Professional Documents
Culture Documents
Tim Hieu Ve Tuong Lua 0278 Tailieu - VN
Tim Hieu Ve Tuong Lua 0278 Tailieu - VN
M C L C
LI NI U......................................................................................................................... 3
CHNG I: TNG QUAN V FIREWALL..........................................................................4
1. Khi nim......................................................................................................................... 4
2. Chc nng........................................................................................................................ 4
3. Phn loi........................................................................................................................... 4
3.1 Firewall cng..............................................................................................................4
3.2 Firewall mm.............................................................................................................. 5
4. Nguyn l hot ng ca Firewall....................................................................................5
5. ng dng ca Firewall.....................................................................................................6
5.1 FireWall bo v ci g ?..............................................................................................6
5.2 FireWall bo v chng li ci g ?...............................................................................6
CHNG II: NHNG THIT K C BN CA FIREWALL.............................................8
1. Dual-homed Host.............................................................................................................8
2. Kin trc Screened Host...................................................................................................8
3. Kin trc Screened Subnet Host.......................................................................................9
4. S dng nhiu Bastion Host...........................................................................................10
5. Kin trc ghp chung Router trong v Router ngoi......................................................10
6. Kin trc ghp chung Bastion Host v Router ngoi......................................................11
CHNG III: CC THNH PHN V C CH HOT NG CA FIREWALL.........12
1.B lc gi (Packet Filtering)...........................................................................................12
1.1. Nguyn l hot ng................................................................................................12
1.2. u im v hn ch ca h thng Firewall s dng b lc Packet..........................12
2. Cng ng dng (Application-Level Gateway)...............................................................13
2.1. Nguyn l hot ng................................................................................................13
2.2 u im v hn ch..................................................................................................13
3. Cng vng (Circuit-level gateway)................................................................................14
CHNG IV: GII PHP TNG LA CHO DOANH NGHIP....................................15
1. Gii thiu....................................................................................................................... 15
2. Gii php firewall cho doanh nghip nh.......................................................................15
2.1 ISA Server Enterprise 2000, ISA Server Enterprise 2004.........................................15
2.2 Sonicwall PRO 2040................................................................................................15
3. THIT LP MT FIREWALL CHO DOANH NGHIP..............................................16
4. CI T V CU HNH FIREWALL........................................................................17
4.1. Tm hiu v phn mm ISA Server 2004 Firewall...................................................17
4.2. Ci t ISA Server...................................................................................................18
CHNG V - KT LUN....................................................................................................19
1. Kt lun.......................................................................................................................... 19
TI LIU THAM KHO......................................................................................................20
1. Ti liu tham kho..........................................................................................................20
LI NI U
An ton thng tin l nhu cu rt quan trng i vi c nhn cng nh i vi x hi v cc
quc gia trn th gii. Mng my tnh an ton thng tin c tin hnh thng qua cc
phng php vt l v hnh chnh. T khi ra i cho n nay mng my tnh em li hiu qu v
cng to ln trong tt c cc lnh vc ca i sng. Bn cnh ngi s dng phi i mt vi cc
him ha do thng tin trn mng ca h b tn cng. An ton thng tin trn mng my tnh
bao gm cc phng php nhm bo v thng tin c lu gi v truyn trn mng. An
ton thng tin trn mng my tnh l mt lnh vc ang c quan tm c bit ng thi cng l
mt cng vic ht sc kh khn v phc tp. Thc t chng t rng c mt tnh trng rt ng lo
ngi khi b tn cng thng tin trong qu trnh x l, truyn v lu gi thng tin. Nhng tc
ng bt hp php ln thng tin vi mc ch lm tn tht, sai lc, ly cp cc tp lu gi tin, sao
chp cc thng tin mt, gi mo ngi c php s dng thng tin trong cc mng my tnh.
Tng la khng ch l mt dng phn mm (nh tng la trn Windows), m n cn c th
l phn cng chuyn dng trong cc mng doanh nghip. Cc tng la l phn cng ny gip my
tnh ca cc cng ty c th phn tch d liu ra m bo rng malware khng th thm nhp vo
mng, kim sot hot ng trn my tnh m nhn vin ca h ang s dng. N cng c th lc d
liu ch cho php mt my tnh ch c th lt web, v hiu ha vic truy cp vo cc loi d liu
khc.
Vi s hng dn tn tnh ca Thy Trng Minh Nht Quang nhm em hon thnh bi
bo co ny. Tuy c gng ht sc tm hiu, phn tch nhng chc rng khng trnh khi nhng
thiu st. Nhm em rt mong nhn c s thng cm v gp ca qu Thy c v cc bn.
c im ca Firewall cng:
o Khng c linh hot nh Firewall mm: (Khng th thm chc nng, thm quy
tc nh firewall mm).
o C th qun l tp trung.
o n gin, d lp t, cu hnh, qun l.
o Firewall cng hot ng tng thp hn Firewall mm (Tng Network v tng
Transport).
o Firewall cng khng th kim tra c nt dung ca gi tin.
V d Firewall cng: NAT (Network Address Translate).
3.2 Firewall mm
C rt nhiu nh cung cp Tng la phn mm m bn c th s dng nu bn dng cc
phin bn Windows trc y. Cc nh cung cp cng c cc loi tng la khc c th s dng
trn Windows XP. Di y l danh sch mt s nh cung cp:
o Internet Security Systems (ISS): BlackICE PC Protection.
o Network Associates: McAfee Personal Firewall.
o Symantec: Norton Personal Firewall.
o Tiny Software: Tiny Personal Firewall.
o Zone Labs: ZoneAlarm.
c im ca Firewall mm: Tnh linh hot cao nh l c th thm, bt cc quy tc, cc
chc nng. Firewall mm hot ng tng cao hn Firewall cng (tng ng dng) Firewal mm c
th kim tra c ni dung ca gi tin (thng qua cc t kha).
V d v Firewall mm: Zone Alarm, Norton Firewall
4. Nguyn l hot ng ca Firewall
Firewall hot ng cht ch vi giao thc TCP/IP, v giao thc ny lm vic theo thut ton
chia nh cc d liu nhn c t cc ng dng trn mng, hay ni chnh xc hn l cc dch v
chy trn cc giao thc (Telnet, SMTP, DNS, SMNP, NFS ) thnh cc gi d liu (data packets)
ri gn cho cc packet ny nhng a ch c th nhn dng, ti lp li ch cn gi n, do cc
loi Firewall cng lin quan rt nhiu n cc packet v nhng con s a ch ca chng. B lc
packet cho php hay t chi mi packet m n nhn c. N kim tra ton b on d liu
quyt nh xem on d liu c tha mn mt trong s cc lut l ca lc packet hay khng. Cc
lut l lc packet ny l da trn cc thng tin u mi packet (header), dng cho php truyn
cc packet trn mng. Bao gm:
o a ch IP ni xut pht (Source)
o a ch IP ni nhn ( Destination)
o Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel )
Nghe trm: C th bit c tn, mt khu, cc thng tin chuyn qua mng thng qua cc
chng trnh cho php a v giao tip mng (NIC) vo ch nhn ton b cc thng tin lu
truyn qua mng.
Li ngi qun tr h thng: Yu t con ngi vi nhng tnh cch ch quan v khng hiu
r tm quan trng ca vic bo mt h thng nn d dng l cc thng tin quan trng cho hacker.
Ngy nay, trnh ca cc hacker ngy cng gii hn, trong khi cc h thng mng vn cn
chm chp trong vic x l cc l hng ca mnh. iu ny i hi ngi qun tr mng phi c
kin thc tt v bo mt mng c th gi vng an ton cho thng tin ca h thng. i vi ngi
dng c nhn, h khng th bit ht cc th thut t xy dng cho mnh mt Firewall, nhng
cng nn hiu r tm quan trng ca bo mt thng tin cho mi c nhn, qua t tm hiu bit
mt s cch phng trnh nhng s tn cng n gin ca cc hacker. Vn l thc, khi c
thc phng trnh th kh nng an ton s cao hn.
o Cng ng dng cho php kim tra xc thc rt tt, v n c nht k ghi chp li
thng tin v truy nhp h thng.
o Lut l lc filltering cho cng ng dng l d dng cu hnh v kim tra hn so vi b
lc packet.
Hn ch: Yu cu cc users thay i thao tc, hoc thay i phn mm ci t trn my
client cho truy nhp vo cc dch v proxy. Chng hn, Telnet truy nhp qua cng ng dng i hi
hai bc ni vi my ch ch khng phi l mt bc thi. Tuy nhin, cng c mt s phn
mm client cho php ng dng trn cng ng dng l trong sut, bng cch cho php user ch ra
my ch ch khng phi cng ng dng trn lnh Telnet.
3. Cng vng (Circuit-level gateway)
Cng vng l mt chc nng c bit c th thc hin c bi mt cng ng dng. Cng
vng n gin ch chuyn tip (relay) cc kt ni TCP m khng thc hin bt k mt hnh ng x
l hay lc packet no.
nhng h thng my ch quan trng nh Mail Server, Web Server cn c bo v cht ch trong
mt mi trng ring bit th ISA 2004 cho php trin khai cc vng DMZ (thut ng ch vng phi
qun s) ngn nga s tng tc trc tip gia ngi bn trong v bn ngoi h thng. Ngoi cc
tnh nng bo mt thng tin trn, ISA 2004 cn c h thng m (cache) gip kt ni Internet nhanh
hn do thng tin trang web c th c lu sn trn RAM hay a cng, gip tit kim ng k bng
thng h thng. Chnh v l do m sn phm Firewall ny c tn gi l Internet Security &
Aceleration (bo mt v tng tc Internet).
ISA Server 2004 Enterprise c s dng trong cc m hnh mng ln, p ng nhiu yu
cu truy xut ca ngi dng bn trong v ngoi h thng. Ngoi nhng tnh nng c trn ISA
Server 2004 Standard, bn Enterprise cn cho php thit lp h thng mng cc ISA Server cng s
dng mt chnh sch, iu ny gip d dng qun l v cung cp tnh nng Load Balancing (cn
bng ti)
4.2 Ci t ISA Server
Yu cu ci t: ISA 2004 phi c ci t trn nn phn cng v phn mm nh sau:
Phn cng ti thiu:
- CPU: 500MHz.
- RAM: 256MB.
- Hard Disk: phn vng NTFS, >=150MB dung lng cn trng.
- My c 2 card mng.
Phn mm:
- Windows 2000 server, SP4.
- Windows 2003 server.
Sau khi thit lp y cc thng tin cn thit, tin hnh ci t ISA Server 2004 Standard
trn my tnh dng lm Firewall.
Bc 1: Chy file setup v click vo Install ISA Server 2004
Bc 2: Trong hp thoi Microsoft ISA Server 2004 - Installation Wizard, ta click Next.
Bc 3: Sau ta chn I accept the terms in the license agreement v sau click Next.
Bc 4: Ta in y thng tin v s serial vo ri click Next.
Bc 5: Ta chn ci t ch Custom ri click Next.
Bc 6: Mc nh ch c hai dch v Firewall Services v ISA Server Management, ta
chn thm Firewall Client Installation Share. Ri click Next.
Bc 7: Ta s click vo Add
Bc 8: Ta s cung cp dy a ch IP cha cc my tnh trong mng ni b (From, To). Lu
, dy a ch ny phi cha IP ca giao tip mng Inside. Ri click Add. Sau OK.
Bc 9: Trong hp thoi Internal Network ta click Next.
Bc 10: Ta chn Allow computers running earlier version of Firewall Client software to
connect. Ri chn Next.
Bc 11: Trong hp thoi Services ta click Next.
Bc 12: Trong hp thoi Ready to Install the Program ta click Install. Sau qu trnh
ci t s bt u. Xong th ta bm Finish hon tt.
CHNG V - KT LUN
1. Kt lun
Tng la ngy nay ng mt vai tr quan trng trong vic bo v mng ca mt t chc no
trnh c danh sch gn nh v tn cc tn cng n t Internet. S la chn tng la cng
thng quyt nh cch cc v tr t xa kt ni vi cc h thng trung tm truy cp vo cc ti
nguyn cn thit hoc thc hin cc nhim v quan trng d dng nh th no. Tng la l "bc
tng" nm gia mt mng (nh l Internet) v my tnh (hoc mng ni b) m n bo v. Mc
ch an ninh chnh ca n dnh cho ngi dng c nhn l kha cc Tuy nhin, tng la cn c th
lm nhiu hn th. Do nm gia 2 mng (internet v mng ni b), tng la c th phn tch tt c
cc lu lng vo v ra khi mng v quyt nh s lm g vi d liu vo ra . Tng la cng c
nhiu quy tc da vo cung cp quyn truy cp d liu vo mng.
Tng la khng ch l mt dng phn mm (nh tng la trn Windows), m n cn c th
l phn cng chuyn dng trong cc mng doanh nghip. Cc tng la l phn cng ny gip my
tnh ca cc cng ty c th phn tch d liu ra m bo rng malware khng th thm nhp vo
mng, kim sot hot ng trn my tnh m nhn vin ca h ang s dng. N cng c th lc d
liu ch cho php mt my tnh ch c th lt web, v hiu ha vic truy cp vo cc loi d liu
khc.