MC LC

THUT NG VIT TT................................................................................................2

CHNG 1 GII THIU CHUNG.................................................3
1.1 C S QUN L MNG......................................................................................3
1.1.1 Chi ph ngt dch v..........................................................................................4
1.1.2 Kch c v phc tp ca mng.....................................................................4
1.1.3 Gim st hiu sut.............................................................................................5
1.1.4 i ph vi cc trang thit b tinh xo.............................................................5
1.2 QU TRNH QUN L MNG............................................................................5
1.2.1 T chc OSI trong qun l mng.....................................................................6
1.2.2 Cc chc nng qun l mng li..................................................................11
1.3 CNG C V H THNG..................................................................................11
1.3.1 Cc cng c gim st.......................................................................................13
1.3.2 Cng c chn on..........................................................................................13
1.3.3 H thng qun l da trn my vi tnh...........................................................13
CHNG 2 AN NINH MNG TCP/IP..................................................14
2.1 AN NINH NH TUYN.......................................................................................14
2.1.1 S cn thit an ninh truy cp..........................................................................15
2.1.2 Truy cp nh tuyn.........................................................................................16
2.1.3 Truy cp Telnet................................................................................................16
2.1.4 Truy cp TFTP................................................................................................18
2.1.5 Bng iu khin v u cui o......................................................................19
2.1.6 Truyn file (tp)...............................................................................................21
2.1.7 An ninh bn trong b nh tuyn....................................................................21
2.1.8 Phm vi phng v b sung.............................................................................23
2.2 DANH SCH TRUY CP B NH TUYN....................................................23
2.2.1 Tng quan........................................................................................................24
2.2.2 Xem xt giao thc TCP/IP..............................................................................24
2.2.3 S dng danh sch truy cp............................................................................26
2.3 S DNG DCH V BC TNG LA (PROXY).........................................34
2.3.1 Nhng gii hn danh sch truy cp...............................................................34
2.3.2 Cc dch v proxy............................................................................................36
2.3.3 Cc dch v proxy ICMP.................................................................................37
2.3.4 Hn ch............................................................................................................39
2.3.5 V d hot ng...............................................................................................40
2.4 BIN DCH A CH MNG...........................................................................46
2.4.1 Bin dch cc loi a ch................................................................................47

1
 LI NI U

Gn ba mi nm qua b giao thc TCP/IP c a vo s dng v pht trin,

n bt u t vic nghin cu ca B Quc phng M v th tc truyn dn ca mng
my tnh trong hc vin, cc c quan chnh ph, cc doanh nghip, v ca ngi dng
M. Mng truyn dn s dng b giao thc TCP/IP trong phm vi t mng ni ht (nh)
vn phng trong nh n mt mng rng ln l mng Internet. Vi nm gn y vic
s dng giao thc TCP/IP pht trin nhanh, nh n h tr trong nhiu ng dng
mi.
Ngy nay truyn dn m thanh v hnh nh i hi thi gian thc, cng nh thoi
v fax s, c th c truyn qua mng Internet v Intranets. Khi tc s dng giao
thc TCP/IP tng th vai tr ca n nh l mt ci my vn chuyn nhng loi d liu
khc nhau. Trong thc t giao thc TCP/IP gii thiu nhiu vn mi cho vic qun l
mng v ngi qun tr mng xem xt chng qun l mng Internet tt hn.
V vy khi vic s dng dch v Internet tng, vic vn chuyn d liu trn mng
nhiu i hi phi tng thm cc trm chuyn tip d dng cho vic qun l mng.
Trong tiu lun ny chng ti ch tp trung nghin cu 2 vn c bn l:
Nghin cu chung v qun l mng TCP/IP
An ninh mng TCP/IP (security)
Tuy nhin do thi gian v kh nng dch ti liu Ting Anh c hn nn khng khi
thiu st. Rt mong s ng gp ca Thy C gio, ca cc c gi v c bit l s ng
ca Gio vin hng dn tiu lun mn hc.
Chng ti xin chn thnh cm n!

THUT NG VIT TT
2
 SNMP Simple Network Managerment Protocol
RMON Remote Moniter
IOS International Organization for Standardization
OSI Open System Interconnection
DSUs Digital Service Units
CSUs Channel Service Units
MIB Managing Information Base
HTTP Trial File Transfer Protocol
TFTP Trivial File Transfer Program
TCP Transmission Control Protocol
UDP User Datagram Protocol
IANA Internet Assigned Number Authority
ICMP Internet Control Message Protocol
OSPF Open shortest Patch First
IGRP Interior Gateway Routing Protocol
OSPF Open Shortest Path First
SMTP Simple Mail Transport Protocol
FTP File Transfer Protocol
S-HTTP Secure Hypertext Transfer Protocol
SSL Secure Sockets Layer
NAT Network Address Translation
PAT Port Address Translate

Chng 1 GII THIU CHUNG

3
1.1 C S QUN L MNG
Nh cp trn, hin nay vic s dng b giao thc TCP/IP pht trin ng
thi c hai lnh vc dung lng v ng dng truyn ti d liu. Ngy nay nhiu nh kinh
doanh ph thuc rt nhiu vo cc trang Web ca h bn hng, nh kinh doanh c th
t c doanh thu ln vi triu la trn mt ngy, mt nh kinh doanh dch v khc
cung cp cc dch v truyn fax chi ph thp cho hng trm ngn khch hng nhiu ni
trn th gii v hng triu doanh nghip v hng chc triu ngi tiu dng, trong lnh
truyn th do th in t c nhiu u im nh tc truyn dn nhanh v khng mt tin
nn ngi dng s dng th in t nhiu hn l s dng th truyn thng ca dch v
bu chnh khi truyn tin nhiu quc gia khc nhau.
Tc tng trng trong vic s dng giao thc TCP/IP lm cho c hai, ngi s
dng dch v Internet v nh qun l mng ph thuc rt nhiu vo b giao thc TCP/IP
thc hin nhng cng vic bnh thng hng ngy ca h.
1.1.1 Chi ph ngt dch v
Nh cp trn u im mng Internet mang li cho ngi s dng rt ln,
do vy khi mng b li nh dn n mng s b gin on iu ny s mang li hu qu
nghim trng cho ngi dng. Ly v d, khi kt ni Internet khng thnh cng i vi
cc nh doanh nghip s khng gi v nhn c cc th in t v khng th truy cp
mng mua hoc t hng trc tuyn trn mng. Mt mt thng tin iu ny ng ngha
vi vic doanh thu ca doanh nghip c th thit hi hng ngn hoc thm ch hng triu
trong thi gian mng b gin on. Do vy cc phng php pht hin li v chun
on li mt cch nhanh chng ca nhn vin iu hnh mng c th lm gim bt thit
hi cho doanh nghip. Trong mi trng truyn thng ngy nay cc lnh vc cn quan tm
l kch c v phc tp ca mng, cc chi ph, hiu qu vn hnh v kh nng tm
hiu thng tin tn dng u im ca giao thc .
1.1.2 Kch c v phc tp ca mng
Do nhu cu trao i thng tin ca ngi dng ngy cng tng, p ng nhu cu
s dng ca ngi dng i hi kch c ca mng phi ln hay phc tp ca mng
cao, ng thi chi ph hot ng ca mng ngy cng ln. iu ny to nn ng lc thc
y s pht trin ca mng, tuy nhin mng hot ng tt i hi kh nng mng
truyn dn phi tt, ng thi phi c thit b gim st tp trung trn mng. Trm trung

4
tm cung cp cc gii php cng nh k thut nhm thc hin vic thay i cu hnh
mng cng nh to ra cc cnh bo khi pht hin li trn mng. Nh c giao thc qun l
mng SNMP (Simple Network Managerment Protocol) v giao thc gim st t xa
RMON (Remote Moniter) ca b giao thc TCP/IP lm cho vic qun l mng n gin
hn v t tn km nhn lc. Tuy nhin hiu qu s dng mng cao i hi nhn vin
qun tr mng phi c s hiu bit nht nh v cc khi nim v giao thc truyn thng.
1.1.3 Gim st hiu sut
Thng qua vic s dng cc giao thc qun l ca b giao thc TCP/IP c th
gim st c hiu sut v nng lc ca mng. Mt vn lin quan l lm th no
hiu sut s dng chi ph qun l mng tt nht, hiu sut cao nht khi chi ph cho qun l
mng thp nht m vn m bo c vic qun l mng. V vy vic qun l mng tt s
mang li nng lc v hiu sut s dng mng cao trong khi chi ph cho mng thp.
1.1.4 i ph vi cc trang thit b tinh xo
Vi vic s dng b giao thc TCP/IP mng Internet ngy cng pht trin nhanh
chng, cc thit b s dng trn mng c lp t v truy cp cng nhiu. V d c rt
nhiu b nh tuyn c kh nng s ha tn hiu thoi. i ph vi cc thit b tinh xo c
kh ly trm thng tin trn mng, i hi nhn vin qun tr mng c o to c trnh
cao, c coi l mt kha cnh quan trng ca qun l mng. Hin nay c rt nhiu sn
phm qun l mng n bn trong cc sn phm truyn thng mng, vi 1 giao din ha
ngi dng c kh nng truy cp d dng bng lnh iu khin do nhn vin qun tr vit
ra iu khin s hot ng ca thit b. Nh vy, sn phm qun l mng hin i gip
chng ta i ph vi cc thit b tinh xo.

S tin cy ca mng
Hiu ng li mng
Kch c v phc tp ca mng
i ph vi s tinh vi ca thit b mng
Cn bng hiu sut v nng lc mng
Chnh sch chi ph hot ng

Bng 1.1 tm tt cc l do ch yu ti sao mng TCP/IP phi c qun l

1.2 QU TRNH QUN L MNG

5
 Qun l mng l mt qu trnh ging nh nhiu hot ng ph bin khc trong
chc chn ngi qun l mng s gp nhiu kh khn. Di y l nhng hn ch trong
qu trnh qun l.
Qun l mng l mt qu trnh (m nhn vin qun tr mng) s dng phn cng
v phn mm theo di tnh trng ca cc thnh phn v kh nng truyn dn mng, cu
hi cui cng l lm th no ci thin hiu sut s dng ca mng, ng thi phi kt
hp vic qun tr mng vi vic hng dn nh cung cp dch v v ngi dng trn
mng. iu ny c ngha l nhn vin qun tr mng phi c kin thc v b giao thc
TCP/IP v hiu c qu trnh hnh thnh v th tc gi v nhn cc gi tin.
Vai tr, cch s dng, cc thnh phn cu to ca gi tin v cc khi nim c
trng ca mng. Th nht khi truyn tn hiu thoi v tn hiu fax bng b giao thc
TCP/IP trn mng bao gi cng c sai s nht nh. Th hai n lin quan n vic s
dng phn cng v phn mm kim tra , thit b cu ni v b nh tuyn ca mng,
thit b v kh nng truyn dn, d liu v knh d liu ca cc thnh phn mng. Ch
rng nhn vin qun l mng c th can thip v h tr n ngi s dng mng, nh
cung cp dch v cc yu t chuyn mn lin quan n mng. Ngoi ra sau khi thu thp
cc yu cu, cc kin lin quan n mng t ngi dng v nh cung cp dch v nhn
vin qun tr mng s nghin cu v ci to mng theo hng tt hn. ng thi h
thng a ra cc gii php ci thin hiu sut s dng cng nh gim bt hin tng
rt mch. Cc phng php ci thin hiu sut thng tin c th l thay i cu hnh
mng hin ti hoc nghin cu cch thc t chc mng theo cc yu cu m h a ra.
Cui cng hiu sut ca cng vic qun l mng phi c nhn vin qun tr mng nm
bt tt c nh: gim st v a ra tin trnh pht trin mng, tnh ton li mng m
bo tnh hp l gia chi ph u t mng pht trin vi hiu sut s dng mng cao
nht. Thc ra cc vn a ra trn c th ty chn m bo rng ngi dng hp l
mi truy cp vo mng v cc nhn vin qun l mng cc b (mng LAN), cc nh qun
l mng cn phi quan tm n vn an ninh mng.
1.2.1 T chc OSI trong qun l mng
Da trn c s trc , chng ta c th chia nh cc cng vic lin quan n qun
l v chc nng mng. Trong thc t, iu ny c thc hin theo chun quc t
IOS (International Organization for Standardization) ca t chc OSI (Open
System Interconnection). Trong m hnh t chc OSI nh ngha 5 chc nng
(hoc cc qui tc) qun l mng c ch nh trong bng 1.2.

6
 Qun l cu hnh / thay i
Qun l li / s c
Qun l hiu sut / tc tng trng
Qun l an ninh / truy cp
Qun l ti khon / chi ph

Bng 1.2 T chc OSI trong qun l mng

Qun l cu hnh hoc qun l mng bao gm qu trnh theo di kh nng thay i
cc tham s khc nhau ca cc thit b trn mng. Cc tham s c th c ci t,
thit lp li hoc n gin l c v hin th. i vi mng phc tp c hng trm hoc
hng ngn thit b v truyn dn, vic s dng cc SNMP v RMON s d dng hn cho
vic iu khin mng t mt im hoc t mt vi v tr qun l mng. Tuy nhin, trn
thc t nn tng SNMP v RMON c phm vi t mt h thng qun l mng my tnh c
s n my tnh nh v h thng my trm. Trong thc t, hu ht cc h thng s bao
gm thit b c kh nng t ng tm ra v hin th v tr ca mng, ngoi ra n cn cung
cp cho ngi s dng kh nng c v c th thay i cc tham s thit b, cng nh
hin th mt lot cc thng s ca ng truyn. khng ging nh cc thit trn cc tham
s c th c hin th v thit lp li, thit b truyn dn c kim sot bi mt hoc
nhiu hng truyn thng v iu chnh cc thng s ny thng l iu khin hot ng
ngi s dng mng u cui.
Mc d h thng qun l mng c nhiu u im, nhng t chc h thng qun l
mng khng phi u cng c. iu ny bi v l SNMP v RMON c pht trin ch
yu nh l mt thit b gim st v cnh bo, v cng v vi hn ch l yu t bo mt
khng c tch hp cho php thay i cc tham s cc b nh tuyn, DSUs, CSUs v
cc thit b mng khc. Thay vo , nhiu t chc duy tr mt s h thng, trong mt
s h thng nh cung cp c th c s dng kim sot cc thit b. Ngoi ra, mt s
thit b c th c kim sot n gin t mn hnh hin th.
Trong kt lun ban u ca chng ta vi vic tho lun v cu hnh hoc thay i
qun l, cn lu rng lnh vc qun l mng ny ph thuc vo cc tham s ci t c
s d liu v hiu bit ngha ca chng. C s d liu ny bao gm cc thng tin c
ghi trn th 3* 5 inch, trang nh my, hoc files c lu tr trong my tnh. Bt k
phng tin truyn thng c s dng lu tr thng tin, c s d liu ging nh mt
kho thng tin c th c s dng xc nh la chn, thay th, cng nh trin khai
thc hin thay i cu hnh v cch thc hot ng ca mng li.

7
Qun l li/s c
Vn qun l li l qu trnh nhm pht hin, ng nhp v th, vn tch bit,
du vt v hon thnh cho quyt nh mt kt qu khng bnh thng. V bn phi bit
rng mt s c tn ti, th nht l mt trong nhng bc quan trng nht trong qun l li
l pht hin tnh trng khng bnh thng. iu ny c th hon thnh bng mt s
phng php, bao gm t vic thit lp cc ngng trn mt h thng qun l mng
pht ra cc loi hnh cnh bo hoc iu kin bo ng khi vt qu cho ngi s dng
v khch hng gi mt k thut kim sot trung tm bo co cc vn . Sau khi mt
vn c pht hin, nhiu t chc s c mt gii hn trc iu hnh th tc m
tnh trng ny c ghi chp trong mt ng nhp, nu xc nh i din cho mt vn
chnh ng, c phn cng mt v s c cho php theo di qu trnh gii quyt s c.
iu quan trng hiu rng nhiu s c lin quan cc cuc gi n mt trung
tm kim sot k thut c gii quyt ngay lp tc . Cc cuc gi c th yu cu nhn
vin trung tm kim sot k thut n t mt vi pht n vi gi kim tra ci t thit b,
xem hnh nh hin th kim tra tnh trng ca cc thit b t xa v hi ngi dng
nhng ci t phn mm v phn cng lin quan hoc thc hin cc chc nng khc
gii quyt s c m khng hnh ng. Cc cuc gi hoc bo ng khc c th dn n
vic cp ca mt th s c i hi hnh ng trn mt phn ca nh cung cp dch v
thng tin hoc s gip ca nh cung cp dch v. Bt k mc ca s c, ng nhp
ban u bao gm mt c gng xc nh nguyn nhn ca tnh hung khng bnh
thng v xc nh hnh ng thch hp cho cc chnh sa. Vn tch bit c th bao
gm mt tho lun n gin vi mt ngi dng u cui, kim tra chn on thit b v
ng truyn hoc m rng nghin cu. Sau khi nguyn nhn gy ra s c c c lp c
th t chc vi ngi dng chnh sa, chng hn nh khng th chp nhn mc hiu
qu trn mt mch hoc mt li thit b khng kt ni n nh cung cp dch v t chc
mng ca bn ang s dng. V vy, ngoi vic tm kim s tr gip thch hp, mt bc
quan trng ca cc qu trnh qun l li l du vt c bn trong v bn ngoi nhn vin
trong n lc ca h hng ti sa ng li . Rt nhiu ln, li qun l s i hi v
tui s c c chuyn cp nhn c . Ti cc ln, lp i lp li cc cuc gi n
mt nh cung cp hay nh cung cp dch v thng tin theo di s tin b ca mt s c
th c th bc l rng cc th c ng li. Mc d chng ti hy vng rng cc l nh
cung cp dch v hoc nh cung cp ng s c v khng c qun thng bo cho
chng ti nhng gii quyt , chng ti sng trong mt th gii cha hon ho, trong

8
mt mt th s c c th khng c b ng ca m khng gii quyt vn . V vy, n
l rt quan trng i vi cc du s c, bao gm c th s c trng thi.
Trong khi vic gii quyt ca mt iu kin khng bnh thng c th xut hin
nhng cng vic sau trong qu trnh qun l li, trong thc t n c th yu cu hiu
sut ca cu hnh hoc thay i cng vic qun l. V d, nu trong mt iu kin khng
bnh thng do bi vic thc hin thay i nh tuyn,vic gii quyt s c th thay i
cu hnh nh tuyn tr v trng thi ban u vi iu kin bnh thng ca n . iu ny
gii thch bn trong quan h gia cc chc nng ca cc lnh vc qun l mng.
Qun l hiu sut/tng trng
Qun l hiu sut hoc tng trng bao gm nhng cng vic i hi nh gi
vic s dng thit b qun l mng v kh nng truyn dn v iu chnh chng nh yu
cu. Cng vic thc hin c th phm vi t quan st thit b hin th thu thp cc thng
tin thng k vo mt c s d liu c th c s dng n cc xu hngd n s dng .
Bt k phng php c s dng, mc tiu ca qun l hiu sut v tng trng l
m bo kh nng tn ti h tr thng tin ngi dng cui cng yu cu. Do ,
mt thut ng thng c s dng cho qun l hiu sut hay tng trng l nng lc lp
k hoch.
Mt trong nhng chi tit th v bn ngoi ca nng lc lp k hoch phi hp phn
ng li ca s c ngi dng cui. Nu t chc mng ca bn khng kh nng, ngi
dng cui khiu ni s thng xy ra bt c khi no thi gian phn hi lu hoc ngi
dng nhn mt tn hiu bn khi c gng truy cp mng t xa. Ngc li, bn s khng
bao gi nhn khiu ni ngi dng cui m h lun lun nhn c mt thi gian phn
hi tt hoc khng bao gi nhn mt tn hiu bn v rng mng c qu nhiu nng lc.
iu ny c ngha l qu nhiu kh nng s yu cu cng nhn nhn vin qun l mng
v n l phn s nhn vin kim tra cc tim nng cho c hai thu hp hoc m rng
mng.
Mt lot cc cng c c th c s dng cho qu trnh qun l hiu sut hoc
tng trng, bao gm cc ho n thanh ton ca nh cung cp dch v ,h thng qun l
mng, chng hn nh cc ng dng tin ch Ping v Traceroute.Ho n thanh ton nh
cung cp dch v c th hin th ng dy gi vo hoc ng dy cho thu ni vo nh
cung cp dch v Internet .H thng qun l mng c th cung cp thng tin v vic s
dng ni ht v mng t xa v mng li hot ng v s dng khc nhau ca thit b

9
qun l mng. Vic s dng Ping, Tracerouter v cc chng trnh tin ch khc c th ch
th mt thit b hot ng cng nh ngt thit b.
Qun l an ninh /truy cp
Qun l an ninh hoc truy cp m t ci t cc cng vic m m bo rng ch cho php
nhn vin c th s dng mng. Ngoi ra, mt s t chc c th yu cu n cc ni dung
ca d liu, c bit l khi s dng Internet nh l mt mng ring o. V vy, nhim v
v chc nng lin quan n qun l an ninh c th bao gm xc nhn cc ngi dng, mt
m ca d liu, qun l v phn phi kha mt m, bo tr v kim tra an ninh ca cc bn
ghi, cu hnh danh sch truy cp b nh tuyn v vic trin khai thc hin nhng tnh
nng frewall khc nhau bao gm cc dch v proxy v pht hin xm nhp v pht bo
ng.
Tng t vi qun l an ninh truy cp cc nhim v v chc nng bin php phng
chng vi rt, cc th tc hot ng v lp k hoch trin khai thc hin khi cn thit ca
phng php khi phc thm ha. Mc d nh qun l mng khng th thc hin cc
nhim v trc s tn cng m bo rng nhn vin khng c hoc pht nhng fles
ng ng qua mng, cc nh qun l c th cng khai cc phng php kim tra phn
mm khng bit cng nh cc th tc i theo lin quan n vic phn phi phm vi phn
mm chung thu c t nhng trang web chia s phn mm.
Qun l thanh ton/chi ph
Ngoi ra bo m s sinh, t vong v thu, bn cng c th mong i cu chm
ngn c 'khng c ba n tra min ph' l c bn ng s tht. Mt trong nhng quy
trnh qun l mng nh vy, bao gm vic nhn ng thng tin vo ng thi im, trong
cung cp mt c s cho cc thit lp cc chi ph chm sc ca ti nguyn mng. Cng
vic lin quan ti qun l thanh ton ton hoc chi ph bao gm vic a ra cc trang thit
b, cc loi truyn dn, vic ha gii v cc ho n ghi , cc tnh ton gim gi v cc chi
ph khu hao, cc chng t chi ph c nhn chi ph nhn n hot ng mng, s thuyt
minh cc thut ton tnh t l cc n ngi dng v nh k xem xt cc phng
php thanh ton bo m cng bng v hp l cc chi ph ha n trn c s ngi s
dng mng.
Qu trnh qun l thanh ton c th yu cu nhng n lc ca mt nhm chuyn
gia ti cc t chc ln. i vi cc t chc va v nh ,cc n lc bao gm qun l k
ton c th vn l ng k, c bit khi so vi cc iu cn thit thc hin chc nng
qun l mng li. Nhiu t chc tp trung vn u t chi ph cc thng tin hoc thm chi
10
ph cho vic s dng x l d liu ca h. Trong khi iu ny chc chn s gim bt cc
cng vic lin quan ti qun l thanh ton, cc chc nng qun l chi ph khc, bao gm
c ngn sch, kim tra nh hng ca thu da trn s thay i cu trc ca mng li, v
thm tra s ng n ca ngi bn v ha n ca nh cung cp dch v. Nhng chc
nng qun l chi ph v thanh ton l mt phn quan trng trong qun l mng d c
ngi dng hoc cc t chc c quan hay khng.
1.2.2 Cc chc nng qun l mng li
Mc d qun l mng theo khun OSI l thng minh, n khng phi l tt c, bao
gm hai phm khu vc chc nng m ch l mt phn kn o trong khun OSI l quan
trng iu chnh nhn dng ca h nh l thc th ring bit l qun l ti sn v
hoch nh hoc h tr qun l.
Qun l ti sn
Qun l ti sn l tp hp cc cng vic lin quan n s thuyt minh v thu hi
cc h s ca thit b, iu kin thun li v nhn s. H s thit b c th bao gm mt
hoc nhiu c s d liu thng tin-bao gm cc thit b c s dng trong mng, cc
thng s ci t, d liu nh sn xut v s in thoi gi cho bo tr, v thng tin
tng t. H s thit b c th h thng qun l mng hin c, c th b sung thm thng
tin nhn c t h thng qun l mng hoc c th l h thng qun l mng hon ton
c lp .H s kh nng truyn dn c th n gin bao gm s cc mch in v im
lin lc ca nh cung cp dch v hoc chng c th cha cc thng tin b sung nh mong
i hoc bo m mc hiu qu v kt qu theo di ca thi k trc .Sau bao
gm ngi s dng cui lu xu hng pht trin, trong c th bao gm s h hng
cht lng mch n.

1.3 CNG C V H THNG

Cha kim tra kt qu thng tin thiu. S phn tch ca d liu h s mch in
cho php ngi s dng cui cng lin lc vi nh cung cp dch v thng tin ca h yu
cu h tr trc khi kt qu li xung cp ca mch c th ngn cn thng tin.
Tht khng may, nhn vin thng loi tr qu trnh qun l ti sn mc d ti sn l qu
gi nht . Theo qu trnh qun l ti sn, bn nn cn nhc vic pht trin cc h s v n
biu th kinh nghim cng vic ngi lao ng, gio dc, o to, v mc giy chng
nhn. Bn c th dng thng tin ny thun tin nhim v ngi lao ng n nhng k

11
hoch mng khc nhau.Tng t thng tin lin quan n gio dc,o to v chng nhn
c th c dng kt vi t chc yu cu thc hin phn chia pht trin k hoch phn
phi o to v phn b ngan qu cho php ngi lao ng tip thu ph hp trong o
to. Cc phn tch ca mch
Qun l k hoch / h tr
Qun l k hoch v h tr bao gm nhng cng vic cho php cc nh qun l
mng v cc qun tr vin cung cp h tr cho ngi s dng hin ti cng nh ln k
hoch cho tng lai. H tr cho ngi s dng hin ti c th c xem nh l mt siu
thit lp trc y m t chc nng qun l mng. Trong thc t, h tr cng nh lp k
hoch ph hp vi chc nng qun l mng li khc. V d v cc chc nng h tr
qun l c th bao gm vic iu chnh kh nng mng cung cp cc thay i trong
vic s dng, sp t thit b v phng tin h tr cc ng dng mi hoc ng dng
m rng, v hp vi ngi s dng cui cng xc nh mc hi lng hoc khng
hi lng ca h vi phng php truyn thng hin ti.
Lin quan cht ch h tr qun l l qu trnh lp k hoch qun l. Trong qu
trnh lp k hoch bn c th p ng vi ngi s dng cui cng xc nh cc yu
cu cng nh s hi lng hoc khng hi lng vi cc thng tin lin lc hin c. Ngoi ra,
qu trnh lp k hoch c th lin quan n vic thu thp d liu t cc chc nng qun l
mng khc, trong cho php bn pht trin cc m hnh h tr trong vic thit k cu
trc mng mi hoc ti u ha kin trc mng hin ti. Cui cng, nu kt qu trong qu
trnh lp k hoch c khuyn ngh thay i trong kin trc ca mng, sau khi ph duyt
cc thay i ny phi c thc hin. Do , qu trnh lp k hoch phi bao gm cc
bc cn thit trin khai thc hin vic cu hnh hoc thay i nhng cng vic qun
l.
Hnh 1.1 tm tt vng chc nng qun l mng v nhng cng vic lin quan n
mi vng. Bn nn lu rng trng hp hp l c th c thc hin bao gm nhiu
cng vic di hai hoc nhiu chc nng. V vy, bn c th xem cc cng vic lin kt
vi cc chc nng trong hnh1.1 nh l mt ti liu hng dn cho cc lnh vc c bn
trong nhng cng vic c thc hin khng phi nh l tt c cc v d ca nhng
cng vic thc hin.

12
 Hnh 1.1 Mng qun l cc khu vc chc nng v nhim v
Ngy nay c nhiu cng c c th s dng cung cp mt mc h tr ng k trong vic
qun l TCP / IP da trn mng. Nh vy cc cng c trong phm vi s dng cc tin ch
nh cc chng trnh Ping, Traceroute v NSLOOKUP phn tch cc giao thc v cc
chng trnh bo co thng k cung cp mt s hiu bit lin quan n vic s dng
mng. Ni chung, cng c qun l mng c th c chia lm ba loi chnh: cng c gim
st, cng c chn on v h thng qun l da trn my vi tnh.
1.3.1 Cc cng c gim st
Cc cng c gim st cung cp cho bn kh nng quan st cc hot ng v thi
hnh ca cc thit b v cc kh nng truyn. V d v cc cng c gim st gm cc ng
dng tin nh Ping c th thng bo cho bn nu mt thit b ang hot ng v pht hin
c cng nh cc chng trnh phn mm gim st lp 2 v lp 3 chng hn nh
EtherVision, EtherPeek, v cc sn phm khc s c m t v tho lun trong cc
chng sau ca cun sch ny.
1.3.2 Cng c chn on
Mt cng c chn on thng s dng pht hin cc s c trang thit b hoc
phng tin truyn. V d v cc cng c chn on cng c th bao gm Ping n s
dng cung cp thng tin v trng thi hot ng ca thit b cng nh cc b gii m
gi c th a ra nh sang nhng l do ti sao cc thit b thng tin lin lc ang khng
hot ng ng.
1.3.3 H thng qun l da trn my vi tnh
H thng qun l da trn my vi tnh chy chng trnh ho t my tnh c
nhn trn nn qun l mng SNMP ti ton b cc nn tng ca h thng my tnh c h
tr SNMP, cng nh cc nh cung cp c quyn phn cng qun l. Hnh 1.2 minh ha

13
chung cc thnh phn ca mt h thng qun l da trn my vi tnh. Cng ngh qun l
cung cp mt im iu khin cho truy cp vo cc thit b. im ny hoc t cng mt
mng hoc nm trn mt mng xa. Trong mi trng TCP/IP trm qun l s dng giao
thc SNMP l giao thc truyn thng truy cp vo cc thit b khc thc hin chc
nng qun l khc nhau.

Hnh 1.2 Cc thnh phn chnh ca mt h thng qun l mng

Trnh n l phn mm m c nhim v bin dch v hot ng theo yu cu t cc
nn tng qun l mng. Thnh phn chnh th ba ca mt h thng qun l l c s thng
tin qun l (MIB). MIB l c s d liu ca cc i tng din t lut thi hnh c duy
tr bi mt thit b hoc cc gi tr ca cc tham s lien quan vi cc thit b m c th
c c hoc c kh nng reset. Trong mi trng TCP/IP cc trnh n thc hin gim
st t xa xy ra thng qua vic s dng cc thm d RMON, vi thut ng thm d c
s dng din t trnh n xa v MIB ca n. Lu rng cc trnh n v cc MIB ca
n c th nh l mt m-un trong mt thit b thng tin lin lc, chng hn nh mt b
nh tuyn hoc CSU, hoc c th hot ng nh l mt trm c lp c kt ni vi
mng, chng hn nh l mt my thm d. By gi chng ta c nh gi tng hp cho cc
chc nng qun l mng, cc cng c, v cc h thng, chng ta s kt thc chng ny
vi tng quan cc ni dung ca cc chng trong cun sch ny.

14
 Chng 2 AN NINH MNG TCP/IP

2.1 AN NINH NH TUYN

Mt b nh tuyn m t mt phn trong hu ht cc loi mng cng nh thit b
truyn thng u tin c s dng truyn d liu gia cc mng. c hiu theo cch
thng thng, n m t nhiu k hoch thit b mng truyn thng. Khi thay i cu hnh
ca b nh tuyn (c hoc khng c ) c th u nh hng n trng thi hot ng
ca n v nh hng n t chc mng. Mt iu na nu bng nh tuyn hoc cc tham
s khc nhau thay i, n c th lm thay i t chc d liu gi n v tr ni m
thng tin c th ghi v c bi b phn th 3. iu ny rt quan trng hiu rng ti sao
ngi ta c th truy cp v iu khin b nh tuyn, v tng bc to ra an ton cho
thit b mng truyn thng.
Trong phn ny chng ti s xem xt v tho lun cc phng php truy cp nh
tuyn trong c hai thut ng chung v ring. Tho lun truy cp nh tuyn ca chng ta
trong thut ng chung s p dng n cc sn phm c sn xut bi nhiu nh cung cp
khc nhau. Tuy nhin, khi tr v s ch n phng php truy cp c th v cc
phng php chng ti c th s dng an ninh truy cp n b nh tuyn, chng ti s
tng hp b sung c th chi tit ng dng n cc b nh tuyn do h thng Cisco sn
xut . Mc d v d cc phng php c th bo v truy cp n cc b nh tuyn
trong phn ny c nh hng theo nh tuyn Cisco, nhng trn thc t cc b nh
tuyn c sn xut bi nhiu nh cung cp khc nhau nhng u c nhng kh nng
tng t nhau. Nu t chc mng ca bn s dng cc b nh tuyn c sn xut bi
nhiu hng khc nhau, bn c th kim tra chc nng an ninh truy cp ca b nh tuyn
v cc lnh c th c h tr bi b nh tuyn n mt hoc nhiu chc nng an
ninh truy cp cho php, khng cho php v bo v truy cp n thit b da vo ti liu
hng dn s dng c th ca nh cung cp b nh tuyn.
2.1.1 S cn thit an ninh truy cp
Khi xem xt n an ninh nh tuyn, hu ht ngi ta ngh n nhng danh sch
truy cp nh tuyn. Nhng danh sch truy cp nh tuyn ny c dng thit lp
nhng gii hn khi truyn d liu thng qua cc cng ca b nh tuyn v c xem xt
m t phm vi phng th mng u tin. Mc du danh sch truy cp nh tuyn l v

15
cng quan trng v kha cnh an ninh mng, tc gi xem xt chng thc t m t phm
vi phng th th hai ca mng. iu ny bi v kh nng truy cp v cu hnh b nh
tuyn trnh by trong phm vi phng th u tin ca mng. Nu khc hn l ngi c
ch r t c kh nng truy cp v thay i cu hnh t chc nh tuyn, iu ny c
ngha l bt k danh sch truy cp trnh by trc y c th c thay i hoc loi
b - trong hiu ng ct b cch bo v mng trnh by trc. Tng t nh ngi nng
dn xy dng mt chung g hnh ba chiu, khi ra v v tnh ca ng h, do thiu st
trong bo v nn mt loi ng vt qu gi cng nh trong t chc nh tuyn nu bo
v khng tt c th ngi khc truy cp n ti nguyn mng . iu ny gii thch ti sao
chng ti s tho lun an ninh truy cp nh tuyn trong phn ny trc khi tho lun li
danh sch truy cp nh tuyn trong phn th hai.
Khi kho st su hn vo trong truy cp nh tuyn, chng ti lu n vi
phng php tc ng chn ca vo ra n thit b truyn thng ny. Trn thc t, mt
phng php chng ta trao i gm vic s dng mt danh sch truy cp nh tuyn bng
mt k thut iu khin n b nh tuyn chc chn xc nh trc a ch IP. Tuy
nhin, trc khi lm iu , chng ta phi kha cng ra vo ,iu ny phi lm xong
trc khi s dng kh nng danh sch truy cp nh tuyn. Nh vy, s dng danh sch
truy cp c xem li mt phm vi phng th th hai.
2.1.2 Truy cp nh tuyn
Mc ch ca vic tho lun ny l, thut ng truy cp nh tuyn m t kh nng
ca mt ngi kt ni vi mt b nh tuyn v truy cp vo h iu hnh ca n. Hu ht
cc b nh tuyn bao gm mt hoc nhiu cng ni tip c lp vo cc thit b cho
php u cui hay my tnh c nhn, mt loi u cui c th truy cp n b nh tuyn.
u cui truy cp ny c th kt ni trc tip bng cp hoc ng dn thng tin t xa.
Sau c hon thnh thng qua ngi s dng modem hoc DSU c kt ni n
mt cng ni tip b nh tuyn. Mc d s dng kt ni cng ni tip l phng php
u tin c s dng hu ht cc t chc cung cp truy cp n h iu hnh mt b
nh tuyn cho php cu hnh thit b, nhng n khng phi l phng php truy cp
duy nht. Cng thm cc phng php c h tr bi nhiu b nh tuyn gm truy cp
Telnet v s dng giao thc HTTP (Trial File Transfer Protocol) lu tr v truyn ti
hnh nh h thng, cc tp cu hnh gia b nh tuyn v my trm.
2.1.3 Truy cp Telnet

16
 Telnet cung cp kh nng truy cp mt thit b t xa bao gm mt b nh tuyn
nh th thit b u cui mt chng trnh my khch Telnet c kt ni trc tip n
thit b t xa. Telnet truy cp n b nh tuyn c th xy ra t pha trc hay pha sau
b nh tuyn, thut ng pha trc c s dng da vo truy cp n b nh tuyn
thng qua mng din rng (mng WAN) kt ni t mt v tr trm trn mng khc khng
trc tip ni n cng b nh tuyn c th, trong khi thut ng pha sau cp n mt
mt v tr trm trn mt mng kt ni trc tip n cng b nh tuyn mng ni b (mng
LAN). iu ny ngha l truy cp Telnet n mt b nh tuyn c th xy ra t mt thit
b ni b trn t chc mng ni b hoc nu b nh tuyn c kt ni n Internet, t
bt k thit b u cui trn th gii c truy cp Internet. iu ny cng c ngha l, bt
k v tr my khch hot ng chng trnh Telnet, nh iu hnh chng trnh ch cn
bit a ch IP ca giao tip mng ca b nh tuyn bt u mt phin kt ni Telnet
n b nh tuyn v truy cp n thit b. Nu nhn vin iu hnh ca my khch Telnet
thc hin mt kt ni n b nh tuyn nhn vin iu hnh s nhn c mt nhc nh,
chng hn nh:
Tn nh tuyn> hay
Xc nh ngi dng truy cp
Mt khu:
y tn nh tuyn m t tn mt t chc c ch nh b nh tuyn, trong khi
mt khu m t nhc nh nhp mt khu thch hp truy cp vo b nh tuyn. Hnh
2.1 minh ha vic s dng mt my khch Telnet sn sng dng di Windows 95 v
Windows 98 n hng triu ngi truy cp mt b nh tuyn c a ch IP l
205.131.176.1. Trong v d minh ho ca Hnh 2.1 b nh tuyn gin on kt ni sau ba
ln th ng nhp khng thnh cng. Tuy nhin, tin tc c th ngay lp tc th li nhiu
hn ba ln. Vi vic s dng mt tp lnh v mt t in in t, iu tr thnh mt
cng vic tng i n gin cho ngi ta b kha mt khu (crack) chng trnh Telnet
truy cp vo kh nng cu hnh b nh tuyn. V vy, iu quan trng chn mt
khu l khng nhng khng c trong t in m cn khng m t cc iu nh trong
cc t ca t in, chng hn nh dog7, t mt tin tc c th lp trnh lp i lp li nhiu
t cho mt tn cng thnh cng sut thi gian.
Cn lu rng nhiu t chc c mt chnh sch a ch IP, chng ch nh ch
thp cho giao tip b nh tuyn. V d, nu a ch mng IP thuc lp C l
205.123.124.0, chng c th ch nh 205.123.456.1 bng mt a ch giao tip t mng

17
205 n b nh tuyn. Nhiu t chc s dng vic sp xp a ch chung ny, thng
thng s rt l d dng xc nh a ch ca b nh tuyn cho Telnet tip theo.
im ny trong lc nhn vin iu hnh my khch cho php truy cp trc tip tt c cu
hnh b nh tuyn v kim sot b nh tuyn. Bng vic m rng mt tp lnh gi vi
vic s dng mt t in in t, nhiu tin tc bit cu hnh nhiu b nh tuyn do cc
nh sn xut ci t mt khu mc nh truy cp Telnet. iu ny tht khng may cho cc
t chc mng, tt hn h khng bao gi s dng mt khu mc nh. iu ny l do cc
mt khu c trong danh sch trong hng dn s dng b nh tuyn ca nh cung cp,
nhng mt khu ny c th mua vi gi 29,95 la hoc cho truy cp min ph thng qua
World Wide Web. iu ny c ngha l hu nh khng c gii hn s ngi c kh nng
khm ph cc mt khu mc nh cn thit truy cp vo mt b nh tuyn thng
qua mt kt ni Telnet. Nu cc b nh tuyn m qun tr vin khng th thay i mt
khu mc nh truy cp Telnet hay khng t thm bt k hn ch khi truy cpTelnet th
bt k ngi no c kin thc v a ch IP ca giao tip b nh tuyn c th c truy
cp vo thit b.
2.1.4 Truy cp TFTP
Hu ht cc b nh tuyn c hai loi b nh: B nh truy cp ngu nhin (RAM)
v b nh khng bay hi. Khng ging nh b nh RAM, ni dung ca n b xo hon
ton khi mt ngun, ni dung ca b nh khng bay hi khng b xa. Khi cu hnh, b
nh nh tuyn khng bay hi thng c s dng lu tr hnh nh ca b nh b
nh tuyn cng nh sao lu d phng hoc thay th cu hnh nh tuyn. Bi v b nh
tuyn khng cha a mm hoc khng c a cng, kh nng ca chng lu tr nhiu
hn vi cu hnh thay i b gii hn. iu ny c ngha l cc qun tr vin i hi kh
nng lu tr d phng hoc thay th cu hnh b nh tuyn vt ra ngoi kh nng gii
hn b nh khng bay hi tiu biu ca b nh tuyn lm nh vy trn my trm v s
dng chng trnh TFTP (Trivial File Transfer Program) ti v lu cc hnh nh h
thng b nh tuyn v cc tp tin cu hnh. iu ny cng c ngha l nu c php
truy cp TFTP, ty theo cch thc h tr truy cp TFTP ca b nh tuyn, n c th cho
php c nhn khng c quyn to ra cu hnh d liu khi s dng b nh tuyn, dn
n vi phm bo mt hoc khng c nh trc mi trng hot ng.
By gi chng ta nh gi cc phng php chnh c th c s dng truy cp
vo b nh tuyn, chng ta quay v cc phng php c s dng l bo v truy cp
hoc kha ca ra vo da trn phng php truy cp. iu ny s cung cp cho chng ta

18
kh nng lm n kh khn i vi nhng ngi c php truy cp b nh tuyn v
ginh c kh nng xem v thay i cc cu hnh thit b. Trong khi lm iu , chng
ta s tho lun v mt s lnh nh tuyn cc h thng Cisco.

Hnh 2.1
Hnh 2.1 Qua vic s dng my khch Telnet bao gm hng triu bn sao ca
Windows 95 v Windows 98, tin tc c th truy cp vo kh nng cu hnh nh tuyn kt
ni vo Internet.
2.1.5 Bng iu khin v u cui o
Sau khi bn m gi b nh tuyn v bt u qu trnh ci t ca n, iu ny v
cng quan trng l xem xt cch thc truy cp vo cu hnh thit b. Nu bn cho php
thay i cu hnh t mt kt ni trc tip thit b u cui, bn cn m bo Telnet v
TFTP c php truy cp. Trong mi trng nh tuyn ca Cisco, bn c th truy cp
cu hnh t bn iu khin v u cui o thng qua vic s dng dng lnh. Dng lnh
ny theo nh dng sau:
dng [loi t kho]dng u tin [dng cui]

19
 y thng tin trong du ngoc n m t ty chn. Cc loi t kha nhp vo c
th c nhp vo bng iu khin l 'aux' hoc 'vty'. Bng iu khin nhp m t mt
ng dy u cui v thit b ni cp trc tip n mt cng trn b nh tuyn. So snh,
aux c s dng ch th ng dy ph, cho php bn nh r quyn truy cp thng
qua mt cng trn b nh tuyn c kt ni vi mt CSU, DSU hoc modem, cho php
truyn thng ni tip t xa. Ty chn th ba, vty, m t kt ni u cui o vi truy cp
bng iu khin t xa. Lu rng khi nhp dng lnh, dng lnh u tin v cui cng
m t mt s p dng k nhau n thit b c th v c th c trnh b v lin kt vi
mt ng dy.
Khi cu hnh truy cp thng qua vic s dng dng lnh. iu rt quan trng
xem xt lin kt mt mt khu vi thit b m bn cho php truy cp. Thm ch nu bn
c k hoch cho php truy cp vo mt b nh tuyn thng qua thit b u cui kt ni
cp trc tip trong mt trung tm kim sot k thut an ton, mi tnh hung xy ra s
chng minh mt khu bo v. Trong trng hp m ngi dng l quen thuc, mt trung
tm kim sot k thut ca mng chnh c mt nhm ngi theo di kt qu. phn cn
li ca nhm ca trung tm kim sot k thut gim st tnh trng ca mng li bng
hnh nh hin th, iu quan tm bt u vi mt cp ni trc tip u cui n mt b
nh tuyn v cc chc nng bng hp thoi ca b nh tuyn. Khng bit nhp vo ci
g, cc nhm theo di nhp vo mt du hi (?), cc kt qu c trong hin th cc
lnh b nh tuyn. Trong khong thi gian ngn, ngi theo di ny qun l cu hnh b
nh tuyn, trong khi phn cn li ca nhm nghe li ch dn bi ngi qun l trung tm.
Khng cn thit ni, nu mt mt khu trc c lin kt vi u cui truy
cp, mt cu hnh b nh tuyn trc v tn ph kt qu n to ra l khng th.
Trong mi trng b nh tuyn ca Cisco, bn c th kt hp mt mt khu vi
mt phng php truy cp t xa. lm c nh vy, bn nn s dng mt khu lnh.
V d:
Dng iu khin
Mt khu Bugs4bny
Bng iu khin truy cp b kha cho n khi ngi iu hnh bng iu khin tr
li mt khu bugs4bny ti du nhc bi b nh tuyn.
Mt khu ca hng Cisco c th ln ti 80 k t. Cc mt khu ny thng c
kt hp bt k ca cc ch ci, ch s v cc khong trng. Trong lc ny cc qun tr
vin nh tuyn c quyn iu khin v thay i cc mt khu , ng thi mt khu
20
ny gii hn ngi s dng truy cp vo b nh tuyn. iu ny bi v khi la chn mt
mt khu thng da vo mt s lng ln con s v ch ci khc nhau ng thi trn
ln chng li vi nhau. Khi s dng mt khu loi ny chc chn s kh on v trnh
c s tn cng, ng thi mt khu ny cng gy kh khn cho qun tr vin nh tuyn
nhp mt khu vo khng chnh xc. Nu nhp sai ba ln, b nh tuyn ca Cisco s
kha. V vy, khi la chn mt mt khu, iu quan trng l phi ghi nh mt s nguyn
tc mt khu. Trc tin, mt khu phi s dng hn hp cc k t ch v s trnh bt
cc nguy c tn cng . Th hai, khi xy dng cu trc mt mt khu hy nh rng cng
m rng di ca mt khu th cng lm tng kh nng xy ra li khi nhp mt khu.
Ni chung, mt khu di t 10 n 15 k t l nu mt khu c cu to t lin kt
gia ch vit tt v mt chui cc s.
2.1.6 Truyn file (tp)
Chng ta nhn thy rng, trc y cc giao thc truyn tp thng (Trivial File
Transfer Protocol) thng c h tr bi b nh tuyn nh l mt k thut cho php
hnh nh h thng v cc file cu hnh c lu tr trn trm lm vic. Trong mi trng
b nh tuyn ca Cisco, cho php ti cc file cu hnh mng khi khi ng li b nh
tuyn, chng ta phi xc nh lnh dch v cu hnh l mc nh v v hiu ho kh nng
ny. Nu kh nng ny c kch hot, b nh tuyn s pht tn hiu qua TFTP c mt
tin nhn yu cu v trm u tin p ng s c file vi mt tn c th da vo cu hnh
ca b nh tuyn c truyn qua mng.
2.1.7 An ninh bn trong b nh tuyn
Mt khi t c quyn truy cp vo mt b nh tuyn, h iu hnh ca thit
b c th cung cp thm kh nng bo v, bn c th s dng thm cho vic bo mt truy
cp b nh tuyn. Trong b nh tuyn ca Cisco lnh phin dch trong h iu hnh
c gi tt l Exec. Exec c hai mc truy cp: ngi dng v c quyn.
Mc truy cp ca ngi dng cho php ngi dng s dng mt s lnh trong cc
lnh b nh tuyn, v d nh lnh cho php m danh sch cc kt ni b nh tuyn, lnh
cung cp tn n mt kt ni logic v lnh hin th s liu thng k lin quan n hot
ng ca b nh tuyn. Mc truy cp c quyn bao gm tt c cc lnh truy cp ca
ngi dng cng nh cc lnh nh hng n cc hot ng ca b nh tuyn, chng hn
nh lnh v cu hnh, lnh ny cho php nhn vin qun tr mng t li cu hnh ca b
nh tuyn, ti li lnh, lnh tm dng hot ng ca thit b v ti li cu hnh ca thit
b v cc lnh tng t c lin quan thit thc n tnh trng lm vic ca thit b.

21
 Quyn ca ngi c truy cp vo ch hot ng c quyn ca b nh tuyn
Cisco nhn c kh nng iu khin trc tip cc hot ng b nh tuyn, mc truy cp
ny c th c bo v bng mt khu. V vy, khi ci t b nh tuyn ca Cisco, iu
quan trng khi s dng lnh v cu hnh ca b nh tuyn thng s dng mt khu. V
d, ch nh mt khu power4you vi mc lnh c quyn, bn nn s dng mt khu
lnh cho php nh sau:
cho php mt khu power4you
Tng t mt khu kt hp vi mt dy ni tip ti thit b u cui, mt khu ch
nh n lnh c quyn l trng hp nhy cm, mt khu c th cha bt k hn hp
ca k t ch ci v ch s, mt khu ny ti a n 80 k t. Do , bng cch t mt
mt khu trn cng ni tip, hoc trn bt k cc kt ni u cui o cng nh trn cc
lnh c quyn ca b nh tuyn, bn bo v c hai truy cp vo cc b nh tuyn ging
nh vic s dng cc lnh truy cp c quyn.

Hnh 2.2
Hnh 2.2 minh ha cu hnh x l ban u ca b nh tuyn v ch nh mt khu.
Lu rng sau giao din b nh tuyn c hin th v mt tn (BigMac) c nhp
22
vo b nh tuyn, bn s c nhc nh nhp ba mt khu. Mt khu th nht gi tt
l cho php b mt, l mt mt m b mt c s dng thay v mt khu cho php. Th
hai l mt khu cho php l mt khu c s dng ni khng cn bo mt v khi s dng
phn mm c v mt s hnh nh khi ng. Th ba, mt khu l mt khu u cui o.
Sau khi cc mt khu c nhp vo, b nh tuyn s nhc bn nhp d liu cu hnh
c trng ch l mt phn trong s c hin th trong hnh 2.2. Vic nhp mt khu
c hin th trong hnh 2.2 l minh ha cho mc ch v phm vi m t cu to mt khu
c cp trong phn ny.
2.1.8 Phm vi phng v b sung
Nu bn cn cung cp mt hoc cho nhiu ngi dng trn mt mng vi cu hnh
ca mng gm mt hoc nhiu b nh tuyn, bn c th b sung thm mt lp bo v
mt khu ngoi. lm nh vy, bn c th lp trnh mt hoc nhiu danh sch truy cp
b nh tuyn. Mc d vic s dng danh sch truy cp vo nh tuyn l c n, chng
ta c th tm tt mt s lu rng mt khu ngoi i din cho cc chn la cho php
hoc t chi p dng cho cc a ch Internet. iu ny c ngha l nu bn c th xc
nh a ch IP ca cc trm, iu ny s cung cp cu hnh hot ng mt hoc nhiu b
nh tuyn thng qua vic ni mng, bn c th s dng danh sch truy cp ca b nh
tuyn hn ch truy cp Telnet cho mi b nh tuyn n mt hoc nhiu a ch c th
IP. iu ny c ngha l khng nhng nh iu hnh u cui cn phi bit chnh xc mt
khu truy cp vo b nh tuyn thch hp m h cn bit thm v tr xc nh trc
ca b nh tuyn trn mng. Bng cch kt hp bo v mt khu b nh tuyn vi mt
khu bo v c quyn ca ch iu hnh hn ch truy cp vo cu hnh ca b nh
tuyn thng qua vic s dng mt hoc nhiu danh sch truy cp kha quyn truy cp
vo b nh tuyn.

2.2 DANH SCH TRUY CP B NH TUYN

Trong phn trc ca chng ny, chng ta tp trung nghin cu n kh nng truy
cp cu hnh ca b nh tuyn. Trong phn chng ta ch rng mt phng php truy
cp n b nh tuyn thng qua vic s dng danh sch truy cp thch hp. Tuy nhin,
khi truy cp su danh sch truy cp n s b thot ra ngoi thc hin chc nng bo
mt.
Trong phn ny, chng ta s kim tra hot ng, s dng, v hn ch ca danh sch
truy cp. Mc d chng ta s tho lun v danh sch truy cp trong thut ng ng dng
23
chung ca nhiu sn phm c sn xut bi cc nh sn xut khc nhau. Chng ta cng
s tho lun cc loi danh sch truy cp c th v cp ti nhng v d minh ha lin
quan n cch thc hot ng ca chng. ng thi chng ta s cp n danh sch
truy cp c h tr bi cc b nh tuyn ca h thng Cisco, hin ti nh sn xut ny
cung cp trn khong 70% thit b trn th trng. Mc d s dng danh sch truy cp
trong phn ny c nh hng theo sn phm ca h thng Cisco, tuy nhin cn lu
l b nh tuyn ca cc hng sn xut khc cng tnh nng tng ng. iu ny c
ngha l cc v d c trnh by trong phn ny u c lin quan n cc nh cung cp
khc? Thng thng c s thay i cht t. Cng lu rng v c rt nhiu phin bn b
nh tuyn ca h thng Cisco da vo IOS nn kh nng thc t v m ha danh sch
truy cp ty thuc vo phin bn IOS c s dng. Trong vn ny, chng ta s tp
trung n danh sch truy cp chnh ca cc phin bn khc nhau ph bin ca h thng
Cisco qua vi nm s dng.
2.2.1 Tng quan
Mt danh sch truy cp m t mt chui chn la cho php v t chi cc iu kin
m c p dng n trng gi tr trong cc gi tin chy qua mt giao din b nh
tuyn.Ch mt danh sch truy cp c cu hnh, n c p dng n mt hoc nhiu
giao din nh tuyn, dn n vic thc hin mt chnh sch an ninh. V cc gi thng qua
mt giao din ca b nh tuyn, thit b so snh d liu trong mt hoc nhiu trng
trong gi vi nhng pht biu trong danh sch truy cp kt hp vi giao din. D liu
trong trng la chn ca gi c so snh tng pht biu trong danh sch truy cp theo
th t m nhng pht biu c nhp vo to thnh danh sch. u tin kt hp gia cc
ni dung hoc iu kin ca pht biu trong danh sch truy cp v mt hoc nhiu thnh
phn d liu ca trng trong mi gi xc nh d cho b nh tuyn c cho php gi
ngang qua giao din hay khng. Nu iu kin gi chy thng qua cc b nh tuyn
khng cho php th b nh tuyn gi gi n thng trong bu tri qua hot ng lc.
Ti mt s nh nht, danh sch truy cp nh tuyn iu khin d liu theo lp
mng. Bi v c rt nhiu loi giao thc lp mng, cng c nhiu loi danh sch truy cp
chng hn nh danh sch truy cp Novell NetWare IPX, danh sch truy cp giao tc
Internet IP v danh sch truy cp Decnet. Bi v trng tm ca cun sch ny trn qun l
giao thc iu khin truyn/giao thc Internet ( TCP/IP) v qui tc quan trng ca giao
thc Internet trong truy cp ca chng, chng ti s thu hp xem xt danh sch truy cp
ca chng ti n nhng h tr giao thc TCP / IP.

24
2.2.2 Xem xt giao thc TCP/IP
thu c mt nh gi cch thc hot ng trong danh sch truy cp IP, mt
xem xt tm tt th t mt phn ca giao thc TCP/IP. Ti lp ng dng cc ni dung
dng d liu m t mt lin quan ng dng trong giao thc, chng hn nh tp vn
chuyn phin u cui xa hoc mt th in t c thng qua n mt trong hai lp vn
chuyn giao thc h tr bi giao thc TCP/IP: giao thc iu khin truyn TCP
(Transmission Control Protocol) v giao thc chng trnh d liu ngi dng UDP
(User Datagram Protocol). C TCP v UDP l giao thc lp 4 hot ng ti lp vn
chuyn (theo tiu chun ISO) m hnh tham kho h thng m OSI. Bi v mt my tnh
ch iu hnh giao thc TCP/IP c h tr hot ng nhiu ng dng ng thi, mt k
thut c i hi phn bit mt trong nhng ng dng khc nhau nh ng dng d
liu c to thnh trong TCP hay chng trnh d liu UDP. K thut s dng phn
bit mt ng dng t nhng ng dng khc l s cng, vi mi ng dng c h tr bi
giao thc TCP/IP c kt hp vi s cng. V d, mt my ch c th truyn ti mt gi
c cha mt email theo bi mt gi c cha mt phn ca mt tp vn chuyn, vi s
cng khc nhau trong mi gi, xc nh loi d liu cha trong mi gi. Thng qua vic
s dng s cng, cc ng dng khc c th c truyn n mt a ch chung vi a ch
n s dng s cng trong mi gi nh l mt k thut phn knh t mt trong nhng
ng dng khc nhau trong mt dng d liu nhn c t mt a ch ngun. S cng
c ch nh bi quyn ch nh ca Internet IANA (Internet Assigned Number
Authority). IANA duy tr mt danh sch ch nh s cng m bt k ai c quyn tuy cp
Internet cng c th truy cp vo. TCP l mt giao thc kt ni lin kt, n cung cp mt
k thut phn phi bo m. Bi v kh nng trao i d liu ch yu cu mt khong thi
gian ngn thit lp mt kt ni TCP . N khng nhng v cng hiu qu ca ng dng
truyn dn m ch i hi nh s lng d liu trao i, chng hn mt cu hi qun l
rng c th n gin ly li mt tham s c lu tr t my d pha xa. Cng nhn rng
loi tnh trng mng ny i hi mt phng thc truyn dn cao hn kt qu l pht
trin ca UDP. UDP c pht trin bng mt kt ni khng dy, n lc tt nht ca k
thut phn phi. iu ny c ngha l khi mt phin UDP c bt u, d liu bt u
truyn ngay lp tc thay v phi i cho n khi mt phin kt ni c thit lp. iu
ny cng c ngha l trn lp ng dng tr thnh trch nhim phi ci t mt thi gian

25
 cho php mt khong thi gian kt thc m khng nhn c phn hi xc nh
rng mt kt ni hoc c thit lp hoc mt.
Mc d c hai TCP v UDP khc nhau mt trong nhng ng dng khc bng vic
s dng cc gi tr s cng, thc t a ch thit b trch nhim ca IP, mt giao thc lp
mng hot ng ti lp 3 ca tiu chun ISO, m hnh tham kho ca OSI. Mt ng dng
d liu di giao thc TCP/IP hoc mt tiu TCP hoc mt tiu UDP c thm d
liu, vi kt qu on d liu cha mt s cng thch hp m nhn dng ng dng ang
c vn chuyn. Tip theo, d liu pha di giao thc, hot ng trong lp 3 dn n
mt tiu IP c thm vo trc tiu TCP hoc UDP. Tiu cha a ch IP ch
v a ch IP ngun bng 32-bit di chun IPv4. Chng ti thng xuyn m ha a ch
IP khi cu hnh giao thc bng bn s thp phn tch ri nhau bi du chm. Da vo
trc, c ba a ch c s dng trong mt danh sch truy cp IP m cho php hoc
khng cho php lung gi tin thng qua giao din b nh tuyn: a ch IP ngun, a ch
IP ch v s cng nhn dng d liu ng dng trong gi. Thc t h thng Cisco v b
nh tuyn khc c sn xut cng h tr giao thc lin quan IP khc, chng hn nh
giao thc tin nhn iu khin Internet ICMP (Internet Control Message Protocol) v
giao thc mng m ngn nht u tin OSPF (Open shortest Patch First) bng mt k
thut cho php hoc khng cho php lung ca cc loi tin nhn li xc nh trc v
cc cht vn, vi mt v d tr l mt gi yu cu phn hi v tr li ICMP.
2.2.3 S dng danh sch truy cp
Trong mi trng nh tuyn ca Cisco, c hai loi danh sch truy cp IP m bn
c th cu hnh: danh sch cu hnh chun hoc c s v danh sch truy cp m rng. Mt
danh sch truy cp chun cho php lc ch bng a ch ngun. iu ny c ngha bn ch
c th cho php hoc t chi cc gi tin thng qua mt giao din da vo a ch ngun
IP trong gi. Do danh sch truy cp loi ny c gii hn trong cc chc nng ca n.
So snh danh sch truy cp m rng cho php lc a ch ngun, a ch ch v cc tham
s khc nhau kt hp vi cc lp pha trn trong giao thc, chng hn nh s cng TCP
v UDP.
Nguyn tc cu hnh
Khi pht trin mt danh sch truy cp nh tuyn ca Cisco, c mt s nguyn tc
quan trng cn lu . Trc tin danh sch truy cp ca Cisco c nh gi trong mt
kiu lin tc bt u vi mc th nht trong danh sch. Khi ph hp, danh sch truy cp
x l kt thc v khng c so snh thm xy ra. Nh vy iu quan trng ca n l t

26
thm chi tit vo pha trn danh sch truy cp ca bn .iu quan trng th hai danh sch
truy cp lun lun c n mt t chi vo cui danh sch truy cp. iu ny c ngha l
ni dung ca mt gi khng r rng ph hp vi mt trong cc mc danh sch truy cp
s t ng b t chi. Bn c th ln t chi n bng cch t mt giy php r rng
all vo mc cui cng trong danh sch ca bn.
Nguyn tc th ba lin quan n cu hnh danh sch truy cp l mi quan tm b
sung vo danh sch. Bt c mc danh sch truy cp mi s c t ng thm vo di
cng ca danh sch. y thc s l iu quan trng cn lu , c bit khi c gng thc
hin mt hoc nhiu sa i danh sch truy cp. y l v nhng pht biu thm vo pha
di cng ca mt danh sch truy cp c th khng c kt qu trong danh sch c th p
ng yu cu ca t chc. Nhiu khi c th cn phi xa v to li mt danh sch truy cp
thay v thm vo cc mc di cng ca danh sch.
Nguyn tc th t lin quan n cc danh sch truy cp l chng c p dng n
mt giao din. Mt trong nhng li ph bin mt s ngi cho l thch hp to ra mt
danh sch truy cp v qun p dng n n mt giao din. Trong nhng tnh hung
danh sch truy cp n gin c tr trong khu vc cu hnh b nh ca b nh tuyn
nhng s khng c s dng kim tra lung cc gi d liu thng qua b nh tuyn,
trong nh hng tng t li ca nh kho khp h sau khi mt thi gian xy dng mt
cu trc tt. By gi chng ti c mt nh gi ca kha (key) nguyn tc cu hnh danh
sch truy cp, chng ti hy tr li ch ca chng ti n s to ra chun v m rng
danh sch truy cp b nh tuyn ca Cisco.
Danh sch truy cp chun
nh dng c bn ca mt danh sch truy cp chun nh sau:
Danh sch- truy cp s {cho php /t chi} [a ch IP ] [mt n]
Mi danh sch truy cp c ch nh mt s duy nht nhn dng danh sch
ring bit cng nh khai bo loi danh sch truy cp h iu hnh ca b nh tuyn .
Chun danh sch truy cp IP ca Cisco c ch nh mt s nguyn t 1 n 99.
Mt pht hnh mi ca h iu hnh nh tuyn ca Cisco cho php nh ngha tn danh
sch truy cp . Tuy nhin, v t tn danh sch truy cp ngc li th khng tng thch
vi cc phin bn h iu hnh b nh tuyn c trc, chng ti s s dng danh sch s
trong cc v d c trnh by trong phn ny.

27
 Bi v danh sch truy cp chun ch h tr lc a ch ngun, a ch IP nh dng
trong danh sch truy cp trn b gii hn m t khi u ca gi. Mt n theo a ch IP
c nh r trong mt cch thc tng t nh cch thc m trong mt mt n mng
nh r khi che mt a ch IP. Tuy nhin, khi dng mt danh sch truy cp, s nh phn 0
trong mt n c s dng nh mt php 'so snh', trong khi s nh phn 1 c s dng
nh l s bt buc. iu ny l vn ngc nhau v vic s dng cc s nh phn 1 v
cc s nh phn 0 trong mt mt n mng che mt a ch IP. Mt s khc bit l b
nh tuyn ca Cisco thut ng mt n c s dng vi mt danh sch truy cp da vo
l bng mt mt n wildcard, khng nh mt n mng hoc mt n mng con.
minh ha vic s dng mt mt n wildcard ca b nh tuyn Cisco chng ti
cho rng b nh tuyn ca t chc bn c kt ni vo Internet v cu hnh mng ca
bn c minh ha trong hnh 2.3. Vi mt World Wide Web server nm sau b nh
tuyn. Chng ti tip tc gi nh rng bn mun cho php tt c cc my ch trn lp C
mng ti a im khc c a ch IP l 205.131.176.0 truy cp vo server. Nu bn s
dng mt network mask truyn thng thnh phn ca n l 255.255.255.0. Vit mng v
mask di dng nh phn s cho kt qu sau y, y k t x l iu kin 'khng quan
tm', s nh phn 1 hoc 0 c th xy ra trong v tr bit thch hp :
a ch mng 205.131.176.0 =11001101.10000011.10100110.00000000
mask mng 255.255.255.0 =11111111.11111111.11111111.00000000 =
- --- - - - --- - - --- - - - --- - --
- kt qu a ch ph hp
- 11001101.10000011.10100110.xxxxxxxx

28
 Hnh 2.3 Cu hnh mng ca Cisco

Lu rng s nh phn 1 trong network mask m t mt so snh trong khi s nh

phn 0 m t mt ph hp khng iu kin. Khi lm vic vi danh sch truy cp ca
Cisco, s dng cc s nh phn 1 v 0 trong wildcard mask l nghch o. Tc l mt s
nh phn 1 ch r mt ph hp khng iu kin trong khi mt s nh phn 0 ch r mt
iu kin so snh. Tuy nhin, nu bn s dng cng thnh phn mask thay v nghch o
thnh phn ca n, bn s c nhiu kh nng t c mt kt qu m khng cn cc yu
cu hot ng ca bn. iu ny c minh ha bng v d sau, y mt wildcard mask
c s dng thay v mt network mask:
a ch mng 205.131.176.0 =11001101.10000011.10100110.00000000
Wildcard masks 255.255.255.0 =11111111.11111111.11111111.00000000
--- - - - --- - - --- - - - --- - - --
Kt qu a ch ph hp xxxxxxxx.xxxxxxxx.xxxxxxxx.00000000
Trong v d trn bt k gi tr trong ba v tr nhm tm th nht c php di
bng gi tr nhm tm cui cng (nhm cui cng tt c bng 0). iu ny r rng khng
phi l mt gii php tha ng n i hi phc v Web khng c tht trc y ca
chng ti. Tuy nhin, nu chng ta t cc s 0 trong wildcard mask th thng thng
chng ti t cc s nh phn 1 trong network mask v ngc li, chng ti s nh ngha
ng n wildcard mask. Sa i hot ng mt n mt ln na, chng ti thu c nh
sau: :
29
 a ch mng 205.131.176.0 =11001101.10000011.10100110.00000000
Wildcard mask 0.0.0.255 =00000000.00000000.00000000.11111111
- --- - - - --- - - --- - - - --- - --
Kt qu a ch ph hp =11001101.10000011.10100110.xxxxxxxx
Lu rng vic to thnh cc kt qu mask trn trong bt k my ch trn mng
205.131.176.0, yu cu m chng ti phi p ng. Mc d vic s dng wildcard
mask ca Cisco c th b mt cht bi ri u tin ,c bit nu bn c mt lng kinh
nghim ng k trong s dng subnet mask,ch mt khi nim nm c, n s p dng
d dng n danh sch truy cp bng subnet mask n a ch mng. Tuy nhin, n l v
cng quan trng hy nh rng wildcard mask l mt nghch o network mask, bao gm
chc nng ca cc s nh phn 0 v 1, v tr ca chng trong mask v p dng n cho ph
hp. By gi chng ta tm hiu s hnh thnh v cch s dng wildcard mask ca
Cisco,chng ta quay tr li v d v hon tt vic to thnh danh sch truy cp chun
.Danh sch truy cp c xy dng nh sau:
Danh sch truy cp 77 cho php 205.131.176.0 0.0.0.255
Trong v d ny, chng ti s dng danh sch s 77, n t 1 n 99 ,nh ngha
danh sch truy cp bng danh sch truy cp chun n h iu hnh b nh tuyn. Ngoi
ra lu rng a ch mng 205.131.176.0 v wildcard mask 0.0.0.255 trong iu kin
khng quan tm vi bt k gi tr trong nhm tm cui cng ca a ch mng, cho php
bt k my ch trn mng 205.131.176.0 c cc gi ca n chy thng qua b nh
tuyn m khng b lc. Vi tin tc na lin quan n danh sch truy cp cn ch . Trc
tin, nu bn b qun mt mask t mt lin kt a ch IP, mt mask n 0.0.0.0 l gi nh,
ng thi c yu cu ph hp gia a ch IP danh ngha trong danh sch truy cp v gi
xy ra, cho php hoc t chi trong danh sch truy cp ly hiu lc. Th hai, nh
cp trc , mt danh sch truy cp n t chi tt c cc truy cp khc. iu ny tng
ng chm dt danh sch truy cp vi pht biu sau:
Danh sch truy cp 77 t chi 0.0.0.0 255.255.255.255
cung cp mt v d na ca vic s dng danh sch truy cp chun, chng ta
cho rng mng s dng mt b nh tuyn kt ni gia hai phn Ethernet vi nhau.

30
 Hnh 10.4 S dng b nh tuyn kt ni hai phn Ethernet
Xem xt vic s dng b nh tuyn minh ha trong hnh 10.4, chng ti gi s
phn 1 c a ch mng 198.78.46.0 v bn mun cho cc my khch vi a ch my
ch .16 v phn .18 trn phn 1 truy cp vo bt k my ch nm trn phn 2. lm nh
vy, cu hnh nh tuyn u tin ca bn bao gm p dng danh sch truy cp n u
giao din ra trn Ethernet 1 (E1),s bao gm cc pht biu sau :
Giao din Ethernet 1
Nhm truy cp ra 23
Danh sch truy cp 23 cho php 198.78.46.160.0.0.0
Danh sch truy cp 23 cho php 198.78.46.180.0.0.0
Trong v d trc lu rng pht biu nhm truy cp c s dng nh ngha
dng d liu trc tip c kt hp vi mt danh sch truy cp. Ngoi ra lu rng danh
sch truy cp c p dng n giao din ra trn Ethernet 1 thay v n giao din vo trn
Ethernet 0 (E0) theo hng nh tuyn t phn 1 bng mt danh sch truy cp vo. Trong
khi c hai phng php lm vic, phng php sau khng xem xt hiu qu chn tt c
cc lu thng khc t phn 1 li. Do , trong v d ny chng ti quyt nh p
dng danh sch truy cp n giao din ra trn E1. By gi chng ta c mt nh gi
chun danh sch truy cp IP, chng ta chuyn s ch n h hng m rng ca chng.
Danh sch truy cp m rng

31
 Mt chun danh sch truy cp c gii hn nh r mt b lc qua vic s
dng mt a ch ngun IP . So snh, mt danh sch truy cp m rng cung cp cho bn
kh nng lc a ch ngun, a ch ch v thng tin ca giao thc lp, v d cc gi tr
UDP v TCP. Trong thc t, danh sch truy cp m rng cung cp cho bn kh nng to
ra rt nhiu gi lc phc tp ,kh nng ca cc b lc ny c th m rng ng k vt ra
ngoi gii hn danh sch truy cp chun.
Danh sch truy cp m rng nh dng nh sau :
S danh sch truy cp {cho php /t chi} giao thc a ch IP ngun
Source-mask a ch IP ch destination-mask/ [ton hng iu hnh] [thit lp]
Tng t danh sch truy cp chun, danh sch m rng c nh s. Danh sch
truy cp m rng c nh s t 100 n 199 phn bit chng t danh sch truy cp
chun IP. Tham s giao thc nh ngha r giao thc TCP/IP, chng hn nh ip, tcp, UDP,
ICMP v mt s nh tuyn giao thc c th c lc. V d sau gm giao thc nh
tuyn cng ni IGRP (Interior Gateway Routing Protocol) v ng dn ngn nht
m th nht OSPF (Open Shortest Path First ). Cc i s a ch IP ngun v ch
m t a ch IP ngun v ch c biu din bng du chm thp phn. i s source-
mask v destination-mask m t nh tuyn wildcard c s dng trong cng mt cch
nh c m t trc y khi chng ti nghin cu hot ng ca danh sch truy cp
chun. t c kh nng nh r thng tin thm vi cc gi lc, bn c th ty chn
cc i s hot ng v ton hng trong danh sch truy cp m rng ca bn. Khi s dng
hot ng v ton hng c th c thu so snh gi tr cng tcp v udp. Lin quan n
tcp v udp, i s cc hot ng c th l mt trong bn t kha sau:
LT: t hn
GT: ln hn
EQ: bng
NEQ: khng bng
Trong s so snh, i s ton hng m t gi tr nguyn ca cng ch vi giao
thc c nh r. i vi giao thc TCP c h tr ty chn l t kha 'thit lp'. Khi
nh r, mt ph hp xy ra nu mt chng trnh d liu TCP c ACK hoc trng bit
ci t RST, ch rng mt thit lp kt ni xy ra.
minh ha vic s dng mt danh sch truy cp m rng, chng ti gi nh
rng b nh tuyn minh ho trc trong hnh 2.4 s c kt ni vo Internet. Chng
32
ti tip tc gi nh rng bn mun cho php bt k my ch trn mng, ng sau b nh
tuyn c a ch IP l 198.78.46.0 thit lp kt ni TCP vo bt k my ch trn
Internet. Tuy nhin, chng ti cng cho rng, ngoi tr chp nhn th in t thng qua
giao thc vn chuyn th n gin SMTP (Simple Mail Transport Protocol), n l
chnh sch t chc ci bt k my ch trn mng Internet t thit lp cc kt ni TCP
n my ch trn mng 198.78.46.0 hon thnh trc cng vic, bn phi bo m
rng yu cu u tin cho mt kt ni SMTP l c thc hin trn cng ch 25 TCP ,
xy ra t s cng ln hn 1023, vi khi u lun lun s dng cng ch 25 truy cp
trao i mail trn t chc mng ca bn v my ch kia s dng s cng ln hn 1023.
Trn c s trc v gi thit rng a ch trao i th trn mng 198.78.46.0 l
198.78.46.77, sau y l hai danh sch truy cp c:

Danh sch truy cp 101 cho php tcp 198.78.46.00.0.0.255 0.0.0.0

255.255.255.255
Danh sch truy cp 102 cho php tcp 0.0.0.0 255.255.255.255 198.78.46.07
0.0.0.255 c thit lp.
Danh sch truy cp 102 cho php tcp 0.0.0.0 255.255.255.255 198.78.46.07
EQ25
Giao din ni tip 0
Nhm truy cp ip 101
Giao din Ethernet 0
Nhm truy cp ip 102
Trong v d trc lu rng danh sch truy cp 101 c p dng n cng ni
tip b nh tuyn v c xy dng cho php bt k my ch trn mng 198.78.46.0
thit lp mt kt ni TCP vo Internet. Danh sch truy cp th hai c nh s 102
trong v d trn c p dng cho giao din Ethernet 0 (E0) c minh ha trc
trong hnh 2.4. Pht biu th nht trong danh sch truy cp 102 cho php bt k gi TCP
m t mt thit lp kt ni xy ra. Trong khi pht biu th hai trong danh sch truy cp
cho php cc gi TCP t bt k a ch ngun no chy n a ch mng nh r
198.78.46.77 vi gi tr cng 25 thng qua giao din. V vy, mt kt ni vo qua cng
33
25 phi xy ra ng th t cho pht biu th nht trong danh sch truy cp 102 cho
php cc gi tin thnh cng vi s cng ln hn con s 1023 thng qua b nh tuyn.
Hn ch
Mc d cc danh sch truy cp cung cp mt kh nng ng k lc gi tin,
chng c xem l mt k thut bo mt ton din. Nh vy, trong ton b nghin cu
danh sch truy cp ny ca Cisco, chng ta cn ch nhng vn lin quan n hn ch
ca chng.
Trong nghin cu danh sch truy cp, chng ti lu rng chng c xy dng
b lc da trn a ch mng. iu ny c ngha l chng d b tn cng mo danh a
ch hoc bt chc. Thm na kho gii hn lin kt vi s dng ca chng trn thc t
chng khng ghi ch hoc khng gi l mt phn tn ti lp hi thoi hoc vn hi
thoi nhiu hng. iu ny c ngha l ngi ta c th chy mt t in tn cng thng
qua gi lc kh nng (ca b nh tuyn) nu a ch ca h khng b chn.Tng t nh
vy, mt my ch c php truy cp ftp c th pht hnh mt lnh mget *.* v ly mt
vi gigabyte d liu t server, hiu ng to ra mt cuc tn cng t chi dch v. V cc
gii hn trc, hu ht cc t chc b sung nh tuyn danh sch truy cp thng qua dch
v proxy kt hp vi bc tng la m n l ch ca phn k tip.

2.3 S DNG DCH V BC TNG LA (PROXY)

Bng vic s dng giao thc TCP/IP c m rng trong nhng nm 1990 vi s
tng trng s dng Internet, cc t chc bt u nhn ra rng mt mi e da i vi an
ninh mng khi mng ca h c kt ni vo Internet. Khi hi vin hc vin, chnh ph
v cc mng li thng mi c ni vo Internet, chng tr thnh ch tn
cng khng gii hn ngi dng my tnh nm khp ni trn th gii. Danh sch truy
cp b nh tuyn cung cp mt k thut cho php hoc khng cho php lung cc gi
thng qua cng b nh tuyn da vo a ch IP ngun, IP ch v loi d liu ng dng
c biu din di dng s cng.T chc bt u nhn ra rng bn thn danh sch truy
cp nh tuyn khng ngn chn ngn cn nhiu loi hot ng khng mong mun
n my ch c tr ng sau b nh tuyn. Mt gii php c trnh by cung cp mc
an ninh cao hn n t chc mng l s dng mt bc tng la s dng nng lc dch
v proxy nm ng sau b nh tuyn, dch v proxy l tiu im ca phn ny.

34
 Trong phn ny u tin chng ta xem ngn gn hot ng danh sch truy cp nh
tuyn v vi gii hn ca n.S dng thng tin ny nh l mt c s,ri chng ta s m t
v tho lun nhiu loi hot ng khc nhau ca dch v tng la proxy v chng c th
s dng nh th no thu c mt mc bo v mng nng cao.
2.3.1 Nhng gii hn danh sch truy cp
Hu ht cc b nh tuyn cha mt kh nng lc gi c to thnh bng cch
m ha mt hoc nhiu pht biu vo trong mt vn c da vo mt danh sch truy
cp, sau p dng danh sch truy cp n mt giao din nh tuyn. Cc pht biu danh
sch truy cp gm cc tham s c nh gi ngc li cc gi tr trong trng gi
nh dng ti lp 3 v 4 trong m hnh tham kho kt ni h thng m OSI ca t chc
chun quc t ISO. Trong mi trng giao thc TCT/IP iu ny ngha l mt danh sch
truy cp u tin hot ng bng vic kim tra a ch IP ngun v ch trong mt gi v
s cng c cha trong gi m c nh ngha ng dng ang c vn chuyn trong
gi nh dng lp 3 v 4 ca m hnh tham kho ISO.
Mt cha kha gii hn kt hp vi vic s dng danh sch truy cp l s tht m
chng l trong hiu ng che vi kha cnh n hot ng ang c cho php. Nhng
kt qu ny t danh sch truy cp nh tuyn khng c kh nng nhn xa hn vo trong
cc ni dung ca mt gi v xc nh hot ng c hi c xy ra hay khng v nu vy,
ngc li dng hot ng hoc pht ra mt tin nhn bo ng thch hp n mt hoc
nhiu ngi trong dng tn hiu m thanh , tin nhn th, trang bo ng hoc kt hp cc
k thut nh vy.
Minh ha tim nng gii hn ca danh sch truy cp nh tuyn xem xt ng dng
giao thc vn chuyn tp FTP (File Transfer Protocol) ph bin dng truyn tp gia
cc my ch. Khi s dng danh sch truy cp nh tuyn ,bn c th cho php hoc t
chi cc phin ftp da trn a ch IP ngun hoc a ch IP ch c cha trong mi gi
thng tin ftp vn chuyn. Tin rng t chc ca bn vn hnh mt ftp server h tr truy cp
n danh,cho php bt c ai ni n Internet truy cp v ly li thng tin t ftp server,
mt s kin tng i chung trn Internet. Chng ta hy cho thm rng t chc ca bn
c s tp ln trn server c kh nng ti d liu. iu ny c ngha ngi ta c th c
hoc khng c s dng lnh ftp mget(multiple get) ly li mt s tp ln vi mt
dng lnh vo ftp. Trn thc t nu ngi ta truy cp, ftp server ca t chc bn a ra
lnh mget s dng du hoa th (*) trong tn tp(file) hot ng wildcard v v tr tp m
rng c to thnh t dng lnh mget *.* ri lnh ny a n trong ftp server ca t

35
chc bn ti xung mi tp trong th mc, sau n ngi dng u xa. Nu t chc
ca bn c s tp ln, d liu lu tr tp hp vi gigabytes v tc kt ni vo Internet
thp, chng hn 56 kbps,64 kbps hoc kt ni T1, s dng mt lnh mget *.* c th lin
kt ra ngoi dng kt ni Internet nhiu gi v nhiu ngy. Nu t chc ca bn hot ng
mt word wide web server cng nh mt ftp server v cung cp truy cp Internet n
nhn vin qua mt ng dy truy cp, s dng mget trn c s c xem xt m t
c n gin nhng phng php t chi dch v tn cng hiu qu (DOS). Loi tn
cng ny l hon ton hp php,nh ngi ta thu lnh mget ang thc hin mt vn hnh
hon ton hp l,thm ch thng qua kt qu vn hnh c th lin kt kt ni t chc ca
bn n Internet cho nhiu gi hoc thm ch nhiu ngy. Mt cch tng t, cho php
ngi ta c kh nng ti d liu n ftp server ca t chc bn ngha l chng c th xem
xt s dng mget ngc li., l lnh mput. Thng qua s dng mput vi wildcard,
chng c th ci t thit b 286 c v bm nhiu gigabyte d liu n ftp server ca bn,
cn tr phn chia v ng dy truy cp Internet ca t chc bn. Tha nhn rng cn
nghin cu hot ng lp ng dng v cung cp cc t chc vi kh nng iu khin ng
dng dn n pht trin kh nng dch v proxy vi bc tng la.
2.3.2 Cc dch v proxy
Cc dch v proxy m t thut ng c c im chung kt hp vi vic s dng
proxy server. Proxy server thng thng c thc hin nh mt khi m ha phn mm
trn bc tng la v h tr mt hoc nhiu ng dng cho cc hnh ng phc v nh
mt vt trung gian hoc proxy gia mt yu cu v phc v hin ti ci m cung cp yu
cu phc v .Khi thc hin trong cch ny,tt c yu cu cho ng dng nh r c
xem xt u tin bng dch v hot ng proxy trn proxy server.Nu dch v proxy c
cu hnh trc cho php hoc khng cho php mt hoc nhiu chc nng ng dng vi
ng dng TCP/IP nh r th dch v proxy xem xt ni dung mi gi tin v c th mt
chui gi tin v so snh ni dung n cu hnh dch v proxy. Nu ni dung ca gi tin
hoc chui gi tin biu th mt hot ng nh r c cho php bi cu hnh ca dch v
proxy th dch v cho php gi tin chy n server thch hp. Ngc li gi tin ngay lp
tc gi n mt t thng ln trong bu tri hoc c th php. Server to ra tin nhn cnh
bo v mt bo ng hoc tin nhn cnh bo n qun tr bc tng la hoc ngi c
trch nhim khc .
minh ha vic s dng dch v proxy, chng ta quay tr li v d truy cp ftp
server ca chng ta. Mt dch v ftp proxy chung cho php qun tr bc tng la cho

36
php hoc lm mt hiu lc cc lnh ftp khc nhau. S dng chc nng ny, qun tr bc
tng la c th iu khin kh nng ngi dng ftp a ra cc loi lnh ftp khc
nhau, chng hn nh mget v mput.
Trong mi trng Microsoft Window bn c th s dng mget kiu lung hoc
kiu tng tc ln nhau.Lin quan na, ftp s nhc nh bn thng qua vic s dng du
hi(?) l tp k tip s c truyn hoc khng c truyn. Mt v d s dng mget
c minh ha trong hnh 2.5. Ch rng bng s nhp vo n gin mt s iu khin
tr li l nhc nh? bn cnh tp c truyn. V vy ,n d dng lin h cho mt tin tc
ghi mt m n lung tp khi s dng mget di kiu tng tc ln nhau ca Window v
ano-brain di kiu lung ca n.
Nu bn quen vi cch trong ftp server c cu hnh,bn hu nh chc chn nhn
ra rng qun tr ftp server c gii hn ch nh c v/hoc vit cho php n danh
mc v c th, ty theo h thng hot ng c dng n cc tp trong mt danh mc
cho ngi s dng n danh hoc khng n danh, sau mt thut ng thng biu th
ngi c mt ti khong trn server. Tuy nhin ,khng c k thut m tc gi ny c nhn
thc cho php mt qun tr ftp server hoc mt qun tr nh tuyn cho php chn la
hoc lm mt hiu lc cc lnh ftp ring l. V vy, mt dch v ftp proxy cung cp qun
tr server ftp vi mt kh nng nng cao ng k c s dng cu hnh kh nng v
chc nng dch v ftp m nhng ngi s dng khc c th truy cp.

Hnh 2.5

37
 Hnh 2.5 S dng mget di windows NT i hi mt tr li n mi tp nhc
nh, c th mt iu khin tr li.
Kh nng thu dch v proxy l da vo s dng v tr bc tng la nm gia
mt b nh tuyn v mng server c ni n mt mng LAN ng sau b nh
tuyn.V vy,loi dch v proxy c th c cung cp ch gii hn bi nhu cu ca
mt t chc v chng trnh ca cc chng trnh bc tng la.Vi loi dch v proxy
ph bin na gm dch v proxy u cui xa Tenet , TN3720 ,Hypertext Transport
Protocol(HTTP),dch v proxy ftp tho lun trc v dch v proxy ICMP.Sau y
m t mt loi dch v proxy c bit v xng ng tho lun k lng v nng cao kh
nng an ninh, n chc chn cung cp nhng g chng li cc loi tn cng ca tin tc.
2.3.3 Cc dch v proxy ICMP
Giao thc tin nhn iu khin Internet ICMP (Internet Control Message Protocol)
m t mmt giao thc lp 3 trong giao thc TCP/IP. ICMP quen vi truyn tin nhn li
cng nh cc cu hi trng thi v tr li nhng cu hi . Nhng gi ICMP c to
thnh bng vic s dng mt tiu giao thc Internet IP cha mt s thch hp trong
trng loi (Type) ca n .
Mc du s dng ICMP l u tin c nh hng theo vn chuyn tin nhn li
gia thit b hot ng giao thc TCT/IP v vn chuyn n ngi s dng mng,giao
thc cng c s dng ph bin bi nhiu c nhn m hu nh khng bit chc chn
rng chng ang s dng gi truyn dn ICMP.
Hai trong cc loi gi ICMP ph bin l yu cu phn hi(Echo Request) v yu
cu tr li ( Response Request), loi c bit n hu ht mi ngi l hot ng Ping
hoc ng dng. ng dng Ping c thc hin trn mt giao thc TCP/IP nh r, mt
ngi dng tiu biu vo tn lnh ng dng Ping tip theo tn my ch (host) hoc a ch
IP my ch v mt hoc nhiu tham s ty chn m cc tham s nh hng n cch
hot ng ca Ping.
S dng Ping vi nh ban u nh mt k thut cho php ngi dng xc nh
mt my ch t xa l hot ng v s dng giao thc TCP/IP. Ping mt my ch xa
mt gi yu cu phn hi (Echo Request ) ICMP kt qu my ch xa gi li mt gi tr
li (Echo Response ) ICMP nu my ch xa nhn c, sn sng hot ng v thc hin
chc nng TCT/IP. L do s dng Ping cng lu nu mt my ch xa nhn c v
Ping timeout ngha l my ch xa khng hot ng ,mt hoc nhiu thit b truyn
thng trong ng dn n my ch xa c th b rt mch.Tuy nhin ,hu ht cc trng
38
hp Ping m t phng php x l s c u tin dng khi n xut hin m mt my ch
khng tr li cu hi.
B sung thm rng mt my ch sn sng n nhn v sn sng hot ng ,s
dng Ping cung cp thng tin lin quan quanh ngt vng tr n my ch t xa. Kt
qu thng tin ny t ng dng Ping trn vic ci t ng h khi u v ghi nh thi
gian cho n khi nhn c mt cu tr li hoc thi gian khng lm g xy ra v thu
c cu khng tr li. Thi gian gia truyn Ping v nhn mt cu tr li m t gi tin
thi gian tr trn vng v cung cp thng tin qu gi l ti sao mt hot ng ph thuc
thi gian nh sn phm thoi trn IP (VoIP).
Khi thi gian u bn Ping mt ch s dng tn my ch,giao tc ca bn c th
phi thc hin mt hot ng gi php a ch xc nh a ch IP cn cho nh tuyn
trc tip chnh xc gi tin n ng ch ca n, nh hng thm mt s tr. Do , hu
ht thc hin Ping bng mt nh pht ra gia t ba n nm gi yu cu lin tc phn
hi. Tuy nhin, mt vi thc hin ca Ping cho php ngi dng t mt ty chn m kt
qu trong my ch lin tc pht ra Ping, cho n khi ngi ta iu khin my tnh to ra
Ping a ra mt CTRL-BREAK kt thc ng dng.
Mc du lin tc Ping xut hin c th khng c hi, trong thc t n m t mt
phng php cho tin tc bt u mt tn cng t chi dch v. iu ny bi v Ping
my ch phi dng iu n ang lm, thm ch ch vi mili giy v tr li Ping vi mt
gi tr li ICMP. Nu ngi ta ci t ng dng Ping Ping lin tc cng ci t kch c
gi kch c mc nh 32 hoc 64 bytes, ty theo s thc hin,m ngi ta bt buc ch
n tr li vi di tr li tng, mt iu i hi dng thm ti nguyn mng.
Vn na kt hp khng gii hn s dng Ping l c th dng k thut khm
ph my ch lm vic xa mng bng cch tn cng my ch t xa.V d, mt tin tc c
th ghi mt m theo chu k thng qua tt c 254 a ch trn lp C mng IP bng k thut
khm ph a ch hot ng hin ti.
Da trn c s c trc, nhiu t chc c th c mun iu khin hot ng Ping
v cc loi tin nhn ICMP khc. Trong khi nhiu sanh sch truy cp nh tuyn cung cp
ngi qun tr kh nng lc gi ICMP da trn a ch IP ngun v/hoc ch v loi tin
nhn ICMP, nh vy lc danh sch truy cp l mt hot ng ton b hoc khng. Tc
l,mt danh sch truy cp nh tuyn khng th xem xt chn la v lu rng chui yu
cu phn hi ICMP t cng a ch ngun xy ra sau mt s yu cu xc nh trc
c truyn qua b nh tuyn v yu cu tip theo l ngn chn. So snh mt chc nng

39
dch v proxy ICMP c th cu hnh khc nhau gia chui gi yu cu phn hi n v c
hoc khng c ci t ng dng Ping lin tc Ping mt host. Tng t, mt kh
nng dch v proxy ICMP c th c thu phn bit gia mt ngi c truy cp mt
server kh khn v mt ngi khc ang s dng ng dng Ping trong mt n lc khm
ph tt c host trn mng ca t chc bn. V vy, dch v proxy ICMP m t mt loi
dch v proxy quan trng ,mt dch v c th nng cao an ninh cho mng.
2.3.4 Hn ch
Mc du dch v proxy c th cung cp mt nghin cu nng cao v an ninh mng,
tuy nhin chng ta cn tho lun nhng hn ch ca chng. Trc tin, mt dch v proxy
i hi xem xt ni dung chi tit ca cc gi tin ring l v chui ring l nhng lin quan
n cc gi tin, buc cc ng dng cn phi tm hiu su v cu trc ca mi mt gi tin.
iu ny dn n mt x l thm xy ra trn mi mt gi, m u l mc tr. Th hai,
chui gi c c xem xt quyt nh nu n chp nhn cho php cc gi truyn n
ch ca chng. iu ny ngha l mt hoc nhiu gi trong mi chui phi lm vt m
hoc lu tr tm thi cho n khi dch v proxy xc nh nu cc gi tip tc i n ch
ca chng hoc s c gi n b lu tr. iu ny c ngha l i hi thm b m lu
tr trong dch v proxy hoc bc tng la v lu tr tm thi cc gi tin trc khi a
n server. Trn thc t, theo kim tra cho php bi vi th nghim kim tra truyn thng,
s dng dch v proxy t cc nh cung cp bc tng la khc nhau kt qu t 20% n
40% bng thng ca mt kt ni Internet ti server proxy . iu ny cng dn n mt gi
t 20% n 40%. V vy, bn phi xem xt hiu qu tr dch v proxy v tim nng cn
n nng cp ng dy truy cp Internet ca bn phng xa tim nng nng cao an
ninh mng cho t chc mng ca bn.
2.3.5 V d hot ng
By gi chng ta nh gi kh nng ca bc tng la proxy,chng ta s kt lun
phn ny bng vic xem xt vi cu hnh mn hnh chn bc tng la ca GA Atlanta
(sn phm bc tng la cu GA Atlanta).
Hnh 10.6 Minh ha mn hnh Interceptors Advanced Policy Options (ty chn chnh
sch ngn chn trc) trn mn hnh con tr biu din im bt tt kim tra kt hp vi
lnh FTP PUT n khi ti ln FTP.Trong xem xt hnh 10.6 v mn hnh hin th chn,
ch rng chng m t mn hnh hin th HTML s dng Netscape browser. K thut
chn bc tng la pht ra dng HTML cho php ngi qun l mng xem v sa i cu
hnh d liu bc tng la. bo v hot ng, bc tng la s dng mt m

40
(encryption) v cho php bng h tr giao thc SSL ca Netscape (Netscapes Secure
Socket Layer) vi mt m tt c lu thng gia bc tng la v Web browser dng cu
hnh bc tng la trong khi mt m c s dng xc thc.iu ny c ngha ngi
qun l mng c th cu hnh an ton bc tng la qua Word Wide Web.

Hnh 2.6 S dng k thut cu hnh mn hnh chn bc tng la kha tt c lnh FTP
PUT
Cc lp s dng
K thut chn bc tng la gm c mt lp nh ngha kh nng cung cp ngi
dng vi mt k thut thay th cc mu a ch,thi gian trong ngy hoc URLs bng
cc tn biu tng.Cc lp c bt u bng s chn la cc lp phm n trn tri phn
chia ca cu hnh mn hnh.Bng cch s dng k hiu du bng lm tin t ,chng c
phn bit t cc mu ch.
Thng qua s dng cc lp, c th xem xt kh nng cu hnh ca bc tng
la.V d mun iu khin truy cp t ngi dng ng sau bc tng la n dch v
Internet. lm iu , u tin bn vo a ch IP ca my tnh, my tnh s cho php
truy cp cc dch v chung m bn mong c s dng. Ri th nh ngha tn lp m s

41
kt hp vi nhm a ch IP v to ra mt chnh sch nh ngha dch v m cc thnh
vin ca lp c cho php dng.
Hnh 2.7 Minh ha s dng cu hnh mn hnh k tht bin tp chnh sch ngn
chn cho php lu thng vo vi FTP, HTTP,Telnet v SNMP. Lu rng chnh sch ny
s dng tn lp =ALL-Internal-Host trong hp c nhn From. Mc du khng biu
din, bn s c s dng cu hnh lp u tin vo tn lp v a ch IP m bn mun
kt hp lp .Ri th, chnh sch bin tp mi ny s cho php nhng a ch IP trong
lp nh trc = ALL-Internal-Host s dng FTP, HTTP, Telnet v ng dng SMTP.

Hnh 2.7
Hnh 2.7 S dng k tht chn bc tng la to mt chnh sch cho php lu
thng ra ngoi lFTP, HTTP, Telnet v SMTP t tt c ngi dng trong lp All-Internal-
Hostnh r trc.
Pht bo ng
Kh nng ca bc tng la c nng cao ng k bi kh nng pht ra bo
ng,cho php bc tng la bo ng ngi qun l mng hoc qun tr mng c th
tn cng vo mng ca h.Hnh 2.8 minh ha mn hnh hin th k thut chn Add Alert,
vi mu biu din chn la IP-Spoof.

42
 Trong v d biu din trong hnh 2.8 bo ng IP-Spoof c s dng bng k
thut biu th mt yu cu kt ni xy ra t my ch i hi c mt a ch IP khng
thuc v n.

Hnh 10.8 S dng k thut cu hnh mn hnh Add Alert chn bc tng la
Trong thc t,n rt kh nhn thy IP-Snoof xy ra. iu ny bi v, tr phi bc
tng la thu nhn thng tin v a ch IP trc, chn hn nh v tr ca chng trn cc
on truy cp l ginh c qua cc cng bc tng la khc nhau hoc ghi ch s gii
hn trn a ch IP, gi s rng mt a ch IP l hp l. So snh,cc mu khc, chng hn
t chi kt ni hoc tht bi cho php l d nhn thy hn. Vi mi mt bo ng, u
tin bn phi ch r tn cho nh ngha bo ng, chng hn IP-Snoof cho mu . Sau
chn la mu, bn c th ch r ngy, gi v tng s xy ra bo ng, khi c ph hp s
to ra mt bo ng. S chn hoc h tr hai phng php to ra bo ng hoc qua th
in t hoc trang Web. Nu bn chn la s dng trang web truyn bo ng, c th
gm mt tin nhn, chng hn nh m bo ng s, ntch yu ca loi bo ng.
Gi lc
Trong ton b xem xt hot ng bc tng la vn tt, chng ta xem xt lc gi
ban u. Mc du kh nng lc gi ca chc nng bc tng la tng t chc nng nh

43
tuyn, bc tng la thng cu hnh d hn v cung cp tnh mm do hn trong s cho
php hoc khng cho php truy cp da trn ci t cc qui tc.

Hnh 2.9 S dng k thut cu hnh mn hnh chn bc tng la bin tp dch v
mng HTTP.
Lu rng giao thc HTTP c chn la biu din ,cng nh bin tp dch v
.Ch cc ct dn nhn Max v rate. Ct c dn nhn Maxch th s ln nht
ca cc kt ni ng thi cho php mi mt dch v trong khi ct c dn nhn
Ratech th tc ln nht ca kt ni mi cho mi mt dch v trn c s cho php.
Bng cch nh r cc mc cho mt hoc hai ct, bn c th iu khin truy cp ng k
dch v mng m bn cung cp cng nh cn bng ti trn cc dch v s v nng.

44
Hnh 2.10 S dng cu hnh hin th k thut bin tp dch v chn bc tng la
ci t mt chui qui tt khng ch n HTTP
Trong v d ny ,dch v HTTP c php kt ni n 256 v xp hng i vo
kch c 64 , gi tr gii hn trong khi ch i kt ni TCP HTTP. Tc vo ln nht 300
m t tc ln nht ca cc kt ni mi c cho php vo mt dch v HTTP. Ch mt
ln tc ny vt qu, bc tng la s khng cho php tm thi truy cp n dch v
khong thi gian mt pht. Nu bn cho php c truy cp bn trong v truy cp bn
ngoi n mt Web server, kh nng iu khin tc ln nht ca kt ni vo n dch
v lin quan c th l mt v kh quan trng trong chin tranh chng li cc cuc tn cng
t chi dch v. Vi k thut ny, ngi ta c tnh lm hi hoc nhm tin tc lp trnh mt
hoc nhiu my tnh a ra dch v gi ban u yu cu s dng a ch IP ngu nhin.
T mi kt qu yu cu truy cp dn n server ban u mt tr li bt tay, s tr li trc
tip n a ch gi m khng p ng. Server s gi kt ni 60 hoc 120 giy, iu ny
m t khong thi gian mt ngi dng hp l khng cho php truy cp server trong khi
kh nng kt ni ca n l ln nht.
Trong khi khng c mt hnh thc gii php n vn ny,bn c th dng ty
chn kt ni Max gii hn kt ni HTTP v bn lun c th cho php ngi dng bn
trong truy cp Web server ca bn. Thm na, nu bn nh r tc kt ni Max thp,

45
bn c th ph nhn vi ng lt ca kt ni gi, cho php vi ngi dng hp l vi ti
Web server ca t chc bn.
Khong trng xem xt
Trong khi nh tuyn v bc tng la c th c s dng ngn cn khng
chng thc truy cp n mng my ch, chng khng bo m an ninh kt ni truyn
thng gia my khch v server hoc an ninh d liu c vn chuyn. ginh c an
ninh ny, bn phi s dng vi loi chng thc v m ha. V d, khi s dng Web
browser,bn nn xem xt s dng hai quan h giao thc Internet, SSL(Secure Sockets
Layer) c pht trin bi Netscape hoc S-HTTP(Secure Hypertext Transfer
Protocol) c pht trin bi Enterprise Intergration Technologies, cng nh giy chng
nhn s c th s dng t vi t chc.Vi tr k thut mt m c s dng kha mt m
cng cng cho chng nhn s cho php cung cp chng thc.

2.4 BIN DCH A CH MNG

Nh c cp u tin ca chng ny ,chng ta s kt lun chc nng nh
tuyn v bc tng la.Chc nng l bin dch a ch mng NAT(Network Address
Translation). iu ny c tin trin bi v s khan him a ch IPv4. V s dng
Internet m rng,kh nng t chc ginh c ng k a ch IP t cc nh cung cp
dch v ca h tr nn kh khn hn. Thc t nhn ra rng ch mt phn nh ngi s
dng mng ni ht truy cp Internet cng lc, c th cc t chc ch nh mi trm mt
a ch IP ring, tiu biu t mt trong khi a ch d tr trong RFC 1918, n c bao
trm trong chng trc. Ri th, mt bin dch a ch c dng sp t hoc bin
dch a ch IP ring trong a ch ng k trn thit b. Nu mt t chc c 1000 trm,
sp xp 1000 a ch IP ring khng ng k n a ch 254 trong lp C mng cho php
mt a ch mng lp C c s dng thay v bn. Tuy nhin, nhiu hn 254 ngi dng
i hi truy cp Internet ng thi, vi yu cu ngi dng phi c xp hng cho n
khi mt a ch ng k s dng trc cho php. Mc du NAT c pht trin u tin
nh mt k xo bo tn a ch Ipv4, bn cnh li ch ca s dng n l n a ch ca
trm bn cnh b bin dch. iu ny ngha l mt tn cng trc tip trn t chc my
ch l khng th di hn v dn n chc nng ngn chn NAT c thm vo bc tng
la trong nh tuyn.
Bt chp thit b s dng cho php NAT,hot ng ca n l tng ng. Tc
l,bng cc gi n thit b cho php NAT, a ch ngun ring c bin dch vo trong
46
a ch cng cng. So snh,cc gi vo c a ch IP cng cng ca chng bin dch
vo trong a ch IP ring tng ng ca chng da trn trng thi bn a ch IP
c duy tr bi thit b.
==============================================================
2.4.1 Bin dch cc loi a ch
C ba loi NAT m thit b c th thu.Cc loi ny hoc cc phng php bin
dch a ch gm NAT tnh, pooled NAT v mc cng NAT vi tr cng da vo bin
dch a ch cng PAT(Port Address Translate).
NAT tnh
NAT tnh dn n bn c nh ca mi my ch trn mt mng bn trong n
mt a ch trn mng m rng.Mc d bn tnh khng cung cp mt ti to s a ch
IP cn bi t chc, sau n c cu hnh thm hot ng cn thit v bng tra cu n
gin ca n gim n mc ti thiu.
Gp vn NAT
Khi mt k thut gp vn NAT c s dng,mt phn a ch trn mng m rng
c s dng cho ch nh a ch IP ng trong v tr a ch ring trn mng bn trong.
Mc du gp vn NAT cho php ngi dng bo tn s dng a ch IP cng cng, s
dng ca n c th chc chn nh hng bt li cc loi ng dng. V d, SNMP qun l
vt cc thit b da trn a ch IP thit b v nhn dng i tng. Bi v gp vn NAT c
ngha l a ch mng s l nhiu hn ging nh thay i vt thi gian, iu ny ngha l
cc thit b pha trc thit b bin dch khng c cu hnh chc chn truyn cc by
li n thit b ng sau thit b bin dch. Mt gii php c th cho vn ny l bn
lu di mt qun l SNMP n a ch IP trong khi tt c nhng thit b khc chia s a
ch cn li trong vn a ch. D nhin, thit b h tr gp vn NAT cng phi cho php
kh nng h tr bn tnh.
Bin dch cng a ch
Mt loi kt qu bin dch a ch th ba trong bn a ch bn trong n mt
a ch IP n trn mng m rng. hon thnh iu ny, b bin dch a ch ch nh
s cng khc nhau n trng cng ngun TCP v UDP. S cng c s dng cho bn
l trn 1023, cung cp 64512(=65535-1023) ng thi TCP/IP hoc UDP/IP kt ni
trn mt a ch n. Bi v bn xy ra n mt a ch n thng qua vic s dng s
cng khc nhau, k thut ny c da vo bin dch a ch cng PAT (Port Address

47
Translate). S dng kt qu PAT trong tt c lu lng truyn dn v pha trn mng cng
cng xut hin n t a ch IP n.
Bt k phng php s dng NAT, s dng ca n n a ch IP hin ti ca t
chc mng. Khi c kt hp cht ch vo trong bc tng la, NAT m t mt k thut
buc a ch IP trc tip tn cng bc tng la v hy vng rng cc l thuyt v bc
tng la lm tin nghin cu phn cng chng li cc tn cng trn mng.

48