Đề tài Nghiên cứu giải pháp bảo vệ mạng nội bộ - Pdf 10



 


 !"#$%$&
''


 (

)*+,

/0  "1  2 3 4 5 '" "%" "6 74 2 "#" $ 




 "1 *889      3  : ' 
;7
<
14=>"&=?@''"A"%""6
74B &$42"#"0
*889
C C4"%"&$%$ 3
"%CD"%E"FG"%"''
H
GI"!"#
=9C !4 J GK LC! "M "%"  N  "34 "M "%"
2
 "#" N

2"#"*88 
=3
"M"%"&$%$
"FGI"L8:>
V%9
`  "1 $% 4 a b "%" "6 74 2 "#" $ a  

"14
*88VJ$37%
=?@9UcC48
H
7C?N"<d!"#$%$&
''e4R=:W
3
4&"%"'
'
 f



=bV>"3`*889 'BCVgC'"%"=%7%
"%"=%
&
   h8i::4 "%"  & R h8i::4 "%" LEC
B> h8i::9 W
K4

BP
*$:8V  &   L  ? :$
h8i::&"%"'

L9
`&"*$:8Vc"G6f`M?:$#"GK:n
&"
"%"
''R*$:8V
L9
 j



Chương
1:
VẤN ĐỀ AN NINH AN TOÀN MẠNG MÁY
TÍNH
1.1. Tổng quan về vấn đề an ninh an toàn mạng máy tính
1.1.1. Đe doạ an ninh từ
đâu?
LH'4"%&"%%":3VVWGS=3
%"
K4
"l:3$AN9kM?! GK@G00"%
"E&4"%@o$4

"F"M=3D=pQ"D"CCQ"D"=%"
::""%%"CV4::G0
"%
&9q>R";"%&"%%"
C:3:#"Ll""ALH'4"1$:
`
"%%"4?G"%%":

"AGK=%"G&":C"5$"%"3"A"%""3C4'$

E   "C ' 999 Uc ! >" ?4 1 ? "%" 2 "#" "3 C


%CD"1"M':GI:0"%"3=?@
>"C?9:GI
:0
"%"3 C4"M"%"3DG"%"D
G64"%"=?"$%
V
$u4"?:GI"=84$ED"
"D999C"%"3EV>4D!
G999
k%"3 C?
V#"7<4&":'"%"3""%"@A"
Vg
BJ?
'7?V#"!
<9
C!4=3$"#=@;=pL"F"M>"
&GI"
Q"
D""A9kl"1$"MK4;V6c4C?=v
"A "D ; & @

&  9 / >" & GI"  M4
"l "F $ "M D &3 
"'
 0 " ' "^B = &9


:
=3`9q>$%
CHEC7!<4MHc

':'$98
V@ :& @ =! "A kyz Xk$8 y88"C z8V$V8 8Z


V@
 :GI
"%"Q"3 ! *88GI" 3 % " 2 "#" C : D6(YY 
{|{4=jYY{{4jYY{{f((j{{j9;
Q"3
C

R
""%"%CD"MS!*884`"%"%CD
"A"%""3C:0GT
4
*U+4"%"GK<"4"%""67G0"4
"%"  999; " V@ G  C4
!
 >" ? "\ : $1 2"A 
9 +' $1 :0 "%" Q  "3 =3 GI" 3 %

 :] B =%"
4GV>CD4S""\6:<=3?N
"39
>" ?48B  =3 "\c!  2 "#"4  ! 2

&4G0"?:""D
9
1.1.2. Các giải pháp cơ bản đảm bảo an
ninh
G!HC4%CD"MN8B`
M"
'
C!E=%"98B"ML$%`!
''S"
"F
"ML$%`C!2"#"9}
M4
 ~



&""%CD"1$"M$%$
"Q
=%"9C!427"M$%$"6
V
• €$%$$1
"#9
• €$%$$1
9
• €$%$"
GK9
EC:$%$27%='7N
"F$
D
?"3%" %CD9+^

H%4!4"%"&@#"
GK
:n4999k%"$G6$%$L%">"
H%"3C!'"%"

9/0
"%" #" : &" "A M4 3   ! GK C GI" H %
BG0
B ;=pda'e=3 CGI"4 S"?3NVn
2 
6
  Vg "M "6 "? $% & V> Vn2 M9 ka $G6 $%$ Vn
BQ&@#"GK
:n

:
cM"'=%"9UR"%"?
:$"%":'S"&XGK
<
:oZ;&@
!  X "1  &Z 0 & @  !

X GI" " :
=3C:*88Z4&@#"GK:n

"M
=V%"%"=?@23;9/0"%"#"C4&
@
GK
:n=%@"&@"1&9G?4

&"VnBQ%C4
VnBQ$14999/GC4Vg&7&"


"&@%CD'=>"&&$%$"D
V%"
"

GK9
M:4%CD:':04MC!
"1"1
$
"M'$%$24=3"\$14$1"#%CD
Mab"

"DV%" "GK9/  C"1$GI"
>"&'"%"GKLC!
:!

Q"4
=3K&GI"M:3
CV8K9C!4R"%"
$%$
2I$:]4S"&:
7C?@"DV%""GK"M"

V>
"5""5
69
1.2. Vấn đề bảo mật hệ thống và mạng

V
 |



1.2.2. Một số khái niệm và lịch sử bảo mật hệ
thống
a. Đối tượng tấn công mạng
(intruder)
@ GI : ; "% E S" 2 "#" Vn BQ ; =? #" 

"%"
"3 "Q $%  XW $1 "# S" $1 Z  Ba "%"
C?"%":^2

!&@4>"&"%"'LE$
"?C!%
$v$9
+'V@@GI"3
G
["=8:;=pLE$%$v$R"%"VnBQ"%"
"3"Q
$%
=uS"=%""%"C?"A$1C$!
&
@
+V78B8;=p 3!GN
"\*m4
!
4NBGK

$%$9
kMC!EEC;:^2"MB:^"A
E&
@4
S"$1""$S"GK7NC?=v=3 
VE"%"BN"Q"
"$O
+#"'Gc"A"%":^20&@:=%"9kM:^2
"\
Gc
0":GIBN"Q""$4"M:^2Gc0'
&@S"$%AC&
@9
c. Chính sách bảo
mật
kDV%":$I$"%"7C5"%$BQ";GK
7
N
4"MVnBQ"%"C!"%"BN"Q
9
 {



@0`GKI$$"M"DV%"=%"9kDV%"

l$
GKVnBQ?%" &"A&"&"%" 
C!! 4 W
K

BQI$$%$C
$
CVnBQ&
@9
k%"BN"Q"M:^2"$v$"%""'""3}q"MGI"E
"$ S"
Vn
"; R "%" $!  0 6 "A "%"  " "$ BN" Q9
[&C"G"M'
&
$%$; &=5"$Q" "3
=CE?=?c1
*88
X*mZM!'#"km…*m
M"Hu"#;C"6"A"%"
:^
2:
C9
¾ Lỗ hổng loại B k$v$GKVnBQ"M!"%"7C!&@
=3
"1
=DI$:&BJ?%3C!"1"19
^2CGK"M

"%"#BQ!&@9kM#"'C


9
^ 2: UC"M #" ' C  6 :^2:k9k $v$
GKVn

B;:&1B;:&GI":GcP&9_GKVnBQ
$6(Y=]>
Vg
P&9;=]>$`VgR
P&=?=3 =
V%
GI"9G@0;=p"3
"l "M  :IBQ ; :^ 2 C  $

 ; =] > S" & 
>"'V@:&S"&!&@93GK;:^
2
CGI"
:I BQ c ; GK Vn BQ ! & @   GI" 7C  =3
I$
:&9
"?GI""%":^2:U$=!V% "S"g"&
@"%"
"G6

9
¾ Lỗ hổng loại A: k $v$ GK  & @"M  C "$I$
$%$
&
@9kM:$%t'&@9:^2C"M#"
'C8B<
D
o"A&@9k%":^2
C
GKL&c;&@7NC?=vS"=3=V%GI"


!':&""Q"'S"'cL9+'=p$%
Vn
BQ"G6q"8"M$%&;:^2!
'
q88BPc
L9
k6 "?  ' :  V%  $% & ; "2 km….}m GI" VA
BQ!
&
@"1"3"%"BN"QVnBQ!&@M9q"8
:;%$#!
&
@`LG6#0BN"QM$%&
9`MM"M!C?"A
&

@9
;C?@'q"8'G
V
‹!"1?N&@+3GK"M^Ikm…*m
[&
@
$=?@
*889
k%" "G6  q"8 "M  a 7 <  ' & @ 
4 
"l
"M=$% & ; C?=v!' & @
9

!
:C"%"3"M%N2!
9
qƒƒ8 "M  d5e GI" "%" 3  2 ;:&"
0
9

>"
&5"%"M`1*mcL@9€#"c1*mGI"
NŒ"3=4

"l""%"GK8B8s4!&"H"%"
MC=3=M
=9
+Q" D" "A "%" "G6  Vƒƒ8 M : ? :$"?' $V"V
XB8
BP
"Z ! "%" "B  888 6"%" M  2 
`M 5 GI"
3

9
k%"?NVƒƒ8"M5GI"'32!:
B>

C!5"B"VX7%Z"%"<
y889
C!&"? :$ ' & @ Vƒƒ8 =3 $ 6  "1
$
LE

%9
•
Trojans
ŽV:'"G6"C=3 I$:&!'&@9/0
a G
'
"G6  I$ $%$9 ŽVC "M  "C GI" : B "%"
"G6I$$%$H
N
C2H"AMHI$
$%$9
/D BQ G "%" "G6  V : :   "A ŽV9 ;
"G6

VGK"8B "%"  H  "%" "G6  Vn BQ
I$$%$9_;
"G6
CGI"=D";HuB
Vg >"  "l >" & ' V@
"#"
  GK VnBQ =3 ?
G"5$=uS""$Cƒ:8GKVnBQ
G


GK=3
C
?9
+'"G6ŽVVg>"&';"3&"
V

37ŽV=p"3:CGI"7C!
&@:IBQ7C
M
$%AC'$1S"'&@S"
BP 7C   C 2 :ƒ:84 "
S

"%"
"G6  ŽV =%" 
GK 7N =3  $% & GI" EC  #" '

Gc  !
<GK7N"\"a"%""S:'&
@9
1.3. Vấn đề bảo mật cho mạng LAN
_M?"GK7E0;

"D

:
3B;:&2!''4
3B; :&  2
`
 !  `!   
9/&" =V%GI" ; C
"$
 I$$%$`!   "F
G=V%;C"$=3"$v$`
'




&B;:&!GKCGH%4L%"
>"O
1.3.2. Tường lửa
(Firewall)
 ; h8i:: XU#" GK  :nZ "M W @" ` ' =„ 
?=?

LECB>"S4"?9 "3 &
34h8i:::'
=„
GI"D"I$&@"@V>
C"$%$v$R&"%"
W
3''"FG"?V>
LE$&@"A'V@3=%"
=3
@9kF"M
Rh8i:::'"6"?&Gc
XV8B
8i=Z
=b"%"=3GcX.V8B
8i=Z9
h8i:: ;"A'2"#"4'"3C4C'7@"
X*8Z

 *889M>" & a   "%" 3  *8 ` ?
0*88!
9

"6"?:<"M
9
2.1. Giới thiệu về firewall
2.1.1. Khái niệm
firewall
h8i:: : ? N R  "S V> C $ =3 I$ :& ` 


9[&@ ƒ8i::GKW" $1"#$1
9h8i::GKGI"
BP
8$G6#""SC"%":@
0"%"N"\=%"
9
2.1.2. Các chức năng cơ bản của
firewall
k#""D"Ah8i:::=V%:W3;"1

&

XV8B
8i=Z*8837"%""DV%"C$HGI"
?
:$9
k$v$S"""%" BN"Q C$`   `

9
_V%N"\C$4BN"QVn
BQ9
_V%=C"$GKVnBQ;(

G'"?"%CD"\
>"
&"#"BC::<"MR"%"
"C'$1HGI""#M
M


"\"M?:$"%"$:
"a=3 C2'NC? GI""#M 
D"
I$! 9 PC
`:ƒ8i::$1"#"A"%"H=%""$v$
GK
7
N"M="$;7C5":<"M=%"
9
_  '4 GK :n Vg B> ! "%" 7C 5" GI" ?:$ '
NC?

=38B8"AMGN"\WXV"8*m
BB8VVZ4 N "\
D"
 XB8V *m BB8VVZ4 "2 XmZ 999 ? < 3 
8B8"AM:I$:&M
Vg
GI""7?=3I$:&MVgN
b79kD&"=3 KLn:D
;

M

GI" & GI": M$37 h8i::$1"#9
•%=BC& LC

?"%"3  $18B8"AM 
WN"\WXV"8 *mBB8VVZ4
N

"\
D"XB8V*mBB8VVZ4"2
XmZ 999 GI" "$   M Vg GI" "C ?$

 !  C
"C88!
9
[&C!?0"M'V@HVLƒ8i::$1"#2
?
G
k*qk•4}*_4
my999
b. Firewall phần
mềm
ƒ8i::C:'"G6#BQC! 5"'B>
!!
#
BQ$LC:'$1"$v$"C"%"M%C
"AGI"?;
N
N8C!"19/"%"7C5":<"M
GI"GKVnBQ>?:$9GK


B"A M 9 k%" 3   ƒ8i:: =GI" GK BP 7C N
G0"$:9?MGI"$1ƒ8i::"7?$8M
VgGI"G?
"%"
%C"S":"%"#BQ"C>"?$!
%C
M9
}G0 EC:3GK VnBQ ƒ8i::$1 X+%C D BP
:
ƒ8i::

"M
  G6  & Q =%"  &" : '
h8i::DBQ}q
V884
+:V884‘8V88
999Z
[(+3VnBQh8i::$1
9
3C%CD"C#BQƒ8i::"Ma9
MVg

"%"M`*88m8"8B8i=VM>"&7%
=$18B8
"A

"%"
MMW3G N "\ ?4N"\
4#"4"2BN"Q999VM?$1ƒ8i::"$"M
7 M

+^:GK:n"M;G4GI"GI"VnBQ
;
GK
I$=%"9GK:n$1"#GKGI"VnBQ
""%"
:0
?=3VnBQƒ8i::$1"#Vg"1
&@ƒ8i:: $1#":Vg"M
'
D%C"A9+%C"ACVg
<M=BC&W"C?$""%"%C

9+@"'"A
ƒ8i::$1'"6V0ƒ8i::$1"#!

Gc
:0?@"'"A&@
9
+S=%"&@GK:n$1GKGI"VnBQ
 
"
"%" %C D "% E S" '  b9 /&" Vn BQ & @
ƒ8i::$1Vg
l$
"$D% "?Nƒ8i::$1"#5
$:1V0&@
ƒ8i::

$1
9[6;4=VnBQ

ƒ8i::$1"#=3 =V% GI"9Uc
C  h8i:: $1 "# =3 
l$
 "S "%" : V & @
Gƒ8i::$1"M
9
2.1.4 Một số hệ thống firewall
khác
a. Packet-Filtering Router (Bộ trung chuyển có lọc
gói)
[& @ *88 ƒ8i::$2?"\W' $"=8ƒ:8
8S
;
'' *889+' $"=8ƒ:8 8"M "#"
"C?$C
3
;VnBQ"%"7C::<"M
"$v$C`"@C39k
4
"%"7C::<">6"NŒ
V " "%" V !  ' ' GI" 7C C $
>"
?$ 0 *884
="%"V!*88"\"M'V@0"%"C$"%"
%C
D!''9GGc"A3"l"ƒ8i::C:"
;
=3GI""\s:"$v$"MŒ:N`
"@9
U!

$v$C$>"?$*88"1$
GI"
""$'& @L%" >"$#"$4GKLC! = cGK
7N

L8"MB&"AV>"3
=39
¾ ?'$"=8ƒ:88B'V>"@M`'4
"&
@

!
''"MN
"39
b. Screened Host
Firewall
[& @ C  W ' $"=8ƒ:8 8  ' V V9
q"888B
[V
h8i:: ""$'  "6 m"=8h:8z84 
M >" & "   c
1
8i=X $"=8ƒ:8 Z  c 1 # BQ
X$$:":88:Z9WK4=p"3
$

$%
r"1
"3'
'9

Vg
7C? NL8"%"
&@''GI" $v$ C$>"?$ V*88 C
:
"l
$ Vn BQ BN"Q $LC ! V V9 /&" 5 '";V8 ' '
GI"
>"
 & R "%" S " ':<""A 8 V " "\ "$ 
;C3'
'
L$%`V
V9
Ưu
điểm
¾ +%C"A""$"%"3"3"'7BN"Q‘8hm"M
S
!
 $"=8ƒ:8 8  V9  GKI$ C! "1 '  
"4V
V

"M
"C"%"BN"Q$LC C! "1" "%" V8
"
C$7VVG0"=@0%C"A9GKI$
=3C!
"1
'""%"%C''"M@”0%C
"A9

"3"F"\0 ?VV 39C !4?
GV8 :  GI"

VV < "MBxBC$ 
'
''9/C"1$"=3"V8:V
V9
c. Demilitarized Zone (DMZ - khu vực phi quân sự) hay
Screened-subnet
Firewall
[& @ C  W  $"=8ƒ:8 8  ' VV9 [&
@
ƒ8i::
C"M'"M""$"#"8i=
$$:"=
N
Œ'd$7EV>e9+}+“M
aG'b4"3:$S;
*88
''9k64'}+“
GI""V""%" &@!*88 
'
'"\"MC
$GI"' V@0 "%" &@ !}+“4  V>C
>"
?$
7}+“:=3
GI"9
/0;3?48"@:;V>"3
"u

*VB8
8
*ƒ
V88
Ưu
điểm
[~q"888BV8
h8i::
¾ _p"3"1$%r1&84VV
8
9
¾ Uc  8  "\ 7 "% }+“ 8i= 0 *884 & @
''
:
=3CXV:8Z9 k\"M'V@&@HGI"
"<!}+“:
GI"

?
?c*887:8}q
ƒ8L"8X}8q88
Z9
¾ Uc 8  "\7"%}+“ 8i=0''4"%"
&
@''=3C$>"?$*889C
R
;
V8!5'"$C$*887BN"Q
$LC9
2.2. Các chiến lược xây dựng firewall

@4
=3
! " S  "\ Vn BQ ' "? '   " BP M "M 
4!:5$S
"6
"?"l"M^I:J9/C
ƒ8i::GI"LECB>8"6"?"M
:0$

&9
2.2.3. Nút thắt (Choke
Point)
+'l55'";=p'$$7'd"n=ueo$
"l

"M =V% =GI"@G &"@ $
L8%4$7
"2
=V%
v9
 "6 "?   4 h8i:: R ; & @ "A
*884
M
"D:'l59U=•"M]N'$&@`*88
Vg$7"n=uC4

"M8Bs47:]
GI"9
2.2.4. Điểm xung yếu nhất (Weakest
Link)

$Q"

:9
}> ! C!5"CGKG   7C5""6%$BQ "
"%"7C
N
&$%$

+':4 }8ƒ:B8Cq"8kl <;"%GI"$v$ 
"S"
"%
"a:9;=3s"QVgN
"9
[:4}8ƒ:$8V"8l<;"%N""
$v$
"
;"%"a:4;=3N">I"
$v$9
[1?;GKVnBQ7:]7C5"B8ƒ:$8V"8
"R
<
#S"NŒ :"$v$ 'V@ BN" Q4 ' 5"
@4=3sVgN

"9/D
BQ
hq=3"$v$7
ƒ8i::9
C$ ‘‘‘ N"? @0 ;"C!   ;


:GI"&8"VE9Uc4?""%"&@"A


Trích đoạn Bộ lọc Sesion thông minh (Smart Sesion Filtering) TÌM HIỂU IPTALES TRONG HỆ ĐIỀU HÀNH LINU Khái niêm căn bản về NAT Đánh giá phần mềm

Nhờ tải bản gốc

Tài liệu, ebook tham khảo khác

Đề tài Nghiên cứu giải pháp bảo vệ mạng nội bộ - Pdf 10

Tài liệu, ebook tham khảo khác

Học thêm