Scribd Logo
Upload

Welcome to Scribd!

  • An Ninh Internet

    Uploaded by

    Dương Nguyễn Tiến
    5 views5 pages
    an ninh internet

    Copyright

    © © All Rights Reserved

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    an ninh internet

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    5 views5 pages

    An Ninh Internet

    Uploaded by

    Dương Nguyễn Tiến
    an ninh internet

    Copyright:

    © All Rights Reserved
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    1.

    SSL (Secure Sockets Layer): L giao thc an ninh thng tin mng c s dng
    rng ri nht hin nay nhm m ha v cung cp mt knh an ton gia cc my tnh
    trn Internet hoc mng ni b. SSL thng c s dng khi mt trnh duyt web cn
    kt ni bo mt n mt my ch web. Hot ng tng phin (session layer) ca m
    hnh tiu chun OSI.
    Nguyn tc hot ng SSL:

    SSH l ch vit tt ca cm t Secure Shell, l mt giao thc gip thit lp mt


    kt ni n ti nguyn mt cch bo mt. Trong m hnh TCP/IP, SSH nm
    tng th t, tc l tng ng dng ca m hnh ny.
    Nguyn tc hoat ng
    SSH lm vic thng qua 3 bc n gin:
    *nh danh host - xc nh nh danh ca h thng tham gia phin lm vic SSH.
    *M ho - thit lp knh lm vic m ho.
    *Chng thc - xc thc ngi s dng c quyn ng nhp h thng.
    2. Khi nim v Firewall
    Firewall l h thng nhm ngn chn s truy nhp khng hp l t mng ngoi
    vo mng trong. H thng firewall thng bao gm c phn cng v phn

    mm. Firewall thng c dng theo phng thc ngn chn hay to cc lut i vi
    cc a ch khc nhau.

    Hn ch ca firewall
    o Khng th chng li cc tn cng b qua firewall.
    o Khng chng li c cc mi e da t bn trong.
    o Khng chng c s ly nhim cc chng trnh virus v m c.

    Cc kin trc ca firewall

    Screened Host Firewall System (Single-homed bastion host)

    Screened Host Firewall System (Dual-homed bastion host)

    Screened-subnet Firewall System

    3. Phn loi Firewall


    C 2 loi Firewall chnh

    Firewall tng lc gi
    Hot ng tng mng
    Loi tng la u tin v n gin nht
    Kt ni trc tip gia mng bn trong v mng bn ngoi

    u im
    - Tc x l nhanh
    - D dng trin khai, ci t v bo tr
    - ng dng c lp

    Nhc im
    - Khng kim sot c d liu t lp 4 tr nn
    - Khng h tr tnh nng xc thc ngi dng
    - Khng ngn chn tn cng gi mo a ch
    - Mc an ninh thp

    Firewall tng ng dng


    Hot ng tng ng dng
    Thit k nhm tng cng chc nng kim sot cc loi dch v, giao
    thc c cho php truy cp v h thng mng

    u im
    - Hon ton iu khin c tng dch v trn mng
    - Hon ton iu khin c nhng dch v no cho php
    - Kim tra xc thc rt tt, ghi chp li thng tin vtruy cp h
    thng
    - Lut lc cho cng ng dng d dng cu hnh v kimtra hn so
    vi lc gi tin

    Nhc im
    - Tc chm, hiu sut thp do x l trn nhiu tng
    - Cc dch v h tr b hn ch
    - Kh nng thay i m rng hn ch
    - Ci t v bo tr phc tp
    - Kh nng trong sut i vi ngi dng cui hn ch
    3. Phn bit: Firewall lc gi v Firewall ng dng
    Firewall lc gi
    - Ch c kh nng cn lc packet da
    vo a ch IP ngun v ch, cng
    dch v ngun v ch ca gi tin
    nhng khng kim tra ni dung gi
    tin. V khng c kh nng tm n cc
    flag ca TCP header
    - t nht l 2 giao din mng
    - Cc kt ni khng kt thc trn
    Firewall
    - Khng c kh nng theo di trn b

    Firewall tng ng dng


    - S dng Proxy kim sot cc kt
    ni i vo. Cc gi tin vo v ra h
    thng s khng th truy cp cc dch
    v nu nh khng c Proxy. Chc
    nng dng kim sot cc dch v,
    giao thc c php truy cp.
    - C nhiu giao din mng
    - Cc kt ni u kt thc trn Firewall
    - Kim tra ton b ni dung gi tin

    cc packet ca cng mt kt ni.


    - Hot ng tng mng m hnh OSI.

    - Hot ng tng ng dng m hnh


    OSI
    - X l lu lng thp hn Firewall
    - X l lu lng ln hn Firewall lc gi.
    ng dng
    - Bo mt cao
    -Bo mt thp
    4. Phn bit FW v Router?
    Firewall
    Router
    - Gim st, ngn chn gi tin vo ra - Chc nng nh tuyn thc hin cc
    gia Intranet v Internet. Thit lp c
    kt ni truy cp t xa hay cc kt
    ch iu khin dng thng tin gia
    ni WAN cho h thng mng LAN.
    mng bn trong v mng Internet
    - C th ly router lm firewall
    - Khng th ly firewall lm router
    - Hot ng tng 3
    - Hot ng tng trn ca router
    5. VPN client - to - side + RADIUS (s v phn tch)

    1/ RADIUS Access Client gi mt authentication request cha thng tin


    nhn dng (ID) v thng tin kt ni (Connection) ti Network Access
    Device (RADIUS client).
    2/ Khi NAD nhn mt yu cu kt ni t pha user, n n thun thc hin
    qu trnh m phn vi user thit lp thng tin kt ni (Username,
    password, NAD port,). Sau khi c nhng thng tin ny, NAD gi mt
    authentication request ti RADIUS server m cha thng tin user.
    3/ RADIUS server s tm kim thng tin user trong local or remote
    RADIUS authentication database. RADIUS xc nhn username, password
    c hp l hay khng.
    4/ Nu hp l, RADIUS server tr v cho NAD thng ip Access-Accept,
    cng nh danh sch thng tin c lu trong database, nh cc tham s
    quyn (authorization) v kt ni (connection).
    5/ Nu khng hp l, RADIUS server tr v thng ip Access-Reject.
    Da trn thng tin nhn c t RADIUS server, AD s accept hoc reject
    connection request t user. Sau khi user c chng thc v kt ni c
    thit lp, AD c th forward d liu accouting ti RADIUS server
    logging.
    V v phn tch t x

    6.

    VPN site - to - site +RADIUS (s v phn tch)

    7.

    - V, phn tch, chnh sch, b lut ca mng Extranet + DMZ

    You might also like