Graduated - Network Security

Preview:

Click to see full reader

DESCRIPTION

abc

Citation preview

  • NETWORK SECURITY

    ( GRADUATED )

    1-TRNH BY KIN TRC IPSEC. CC TNH NNG M IPSEC B SUNG CHO GIAO THC IP?

    P N: IPSec l thnh phn m rng ca giao thc IP. B sung mt s tnh nng cho giao thc IP

    KIN TRC IPSec

    IPSec l mt giao thc phc tp, da trn nn ca nhiu k thut c s khc nhau nh mt m,

    xc thc, trao i kha, Xt v mt kin trc, IPSec c xy dng da trn cc thnh phn bo mt c

    bn sau y:

    -Kin trc IPSec (RFC 2401): Quy nh cu trc, cc khi nim v yu cu ca IPSec.

    -Giao thc ESP (RFC 2406): M t giao thc ESP, l mt giao thc mt m v xc thc thng tin

    trong IPSec.

    -Giao thc AH (RFC 2402): nh ngha mt giao thc khc vi chc nng gn ging ESP. Nhng

    vy, khi trin khai IPSec, ngi s dng c th chn dng ESP hoc AH. Mi giao thc c u v nhc

    im ring.

    -Thut tan mt m: nh ngha cc thut tan m ha v gii m s dng trong IPSec. IPSec da

    ch yu vo cc gii thut m ha i xng.

    Kin trc IPSec

    Giao thc ESP Giao thc AH

    Thut tan mt m Thut tan xc thc

    DOI

    Qun l kha

    Kin trc IPSec

  • -Thut tan xc thc: nh ngha cc thut tan xc thc thng tin s dng trong AH v ESP.

    -Qun l kha (RFC 2408): M t cc c ch qun l v trao i kha trong IPSec.

    -Min thc thi (Domain of Interpretation_DOI): nh ngha mi trng thc thi, xc nh mt tp

    cc ch cn thit trin khai IPSec trong mt tnh hung c th.

    Xt v mt ng dng, IPSec thc cht l mt giao thc hat ng song song vi IP nhm cung cp hai chc nng c bn m IP nguyn thy cha c, l m ha v xc thc gi d liu. Mt cch khi qut, c th xem IPSec l mt t hp gm 2 thnh phn:

    -Giao thc ng gi, bao gm AH v ESP.

    -Giao thc trao i kha IKE (Internet Key Exchange).

    CC TNH NNG M IPSec B SUNG CHO GIAO THC IP

    IPSec cung cp cc c ch m ha v xc thc thng tin cho chui thng tin truyn i trn mng

    bng giao thc IP v n c thit k nh l phn m rng ca giao thc IP. N b sung cho giao thc

    IP cc tnh nng thng qua cc ng dng in hnh v cc dch v c chnh n cung cp:

    Cc ng dng in hnh ca IPSec:

    - Kt ni gia cc chi nhnh ca mt t chc thng qua mng Internet: bng cch xy dng

    mng ring o VPN trn nn mng WAN cng cng hoc Internet.

    - Truy xut t xa thng qua mng Internet: thc cht y l mt dng khc ca VPN

    (Remote Access VPN). Ngi dng c th truy xut mng v ti nguyn ni b ca mnh t mt

    im bt k trn Internet m vn an ton.

    - Nng cao tnh an ton ca cc giao dch thng mi trn Internet: p dng cho cc h thng

    thanh ton trc tuyn, .Cc kt ni thit lp n h thng ny c h tr IPSec nn tnh bo

    mt vn c m bo d truyn qua mng Internet cng cng.

    Cc dch v c cung cp bi IPSec:

    - Qun l truy xut.

    - Ton vn d liu ch khng kt ni.

    - Xc thc ngun gc d liu

    - Chng pht li.

    - M ha d liu.

    - Bo mt dng lu lng.

    2-M T C CH HOT NG CA GIAO THC NG GI AH TRONG IPSEC ? DCH V

    CHNG PHT LI TRONG AH DA TRN C CH NO ? C CH XC THC THNG TIN

    TRONG AH ? PHN BIT HAI CH HOT NG CA AH L TRANSPORT V TUNNEL ?

    P N:

    C CH HOT NG CA GIAO THC NG GI AH:

    AH cho php xc thc ngi dng, xc thc ng dng v thc hin cc c ch lc gi tng ng m

    bo tnh ton vn ca d liu di chuyn trn mng. Ngoi ra, AH cn c kh nng hn ch cc tn cng

    gi danh v tn cng pht li. C ch xc th ca AH da trn m xc thc MAC, do thc thi u

    cui ca SA phi dng chung mt kha b mt d khng dng mt thut ton mt m no.

  • DCH V CHNG PHT LI TRONG AH DA TRN C CH NO ?

    Tn cng dng pht li tc l bt gi, lu tr ri pht li.

    Bn gi: nh s th t cc gi c gi i trn mt SA. Gi tr khi to bng 0, tng dn sau mi gi

    gi, khng c gi lp li, khi s th t t gi tr cc i bng 232 -1 th s khng quay li gi tr 0 m

    thay vo , mt SA cng vi kha mi c thit lp truyn d liu, iu ny m bo khng c 2

    gi trng s th t trn cng 1 SA.

    Bn nhn: qu trnh x l phc tp hn nhm pht hin cc gi lp nhau, dng c ch dch ca s

    pht hin lp, mt v sai th t gi.

    C CH XC THC THNG TIN TRONG AH ?

    Dng 2 cch:

    1. HMAC-MD5-96: dng phng php HMAC, hm bm l MD5, ct ly 96 bit u tin

    2. HMAC-SHA-1-96 dng phng php HMAC, hm bm l SHA-1, ct ly 96 bit u tin.

    Phn bit hai ch hot ng ca AH l Transport v Tunnel ?

    AH Transport Tunnel

    Ging nhau - u cung cp c ch bo v d liu cho cc gi tin

    - u l nhng ch nm trong giao thc ng gi AH.

    Khc nhau - dng cho trng hp xc thc

    t u cui n u cui.

    - Gi IP ch ny c chn

    thm giao thc ng gi AH

    theo th t IP, AH, TCP, DATA.

    - dng cho trng hp xc thc

    t u cui n trung gian.

    - Gi IP ch ny ngoi vic

    c chn thm AH th cn chn

    thm mt a ch IP mi

    bao bc gi d liu hin

    hnh.

    - Phm vi thng tin xc thc

    nhiu hn Transport.

    - thng dng trong cc SA ni

    gia 2 Gateway

    3-M T C CH HOT NG CA GIAO THC NG GI ESP ? PHN BIT HAI CH

    HOT NG CA ESP L TRANSPORT V TUNNEL ?

    P N:

    M T C CH HOT NG CA GIAO THC NG GI ESP ?

    ESP (Encapsulating Security Payload) cung cp tnh bo mt cho d liu truyn trn mng IP bng cc k

    thut mt m. Tuy nhin n cn c ty chn khc l cung cp dch v m bo tnh ton vn ca d liu

    thng qua c ch xc thc. Ngi dng c th chn hoc khng chn chc nng xc thc cn m ha l

    chc nng mc nh ca ESP.

  • PHN BIT HAI CH HOT NG CA ESP L TRANSPORT V TUNNEL ?

    ESP Transport Tunnel

    Ging nhau - u cung cp c ch bo v d liu cho cc gi tin

    - u l nhng ch nm trong giao thc ng gi ESP.

    - u thm vo gi IP gc cc trng ESP header, ESP trailer, ESP

    auth.

    Khc nhau - chc nng m ha v xc thc

    thng tin c thc hin trn

    phn d liu (payload data) ca

    gi IP.

    - gi ESP header t sau a ch

    IP

    - Ton b gi IP c m ha

    v xc thc

    - Gi ESP header t trc ia

    ch IP c (a ch IP ca gi IP

    gc)

    - Phm vi thng tin xc thc

    nhiu hn Transport.

    - Gi IP ch ny cn chn

    thm mt a ch IP mi

    bao bc gi d liu hin

    hnh.

    - ESP header nm sau a ch IP

    mi (a ch IP c tao khi

    dng ch Tunnel).

    4-CC DCH V CA SSL? CC THNH PHN CA GIAO THC SSL? M T C CH BO V

    D LIU (M HA V XC THC D LIU) CA SSL RECORD PROTOCOL?

    P N:

    CC DCH V CA SSL ?

    - M ha d liu

    - Xc thc d liu

    - Xc thc u cui

    CC THNH PHN CA GIAO THC SSL ?

    - Giao thc truyn d liu SSL (SSL Record Protocol): xc nh cc nh dng dng truyn d liu,

    cung cp 2 dch v c bn cho cc kt ni SSL: bo mt v ton vn d liu.

    - Giao thc thay i thng s m (Change cipher spec protocol): l giao thc n gin nht trong cu

    truc SSL. Dng thay i cc thng s m ha tr kt ni SSL, c gi i trong cu trc gi ca SSL

    Record.

    - Giao thc cnh bo (Alert Protocol): dng trao i cc bn tin cnh bo gia 2 u ca kt ni SSL.

    C 2 mc cnh bo: WARNING (thng bo cho u kia c s kin bt thng din ra) v FATAL( yu

    cu kt thc kt ni hin hnh).

    - Giao thc bt tay (Handshake Protocol):

  • + l giao thc quan trng nht ca SSL

    + c 2 pha dng xc thc ln nhau v thng nht cc thut ton xc thc MAC v m ha

    + cng c dng trai i kha b mt

    + phi thc hin trc khi d liu c truyn.

    M T C CH BO V D LIU (M HA V XC THC D LIU) CA SSL RECORD

    PROTOCOL ?

    Cc thao tc m SSL thc hin trn d liu bao gm: phn on d liu, nn d liu, xc thc d liu,

    m ha, thm cc tiu cn thit v cui cng l gi ton b thng tin trn trong 1 segment TCP.

    pha nhn th qu trnh thc hin ngc li.

    5-M T C CH BT TAY TRONG GIAO THC SSL HANDSHAKE PROTOCOL? CC LOI KHA

    S DNG TRONG MT KT NI SSL?

    P N:

    - L giao thc quan trng nht ca SSL

    - c 2 pha dng xc thc ln nhau v thng nht cc thut ton xc thc MAC v m ha

    - cng c dng trai i kha b mt

    - phi thc hin trc khi d liu c truyn.

    D liu gc

    Phn on

    Nn

    Gn thng tin

    xc thc (MAC)

    Mt m ho

    Gn tiu giao

    thc SSL record

    Hnh 3.14: Hot ng ca giao thc truyn d liu SSL

  • C CH BT TAY GM 4 GIAI ON:

    GIAI ON 1: Thit lp cc thng s bo mt nh phin bn ca giao thc, nhn dng phin giao dch,

    thut ton mt m, phng php nn, s ngu nhin ban u. Cc thnh phn cn bn ca bn tin

    Client_Hello v Server_Hello:

    + VERSION: phin bn SLL

    + RANDOM: s ngu nhin dng xc thc

    + SESSION ID:

    + CIPHER SUITE: tp cc thut ton mt m h thng h tr

    + COMPRESSION METHOD: thut ton nn h thng h tr

    GIAI ON 2: Server c th gi chng thc kha cng khai, trao i kha v yu cu client cung cp

    chng thc kha.

    GIAI ON 3: Client gi chng thc kha khi c yu cu t pha server , trao i kha vs Server.

    Client cng c th gi xc minh chng thc kha cng khai cho Server.

    GIAI ON 4: Thay i cc thng s ca thut ton mt m v kt thc giao thc bt tay.

    CC LOI KHA S DNG TRONG MT KT NI SSL ?

    (ci ny khng chc ng, ch kim tra li th)

    - S nhn dng ngu nhin: chui byte chn ngu nhin bi Server v Client, c chc nng phn bit cc

    kt ni vs nhau.

    - Kha xc thc ca my ch: Kha b mt dng tnh gi tr xc thc MAC trn d liu c gi i t

    Server.

    - Kha xc thc ca my con: Kha b mt dng tnh gi tr xc thc MAC trn d liu c gi i t

    my con.

    - Kha mt m ca my ch: Kha b mt dng mt m ha d liu gi i t server.

    - Kha mt m ca my con: Kha b mt dng mt m ha d liu gi i t my con.

    - Vector khi to: dng trong ch m ha CBC. Gi tr ny c khi to bi giao thc SSL Record.

    - S th t gi: S th t cc bn tin c gi i v nhn v trn kt ni.

    6. M T CC GIAI ON CA GIAO THC BO MT MNG KHNG DY 802.11i? CHO BIT

    NHNG NNG CP CA 802.11i SO VI GII PHP BO MT TRONG 802.11?

    * CC GIAI ON CA GIAO THC BO MT MNG 802.11i :

    Trong m hnh tng qut, c ch ny p dng cho mng WLAN vi cc thnh phn bao gm STA (thit b

    u cui di ng), AP (Access point), AS (Authentication Server).

  • - Discovery: AP gi cc bn tin Beacon v Probe Response qung b thng tin v mng v cc chnh sch bo mt ca mng WLAN. STA da trn cc thng tin ny kt ni n AP.

    Mc ch ca giai on ny l AP v STA nhn din nhau, thng lng cc thng s mt m v thit lp lin kt vi nhau chun b cho cc bc tip theo. Cc chi tit c xc lp trong giai on ny bao gm:

    + Giao thc mt m v xc thc d liu gia AP v STA.

    + Phng php xc thc u cui.

    + C ch qun l kha.

    - Authentication: STA tin hnh xc thc vi AS thng qua AP. Trong qu trnh ny, AP khng tham gia vo qu trnh xc thc m ch c vai tr chuyn tip cc bn tin gia STA v AS.

    y l giai on xc thc 2 chiu gia STA v AS. C ch xc thc c thc hin theo m t ca 802.11X, s dng giao thc xc thc EAP (Extensible Authentication Protocol).

    - Key Management: AP v STA thc hin qu trnh trao i kha.

    Hai c ch trao i kha c th dng trong giai on ny: preshared key v Master Session Key (MSK). Preshared dng kha tnh c ci t i xng trn AP v STA, ngc li MSK th c to ra trong giai on xc thc dng giao thc EAP. Cc kha sau c sinh ra t hai kha chnh ny. Qu trnh thit lp kha c thc thng qua th tc bt tay 4 bc.

    - Protected Data Transfer: Qu trnh truyn d liu gia cc STA thng qua AP. AP s ng vai tr trung gian trong vic m ha v gii m d liu.

    D liu c trao i gia AP v STA c bo v bng mt trong 2 c ch: TKIP v CCMP:

    + TKIP (Temporal Key Integrity Protocol): D liu c xc thc bng MIC (da trn thut ton bm Michael) v m ha bng RC4.

    + CCMP (Counter Mode CBC MAC protocol): D liu c xc thc bng CMAC (CBC-based MAC) v m ha bng AES ch CTR (counter mode).

    - Connection Termination: AP v STA thc hin th tc xa kt ni.

  • * NHNG CI TIN CA 802.11I SO VI C CH BO MT C:

    - Mng LAN 802.11 c thit k c ch bo mt n gin, c gi l WEP (Wired Equivalent Privacy).

    WEP s dng c ch bo mt yu nn c th b b kha d dng vi cc cng c c sn hin nay. Nhng

    im yu c bn trong WEP:

    + S dng thut ton mt m yu (RC4) vi chiu di kha ngn (40 bit).

    + S dng CRC-32 cho c ch xc thc d liu khng an ton.

    + S dng kha tnh chung cho m ha v xc thc.

    + Khng c c ch trao i kha.

    - Khc phc nhng nhc im , 802.11i cung cp cc ci tin sau:

    + S dng thut ton m ha mng (AES)

    + B sung c ch trao i kha

    + Thay th CRC-32 bi thut ton xc thc da trn hm bm Michael.

    + Phn bit c ch m ha v xc thc.

    7. TRNH BY C CH HOT NG CA GII PHP BO MT EMAIL PGP (PRETTY GOOD

    PRIVACY)? M T C CH M HA V XC THC P DNG TRONG PGP?

    * C CH HOT NG CA PGP:

    Files c M HA bng mt PUBLIC KEY. Public key ny ca bn c th c cng b rng ri. Nu bn

    mun bn b, khch hng, i tc... ca bn m ha th gi n cho bn th bn cn phi cung cp

    cho h public key ca bn. Files c GII M bng mt PRIVATE KEY. Ch c ai nm gi private key ny

    mi c th gii m nhng bc th c m ha bng Public key ca bn.

    - Xc thc ni dung th:

    + Bn tin gc ca ngi gi c bm bng hm bm SHA-1, m bm sau c m ha bng

    RSA vi kha ring ca ngi gi to thnh ch k s c gi km vi bn tin gc.

    + Pha nhn tch bn tin gc v a vo hm bm SHA-1, ng thi gii m ch k s bng kha

    cng khai ca ngi gi kim tra.

    - Bo mt ni dung th:

  • + Pha gi to mt s ngu nhin 128 bit v dng lm kha m ha bn tin gc ca ngi gi

    bng cc thut ton mt m i xng (CAST_128 hoc DES/3DES) theo ch Cipher Feedback

    64 bit (CFB).

    + Kha sinh ra c m ha bng RSA vi kha cng khai ca ngi nhn v gi km theo th.

    + Ngi nhn dng kha ring ca mnh gii m phc hi kha i xng v dng kha ny

    gii m bn tin gc.

    - Nn th:

    + Vic nn th nhm mc ch lm gim kch thc th vic truyn c thc hin nhanh hn,

    ng thi lm tng hiu qu ca thut ton mt m.

    - Chuyn m:

    + Sau khi x l th (xc thc, nn, m ha) th ni dung th s tr thnh mt khi d liu nh

    phn, c th khng tng thch vi cc h thng th vn ch h tr nh dng vi m ASCII. Do

    vy, PGP phi thc hin thao tc chuyn m nhm m bo ni dung th sau khi x l vn c th

    c chuyn tip bnh thng trn cc mail server.

    + C ch chuyn m trong PGP c thc hin theo bng m base64 encoding (radix-64).

    - Qun l kha:

    + Mi user duy tr mt tp cc kha cng khai ca nhng user khc, tp kha ny c qun l

    bi mt keyring.

    + Trong PGP, ngi dng t to ra chng ch s, cc chng ch s ny c phn phi bi chnh

    ngi dng.

    + Quan h tin cy gia cc user c thit lp thng qua m hnh Web of Trust.

    * M T C CH M HA V XC THC P DNG TRONG PGP:

    - PGP thc hin thao tc xc thc th trc v m ha sau.

    + Bm ni dung th bng hm bm SHA_1 v m ha m bm bng kha b mt ca ngi gi.

    Gn kt qu vo u th lm ch k.

    + To kha i xng K v m ha ton b ni dung th (k c phn ch k va to ra)

    + M ha kha K bng kha cng khai ca ngi nhn v gn tip vo u th.

  • + pha nhn, ngi nhn th gii m phn u th bng kha ring ca mnh ly kha K.

    + Gii m ni dung th (cng vi ch k s) bng kha K. Hon tt chc nng bo mt.

    + Gii m ch k s bng kha cng khai ca ngi gi. Hon tt chc nng xc thc.

    M ha v xc thc th pha gi

    M ha v xc thc th pha nhn.

    8. TRNH BY C CH HOT NG S/MIME TRONG BO MT DCH V EMAIL? SO SNH C

    CH M HA V XC THC CA S/MIME VI PGP?

    * C CH HOT NG CA S/MINE:

    - S/MIME a vo hai phng php an ninh cho email. Th nht l m ha email, th hai l chng thc.

    C hai cch u da trn m ha bt i xng v PKI.

    + Chng thc email s dng cp kha authentication (authentication pair). ng tc k = m ha

    message bng private key ca ngi gi. Chng thc = dng public key ca ngi gi gii m bn

    tin.

    + M ha email s dng cp kha encryption (encryption pair). ng tc m ha = m ha

    message bng public key ca ngi nhn. Gii m bng private key ca ngi nhn.

    - M ha ni dung th:

    + To kha i xng tng ng vi thut ton m ha dng trong m ha ni dung th.

    + M ha kha i xng ny bng RSA vi kha cng khai ca tng ngi nhn.

    + To khi thng tin ngi nhn (ReceipientInfo block) m t thng tin v ngi nhn gm

    certificate ca ngi nhn, thut ton m ha bt i xng c dng m ha cng vi kha

  • i xng c m ha. Trng hp mt bn tin gc c gi cho nhiu ngi th c mi ngi

    nhn s c mt khi thng tin tng ng.

    + M ha bn tin gc vi kha i xng va to ra.

    - Xc thc ni dung th:

    + Chn mt hm bm thch hp (MD5 hoc SHA_1)

    + To m bm ca bn tin gc dng hm bm va chn.

    + M ha m bm bng kha ring ca ngi gi.

    + To khi thng tin ngi gi (SignerInfo) cha cc thng tin bao gm certificate ca ngi

    gi, tn hm bm, tn thut ton m ha v khi m bm m ha.

    - Ton b cc thng tin bao gm bn tin gc v khi thng tin ngi gi c chuyn thnh m base64.

    9. CHC NNG V C CH HOT NG CA H THNG PHT HIN XM NHP IDS? PHN

    LOI CC H THNG IDS? CC THNH PHN CHNH CA MT H THNG IDS IN HNH?

    * CHC NNG CA IDS:

    - Th ng gim st cc hot ng ca h thng.

    - Pht hin cc du hiu xm nhp v a ra cnh bo (alert).

    - Khng thc hin chc nng ngn chn xm nhp(Intrusion Prevention System hay IPS).

    * C CH HOT NG CA IDS:

    - Mt host to ra mt gi tin mng, gi tin ny khng khc g so vi mt gi tin khc tn ti v c

    gi t host khc trong mng.

    - Cc cm bin trong mng c cc gi tin trong khong thi gian trc khi n c gi ra khi mng cc

    b (cm bin ny cn phi c t sao cho n c th c tt c cc gi tin).

    - Chng trnh pht hin nm trong b cm bin kim tra xem c gi tin no c du hiu vi phm hay

    khng. Khi c du hiu vi phm th mt cnh bo s c to ra v gi n giao din iu khin.

    - Khi giao din iu khin lnh nhn c cnh bo n s gi thng bo cho mt ngi hoc mt nhm

    c ch nh t trc (thng qua email,ca s popup,trang web.v.v).

    - Phn hi c khi to theo quy nh ng vi du hiu xm nhp ny.

    - Cc cnh bo c lu li tham kho trong tng lai (trn a ch cc b hoc trn c s d liu).

    - Mt bo co tm tt v chi tit ca s c c to ra.

    - Cnh bo c so snh vi cc d liu khc xc nh xem y c phi l cuc tn cng hay khng.

  • * PHN LOI IDS:

    - Phn loi theo phm vi gim st

    + Network-based IDS (NIDS): l nhng IDS gim st trn ton b mng. Ngun thng tin ch yu

    ca NIDS l cc gi d liu ang lu thng trn mng. NIDS thng c lp t ti ng vo ca

    mng, c th ng trc hoc sau tng la.

    + Host-based IDS (HIDS): l nhng IDS gim st hot ng ca tng my tnh ring bit. Do vy,

    ngun thng tin ch yu ca HIDS ngoi lu lng d liu n v i t my ch cn c h thng

    d liu nht k h thng (system log) v kim tra h thng (system audit).

    - Phn loi theo k thut thc hin

    + Signature-based IDS: pht hin xm nhp da trn du hiu ca hnh vi xm nhp, thng qua

    phn tch lu lng mng v nht k h thng. K thut ny i hi phi duy tr mt c s d liu

    v cc du hiu xm nhp (signature database), v c s d liu ny phi c cp nht thng

    xuyn mi khi c mt hnh thc hoc k thut xm nhp mi.

    + Anomaly based IDS: pht hin xm nhp bng cch so snh (mang tnh thng k) cc hnh vi

    hin ti vi hot ng bnh thng ca h thng pht hin cc bt thng (anomaly) c th l

    du hiu ca xm nhp.

    * CC THNH PHN CHNH CA MT H THNG IDS IN HNH:

    - Thnh phn thu thp gi tin (information collection).

    - Thnh phn phn tch gi tin (Detection).

    - Thnh phn phn hi (response) nu gi tin c pht hin l mt cuc tn cng.

    10. CHC NNG V C CH HOT NG CA H THNG FIREWALL? PHN LOI FIREWALL?

    SO SNH C CH HOT NG CA APPLICATION PROXY V SOCKS PROXY?

    * CHC NNG CA FIREWALL:

    - Kh nng bt gi(packet firewall): firewall s kim tra phn header ca cc gi tin v a ra quyt nh

    l cho php hay loi b gi tin ny theo tp lut c cu hnh.

    - Chuyn i a ch mng(NAT): cc my bn ngoi ch thy mt hoc hai a ch mng ca firewall

    cn cc my thuc mng trong c th ly cc gi tr trong mt khong bt k th cc gi tin i vo v i ra

    cn c chuyn i a ch ngun v a ch ch.

    - Theo di v ghi chp(monitoring v logging): vi kh nng ny cung cp cho ngi qun tr bit iu g

    ang xy ra ti firewall t a ra nhng phng n bo v tt hn.

    - Data caching: caching d liu s gip qu trnh tr li nhanh v hiu qu hn.

  • - Lc ni dung(content filter): cc lut ca firewall c kh nng ngn chn cc yu cu trang WEB m n

    cha cc t kha, url hay cc d liu khc nh video stream, image

    - Intrustion detection: l kh nng pht hin cc cuc xm nhp, tn cng.

    * C CH HOT NG CA FIREWALL:

    - Firewall hot ng cht ch vi giao thc TCP/IP, v giao thc ny lm vic theo thut tan chia nh cc

    d liu nhn c t cc ng dng trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao

    thc (Telnet, SMTP, DNS, SMNP, NFS ) thnh cc gi d liu ri gn cho cc packet ny nhng a ch

    c th nhn dng, ti lp li ch cn gi n, do cc loi Firewall cng lin quan rt nhiu n cc

    packet v nhng con s a ch ca chng.

    - B lc packet cho php hay t chi mi packet m n nhn c. N kim tra ton b on d liu

    quyt nh xem on d liu c tha mn mt trong s cc lut l ca lc packet hay khng. Cc lut

    l lc packet ny l da trn cc thng tin u mi packet (header), dng cho php truyn cc packet

    trn mng:

    + a ch IP ngun (IP Source Address)

    + a ch IP ch (IP Destination Address)

    + Protocol (TCP, UDP, ICMP, IP tunnel)

    + TCP/UDP source port

    + TCP/UDP destination port

    + Dng thng bo ICMP (ICMP message type)

    + Cng gi tin n (Incomming interface of packet)

    + Cng gi tin i (Outcomming interface of packet)

    - Nu packet tha cc lut l c thit lp trc ca Firewall th packet c chuyn qua, nu

    khng tha th s b loi b.

    * PHN LOI FIREWALL:

    C 2 loi firewall:

    - Packet filter firewall

    + Stateless: Kim tra tng gi tin mt cch c lp.

    + Stateful: Ch kim tra trng thi.

    - Application firewall

    + Application proxy

    + Socks proxy

  • * SO SNH APPLICATION PROXY V SOCKS PROXY:

Recommended

1 Proseminar Thema: Network Security Network Security Proseminar Thema: Network Security
Documents
Network Security (II)
Documents
Network Security Revisi
Documents
layered network security
Documents
Cisco Social Network Security
Technology
OpenSSH + Basic Network Security
Documents
Network Security Hacks - Español
Documents
5. telecomm & network security
Education
Network Security Platform
Documents
IPv6, Multicast, Network Security
Documents
network security manual
Documents
Network Security Managementjosh.staff.ugm.ac.id/seminar/Network Security Management.pdf · Prinsip Keamanan (intro) Berdasarkan Elemen System : Network security difokuskan pada saluran
Documents
06 network security
Documents
Cisco network security Chapter7
Technology
Paper Network Security
Documents
CSE443 - Introduction to Computer and Network Security ...ix.cs.uoregon.edu/~butler/teaching/11W/cis533/slides/cis533... · CIS 433/533: Computer and Network Security Network Security
Documents
Network Security
Documents
Computer Network Security · Computer Network Security Lương Trần Hy Hiến. COMP1049 - Bảo mật và An ninh Mạng –Network Security C5
Documents
Chapter 7: Network security
Documents
- Network Security - PKI
Documents