B GIO DC V O TO - TP ON BU CHNH VIN THNG VIT NAM

HC VIN CNG NGH BU CHNH VIN THNG

--------------------------------

NGUYN C

NGHIN CU VN BO M AN TON V AN
NINH H THNG THNG TIN CA CC AN TON
BC X HT NHN
CHUYN NGNH: TRUYN D LIU V MNG MY TNH
M S: 60.48.15

TM TT LUN VN THC S K THUT

H NI - 2010

Lun vn c hon thnh ti:

Hc vin Cng ngh Bu chnh Vin thng
Tp on Bu chnh Vin thng Vit Nam

Ngi hng dn khoa hc: TS. L Ch Dng

Phn bin 1:

Phn bin 2:

Lun vn s c bo v trc hi ng chm lun vn ti Hc

vin Cng ngh Bu chnh Vin thng
Vo lc: ....... gi ....... ngy ....... thng ....... nm.
C th tm hiu lun vn ti:
-

Th vin Hc vin Cng ngh Bu chnh Vin thng

1
M U
Cng vi s pht trin rt nhanh ca cng ngh thng tin, v
c bit l s bng n ca mng Internet ton cu l mt thnh qu
to ln ca nhn loi. Chng ta s khng nhc li nhng li ch hin
nhin v to ln m Internet cng nh mi trng trc tuyn mang
li. C th ni rng, trong mi trng ton cu ha hin nay, cc c
quan ban ngnh hay cc doanh nghip, c bit l Cc An ton Bc
x, Ht nhn gn nh kh c th p ng c nhng yu cu nhim
v m ng, Nh nc giao ph v pht trin nu coi mnh l c o
v khng kt ni vi mng thng tin ton cu Internet.
Tuy nhin, vic ton cu ha cng c nhng mt tri ca n,
bn cnh nhng li th m Internet mang li, chng ta cng phi
chun b cho mnh kh nng i ph vi nhng thch thc
mi, l lm sao ha nhp vi th gii m vn bo v c mnh.
Thc t c rt nhiu hnh thc tn cng, ph hoi, ly cp thng tin,
ti nguyn trn mng, t nhiu loi i tng khc nhau, cho nhng
mc ch khc nhau...Nhng hnh ng ny ang xy ra hng ngy,
hng gi ti bt c u. Chng ta c th lin tc c c tin tc v
nhng v tn cng, xm nhp an ninh trn mng Internet do hacker
hoc virus gy ra, mc tiu b tn cng t nhng mng my tnh
c bo v ti tn nh nhng h thng my tnh ca B quc phng
M, nhng h thng thng mi trc tuyn, nhng t chc cng ty
ln nh eBay, Amazone, Microsoft... ti nhng my tnh PC kt ni
mng ca ngi dng n l..., li nhng tc hi v nh hng rt
to ln.
- Thc t cho thy mt h thng my tnh khng m bo
c tnh bo mt v an ninh thng thng s em li tc dng
ngc, cc thng tin, d liu nhy cm trn mng d dng b xp

2
nhp tri php, chin lc kinh doanh khng cn tnh b mt i vi
i th cnh tranh, cng nh nhng hnh ng ph hoi c th lm
mng b gin on hot ng, hoc hot ng khng hiu qu, u t
h tng lng ph....
- Vn m bo an ton, an ninh thng tin, m bo an
ton mng my tnh l mt vn kh rng, lin quan ti nhiu vn
, t nhng chnh sch qun l, lnh vc k thut cng ngh, ti
thi quen v thc ngi dng....
Vic m bo an ton v an ninh trn mng l mt
nhim v rt cp thit v quan trng, i hi phi u t
nghin cu mt cch ton din, khoa hc; xut nhng
phng n bo v trit , cht ch, kinh t v kh thi; ng thi cn
trin khai ng b ngay t khi trin khai h tng mng. m bo
c vai tr chc nng v nhim v m n v c giao ph.
Trong khun kh lun vn Nghin cu vn bo m An
ton v An ninh h thng thng tin ca Cc An ton Bc x v Ht
nhn tp trung ch yu n mt s ni dung c bn sau:
Chng 1: Tng quan v An ton Thng tin.
Chng 2: H thng thng tin ca Cc An ton Bc x, Ht
nhn v cc vn gp phi trong qu trnh vn hnh.
Chng 3: Cc gii php m bo an ninh v an ton thng
tin.

3
CHNG 1: TNG QUAN V AN TON THNG TIN
1.1 Tng quan v an ton thng tin
Thng tin c th tn ti di nhiu dng. N c th l nhng
bn in hoc vit tay, nhng lu tr in t, di chuyn bng th hoc
dng nhng bin php in t, hnh nh trn nhng on phim, hoc
li ni trong nhng cuc hi m. Cho d thng tin dng no i
na, hoc l nhng cch thc m n chia s hoc lu tr, th n phi
lun lun c bo v thch ng.
1.1.1. An ton Thng tin:
- An ton thng tin ngha l thng tin c bo v, cc h
thng v nhng dch v c kh nng chng li nhng tai ho, li v
s tc ng khng mong i, cc thay i tc ng n an ton
ca h thng l nh nht.
- H thng c mt trong cc c im sau l khng an ton:
Cc thng tin d liu trong h thng b ngi khng c quyn truy
nhp tm cch ly v s dng (thng tin b r r). Cc thng tin trong
h thng b thay th hoc sa i lm sai lch ni dung (thng tin b
xo trn)...
- Thng tin ch c gi tr cao khi m bo tnh chnh xc v
kp thi, h thng ch c th cung cp cc thng tin c gi tr thc s
khi cc chc nng ca h thng m bo hot ng ng n.
- Mc tiu ca an ton bo mt trong cng ngh thng tin l
a ra mt s tiu chun an ton. ng dng cc tiu chun an ton
ny vo u loi tr hoc gim bt cc nguy him. Do k thut
truyn nhn v x l thng tin ngy cng pht trin p ng cc yu
cu ngy cng cao nn h thng ch c th t ti an ton no .

4
Qun l an ton v s ri ro c gn cht vi qun l cht lng.
Khi nh gi an ton thng tin cn phi da trn phn tch cc ri
ro, tng s an ton bng cch gim ti thiu ri ro. Cc nh gi cn
hi ho vi c tnh, cu trc h thng v qu trnh kim tra cht
lng.
- Cc yu cu an ton bo mt thng tin
Hin nay cc bin php tn cng cng ngy cng tinh vi, s
e do ti an ton thng tin c th n t nhiu ni theo nhiu
cch chng ta nn a ra cc chnh sch v phng php phng
cn thit. Mc ch cui cng ca an ton bo mt l bo v cc
thng tin v ti nguyn theo cc yu cu sau:
m bo tnh tin cy (Confidentiality): Thng tin khng
th b truy nhp tri php bi nhng ngi khng c thm quyn.
m bo tnh nguyn vn (Integrity): Thng tin khng th
b sa i, b lm gi bi nhng ngi khng c thm quyn.
m bo tnh sn sng (Availability): Thng tin lun sn
sng p ng s dng cho ngi c thm quyn.
m bo tnh khng th t chi (Non-repudiation): Thng
tin c cam kt v mt php lut ca ngi cung cp
- Mt s bin php kim tra h thng ca bn c trin khai
cc bin php an ninh c bn hay khng? iu kin cn kim tra
vic trin khai cc bin php an ninh c bn ca mt h thng nh
sau:
1. Chnh sch an ninh chung (Security Policy)
2. T chc an ton thng tin (Organizing Information
Security)
3. Qun l s c an ton thng tin (Information Security
Incident Management)

5
4. Xc nh, phn cp v qun l ti nguyn (Asset
Management)
5. An ninh nhn s (Human Resources Security)
6. An ninh vt l v mi trng (Physical and Environmental
Security)
7. Qun tr CNTT v mng (Communication and Operations
Management)
8. Qun l truy cp (Access Control)
9. Pht trin v duy tr h thng (Informations System
Acquisition, Development and Maintenance)
10. Qun l tnh lin tc kinh doanh (Business Continuity
Management)
11. Yu t tun th lut php (Compliance)
Tiu chun xy dng mi kim sot theo cu trc sau:
Mc tiu ca phn kim sot:
Nu ra tiu ch cn t c ca kim sot
Kim sot:
nh ngha v m t kim sot
Hng dn thi hnh:
Cung cp nhng thng tin nhm h tr vic thi hnh kim
sot v t c mc tiu ra. Mt s hng dn c th khng ph
hp trong mi trng hp v v vy, nhng cch thi hnh khc c th
ph hp hn.
1.1.1.1. Chnh sch an ninh chung:
Chnh sch an ninh chung cp n s h tr ca cp qun
l, cam kt v nh hng trong vic t c cc mc tiu v an
ton thng tin, bao gm hai phn chnh:

6
Vn bn chnh sch an ton thng tin c nh ngha l
mt vn bn mang tnh khi nim, khng c th v phng thc thi
hnh, bao gm cc tiu ch an ton thng tin ca mt t chc.
Xem xt cp nht chnh sch an ton thng tin Chnh sch
an ton thng tin cn c quy trch nhim v giao quyn qun l
cho mt ch th. Ch th ny s chu trch nhim pht trin, xem xt
cp nht v nh gi chnh sch an ton thng tin.
1.1.1.2. T chc an ton thng tin:
T chc an ton thng tin cp n nhu cu thit lp mt
c cu qun l nhm xng v kim sot vic thi hnh an ton
thng tin trong mt t chc, bao gm:
Din n qun l an ton thng tin cung cp mt hi ng
a cp nhm tho lun cc vn v an ton thng tin xuyn sut t
chc.
Gim c an ton thng tin (ISSO) ng vai tr l trung
tm lin lc cho cc vn , nh hng v quyt nh lin quan n
an ton thng tin.
Trch nhim an ton thng tin trch nhim lin quan n
an ton thng tin c vch ra v m t c th trong bng m t cng
vic.
Quy trnh kim sot thm quyn m bo nhng yu t v
bo mt c xt n v cc vn lin quan n h thng mi hoc
sa i h thng thng tin c thng qua.
Ngun chuyn gia m bo cc mi quan h vi cc
chuyn gia c lp nhm c th lin h cc ngun lc khng sn c
trong ni b t chc.
Phi hp t chc Duy tr quan h vi nhng i tc chia s
thng tin v nhng c quan lut php c thm quyn.

7
Xem xt c lp c ch cho php thm nh c lp s
hiu qu v mt an ton thng tin
1.1.1.3. Qun l s c an ton thng tin:
Mc tiu ca kim sot ny l nhm m bo tt c cc s c
v nhng im yu lin quan n h thng thng tin phi c lin
lc, thng bo kp thi n cc b phn c thm quyn, cho php
khong thi gian phn hi khc phc s c.
Quy trnh bo co s c v tng trnh ln cp cao hn phi
c son tho k lng v thng bo n tt c nhn vin trong t
chc.
1.1.1.4. Xc nh, phn cp v qun l ti nguyn:
Mc tiu ca vic xc nh, phn cp v qun l ti nguyn
l nhm bo v ti nguyn thng tin ca mt ca t chc, quy trnh
ngh bao gm:
Kim k, thng k ti sn c ch nhm duy tr chnh xc
bng lit k ti sn, v thit lp ch s hu ca tt c ti sn.
Phn loi c ch nhm phn loi ti sn da trn mc
nh hng kinh doanh.
X l thit lp nhng tiu chun x l, bao gm cc quy
trnh lin quan n vic to ra, di chuyn, chuyn giao, hy b cc ti
sn thng tin, da trn phn loi ti sn.
1.1.1.5. An ninh nhn s:
Mc ch ca an ninh nhn s nhm n kh nng ca mt
t chc trong vic gim thiu ri ro lin quan n vn con ngi,
bao gm:

8
Kim tra nhn s - nhng chnh sch nhn s cn m bo
trnh v tnh thch hp ca tt c nhn s c quyn truy cp vo
ti sn thng tin ca t chc.
Trch nhim bo mt nhn vin cn hiu r trch nhim
bo mt thng tin ca mi c nhn,
iu khon v iu kin lao ng nhn vin cn hiu r
trch nhim bo mt thng tin nh l mt iu kin tin quyt trong
iu khon lao ng.
o to: Mt chng trnh o to an ton thng tin cn
c tin hnh cho tt c nhn vin, bao gm nhng ngi ang lm
v nhng ngi mi vo.
Gii quyt vi phm mt quy trnh chnh thc c thit lp
gii quyt nhng vi phm cc iu khon trong chnh sch an ton
thng tin.
1.1.1.6. An ninh vt l v mi trng:
Kim sot bo mt vt l v mi trng cp n ri ro
trong mi trng vt l, bao gm:
a im
Bo mt chu vi vt l:
Kim sot ra vo.
Ti sn
1.1.1.7. Qun tr CNTT v mng:
Kim sot qun tr CNTT v mng cp n kh nng ca
mt t chc trong vic m bo quy trnh vn hnh ca h thng
CNTT ni chung v h thng h tng mng ni ring.
Quy trnh vn hnh.

9
Kim sot thay i.
Qun tr s c.
Nguyn tc tch quyn.
Hach nh kh nng.
Qun l m ngun l.
Quy ch bo tr.
Qun l mng.
Qun l phng tin lu tr d liu.
1.1.1.8. Qun l truy cp:
Kim sot truy cp cung cp cc c ch nhm qun l, kim
sot truy cp n ngun ti nguyn thng tin da trn cc yu cu c
th v kinh doanh v bo mt, bao gm:
Yu cu kinh doanh.
Qun l ngi dng:
ng k v xa ti khon truy cp
Kim sot v xem xt quyn truy cp
Qun l mt khu
Trch nhim ca ngi s dng.
Kim sot quyn truy cp mng:
- Xc thc my u cui mng
- Xc thc ngi s dng pha ngoi
- Xc nh s nh tuyn an ton
- Kim sot an ninh cho cc thit b mng
- Duy tr tnh tch ri ca cc phn vng mng
- Kim sot kt ni mng
- Duy tr an ninh cho cc dch v mng
Kim sot truy cp my c nhn:

10
- T ng nhn dng my u cui
- C ch xc thc an ton
- Xc thc ngi s dng
- Qun l mt khu
- Bo mt nhng cng c h thng
- m bo an ton cho phin truy cp, c ch t ng thot
khi khng c hot ng truy cp.
- Kim sot truy cp ng dng.
- Theo di truy cp
- in ton di ng.
1.1.1.9. Pht trin v duy tr h thng:
Kim sot v duy tr v pht trin h thng cp n nhng
kim sot cn c xy dng nhm m bo:
Yu cu bo mt h thng.
Yu cu bo mt ng dng.
Yu cu mt m.
Tnh ton vn h thng
An ninh trong qu trnh pht trin.
1.1.1.10. Qun l tnh lin tc kinh doanh:
Qun l tnh lin tc kinh doanh kim sot kh nng ca mt
t chc nhm m bo tnh lin tc trong hot ng kinh doanh, bao
gm:
Hoch nh lin tc kinh doanh.
Th nghim tnh lin tc kinh doanh.
Duy tr tnh lin tc kinh doanh.

11
1.1.1.11. Yu t tun th lut php:
Kim sot ny nhm m bo t chc c cc c ch m bo
cc yu cu v lut php, tun th cc lut nh trong ngnh, bao
gm:
o Quyn s hu tr tu
o Bo v cc thng tin t chc
o Bo v d liu khch hng v i tc
o Chng li vic s dng sai nguyn tc
o Cc lut l v m ha
o Thu thp chng c
1.2 Cc An ton Bc x Ht nhn
Cc An ton bc x v ht nhn (c vit tt l Cc
ATBXHN) l c quan trc thuc B Khoa hc v Cng ngh c
nhim v gip B trng thc hin chc nng qun l nh nc v
an ton bc x, an ton ht nhn; an ninh ngun phng x, vt liu
ht nhn, c s ht nhn; kim sot ht nhn v thc hin cc hot
ng s nghip nhm bo m thc hin cc chc nng trn.
Tn giao dch quc t ca Cc An ton bc x v ht nhn l
Vietnam Agency for Radiation and Nuclear Safety (c vit tt l
VARANS).
Cc An ton bc x v ht nhn c t cch php nhn, c
con du ring v c m ti khon ni t, ngoi t ti Kho bc nh
nc v Ngn hng.
Tr s chnh ca Cc An ton bc x v ht nhn t ti
Thnh ph H Ni.
Cc An ton bc x v ht nhn c cc nhim v v quyn
hn ch yu sau y:

12
1. Xy dng, tham gia xy dng d tho, trnh ban hnh theo
thm quyn cc vn bn quy phm php lut, tiu chun, quy chun
k thut, hng dn v an ton bc x, an ton ht nhn (sau y gi
tt l an ton), an ninh ngun phng x, vt liu ht nhn, c s ht
nhn (sau y gi tt l an ninh) v kim sot ht nhn; ch tr hoc
tham gia t chc thc hin, kim tra vic thc hin cc vn bn
c ban hnh; tham gia xy dng ch , chnh sch cho nhn vin
bc x;
2. Xy dng, trnh B Khoa hc v Cng ngh nh hng
pht trin, chng trnh, k hoch 5 nm v hng nm v nhim v
bo m an ton, an ninh v kim sot ht nhn; ch o, hng dn,
t chc v kim tra vic thc hin chng trnh, k hoch c
ph duyt;
3. T chc vic khai bo cht phng x, thit b bc x, vt
liu ht nhn, thit b ht nhn v vic cp, gia hn, sa i, thu hi
giy php tin hnh cng vic bc x, chng ch v an ton cho nhn
vin bc x;
4. Thm nh v t chc thm nh an ton i vi cng vic
bc x; thm nh v t chc thm nh an ninh i vi ngun phng
x, vt liu ht nhn v c s ht nhn;
5. Kim tra, thanh tra, x l vi phm v gii quyt khiu ni,
t co v an ton v an ninh theo thm quyn;
6. T chc thc hin cc hot ng kim sot ht nhn theo
quy nh ca php lut;
7. Thc hin qun l nh nc v cht thi phng x, quan
trc phng x mi trng, kim sot chiu x ngh nghip, chiu x
dn chng v chiu x y t;

13
8. Hng dn lp v kim tra vic thc hin k hoch ng
ph s c bc x, s c ht nhn; tham gia ng ph s c theo thm
quyn;
9. Xy dng v cp nht h thng thng tin quc gia v an
ton, an ninh; xy dng v qun l h thng k ton v kim sot ht
nhn;
10. T chc v phi hp t chc o to, bi dng, hng
dn chuyn mn, nghip v v an ton, an ninh v kim sot ht
nhn;
11. T chc v phi hp t chc tuyn truyn, ph bin cc
vn bn quy phm php lut, cc kin thc v an ton, an ninh v
kim sot ht nhn;
12. Hng dn, ch o v phi hp vi cc S Khoa hc v
Cng ngh, cc c quan, n v c lin quan thc hin qun l nh
nc v an ton, an ninh v kim sot ht nhn;
13. H tr k thut cho cng tc qun l nh nc v an
ton, an ninh; t chc nghin cu p dng tin b khoa hc - cng
ngh v trin khai thc hin cc dch v an ton, an ninh;
14. T chc thc hin cc hot ng hp tc quc t v an
ton, an ninh v kim sot ht nhn; nghin cu, xut vic k, gia
nhp cc iu c, tha thun quc t v an ton, an ninh v kim
sot ht nhn; tham gia thc hin cc iu c, tha thun quc t
m Vit Nam l thnh vin;
15. Qun l cn b, ti sn, h s v ti liu ca Cc An ton
bc x v ht nhn theo phn cp v quy nh ca B Khoa hc v
Cng ngh;
16. Thc hin cc nhim v khc do B trng B Khoa hc
v Cng ngh giao.

14
H thng thng tin ca Cc c cn b thng tin ca Cc
kt hp vi cc chuyn gia nc ngoi xy dng t nhng nm 2008
2009 vi mc bo mt v an ton c tnh c lp v cha cao v
ch tp trung vo mt s h thng c th nh RAISVN v
TRACKER. V y chnh l mt phn l hng ca h thng nu nh
c s tn cng t nhng im yu trong h thng nh mng LAN
hay tn cng vo Mail v Web ca Cc. T nhng Server ny Virus
hoc Hacker rt c th s dng lm bn p tn cng ton b h
thng.
1.3 Kt lun chng:
1.3.1 Tng quan
Chng m u ca lun vn ny gii thiu tng quan v
an ton thng tin. cc bin php kim tra h thng thng tin trin
khai cc bin php an ninh, an ton thng tin hay cha. Nh Chnh
sch an ninh chung (Security Policy); T chc an ton thng tin
(Organizing Information Security); Qun l s c an ton thng tin
(Information Security Incident Management); Xc nh, phn cp v
qun l ti nguyn (Asset Management); An ninh nhn s (Human
Resources Security); An ninh vt l v mi trng (Physical and
Environmental Security); Qun tr CNTT v mng (Communication
and Operations Management); Qun l truy cp (Access Control)
Tm hiu nhim v, quyn hn v h thng thng tin ca Cc
An ton Bc x, Ht nhn t thy c vn cn thit phi
c mt h thng thng tin an ton hn hot ng hiu qu hn. Trong
chng tip theo, ta s i vo nghin cu h thng thng tin ca Cc
An ton Bc x, Ht nhn v cc vn gp phi trong qu trnh vn
hnh.

15
CHNG 2: H THNG THNG TIN CA CC ATBXHN
V CC VN GP PHI TRONG QU TRNH VN
HNH
2.1 Cc yu t lm mt an ton thng tin ca mng my tnh:
Khi nim cc yu t lm mt an ton thng tin c hiu l
s c tnh hoc mt c khai thc im yu hoc tnh trng, m thc
c th v tnh khi to (nh thc) mt im yu.
S mt an ton thng tin l mi e da, l mc , kh nng
m mt trong cc nguyn nhn lm mt an ton thng tin s thc
hin (v tnh hay hu ) khai thc mt hay nhiu im yu ca h
thng thng tin ni chung.
Cu hi t ra l nhng i tng no c kh nng gy nh
hng n an ninh mng? Thc t, cc i tng ny cng a dng
khng km g ng c hay phng thc tn cng ca h. H c th
l bt c ai - l ngi tr tui, ngi gi, nam gii, n gii, nhn
vin trong hay ngi ngoi t chc. H c im chung l c kh
nng tc ng, c kh nng nh cp, ph hoi thng tin nhy cm
ca cng nhm phc vc cho nhng mc ch khc nhau ca h.
Vic nhn dng i tng, bit r bn cht, tm sinh l, quy lut hot
ng l ht sc cn thit c k hoch i ph thch hp.
Di y l mt s i tng chnh c tc ng n an ninh
mng, v thc t nh ni, cc i tng tn cng, ng c v
phng php tn cng th nhiu v k, khng th lit k ht c.
2.1.1.

Con ngi:
V con ngi: c thc hin hoc c cho php bi con

ngi: khng c tnh, s , cu th, thiu hiu bit

16
Cn lu lu nhng nhn vin thi vic hoc chuyn cng
tc, cc i tc, cc hng cung cp,cng phi c lu tm bi h
cng c quyn v c kh nng truy cp thng tin trong c s d liu
thng tin ca chng ta. Cn phi c nhng chnh sch qun l ngi
dng thch hp phng trng hp c kh nng r r thng tin
ny.
2.1.2 i th cnh tranh:
i th cnh tranh:
2.1.3. Gin ip:
Gin ip (Spy):
2.1.4. Hacker:
Hacker:
2.1.5. Ngi t m (Explorer):
Ngi t m (Explorer):
2.1.6. Script Kiddie:
Script Kiddie:.
2.1.7. K trm:
K trm:.
Ngoi cc tc nhn trn, cc yu t khc cng t nhiu c tc
ng n an ton thng tin, tc ng chnh ca cc yu t ny ln an
ninh mng l v mt vt l.
+ T nhin: L lt, ng t, l t, sm st
+ Mi trng: mt in, nhim, cc tc nhn ha hc, r r
nhin liu
+ Chy n, ha ha, chin tranh, khng b
Tm li, i tng v yu t c kh nng nh hng n an
ton thng tin mng rt a dng, phong ph. C th ni, bt c ai c

17
nh, c kh nng tip cn vi thng tin ca t chc u c kh
nng tc ng nguy him n an ton thng tin t chc .
2.2 Hin trng c s h tng h thng thng tin ti Cc
ATBXHN
Cc An ton bc x v ht nhn (ATBXHN) l c quan trc
thuc B Khoa hc v Cng ngh (KHCN) c nhim v gip B
trng thc hin chc nng qun l nh nc v an ton bc x, an
ton ht nhn; an ninh ngun phng x, vt liu ht nhn, c s ht
nhn; kim sot ht nhn v thc hin cc hot ng s nghip nhm
bo m thc hin cc chc nng trn; Cc ATBXNH c tr s ti
70 Trn Hng o, ni y l a im lm vic ca ton b khi
lnh o ca Cc; hin trng h tng CNTT c m t nh sau:
Hin ti c h thng cp mng ang hot ng phc v
kt ni mng trong to nh;
c h thng mng Wifi phc v cc kt ni khng dy;
chng thc bng Key v cha c c ch m ho mnh nhm m bo
an ton thng tin truyn qua mi trng khng kh;
03 my ch HP Proliant ML 370 lm nhim v Web,
Database v Backup;
02 my ch HP Proliant ML 350G4P cha s dng
Firewall ASA 5520
Cha trin khai cc dch v CNTT: qun l User, Email,
Portal, VPN, CA
Phn tch nh gi nhu cu xy dng.
i vi mi n v hnh chnh s nghip khi yu cu u t
xy dng mt h thng CNTT, u c cc yu cu c bn bao gm:

18
ph hp mc tiu qun l nh nc, nng cao hiu nng cng vic,
m bo thng tin an ton v khai thc thun tin.
Xut pht t nhu cu cng vic, hin trng ca Cc
ATBXHN cn thit phi c l trnh u t cc hng mc CNTT nh
sau:
Bc 1: u t xy dng h tng mng ti thiu, bao gm
cc dch v h tng mng; dch v v cc phn mm ti thiu cn c
trong mng. Cc bc thc hin
Trang b mng ni b ( thc hin)
Trang b v xy dng h thng dch v h tng CNTT (l cc
dch v nn tng, to tin trin khai cc ng dng nng cao khc)
bao gm: Dch v qun l ngi dng, phn gii tn min, cp a
ch IP t ng, chng thc ngi dng Wifi, cp chng ch s ni
b.
Trin khai cc dch v s dng chung nh Email, Kt ni
mng ring o, Truy nhp Internet, C s d liu, Website;
Bc 2: Tu vo nhu cu qun l v quy m ca Cc, bc
2 c th trin khai cc ng dng qun l: qun l ti sn, qun l ti
chnh k ton, qun l cng vn, h tr gip quyt nh, Nng cp
v hon thin cung cp cc bi ton p ng cc yu cu qun l ca
Cc ATBXHN; quy hoch ton b h thng m bo s n nh v
thng nht trong ton b Cc ATBXHN v s dng cc phn mm
qun l iu hnh v cc phn mm dng chung. Dch v Hi ngh
truyn hnh kt ni xung cc n v trong Cc v vi B KHCN.
2.2.1. Cc h thng thng tin ang qun l vn hnh:
2.2.1.1. H thng h tr ng k cp php trc tuyn cc ngun
phng x (RAISVN)
Tng quan hin trng h thng RAISVN

19
Qun l chuyn ngnh an ton bc x bng phn mm
ng dng ngun phng x v cc thit b bc x c trin khai
Vit Nam t nhng nm 20 ca Th k trc. Trong nhng nm va
qua, cc hot ng qun l v an ton v kim sot bc x c thc
hin ti Cc Kim sot v An ton bc x, ht nhn (KSATBXHN).
vic qun l c hiu qu v hi nhp vi quc t, Cc
KSATBXHN nhp vo Vit Nam Chng trnh qun l chuyn
ngnh v an ton bc x (Radiation Authority Informatic System RAIS) ca C quan Nng lng Nguyn t quc t (IAEA) nhm h
tr hot ng qun l ca mnh.
T nhng nm 2001, Ban An ton bc x v ht nhn (tin thn ca
Cc KSATBXHN) v sau l Cc tip tc tin hnh Vit ho
chng trnh RAIS thnh e-RAIS, cung cp hng dn s dng cho
cc S Khoa hc v Cng ngh trong phm vi c nc.
Hu ht cc chc nng ca RAIS c th c xem nh chun cho
mt ng dng qun l chuyn ngnh, nhng v y l mt chng
trnh do nc ngoi thit k, cng vi mt s yu cu qun l c th
ca Vit Nam, nhng ngi trin khai ng dng e-RAIS nhn thy
cn phi c nhng thay i ln i vi chng trnh.
S phn tch chc nng ca h thng RAISVN
H thng ng k cp php RAISVN thc hin hai chc nng chnh:
i) Khai bo ng k cp php trc tuyn; ii) Ph cp ti cc n v,
cc S KH&CN.

20
H thng ng
k cp php trc
tuyn RAISVN

Khai bo ng
k cp php
trc tuyn

C s d liu
quc gia

Hnh 1.1. S phn tch chc nng ca h thng RAISVN

Chng trnh RAISVN c xy dng trn m ngun m PHP v h
qun tr c s d liu MySQL. V c xy dng trn ngn ng Web
nn vic b tn cng mng l rt d xy ra v kh nng gy thit hi
l rt ln. Vic t chc phn tn c s d liu cng l mt trong
nhng chnh sch an ninh c tnh n khi xy dng h thng ny.
Hin ti h thng c ci t trn mt my ch ngang hng trong
mng LAN ca cc vi mt a ch IP tnh v tn min tr trc tip
ti, vi cch thit lp mng nh hin trng vic tn cng t bn ngoi
l rt d dng v c kh nng nh sp ton b h thng.
2.2.1.2. H thng c s d liu quc gia v an ton bc x
H thng c s d liu quc gia v an ton bc x l h thng c s
d liu thng k cc ngun phng x hin c ti Vit Nam, qu trnh
vo ra v vng i ca cc ngun phng x t khi c nhp vo
Vit Nam cho n khi khng cn c s dng hoc xut khu. Vic
qun tr cc ngun phng x c mt ngha ht sc to ln l mt
trong nhng vn nhy cm lin quan n chnh tr v vy h thng

21
c s d liu quc gia v an ton bc x cn phi c m bo
tuyt i v an ton an ninh.
Hin trng h thng c s d liu quc gia v an ton bc x; c
phn tch thit k trn nn ngn ng MySQL kt ni cng h thng
RAISVN truy xut v tng hp d liu. H thng c s d liu
quc gia v an ton bc x cng c ci t trn mt my ch v
nm ng sau mt h thng tng la (Firewall) tuy nhin cc chnh
sch thit lp hin ti trn tng la cn rt lng lo v cng rt d b
tn cng, chng hn nh vic m cng 21 cho php vic chuyn vn
giao thc FTP l mt trong nhng l hng tn cng ca h thng.
2.2.1.3. H thng Thanh st ht nhn kt ni trc tip vi c quan
nng lng nguyn t Th gii (IAEA)
Cc An ton bc x v ht nhn (c vit tt l Cc ATBXHN) l
c quan trc thuc B Khoa hc v Cng ngh c nhim v gip B
trng thc hin chc nng qun l nh nc v an ton bc x, an
ton ht nhn; an ninh ngun phng x, vt liu ht nhn, c s ht
nhn; kim sot ht nhn. Mt trong nhng chc nng nhim v
quan trng m Cc phi m nhim l vic kim sot ht nhn,
chnh v chc nng nhim v ny c quan Nng lng nguyn t th
gii IAEA xy dng mt h thng thng tin kt ni trc tip vi
Cc trao i trc tip cc vn bn v cc ti liu mt lin quan.
H thng Thanh st ht nhn c xy dng trn cng ngh VPN kt
ni trc tip gia Cc v IAEA thng qua ng truyn mng ca
Viettel. Tuy l mt h thng c lp nhng cng l mt trong nhng
h thng cn phi c thit lp bo v nghim ngt nhm m bo
an ton an ninh cho cc vn bn ti liu khi x l v y l nhng ti
liu mt ht sc nhy cm v c bit quan trng ca quc gia.

22

2.2.1.4. H thng Kim sot xut nhp khu kt ni vi Tng cc Hi

quan v B Cng Thng.
Tracker l mt h thng s dng Kim sot xut nhp khu kt
ni VPN gia Cc v Tng cc hi quan. H thng ny c s
dng kim sot cc mt hng lng dng v nhy cm. D kin
h thng ny s c kt ni vi h thng RAISVN ca Cc do vy
vic m bo an ton an ninh mng cho h thng l mt vn ht
sc quan trng v phi c tnh n ngay khi thit k h thng an
ninh cho ton h thng.
2.2.1.5. H thng Mail Server, WebServer v mng LAN ti Cc
Cc An ton bc x v ht nhn t t chc hosting trang Web v
qun tr mail Server ring. Hin ti cc h thng ny c ci t
trn cc my ch ngang hng vi mng LAN ca Cc do vy vic b
tn cng l rt d dng v c kh nng nh sp bt k lc no. Vic
thit mt h thng tng ASA bo v cho h thng cn phi tnh n
khi thit k mng cho h thng thng tin ca Cc.

2.3. Kt lun chng

Ni dung chng 2 a ra c cc yu t lm mt An
ton thng tin. Hin trng c s h tng ca h thng thng tin ti
Cc An ton Bc x, Ht nhn v nhng vn m cc phn h
trong h thng gp phi. Nhng yu cu cn p ng ph hp vi
qu trnh pht trin hin ti v tng lai gn.

23

24
CHNG 3: CC GII PHP M BO AN NINH V AN
TON THNG TIN
3.1. La chn phng n k thut cng ngh:
Cn c trn hin trng thc t ca vn phng Cc ATBXHN,
h thng CNTT ca vn phng Cc ATBXHN c thit k nh sau:
3.1 nh tuyn trong mng NGN
3.1.1. M hnh kin trc ca h thng CNTT
3.1.1.1. Kin trc tng th h thng CNTT
- Ti Vn phng Cc ATBXHN s cung cp cc dch v
CNTT c bn cho cc cn b ti Vn phng; kt hp vi cc phn
mm qun l iu hnh dng chung cho ton Cc ATBXHN.
- Cc cn b lm vic t xa v ti cc vn phng a im
khc bc u s lm vic thng qua h thng mng ring o (VPN)
v dn dn kt ni ng truyn gia cc a im vn phng
phc v Hi ngh truyn hnh.
3.1.1.2. Kin trc v h tng mng bao gm:
+ Thit k cu trc mng LAN, WAN
Vi m hnh v cc dch v cung cp trn, h thng mng
LAN s thit k dng mt phn on (mng phng) vi mt di IP
duy nht trong phn on mng. Cc client s truy cp n server
s dng dch v, h thng theo chun IEEE 802.3 cho mng bus s
dng phng thc truy cp CSMA/CD.
Bng phn b IP cho Vn phng Cc ATBXHN v cc n
v thnh vin
STT

n v

Phn b IP

25
STT

n v

Phn b IP

My ch ca Cc

10.1.1.[1-20]

Vn phng Cc ATBXHN (70 TH)

10.1.2.x

Vn phng 2 (Linh Lang)

10.1.3.x

My in mng

10.1.x.[21-50]

Access Point

10.1.x.[51-60]

Gateway Router

10.1.x.[250-254]

Dnh cho my tnh trm (wifi, VPN)

10.1.x.[100-249]

Dnh ring (d phng)

10.1.x.[61-99]

Bng 1.1. Bng phn b IP cho Cc ATBXHN v cc n v

thnh vin
3.1.2. Cc dch v h thng:
Do yu cu ca m hnh kin trc h thng, cc dch v s
c t tp trung ti Vn phng Cc ATBXHN. V vy, ti Cc
ATBXHN s xy dng h thng mng c tn domain l: varans.vn.
Tt c cc my tnh trong mng LAN ca Cc ATBXHN u c
nm trong domain ny. Nh , mi ngi dng c th s dng c
cc ti nguyn chia s trong mng mt cch y , thun tin v
hiu qu nht.
Ti Cc ATBXHN c trang b my tnh ch chuyn dng
cung cp cc dch v cho mng ni b ca Cc ATBXHN. Chc
nng ca cc my ch ny c m t nh sau:
STT

My ch

Tn my

Dch v

26
DNS, DHCP, AD, File
1

My ch s 1 VARANS01

share, FTP, Certificate

Authority, RADIUS

My ch s 2 VARANS02

DNS, AD, Email Server

My ch s 3 VARANS03

Trang thng tin in t

My ch s 4 VARANS04

C s d liu

My ch s 5 VARANS05

Firewall, Proxy, VPN

Server, Backup

Bng 1.2. Bng m t chc nng ca cc my ch

Vi cc yu cu trn, la chn gii php h iu hnh MS
Windows Server 2003/2008 l dng h iu hnh cho my ch lm
nn tng cho vic cung cp dch v trong h thng mng ca Cc
ATBXHN. Vi s cp nht lin tc trong thi gian gn y,
Windows Server 2003/2008 t c n nhng tnh nng ca
mt h iu hnh chuyn nghip.
u im:

Tch hp nhiu cc dch v h tr cho pht trin cc ng

dng Web.

Windows Server 2003/2008 c giao din ha thn thin,

d s dng trong vic cu hnh v qun tr h thng, ph hp
vi trnh ca cc chuyn vin tin hc.

Ngoi ra, do tnh ph dng ngy cng cao ca h iu hnh

Windows Server 2003/2008 v mng li h tr rt mnh

27
ca Microsoft nn m bo tt cho vic bo tr, bo hnh vi
cc chi ph thp hn nhiu so vi cc h iu hnh khc.

Cc phn mm thng mi, dng chung u hot ng trn

nn h iu hnh Windows
Nhc im:

Ch vn hnh c trn cc my ch s dng b iu khin

trung tm (CPU) chun Intel x86, x64 hoc tng ng.
Cc dch v h thng s c trin khai ti Cc ATBXHN

bao gm cc dch v DNS, DHCP, Email, Active Directory, File

Share, FTP v cc ng dng dng chung khc (trn nn h iu
hnh Microsoft Windows 2003 server).
-

Active Directory: Dch v th mc, cho php qun l

tt c cc ti nguyn trn h thng nh qun l account,
qun l my trm, cp pht quyn, qun l thng tin
ngi dngDch v Active directory to ra cng c
qun l tp trung v hiu qu ti nguyn h thng.

DNS: L dch v phn gii tn min tng minh ra a

ch IP v ngc li, dch v DNS cho php ngi s
dng khng phi nh cc a ch IP kh nh m ch cn
nh cc tn gi quen thuc d nh v d nh
www.varans.vn. Dch v DNS ca Cc ATBXHN c
trin khai ni b trong Cc ATBXHN trn my ch phc
v cho vic phn gii tn min trong Cc ATBXHN.

DHCP: Dch v cp pht a ch IP ng. Dch v cho

php my ch DHCP cp pht a ch IP cho cc my
trm mt cch t ng khi my trm cm vo mng,
iu ny to iu kin thun li cho ngi s dng
khng phi cu hnh a ch IP vo mng.

28
-

File Share, Printer share: Dch v chia s d liu v

chia s my in, cho php chia s ti nguyn lu tr trn
cc my ch lm vng lu tr chung cho cc phng
ban hoc gia cc c nhn; chia s my in gia cc my
tnh kt ni mng vi nhau, phc v in qua mng.

FTP: Dch v truyn File, cho php thit lp mt File

Server cho php cc ngi c quyn y cc ti liu ln
hoc ly ti liu v,

C s d liu: Phc v c s d liu cho cc ng dng

khc bao gm Website, Communication Services,
Backup Services

Email: Dch v th tn in t, cho php ngi s dng

trao i th t, qun l danh b, thit lp cc lch hn
trn mi trng mng, dch v th in t ca Cc
ATBXHN c trin khai ni b Cc ATBXHN v c
th kt ni trc tip Internet khi cc ng k tn min
vi VNNIC (trung tm Internet Vietnam).

Antivirus: Cung cp cng c qun l tp trung, cp nht

hiu qu signature, m bo ngn chn v chng li cc
virus tn cng vo h thng mng

Backup v Recovery: Dch v sao lu v khi phc d

liu do h iu hnh cung cp

VPN: Dch v cung cp kt ni cho chi nhnh t xa truy

cp v vn phng Cc ATBXHN thng qua mng
Internet.

Internet Access: Cung cp truy cp Internet cho ngi

dng.

29
-

Dch v Wireless: Cung cp cc kt ni khng dy cho

khch hng; ngi dng trong Cc ATBXHN khi c nhu
cu truy cp h thng Internet ti Vn phng Cc
ATBXHN.

Certificate Authority: cung cp cc chng ch s cho

nhiu mc ch khc nhau nh: k v m ho email, m
ho thng tin gia my trm v Website, m ho d liu
Wifi

Windows Software Update Service: Cung cp dch v

Update t ng cc phn mm ca Microsoft trn Windows nh:
Service Pack, Hotfix, Office Update, Windows Defender, Internet
Explorer; cho php qun l chnh sch tp trung; nng cao hiu nng
s dng ng truyn Internet
3.2. Phng n xut giai on 1:
3.2.1. Dch v Active Directory (AD)
Dch v AD l mt trong dch v quan trng trong m hnh lm vic
trn mng my tnh; qua dch v AD vic phn chia quyn truy cp
thng tin, m bo tnh bo mt trong mi trng chia s trn mng
s c thc hin ti u nht. AD chu trch nhim ton b cc
thng tin v ngi dng, my tnh s dng mng v cc thng tin
lin quan n dch v mng, h tr tiu chun LDAPv3; La chn
AD tch hp vi h iu hnh mng Windows 2003 (theo la chn
mc trn) m bo s tng thch v thng nht trong qun l vn
hnh h thng mng. Cc ATBXHN s s dng m hnh ch mt
forest varans.vn; cc n v s s dng cc domain hin ti ca h
thng ang hot ng. Domain Controller s c t chnh ngay
trn server cung cp dch v ca h thng. Cc forest hon ton c
lp vi nhau.
H thng s dng h thng qun l xc thc ngi dng tp trung
qua Windows 2003 Active Directory (AD); c ci t trn 02 my
ch d phng cho nhau. H thng 2 my ch qun l v s dng
chung mt domain l varans.vn c y cc thng tin v c cp

30
nht ln nhau m bo thng tin mi my l duy nht, bt k mt yu
cu truy cp no u phi thng qua xc thc account khai bo
trn domain ny.
Active Directory cung cp:
- Qun l tp trung v phn quyn qun tr xc thc khi truy cp cc
ti nguyn trn mng; s dng cng c Group Policy nhm cc i
tng d qun l v p t cc lut; Vic phn quyn cho ngi
dng truy cp s tun theo cc phm vi cng vic v yu cu trch
nhim ca tng c nhn tham gia hot ng.
- Bo mt v thit lp c ch single sign-on; mi mt ngi dng s
c mt ID/password duy nht khi truy cp mng. Ton b qu trnh
xc thc ca h thng s s dng nh danh (ID) v m kha
(password); M kho phi c di t su k t tr ln, cu to gm
cc k t s, ch v cc k t c bit khc nu h thng cho php.
Cc yu cu m kho hp l phi c kim tra t ng khi thit lp
m kho.
- Tnh d phng v phn ti trn cc server khc nhau
- Kh nng tm kim v thu nhn thng tin
- H tr chun truy nhp xc thc directory LDAPv3 v LDAPv2;
Ton b quy trnh xc thc, m ha, bo mt d liu xc thc ca
Active Directory tun theo chun LDAP.
Cc thao tc qun l vn hnh h thng; kim tra v loi b kp thi
nhng ngi s dng khng cn thm quyn lm vic trn h thng
varans.vn; nh ch tm thi quyn lm vic ca ngi s dng
c ng k trn h thng , nhng tm thi khng lm vic trn h
thng trong thi gian t 60 ngy tr ln; nh k hng tun, xem
xt nht k truy nhp h thng, pht hin v x l kp thi nhng
trng hp truy nhp bt hp php hoc thao tc vt qu gii hn
c giao ca ngi s dng u c thc hin thng qua
Active Directory. M hnh qun l tp trung ca AD trong Windows
2003

31

Hnh 1.2. M hnh qun l tp trung ca AD

Ton b cc xc thc truy cp ca ngi dng u c ghi log
v ng h thi gian s s dng mt ngun duy nht l domain
controller ca varans.vn. Log c ghi nhn theo nh k, tun th
theo cc chnh sch ca Cc ATBXHN t ra. Cn c trn m hnh
t chc ca Cc ATBXHN thit k organizational units (OU) ca
domain varans.vn nh sau:
STT

Cc Phng trung tm trong Cc

Tn OU

Vn phng Cc

VP

Phng Cp php

CP

Phng Php ch v Thng tin

PCTT

Thanh tra Cc

TT

Phng An ton ht nhn

ATHN

Phng Kim sot ht nhn

KSHN

Phng Hp tc quc t

HTQT

32

Trung tm H tr k thut an ton

bc x v ng ph s c.

TT-KTAT

Hnh 1.3. M hnh t chc ca Cc ATBXHN

Vic xy dng h thng AD cho Cc ATBXHN s c cc thun li
v kh khn nh sau:
+ Thun li:
- Qun l bo mt, xc thc ngi dng truy cp mng tp
trung v thng nht.
- Cung cp thng tin danh mc dch v r rng v phn
chia hp l, qun l dch v p ng nhu cu truy cp
ca ngi dng mt cch khoa hc v hiu nng cao.
+ Kh khn:
- Lm thay i thi quen s dng my tnh ca ngi
dng khi truy cp mng; yu cu phi c xc thc mi
c s dng dch v.
Ngi qun tr phi p ng c yu cu v trnh qun tr h
thng.
3.2.2. Dch v DHCP
Mi mt my tnh khi truy nhp mng u phi c cp mt a ch
IP phn bit v ch danh khi hot ng trn mng; c 03 phng
php xc lp a ch cho client trn mng:
+ Cu hnh manual: Ngi qun tr t t cc thng s khi truy cp
trn mng cho cc my tnh v thit b mng.
- u im: n gin vi s lng my t hn 10; nu s lng my
tnh tng ln th s phc tp cng tng ln.
- Nhc im: kh khn khi qun tr s lng my ln,
+ DHCP: Client trn mng s c DHCP server cung cp cc di
a ch IP t ng, h thng mng ti Vn phng Cc ATBXHN s
s dng di a ch IP 10.1.x.x nhu cu s dng khi s lng my
tng ln hoc m rng mng chi nhnh.
Phn b IP ti Cc nh sau:
Ngi qun tr phi p ng c yu cu v trnh qun tr h
thng.

33

Hnh 1.5. M hnh h thng dit virus

S dng phn mm Antivirus Symantec bo v h thng ca Cc
ATBXHN.
+ u im: h thng mng s c bo v mt cch chuyn nghip,
c gim st v theo di cp nht signature virus thng xuyn.
Trong sut vi ngi dng; cc cng vic s do ngi qun tr mng
m nhn.
+ Nhc im:
Phi c o to v hng dn ngi dng s dng.
Ring i vi cc my tnh xch tay di ng; s dng phn mm
Kaspersky bo v. D kin s dng 01 my ch dng chung vi
cc dch v c bn khc nh DNS, DHCP
3.2.7. Dch v Backup:
Do ton b d liu ca h thng u t ti Vn phng Cc
ATBXHN, s dng phn mm backup h iu hnh trn my ch
backup d liu gim thiu chi ph v yu cu qun tr.
S thc hin ch backup hng ngy i vi d liu Users,
Departments, SQL, Email; h iu hnh, thc hin backup hng tun
i vi d liu chung (th mc VARANS trn my ch Files).
D liu ca ngi dng s c bo v 2 mc; mc mt chnh trn
bn thn my ch s dng cng ngh RAID; mc 2 backup ra a
ngoi.
Cn c c ch t lch ph hp ph thuc hot ng ca Cc
ATBXHN, tape driver s c lp t my ch AD.

34

3.2.8. Dch v Internet Access:

Ti vn phng Cc ATBXHN, s dng dch v FTTH ca Cng ty
FPT vi a ch IP tnh; yu cu 01 my ch c nhiu card mng ci
t phn mm ISA 2006 lm Proxy server bo v h thng. y l
phn mm ca Microsoft cung cp v tng thch vi h thng hin
ti, p ng c cc yu cu v bo mt cho ngi dng truy cp
Internet. Trang b 01 my ch tng ng phc v cho mc ch
Proxy cho h thng.
M hnh logic ca h thng nh sau:

Hnh 1.6. S logic h thng Internet Access

Ton b mng ni b s i qua Proxy ny truy cp ra ngoi
Internet. Vic qun tr tp trung, s dng cc rule thng nht s mang
li cc cng c qun tr mnh cho h thng.
H thng ISA s thc hin lc ni dung web bng cch ci t thm
dch v Ton b kt ni t mng ni b i ra Internet thng qua
modem ADSL v Firewall ASA.
+ u im:
- Dch v s c qun l v gim st ti tng ngi
dng.

35
-

m bo an ton cho h thng trc cc tn cng t bn

ngoi Internet.
- Hiu nng truy cp tng ln khi s dng c ch cache
- Bng thng truy cp ln; tc n nh c cam kt t
nh cung cp v bng thng ti thiu.
+ Nhc im:
- nh hng n ton mng nu c s c my ch
proxy;
3.2.9. Dch v VPN:
phc v cho kt ni t cc n v v mng ca Vn phng Cc
ATBXHN hoc cc c nhn truy cp t xa v h thng, theo la chn
trn s s dng cng ngh VPN, tn dng h tng sn c ca mng
trin khai vi phn mm ISA 2006 lm VPN server. Phn cng s
tn dng lun my ch ang lm nhim v Proxy ca vn phng Cc
ATBXHN. M hnh logic ca kt ni nh sau:

Hnh 1.7. M t cung cp dch v VPN

Mi khi c nhu cu kt ni v Vn phng; mi Client PC ti chi
nhnh s s dng dng VPN dial-up quay v a ch VPN server ti
Vn phng. Do phn mm ISA 2006 tch hp vo trong domain
windows 2003, vic xc thc ngi dng bo mt cng d dng.
+ u im:
- Chi ph kt ni ti thiu, n gin v thun li cho ngi
dng.
- m bo cc yu cu bo mt cho h thng.
+ Nhc im:

36
-

Ngi dng cn c o to v hng dn s dng cho

ngi dng v cch truy cp v bo v password.

3.2.10. Dch v Wireless:

Vi nhu cu trao i thng tin ngy cng cao, yu cu mi lc mi
v tr, mng khng dy c nghin cu v c a vo s dng
vi cc thit b h tr a dng p ng c cc nhu cu s dng
mng ca ngi dng.
1. Wifi - Wireless Fidelity l cng ngh s dng sng v tuyn lm
phng tin truyn dn, da trn chun IEEE 802.11. n nay, Vin
K thut in v in t ca M (Institute of Electrical and
Electronic Engineers - IEEE) pht trin ba ch tiu k thut cho
mng khng dy gm: chun 802.11a, chun 802.11b, v chun
802.11g.
2. Cng ngh Wifi c rt nhiu u im:
c bit thch hp cho nhu cu s dng di ng v cc im
truy cp nhiu ngi dng. N cho php ngi s dng truy
cp mng ging nh khi s dng cng ngh mng my tnh
truyn thng ti bt c thi im no trong vng ph sng.
Wifi c linh hot v kh nng pht trin mng ln do
khng b nh hng bi vic thay i li v tr, thit k li
mng my tnh. Do vy ph hp vi cc nhng mng thng
xuyn phi thay i
Wifi khc phc c nhng hn ch v ng cp vt l,
gim c nhiu chi ph trin khai thi cng dy mng v
khng phi tc ng nhiu ti c s h tng. Do vy cng
ngh wifi ph hp vi nhng v tr kh ko dy mng.
3. Tuy nhin, bn cnh cng ngh wifi cng cn bc l nhiu
nhc im:
B hn ch bi khong cch, mi thit b ch ph sng trong
phm vi hp.
Tn hiu b suy gim khi gp vt chn
Tc truyn cha cao
Vn bo mt, chng nhiu phc tp
4. Cc Accesspoint s kt ni vi h thng cp mng, ni n switch;
s c cp ngun qua si cp mng; yu cu switch ti thiu c 02

37
cng PoE. C 2 phng n xc thc ngi dng truy cp h thng:
qua a ch MAC v s dng username/password.
5. S dng chun 802.11g vi tc truyn ln n 54Mbps cho h
thng Wifi ca Cc.
La chn phng php chng thc PEAP-MSCHAP-v2 m bo
an ton cho mt khu v thng tin khng b nghe trm khi truyn i
trong khng kh;
3.2.11. Dch v WSUS:
S dng WSUS ca Windows, xy dng h thng cp nht cho cc
my trm ti NPT, ng b vi WSUS. My ch WSUS ca Cc s
c ng b vi Internet. Xc nh cc loi h iu hnh, phn
mm v vai tr ca cc my tnh trong mng. Cc my trm dn dn
phi c qun l di domain ca Active Directory.
C cc yu cu cp nht: i vi my trm s thc hin cp nht t
ng, cn cp nht cho my ch s c thc hin di s gim st
ca ngi qun tr.
nh k hng thng, ngi qun tr s dng cng c MSBA
(Microsoft Baseline Security Analyzer) ca Microsoft qut ton b
h thng kim tra vic cp nht ny.
Vic xc nh cc cp nht mi s do my ch ti Cc nh k truy
nhp ln server Update ca Microsoft kim tra cc bn update.
Ngi qun tr kim tra v xc nh loi ca update ny v nh gi
s tc ng n h thng. My ch cung cp dch v WSUS d kin
l my ch s 1.
M hnh thc hin:

38

Hnh 1.8. S logic dch v WSUS

3.2.12. Dch v h thng an ninh bo mt:

Phn quyn truy nhp h thng.
Bo v truy nhp Internet.
H thng phng chng Virus.
bo v cc my ch cng nh my trm khi s tn cng ca
virus v su vo h thng, cn thit phi trang b h thng antivirus,
h thng antivirus l phn mm chng virus c ci t trn my
ch v cc my trm. Phn mm antivirus lin tc cp nht cc phin
bn signature v cc dng virus mi v a v my ch, t my ch
cc my trm ly cc tn hiu ny v phn mm trn n. Cc chng
trnh dit virus r qut cc my trm v tiu dit virus.
3.2.13. Thit k phng my ch:
Phng my ch c t trong phng nh ti tng 4 ca ta nh,
Phng my ch yu cu:
- Phng my ch c ca ra vo c kha, chng t nhp,
cch m, cch m, cch nhit.
- Trang b h thng bo chy, cha chy ti phng my.
- Trang b 02 t rack t cc thit b trong h thng
Trang b 02 UPS 5000VA (c card iu khin chy qua mang
Ethernet) m bo s an ton ca h thng khi mt in t ngt.

39
3.2.14. o to ngi dng, o to nhn lc trin khai, vn
hnh h thng:
trin khai thnh cng hiu qu ng dng CNTT; mt yu cu rt
quan trng t ra l con ngi phi s dng hiu qu h thng CNTT
phc v cho cng vic hng ngy. Nhn s Cc ATBXHN
phi nhn thc vai tr, trch nhim ca mnh trong vic tun th thc
hin cc quy nh t ra. C 2 hnh thc o to trong giai on 1
ny:
- o to cho ngi s dng ng dng cc hot ng
CNTT trong qu trnh lm vic hng ngy, c 2 mc
o to v ni dung:
- o to hng dn s dng cc dch v mng tiu
biu
- o to hng dn s dng cc phn mm cho khi
phng ban
- o to cho qun tr mng vn hnh h thng
- Thi gian o to:
- i vi ngi s dng; o to ngay khi h thng
mng LAN xy dng xong v i vo hot ng;
o to sau khi ci t cc phn mm.
- i vi qun tr: o to khi lp t, ci t, cu
hnh v khi chuyn giao h thng.
Ni dung cc quy trnh vn hnh h thng cn c xy dng:
- Quy trnh qun l vn hnh h thng mng my tnh
- Quy trnh x l s c v phng nga thm ha
- Quy nh v ra/vo phng my ch
- Quy nh v vic tham gia s dng h thng mng
ti VARANS ca ngi dng v qun tr h thng.
- Quy nh v qun l vn hnh h thng CSDL
Quy nh v cc chnh sch p dng trn h thng mng.
3.2.15. Cc hng mc thc hin:
Ni dung cc cng vic cn thc hin xy dng h thng h tng
CNTT:
STT

HNG MC

S LNG

Ci t h iu hnh cho cc my ch

40

STT

HNG MC

S LNG

Update phn mm Windows trn cc my

ch
Ci t AntiVirus cho my ch

Ci t v cu hnh DNS

Ci t v cu hnh Active Directory

6
7
8
9

Ci t v cu hnh DHCP
Ci t v cu hnh WSUS
Cu hnh File Server
Ci t v cu hnh CA, RADIUS
Cu hnh Access Point chng thc theo
ngi dng ti Cc
Ci t v cu hnh Proxy Server; VPN
Server
Ci t v cu hnh Exchange Server
Update cc phn mm va ci t
To ti khon / cc nhm theo danh sch
ngi dng
To hm th / cc nhm theo danh sch
ngi dng
Phn quyn trn h thng Files, truy nhp
Internet, truy nhp mng Wifi
Cu hnh Backup
Bn giao mt khu qun tr; hng dn c
bn vn hnh h thng
Cu hnh cc my trm lm vic trong
mi trng mi

1
1
1
1

10
11
12
13
14
15
16
17
18
19

5
1
1

1
1
1
1
1

Bng 1.5. Cc hng mc cn thc hin xy dng h thng h tng

CNTT
3.2.16. Tng hp danh mc vt t thit b phn mm s dng
trn h thng:

41
Cn c trn nhu cu s dng ca Cc ATBXHN v tin thc
hin; Chng ti xut s lng thit b s trang b v cu hnh d
kin nh sau:
Bng : Danh mc thit b trang b
STT

TN THIT B
My ch loi 1
(WEB+Exchange+SQL)

LNG

Ghi ch

My ch loi 2 (AD)

My ch loi 3 (ISA)

Windows Std phin bn

mi nht + 10 licenses
Phn mm ISA 2006
Std for 1 processor
Microsoft Exchange Std
phin bn mi nht

7
Bng 1.6. Bng danh mc cc thit b, trang b
3.3. MC TIU D KIN CN HON THNH:
3.3.1. M hnh mng VANSVN:

42

INTERNET

FTTH
Modem
Internet: 210.245.63.120/29

VARANS03
Firewall/Proxy
192.168.1.100

VARANS01
E-Mail Server
192.168.1.2

VARANS02
Files/DNS/DHCP
192.168.1.3
Mng LAN VARANS

Cisco Firewall
192.168.1.252

Ngi dng ti VARANS

BOA Network

Hnh 1.9. M hnh mng d kin

3.3.2. Dch v h tng:
Active Directory:
i. trin khai dch v Active Directory trn
my ch VARANS01 v VARANS01
ii. Chun b AD sn sng cho mail Exchange
iii. To ti khon ngi dng ti VARANS
iv. Tin hnh Join cc my trm vo mng v
s dng ti nguyn mng nh chia s file,
email, Internet
v. Mt khu ti khon Administrator:
Domain Name Service (DNS)
vi. Trin khai dch v DNS ni b v DNS
Internet vi tn min varans.vn

43
vii. DNS ni b trin khai trn my
VARANS01, VARANS02
viii. Cu hnh DNS tch hp domain
ix. Cu hnh resolver cung cp dch v phn
gii tn min cho clients
DHCP
x. Trin khai dch v cung cp a ch IP t
ng cho ngi dng
xi. Dch v chy trn my ch VARANS02
3.3.3. Chia s file
a. Cc th mc chia s v phn quyn theo tng Phng/Ban
b. t Quota cho ngi dng
3.3.4. Email
* Cu hnh
xii. Ci t trn my ch VARANS01; vai tr
Mailbox, Clients Access, Hub transport.
xiii. Public cho ngi dng ni b c th truy
nhp email t mng ni b v Internet qua
a ch http://mail.varans.vn
xiv. Cu hnh gi nhn mail Internet.
3.3.5. Proxy/Firewall
a. Cu hnh
xv. Ci t trn my ch VARANS03 (My
DELL)
xvi. S dng ISA 2006 lm Proxy/Firewall
xvii. Clients s dng SecureNAT kt ni vi
Internet (trong sut vi ngi dng)
b. Chnh sch
xviii. Public cc dch v Ni b ra ngoi Internet:
Web, RAIS, Mail, DNS
xix. Cho php ngi dng ni b truy cp
Internet
xx. Cho php ngi dng t xa kt ni VPN vo
mng ni b
xxi. Ngn chn tt c cc kt ni khc.
xxii. Cc tnh nng lc virus cho web
xxiii. .

44
3.3. KT LUN CHNG:
Chng 3 a ra c:
- La chn phng n k thut cng ngh;
- Phng n xut ca giai on 1;
- D kin cn hon thnh cho h thng thng tin ca VANSVN
Ngi qun tr phi p ng c yu cu v trnh qun tr h
thng.

45
KT LUN & KHUYN NGH
Hin nay, mng vin thng th h mi NGN c trin
khai rng ri trn th gii. Vi nhng u im ni bt, mng NGN
ang dn tr thnh xu hng tt yu ca cc nh cung cp dch v
vin thng th gii. Khng nm ngoi xu hng chung , Vit Nam
cng c nhng bc pht trin mng NGN ca ring mnh. Chnh
ph Vit Nam c nhiu chnh sch khuyn khch, h tr doanh
nghip vin thng xy dng mng NGN.
VNPT l doanh nghip vin thng hng u Vit Nam i
tin phong trong vic xy dng mng NGN, mang dch v mi cho
khch hng vi nhng tri nghim hon ton mi. n nay, mng
NGN VNPT hon thin v hot ng n nh.
Ni dung ca n ny l phng php chung thit k mng
NGN, cp n nhng vn c bn v c p dng thnh
cng trong vic xy dng mng NGN ca VNPT.
Khi m rng mng NGN do nhu cu pht trin th phng
php thit k ny vn p dng c, tit kim chi ph v nhn lc.
Trn y l mt s kt qu t c ca lun vn, do nng
lc bn thn cn hn ch v thi gian thc hin ngn nn khng
trnh khi nhng thiu st knh mong cc thy c gp kin b xung
em c th tip tc hon thin nghin cu v m rng ti ny
mt cch ton din.
Em xin chn thnh cm n!