch digital (c ci t t trc). Client khng dy truyn thng vi EAS
thng qua AP. Tt c ba thnh phn (Wireless client, AP v EAS) h tr qu trnh 802.1x
EAP-TLS. Client khng dy c th s dng Windows XP (c xy dng h tr cho
802.1x EAP-TLS) hay Windows 98/Me/2000 bng vic s dng Madge Wireless LAN
Utility (WLU). Khi xc nhn, d liu ngi dng cng c th c s dng EAS m
c cu hnh trong Gateway Mode.