Professional Documents
Culture Documents
Li cm n
LI CM N
Trong sut thi gian hc tp ti Khoa o to Cht lng cao trng i
Hc S Phm K Thut Tp H Ch Minh, chng em c cc thy c trong khoa
CNTT, Khoa Cht lng cao ging dy nhit tnh, truyn t nhiu kin thc qu
bu lm tin cho qu trnh nghin cu ti ny.
Ngoi ra cng xin cm n nhng gp , chia s v gip t mt s anh ch,
bn b trong qu trnh nghin cu v trin khai.
c bit chng em xin cm n C Nguyn Th Thanh Vn tn tnh ch
bo, hng dn chng em. Cm n c theo st v nh hng cho chng em
trong sut qu trnh nghin cu ti. Gip chng em c th hon thnh ng tin
ti nghin cu ny.
Sau 4 thng nghin cu v thc hin th ti Tm hiu v firewall v
trin khai trn m ngun m cng hon thnh. Chng em xin chn thnh gi
li cm n su sc n tt c cc thy c, bn b gip , ng gp kin cho
ti ny!
Mc lc
Mc lc
Phn m u
DANH MC HNH V
Hnh 1.1: Cc lp trong an ton mng ----------------------------------------------------Hnh 1.2 - Firewall. --------------------------------------------------------------------------Hnh 1.3: Phn loi Firewall. ---------------------------------------------------------------Hnh 1.4: Cc k thut s dng trn firewall. --------------------------------------------Hnh 1.5: Packet Filters ---------------------------------------------------------------------Hnh 1.6: Circult-Level Gateways ---------------------------------------------------------Hnh 1.7:Application-Level Gateways ----------------------------------------------------Hnh 1.8: Stateful MutilayerInspection Firewalls ---------------------------------------Hnh 1.9: Kin trc Dual Homed Host ----------------------------------------------------Hnh 1.10: Kin trc Screened host -------------------------------------------------------Hnh 1.11: Kin trc Screened Subnet ----------------------------------------------------Hnh 2.1: Qu trnh pht trin ca ClearOS. ----------------------------------------------
Hnh 2.2 : Giao din chnh ClearOS -----------------------------------------------Hnh 2.3 : Menu Network -------------------------------------------------------------------Hnh 2.4: Menu Gateway. ------------------------------------------------------------------Hnh 2.5: Menu System ---------------------------------------------------------------------Hnh 2.5: Menu Report ----------------------------------------------------------------------Hnh 3.1: M hnh thc t.. -----------------------------------------------------------------Hnh 3.2: M hnh Demo.-------------------------------------------------------------------Hnh 3.3: Start Web Proxy v Content Filter. --------------------------------------------Hnh 3.3: Enabled Transparent Mode v Content Filter. -------------------------------Hnh 3.4: Thm Domain Block.------------------------------------------------------------Hnh 3.5: Thm t kha chn. --------------------------------------------------------------Hnh 3.6: Chnh sa file weighted. --------------------------------------------------------Hnh 3.7: Restart dch v dansguardian-av. -----------------------------------------------
Phn m u
Hnh 3.8: Test domain http://zing.vn -----------------------------------------------------Hnh 3.8: Test domain http://vnexpress.net ----------------------------------------------Hnh 3.9: Cu hnh publish Webserver ra ngoi Internet. ------------------------------Hnh 3.10: Kim tra truy cp ---------------------------------------------------------------Hnh 3.10: Cu hnh block mt IP public.
Hnh 3.11: Kim tra block.
Hnh 3.12: Cu hnh chn tt c SSH.
Hnh 3.13: Cu hnh cho php 1 ip public SSH.
Hnh 3.14: Cu hnh cho php 1 ip private SSH.
Hnh 3.15:Cu hnh chn scan port.
Hnh 3.16: Kim tra vi scan FIN.
Hnh 3.17: Kim tra vi scan NULL.
Hnh 3.18: Kim tra vi Scan XMAS.
Hnh 3.19: Rule chng SYN Flood.
Phn m u
PHN M U
Thc trng v tnh kh thi ca ti.
Nm 1997 Internet bt u du nhp vo Vit Nam, t nhng nm u Internet
Vit Nam vn l mt dch v cao cp v hn ch i vi phn ng ngi dng.
Tri qua hn 10 nm pht trin n nay Internet t mt dch v cao cp tr thnh
mt dch v bnh dn, ph bin trong mi gia nh, cng s, trng hc, lm thay
i cuc sng ca ngi dn v x hi Vit Nam. Theo thng k ca website TT
Internet Vit Nam - VNNIC vo thng 9 nm 2011 th s ngi s dng Internet
VN t 30.248.846, t l dn s s dng Internet chim 34,79%, tng s tn min
ting Vit ng k l 237.342.Vic s dng Internet phc v cho cuc sng
tr ln ph bin nh giao tip vi nhau qua email, s dng Internet tra cu thng
tin phc v cho cng vic hay hc tp, s dng Internet gii tr, giao lu, kt
bn....
Ngy 7/11/2006 Vit Nam gia nhp t chc thng mi th gii WTO, t
Internet c nhn nhn l cng c mi nhn h tr, thc y tch cc cho s pht
trin ca nn kinh t. a s cc doanh nghip v cc t chc u c h thng mng
v website qung b thng hiu v sn phm (237.342 tn min ting Vit v
hng triu tn min thng mi khc). Cng vi s pht trin ca Internet th
thng mi in t cng pht trin theo. i vi cc doanh nghip v t chc vic
s dng th in t (email), thanh ton trc tuyn (electronic payment), trao i d
liu in t, s ha d liu, lu tr d liu, h tr cho cng vic kinh doanh
khng cn qu xa l. Ngoi ra, chnh ph v cc t chc chnh ph khc cng s
dng Internet thng bo, trao i, giao tip vi ngi dn.
Tm li, Internet v h thng mng my tnh tr thnh mt phn khng th thiu
phc v cho c nhn ngi dng, cho cc t chc, doanh nghip kinh t v c
cho cc t chc chnh ph...
Cng vi s pht trin v nhng li ch m Internet v my tnh em li, n cng
to ra nhng nguy c v ri ro cho nn kinh t v x hi hin i. Cc vn v
truy cp bt hp php, virus, r r thng tin, l hng trn h thng... tr thnh mi
Phn m u
Phn m u
PHN NI DUNG
Nguyn l hot ng
Khi ni n vic lu thng d liu gia cc mng vi nhau thng qua Firewall
th iu c ngha rng Firewall hot ng cht ch vi giao thc TCI/IP. V giao
thc ny lm vic theo thut ton chia nh cc d liu nhn c t cc ng dng
trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao thc (Telnet,
SMTP, DNS, SMNP, NFS ...) thnh cc gi d liu (data pakets) ri gn cho cc
paket ny nhng a ch c th nhn dng, ti lp li ch cn gi n, do
cc loi Firewall cng lin quan rt nhiu n cc Packet v nhng con s a ch
ca chng.
B lc gi cho php hay t chi mi Packet m n nhn c. N kim tra ton b
on d liu quyt nh xem on d liu c tho mn mt trong s cc lut
l ca lc gi hay khng. Cc lut l lc gi ny l da trn cc thng tin u mi
Packet (Packet Header ), dng cho php truyn cc Packet trn mng. l:
a ch IP ni xut pht ( IP Source address)
a ch IP ni nhn (IP Destination address)
Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel)
Cng TCP/UDP ni xut pht (TCP/UDP source port)
Cng TCP/UDP ni nhn (TCP/UDP destination port)
Dng thng bo ICMP (ICMP message type)
Giao din Packet n (Incomming interface of Packet)
Giao din Packet i (Outcomming interface of Packet)
Nu lut l lc gi c tho mn th Packet c chuyn qua Firewall. Nu khng
Packet s b b i. Nh vy m Firewall c th ngn cn c cc kt ni vo cc
my ch hoc mng no c xc nh, hoc kho vic truy cp vo h thng
mng ni b t nhng a ch khng cho php. Hn na, vic kim sot cc cng
lm cho Firewall c kh nng ch cho php mt s loi kt ni nht nh vo cc
loi my ch no , hoc ch c nhng dch v no (Telnet, SMTP, FTP...)
c php mi chy c trn h thng mng cc b.
Thc hin:
B1: Chn tt c SSH vo h thng
Phn kt lun
PHN KT LUN
Bi bo co l nhng ni dung l thuyt v firewall v phn demo thc nghim
nhng tnh hung thc t m ngi qun tr h thng s cn phi thit lp.Nhng
tnh hung ht sc thit thc nh cm nhng ai truy cp Web, cm nhng ai truy
cp firewall, chn scan port, chng DoS.
Nhn chung vic cu hnh trn giao din web gip ngi qun tr c th d dng
to cc rule v qun l chng mt cch trc quan. Nhng i vi mt administrator
c kinh nghim th khng nn b buc trong vic thit lp rule trn giao din web.
V nhng tnh hung demo thc nghim trn cng ch l nhng tnh hung
thng gp nht, ph bin v cn thit lp nht. Ty vo tnh hung c th, d liu,
dch v cn bo v ngi qun tr c th to cc rule khc tha yu cu ca mnh.
Tuy nhin do thi gian thc hin ti hn ch, cng vi vic thc hin demo trn
my o nn ngi nghin cu cha th kim tra nhng tnh hung tn cng phc
tp hn. i vi DoS cc dng trnh by trn ch l nhng phng php n gin
m k tn cng thc hin tng IP ca m hnh TCP. Rt c th k tn cng s s
dng nhng phng php tinh vi v phc tp hn tn cng. Ni dung phn ny
ngi nghin cu cha th kim tra c.
Mt s tnh nng hu ch khc ca ClearOS m ngi nghin cu do hn ch v
thi gian cng cha b sung c nh Antivirus, Antiphising bng cc module c
sn ClamAV cng nh tnh nng qun l Bandwidth v QoS.
Cc vn nu trn sau ny c iu kin c th pht trin su v rng hn. Ngoi ra
cn c th nghin cu trin khai m hnh ra thc t vi nhiu tnh nng khc ca
ClearOS nh VPN, chng thc LDAP, pht hin xm nhp Snort
Danh mc hnh v
----- -----