Bảo Mật Trong Mạng WLAN

Vin i Hc M H Ni
n tt nghip
MC LC
Kt lun ......115.....3
CHNG I : TNG QUAN V MNG KHNG DY.................8
1 Gii thiu v mng khng dy v lch s pht trin..................8
2. Phn loi mng khng dy..........................................................9
3. Vn k thut trong mng khng dy...................................10
4. S nt mt s mng khng dy.................................................10
4.1. WPAN................................................................................................................10
4.2. WLAN................................................................................................................13
4.3 WMAN (cng ngh WiMAX) ............................................................................13
b. M hnh ng dng WiMAX di ng............................................................16
CHNG II : MNG CC B KHNG DY (WLAN).............17

1 Tng quan v WLAN...............................................................17
1.1 Lch s pht trin ca WLAN...........................................................................17
1.2 S cn thit v li ch ca mng WLAN..........................................................18
1.3 Cc k thut vt l trong WLAN.....................................................................19
a, FHSS ...........................................................................................................20
b, DSSS............................................................................................................20
1.4 Di tn hot ng ca WLAN........................................................................21
2. Cc thnh phn trong mng WLAN.......................................22

2.1 Trm khng dy ( wireless station)..................................................................23
2.2 Card mng khng dy ( wireless NIC)............................................................23
2.3 im truy nhp ( Access point ) :....................................................................24
2.4 Bridge khng dy ( Wbridge)..........................................................................26
2.5 Gateway...........................................................................................................26
2.6 Repeater..........................................................................................................27
3. Cc chun thng dng ca WLAN............................................29

3.1 IEEE 802.11 b..................................................................................................30
3.2 IEEE 802.11a...................................................................................................31
3.3 IEEE 802.11g...................................................................................................34
3.4 Cc chun IEEE 802.11 khc:.........................................................................35
4.
Hai phng thc kt ni c bn.............................................37

4.1 Phng thc khng xc nh IBSS................................................................37
4.2 Phng thc h tng c bn BSS/ESS............................................................39
5. Cc phng php iu khin truy xut ng truyn............41

5.1 Cc phng php truy nhp gn c nh.............................................................42
a. phng php a truy nhp phn chia theo tn s (FDMA)....................................42
b. phng php a truy nhp phn chia theo thi gian TDMA................................43
c. a truy nhp phn chia theo m (CDMA).............................................................46
5.2 Cc phng php truy nhp ngu nhin..............................................................47
a. phng thc a truy nhp cm ng sng mang c pht hin xung t CSMA/CD
(Carrier Sense Multiple Access with Collision Detection)........................................49
SV thc hin : ng Bch Thy
Vin i Hc M H Ni
n tt nghip
b. phng php truy nhp cm nhn sng mang c trnh xung t CSMA/CA
(Carrier Sense Multiple Access with Collision Avoidance)......................................51
5.3 Cc phng php truy nhp c iu khin..........................................................53
a. phng php truy nhp chuyn th bi.................................................................53
b. truy nhp theo th t............................................................................................57
CHNG III. CC IM YU CA MNG KHNG DY V

CC PHNG THC TN CNG MNG..................................58
1. S r r sng RF ca mng khng dy......................................58
2. WEP phng thc m ha bo mt yu..................................59
2.1 M ha WEP ...................................................................................................59
a. Khun dng hot ng ca WEP.......................................................................59
b. Gii m bn tin WEP.........................................................................................61
c. Vector khi to IV..............................................................................................62
d. B m ha lung RC4.........................................................................................62
2.2 Cc vn ca WEP............................................................................................63
a. Vn qun l kha m.....................................................................................63
2.3 Cc phng thc ph kha m WEP...................................................................65
a. Ni suy bn tin...................................................................................................65
c.Tn cng tin trnh lp............................................................................................67
d. Tn cng FMS........................................................................................................69
3.Cc phng thc tn cng mng khng dy............................71

3.1 Tn cng th ng ..........................................................................................71
a. Nghe ln ................................................................................................................72
b.Phn tch lu lng.................................................................................................72
3.2 Tn cng ch dng...............................................................................................73
a. Gi mo ngi dng...........................................................................................73
b. Thay i d liu.................................................................................................73
c. Truy nhp iu khin qun l. ...........................................................................74
d. Tn cng ARP. ..................................................................................................75
3.3 Tn cng gy nghn hot ng mng khng dy DoS........................................76
3.4 Tn cng man-in-the-middle................................................................................78
CHNG IV. CC GII PHP BO MT MNG KHNG

DY..................................................................................................... 81
1.Mt s nhn t cn quan tm ca bo mt mng khng dy.. .81
2. Cc mc tiu ca bo mt mng khng dy.............................82
2.1. S tin cy ...........................................................................................................82
2.2. S xc thc..........................................................................................................83
2.3. iu khin truy nhp..........................................................................................83
2.4. Tnh ton vn......................................................................................................83
3. Mt s yu cu trong cc gii php bo mt khng dy..........84

3.1 Phn cp...............................................................................................................84
3.2 Kh nng b sung................................................................................................84
3.3 Hiu qu..............................................................................................................85
3.4 Tnh sn sng......................................................................................................85
Vin i Hc M H Ni
n tt nghip
Mt s gii php bo mt mng khng dy :................................85

4. Thit lp anten v iu chnh.....................................................85
5. Cc thit lp bo mt c bn.....................................................86
5.1 V hiu ho qung b SSID. ..............................................................................86
5.3 S dng lc MAC..............................................................................................87
6. Tng cng ho bo mt...........................................................88

6.1 TKIP....................................................................................................................88
6.2 AES......................................................................................................................91
7. Thit lp c ch xc thc ngi dng........................................93

7.1 EAP....................................................................................................................93
7.2 Khung 802.1x.....................................................................................................93
7.3 C ch xc thc..................................................................................................94
7.4 Cc phng thc xc thc EAP.........................................................................99
a. MD5......................................................................................................................99
b. LEAP..................................................................................................................100
c. TLS......................................................................................................................101
d. TTLS v PEAP...................................................................................................102
8. Bo mt mng khng dy vi VPN.........................................105

8.1 VPN...................................................................................................................105
8.2 Kin trc VPN cho mng khng dy................................................................106
a. Network to network.............................................................................................106
b. Host-to-network.................................................................................................107
8.3 Cc giao thc bo mt trong VPN....................................................................110
a. B giao thc IPSec..............................................................................................110
b. PPTP v L2TP......................................................................................................111
- PPTP ....................................................................................................................111
- L2TP....................................................................................................................112
9. Cc k thut pht hin xm nhp IDS...............................113

TI LIU THAM KHO...............................................................121
Kt lun ......115
Vin i Hc M H Ni
n tt nghip
DANH MC HNH V
Hnh 1.1 M hnh ng dng mng Wimax c nh.15
Hnh 2.1 : Wireless NICs.24
Hnh 2.2 : wireless access point...26
Hnh 2.3: repeater.29
Hnh 2.5 : IEEE 802.11 v OSI29
Hnh 2.6 : Cc la chn chun 802.11b...31
Hnh 2.7 Bng tm tt thng s cc chun IEEE 802.11 35
Hnh 2.8: Kt ni IBSS...37
Hnh 2.9 : Kt ni BSS/ESS.40
Hnh 2.10 : a truy nhp theo tn s43
Vin i Hc M H Ni
n tt nghip
Hnh 2.11 : cu trc khung ca TDMA. 44

Hnh 2.12 : nguyn l hot ng CSMA/CD...50
Hnh 2.13 : nguyn l hot ng ca CSMA/CA.51
Hnh 2.14 : vng logic v ng truyn vt l............54
Hnh 2.15 : Truy nhp theo th t57
Hnh 3.1 : M Ha WEP...60
Hnh
3.2
Khung
ha
WEP
..61
Hnh 3.3 : Tn cng lung m kha .64
Hnh 3.4 : Tm lung kha m..68
Hnh 3.5: Gi mo bn tin mi. 69
Hnh 3.7 : Tn cng bt lu lng p ng ARP thng qua74
Hnh 4.1: M Ha TKIP....91
Hnh 4.2 : Chc nng xo trn m kha tng gi.93
Hnh 4.3 : Khung 802.1x...96
Hnh 4.4 : Cc cng iu khin v phi iu khin....97
Hnh 4.5 : Cc thc xc thc 802.1x hot ng....98
Hnh 4.6 : Kin trc Network-to-network...106
Hnh 4.7 : Kin Trc Host-to-network.. .107
Hnh 4.8 : Kin trc host-to-host.108
Hnh 4.9 : Knowledge based IDS113
Hnh 4.10 : Anomaly based IDS...114
Vin i Hc M H Ni
n tt nghip
DANH MC CH VIT TT
AES Avanced Encrytion Standard.
ARP Address Resolution Protocol.
AH Authentication Head..
BPSK Binary Phase Shift Keying.
BSS Basic Service Set.
CSMA/CD Carrier Sense Mutiple Access/ Collision Detection.
CRC Cyclic Redundancy Check.
DSSS Direct Sequence Spread Spectrum.
DoS Denial of Service.
Vin i Hc M H Ni
n tt nghip
EAP Extensible Authentication Protocol.

ESP Encapsulating Security Payload.
FHSS Frequency Sequence Spread Spectrum
IR Infared.
IBSS Infratructure BSS
IPSec IP security.
IKE Internet Ket Exchange.
IDS Intrusion Detection System.
LEAP Lightweight Extensible Authentication Protocol.
L2TP Layer 2 Tunnel Protocol.
MSDU MAC Service Data Unit.
MS- CHAP Mircosoft Challege Handshake Authentication Protocol.
OFDM Orthogonal Frenquency Division Multiplexing.
PKI Public Key Infratruture.
PEAP Protected Extensible Authentication Protocol.
PPTP Point to point Tunneling Protocol.
QBSK Quadrature Phase Shift keying.
QAM Quadratute Amplitude Modulation.
QoS Quality of Service.
RTS/CTS Request to Send/ Clear to Send.
RADIUS Remote authentication Dial-in User Service.
TKIP Temporal Key Integrity Protocol.
TLS Transport Layer Security.
TTLS Tunneled TLS.
VPN Virtual Private Network.
Vin i Hc M H Ni
n tt nghip
WEP Wire Equivalent Privacy.

WAP Wi-Fi Protechted Access.
WECA Wireless Ethernet Compatibility Alliance.
CHNG I : TNG QUAN V MNG KHNG DY
1 Gii thiu v mng khng dy v lch s pht trin

Mng my tnh t lu tr thnh mt thnh phn khng th
thiu i vi nhiu lnh vc i sng x hi, t cc h thng mng cc
b dung chia s ti nguyn trong n v cho n h thng mng ton
cu nh Internet. Cc h thng mng hu tuyn v v tuyn ang ngy
cng pht trin v pht huy vai tr ca mnh.
Vin i Hc M H Ni
n tt nghip
Mc d mng khng dy xut hin t nhiu thp nin nhng

cho n nhng nm gn y vi s bng n ca cc thit b di ng th
nhu cu nghin cu v pht trin cc h thng mng khng dy cng
tr nn cp thit.Nhiu cng ngh ,phn cng , cc giao thc , chun
ln lt ra i v ang c tip tc nghin cu v pht trin.
Mng khng dy c tnh linh hot cao, h tr cc thit b di ng
nn khng b rng buc c nh v phn b a l nh trong mng hu
tuyn. Ngoi ra , ta cn c th d dng b sung hay thay th cc thit b
tham gia mng m khng cn phi cu hnh lnh ton b topology ca
mng. Tuy nhin, hn ch ln nht ca mng khng dy l kh nng b
nhiu v mt gi tin so vi mng hu tuyn.Bn cnh , tc truyn
cng l vn ng quan tm.
Hin nay, nhng hn ch trn ang dn c khc phc.Nghin
cu v mng khng dy , hin ang thu ht cc vin nghin cu cng
nh cc doanh nghip trn th gii.Vi s u t , hiu qu v cht
lng ca h thng mng khng dy s ngy cng c nng cao, ha
hn nhng bc pht trin trong tng lai.
2. Phn loi mng khng dy

i vi h thng mng khng dy , chng ta cng c s phn
loi theo quy m v phm vi trin khai tng t nh h thng mng
hu tuyn: WPAN IEEE 802.15 ( Wireless personal area network) ,
WLAN IEEE 802.11 (Wireless Local area Network).WMAN IEEE
802.16 ( Wireless metropolitan Area Network), WWAN IEEE
802.20( Wireless Wide area Network)
Vin i Hc M H Ni
n tt nghip
3. Vn k thut trong mng khng dy

Trong cc h thng mng hu tuyn , d liu c truyn t thit
b ny sang thit b khc thng qua cc dy cp hoc thit b trung gian.
Cn i vi mng khng dy , cc thit b truyn v nhn thng tin
thng qua sng in t , sng radio hoc tn hiu hng ngoi.Trong
WLAN v WMAN th sng radio c s dng rng ri hn.
Tn hiu c truyn trong khng kh trong mt khu vc gi l
vng ph sng. Thit b nhn ch cn nm trong vng ph sng ca
thit b pht th s nhn c tn hiu.
4. S nt mt s mng khng dy
4.1. WPAN
K t khi Bluetooth c trin khai, c rt nhiu li bn lun
v cc mng vng c nhn khng dy.Hu ht cc mi quan tm i
vi mng PAN u lien quan n vic s dng n trong cc in thoi
di ng thng minh, chng hn nh ng b ha vi phn mm my
tnh hoc s dng cc tai nghe khng dy.N cng bt u c s
dng cho cc thit b nh tai nghe c gn mirco khng dy , vi truyn
m thanh s cung cp m thanh r nt.
Vic trin khai cng ngh Bluetooth hin nay c xu hng s
dng n nh mt s thay th cp ngoi vi cho mt s lng hn ch cc
thit b, hn l mt cng ngh nhm cho php mt s lng ln cc
thit b trong nh hoc vn phng c th giao tip trc tip.
10
Vin i Hc M H Ni
n tt nghip
Nhng vin cnh di hn th ln hn nhiu. Nhiu thit b gia

nh c th hng li t kt ni khng dy . Chng ta ni n bn iu
khin tr chi vn c th tr chuyn v tuyn vi cc router , cc hp
truyn tn hiu s vn c th truyn tn hiu TV s ti my tnh hoc ti
nhiu mn hnh trong nh, cc my ch ng truyn vn c th pht
qung b v tuyn m nhc ti cc b tai nghe ty nm trong phm vi
truyn, cc my nh vn c th giao tip trc tip vi cc my in v cc
u chi MP3 cm tay vn c th gi cc tp m nhc ti h thng m
thanh ti nh. y l cc loi ng dng lin thng m nhng ngi tiu
dng hng in t m.Nhng Bluetooth hin nay ch c kh nng
truyn vi tc 1 n 2 Mbit/s trong mt phm vi khong 10m vi
mt cng sut u ra khong 100mW. Nh vy l qu tt cho m
thanh v cho cc my in v cc thit b nhp nhng TV s i hi mt
tc ti thiu 7Mbit/s. Nu mun truyn tn hiu TV phn gii
cao, phi cn mt h thng c kh nng x l 20-24Mbit/s.
Cng ngh xut sc hin nay cho cc mng vng c nhn l
UWB, cn c bit n vi ci tn 802.15.3a (mt chun IEEE khc).
y c coi l cng ngh PAN m tt c cc cng ngh PAN khc
phi chu khut phc.L do l chng c quan tm n nh vy l v
UWB c rt nhiu tim nng.UWB truyn nhng on d liu cc
ngn - t hn mt nan giy - qua mt gii ph rng.
Trong nhng khong cch ngn , cng ngh UWB c kh nng
truyn d liu vi tc ln ti 1 Gbit/s vi mt ngun cng sut thp
(khong 1mW). Vi di ph rng ca n, UWB t c kh nng b nh
11
Vin i Hc M H Ni
n tt nghip
hng bi suy lun mo hn cc cng ngh khng dy, va bi v cng

sut truyn thp nh vy, n gy ra rt t nhiu trong cc thit b khc.
Phm vi d tnh ca n ch khong 10m v v cc vn v
chun ca n ,ngi ta d tnh rng cng ngh UWB s c mt v tr
trong c phin bn khng dy ca USB v trong s lp li tip theo ca
cng ngh khng dy.
D bo ca intel (06/2006) v nhng ngi ng h UWB khc
l UWB s hot ng nh mt lp vn chuyn a nng cho cc ng
dng khng dy phm vi ngn. Trong d bo ny, mt phin bn v
vn chuyn ca n, cng ging nh s dng USB khng dy. Cc giao
thc cp cao hn m trch vic trin khai c th ng dng. UWB
c xem l mt thnh phn ct li ca th gii c kt ni khng
dy, c iu khin bi cc chun m vn cho php tt c cc thit b
giao tip vi nhau phm vi ngn.
Cng ngh UWB c th c s dng trong WPAN vi nhng
vai tr :
Thay cp IEEE1394 ni gia thit b in t a phng tin

dn dng nh my quay phim, my chp hnh s , thit b
pht MP3
Thit lp tuyn bus chung khng dy tc cao gia PC vi

thit b ngoi vi, gm my in , my qut v thit b lu tr
gn ngoi.
Thay cp v Bluetooth trong cc thit b th h mi, nh

in thoi di ng 3G, kt ni IP/UpnP cho th h thit b di
ng / in t dn dng/my tnh dng IP.
12
Vin i Hc M H Ni
n tt nghip
To kt ni khng dy tc cao cho thit b in t dn

dng , my tnh v in thoi di ng.
4.2. WLAN
Wireless LAN (Wireless Local Area Network ) s dng sng
in t (thng l sng radio hay tia hng ngoi) lin lc gia cc
thit b trong phm vi trung bnh. So vi Bluetooth , Wireless LAN c
kh nng kt ni phm vi rng ln hn vi nhiu vng ph sng khc
nhau, do cc thit b di ng c th t do di chuyn gia cc vng
vi nhau. Phm vi hot ng t 100m n 500m vi tc truyn d
liu trong khong 1Mbps 54 Mbps (100 Mbps). Wireless s c gii
thiu chi tit trong chng II v chng III
4.3 WMAN (cng ngh WiMAX)
WiMAX l t vit tt ca Worldwide interoperability for
Microwave Access c ngha l kh nng tng tc ton cu vi truy
nhp vi ba.
Cng ngh WiMAX hay cn gi l chun 802.16 l cng ngh
khng dy bng thng rng ang pht trin rt nhanh vi kh nng trin
khai trn phm vi rng v c coi l c tim nng to ln tr thnh
gii php dm cui l tng nhm mang li kh nng kt ni internet
tc cao ti cc gia nh v cng s.
Trong khi cng ngh quen thuc Wi Fi (802.11a,b v g) mang
li kh nng kt ni ti cc khu vc nh nh vn phng hay cc im
13
Vin i Hc M H Ni
n tt nghip
truy cp cng cng hotspot, cng ngh WiMAX c kh nng ph sng

rng hn, bao ph c mt khu vc thnh th hay mt khu vc nng thn
nht nh. Cng ngh ny c th cung cp vi tc truyn d liu n
75 Mbps ti mi trm pht sng vi tm ph sng t 2 n 10km. Vi
bng thng nh vy , cng ngh ny c kh nng h tr cng lc
( thng qua mt trm pht sng n l) kh nng kt ni ca hn 60
doanh nghip vi tc kt ni ca ng T1/E1 v hng trm gia
nh vi tc kt ni DSL.
M hnh ng dng WiMAX
Tiu chun IEEE 802.16 xut 2 m hnh ng dng:
- M hnh ng dng c nh.
- M hnh ng dng di ng.
a. M hnh ng dng c nh (Fixed WiMAX)
M hnh c nh s dng cc thit b theo tiu chun IEEE
802.16 2004. Tiu chun ny gi l khng dy c nh v thit b
thng tin lm vic vi cc anten t c nh ti nh cc thu bao.Anten
t trn nc nh hoc trn ct thp tng t nh cho thng tin v tinh.
14
Vin i Hc M H Ni
n tt nghip
Hnh 1.1 M hnh ng dng mng Wimax c nh

Tiu chun IEEE 802.16 2004 cng cho php t anten trong nh
nhng tt nhin tn hiu thu khng khe bng anten ngoi tri.Bng tn
cng tc (theo quy nh v phn b quc gia) trong bng 2,5 GHz hoc
3,5 GHz. rng bng tng l 3,5 MHz. Trong mng c nh,
WiMAX thc hin cch tip ni khng dy n cc modem cp, n
cc i dy thu bao ca mch xDSL hoc mch Tx/Ex ( truyn pht/
chuyn mch) v mch OC-x (truyn ti qua sng quang). WiMAX c
nh c th phc v cho cc loi ngi dng(user) nh : cc x nghip,
cc khu dn c nh l, mng cp truy cp WLAN cng cng ni ti
mng th , cc trm gc BS ca mng thng tin di ng va cc mch
iu khin trm BS. V cch phn b theo a l, cc user th c th
15
Vin i Hc M H Ni
n tt nghip
phn tn ti cc a phng nh nng thn v cc vng su vng xa

kh a mng cp hu tuyn n .
S kt cu mng WiMAX c a ra trn hnh 1. Trong
m hnh ny b phn v tuyn gm cc trm gc WiMAX BS ( lm
vic vi anten t trn thp cao) v cc trm ph SS ( SubStation). Cc
trm WiMAX BS ni vi mng th MAN hoc mng PSTN.
b. M hnh ng dng WiMAX di ng.
M hnh WiMAX di ng s dng cc thit b ph hp vi tiu
chun IEEE 802.16e.Tiu chun 802.16e b sung cho tiu chun
802.16 -2004 hng ti cc user c nhn di ng, lm vic trong bng
tn thp hn 6GHz. Mng li ny phi hp vi WLAN , mng di
ng cellular 3G c th to thnh mng di ng c vng ph sng rng.
Hy vng cc nh cung cp vin thng hip ng cng tc thc hin
c mng vin thng digital truy nhp khng dy c phm vi ph
sng rng tha mn c cc nhu cu a dng ca thu bao. Tiu
chun IEEE 802.16e c thng qua nm 2005.
16
Vin i Hc M H Ni
n tt nghip
CHNG II : MNG CC B KHNG DY (WLAN)

1 Tng quan v WLAN
1.1 Lch s pht trin ca WLAN
Nhng cng ngh c s dng trong WLAN tng c pht
trin bi qun i M trong Th chin th 2, y l mt cch giao tip
thoi an ton v bo mt trong qu kh. Tri ph l cng ngh c s
dng trong WLAN truyn tn hiu thoi hay d liu bng cch hot
ng trn mt di tn s , phn ln cc thit b WLAN s dng cng
ngh ny.Tuy nhin cng ngh tri ph khng phi l duy nht c s
dng trong WLAN. Mt s cng ngh khc nh hng ngoi hay bng
hp UHF cng c s dng trin khai WLAN v cc h thng
mi hn da trn OFDM trong di tn 5GHz c trin khai cc h
thng c t l truyn cao.
Qu trnh hnh thnh cc chun WLAN :
1940
1980
1989
Cng ngh tri ph ln u tin xut hin.

Mt lot cc ng dng c s dng trn bng hp.
FCC n nh tn s thng mi s dng bng ISM (900 MHz,
1990
1994
1997
1999
2,4 Ghz, 5Ghz).

IEEE bt u vi cc chun cng nghip ca WLAN
Cc sn phm hot ng trn bng tn 2,4 GHz xut hin
Chun IEEE 802.11 xut hin
Ph chun IEEE 802.11b v 802.11a
Cc sn phm 802.11b xut hin trn th trng.
2000
Nhy bng tn rng NPRM c FCC cng b.

802.1 WG ra i nng cp v ci tin 802.11b
802.11 TGe c s dng trong cc sn phn Wifi bo mt.
802.11 TGg th nghim hot ng tc cao c m rng
17
Vin i Hc M H Ni
n tt nghip
t 802.11b
Cng vi s pht trin ca cng ngh khng dy , cc thit b
khng dy ngy cng thng minh v c kh nng tin dng hn.Ngy
nay trong cc cng s, trng hc, bnh vin, n nhng ni gii tr
u c s gp mt cc h thng mng khng dy kt ni vi cc my
tnh khng dy chia s ti nguyn v s dng chng hiu qu.
Theo mt nghin cu ca IDC (international Data Coporation ) , cc
thit b mng khng dy tng 80% trong nm 2000 v d on n s
pht trin mnh m trong tng lai.
1.2 S cn thit v li ch ca mng WLAN
WLAN c rt nhiu c tnh mm do , c kh nng di ng v
d dng trong ci t. WLAN khng thay th hon ton m l phn b
sung cho mng LAN c dy. Nhng u dim ni bt ca WLAN l c
kh nng di ng v s tit kim c rt nhiu tin khi trin khai
WLAN so vi mng LAN c dy.
Kh nng di ng y c ngha l cho php ngi s dng di
chuyn trong khi s dng cc thit b khng dy. Cc user trong mt
cng ty c th di chuyn n mt cuc hp hay i n mt v tr khc
trong to nh cng ty m vn kt ni vi mng y. Dng mng
khng dy tit kim tin bc v n khng cn thit phi i dy trong to
nh v n gim thi gian khi trin khai.
Phn ln cc mng WLAN hot ng trong di tn khng ng
k s dng c cng ngh sng v tuyn v cng ngh hng ngoi. Mi
gii php c nhng c tnh ring v tha mn nhng yu cu khc
18
Vin i Hc M H Ni
n tt nghip
nhau. Kh nng chnh l cc thit b c kh nng truyn thng tin trong

mi trng m ti 300m.
Phn ln cc mng trong WLAN s dng sng v tuyn di tn
2,4 GHz c bit n l di tn cho cng nghip, khoa hc v bnh
vin. Mt c tnh ca s dng sng v tuyn l nhng kt ni khng
c kh nng nhn thy nhau ( NLOS Nonline of Sight ). Bn cnh
cng c nhng bt li l kh nng lan truyn ca in t trng , n s
nh hng n cc thit b trong y t , cc thnh phn trong cng
nghip lm vic cng tn s. Sng v tuyn c kh nng xuyn qua
tng v y l mt vn ln trong bo mt. WLAN s dng sng
in t thng s dng cng ngh tri ph. Cng ngh ny tri nng
lng ca tn hiu v mt di tn s rng lm tn hiu t b nh hng
ca nhiu v fading hn so vi cc k thut iu ch sng v tuyn.
iu ch tri ph s dng hai phng php tri ph tn hiu l :
nhy tn s (FH) v tun t trc tip (DS).
1.3 Cc k thut vt l trong WLAN
tng vt l, IEEE 802.11 nh ngha 3 k thut vt l cho
WLAN : IR khuych tn, Frequency hopping spread spectrum (FH hay
FHSS ) ; Direct sequence spread spectrum (DS hay DSSS).
Mc d k thut IR hot ng gii tn c s , nhng 2 k thut
da trn radio khc hot ng gii tn 2.4 GHz. Chng c th vn
hnh cc thit b WLAN m khng cn giy php ca ngi dng cui.
cc thit b khng dy c th vn hnh chung phi ph hp vi nhau
v chun lp vt l.Tt c 3 k thut trn h tr tc truyn l 1Mbps
v 2 Mbps.
19
Vin i Hc M H Ni
n tt nghip
a, FHSS
FHSS tng t nh vic truyn sng FM khi tn hiu d liu
c mang bi mt sng mang bng hp c th thay i tn s. Chun
802.11 cung cp 22 mu hop chn trong tn 2,4Ghz ISM. Mi
knh l 1 MHz v tn hiu phi dch tn s (hop). K thut ny iu ch
tn hiu radio bng cch dch n t tn s ny n mt tn s khong
near- random. S iu ch ny bo v tn hiu khi nhiu tp trung
xung quanh mt tn s . gii m tn hiu , bn nhn phi bit tc
truyn v th t ca cc php dch tn s, t cung cp thm s bo
mt v m ha..
Cc sn phm FHSS c th gi cc tn hiu tc 1.2 2Mbps
v xa khong 620 dm. Tng bng thng (ln n 24Mbps) c th t
c bng cch lp thm nhiu access point trong mng. Trong Fs,
bng tng 2.4 GHz c chia ra thnh 75 knh 1MHz. ti thiu ha
kh nng 2 bn cng s dng mt knh truyn ng thi , dch tn s
cung cp mt mu hop khc nhau cho mi ln trao i d liu. Bn
nhn v bn gi cng ng mt mu hop, v d liu s c gi theo
th t ca mu. S iu khin FCC yu cu bng thng ln n 1MHz
cho mi knh con tng overhead. FHSS c xem l mt gii php
kinh t v t tn chi ph ch bng mt na so vi h thng DSSS , v c
th tng ln n 10 Mbps bng cch thm nhiu access point . Bn cnh
, n c kh nng khng b nh hng bi nhiu.
b, DSSS
K thut thut iu ch tn hiu radio mt cch ngu nhin v
vy n kh gii m hn.K thut iu ch ny cung cp an ton tuy
20
Vin i Hc M H Ni
n tt nghip
nhin v tn hiu c th c gi mt khong cch xa nn d b chn.

cung cp s bo mt hon ton, hu ht cc sn phm SS u cha
c m ha. DSSS hat ng bng cch ly 1 dng d liu gm cc bit
0, 1 v iu ch chng vi mt mu th 2, theo mt th t xc nh.
Th t c gi l m Barker , l mt dy 11bit (10110111000),
vic m rng m s sinh ra mt mu bit d truyn , tn hiu kt qu
s xut hin nh nhiu bng rng n bn nhn.Mt trong nhng ch li
ca vic s dng m rng m l ngay c khi mt hay nhiu bit trong
chip b mt trong qu trnh truyn th cng c th khi phc li c d
liu ban u m khng cn truyn li. T s gia d liu v rng ca
m c gi l processing gain. N gp 16 ln rng ca m sau khi
m rng v tng mt s mu c th n 64K, gip gim nguy c b
crack khi truyn.
K thut DSSS chia bng 2.4 GHz ra thnh 14 knh 22MHz,
trong s chng c 11 knh k nhau l b trng lp 1 phn v phn cn
li khng b trng lp. D liu c gi qua 1 trong nhng knh
22MHz ny m khng qua cc knh khc ( c th gy nhiu). gim
s ln truyn li v nhiu , chip s chuyn i mi bit ca d liu ngi
dng thnh mt dy cc mu bit d c gi l cc chip, cc chip ny
kt hp vi s m rng tn hiu qua cc knh 22MHz s cung cp kh
nng kim tra li v sa li khi phc d liu.
1.4 Di tn hot ng ca WLAN

Bng ISM : Mng khng dy s dng sng v tuyn lm mi
trng truyn dn. Phn ln cng ngh mng khng dy c s dng
21
Vin i Hc M H Ni
n tt nghip
c gi theo thng mi l WiFi (mt tn thng mi ngn gn).

Wi-Fi da trn chun IEEE 802.11b. Mt nhm tho lun cng b
mt bn thit k 802.11b cho cng di tn c s dng bi in thoi
khng dy, thm ch l sng vi ba v chun khng dy c gi
Bluetooth. Nm 1985 FCC ( Federal Communication Commision) to
ra s thay i ph sng v tuyn v gn ba bng tn thnh bng tn
cng nghip , bng tn khoa hc v bng tn sinh hc :
+ 902 MHz n 928 MHz l di thng 26 MHz.
+ 2,4 GHz n 2,4835 GHz l di thng 83,5 MHz.
+ 5,725 GHz n 5,850 GHz l di thng 125 MHz.
Mc ch s thay i ca FCC l khuyn khch s pht trin v
s dng cng ngh mng khng dy. Nhng quy tc mi cho php
ngi s dng cc thit b sng v tuyn truyn tn hiu trong mt
trong ba bng tn.
Cc t chc qun l ca mi quc gia qun l bng tn ISM.
FCC (M) , IC (Canada), ETSI (Chu u) xc nh tn s hot ng t
2,4 GHz n 2,4835 GHz. Vi Nht Bn s dng di tn 2,4GHz n
2,497 GHz. Thm na Chu u, M v Nht Bn xc nh mt c
s h tng bng thng tin quc gia 5GHz cho vic s dng khng ng
k.
2. Cc thnh phn trong mng WLAN

Mng WLAN cngl mt mng my tnh nhng c nhng im
khc bit so vi mng LAN thng ( mng thng ni y l mng
22
Vin i Hc M H Ni
n tt nghip
kt ni qua dy cp).Trong phn ny chng ta s xem xt v nhng

thnh phn ca mng WLAN cng nh nhng thut ng hay s dng.
2.1 Trm khng dy ( wireless station)
Mng wireless yu cu ti thiu hai im thu pht sng. Mi thit
b hoc my tnh cha mt thit b thu pht sng truyn d liu
thng qua mng khng dy v dc gi l mt trm ( station). Ging
nh trong mng thng, my trm c th l mt client hoc mt server.
Tuy nhin trm khng dy thng l cc my tnh c nhn cha mt b
thch nghi mng khng dy c th giao tip vi mng LAN thng.
2.2 Card mng khng dy ( wireless NIC)
Card mng khng dy giao tip my tnh vi mng khng dy
bng cch iu ch tn hiu d liu vi chui tri ph v thc hin mt
giao thc truy nhp cm ng sng mang. My tnh mun gi d liu
trn mng, card mng khng dy s lng nghe cc truyn dn khc. Nu
khng thy cc truyn dn khc, card mng s pht ra mt khung d
liu. Trong khi , cc trm khc vn lin tc lng nghe d liu n,
chim khung d liu pht v kim tra a ch ca n c ph hp vi a
ch ch trong phn Header ca khung pht bn tin hay khng. Nu a
ch tng vi a ch ca trm, th trm s nhn v x l khung d
liu c, ngc li trm s thi khi khung d liu ny.
Cc card mng khng dy khng khc nhiu so vi cc card
mng c s dng trong mng LAN c dy. Card mng khng dy
trao i thng tin vi h iu hnh mng thng qua mt b iu khin
chuyn dng. Nh vy, bt k ng dng no cng c th s dng mng
23
Vin i Hc M H Ni
n tt nghip
khng dy truyn d liu. Tuy nhin, khc vi card mng c dy,

card mng khng dy l khng cn bt k dy ni no. Card mng c
dy c th dng khe cm ISA ( hin ny hu nh khng cn s dng),
khe cm PCI (s dng ph bin), hoc cng USB trn my tnh bn
hoc s dng khe cm PCMCIA trn cc laptop. Card mng khng dy
thng c mt anten ngoi v c th gn vo tng hoc mt v tr no
trong phng
Hnh 2.1 : Wireless NICs

2.3 im truy nhp ( Access point ) :
N c chc nng tng t nh hub ca mng, mt im truy
nhp (AP) l mt dng c bit ca trm khng dy. Mt AP c th l
mt my tnh cha mt b thch nghi ging nh mt phn mm qun l
cc im truy nhp. AP l mt thit b ng c lp vi mc ch l
24
Vin i Hc M H Ni
n tt nghip
nhn sng truyn n t mt my v chuyn n sang phn cn li ca

mng. Ngoi ra AP l mt b nhn sng c s dng kt ni vi
mng LAN. AP cho php ngi qun tr mng qun l cc tham s sau:
+ SSID : tn ca mng khng dy. Mc d mt tn duy nht l
khng cn thit, phn ln cc nh qung tr h thng thay i SSID
khc i vi tn mc nh khi c ci t vo AP. chc chn s
giao tip gia mt AP v mt trm th c trm v AP phi c cng 1
SSID.
+ Chanel : Nhiu knh c s dng bi ngi s dng v s
lng chnh xc cc knh thay i ph thuc vo dng ca mng khng
dy.
+ S m ha kha : WLAN c pht minh ra s dng cho
mc ch cng cng, mi WLAN cn dc bo v bng s m ha.
Cng ngh mng khng dy thng s dng mt giao thc l WEP
(Wired Equipvalent Privacy), n s dng thut ton m ha RC4. Dng
m ha ny yu cu mt chui s v ch ci ging nhau c qun tr
mng a vo tng AP v cc trm.
+ AP c th thc hin nhiu chc nng nh : lm cu ni gia
cc mng (bridge), chc nng ca mt b chuyn tip (retransmitter),
chc nng phn phi (hub), nh tuyn d liu (switch, router) hoc
chuyn
25
Vin i Hc M H Ni
n tt nghip
Hnh 2.2 : wireless access point

2.4 Bridge khng dy ( Wbridge)
Mt cu ni l mt thit b truyn thng kt ni hai hay nhiu
phn mng giao tip vi nhau bng cch forward cc gi tin gia
chng. Cc cu ni thng s dng kt ni mng khng dy vi
mng LAN c dy.
Bridge hot ng da trn MAC header ca mi gi tin v
forward cc gi tin cng ch da trn cc thng tin ny. Mi bridge c
mt bng cho php xc nh port cho cc gi tin c forward.
2.5 Gateway
Mt gateway l mt thit b truyn thng hoc thit b tng hp
chuyn i dng d liu nhn c t mt mng sang nh dng c
th khc uc s dng bi mt mng khc. Mt gateway thng minh
hn mt bridge , n c th iu chnh giao thc v thi gian gia hai h
thng my tnh khng ging nhau. Mt gateway cng c th l mt
router.
26
Vin i Hc M H Ni
n tt nghip
Mt wireless gateway l mt im truy nhp c th gn tm thi

cc a ch IP (DHCP ) v c kh nng chia s mt a ch IP cng cng
vi cc a ch IP ring (NAT). DHCP ( Dynamic Host Configuration
protocol) l mt qu trnh t ng gn mt a ch IP t server n
Client. Cc a ch IP m server qun l hay iu khin c lu tr
trong mt pool . NAT (Network Address Translation) l mt qu trnh
chuyn i cc a ch mng gia hai mng khc nhau.NAT thng
c s dng kt ni cc a ch ca mt mng cng cng vo cc
a ch ca mt mng cc b ring m khng c tha nhn trn
internet. NAT cung cp thm kh nng bo mt, v d nh cc my tnh
kt ni thng qua mng cng cng khng th truy nhp vo cc my
tnh cc b vi mt a ch private.
2.6 Repeater
Mt b lp l thit b gia bn thu v bn pht nng cao cht
lng ca tn hiu phn pht gia chng. Trong mt mng WLAN b
lp l thit b hot ng lp 1. Thit b ny khng nh tuyn d liu
m ch n gin l nhn , c v truyn li tt c cc tn hiu nhn
c.
27
Vin i Hc M H Ni
n tt nghip
Hnh 2.3: repeater

2.7 Antenna :
Antenna l thit b c s dng chuyn i cc tn hiu gia
in trng v t trng. Antenna thng thng c thit k hot
ng trong mt di tn xc nh. Anten nh hng c thit k tp
trung nng lng truyn vo mt hng tng tng ch ca anten.
Hnh 2.4 : Antenna
28
Vin i Hc M H Ni
n tt nghip
3. Cc chun thng dng ca WLAN

Vin k thut in- in t M (IEEE institute of Electrical
and electronic engirnneers ) l t chc nghin cu , pht trin v cho ra
i nhiu chun khc nhau lin quan n mng LAN nh 802.3 cho
Ethernet , 802.5 Token Ring, 802.3z 100BASE T IEEE c chia
thnh cc nhm pht trin khc nhau : 802.1, 802.2 , . Mi nhm
m nhn nghin cu v mt lnh vc ring.
Cui nhng nm 1980 , khi m mng khng dy bt u c
pht trin, nhm 802.4 ca IEEE nhn thy phng thc truy nhp
token ca chun LAN khng c hiu qu p dng cho mng khng dy.
Nhm ny ngh xy dng mt chun khc p dng cho mng
khng dy. Kt qu IEEE quyt nh thnh lp nhm 802.11 c
nhim v nh ngha tiu chun lp vt l ( PHY Physical) v lp
MAC (Medium Access control ) cho Wireless LAN.
29
Vin i Hc M H Ni
n tt nghip
Hnh 2.5 : IEEE 802.11 v OSI

Chun u tin m IEEE cho ra i l IEEE 802.11 vo nm
1997.Tc t c l 2 Mbps s dng phng php tri ph trong
bng tn ISM khng qun l ( bng tn dnh cho cng nghip, khoa
hc v y hc ). Tip sau l cc chun IEEE 802.11 b, IEEE 802.11 a,
IEEE 802.11 g. V mi y nht l chun IEEE 802.11 I v IEEE
802.11 n ang ch c ph dut.
3.1 IEEE 802.11 b

Vo nm 1999 , IEEE thng qua chun 802.11b, nh ngha mt
cng ngh iu bin mi cho php thm vo tc 5.5Mbps v 11
Mbps so vi tc 1 v 2 Mbps c h tr t dc t 1997. Chun b
c s dng DSSS do cc card DSSS 802.11 1 v 2 Mbps tng
thch vi h thng 802.11b mi. Cc card FHSS 802.1 1 v 2 Mbps
khng tng thch.
Cc c trng hot ng c bn ca IEEE 802.11 b :
Tn s
S knh
Tc
Tm ph sng
Lc m ha
K thut iu bin
2,4 GHz
11 (3) USA
11Mbps
~300 feet
DSSS
DBPSK (1 Mbps)
DQBSK (2 Mbps)
CCK (5.5 v 11 Mbps)
30
Vin i Hc M H Ni
n tt nghip
IEEE 802.11b hot ng trong min tn s 2.4 2.4835. Di tn

ny thng c xem nh l bng tn phn mnh bi qu nhiu thit b
khc cng chia s.2,4 Ghz l mt bng tn cng nghip , khoa hc v y
t.
Mt trong nhng nhc im ca IEEE 802.11b l bng tn d b
nghn v h thng d b nhiu bi cc h thng khc, l vi ba, cc in
thoi hot ng di tn s 2,4 Ghz v cc mng Bluetooth . ng thi
IEEE 802.11b cng c nhng hn ch nh : thiu kh nng kt ni cc
thit b truyn ging ni , khng cung cp dch v QoS (quality of
service) cho cc phng tin truyn thng.
Hnh 2.6 : Cc la chn chun 802.11b

3.2 IEEE 802.11a
Cng thi im khi 802.11b c ph chun , mt la chn tc
cao khc 802.11a cng c quyt nh. 802.11a hot ng tn s
5GHz. N khng tng thch vi 802.11b nhng khng gy xung t
vi 802.11b (mng a v b c th cng tn ti trong cng khng gian vt
l). IEEE 802.11a c 12 knh khng chng ln v hot ng tc
54Mbps, nhng vng ph sng thp hn 802.11b.
Cc c trng hot ng c bn ca 802.11b:
Tn s
5 GHz
31
Vin i Hc M H Ni
S knh
Tc
Tm ph sng
Lc m ha
K thut iu bin
n tt nghip
12 USA
54 Mbps
~60 feet
OFDM
BPSK (6&9 Mbps)
QBSK (12&18 Mbps)
16-QAM (24&36 Mbps)
64QAM ( 48&54 Mbps)
Mi knh ca trong 802.11a rng 20MHz. C sn 12 knh , tuy nhin 4

knh ch s dng cho outdoor v 8 knh indoor. Trong 802.11a ph
c phn on thc s trn cng sut ra. Do , bng tn thp hn
515-525 h tr 4 knh cng sut pht cc i 40mW.Bng tn trung
525-535 h tr 4 knh cng sut pht cc i l 200mW.Bng tn cao
5725-5825 h tr 4 knh outdoor cng sut pht cc i 800mW. Ch
rng, giao thc 802.11a c cng sut pht mi bng hn ch khong
80% cng sut quy nh ca FCC. Ni cch khc , FCC cho php cng
sut pht l 50mW, 250mW v 1000mW ti mi bng thng. Nhng
32
Vin i Hc M H Ni
IEEE
ch
hn
n tt nghip
ch
tng
ng
40,200,800mW.
u th c bn ca 802.11a so vi 802.11b l tc 54Mbps so

vi 11Mbps . Di ph c sn rng hn 300MHz so vi 83,5 MHz v
nhiu knh khng chng ln hn (12 v 3). ng thi , chng ta t gp
vn h tng ti tn s 5GHz hn do c t thit b chia s di tn
ny hn.
Vn vi 802.11a l n khng tng thch ngc vi 802.11b.
Mt thit b 802.11a khng th kt ni c vi mt thit b
802.11b.S thiu ht cc tiu chun ph quc t thnh vn trong mt
s trin khai v gim phm vi pht trin 802.11a ng thi vi vic
tng chi ph trin khai. Khi 802.11a c vng trin khai nh hn , n i
hi nhiu AP hn bo ph cng mt khng gian.
33
Vin i Hc M H Ni
n tt nghip
3.3 IEEE 802.11g

Nm 2003 , IEEE ph chun c t 802.11g hng ti gii quyt
nhng vn i vi 802.11b. V c bn 802.11g l 802.11b hot ng
tc 54Mbps.Ni cch khc IEEE s dng k thut iu bin ca
802.11a, OFDM v p dng n cho di tn 2.4 GHz. Mt im li ca
802.11g hon ton tng thch ngc v khng xung t vi 802.11b,
ngoi tr n khng hot ng tc 54Mbps. im hn ch y l
chng ta vn gp tt c cc vn i vi 802.11b. Vn ch c 3 knh
khng chng ln v vn nhim t cc thit b khc hot ng chen
chc trong di tn 2,4GHz.
Do 802.11g vn lm vic vi cc thit b 802.11b hin c , dn
ti n c kh nng pht trin to ln.Tuy nhin, chng ta phi s dng
thit b 802.11g c client v AP t c tc 54Mbps.
Cc c trng hot ng c bn trong 802.11g:
Tn s
S knh
Tc
Tm ph sng
Lc m ha
K thut iu bin
2,4 GHz
11 (3) USA
54 Mbps
~300 feet
OFDM
DBPSK (1 Mbps)
34
Vin i Hc M H Ni
n tt nghip
DQBSK (2 Mbps)
CCK (5.5 v 11 Mbps)
OFDM(6,12,18,36,48 & 54Mbps )
802.11g+ : uc ci tin t chun 802.11g, hon ton tng thch
vi 802.11g v 802.11b,
c pht trin bi TI.Khi cc thit b
802.11g + hot ng vi nhau th thng lng t c c th ln n

100Mbps.
Hnh 2.7 Bng tm tt thng s cc chun IEEE 802.11 thng dng :
3.4 Cc chun IEEE 802.11 khc:

+ IEEE 802.11n : l tiu chun kt ni WLAN hot ng trn
cc di bn tng 5GHz v 2,4GHz .Kt hp cc u im cc chun
trc, 802.11n u vit hn khi hot ng c c hai di bng tn
5GHz v 2,4GHz, c tc truyn ti ln n 248 Mbps, phm vi ph
sng ti 70m (trong nh) v 250m (ngoi tri) .
35
Vin i Hc M H Ni
n tt nghip
Chun Wi-Fi xut trn da vo cng ngh MIMO-OFDM

( multiple input , multiple output-orthogonal frequency division
multiplexing ), cung cp tc cao hn bng cch s dng hai antena
mi u ca tn hiu ( mt truyn , mt nhn) thay v mt anten.
+ IEEE 802.11e : y l m rng khng c ph chun ca

802.11 c s dng h tr cho mi trng a phng tin v QoS
ca WLAN . N cho php truyn dng video v voice vi cht lng
cao.802.11e nng cp lp MAC v n lm vic c vi tt c cc lp
vt l ca 802.11a , 802.11b v 802.11g
+ IEEE 802.11h : hng ti vic ci tin cng sut pht v la
chn knh chun IEEE 802.11a , nhm p ng cc tiu chun ca th
trng chu u.
+ IEEE 802.11j : S hp nht trong vic a ra phin bn tiu
chun chung ca hai t chc tiu chun IEEE v ETSI (European
Telecommunications Standards Institute) trn nn IEEE 802.11a v
Hiper LAN/2
36
Vin i Hc M H Ni
n tt nghip
+ IEEE 802.11 k : Cung cp kh nng o lng mng v sng

v tuyn thch hp cho cc lp cao hn.
4.
Hai phng thc kt ni c bn.

Mng khng dy c th c cu hnh theo hai cch c bn : hoc
cc client kt ni trc tip ln nhau IBSS hoc chng c kt ni ti

mt im truy cp AP ( BSS/ESS).
4.1 Phng thc khng xc nh IBSS.

Mng IBSS thng c gi l phng thc khng xc. Chng
hot ng theo phng thc ngang hng v khng s dng AP. Mng
khng xc nh hu dng trong cc mi trng nh phng hp hay nh
hng khi m vi thit b laptop cn kt ni vi nhau v yu cu mt lin
kt tm thi.
37
Vin i Hc M H Ni
n tt nghip
Hnh 2.8: kt ni IBSS

Mng khng xc nh c xut s dng trong cc mng an xen
ln ni m mi nt mng va l client va l router chuyn cc gi
tin i khp mng. Mc d phng thc ny khng c ph bin rng
ri , tng v mng rng khp vi cc nt khng xc nh (nh trong
cc t ) tht s l mt iu hp dn. Tuy nhin , ph bin hn mng
khng xc nh thng c s dng thay th cho hub khi cn thit
mng tm thi.
V d , cc nh di ng chuyn nghip nh k ton v t vn cng
cng ,thng yu cu d liu mng cho cc ng dng trong cng vic
ca h. Trc y, h phi tp hp trong phng hi ngh , ci t mt
hub v ni cp Cat5 ti tng laptop. Hin nhin vic ci t ny rt
38
Vin i Hc M H Ni
n tt nghip
vng vu. Vic s dng 802.11 trong phng thc khng xc nh tc

l cc nh chuyn nghip ny c th m laptop h ra v ngay lp tc
kt ni vo mng ngang hng.
Tt nhin, nhng vn bo mt y rt quan trng , bt k ai
bit SSID v knh cng c kh nng tr thnh thnh vin ca mng
khng xc nh. Mc d WEP c th c s dng trong phng thc
ngang hng, cc mng IBSS khng c xem xt n trong c t
WPA v cho n 802.11i c a ra.
4.2 Phng thc h tng c bn BSS/ESS.
Ni mt cch n gin , BSS l mt AP kt ni vi 1 h tng
mng c dy nh Ethernet. Mi trm khng dy kt ni vi mt AP
trung tm v tt c lu lng ( ngoi tr ngang hng) c nh tuyn
thng AP. ESS l hai hoc nhiu BSS kt ni vi nhau thng qua mt
h thng phn tn nh Ethernet.
Nu chng ta c mt mng khng dy nh hoc cng ty ,
kh nng l n hot ng theo phng thc BSS/ESS. Lai mng nh
th c xem nh phng thc h tng c bn. Trong phng thc
ny, cc AP hot ng nh cc cu ni gia th gii c dy v khng
dy. Ph thuc vo kiu ch to v mu, AP ca chng ta c th l mt
cu ni lp 2 trong sut n gin hoc n c th rt nhiu tnh nng v
bao gm nh tuyn NAT , DHCP v cc chc nng khc.Mt s AP
thm ch bao gm c cc kt ni VPN.Ni chung , vic chn la AP
ca chng ta c xc nh ph thuc vo cch m chng ta thit k h
tng mng ca mnh. Chng ta c mun mt server kim sot DHCP
hay khng hoc chng ta mun mi AP ca mnh t nm cc dch v
39
Vin i Hc M H Ni
n tt nghip
ca chng. Phn ln cc quy nh ny da vo kch thc mng ca

chng ta. R rng, vi gia nh hay vn phng nh , mt AP n vi
nhiu chc nng l l tng.Trong mi trng ln hn, li yu cu
kim sot cc dch v.
Hnh 2.9 : Kt ni BSS/ESS

40
Vin i Hc M H Ni
n tt nghip
Vi cc AP phng thc h tng c bn, vn quan trng v bo mt

l ch truy nhp tri php vo qun l thit b. Mt hacker truy cp
c vo qun l thit b c kh nng xem hoc thay i m ha
WEP/WPA ca chng ta v cc thit lp thit b khc dn ti c th
xm hi d liu ring t hoc tn cng t chi dch v DoS. Nu AP
ca chng c cc tnh nng qung l t xa, thao thc u tin ca chng
ta l kha giao din qun l. Thng thng , cc AP s c qun l
thng qu HTTP hoc SNMP , vi cc giao thc khng m ha m d
dng pht hin. Hy chc chn l thay i password mc nh v
ton b chui SNMP chung / ring . Tip n, khng cho php qun l
mng khng dy ch cho php qun l t mng c dy ( Ch khng
phi tt c cc AP u h tr tnh nng ny). mc ti thiu , iu ny
m bo rng cc hacker xm hi bo mt khng dy ca chng ta s
khng th thay i cc cu hnh AP. Ch nhng ngi c truy cp
vo h tng mng c dy mi c th thay i c. iu ny gy ra t
kh khn hn, nhng trong trng hp ny, s cn bng gia bo mt
v s thun tin r rng nghing v pha bo mt mng nhiu hn. Do
qun l thit b khng c trong giao thc 802.11 , cc tinh nng ny s
thay i ty theo nh cung cp.
5. Cc phng php iu khin truy xut ng truyn.

C truyn ti bng sng radio v hng ngoi u hot ng vi
mi trng qung b (broadcats) ngha l tt c cc hot ng truyn
u c nhn bi tt c cc my tnh thu nm trong phm vi ph sng
ca my pht. Nh vy, chng ta phi cn c mt phng php iu
41
Vin i Hc M H Ni
n tt nghip
khin truy xut mi trng (MAC) chia s nh trong LAN ni dy

CSMA/CD, token iu khinnhm m bo rng ch c mt my
pht ang s dng mi trng. Ta c ba phng php truy nhp ng
truyn vt l l : phng php truy nhp gn c nh (fixed assignment
access), phng php truy nhp ngu nhin (random access) v phng
php truy nhp c iu khin (controled access).
5.1 Cc phng php truy nhp gn c nh
Phng php truy nhp gn c nh l s phn b c nh cc ti
nguyn knh (tn s hoc thi gian) cho mt ngi s dng ring l
c quyt nh trc. C ba phng thc truy nhp chnh xc l : a
truy nhp theo tn s (FDMA- Frequency Division Multiple Access),
a truy nhp phn chia theo thi gian (TDMA- Time Division Multiple
Access) v a truy nhp phn chia theo m (CDMA- Code Division
Multiple Access).
a. phng php a truy nhp phn chia theo tn s (FDMA)
Nguyn l hot ng ca a truy nhp phn chia theo tn s
FDMA n nh cc knh ring cho ngi s dng, mi ngi s dng
c phn b mt bng tn s hoc mt knh ring. Cc knh ny c
n nh theo nhu cu ca ngi s dng.
Trong thi gian ca cuc truyn, nhng ngi s dng khc
khng c dng chung cng mt bng tn s. Mi knh FDMA ch
mang mt cuc truyn ti mt thi im. Nu mt knh FDMA khng
c s dng, n s trng thi ri v nhng ngi s dng khc
khng th s dng knh ny. iu ny gy lng ph ti nguyn.
42
Vin i Hc M H Ni
n tt nghip
Tn s
Knh N
Knh 1
Knh 0
0
Thi gian
Hnh 2.10 : a truy nhp theo tn s

rng bng tn ca cc knh FDMA tng i hp (khong
30Khz) do FDMA thng c s dng trong cc h thng bng
hp.
FDMA yu cu lc RF rt tt gim nhiu ln cn, s knh
c cp ng thi trong mt h thng FDMA l :
N = ( B 2Bguard )/Bc
Trong : B l ton b ph tn c phn b
Bguard l bng tn bo v
Bc l rng knh
b. phng php a truy nhp phn chia theo thi gian TDMA
Cc h thng TDMA phn chia ph tn v tuyn thnh cc khe
43
Vin i Hc M H Ni
n tt nghip
thi gian v trong mi khe ch c mt ngi s dng c php pht v

thu. Hnh 3.8 cho thy mi ngi s dng chim mt khe thi gian lp
i lp li nn mt knh c th c xem nh mt khe thi gian ring
bit m s xut hin li trong mi khung, trong mt khung bao gm
N khe thi gian.
Nguyn l hot ng ca a truy nhp phn chia theo thi gian
c trnh by trn hnh 3.8 theo phng php ny mi my pht
(node) c mt khe thi gian nht nh, mt khi khe thi gian n, my
pht truyn vi tt c bng thng trong khong thi gian ca khe ny
thng thng thi gian ca mi khe l ngn v c chn sao cho xc
xut xy ra li l thp nht c th. Khong thi gian ca frame c
xc nh bi khong thi gian ca mi khe v s khe h tr.
Thi gian ca mt
frame
Thi gian ca mt frame
Khe thi gian

0 1 2 3
Cc bt ui
N 0 1 2 3
D liu
Cc bt ng
b
44
Cc bt bo
v
Vin i Hc M H Ni
n tt nghip
Thi gian ca mt frame
Thi gian ca mt
frame
Khe thi gian
0 1 2 3
Cc bt ui
N 0 1 2 3
D liu
Cc bt ng
b
Cc bt bo
v
Hnh 2.11 : cu trc khung ca TDMA

Thng thng TDMA c dng khi c mt trm m nhim tt
c cc hot ng truyn xy ra. Mi u cui di ng, trong vng ph
sng ca mt trm c bn c phn phi mt khe thi gian nht nh
hay thng thng hn l c mt khe thi gian ring (bo hiu) c
cung cp nhm cho php mi thit b gi yu cu cp khe thi gian vo
trm c bn n cc thit b di ng din ra theo ch qung b bng
cch dng mt khe thi gian c bit vi a ch ca ch c t
ngay u ca frame c truyn hoc hot ng truyn din ra trn
mt khe thi gian xc nh c thit lp bng cch dng knh bo
hiu. Ch hot ng ny cng c gi l ALOHA phn khe v theo
yu cu. Cn c mt ch hot ng khc, trong vic s dng mi
khe thi gian c th c iu khin bi mt khe con lm nhim v
bo hiu ring bn trong.
Nh trnh by hnh 3.8 c mt bng bo m v mt knh t
ng b ti u ca mi khe thi gian. Bng bo m cho cc khong
45
Vin i Hc M H Ni
n tt nghip
thi gian tr lan truyn khc nhau gia cc u cui di ng phn tn

v trm c bn, trong khi tun t ng b cho php my thu di ng v
trm c nh bt nhp c vi my pht trc khi tip nhn ni dng
ca frame.
TDMA c u im l kh nng b xung s lng cc khe thi
gian khc nhau trn mt khung cho nhng ngi s dng khc nhau.
Nh vy, rng bng tn c th c cung cp theo nhu cu cho nhng
ngi s dng khc nhau bng cch mc ni hoc n nh ti cc khe thi
gian da trn quyn u tin. S lng knh m mt h thng TDMA c
th cung cp l :
N = m( B 2Bguard )/Bc
Trong : m l s ngi s dng TDMA ti a trn mi knh
c. a truy nhp phn chia theo m (CDMA)
Trong cc h thng CDMA, mi thi bt c chia nh thnh m
khong thi gian ngn gi l chip. L tng l c 64 hay 128 chip mt
bit. Mi trm c gn mt m m- bit duy nht gi l dy bit (chip
sequence). truyn mt bt 1, mt trm chuyn dy bit ca mnh.
Mun truyn mt bit 0, n gi b 1 ca dy chip. Khng c khun no
khc, vy gi s vi m = 8, nu trm A c gn dy chip 00011011,
n gi mt bit 1 bng cch gi t hp bit 00011011 v gi bit 0 bng t
hp bit 111001100.
Tng lng thng tin c gi t b bit/s thnh mb chip/s ch thc
hin c nu bng thng tng theo h s m, lm CDMA thnh mt
dng truyn thng ph tri rng.
CDMA c bit c dng vi cc h thng radio tri ph. Trong
46
Vin i Hc M H Ni
n tt nghip
a truy nhp phn chia theo m dng k thut nhy tn th cc sng

mang khc nhau ca cc trm khc nhau trong mng c th c truyn
dn theo cc phng thc hnh trnh khc nhau, ti my thu ch c
phng thc hnh trnh trng vi hnh trnh ca sng mang c to ra
bi b tng hp tn s mi c gii iu ch.
Mi ngi s dng trong h thng CDMA, s dng cng tn s
sng mang v c th pht ng thi. Mi ngi s dng c t m gi
ngu nhin ring m gn nh trc giao vi tt c cc t m khc. My
thu thc hin mt thao tc tng quan theo thi gian la chn t m
mong mun c th. Tt c cc trm khc dng nh l nhiu do khng
c s tng quan. i vi vic la chn tn hiu bn tin, my thu cn
bit t m c s dng bi my pht. Mi ngi s dng hot ng
c lp m khng cn bit tn s hoc khe thi gian ca ngi s dng
khc.
Trong CDMA cng sut ca nhiu ngi s dng ti my thu xc
nh mc nhiu ng sau s khng tng quan. Nu cng sut ca mi
ngi s dng trong mt khng c iu khin cho chng xut
hin khng bng nhau ti my thu trm gc, th xy ra vn gn- xa.
Vn gn-xa xy ra khi cc my pht thu bao gn cung cp qu
cng sut cho my thu trm gc v ly cc tn hiu thu c ra khi cc
thu bao.
5.2 Cc phng php truy nhp ngu nhin
Cc phng php truy nhp gn c nh c hiu qu i vi cc
ngun ti nguyn vi cc lung thng tin u n (v d : truyn mt
file d liu hoc truyn dn fax). Tuy nhin, khi thng tin c pht
47
Vin i Hc M H Ni
n tt nghip
theo cm, cc phng php truy nhp gn c nh gy lng ph ngun

ti nguyn truyn thng. Cc phng php truy nhp ngu nhin cung
cp cc phng thc linh hot v hiu qu qun l mt s truy nhp
knh gi cc bn tin ngn. Cc phng php truy nhp ngu nhin
cho php mi ngi s dng truy nhp vo mng bt c khi no c
thng tin gi. Do s t do ny m dn n vic tranh chp gia
nhng ngi truy nhp vo mng. S tranh chp ny c th gy ra cc
xung t v c th cn phi gi li thng tin. Thng thng ta s dng
phng php a truy nhp cm ng sng mang CSMA/CD,
CSMA/CA.
Phng php a truy nhp cm ng sng mang (CSMA Carrier
Sence Multiple Access) c s dng rng ri cho c LAN hu tuyn
v LAN khng dy. Cc c tnh c bn ca giao thc CSMA l mi
u cui trn mng gim st trng thi ca knh trc khi pht thng
tin trn knh, nu knh ri (khng sng mang no c pht hin),
trm pht mt gi. Trong cc giao thc CSMA tr pht hin v
tr truyn lan () l hai thng s quan trng. tr pht hin l mt
hm ca phn cng my thu v l thi gian cn thit mt u cui
nhn bit knh ri hay khng. tr truyn lan l mt i lng quan
h th hin mt gi c truyn nhanh nh th no t mt trm gc ti
mt u cui di ng. Vi mt thi gian pht hin nh, mt u cui
pht hin mt knh ri rt nhanh v tr truyn lan nh ngha l mt
gi c pht qua knh trong mt khong thi gian nh so vi khong
thi gian ca gi.
tr truyn lan quan trng do ch sau khi ngi s dng bt u
48
Vin i Hc M H Ni
n tt nghip
gi mt gi, mt ngi s dng khc c th sn sng gi v c th

nhn bit knh ti cng thi im. Nu gi ang pht
khng ti c ngi s dng m ngi ny sn sng gi, ngi
s dng sau s nhn bit mt knh ri v cng s gi gi ca h, kt
qu ny ra xung t gia hai goi. tr truyn lan nh hng n hiu
xut ca giao thc CSMA. C hai phng thc CSMA c m t
di y.
a. phng thc a truy nhp cm ng sng mang c pht hin
xung t CSMA/CD (Carrier Sense Multiple Access with
Collision Detection)
Cch thc truy nhp CSMA/CD c dng rng ri i vi cc LAN
hu tuyn. Trong cc mng LAN khng dy, CSMA cng cho php
mt trm tm dng khi c mt trm khc ang s dng mi trng
truyn sng radio hay hng ngoi. Tuy nhin, vi sng radio v hng
ngoi th khng th truyn v nhn mt cch ng thi, do s pht
hin ng dng c bn l khng th dng c y. Tuy vy,
mt chc nng pht hin ng khc c a ra dng vi
LAN khng dy c gi l s pht hin ng .
Trong phng php ny, khi mt trm c mt frame truyn,
trc ht n pht ra mt tun t nh phn gi ngu nhin ngn c gi
l comb v c gn vo pha trc ca mu u frame. Sau trm
ny tin hnh hot ng cm ng sng mang theo li thng thng v
gi s mi trng hon ton tnh lng, n truyn tun t comb ny.
i vi bit nh phn 1 trong tun t, trm truyn tn hiu trong mt
khong thi gian ngn nhng i vi mt bit nh phn 0 th trm li
49
Vin i Hc M H Ni
n tt nghip
chuyn sang ch thu.

Nu mt trm pht hin hot ng truyn lan trong khong thi
gian n ang ch thu th n ngng tranh chp knh v i cho n
khi trm ang truyn khc truyn xong. Nguyn l hot ng c
trnh by hnh 3.9.
Trong v d ny, ba trm A,B v C ang tranh chp knh v m
gi ngu nhin c pht i bi mi trm nh hnh 3.9 v tt c bit u
tin trong tun t ny l 1 nn tt c cc trm khng c trm no
trng thi lng nghe v do hot ng truyn khng c pht hin.
Trong khong thi gian comb th hai, cc trm A v C vn ang truyn
nhng B trong ch thu v do s pht hin mt tn hiu v
ngng tranh chp knh ti thi im ny. Trong khong thi gian th
ba, v B lc ny ang trng thi khng hot ng v c trm A v C
u trong ch thu, A v C s khng pht hin mt tn hiu no, trong
khong thi gian th t trm A ang truyn v trm C ch thu nn
C s pht hin mt tn hiu v ngng tranh chp. Sau A c php
truy nhp, sau khi hon thnh x l tranh chp n s tin hnh truyn
frame ang i ca n.
50
Vin i Hc M H Ni
n tt nghip
frame
A
A
1 1 0 1 0
A hon tt tranh
chp v tip tc truyn
1 01 1 1
B cm nhn mt tn hiu
(t A,C) v ngng truyn
B
1 0 1 0 1
C
1 1 0 0 0 C cm nhn mt tn hiu
(t A, B) v ngng truyn
0 1 1 1 0
B, C pht tun t ngu
nhin mi v khi ng
li qu trnh tranh chp
Hnh 2.12 : nguyn l hot ng CSMA/CD

Hiu qu ca phng php ny c xc nh bi s bit tun t
gi ngu nhin l comb v nu hai trm c cng tun t th s xy ra
ng . Trong thc t s lng ng xy ra l tng i t, do
chiu di ca comb c th tng i ngn, v vy cng c gii hn ti
a v tc cc my thu hay hng ngoi chuyn i gia cc ch
pht v thu, thng l 10s nn mt comb c chiu di ngn hn gim
c khong thi gian tranh chp.
b. phng php truy nhp cm nhn sng mang c trnh xung
t CSMA/CA (Carrier Sense Multiple Access with Collision
Avoidance)
Nguyn l hot ng ca phng php ny c trnh by trn hnh
3.10.
Theo phng php truy nhp ny, thay v hot ng truyn ngay
mt frame khi mi trng tr nn yn tnh, trc ht trm phi i
51
Vin i Hc M H Ni
n tt nghip
thm mt khong thi gian ngn ngu nhin v ch khi mi trng vn

cn yn tnh sau khong thi gian ny n mi bt u truyn bng cch
ny. nu cc trm khc cng i th trm c khong thi gian ngn nht
s ot c quyn truy nhp trc tin v cc trm khc cn li s
dng. Hiu qu ca phng php ny ph thuc vo s bt trong tun t
ngu nhin hay lng thi gian trnh ng ln nht.
Thi gian
A
B
A hon tt truyn
frame
B xem li mi trng v thy

im lng nn bt u truyn
B v C cng cm nhn
mi trng v thy rnh
nn c hai u pht sinh
ng thi
C xem li mi trng nhng

thy B ang chim nn
nhng cho
Hnh 2.13 : nguyn l hot ng ca CSMA/CA

Mt vn t ra l khi dng sng radio hay hng ngoi khng
c g chc chn rng my ang c hng ti l ang lin lc radio
vi ngun. Do mc d phng php CSMA/CD hay CSMA/CA
m bo mt trm t c truy nhp vo mi trng, nhng my ch
ca frame c th chng bao gi nhn c n. Do , mt th tc bt
tay qua li trn phng php MAC c bn c kt hp vo trong giao
thc MAC ny, th tc bt tay thc hin qua bn bc.
Bt c khi no mt n v di ng cn gi mt frame, trc ht
52
Vin i Hc M H Ni
n tt nghip
n truyn mt thng ip iu khin ngt RTS (Request To Send) n

PAU (Portable Access Unit) hoc n n v di ng khc. Thng ip
iu khin RTS cha a ch MAC ca c ngun v ch, khi my thu
tip nhn thng ip ny nu chp nhn yu cu v tip nhn frame, s
chuyn thng ip phc p CTS, cng cha thng ip yu cu nhng
theo th t ngc li. Mt khc, nu ch khng sn sng nhn mt
frame n s gi phc p RxBUSY. Nu phc p l tch cc th n v
di ng yu cu s truyn frame sng v nu frame ny c nhn tt
th ch s gi mt thng ip bo nhn tt (ACK). Tuy nhin, nu
frame ny b hng th my thu s gi mt thng ip bo t chi
(NAK) my ngun c gng truyn li, th tc ny s lp li theo mt
s ln xc nh
5.3 Cc phng php truy nhp c iu khin
Cc phng php truy nhp ngu nhin do c tnh n gin nn
c s dng rng ri trn cc mng cc b. Tuy nhin, do s truy
nhp l ngu nhin (khng c kim sot cht ch) nn kh nng xung
t trong mng kh loi tr c hon ton. Vi phng php truy
nhp c iu khin, vic truy nhp c kim sot cht ch cp pht
truy nhp ng truyn vt l cho cc nt mng. Thng thng s
dng phng php truy nhp c iu khin l chuyn th bi v truy
nhp theo th t.
a. phng php truy nhp chuyn th bi
Nguyn tc hot ng ca phng php chuyn th bi nh sau:
cp php quyn truy nhp ng truyn cho cc trm c nhu cu
53
Vin i Hc M H Ni
n tt nghip
truyn d liu, mt m thng bo c lun chuyn trn mt vng

logic c thit lp bi cc trm . Khi mt trm nhn c thng
bo th n c th truyn mt hay nhiu khung d liu. Khi ht d
liu hoc ht thi gian cho php, trm phi chuyn m thng bo n
trm k tip trong vng logic. Nh vy, bc u tin l phi thit lp
vng logic bao gm cc trm ang c nhu cu truyn d liu c xc
nh theo chun th t m trm cui cng ca mi chun s lin tip
sau bi trm u tin, mi trm trong vng logic u bit a ch ca
trm k trc v sau n. Th t ca cc trm logic c th c lp vi
th t vt l. Cc trm khng hoc cha c nhu cu truyn d liu th
khng c a vo vng logic v chng ch c th tip nhn d liu.
Trn hnh 3.11 cc trm A v H nm ngoi vng logic, ch c th
nhn d liu dnh cho chng. Tuy vic thit lp vng logic trong
chng trnh khng phc tp nhng vic duy tr theo trng thi thc t
ca mng l tng i phc tp. Vic thit lp vng logic phi tho
mn cc chc nng sau :
+ b xung mt trm vo vng logic : cc trm nm ngoi vng
logic cn c xem xt nh k nu c nhu cu truyn th b xung vo
vng logic
+ loi b mt trm khi vng logic : khi mt trm khng cn
truyn d liu cn loi b n ra khi vng logic ti u ho vic iu
khin truy nhp bng m thng bo.
54
Vin i Hc M H Ni
A
n tt nghip
B
Vng logic
ng truyn vt l
Hnh 2.14 : vng logic v ng truyn vt l

+ qun l li : mt s li c th xy ra, v d nh vic trng a
ch (hai trm u ngh rng n lt n truyn) hoc t vng
(khng c trm no ngh n lt n truyn)
+ khi to vng logic : khi ci t mng hoc khi t vng cn
khi to li vng logic. Cc gii thut cho cc chc nng phi tho mn
trn c khuyn ngh nh sau :
b sung trm vo vng logic, mi trm trong vng c trch
nhim nh k to iu kin cho cc trm mi nhp vo vng. Khi
chuyn m thng bo tm trm trc mi cc trm (c a ch
gia n v trm k tip n) gi yu cu nhp vng. Nu sau mt thi
gian xc nh trc m khng c yu cu no th trm s chuyn m
thng bo n trm k sau n nh thng l. Nu c nhu cu th trm
chuyn m thng bo s nhn trm yu cu tr thnh trm ng k sau
n v chuyn m thng bo ti trm ny, nu c hn mt trm yu cu
nhp vng th trm gi m thng bo s phi chn mt gii thut no
.
55
Vin i Hc M H Ni
n tt nghip
Vic loi b trm ra khi vng logic n gian l : mt trm mun ra

khi vng logic s i n khi nhn c thng bo ni trm ng sau
ti trm k trc n yu cu trm ny ni trc tip vi trm k sau n.
Vic qun l li trm gi m thng bo. Chng hn, trm
nhn c tn hiu cho thy c trm khc c m thng bo, lp tc
n chuyn sang trng thi nghe (b ng, ch d liu hoc m thng
bo) hoc sau khi kt thc truyn d liu, trm phi chuyn m thng
bo ti trm k sau n v tip tc nghe xem trm k sau n c hot
ng khng hay hng. Trng hp trm k sau n b h hng th
phi tm cch (gi cc thng bo) b qua nt hng , c gng tm
c trm hot ng gi thng bo ti.
Khi to vng logic c thc hin khi mt hay nhiu trm pht
hin rng bus khng hot ng trong mt khong thi gian vt qu gi
tr ngng (time-out) cho trc, m thng bo b mt. C nhiu
nguyn nhn, chng hn mng b mt hoc ngun trm gi m thng
bo b hng. Lc trm pht hin s gi thng bo yu cu m thng
bo ti mt trm c ch nh trc c trch nhim sinh m thng
bo mi v chuyn theo vng logic.
Trong khi th bi nm di quyn s dng ca mt my tnh th
cc my tnh khc khng th truy nhp d liu c. V mi ln ch c
mt my tnh s dng th bi nn tranh chp v va trm s khng xy
ra v khng cn thi gian ch i my tnh gi li th bi do lu lng
lu thng trn ng truyn.
phc tp ca cc phng php dng th bi ln hn nhiu so
vi cc phng php truy nhp ngu nhin. Mt khc, hiu qu ca
56
Vin i Hc M H Ni
n tt nghip
phng php th bi l khng cao trong iu kin ti nh mt trm c

th phi i kh lu mi c th nhn c th bi. Tuy nhin, cc
phng php dng th bi cng c u im quan trng. l kh nng
iu ho lu lng lu thng trn mng, hoc mt cch cho php cc
trm truyn s lng n v d liu khc sau khi nhn c th bi,
hoc bng cch lp ch u tin cp pht th bi cho cc trm cho
trc. c bit, cc phng php dng th bi c hiu qu cao hn cc
phng php truy nhp ngu nhin trong trng hp ti nng (nhiu
my tnh trong mng).
b. truy nhp theo th t
Trong mt s ng dng, tnh cng bng ca ng truyn l quan
trng nht. Phng php truy nhp ny bo m rng ai n trc th
c truy nhp trc. Hot ng c m t nh hnh v :
Hnh v 2.15 : Truy nhp theo th t

57
Vin i Hc M H Ni
n tt nghip
Khi mt trm c mt gi gi, u tin trm ny gi mt yu

cu n im iu khin. Yu cu c xp hng vi cc yu cu ca
nhng ngi s dng khc v im iu khin chn nhng ngi s
dng ln lt. Cuc truyn c tha nhn v tt c cc cuc truyn d
liu u i qua im truy nhp
CHNG III. CC IM YU CA MNG KHNG DY

V CC PHNG THC TN CNG MNG.
1. S r r sng RF ca mng khng dy.

Mt trong nhng nguy c nh hng ti mi s trin khai khng
dy ln hay nh l thc t cc tn hiu khng dy khng dng trc cc
bc tng ca chng ta. Ci t mt AP cng ging nh nh t mt
jack Ethernet RJ45 trong khu vc ca chng ta. Nhng k tn cng c
th li gn cm vo, kt ni vi mng ca chng ta. Trong thc t
chng ta khng h cn vic . Vi thit b v khng gian thong,
58
Vin i Hc M H Ni
n tt nghip
chng ta c th nhn cc tn hiu WIFI xa 20-25 dm. N khng phi

vn thng thng , nhng vi cc b khuych i cc anten h s
khuych i cao, c th nghe trm cc mng khng dy t khong cch
rt xa, c th thu c cc tn hiu WIFI khong cch gn 25 dm.
iu ny lm cho cc nh bo mt chuyn nghip lo lng.
Chng ta cn gi nh rng hot ng trong cc tn hiu RF s
b nghe trm v d liu khng dy s ri vo nhng bn tay xu. Mt
gii php chp nhn c l t WLAN trong mt phn on ring
bit. Ni cch khc, t cc AP ca chng ta bn ngoi firewall. Coi
mng khng dy nh phn on khng tin cy (ging nh kt ni
Internet ca chng ta ).
2. WEP phng thc m ha bo mt yu.

Nh hm tn gi ca n, WEP ch hng ti vic mang li cho
ngi dng khng dy mc bo mt nh trong mt mng c dy
( khng nhiu hn ). WEP khng c thit k nh mt gii php ton
din cho mng khng dy v nh chng ta thy , WEP cho mt
lng ln cc thiu st, iu ny lm cho n d b tn cng t mt vi
nhm tn cng no .
2.1 M ha WEP .
a. Khun dng hot ng ca WEP.
59
Vin i Hc M H Ni
n tt nghip
Qu trnh m ha lun bt u vi mt bn tin r (plantext) m

chng ta mun bo v. Trc tin WEP thc hin kim tra CRC 32 bit
trn bn tin. WEP gi l l kim tra tnh ton vn v ni n vo cui
bn tin r. Tip theo chng ta ly m kha b mt v t n vo cui
vector khit to N. T hp chng thnh RC 4, b pht gii ngu nhin
v n s a ra mt chui m keystream. Chui kha m n thun ny
l mi dy 0 v 1 , c di bng di bn tin r cng vi t hp
CRC. Cui cng, chng ta thc hin ton t XOR gia ( bn tin r + t
hp CRC) v key stream- chui m kha. Kt qu thu c bn tin m.
IV (cha m ha) c t vo trc bn tin m v nh l mt phn
ca d liu pht.
Hnh 3.1 : M Ha WEP

Hnh 3.2 l mt cch nhn khc vi hot ng trn . Trc tin,
chng ta thc hin kim tra tnh ton vn (CRC) v ni n vo cui bn
60
Vin i Hc M H Ni
n tt nghip
tin. Sau chng ta ly ton b bn tin r ny v XOR n vi chui

kha m. Chui kha m c to thnh bng vic ly kha b mt v
ni n vo vector khi to ri t vo b m ha RC4. Ch rng , sau
qu trnh XOR hai gi tr, chng ta thm vector khi to vo u bn
tin m. IV l bn r (khng m ha) bi v chng cn trong qu trnh
gii m.
Hnh 3.2 Khung m ha WEP
b. Gii m bn tin WEP.

Gii m l mt qu trnh ging m ha nhng ngc li. Chng ta
ly IV (n c gi nh bn r) v ni chng vo kha b mt ri a
vo cui b m ha RC4 ti to chui m kha. Tip theo, chng ta
XOR chui kha m vi bn tin m, v sau chng ta thu c bn
tin r. Cui cng , chng ta thc hin li kim tra CRC 32 trn bn tin
r v m bo rng n khp vi gi tr kim tra ton vn d liu trong
bn tin r cha m ha. Nu vic kim tra khng khp, gi c gi
thit l b nhiu v b loi b .
61
Vin i Hc M H Ni
n tt nghip
c. Vector khi to IV.

Mt trong nhng thiu st trong vic thc hin b m ha RC4
ca WEP l thc t giao thc 802.11 khng ch nh v to cc IV nh
th no. Nh rng cc IV l cc gi tr 24 bit t vo trc m kha b
mt v c s dng trong b m ha RC4. L do chng ta c cc IV
l m bo yu cu l chng ta khng bao gi dng li mt m kha
b mt.
Mt vn i vi WEP y l khng c mt hng dn no
v cch thc thi cc IV. Chng ta chn cc gi tr IV mt cch ngu
nhin chng? Hay chng ta bt u vi 0 v tng dn ln 1? Hay chng
ta bt u t 16777215 v gim dn ? Do mi gi yu cu mt khi to
c nht vi RC4 , chng ta c th thy rng tc cao , ton b
khng gian IV 24 bit c th ch c s dng khong vi gi. Do ,
chng ta buc phi lp li cc IV , v vi phm vo mt lut cn bn ca
RC4 l khng bao gi lp li cc kha.
d. B m ha lung RC4.
WEP s dng b m ha lung RC4 ca RSA. y l b m ha
ging b m ha s dng trong cc h thng bo mt khc nh SSL
( HTTPs). Vn vi WEP l mt ln na, giao thc 802.11 khng
nh ngha cch thc thi / b sung cc IV. Nh cp, kha m s
dng b m ha RC4 l t hp ca mt kha b mt chia s v mt IV.
IV l mt s nh phn 24 bit . Rt nhiu nh sn xut s dng WEP 64
hay 128 bit.
62
Vin i Hc M H Ni
n tt nghip
2.2 Cc vn ca WEP.
a. Vn qun l kha m.
WEP s dng mt c ch m kha i xng, tc l s dng cng
m kha b mt chia s c m ha v gii m. Kha m phi c
chia s gia bn gi v bn nhn . Mt vn vi giao thc 802.11 l
n khng hng dn v cc vn qun l kha m : lm th no
phn phi kha m gia nhng ngi dng ? iu ny dng nh
khng phi l mt vn khi chng ta s dng WEP trong mt mi
trng vi ba laptop , nhng thc s kh khn khi chng ta c gng
trin khai WEP cho mt khu vc khong 5000 client . Mi ngi s
dng phi bit kha m v gi b mt v n. iu g xy ra khi mt
ngi no chy khi cng ty hay mt laptop b nh cp . Mt m
kha mi phi c a ti tt c nhng ngi dng n l v phi
thit lp li cu hnh ca client. Hn na , khi mt k tn cng xm hi
kha m trong mt phin , kha m ging nh vy c th c s dng
gii m trong mt phin khc, bi v mi ngi u s dng cng
mt kha m.
b. Xung t IV.
Khi mt IV c dng li, chng ta gi l xung t. Khi xung
t xy ra , t hp ca kha b mt chia s v IV lp li nn lung kha
m ging nh lung kha m c s dng trc . Do IV c
gi theo khun dng khng m ha , k tn cng , ngi ang gi theo
di tt c cc lu lng c th xc nh khi xy ra xung t. Phn ln
cc tn cng da trn cc pht hin cc xung t IV.
63
Vin i Hc M H Ni
n tt nghip
Tn cng lung kha m l mt phng thc tm lung kha m

bng cch phn tch hai gi xut pht t cng mt IV. Ni mt cch
n gin, XOR hai bn m s bng vi XOR hai bn r.
Hnh 3.3 : Tn cng lung m kha
hnh bn tri, chng ta c 8 bit ( bn r 1) c XOR vi lung kha

m, kt qu thu c bn m 1. hnh trn bn phi , chng ta c mt
bn r 8 bit khc ( bn r 2), nhng c XOR vi cng lung m
kha, kt qu thu c bn m 2. Chng ta thy rng XOR hai bn m
vi nhau cho chng ta kt qu bng vi XOR hai bn r vi nhau. Do
, nu c hai bn m c bit (c th bt c bng sniffer) v mt
bn r c bit, s tm c bn r th 2.
C hai cch :
- th nht, khi chng ta c th nhn c my ch t mt my
ch t mt my trn internet ( hoc mtt host trn mng LAN
ch), chng ta c th gi mt gi ti mng ch. Do n c
pht i t chng ta, dung lng gi bn r l bit. Chng ta c
th xc nh gi bng cch bt kch thc mt gi khng bnh
64
Vin i Hc M H Ni
n tt nghip
thng v tm kch thc trong d liu log sniffer ca chng

ta.
- Mt cch khc tm bn r ca gi l d on. Phn ln cc
giao thc TCP/IP s dng cc th tc bt tay bit. Nh DHCP,
ARPX v cc gi qung b khc s dng cc tn hiu khng m
ha.
Nh rng, cc tn cng lung kha m ch thc hin c khi cc IV
b lp li. y l l hng ch yu trong thc hin WEP. Bi v chun
khng nh ngha cch cung cp IV, chng thng b lp li v hon
ton c th chp nhn lp li chng. Trn thc t, mt AP vn tun
theo chun, n phi chp nhn cc IV c dng li. iu ny vi phm
ti nguyn tc c bn ca RC4 : khng an ton khi thc hin dng li
kha m , cc kha khng bao gi c dng li hay lp li.
2.3 Cc phng thc ph kha m WEP.

a. Ni suy bn tin.
Khi mt lung kha m c bit , mt bn tin mi c th c
xy dng bng mt bn r mi v XOR n vi lung kha m bit
to bn tin m mi c gi mo. Hn na , do chun 802.11 khng
yu cu IV phi thay i vi tt c gi tn, mi thit b phi chp nhn
cc IV dng li.
V d , cho rng chng ta bit r v bn m ca mt bn tin c
th. Chng ta c th s dng thng tin ny tm lung kha m.
65
Vin i Hc M H Ni
n tt nghip
Hnh 3.4 : Tm lung kha m
S dng lung kha m, chng ta c th thu c bn r ca chnh

chng ta v s dng lung kha m to bn tin m ha mi. Gi ny
c th sao c a gi mo vo mng v c gii m mch ch
nh mt gi WEP hp l.
Hnh 3.5: Gi mo bn tin mi.
b. Gi mo xc thc.
66
Vin i Hc M H Ni
n tt nghip
Mt cch khc tn cong ni suy gi l gi mo xc thc. hiu

cch thc tn cng ny lm vic nh th no, hy c mt cch nhn
khc vi tin trnh xc thc kha chia s :
- Bc 1 : Client gi mt yu cu xc thc ti AP.
- Bc 2 : AP gi ti client 128 byte d liu th.
- Bc 3 : Client m ha d liu th vi kha m WEP ca n v
gi tr li AP.
- Bc 4 : AP s dng thng tin bit ca m kha WEP xc
nhn bn tin ny v xc nh client c thc s bit kha m b
mt chia s khng .
- Bc 5 : AP gi li cho client bn tin thnh cng hay tht bi .
Vn y nu k tn cng c th theo di tin trnh ny ny,
hn s bit c bn r ( d liu th ) v bn m tng ng ca n ( d
liu tr v ) . S dng h phng php tn cng ni suy bn tin, k tn
cng c th tm c lung kha m, yu cu xc thc t AP, v s
dng lung kha m ny trn d liu th to mt p ng hp l. K
tn cng sau c AP xc thc mc du hn khng h bit kha m
WEP. Kiu tn cng ny thc hin c bi d liu lun l 128bytes
v hn na IV c th b lp li v c dng li.
c.Tn cng tin trnh lp.

Mt cch khc xc nh kha m WEP l s dng lp tin
trnh. Phn b mt chia s ca kha m WEP l 40bit hoc 104 bit, ph
thuc vo di kha m m cng ta ang s dng. Nh nghin cu
bo mt Tim New Sham pht hin ra rng cc b pht kha m t mt
67
Vin i Hc M H Ni
n tt nghip
s nh cung cp l khng hon thin . Tn cng lp tin trnh trn kha

m 40bit s dng b pht kha m yu c th thc hin crack trong
vng 1 pht.
B pht kha m cho php ngi dng nhp mt cm pass n
gin to kha m, thay vic nhp kha m th cng bng chui s c
s 16 . B mt kha m chia s WEP 40 bit yu cu 10 s c s 16, cn
b mt kha m chia s WEP 104 bit yu cu 26 s c s 16. tin
dng , mt s nh cung cp cho php chng ta nhp mt cm pass
ASCII v t , to ra 10 hay 26 s c s 16 ca chng. Vic s dng
b pht kha m l hon ton ring bit / c nhn v khng theo mt
chun no c. Tuy nhin , ch rng vi nh cung cp khc nhau cng
s dng mt thut ton to kha m.
Tim New Sham pht hin ra rng c mt s vn vi cc b
pht kha m ca vi nh cung cp. Trong mt v d, anh ta cp
ti kha m 40 bit, phn ca tin trnh pht kha m bao gm 32 bit
khi u c dng trong PRNG. Bi v bit cao nht ca mi k t
ASCII lun l 0 v b pht kha m da trn vic XOR cc gi tr
ASCII , Tim pht hin ra thay cho 00 : 00 : 00 : 00 ff : ff : ff : ff ( 32)
bit ) khi u c th, ch cc gi tr 00 00 00 00 _ 00 ff ff ff c xem
xt. iu ny gim entropy thc t ca PRNG ti 21 bit. S dng 1
laptop PIII 500 thc hin 60.000 d on mi giy, New Sham c th
crack kha m WEP 40 bit t b pht kha m trong 35 giy.
Bi hc t chuyn ny l : khng s dng cc b pht kha m.
Nhp kha m WEP ca chng ta vi cc s c s 16 mt cch th
cng. Nu thc hin theo cch ny, mt kha m WEP s phi mt 210
68
Vin i Hc M H Ni
n tt nghip
ngy crack ( l mt thao tc kh khn qu mc khi tn cng bng

Cluster limix).
Nh mt s chn la, chng ta c th thc hin WEP 104 bit.
Tim lu rng b pht kha m WEP 104 bit khng c li. N da
trn bng bm MD-5 ca cm pass. Anh ta c chng dng lp tin
trnh vi kha m ny cn 10 nm.
19
R rng , tn cng lp tin trnh vi kha m 104 bit l thao tc

kh khn hn nhiu so vi kha m 40 bit. Khi s dng WEP, lun
trin khai vi kch thc kha m ln nht c th.
d. Tn cng FMS.
Tn cng FMS, da trn mt cch khc, da vo vic bt mt
lng khng l lu lng m ha , sau s dng cng sut rt nh
CPU dng thut ton XS crack kha m. Trong thc t crack
FMS gn nh ngang bng , c ngha l vic crack kha m 128-bit ch
di hn khng ng k so vi crack kha m 64 bit, khi chng ta bt
kha m yu. Vn i vi FMS l bt d liu m ha crack
kha m. Trong mt mng lu lng cao, iu ny c th hon thnh
sau khong vi gi. Tuy nhin , trong mt mi trng lu lng thp ,
tin trnh ny c th mt vi ngy hoc vi tun . crack kha m
WEP s dng FMS , mt s k tn cng kin nhn v m thm thng
xuyn s dng cc cng c nh AirSnort trn PDA v t n trong
nhng bi cy gn AP vi ngy. Nhng k tn cng khc pht trin
nhng k thut khn ngoan hn gi to lu lng mng pht ra
nhm thu c bn m crack kha m.
69
Vin i Hc M H Ni
n tt nghip
Mt k thut gi mo gi c th thc hin nh sau : k tn cng

s bt lu lng m ha v tm kim giao thc tha thun da trn kch
thc gi bt c. V d , mt yu cu ARP c kch thc 28 bytes.
Trong khi bt lu lng , k tn cng gi mo li gi m ha (ARP )
ht ln ny ti ln khc. p ng ARP s pht ra nhng lu lng mi,
dn ti kh nng pht lu lng cho tn cng thnh cng FMS trong
khong 1 gi.
Hnh 3.6 : Tn cng thng qua bt cc gi tin m ha hp l vi gi mo ARP
Hnh 3.7 : Tn cng bt lu lng p ng ARP thng qua vic lin tc

gi tn hiu t chi.
70
Vin i Hc M H Ni
n tt nghip
3.Cc phng thc tn cng mng khng dy.
3.1 Tn cng th ng .
Nguy c tn cng th ng l trng thi khi k tn cong khng tn
cng trc tip vo mng hay lu lng m ly nhng thng tin cho li
ch c nhn hoc mc tiu tn cng trong tng lai. C mt s nguy c
tn cng th ng c m t di y.
71
Vin i Hc M H Ni
n tt nghip
a. Nghe ln .
y l mt nguy c tn cng bo mt thng thng gp phi.
Trong tn cng ny, k tn cng lng nghe nhng thng tin khng c
php. Nhng thng tin ny c th bao gm kha m trong phin c
s dng m ha d liu hay thng tin trong ton b phin. Nh
bit khong cch truyn dn ca cc mng WLAN thng gii hn vi
trm mt, gii hn ny da trn vic s dng cc anten nh c trong
cc PC card v cc anten ca cc AP trong mng. Khi cc anten c i
nhy cao hn c s dng, kh nng thu c truyn pht tn s radio
ca WLAN t khong cch ng k. Trong thc t, mt s loi anten
c nhy ng hng cao c th thu c tn hiu cch vi dm. Do
s r r RF ny mt s k tn cng c th theo di truyn pht mng
khng dy thng qua anten nghe ln t ngoi. C th thng qua vic bt
lu lng ph kha bo mt v thm nhp h thng.
b.Phn tch lu lng.

y l mt dng tn cng th ng tinh vi. C th tn ti cc thi
im k tn cng bit c v tr v nhn dng c cc thit b ngi
dng. T thng qua mt s cng c nm bt v phn tch lu lng
truyn pht. K tn cng c th ch yu cu thng tin nh bn tin va
c gi, ai gi bn tin cho ai , v tn s hoc kch thc bn tin. Nguy
c tn cng ny gi l phn tch lu lng.
72
Vin i Hc M H Ni
n tt nghip
3.2 Tn cng ch dng.

Nguy c tn cng ch ng xy ra khi k tn cng tn cng trc
tip vo lu lng v mng, gy ra thay i v mng, d liu
a. Gi mo ngi dng.
y l tn cng trong k tn cng gi mo thnh ngi dng
tin cy. Khi nghe ln c truyn dn WLAN , k tn cng c kh
nng tr thnh ngi dng hp php mng. Vic gi mo v cng nguy
him vi mng khi to ra mt l hng vi ti nguyn mng.
Kh nng mt ngi dng tri php gi mo ngi dng hp
php trong mng khng dy c th rt ln n gin hoc phc tp ty
vo mc bo mt ca h thng. Nu WLAN khng thc hin
phng thc bo mt no, rt n gin cho k tn cng cng xc nh
SSID c s dng bi AP v xm nhp vo mng. Nu mng c kch
hot WEP vn tr nn phc tp hn, nhng nh ni trn, WEP
d dng b ph kha m thng qua vic theo di v nm bt lu lng .
Mc bo mt cng cao th cng kh khn cho k tn cng gi mo.
Do , i vi mng cn s dng cc c ch xc thc v cp quyn.
b. Thay i d liu.
Tn cng thay i d liu l mt trong nhng tn cng nguy him
nht i vi WLAN. Vn nghim trng xy ra khi ngi nhn
khng pht hin c cc d liu nhn c b thay i. iu ny
dn ti kh nng k tn cng c th gy tn hi thit b ngi dng
73
Vin i Hc M H Ni
n tt nghip
cng nh mng. Tn cng thay di d liu c th a trn IV s dng

trong cc WLAN l CRC-32 . CRC32 tuyn tnh tng ng vi o bit.
Khi k tn cng thay i d liu trong khung v thay i IV pha
nhn khng th pht hin.
c. Truy nhp iu khin qun l.

Mt phng thc tn cng khc l s dng duyt WEB hay telnet
truy cp iu khin qun l ca AP.
Hu ht cc AP u c mt iu khin qun l cho php hin th
v thay i cu hnh ca AP. i vi mt AP thng thng c th s
dng cng ni tip, SNMP , trnh duyt WEB v Telnetl truy nhp
iu khin qun l ca thit b. Bi v hu ht cc AP h tr DHCP
mc nh s dng cc khi a ch RFC 1918 xc nh trc nn khng
kh xc nh.
Trong thc t khi truy cp ti trang Web sn phm, chng ta c
th xem thng tin sn phm v tm c a ch IP mc nh ca n.
Nu a ch IP mc nh ca mt router khng dy l 192.168.123.254 .
Mc d c thay i a ch IP, nhng do thit b ch h tr cc a
ch trong di 192.168.123.x nn k tn cng c th qut t
192.168.123.1 n 192.168.123.254 xc nh router khng dy. Sau
khi xc nh c a ch IP ca iu khin, k tn cng c th c gng
th xm nhp bng password mc nh ca thit b hoc thng qua tn
cng bng t in. Nu vic qun l thit b cu th tin trnh xm nhp
74
Vin i Hc M H Ni
n tt nghip
c th rt n gin v khi k tn cng nm c quyn iu khin

ton b hay mt phn ca mng.
d. Tn cng ARP.
Giao thc gii php a ch ARP cho php cc i tng Ethernet
s dng TCP/IP nh l giao thc truyn thng ca chng phn bit
vi cc i tng khc trn mng c a ch IP. Ging nh NetBIOS,
n l phng thc cho php qung b lu lng gia tt c cc host khi
mt gi ring bit ch c ngha vi host trong mng, ARP qung b yu
cu xc nh host ring bit ny bng cch s dng a ch IP. Host
nhn bn tin v bo nhn , v my khi u lu gi a ch MAC ca
my p ng trong cache ca n, cc truyn dn trong tng lai ti host
ny khng cn yu cu kim a ch IP no na.
Vn l cc h iu hnh khng hon ton chp nhn qung b
ARP v nhn ra n. Khi mt my pht hin mt gi gi t mt my
ring bit trong mng, n gi thit rng a ch MAC ca my ny
tng ng chnh xc vi a ch IP t my gi l t pht. Tt c truyn
pht trong tng lai s dng IP ny .
Khi k tn cng to nhng gi khng hp php vi a ch IP gi
mo, khi IP ny thuc v MAC ca chnh hn. Sau tt c cc
truyn dn t cc host s s dng ng dn tt ca t hp a ch
MAC/IP trc tip ti my ca k tn cng m khng ti host mong i.
Qua cho php k tn cng nm bt c cc thng tin truyn dn v
c th thc hin cc tn cng. iu ny v cng nghim trng.
75
Vin i Hc M H Ni
n tt nghip
3.3 Tn cng gy nghn hot ng mng khng dy DoS.

Cc tn cng DoS c thc hin hn ch v ngn chn kh
nng s dng thng thng ca truyn thng trong mng. Mc tiu ca
tn cng DoS thng l ngn khng ngi dung truy cp ti nguyn
mng t chi dch v ca h. Cc phng thc thng dng ca tn
cng DoS l lm trn ngp mng vi cc gi li hay d dng, gim lu
lng hp php v lm cho h thng khng th p ng.
H thng khng dy rt d b tn cng DoS bi v cc lp khc
nhau ca OSI tng tc ln nhau. Trc tin, v hin nhin nht l tn
cng s dng lp vt l trong mng khng dy d dng hn nhiu so
vi tn cng lp vt l trong mng c dy. Lp vt l l khng kh ,
mt khng gian quanh AP c th. K tn cng khng cn xm nhp vo
h tng ca bn, m c th i xung quanh v thc hin cc tn cng t
trn xe hay mt ni no . Mt khc kh phn bit c phi mt tn
cng DoS lp vt l xy ra hay khng i vi mng khng dy , khi
m khng lu gi mt du vt thc s no. K tn cng c th to ra
tn cng lp vt l bng vic s dng cc thit b lm trn ngp ph 2.4
GHz v 5 GHz vi nhiu v lu lng bt hp php, thao thc ny
khng h phc tp v mt k thut. Thm tr mt s in thoi cm tay
c th gy nhiu tn s 2,4GHz, di tn hot ng ca mng khng
dy 802.11b.
Ti lp lin kt d liu ca m hnh OSI, c th ch ra nhiu cch
tn cng DoS i vi h thng khng dy d dng hn so vi mng c
dy truyn thng. Mt cch thng dng nht t mt tn cng vo
76
Vin i Hc M H Ni
n tt nghip
lp lin kt d liu l thng qua hot ng ca cc anten phn lp.

Thc hin nh sau : mt AP vi cc anten phn tp A (pha tri) v B
(pha phi), khi ngi dng 1 v ngi dng 2 hai pha i din ca
vn phng , mi ngi dng thc hin truy cp mc nh ti mt anten
khc trn AP. Vn xy ra khi ngi dng A quyt nh nhi a ch
MAC ca ngi dng B, ngi b lp c th vng ra khi mng. Bng
vic tng cng tn hiu ca anh ta ti mc t nht l bng, khng
vt qu, tn hiu ca ngi dng B trn anten A, sau AP s khng
gi v nhn tn hiu t ngi dng A na. Anh ta b t chi dch v.
Anh ta s b t chi dch v , v tn cng thnh cng.
Cc AP nhi l mt vn khc vi lp lin kt d liu trong
mng khng dy , mc dng c xc thc WEP. Cc client thng thng
cu hnh truy cp vo AP vi mc tn hiu mnh nht. K tn cng
c th d dng d ra SSID ca AP v cc client s t ng giao kt vi
n v chuyn cc khung qua. y khi k tn cng bt c lu
lng, theo thi gian, xc nh c kha m WEP xc thc v m
ha lu lng trong mng khng dy.
Cui cng , ti lp mng, tht n gin lm trn ngp mng
khng dy vi lng ln cc yu cu ping hoc cc lu lng khng
xc thc khc khi m k tn cng giao kt vi mt AP khng dy
no .
77
Vin i Hc M H Ni
n tt nghip
3.4 Tn cng man-in-the-middle.

Tng t tn cng DoS , tn cng man-in-the-middle trong mng
khng dy d dng hn nhiu so vi cc c dy, bi mng c dy yu
cu mt phn no truy cp mng.
Vic t mt AP gi mo trong vng ph mng khng dy l mt
dng tn cng man-in-the-middle. Khi k tn cng bit SSID m mng
s dng ( rt d tm ra ) v AP gi mo mnh , ngi dng khng
dy khi khng ti no bit rng h ang kt ni vi mt AP tri
php. S dng AP gi, k tn cng c th thu thp c cc thng tin
quan trng v mng khng dy nh cc yu cu xc thc , kho bo
mt ang c s dng Thng thng, k tn cng s thit lp mt
laptop vi hai adapter khng dy , trong AP gi mo s s dng
mt card v card cn li c s dng chuyn tip yu cu thng
qua cu ni khng dy ti AP hp php. V d, k tn cng c th chy
AP gi mo t mt chic xe bn ngoi. Tuy nhin, thng thng thit
lp AP gi mo n gn hay trong cng mt vng vt l vi AP hp
php. Do tnh cht o khng th pht hin ca chng, ch c th phng
nga cc AP o thng qua o c thn trng v tn s v bo mt vt
l. Vic o c tn s cng c li trong vic pht hin cc AP tri php
ca cc thnh vin thit lp trong vng lm vic ca h. Nhng AP tri
php thng c thit lp khng c nhm phc v thun tin cho
ngi dng.
Chim ot v thay i mng khng dy .C nhiu k thut
chim ot mng khng dy hoc chim ot mt phin. Khng ging
78
Vin i Hc M H Ni
n tt nghip
mt s tn cng, qun tr mng v bo mt c th khng nhn thy s

khc nhau gia k chim ot v ngi dng hp php. C nhiu cng
c chim ot mng. Cc cng c ny da trn cc vn b xung
c bn trong hu ht tt c cc thit b hin nay. Nh cc gi TCP/IP
chuyn qua cc switch, router, v AP, mi thit b xe a ch ch v so
snh n vi a ch IP bit. Nu a ch khng c trong bng , thit
b chuyn gi ti gateway mc nh n. Bng ny c s dng lin
kt a ch IP vi a ch MAC bit ca thit b. Trong nhiu trng
hp, danh sch l ng c xy dng da trn lu lng chuyn qua
thit b v khai bo ARP t mt thit b mi tham gia mng. Khng c
xc thc hay kim chng yu cu m thit b nhn c c hp l
khng. Do , ngi dng c ch tm c th gi cc bn tin ti cc
thit b nh tuyn v cc AP nhn a ch MAC ca anh ta c
giao kt vi mt a ch IP bit . Sau , tt c lu lng i qua
router ny c nh trc cho a ch IP b chim c. Khi k tn
cng bt chc gateway mc nh hoc mt host ring bit trong mng,
tt c cc my c gng kt ni vi mng s kt ni vi my ca k tn
cng thay v ci ch ca h hng ti. Nu k tn cng kho lo, hn
s ch s dng thong tin ny xc nh cc password v cc thng tin
cn thit khc v vn nh tuyn ton b lu lng ti ngi nhn
mong i. Khi hn thc hin iu ny, cc ngi dng u cui s
khng bit c ngi gia man-in-the-middle chn vic truyn
thng ca h v gy tn hi ti password v cc thng tin ca h.
K tn cng kho lo khc c th thc hin hon ho vic s dng
cc AP gi mo. Khi k tn cng c kh nng t mt AP vi sng
79
Vin i Hc M H Ni
n tt nghip
mnh, ngi dng u cui khng th lin kt vi AP hp php m h

cn. Khi k tn cng c kh nng t mt AP vi sng mnh. ngi
u cui khng th lin kt vi AP hp php m h cn. S dng k
thut ny, k tn cng c th nhn cc yu cu v thng tin t cc
workstation u cui v kho b mt v ni m ngi dng ang th
kt ni.
Cc AP gi mo ny cng c th c s dng c gng ph
nhng AP c cu hnh cht ch. Vic s dng cc cng c nh
AirSnort v WEPCrack yu cu mt lng ln d liu c th gii
m kho b mt.
Khi k tn cng nhn bit mt mng v gi mo a ch MAC
tr thnh mt thnh vin hp php trong mng, hn c th thu c
nhiu thng tin hn vic thng qua c ch d qut. Khi mng b tn
cng s dng SSH truy cp cc host , vic n cp password d dng
hn nhiu so vi c gng th trn mt host.
Bng vic d ARP kt ni vi AP , k tn cng c th xut hin
host mun nh cp password. Sau , c th lm cho tt c cc ngi
dng khng dy ang thc hin SSH vi host kt ni vo my gi mo.
Khi nhng ngi dng ny ng nhp vi password ca h, trc tin
k tn cng thu c password v sau chuyn kt ni ti ch thc
s. Nu k tn cng khng thc hin bc th hai, n s lm tng kh
nng tn cng s b pht hin bi v ngi dng s phn nn v vic h
khng th kt ni ti host.
80
Vin i Hc M H Ni
n tt nghip
CHNG IV. CC GII PHP BO MT MNG KHNG

DY.
1.Mt s nhn t cn quan tm ca bo mt mng khng dy.

Gii php bo mt m chng ta s dng trong thit k mng ca
ta ph thuc vo nhiu nhn t khc nhau. S thit lp bo mt c s s
c da trn chnh sch bo mt ca chng ta. Vic a mt gii php
hon ho l ht sc kh khn, chng ta ch c th c gng t wocj
mc bo mt nht trong kh nng c th vi vic kt hp nhiu phng
thc cng nh bo mt theo nhiu lp.
Mt s nhn t cn xt n cho trin khai bo mt khng dy :
C bao nhiu client khng dy m ti cn p ng ( c trch
nhim ) v c bao nhiu l c th iu khin v tin tng c
trong cc client ?
Yu cu bao nhiu AP cung cp dch v khng dy trong khu
vc bao ph ca ti?
Thit k ca ti c bao gm tnh di ng khng (mobility kh
nng chuyn giao gia cc AP)
Cc client ca ti c c s dng trong mi trng khng iu
khin khng ? (nh trong cc qun cafe, sn bay, cc mng gia
nh)
C gii php VPN khng ?
C c s h tng PKI trin khai sn khng ?
81
Vin i Hc M H Ni
n tt nghip
Mc quan trng ca ti sn thng tin ti cn bo v.

Lu trong cc phng thc bo mt mt s l sn c nhng
ng ngha vi kh nng bo mt yu, mt s gii php i hi phi c
h tr t h tng c s ca mng vi chi ph cao. Do khi la chn
gii php trin khai bo mt phi cn c vo quy m trin khai , mc
bo mt yu cu cng nh chi ph t ra.
2. Cc mc tiu ca bo mt mng khng dy.

C 5 mc tiu chnh ca bo mt mng khng dy cng c bit
ti nh cc dch v bo mt v c th c s dng nh cc yu cu v
bo mt.
2.1. S tin cy .
S tin cy l vic bo v d liu khi b l ra ngoi i vi nhng
ngi khng c php. M ho c s dng thc hin mc ch
ny. Vi tn cng ch ng, k tn cng c kh nng gii m khun
dng bt k ca d liu m ho (da trn thut ton hay mt gin
no vi mt my tnh mnh v khng gii hn v thi gian). Do
s tin cy l mt yu cu quan trng cho vic bo v chng li tn
cng.
82
Vin i Hc M H Ni
n tt nghip
2.2. S xc thc.
Dch v xc thc lin quan ti vic bo m truyn thng c
xc thc. Trong trng hp ca cc bn tin n nh bo hiu hay cnh
bo, chc nng ca dch v xc thc l bo m rng bn nhn bn tin
t bn pht c khng nh. Trong trng hp tng tc lin tc nh
kt ni ca mt kt cui vi host, i hi xc thc c hai hng. Trc
tin, ti thi im khi to kt ni, dch v m bo rng c hai thc
th c xc thc (mi thc th c mt yu cu xc thc). Th hai,
dch v phi m bo rng lin kt khng b cn tr bi mt cch no
nh bn th ba c th gi mo mt trong hai bn hp php thc
hin nhng mc ch truyn dn tri php hoc thu nhn thng tin.
2.3. iu khin truy nhp.

Trong bi cnh bo mt mng, iu khin truy nhp l kh nng
gii hn v iu khin truy nhp ti cc h thng , cc mng v cc ng
dng. Do , nhng ngi dng tri php b ngn cm ngoi. Mc d
vic xc thc ngi dng ring bit thng c t hp vi cc mc
tiu iu khin truy nhp, chng c thc hin nh vy bi ngi
dng trc tin phi c xc thc c th thng qua mt server cho
trc v mng khi c th xc nhn quyn truy cp ca ngi dng.
iu khin truy nhp l s cp php truy nhp.
2.4. Tnh ton vn.
Ngn cn ngi dng tri php thay i d liu . Ch nhng nhm
ngi c php l c th thay i d liu. Thay i d liu bao gm
thay i trng thi , xo, khi to, v lm tr hoc pht li cc bn tin
83
Vin i Hc M H Ni
n tt nghip
2.5 Kh nng t chi trong truyn thng .

Hoc ngi khi to hoc ngi hnn trong qu trnh truyn
thng khng c kh nng t chi truyn thng v chp nhn bn tin
mun hn. Do khi bn tin c gi, bn nhn c th xc thc bn
tin trong thc t l c gi bi ngi c cho l ngi gi. Tng t
khi nhn bn tin, ngi gi c th xc thc trong thc t bn tin nhn
c bi ngi c cho l ngi nhn
3. Mt s yu cu trong cc gii php bo mt khng dy.
3.1 Phn cp.

Mng phi c phn cp , iu ny yu cu gin bo mt
c trin khai trong mng c phn cp u nhau trong khi duy tr
mc bo mt. y phn cp c trong s lng ngi dng v
trong vic tng kch thc mng nh vic thm vo mt s yu t mng
mi hoc vic m rng mt vng ph mi v d mt building.
3.2 Kh nng b sung.

n gin v d dng trong vic b sung gin bo mt l ht
sc quan trng. Do , mt gin bo mt phi c t ra sao cho
84
Vin i Hc M H Ni
n tt nghip
n d dng trong vic b sung v vn p ng c cc yu cu bo

mt.
3.3 Hiu qu.
Cc tnh nng bo mt phi c tc ng rt nh ti hiu sut
mng. iu ny c bit quan trng trong truyn thng thi gian khi
thc khi cc yu cu bo mt phi c p ng ng thi vi yu cu
v cht lng dch v. Hiu qu cng i cng vi cch s dng ti
nguyn ca mi trng, cc gii php bo mt phi khng gy ra vic
tng ton b dung lng ca mng.
3.4 Tnh sn sng.

y l mc tiu cui cng trong 5 mc tiu c cp. Bt k
mt dch v hay mng phi sn sng i vi ngi dng. m bo tnh
sn sng do mt s tn cng c kh nng ph v nh tn cng DoS.
Mt s gii php bo mt mng khng dy :
4. Thit lp anten v iu chnh.

Chng ta c th tng bc ti thiu ho kh nng r r RF ra
ngoi thng qua vic thit lp iu chnh i vi cc anten.
85
Vin i Hc M H Ni
n tt nghip
- S dng cc anten nh hng nh hng bp nng lng

bn trong khu vc ph sng, thay cho cc anten pht RF theo
mi hng.
-
Trn thc t cc anten pha trong t r r hn cc anten pha

ngoi. Do c th gim cng sut ca cc anten pha ngoi v
ca mt s AP cao cp hn. Thit lp cng sut pht ti mc
nh nht sao cho vn tho mn phc v cho cc yu cu thng
tin ca cc client khng dy. Theo cch ny, nguyn tc c
quyn ti thiu c p dng cho cc mng khng dy. Cng
sut c th c nng cao vn ti tt c cc client nhng
phi thp ti thiu ho kh nng r r ra ngoi.
5. Cc thit lp bo mt c bn.
5.1 V hiu ho qung b SSID.

Theo mc nh, AP t ng cung cp thng tin s nh danh SSID
ca h thng mng cho tt c cc thit b nm trong bn knh ph sng
ca n khi c yu cu. iu ny gip cho ngi s dng my tnh c
y thng tin tham gia vo mng, nhng li l nhc im b cc
hacker li dng thm nhp bt hp php, v vy i vi cc mng
cc b cn v hiu ho chc nng ny mng hot ng an ton hn.
Tuy nhin , bng cc b SSID khi bo hiu iu khin, bn thc s
ang ngt kh nng chuyn giao thc ca cc client t AP ny sang AP
86
Vin i Hc M H Ni
n tt nghip
khc. Cc client khng dy s dng cc bo hiu iu khin xc

nh khi no chng gn mt AP khc hn vi tn hiu mnh hn.
Khng c SSID, khng c cch no client bit rng n c th truy
cp li vi mt AP mnh hn.
5.2. Kch hot WEP.

Mc d WEP c xc nh c nhiu im yu, tuy vy n vn c
vai tr phng v. Mt khc y l mt gii php sn c trong cc thit
b. S dng WEP v thay i kho m thng xuyn trc xc nh
mng ca bn l ring t. Khi giao thc 802.11 khng c cch no khc
ni vi giao thc rng ngi xung quanh rng h khng nn th truy
nhp vo AP ca bn. Vic s dng m ho WEP gip trnh c cc
xm nhp mc thp.
5.3 S dng lc MAC.

Tt c cc thit b ni mng u c mt chui 12 k t duy nht
dng lm s nh danh cho tng thit b, gi l a ch MAC ( Media
Access Control). h thng hot ng an ton hn, ch nhng thit b
ni mng c s ng k MAC nht nh mi c quyn truy cp vo
h thng... Nguyn l lc MAC l lu gi mt danh sch cc a ch
MAC c cho php trong AP v ch chp nhn cc lu lng t cc
card .
87
Vin i Hc M H Ni
n tt nghip
6. Tng cng ho bo mt.
6.1 TKIP.
khc phc cc im yu ca m ho WEP sn c tng ci m
ho bo mt WEP bng s dng TKIP. V c bn, TKIP l mt chuyn
tip tm thi khc phc WEP, thc hin nh update phn mm,
firmware. Mt s tho hip thit k c xy dng tng thch
ngc vi h thng c s ang tn ti. Tuy nhin, TKIP hin ti
khc phc c tt c cc im yu lin quan v WEP:
- Tn cng lp : IV c th c s dng khng theo th t.
- Tn cng gi mo : IV s dng CRC32 bit tuyn tnh v c th b
thao tng.
- Tn cng xung t kho m : xung t IV.
- Tn cng kho m yu : m ho lung RC4 l d b tn cng
FMS (Airsnort, WEP crack, dweputil)
4.1 M Ha TKIP
88
Vin i Hc M H Ni
n tt nghip
TKIP c 3 nhn t chnh tng cng m ho.

Chc nng xo trn kho m tng gi.
Cc client bt u vi hai kho m : mt kho m 128 bit v mt
kho ton vn d liu 64bit c s dng trong cc giao kt 802.1x.
Kho m c gi l TK (kho trung gian). Kho ton vn c gi l
kho MIC (kho m ton vn bn tin). u tin, a ch MAC ca
ngi gi c XOR vi TK to thnh kho pha 1 ( i khi c
gi l kho trung gian). Kho pha 1 sau c trn vi mt chui s
to nn kho pha 2, kho tng gi. u ra ca kho pha 2 c a
ti b to WEP nh l kho m WEP chun 128bit (IV + kho b mt
chia s). Phn cn li ca tin trnh xy ra nh trong thc hin WEP
thng thng. S khc nhau l tin trnh xy nh trong thc hin WEP
thng thng. S khc nhau l chng ta khng tt c cc client s
dng cng kho m WEP (thay i kho pha 1) v chng ta khng
89
Vin i Hc M H Ni
n tt nghip
xy ra tng quan gia cc IV (trong trng hp ny l chui s) v

kho mi gi (kho pha 2). Tn cng cc kho yu b tht bi bi v IV
khng cn tng quan vi kho m mi gi.N c thc hin bi b
m ho Feistel thit k bi Dong Whiting v Ron Rivest. Nh rng vn
trong thit k WEP c bn l IV tng quan vi kho m b mt v
a mt cch n gin vo RC4. Vi TKIP pha 1 m bo rng tt c
client s c kho trung gian khc nhau. Sau , pha 2 trn kho trung
gian vi chui s trc khi a n vo RC4. Nh chng ta c th thy,
tin trnh ny rc ri hn nhiu vic n gin a IV vo kho m b
mt ri a n ti RC4. TKIP s dng kho m mi gi sa cha sai
st ca WEP trong thc thi RC4
Hnh 4.2 : Chc nng xo trn m kha tng gi
Chc nng tng ci MIC (m ton vn bn tin) gi l Michael.
90
Vin i Hc M H Ni
n tt nghip
Thay cho s dng CRC 32 bit n gin, chc nng MIC mi ch

s dng hm bm c thit k bi Neil Ferguson. Khng nh tuyn,
iu ny gy kh khn ln vi k tn cng c th thay i mt gi
trong truyn dn. Michael yu cn cc u vo : kho MIC, a ch
ngun, a ch ch, bn r. Bng vic kt hp a ch ngun v a ch
ch ton vn MAC c xc thc. u ra Michael di 8 bytes v c
ni thm vo trng d liu
Cc lut tng ci sp xp cc IV.
TKIP thot khi vn xung t IV ca WEP bng hai lut n
gin : Trc tin, khng gian IV c tng t 24 ln 48 bit. Ti tc
54 Mbps, iu ny c ngha l 1000 nm mi lp li 1 IV. Th hai,
TKIP yu cu IV tng t 0 v rt ra khi chui gi. Trong cc thut
ng bo mt, mt khng gian IV rng hn (chui s) c ngha l xung
t IV v cc tn cng tng ng l khng th xy ra na.
6.2 AES.
AES l b m ho thuc chun 802.11 i mi c a ra khc
phc nhng nhc im ca m ho bo mt khng dy. Tuy nhin ,
trong c t 802.11i AES c tnh bt buc khng ging TKIP mang
tnh la chn.
AES l c ch m ho theo FIPS_ferderal information Processing
Standards. Tiu chun x l thng tin lin bang c a ra nhm thay
th RC4. AES c phng thc a dng, nhng c t 802.11i la chn
phng thc b m vi giao thc CBC_MAC (CCM), thng c
91
Vin i Hc M H Ni
n tt nghip
xem nh AEC_CCMP. Phng thc b m cung cp m ho, trong

khi CBC_MAC cung cp xc thc v ton vn d liu.
Tng t RC4, AES c thit k nh mt thut ton kho i
xng, c ngha l bn m v gii m vi cng mt kho b mt chia s.
Khng ging b m ho lung ca RC4, dng m ho tuyn tnh 1 byte
ti mt thi im (dng XOR), b m ho AES thc hin vi on 128
bit, do AES c gi l b m ho khi.
CCMP v TKIP chia s nhiu thuc tnh. Cng s dng kho m
thi gian 128 bit ly t kho ch c s dng trong giao kt 802.1x .
CCMP cng s dng IV 48 bit c xem nh s gi (PN).
Ging nh TKIP, CCMP c thut ton MIC m bo rng gi
khng b can thip. Tuy nhin, MIC s dng trong CCMP hot ng
khc thut ton Micheal trong TKIP, tnh ton MIC trong CCMP da
trn thng tin khi u t IV v cc thng tin tip u khc. Hn na,
n hot ng on 128bit c mang t mt khi ti khi tip theo
cho n khi ti cui ca bn tin r, y gi tr cui c tnh.
Tin trnh m ho phng thc b m AES cng khc nhiu so
vi WEP/ TKIP v RC4. Trc tin , u ra ca b m ho AES l 128
bt vi d liu u vo cng t IV v thng tin tip u khc. Tip
theo , ton b bn tin r c phn on thnh cc on 128 bit v
c XOR vi u ra ca b m ho AES 128 bit ti mi thi im. B
m ho lp li tin trnh ny ( tng b m sau mi khi 128 bit) cho
ti khi ton b bn r c m ho. Cui cng, n thit lp li b m
v 0 v XOR gi tr MIC, sau gn vo cui khung.
92
Vin i Hc M H Ni
n tt nghip
Kt qu ca phng thc tng cng ny l m ho mnh hn

nhiu . Tuy nhin, ch rng cc tip u thm vo vt qu CPU ca
c cu WEP/ RC4 thng thng. Do , AES yu cu phn cng mi
c pht trin v iu ny gii thch ti sao n khng tng thch
ngc vi cc thit b khng dy th h 1 ang tn ti.
7. Thit lp c ch xc thc ngi dng.
7.1 EAP.
EAP c to ra ban u nh mt phn m rng cho PPP.
tng l thit lp mt khung tng qut cho cc phng thc xc thc.
Ni cc khc , PPP ci thm cc module xc thc. Theo cch ny,
chng ta c th xc thc ngun dng ca mnh theo cch chng ta
mun. V d, c th s dng , nhng th nh password, certificates,
tokens, PKI, Smartcards kerberos, biometrics (sinh trc hc) hoc a
chun xc thc ca chng ta vo. C mt chun m ngha l chng ta
c th kim sot c s pht trin khai trong tng lai bi v cc
phng thc tng li hin cha c pht minh lun lun c th c
thm vo EAP.
7.2 Khung 802.1x.
802.1x n gin l mt giao thc EAP hot ng mng c
dy v khng dy. 802.1x c 3 thnh phn c bn ca n:
- Supplicant : ngi s dng hoc client yu cu truy cp mng.
93
Vin i Hc M H Ni
n tt nghip
- Authenticator : i tng trung gian m kho / cho php lu lng

chuyn qua thng l AP.
- Server xc thc b my qun l thng tin xc thc thng l
RADIUS.
Hnh 4.3 : Khung 802.1x
7.3 C ch xc thc.
Authenticators kim sot lu lng, thc t, chng ta hot ng
ging nh cc ca mt firewall ng. Nu chng ta khng c xc
thc, chng khng cho php bt k mt lu lng no ca chng ta i
qua ngoi tr cc bn tin 802.1x. Sau khi chng ta xc thc, lu lng
ca chng ta mi c cho php. Tt c iu ny c thc hin s
dng 2 cng o : 1 cng c iu khin v mt cng phi iu khin.
Cng phi iu khin ch c s dng bi authenticator giao tip
vi server xc thc. Cng c iu khin bt u vi trng thi khng
xc thc, ngn tt c cc lu lng. Sau khi client c xc thc, cng
94
Vin i Hc M H Ni
n tt nghip
c iu khin chuyn sang trng thi xc thc v lu lng mng

c cho php chuyn qua.
Hnh 4.4 : Cc cng iu khin v phi iu khin
Hnh 4.5 : Cc thc xc thc 802.1x hot ng
95
Vin i Hc M H Ni
n tt nghip
Supplicant (client) bt u bng vic gi khung EAP Start. iu ny

authenticator bit rng c ngi ang g ca v mun vo.
Authenticator p li vi mt khung EAP Request / Identify, ging nh
cu hi Ai , Supplicant p li vi mt khng EAP Request /
Identify khc xc nhn chnh h (v d nh tn ngi dng),
Authenticator chuyn thng tin ny ti server xc thc.
96
Vin i Hc M H Ni
n tt nghip
Server xc thc sau gi ti authenticator khung EAP

Request bao gm mt s yu cu th kim tra tin cy, nh yu cu
password. Authenticator chuyn yu cu th ti supplicant m s a
ra p ng thch hp. Autheticator nhn p ng ny v chuyn n n
server xc thc. Tip theo , server xc thc nh gi s tin cy v p
li vi khung EAP Success Cor Failure ti Authenticator. Nu nhn
c bn tin EAP success , authenticator s chuyn trang thi cng
c iu khin t khng xc thc sang xc thc v lu lng mng s
c bt u chuyn qua ngay lp tc. Nh chng ta c th thy,
supplicant v server xc thc khng bao gi trao i trc tip. Tt c
giao tip c chn v chuyn tip bi authenticator. Khi client c
xc thc , n mi c php truy nhp ti nguyn mng.
802.1x c th c s dng bo mt ti tng trm hoc tng
phin quan trng. Nh rng trong mt trng WEP, tt c c cng mt
kha m b mtWEP chia s. By h , vi 802.1x mi client c th c
kha m b mt WEP chia s ca chnh mnh. Bng cch ny, cho d
khi chng ta s dng cng c crack WEP thnh cng, chng ta ch thu
c kha m ca mt ngi hoc mt phin ring l.
Khng ging WEP truyn thng, s dng cng kha m b mt
chia s cho mi ngi dng v mi phin , 802.1x khng s dng cc
kha m gii m ton b lu lng mng. K thut ny thng c
coi nh WEP ng v c s dng nhm gim mt s nguy c lin
quan ti WEP v nhng im yu c cng khai ca n. Hn na ,
do 802.1x cho php to kha m t ng, chng ta c th bt cc client
ca mnh thay li kha m theo chu k, bng cch dn ti t xung
97
Vin i Hc M H Ni
n tt nghip
t IV hn. Nu chng ta qu lo lng chng ta c th thay i key theo

chu k 30s.
Vi TKIP, 802.1x c th c s dng m bo phn phi
kha ch c s dng trong m kha v kha MIC. Nhng hy i
cht, cn cc vn khc na.
Ngay khi bt u, cc thnh phn 802.1x m cnh ca thc
hin nhng th m khng bao gi c th xy ra trc y trong mi
trng 802.11.
Trc tin, ngi dng by gi c th c phn bit ring l v
c xc thc. Trong mi trng WEP trc y, tt c mi ngi chia
s cng kha m WEP. Khi ngi dng c xc thc, tt c nhng g
chng ta bit v h ch l kha m WEP. Tuy nhin, thng tin ny
khng th cho chng ta bit l Stephanie t b phn thanh tan. Vi
802.1x, mt ngi dng c xc thc c nhn bit ring bit. iu
ny c ngha l by gi chng ta c h tr kim sot AAA xc thc ,
cp quyn v tnh thanh ton. Do chng ta bit ai ang kt ni, chng ta
cng c th i hi thc hin truy cp mng da trn chnh sch c th.
V d, gii hn thi gian/ ngy c th c a ra da trn chng ta l
ai. Thm ch c th lm nhng th nh ch nh ngi dng ngang
hng VLAN.
98
Vin i Hc M H Ni
n tt nghip
7.4 Cc phng thc xc thc EAP

Phng thc EAP m chng ta chn s xc nh s phc tp trong
thc hin nh sc mnh ca gii php bo mt. Mt s phng thc
c ci t sm hn , mt s khc, trong khi mt s phng thc
cung cp bo mt tt hn mt s khc. Hy nh rng phng thc EAP
m chng ta chn phi c h tr bi ton b cc thnh phn ca h
thng 802.1x nh supplicant, authenticator, v server xc thc.
a. MD5.
Phng thc EAP MD5, cung cp mc bo mt thp nht c th
v n l d nht thc thi. Phng thc ny, thng c gi l
CHAP trong cc ng dng PPP truyn thng l d b tn cng i vi
mt s loi tn cng bao gm tn cng t in kh n gin. Thm
na, cc password phi c lu gi trong mt biu r bi server.
Vn khc l n khng yu cu xc thc ln nhau, l im
yu cho nhng tn cng gia. Vic s dng xc thc mt chiu, AP
xc thc client, nhng client khng xc thc AP.
Trong bi cnh PPP truyn thng , iu ny c th c, mang li
quan h phc tp i vi vai tr ca mt server dial _up. Ni cch
khc, trong ng cnh dial_up, mt lng xc nh xc nhn tin cy l
mc nhin bi v client quay s tin chc rng server trn mt u cui
khc ca ng dy chnh l server h mun giao kt, bi v chng ta
l mt ngi quay s vo server.
99
Vin i Hc M H Ni
n tt nghip
Cn mt n lc ng k ngt mng thoi v nh tuyn li cuc

gi ( ni chuyn tip cuc gi) . Khng phi l mt tn cng khng th
xy ra, nhng n mc kh thc hin. Ni cch khc, thit lp mt AP
gi, n gin hn nhiu. Xc thc ln nhau trong ng cnh khng dy
l thc s cn thit.
Hn na, khng ging cc phng thc EAP khc m chng ta s
xem xt MD5 l mt phng thc khng h tr to kho m
WEP/TKIP ng. N khng c c ch to cc kho m cho tng
phin hay tng ngi dng. Tt c nhng iu ny ngha l khng bao
gi nn s dng MD5 trong mi trng sn phm. N ch nn dng cho
mc ch th nghim v m bo tng thch ngc. Trong thc t,
mt s nh cung cp thc s chn xc thc MD5 bi v n khng c
da trn xc thc bo mt.
b. LEAP.
Giao thc xc thc m rng hng nh LEAP cung cp c xc thc
ln nhau v to li kho m WEP ng. LEAP c thit k nh mt
gii php chuyn tip tin 802.1x bi Cisco trong nm 2000. thi
gian u trc khi WPA c thc thi rng ri, Cisco sm tp trung
vo vic to nn mt gii php bo mt mnh m, mm do thay th
WEP v cc yu im ca n.
Tht ng tic , giao thc ny khng phi l mt chun v thuc
s hu ring. Do , n ch c h tr trong thit b Cisco v khng
c chp nhn rng ri trong gii cng nghip. y thc s va l tin
100
Vin i Hc M H Ni
n tt nghip
tt v tin xu. Tin tt l chng ta c th h tr bo mt mng khng dy

trn mt nn tng a nng bi v Cisco h tr cc adapter client trn
mt din ln cc h iu hnh bao gm Windows, Macitosh v linux.
Tin xu l gii php ny ch c thc hin khi mi trng ca chng
ta c cc sn phm thit b Cisco. Chng ta phi s dng cc NIC
client, AP v server RADIUS LEAP hot ng. Vi hu ht cc
cng ty min cng tri buc chnh mnh vo mt gii php ca mt
nh cung cp n nht, LEAP ch nh mt kh nng c th chp nhn
c. iu ny c bit ng trong mi trng hn hp ( nh hospot)
ni m vic ng nht cc nh cung cp khng c m bo.
c. TLS.
Bo mt lp chuyn ti i din cho kh nng bo mt mnh m
nht v kh khn nht trong trin khai. TLS cung cp xc thc ln
nhau, cng nh to li kho m WEP t ng. Giao thc thit lp mt
ng ng m ho / lung t u cui ti u cui cho vic truyn dn
tin cy ca ngi dng s dng PKI. Ni cch khc c client v server
phi s dng chng ch s to mt ng ng bo mt. Thm na,
c mt tin tt v xu . Khi gii php PKI cung cp mc bo mt cao
nht, vic trin khai mt h tng h tr y PKI l mt nhim v
cc k phc tp.
101
Vin i Hc M H Ni
n tt nghip
d. TTLS v PEAP.
TTLS v PEAP l m rng ca TLS. Vi cc phng thc ny,
AP c xc thc bi TLS, sau khi ngi dng c xc thc bi mt
ngi dng khc giao thc ng hm c thit lp. Ni cch khc,
TLS c s dng thit lp mt knh bo mt ( s dng chng ch
pha server), sau giao kt EAP khc c thit lp thng qua knh
bo mt xc thc ngi dng.
- TTLS :
Bo mt lp truyn s dng ng hm h tr xc thc ln nhau
v to li kho m WEP ng. Tuy nhin, khng ging TLS, TTLS ch
yu cu chng ch pha trn server m khng yu cu pha client.
Client c th c xc thc sau bng password. Do , TTLS gn
nh t c mc bo mt ca TLS, nhng n gin hn nhiu trong
trin khai.
- PEAP :
PEAP h tr xc thc ln nhau v to li kho m WEP ng v
ch yu cu chng ch pha server. Bi v vic xc thc client c thc
hin thng qua mt knh bo mt, n c th s dng phng thc t
bo mt hn xc thc client. Chng ta s dng mt chng ch server
xc thc server v sau chng ta c th dng phng thc EAP
khc xc thc client. Do , chng ta c th, trn l thuyt s dng
PEAP vi MS CHAP ver 2.0 v n s c bo mt v MS CHAP
c xy ra bn trong ng hm bo mt PEAP.
102
Vin i Hc M H Ni
n tt nghip
So snh cc phng thc xc thc EAP
Phng
Trin khai c trng
Hng xc
M Ho
phc
Bo mt
thc
WEP
tp trin
khng
dy
Km
thc
Da trn password
Xc thc mt
khng
khai
D dng
TLS
Xc thc da trn
chiu
Xc thc ln
Phc tp
Tt nht
TTLS/P
chng ch
Xc thc server
nhau hai chiu

Xc thc ln
va phi
tt
EAP
thng qua chng
nhau hai chiu
MD5
ch, xc thc client

thng qua cc
phng thc khc
Nh rng cc loi EAP c xut v h tr bi cc nh cung
cp khc nhau. V d , LEAP c ng h bi Cisco, PEAP l
Mircosoft , Cisco v RSA, trong khi TTLS l Funk software v
Certicom. Tuy nhin, MD5 v TLS c h tr rng ri. Khi chn mt
phng thc EAP , mt iu rt quan trng l cn nhc nh cung cp
ng sau cng ngh
802.1x c 3 thnh phn supplicant, authenticator v server xc
thc. Khi chng ta chn phn cng cho mi trng ca mnh, lun nh
103
Vin i Hc M H Ni
n tt nghip
rng 802.1x ( cng nh phng thc EAP m chng ta chn) phi c

h tr tt c cc thnh phn.
802.1x c hiu qu to ln trng bo mt mng 802.11 bi v n h
tr to kho m ng v n khng cn nhng im yu i vi cc tn
cng nh giao thc 802.11 mc phi. Khng ging nh WEP, s dng
kho m trnh c chia s cho tt c mi ngi, 802.1x c th to
kho m ng tng ngi dng hoc tng phin. Hn na, chng ta c
th nhn bit ngi dng n nht v c th thc hin cc hot ng
m trc y l khng th. iu ny c th cho php thc hin cc hot
ng m trc y l khng th. iu ny c th cho php thi hnh
chnh sch bt buc vi tng ngi dng ( nh gii hn thi gian /
ngy).
Nh rng 802.1x l mt khung gin n cho php s dng EAP
thng qua mt mng c dy hay khng dy. Bn thn EAP cng l mt
khung cho php s dng a phng thc xc thc. Do , loi EAP m
chng ta chn l b phn chnh sau l cch n thc thi 802.1x cng
nh cch bo mt mng nh th no. Mt s phng thc EAP kh ci
t hn cc phng thc khc (bi v chng yu cu mt h tng PKI)
v mt s s bo mt tt hn s khc (bi v chng da trn cc thut
ton v k thut bo mt tin tin hn). Tt c cc nhn t phi c
cn nhc cn thn khi la chn mt phng thc EAP.
104
Vin i Hc M H Ni
n tt nghip
8. Bo mt mng khng dy vi VPN.

8.1 VPN.
VPN cho php cc my tnh kt ni ti Internet v truy nhp cc
ti nguyn ca mng ring bit mt cch an ton. Ni cch khc, VPN
cho php my truy cp t xa truy nhp an ton vo mt mng ring bit
thng qua truyn ti (nh internet) khng tin cy. iu ny rt tin li
cho ngi s dng truy cp t xa, cho h c th truy cp an ton ti
nguyn chung khi h ang trn ng ti hoc trn ng v t vn
phng.
VPN ph bin do chng c th tit kim chi ph cho cc dch v
thoi dial- up truyn thng (kt ni trc tip). Do mt phin VPN c
th c thit lp vi bt k mt kt ni Internet no ( bt c u trn
th gii) ch ph v c bn t hn nhiu so vi dial-up, phi cn lng
ln modem dial-up v ch ph cho thoi ng di.
Cc mng khng day thu c li ch t VPN bi v truyn ti
khng dy thng c xem nh khng tin cy. VPN cho php chng
ta da vo nhng giao thc mc cao bo mt d liu, tt hn nhiu
so vi vic cc la chn nh WEP.
Mt server VPN c thit lp cho php mi ngi t mng
ngoi c th truy cp vo cc ti nguyn chung bn trong. Khi bn c
gii php VPN, n c th ng vi tr kp va h tr ngi dng truy
cp t xa, va tng cng bo mt cho ngi dng khng dy. Trong
th gii khng dy, chng ta quan tm n vic bo v s tin cy d
liu bng cch s dng m ha. Do , khi bn t tt c cc AP trong
mt phn on pha ngoi firewall, bn c th buc ngi dng khng
105
Vin i Hc M H Ni
n tt nghip
dy ca mnh s dng VPN truy cp mng. Bng cch ny, tt c

cc client khng dy l tng ng v logic vi ngi s dng truy
cp t xa. S lo lng ch yu ca ngi dng khng dy khi s dng
VPN l chuyn giao gia cc AP. Bt k gii php no da trn m ha
mc cao hn u c kh nng ngt kt ni khi ngi dng chuyn giao
thc gia cc AP. V d, IPSec (lp 3) s ngt khi ngi dng chuyn
ti mt AP mi v n gn mt a ch IP mi. Bng cch kim sot
chc nng DHCP (tri vi vic mi AP c a ch IP khng l thuc)
bn s m bo a ch IP xc nh chc chn khi chuyn giao t AP ti
AP khc.
8.2 Kin trc VPN cho mng khng dy.

a. Network to network.
Network to network m t mt ng hm gia hai mng ring
bit ngn cch v a l. Kin trc VPN ny thng s dng khi cc
mng LAN c kt ni thng qua mng cng cng ngi dng c
th truy cp ti ti nguyn ca mng LAN khc, trong khi h kt ni t
mng LAN ca h. u im ch yu trong cu hnh ny l hai mng
nh lin k nhau v hot ng ca cc gateway VPN l trong sut vi
ngi dng u cui. Trong gin ny , ng hm gi vai tr quan
trng nh cc mng ring s dng RFC 1918 , di nh a ch ring
khng c nh tuyn thng qua internet. Lu lng c bo v
trong cc ng hm cho cc lin kt ni thnh cng.
106
Vin i Hc M H Ni
n tt nghip
Hnh 4.6 : Kin trc Network-to-network
Mt vi d thc t cho ng dng kin trc ny trong mng khng

dy l 2 tr s ca cng mt t chc s dng lin kt khng dy pointto-point. Mc d lu lng truyn dn khng vt ra ngoi h tng ca
t chc, nhng phn truyn dn khng dy c rt ng quan tm
ging nh lu lng c nh tuyn qua mng cng cng.
b. Host-to-network.
Lc host to network xy ra khi ngi dng t xa truy cp
ti mng cng ty thng qua internet. Client di ng trc tin thit lp
kt ni Internet v sau khi to yu cu cho vic thit lp ng
hm bo mt vi gateway VPN ca cng ty. Khi vic xc thc c
hon tt, mt ng hm c thit lp thng qua mng cng cng v
107
Vin i Hc M H Ni
n tt nghip
client tr thnh tng ng vi my trong mng ni. Vi s tng

trng ca i ng nhn vin lm vic ti nh kin trc ny ngy cng
ng dng rng ri.
Vi lin kt cc khng dy point-to-multipoint, bo mt lp 2 l
khng hoc c th gp nhng vn nghim trng v tng thch v
thao tc khi trin khai mt hospot cng cng. y cn c ch m ha
mnh , lp ti khong ngi dng v xc thc cho tt c cc laptop
cng nhng cc thit b khng dy khc. iu ny ko theo kt ni
VPN trung tm vi iu khin truy cp v kh nng qun l ti khon
thng qua cc ng hm VPN kt cui ti . iu ny c th thc
hin thng qua trin khai mt Server RAIDUS, c s d liu ngi
dng v h tng 802.1x . Kin trc VPN The host-to-network gi thit
rng cc host khng dy c kt ni VPN trung tm, nhng khng
truyn thng vi cc host khng dy trong WLAN.
Hnh 4.7 : Kin Trc Host-to-network
108
Vin i Hc M H Ni
n tt nghip
c. Host to host.
Host to host l mt kin thc t thng dng nht , ch gm 2
host c truyn thng v m ha v khng m ha. Trong cu hnh
ng hm c thit lp gia 2 host tt c truyn thng gia chng
c m bo thng qua VPN. Mt v d thc t l mt server lu tr
sao lu t xa. C hai host c kt ni thng qua internet v d liu t
server trung tm c to nh ti server lu tr sao lu. Trong mng
khng dy , kin trc VPN host-to-host c p dng bo v cho
cc WLAN ad-hoc.
Hnh 4.8 : Kin trc host-to-host.
109
Vin i Hc M H Ni
n tt nghip
8.3 Cc giao thc bo mt trong VPN.

a. B giao thc IPSec.
IP Sec c tha nhn rng ri , h tr v chun hua vi mi giao
thc VPN. IPSec l khung lm vic ca cc chun m cung cp mt b
cc giao thc bo mt thc hin trn nn lin kt IP hin ti. N cung
cp c xc thc d liu v c dch v m ha ti lp th 3 v c th
thc hin bt k thit b truyn dn no thng qua IP. Khng ging
nh cc gin m ha khc thc hin lp cao, IPSec hot ng
trong lp thp c th bo v tt c cc lu lng truyn qua IP. N
cng c th c dng chung vi cc giao thc ng hm lp 2
cung cp c xc thc v m ha cho cc lu lng non IP.
IPSec bao gm 3 thnh phn chnh : Authentication header (AH) ,
Encapsulating Security Payload ( ESP) , and Internet Key exchange
(IKE).
- AH c thm vo sau tip u IP, cung cp xc thc mc gi
v cc dch v ton vn d liu m bo rng gi khng b gi
mo trn ng truyn v ton vn n ngi nhn.
- ESP : S dng k thut m ha mnh (RC5, 3DES, Blowfish),
ng gi thng tin, cung cp tin cy, xc thc d liu gc, ton
v d liu, gii hn lu lng truyn v kh nng che du thng
tin IP bn nhn v bn gi.
- IKE : Kha l cng c m ha nhng cn phi trao i gia
cc bn trc khi s dng. trao i kha an ton, giao thc
IKE h tr cc gii thut m ha 3DES, gii thut chia Tiger, gii
thut ch k in t RSA , gii thut xc thc MD5.
110
Vin i Hc M H Ni
n tt nghip
b. PPTP v L2TP.
Ngoi giao thc IPSEC cung cp cc dch v VPN , cn c s
dng 2 giao thc khc l PPTP (point to point Tunneling protocol)
v L2TP ( Layer 2 tunneling protocol). C hai giao thc ny c
tch hp sn trong Windows.
- PPTP
xc thc, PPTP h tr MS- CHAP, MS CHAP V2 v
EAP_TLS. Cc giao thc MS-CHAP va MS-CHAP V2 thc hin s
dng cc username v password. Giao thc EAP_TLS s dng
chng ch server v client, yu cu mt h tng PKI. MS CHAP v2
mnh hn nhiu MS_CHAP v cng cung cp xc thc ln nhau.
Khi uc s dng vi password mnh, MS-CHAP v2 thng c
xem nh mt la chn c th chp nhn c khi bn khng th
trin khai mt gii php bo mt no na nh IPSec. Khi bn s
MS- CHAP v2 im ct yu l i hi lut password mnh ( v d, 8
hay nhiu k t v hn hp c k t cao v thp, cc du, s v cc
k t c bit). EAP_TLS da trn cc chng ch xc thc, cung
cp phng thc mnh nht xc thc.
V pha client EAP_TLS ch c h tr bi Windows XP v
2000. MS-CHAP v2 c h tr bi Windows 95, 98, ME, NT4.0,
2000, XP v CE3.0 (poket PC2002) . Ch rng cc client windows
NT4 yu cu t nht l service pack 4 v cc client windows 95 yu
cu dial up networking 1.3 hoc hn v update bo mt.
111
Vin i Hc M H Ni
n tt nghip
V m ha , PPTP s dng MPPE , b m ha lung da trn

RC4 . di m ha c th 40, 56 hoc 128bit. M ha c thc
hin sau khi xc thc PPP v thit lp lin kt. Do , k tn cng ,
ngi c th bt c lu lng ny, c th dng phin ny cho cc
tn cng t in offline. iu ny gii thch ti sao pass mnh l rt
quan trng.
- L2TP.
L2TP s dng PPP xc thc ngi dng phi hp vi IPSec
m ha d liu. Phng thc ny da trn h tng PKI, nh yu
cu c cc chng ch server v client, thm na l cc y nhim
username/password. ng thi L2TP v IPSec (thng c xem
nh L2TP/ IPSec) cung cp ton vn d liu v xc nhn trn tng
gi c bn. Cc client h tr sn l Windows XP v 2000. Vi
Window98 , ME , v NT4.0 Worrk status phi update patch.
L2PT thc hin u tin l vic xc lp tha thun IKE to
mt giao kt bo mt IPSec. Trong sut tha thun IKE, client v
server trao i cc chng ch v thit lp cc tham s bo mt, bao
gm phng thc xc thc v cc kha c s dng trong phin.
M ha d liu c cung cp bi b m ha khi d liu c
cung cp bi b m ha khi DES ( hay 3DES) vi kha 56 bit
(hoc 168bit vi 3DES).
112
Vin i Hc M H Ni
9.
n tt nghip
Cc k thut pht hin xm nhp IDS

Mc tiu ca vic pht hin xm nhp l xc nh cc hot ng
tri php, dng sai, lm dng i vi h thng my tnh gy ra bi c

ngi dng trong h thng ln ngi xm nhp ngoi h thng.
Pht hin xm nhp tri php l mt vic lm y kh khn do
nh hng ca s tng trng nhanh chng cc kt ni mng, mi
trng my tnh khng ng nht (h iu hnh hn hp), nhiu giao
thc truyn thng v s phn loi ng k ca cc ng dng thng
dng v c quyn. Hu ht cc k thut IDS c xy dng da trn
s khc bit ng x ca k xm nhp vi ngi dng hp l.
Ngi ta phn chia thnh mt s loi IDS nh sau :
Network based IDS v Host based IDS
Network based IDS dng cc phn tch ti mng so snh
d liu phin vi cc d liu bit ca cc du hiu tn cng vo h
iu hnh v ng dng. Khi pht hin c network based IDS c th
phn ng li bng cch ghi li phin truyn thng, cnh bo nh qun
tr, chm dt phin truyn thng v c th a vo firewall.
Host based IDS th phn tch log ca h iu hnh v ng
dng ca h thng, so snh s kin vi c s d liu bit v cc
phm vi bo mt v cc chnh sch c t ra. Chng xem xt log ca
h iu hnh, log truy nhp, log ng dng, cng nh cc chnh sch ca
cc ng dng do ngi dng nh ngha. Nu thy c vi phm chng c
th phn ng bng cch ghi li cc hnh ng , cnh bo cho nh
qun tr v trong mt s trng hp ngng hnh ng trc khi n xy
ra. S kt hp ca network based IDS v host based IDS cung cp
113
Vin i Hc M H Ni
n tt nghip
s bo v ng k v s thi hnh chnh sch vi cng ty mi c v chc

nng kinh doanh.
Misuse based IDS v Anomaly based IDS :
Misuse based IDS c th phn chia thnh hai loi da trn
kiu tn cng, l knowledge based v signature based.
Misuse based IDS vi c s d liu knowledge based lu d
thng tin v cc dng tn cng. D liu kim k c thu thp bi IDS
so snh vi ni dung ca c s d liu v nu thy c s ging nhau
th a ra s cnh bo. S kin khng trng vi bt k s tn cng no
th c coi l nhng hnh ng chnh ng. Li th ca m hnh ny
l chng t khi to ra cnh bo sai do da trn m t chi tit v kiu tn
cng. Tuy nhin m hnh ny c im yu, trc tin vi s lng kiu
tn cng a dng vi nhiu l hng khc nhau theo thi gian s lm c
s d liu tr nn qu ln, gy kh khn trong vic phn tch, thm na
chng ch c th pht hin c nhng kiu tn cng bit trc nn
cn phi c cp nht thng xuyn khi pht hin nhng kiu tn
cng v l hng mi
Hnh 4.9 : Knowledge based IDS

Signture based IDS l h s dng nh ngha tru tng m t v
tn cng gi l du hiu. Du hiu bao gm mt nhm cc thng tin
cn thit m t kiu tn cng. V d nh h network IDS c th lu
tr trong c s d liu ni dung cc gi tin lin quan n kiu tn cng
114
Vin i Hc M H Ni
n tt nghip
bit. Thng th du hiu lu dng cho php so snh trc tip vi

thng tin c trong chui s kin. Trong qu trnh x l s kin c so
snh vi cc mc trong file du hiu, nu thy c s ging nhau th h
to ra cnh bo. Signture based IDS hin nay rt thng dng v chng
d pht trin, cho phn hi chnh xc v cnh bo v thng yu cu t
ti nguyn tnh ton. Tuy nhin, chng c nhng im yu sau:
+ m t v cuc tn cng thng mc thp, kh hiu
+ mi cuc tn cng hay bin th ca n u cn thm du hiu
a vo c s d liu nn kch c ca n s tr nn rt ln.
+ du hiu cng c th th cng to ra t cnh bo nhm, nhng
cng kh pht hin nhng bin th ca n.
Anomaly based IDS da trn gi thit l nhng hnh ng khng
bnh thng l c xu, do trc tin h cn xy dng nhng
mu hnh ng bnh thng ca h thng ri mi xc nh cc hnh
ng khng bnh thng
Hnh 4.10 : Anomaly based IDS

Li th ca h thng ny l c th pht hin c nhng kiu tn
cng cha bit trc. Tuy nhin h thng ny li sinh ra nhiu cnh bo
sai do nh ngha qu chung v cuc tn cng. Thng k cho thy trong
h thng ny, hu ht cc cnh bo l cnh bo sai trong c rt nhiu
cc cnh bo l cnh bo t nhng hnh ng bnh thng, ch c mt
vi hnh ng l c xu, vn l ch hu ht cc h thng u c
115
Vin i Hc M H Ni
n tt nghip
t kh nng gii hn cc cnh bo nhm

Nghin cu chng minh rng hu ht cc h thng c c
im chung l tnh a dng v thay i. Hn na, s nhp nhng ca
giao thc tng di v s khc bit ca cc ng dng lm vic pht
hin cc hnh vi khng bnh thng trong mt mi trung nht nh l
rt kh, v s khng bnh thng l c tnh ca mi trng. Cui
cng, mt vi kiu tn cng mi c kh nng gi mo cc hnh ng
hp php v c th khng b pht hin.
Khi chng ta so snh IDS thng thng ( IDS trong cc mng c
dy) v IDS trong mng khng dy th khc bit duy nht l
topology ca mng v phi r qut trong khng gian ch khng phi
trong dy dn, cn tt c cc thnh phn khc u ging nhau.
Wireless IDS
Cch lm vic ca Wireless IDS c hi khc so vi IDS trong
mng LAN truyn thng. Trong mi trng mng c dy ta c ton
quyn qun l i vi cc loi lu lng c truyn dn trn dy.
Trong WLAN, khng kh l mi trng truyn dn, tt c mi ngi
trong phm vi ph sng ca tn s theo chun 802.11 u c th truy
cp vo mng. Do cn phi c s gim st c bn trong v bn ngoi
mng. Mt khc bit na l Wireless IDS cn cho mng my tnh
trin khai WLAN v c nhng ni cha trin khai WLAN. L do l d
kh nng b tn cng t mng WLAN vo mng LAN cha r rng
nhng l mi e do thc s. S e do ny c coi l ch lin
quan n ai s dng mng WLAN nhng thc s th ton b t chc
mng LAN u nn gim st lu lng lu chuyn trong mng WLAN
116
Vin i Hc M H Ni
n tt nghip
chc chn loi b s e do t khng gian xung quanh. Mt iu

lun phi tm n l cc AP gi mo bt k bn ang dng mng
khng dy hay mng LAN truyn thng .
Wireless IDS c th c cu hnh theo m hnh tp trung hoc
phn tn. Trong m hnh tp trung, mt b tp trung s thu thp tt c
cc d liu tn s 802.11 ca cc cm bin mng ring l v chuyn
chng ti thit b qun l trung tm, ni d liu IDS c lu tr v x
l pht hin xm nhp. Hu ht cc IDS tp trung u c nhiu cm
bin c th pht hin xm nhp trong phm vi ton mng. thun
tin log file v cc tn hiu bo ng u c a v thit b qun l
trung tm, thit b ny c th dng qun l cng nh cp nht cho tt c
cc cm bin. Wireless IDS tp trung ph hp vi mng WLAN phm
vi rng v d qun l v hiu qu trong vic x l d liu.
Trong khi Wireless IDS phn tn bao gm mt hoc nhiu
thit b thc hin c chc nng cm bin v qun l. M hnh ny ph
hp vi mng WLAN nh v c t hn 3AP.
WLAN thng c thit k bo ph mt phm vi vt l rng
ln m bo cho ngi dng hp php c th truy cp thun tin t
nhiu ni khc nhau. Chnh v l d , nhiu im truy cp khng dy
phi c thit lp cc v tr khc nhau trong mng m bo
ng u v tn hiu cho ton mng. Mt quy tc chung khi trin khai
gii php IDS khng dy l cc cm bin phi c t ngay ni AP
c ci t. Li th r nht ca vic lm ny l c th bo v cho mng
WLAN mt cch ton din v trit . Ngoi ra nu tun theo quy tc
ny, k tn cng s b nh v chnh xc d dng hn sau khi ngi qun
117
Vin i Hc M H Ni
n tt nghip
tr xc nh c cm bin no t gn k tn cng nht. Hu ht cc

chnh sch bo mt ca WLAN u xut rng mi truyn thng trong
mng khng dy u cn m ho. Mt thuc tnh khc c th c thc
hin cho Wireless IDS l to mt danh sch cc AP hp l, do bt c
khi no khng nhn din c hay pht hin ra mt AP gi mo Wireless
IDS c th nhanh chng pht hin v cnh bo.
118
Vin i Hc M H Ni
n tt nghip
KT LUN
WLAN ngy cng pht trin v ng vai tr quan trng trong
cuc sng v cng vic do nhng c tnh m n em li.Chnh v s
tin li ca mng khng dy, nn n ang dn thay th cho cc h
thng mng c dy truyn thng. Tuy nhin WLAN do mi ra i nn
cn cha c th thch v cn cha ng nhiu vn trong n
nhng vn bo mt.
gp phn vo vic xy dng gii php bo mt mng khng
dy cho nhu cu pht trin mnh m ca mng khng dy, hin nay v
trong tng lai, ti Bo mt trong mng WLAN i vo nghin
cu vo mt s vn sau:
- Nghin cu l thuyt mng khng dy , phn tch cc c trng
ca mng khng dy, phng thc truyn dn, cc giao thc
mng, cc phng thc m ha bo mt sn c.
- Phn tch tnh d tn cng ca mng khng dy, cc im yu ca
mng v truyn dn cng nh m ha bo mt, phn tch v ch ra
cc nguy c v cc phng thc tn cng.
- a ra , phn tch cc phng thc khc phc im yu v m
ha bo mt, cc phng thc xc thc cho mng khng dy, h
thng VPN cho mng khng dy.
Mc d cc gii php bo mt a ra cn tnh khi qut, cha i
vo chi tit trin khai thc hin nhng n s gp phn cho vic la
chn gii php khi xy dng nn h thng mng khng dy mi hay
119
Vin i Hc M H Ni
n tt nghip
m rng ra t c s mng c dy c. Cc phng thc v gii php a

ra mt phn da trn nn tng m ha v bo mt sn c hin nay , mt
phn l cc phng thc mi ang dn c han thin cho s trin
khai mng khng dy.
Do iu kin v kinh nghim cn hn ch nn n tt nghip
ny cn rt nhiu thiu st v tn ti nht nh. Knh mong cc Thy v
bn b ng gp xy dng thnh mt ti hon chnh.
Xin chn thnh cm n cc thy c v bn b trc tip v gin
tip gip ti hon thnh ti nghin cu ny.
H Ni , thng 6 nm 2009.
Sinh Vin
ng Bch Thy
120
Vin i Hc M H Ni
n tt nghip
TI LIU THAM KHO

01) Mng cn bn
Tng hp v bin dch : VN-Guide, NXB Thng k
02) Mng my tnh Lc dch v bin son : H Anh Phong, NXB Thng k
03) Frank
Ohrtman and KonradRoeder, Wi-Fi Handbook Building
802.11b Wireless Networks- Wi-Fi Security, McGraw- Hill, 2003

04) Jffrey Wheat, Randy Hiser, Alicia Neely, Andy McCullough,
Designing a Wireless Network, SynGress
05) Juliana Aldous, C# Language Specifications, MSPress, 2001
06) Lawrence Harte, Introduction to 802.11 Wireless LAN (WLAN),
ALTHOS, 2004
07)
Matthew A Gast, 802.11 Wireless Networks Definitive Guide,
OReilly, April 2002

08) Michel
Daoud Yacoub, Wireless Technology Protocol Standards
and Techniques, CRC Press, 2002

09)
Mohammad Ilyas,The Handbook of Ad hoc Wireless Networks,
CRC Press,2003
10) Nathan J. Muller, Wireless A to Z, McGraw-Hill, 2003
11) Ramjee Prasad and Luis Muoz, WLANs And WPANs Towards 4G
Wireless, Artech House, 2003
12) Russell Dean Vines, Wireless Security Essentials, Wiley, 2002
13) Stewart S. Miller, Wi-Fi Security, McGraw-Hill, 2003
121
Vin i Hc M H Ni
n tt nghip
122

Bảo Mật Trong Mạng WLAN

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Bảo Mật Trong Mạng WLAN

Uploaded by

Copyright:

Available Formats

Vin i Hc M H Ni

CHNG II : MNG CC B KHNG DY (WLAN).............17

2. Cc thnh phn trong mng WLAN.......................................22

3. Cc chun thng dng ca WLAN............................................29

Hai phng thc kt ni c bn.............................................37

5. Cc phng php iu khin truy xut ng truyn............41

SV thc hin : ng Bch Thy

CHNG III. CC IM YU CA MNG KHNG DY V

3.Cc phng thc tn cng mng khng dy............................71

CHNG IV. CC GII PHP BO MT MNG KHNG

3. Mt s yu cu trong cc gii php bo mt khng dy..........84

SV thc hin : ng Bch Thy

Mt s gii php bo mt mng khng dy :................................85

6. Tng cng ho bo mt...........................................................88

7. Thit lp c ch xc thc ngi dng........................................93

8. Bo mt mng khng dy vi VPN.........................................105

9. Cc k thut pht hin xm nhp IDS...............................113

SV thc hin : ng Bch Thy

SV thc hin : ng Bch Thy

Hnh 2.11 : cu trc khung ca TDMA. 44

SV thc hin : ng Bch Thy

EAP Extensible Authentication Protocol.

WEP Wire Equivalent Privacy.

CHNG I : TNG QUAN V MNG KHNG DY

1 Gii thiu v mng khng dy v lch s pht trin

SV thc hin : ng Bch Thy

Mc d mng khng dy xut hin t nhiu thp nin nhng

2. Phn loi mng khng dy

3. Vn k thut trong mng khng dy

SV thc hin : ng Bch Thy

Nhng vin cnh di hn th ln hn nhiu. Nhiu thit b gia

hng bi suy lun mo hn cc cng ngh khng dy, va bi v cng

Thay cp IEEE1394 ni gia thit b in t a phng tin

Thit lp tuyn bus chung khng dy tc cao gia PC vi

Thay cp v Bluetooth trong cc thit b th h mi, nh

SV thc hin : ng Bch Thy

To kt ni khng dy tc cao cho thit b in t dn

SV thc hin : ng Bch Thy

truy cp cng cng hotspot, cng ngh WiMAX c kh nng ph sng

SV thc hin : ng Bch Thy

Hnh 1.1 M hnh ng dng mng Wimax c nh

SV thc hin : ng Bch Thy

phn tn ti cc a phng nh nng thn v cc vng su vng xa

SV thc hin : ng Bch Thy

CHNG II : MNG CC B KHNG DY (WLAN)

Cng ngh tri ph ln u tin xut hin.

2,4 Ghz, 5Ghz).

Nhy bng tn rng NPRM c FCC cng b.

SV thc hin : ng Bch Thy

nhau. Kh nng chnh l cc thit b c kh nng truyn thng tin trong

nhin v tn hiu c th c gi mt khong cch xa nn d b chn.

1.4 Di tn hot ng ca WLAN

c gi theo thng mi l WiFi (mt tn thng mi ngn gn).

2. Cc thnh phn trong mng WLAN

kt ni qua dy cp).Trong phn ny chng ta s xem xt v nhng

SV thc hin : ng Bch Thy

khng dy truyn d liu. Tuy nhin, khc vi card mng c dy,

Hnh 2.1 : Wireless NICs

nhn sng truyn n t mt my v chuyn n sang phn cn li ca

SV thc hin : ng Bch Thy

Hnh 2.2 : wireless access point

SV thc hin : ng Bch Thy

Mt wireless gateway l mt im truy nhp c th gn tm thi

SV thc hin : ng Bch Thy