Cu 1: Kin trc phn tng OSI T chc ISO international organization for standardization nghim cu cc m hnh mng khc nhau vo nm 1984 ra m hnh tham kho OSI gip cho nhiu nh sn xut c th da vo sn xut ra cc thit b c th lien lc v lm vic c vi nhau ISO c a ra m hnh 7 lp cho mng gi l m hnh tham kho OSI M hnh 7 lp, mi lp iu c thc hin mt chc nng ring v a ra kt qu lp khc, mi lp cung cp dch v cho lp trn n d liu c bt u t lp Application v gi xung cc lp n lp Physical. Mi giao thc mi lp tip theo x l tnh ton cng vic ca n ri gn them thng tin ca mnh vo d liu c gi ti lp trn n. My tnh s nhn d liu ti lp Physical v gi n ln lp Applicaltion. Qu trnh s c lp li cho n khi d liu kt thc. OSI ch l m hnh ch khng phi l mt protocol. Application Application Pressentation Pressentation Session Session Transport Transport Network Network Data Link Data Link Physical Physical 1.1 chc nng cc tng trong m hnh OSI a) Application (lp ng dng) l lp cao nht trong m hnh OSI, lp ny ko cp cc ng dng thng thng nh word, m n bao gn cc phn nm mng phc v vic kt ni ngi dng vi mng, cung cp nhng giao din ngi dung v nhng c trng ca ng dng lp ny chiu trch nhim xc lp cch tng tc gia cc dich v mng v mng cung cp cc dch v chuyn file. Dich v mail. Terminal emulation. Lp Application cn h tr phc hi li. b) Pressentation nh dng nhiu loi d liu khc nhau thnh dng chung c cc chc nng nn, gii nn m ha v gii m. Xc nh kiu v cu trc ca d liu. chuyn i d liu thuc v lp ny. N cn chc nng ng b d liu. c)Session lp session c nhim v thit lp ng b. duy tr v kt thc 1 phin lm vic gia 2 my vi nhau. Cung cp dich v cho lp presentaition . cc chc nng lp ny l xc thc bo mt, thit lp kt ni ID. Chuyn i d liu, xc thc, gii phng kt ni, mi giao tip u yu cu mc kim tra gi l checkpoints. Mi d liu ko nhn c s c gi li t ct mc truyn nhn tt cui cng iu chnh checkpoints tnh ton kt ni ng tin cy v ko tin cp. ci thin s lng truyn nhn tht s d)Transport lp ny qun l vic chuyn d liu gia cc thit b nh: kim tra li phc hi v u khin lung d liu. n hon thnh vic chuyn ha d liu m ko c s trng lp hay sai st. Lp Transport chia nh d liu bn pht v phc hi li d liu nh ban u bn nhn, nu nhn c bn nhn s gi ACK cho bn gi. lp ny s quyt nh cch x l

cc li pht sinh khi truyn d liu v nhn cc thng tin t lp tip xc. Phn chia thnh cc n v d liu nh hn v chuyn chng ti lp network. e)Network c nhim vu chuyn i tn logic sang a ch vt l lp mng cung cp kh nng kt ni v xc nh ng dn vt l tt nht ngun thng tin i ng ch, cc gi d liu c th truyn i theo tng ng khc nhau ti ch v m bo cht lng dich v. v vy lp ny c nhim v ch ra con ng no i c v con ng no b tt nghn ti thi im , cc giao thc tm ng i u nm o lp ny. f)Data Link lp kt ni d liu cung cp kh nng truyn d liu thng qua kt ni vt l. N ly d liu th t vt l v to cho n c cu trc logic bao gm: data truyn i u my no gi. lp ny cung cp thng tin v a ch vt l, cu trc mng phng thc truy cp cc kt ni vt l, thng bo li v qun l lu thng, qun l frame c gi theo c ch ACK trn mng. lp data link chun b d liu cho vic truyn qua knh truyn, chuyn d liu n ch, data link sp xp tn hiu thnh nhng khi thng tin logic c gi l frames. Frames ny s c truyn xung tng vt l, chc chn frames c chiu di thch hp vi tng vt l, lp data link c th phn khc d liu n cc lp trn n. nhn d liu ti ch n sp xp li cc d liu phn on trc v c gng tm hiu chnh li trong qu trnh truyn xy ra ti tng vt l. Lp data link tht ra c chia thnh hai lp con: - the media access control(MAC) data link cung cp mt h thng m thng qua cc thit b mng c th chia s knh truyn. The logic link control(LLC) thit lp v duy tr kt ni gia cc thit b vi nhau trong khi truyn. k)Physical lp ny cung cp giao tip k thut v in c kh my mc, cc c im c th ca lp ny l: cc b tr dng kt ni type. Tc truyn vt l khon cch ti a cc u ni, cc kt ni vt l. mc ny s c cc th tc ng b cho cc yu cu hot ng nhm to ra cc ng truyn vt l cho cc chui bit thng tin. Vi thit b trong lp physical: Card mng network interface card(NIC) L thnh phn ph bin ca mng cung cp kt ni gia my tnh vi mng. NIC c nhiu kiu, kch thc cng giao tip. Repeater : chc nng chnh l lp tt c tn hiu nhn c mt cng v chuyn sang 1 cng khc. Dung m rng chiu di ca segment mng. khi trong mng c cc trm lm vic xa nhau . S ln repeater trong 1 mng l c gii hn Hub c chc nng nh 1 im kt ni trung tm cho cc thit b mng khc, hiu c bn. n l repeater nhiu port. N lp tn hiu nhn c 1port v truyn n cc port khc.

Cu 3: so snh hot ng ca cc thit b kt ni trong mng lan: Repeator, Bridge,Swich khi nim Vlan.a) khi nim Vlan c nh ngha nh 1 vng qun b trong mt mng s dng swich. Vung qun b l 1 tp hp cc thit b trn mng m n s nhn c cc khung qun b c gi i t mt thit b trong tp hp . Cc vng qun b thng c gii hn nh cc router, bi v cc router ko chuyn tip cc khung qun b.

- mt s swich c h tr them tnh nng vlan nh c th nh ngha 1 hay nhiu vlan trong mng. khi 1 swich h tr vlan khung qun b ca 1 vlan s ko xut hin trn 1 vlan khc. -cc router cng duy tr s tch bit ca cc vng ng bng cch kha cc khung qun b. V th giao thng gia cc vlan ch c thc hin thng qua 1 b chn ng m thi. -thng thng mi mng con thuc v 1 vlan khc nhau. V th mt mng vi nhiu mng con s c nhiu vlan. Swich v vlan cho php nh qun tr gn nhng ngi dung vo cc vng qun b da trn yu cu cng vic ca h. iu ny cho php trin khai cc mng vi mc nm do trong vn qun tr. -s dng vlan c cc li ch sau: +phn tch vng qun b to ra nhiu bng thng hn cho ngi s dng . +tng cng tnh bo mt bng cch c lp ngi s dng da vo k thut ca cu ni. +trin khai mng mt cch nm do da trn cc chc nng cng vic ca ngi dung hn l da vo v tr vt l ca h. vlan c th gii quyt nhiu vn lien quan n vic di chuyn, them vo hay thay i v tr cc my trn mng. Tng kt ni Mc ch Thit b s dng Tng vt l Tng lien kt d liu Tng s lng v phm vi mng lan Kt ni mng lan c tng vt l khc nhau Phn chia vng ng ci thin hiu sut mng M rng kch thc v s lng my tnh trong mng hnh thnh mng Wan Ni kt cc ng dng li vi nhau Hub repeater Bridge swich

Tng mng Tng cn li

router Gateway

b)Repeater : chc nng chnh l lp tt c tn hiu nhn c mt cng v chuyn sang 1 cng khc. Dung m rng chiu di ca segment mng. khi trong mng c cc trm lm vic xa nhau . hn ch ca repeater: xt mt lien mng gm 2 nhnh Vlan1(N1,N2,N3) Vlan2(N4,N5,N6) ni li vi nhau bng mt repeater, gi s my N2 gi ti my N1 mt frame thng tin. Frame c lan truyn trn Vlan1 v n cng repeater sang Vlan2 di dng mt chui ca cc bits. Repeater s khuch i chui ca cc bits nhn c t cng 1 v chuyn chng sang cng 2 iu ny v tnh truyn ton b frame qua Vlan2 ti thi im nu bn Vlan2 N5 gi frame cho N4 th n s ko thc hin c khi ng truyn ang bn. ta thy frame N2 gi sang N1 ko cn phi gi qua Vlan2 trnh lng ph ng truyn trn Vlan2. tuy nhin do repeater hot ng tng Physical n ko hiu frame l g. o n s chuyn mi th m n nhn c sang cng cn li. lien mng bng repeater hay hub s lm tng vng ng . Hiu nng mng s gim xung. c) gii thiu v Bridge: by gi thay repeater bng bridge cho mng Vlan1, Vlan2 trn th frame s ko c truyn qua Vlan2.

Bridge hot ng tng data link. Bridge lm nhim v chuyn tip cc khung t nhnh mng ny sang nhnh mng khc. iu quan trng l bridge thng minh n chuyn frame mt cch chn lc da v a ch MAC ca my tnh bridge cn cho php cc mng c tng vt l khc nhau c th giao tip c vi nhau bridge chi nh vng ng . Nh vy ci thin c ng , ci thin c hiu nng ca vic ng . Bridge c 3 loi : + cu ni trong sut : cho php ni cc mng Ethermet/ fast Ethermet li vi nhau. +cu ni xc nh ng i t ngun cho php ni cc mng token ring li vi nhau. +cu ni trn ln cho php ni cc mng Ethermet v token ring li vi nhau. d)Swich l thit b going nh bridge nhng nhiu port hn cho php ghp ni nhiu on mng vi nhau. Swich cung da vo a chi MAC quyt nh gi tin i ra port no nhm trnh tnh trng trng bng thng khi s my trm trong mng tng ln. Swich cung hot ng ti lp data link, nn vic x l gi tin da vo phn cng chip khi gi tin c a n swich s c thc hin nh sau. +Kim tra bn a ch MAC c hay cha nu cha c th n s them a ch MAC ny vo port ngun vo trong bn MAC +Kim tra a ch ch c trong bn MAC cha. -nu cha c th s gi gi tin cho tt c cc port tr port gi tin vo. V cp nht li bn MAC -nu trong bn c a ch MAC Nu port ch trng vi port ngun th swich s loi b gi tin. Nu port ch khc vi port ngun th gi tin s c gi ra port ch tng ng. Ch : a ch ngun v ch c ni o cu trn u l ia ch MAC. Port ngun l port m gi tin i vo. Port l port gi tin i ra. Do cch hot ng ca swich nh vy nn mi port ca swich l mt Collision domain. V ton b swich c xem l broadcast domain. Ngoi tnh nng c s swich cn c tnh nng m nh sau. - phng php chuyn gi tin ca swich trong thit b ca cisco c th s dng mt trong loi sau. + store and forward: l tnh nng lu tr d liu trong b m trc khi truyn san cc port khc trnh ng collision. Thng thng tt truyn khon 148.800 pps vi k thut ny ton b gi tin phi c nhn trc khi swich truyn frame ny i do tr l thuc v chiu di frame. + cut throught: swich s truyn gi tin ny ngay lp tc mt khi n bit a ch ch ca n. K thut ny s c tr thp hn so vi k thut store and forward v tr lun l con s xc nh. Bt chp chiu di gi tin. + fragment free: th swich c 64 byte u tin v sau bt u truyn d liu. Trunking (MAC base) mt thit b swich tnh nng trunking c hiu l tnh nng gip tng tc truyn gia hai swich. nhng ch 2 swich phi cng loi. ring trong thit b swich ca cisco, trunking c hiu l ng truyn dung mang thng tin cho cc Vlan. Vlan to cc mng o, nhm m bo tnh bo mt khi m rng bng cch ni cc swich vi nhau. Mi vlan c th xem l 1 broadcast domain nn khi cch chia mng o

gip ta s phn min broadcast nhm ci tin v hiu qu ca h thng ,ni cch khc chc nng ng dng m ko thuc vo v tr a l. Ch c cc thit b trong cng Vlan c th lin lc c vi nhau th phi s dng router lien kt Vlan li. -Spanning Tree to ng d phng,bnh thng d liu c truyn trn cc cng mng s th t thp. khi mt lien lc thit b t chuyn sang cng khc, nhm m bo mng hot ng lien tc. Spanning tree thc cht l hn ch cc ng chia trn mng.

Cu 5: giao thc IP: chc nng hot ng, a ch IP,IP routing (RIP,OSPF)1 RIP: Gii thiu: router information protocol hay c gi l RIP l 1 trong nhng giao thc nh tuyn tn ti lu v c s dng nhiu nht. rip da theo gii thut vecter khon cch , tnh ton cc ng nh tuyn tim ra con ng tt nht ngn nht i t ngun ti ch. Cc phin bn ca rip c nh ngha: khi cc cc mng iP tr nn nhiu v c kch thc ln hn th rip cn c nng cp ln. T chc internet engineering task force (IETF) trnh by nhng cp nht rip trong RFC 1388 vo thng 1/1993 v sau RFC 1723 vo thng 1/1994 m t RIP2, rip 2 lm cho cc thng ip rip c kh nng mang nhiu thng tin hn, cho php ngi dung c ch xc thc hn, bo mt quan trng hn. Rip2 cn c h tr subnet masks l c tnh then cht m rip1 khng c. Rip version 1: - S dng k thut split horizon, poison reverse nng cao hiu qu ca qu trnh nh tuyn. - Con ng di nht ti a 15 hop. - Dung metric so snh cc ng nh tuyn. Rip versioin 2: - Dng th tag nh tuyn ra bn ngoi. - H tr subnet masks multicast. - Tnh xc thc. - a ch ip cc router hop k tip Cch cp nht nh tuyn: Rip gi thng ip cp nht nh tuyn nh k trong 1 khon thi gian 30s v khi mng c s thay i. khi mt router nhn c thng tin ny, router s cp nht li bng nh tuyn ca n thnh ng nh tuyn mi. router ch duy tr con ng i tt nht. sau khi cp nht li bn nh tuyn ca mnh router truyn bng cp nht nh tuyn ca mnh cho cc router lng ging bit s thay i. Mitric chi phi nh tuyn: Rip dung hop count m bc nhy o lng a ch ngun v ch trong mng. mi hop trn ng t ngun ti ch mi hoc b thay i t cc router khc, router ny tng them mt gi tr metric v a mng ny vo bng nh tuyn a ch ip ca pha gi c dung lm 1 hop k tip. con ng t ngun ti ch l con ng c hop nh nht. c im: Rip ngn chn lp nh tuyn bng cch a ra gii hn s lng hop cho php trn ng t ngun ti ch. Mt ng c ti a 15 hop nu 1 router nhn c cp nht khi tng metric ln 1 l t ti 16 l mng ch ca cp nht ny c xa.

- Subnet masks mt n a ch ng vi mc . Nu trng ny l 0 th mc ko s dng mt n a ch. - next hop a ch ca hop k tip m gi d liu c y ti. 2 OSPF (Open shortest Path first) l gio thc nh tuyn theo trng thi ng lin kt c truyn khai da trn cc chun m. khc phc c cc nhc im ca rip, n l 1 giao thc nh tuyn mnh. C kh nng m rng. ph hp vi cc h thng mng hin i, n c th c cu hnh n vng s dng cho cc mng nh. OSPF thc hin thu nhn thng tin v trng thi cc ng lin kt t cc router lng ging, mi router OSPF qun co cc trng thi cc ng lin kt ca n v chuyn tip thng tin t n nhn c cho tt c cc lng ging khc. Mi router trong cng 1 vng OSPF s c cng mt c s d liu v trng thi ng lien kt, do mi router s c thng tin going nhau v trng thi ng lien kt v lng ging ca cc router khc. Mi router p dng cc thut ton SPF vo c s d liu ca n tnh ton chn ng tt nht n tng mch ch. Thut ton SPF tnh ton chi ph da trn bng thng v ng truyn. ng no c chi ph nh nht s c a vo bng nh tuyn. c im: - OSPF ph hp vi mng ln, c kh nng m rng. ng i tt nht ca OSPF c xc nh da trn tc ca ng truyn. - OSPF ch ng i da trn chi ph c tnh t tc ng truyn. tc ng truyn cn cao th chi ph OSPF cn thp. - OSPF chn ng i ngn nht t cy SPF. - m bo ko b nh tuyn lp vng. - Tc hi t nhanh - S dng ng i ngn nht. - Ch cp nht thng tin khi c s kin xy ra. - Gi gi tin v trng thi cc ng lien kt cho tt c cc router trong mng. - Mi router c ci nhn y v cu trc h thng mng. - Cu hnh phc tp. - i hi nhiu b nh v nng lng x l hn so vi nh tuyn bng vecter khon cch. 3. Giao thc lien mng IP: Gii thiu chung: Giao thc lien mng ip l mt trong nhng giao thc quan trng nht ca b giao thc TCP/IP. Mc ch ca giao thc lien mng ip l cung cp kh nng kt ni cc mng con thnh lien mng truyn d liu. ip l giao thc cung cp dch v phn pht datagram theo ku ko lien kt v khng tin cy ngha l ko cn c giai on thit lp lien kt trc khi truyn d liu, ko m bo rng ip s ti ch v ko duy tr bt k thng tin no v nhng datagram gi i. Khun dng n v d liu dung trong ip c th hin trn hnh v - nu ng i ko n c hay ko tn ti. c im ny lm cho cc mng dung rip b gii hn ch c 16 hop. - Command: ch ra gi d liu l yu cu hay tr li. vi yu cu router gi tt c hay 1 phn thng tin bng nh tuyn. tr li c th l cp nht nh k t gi i hay hi p li yu cu, v c cha cc mc ca bng nh tuyn. - Zero: c them vo cung cp tnh tng thch ngc li vi chun rip trc . - Address family identifier (AFI) ch ra quan h a ch s dng. rip c thit k nng thng tin nh tuyn cho nhiu giao thc khc nhau.

-

Metric: ch ra c bao nhiu ng truyn ti ch, gi tr nm trong khon 15, 16 l a ch ko ti c. Router tag a ra cch thc phn bit gia cc ng nh tuyn trong vi cc ng nh tuyn ngoi Option khai bo cc ty chn do ngi gi yu cu thng l: an ton v bo mt Bng ghi tuyn m datagram i qua v c ghi li trn ng truyn. Times stamp. Xc nh danh sch a ch ip m datagram phi qua nhng datagram ko bt buc phi truyn qua router nh trc. Xc nh tuyn trong cc router m ip datagram phi i qua.

Cu 6: trnh by cc nguyn tc hot ng ca cc giao thc ICMP,DHCP,NATa. nguyn tc hot ng ca giao thc ICMP: giao thc IMCP c ci trong hu ht tt c cc my tnh TCP/IP cc thng inp ca giao thc c gi i trong cc gi tin IP v c dung gi i cc bo li hay cc thng tin iu kin hot ng. ICMP to ra nhiu loi thng ip hu ch nh: - ch n ko ti c. - thm hi v tr li. - chuyn hng. - vc qu thi gian. - Qun b b chn ng. - C lp b chn ng. Nu thng ip ko pht tn c th n s ko gi li. iu ny trnh tnh trng di chuyn ko bao gi ngng ca cc thng ip ICMP. Nu mt thng ip ch n khng ti c m c gi i t mt router, iu c ngha l gi tin ko th gi n ch c. khi router s xa gi tin ra khoi hang i ca n. C hai nguyn nhn lm cho gi tin ko th i n ni c. phn ln l my gi m t mt a ch nhn m n ko tn ti trn thc t. trng hp it hn l router ko bit ng i n ni nhn gi tin. Thng ip ch n ko ti c c chia thnh 4 loi c bn l: - mng ko ti c c ngha l c s c trong vn vch ng hoc a ch nhn gi tin. - My tnh ko n c thng thng dung ch trc trc trong vn phn pht, nh l sai mt n con chng hn. - Giao thc ko n c my nhn ko h tr giao thc o tng cao hn nh gi tin m t. - Cng ko n c soket ca giao thc TCP/ip ngha cc thng s trong ip header: - version 4 bt ch phin bn hin hnh ca ip ci t. - IHL 4 bit ch di ca trng head tnh theo n v 32 bit. - type of service 8 bit c t tham s v yu cu dch v - total length 16bit ch di ton b ca ip datagram tnh theo byte da theo trng ny v trng head length ta tnh c v tr bt u ca d liu trong ip datagram.

-indentification 16 l trng nh danh, cng cc tham s khc nh a ch ngun v a ch ch nh danh duy nht cho mi datagram c gi i bi 1 trm. thng thng phn a danh c tng them mt khi datagram c gi i. -flags 3 bit cc c s dng trong khi phn on cc datagram. Bit 0 reseved ch s dng c gi tr =0. Bit 1 DF =0 (May fragment) 1 (dont fragment) Bit 2 MF =0(last fragment) 1(more fragment) - Fragment offset 13 bit v tr ca on phn mnh trong datagram tnh theo n v 64 bit - TTL 8 bit thit lp thi gian tn ti ca datagram trnh tnh trng datagram b qun trn mng. TTL thng c gi tr 32 bit hoc 64 bit c gim i 1 khi d liu qua mi router. Khi trng ny =0 datagram s b hy b v ko thng bo li cho trm gi. - protocol 8bit ch giao thc tng trn k tip - head checksum 16 bit kim sot li cho vng ip head. - source address 32 a ch ip trm ngun - destination address 32 a ch ip trm ch. Mt thng ip hi thm v tr li c to ra bi lnh ping c to ra t mt my kim tra tnh lien thng mng. nu c 1 thng ip tr li, u th hin tng gia my gi v my nhn c th giao tip nhau. Mt thng ip chuyn hng c gi bi 1 router n my gi gi tin khuyn co mt ng i tt nht. router hin ti vn chuyn tip gi tin m n nhn c thng ip chuyn hng cho cc bn chn ng i ca cc my tnh c nh li bi v chng ch cn cha 1 a ch ca router m thi. Thm ch router cung cp ng i ko phi l tt nht. i khi sau khi nhn c thng ip chuyn hng thit b gi vn s dng ng i c. Mt thng ip qu thi hn c gi bi 1 router nu thi gian sng ca goi tin. Tnh bng router hay giy, c gi tr l 0. thi gian sng ca gi tin gip phng nga trng hp gi tin c gi i long vng trn mng v ko bao gi n ni nhn. router s b i cc gi tin ht thi gian sng. b. Nguyn tc hot ng ca DHCP: giao thc DHCP lm vic theo m hnh client/server theo qu trnh tng tc gia DHCP client v server din ra nh sau. - khi my client khi ng my s gi broadcast gi tin DHCPDISCOVER yu cu server phc v mnh, gi tin ny cng cha a chi mac ca my client. - my server khi nhn c gi tin yu cu nu cn kh nng cung cp ip th gi li cho my client 1 gi tin DHCPOFFER. ngh cho thu 1 a ch ip trong thi gian nht nh v km theo 1 subnet masks v a ch ca server, server s ko cung cp li a ch ip cho my client khc trong sut thi gian vn hnh. - my client s la chn 1 trong nhng li ngh DHCP OFFER v gi broadcast v gi li gi tin DHCP request chp nhn l ngh iu ny cho php cc li ngh ko c chp nhn s c cc server rut li v cp cho my khc. - my server c client chp nhn s gi ngc li gi tin DPCH pack nh l mt li xc nhn . cho bit a ch ip subnet masks v thi hn cho s dng s chnh thc c p dng ngoi ra server cn gi km theo mt thng tin cu hnh b sung nh a ch gateway mc nh hay DNS server. c. c cht NAT:

Nat c s dng trong thc t ti mt thi im, tt c cc host trong mt mng lan thng ko truy xut vo internet ng thi, v vy ta ko cn phi s dng s lng ip tng ng a ch ip hp l. Nat cng c s dng khi nh cung cp dich v internet ISP cung cp a ch ip hp l it hn s my cn truy cp internet. Nat c s dng trn cc router ng vai tr l gateway cho mt mng. cc host bn trong mng lan s c s dng mt lp a ch ring thch hp. cn danh sch a ch ip hp l s c cu hnh trn router nat. tt c cc packet ca cc host bn trong mng lank hi gi n 1 host trn internet iu c router nat phn tch v chuyn i cc a ch ip ring c trong packet thnh 1 a ch ip hp l trong danh sch ri mi chuyn n host ch nm trn mng internet. Sau c 1 packet gi n 1 host bn trong mng lan th router nat cng s chuyn i a ch ch thnh a ch ring ca host ri mi chuyn v host bn trong mng lan. Mt c ch m rng ca Nat l pat (port address translation) cng dnh cho mc ch tng ng. lc ny thay v chuyn i a ch ip th chuyn cng dch v cng c chuyn i do router nat phn tch v quyt nh.

Cu 7: Giao thc TCP v UDP. Chc nng v hot ng:Giao thc UDP (user datagram protocol) UDP l giao thc ko lien kt. cung cp dc v giao vn thng tin ko tin cy c. s dng thay th cho TCP trong tng giao vn. khc vi TCP, UDP ko c chc nng thit lp v gii phng lien kt. trong c ch bo nhn ACK, ko sp xp trnh t cc n v d liu datagram n v c th dn n tnh trng mt hoc trng d liu m ko h c thng bo li cho ngi dung. Khun dng ca UDP datagram c m t nh sau. - s hiu cng ngun (port source 16bit) s hiu cng ni gi datagram. - S hiu cng ch (destination port 16bit) s hiu cng ni datagram c chuyn ti. - di ca UDP(length 16bit) di tng cng k c phn header ca gi UDP datagram. - UDP checksum(16bit) dng kim sot li, nu pht hin li th uDP datagram s b loi b m ko c mt thng bo no tr v cho my trm. UDP c th gn v qun l cc hiu s cng nh danh duy nht cc ng dng chy trn mt trm ca mng do c it chc nng phc tp nn UDP c xu hng hot ng nhanh hn so vi TCP. N thng dung cho cc ng dng ko i hi tin cy cao. Giao thc TCP(transmission control protocol) TCP v UDP l 2 giao thc tng transport v cng s dng giao thc ip trong tng mng. nhng TCP ko going UDP l cung cp dich v lien kt tin cy v c lien kt. C lien kt y l 2 ng dng s dng TCP phi c thit lp lien kt vi nhau trc khi trao i d liu. s tin cy c s dng trong dch v c cung cp bi TCP c th hin nh sau. - d liu tng ng dng c gi n c TCP chia thnh cc segment c kch thc ph hp nht truyn i. - Khi TCP gi segment n duy tr 1 thi lng ch phc p t trm nhn nu qu khon thi gian m trm gi ko nhn c thng bo th trm gi s gi li segment . - Khi TCP trn trm nhn nhn c d liu t trm gi n s gi n trm gi 1 phc p, tuy nhin phc p ko gi ngay lc m phi tr 1 thi gian.

-

TCP duy tr gi tr tng kim tra checksum trong phn header ca d liu nhn ra bt k s thay i no trong qu trnh truyn dn. nu 1 segment b li th TCP pha trm nhn s loi b v khng phc p li my trm my trm gi li segment . - Going nh ip datagram. TCP segment c th ti ch 1 cch ko tun t. do vy TCP trm nhn s sp xp li d liu v sau gi ln tng ng dng m bo tnh ng n ca d liu. khi ip datagram b trng lp TCP ti trm nhn s loi b d liu trng lp . - TCP cung cp kh nng iu khin lung. mi u ca lien kt TCP c vng m gii hn do TCP ti trm nhn ch cho php trm gi truyn mt lng d liu nht nh nh hn khng gian buffer cn li iu ny trnh xy ra trng hp trm c tc cao chim ton b vng m ca trm c tt chm hn. - Khun dng ca TCP segment c m t nh sau: Cc thng s trong khun dng c ngha nh sau. - source port 16 bit l s hiu ca cng ngun - destination port 16 bit l s hiu cng trm ch. - Requence munber 32 bit l s hiu byte u tin ca segment tr khi bit SYN c thit lp. nu bit SYN c thit lp th sequence number l s hiu tun t khi u ISN v byte d liu u tin l ISN +1. thng qua trng hp ny TCP thc hin vic qun l tng byte truyn i trn 1 kt ni TCP. - Acknowledgment number 32 bit l s hiu tip theo m trm ngun ang ch nhn v ngm nh bo nhn tt cc segment m trm ch gi cho trm ngun. - Header length 4 bit s lng t 32 bit trong ca TCP header ch ra v tr bt u ca vng d liu v trng option c di thay i. header length c gi tr t 20 60byte - Reserved 6 bit dnh dung trong tng lai - Control bits cc bit iu khin URG: xc nh vng con tr khn c hiu lc ACK: vng bo nhn ACK number c hiu lc. PSH: chc nng push. RST: khi ng li lien kt. SYN: ng b ha c s hiu tun t. FIN: khng cn d liu t trm ngun. - window size 16bit cp pht km kim sot lung d liu. y chnh l s lng ca cc byte d liu bt u t byte c ch ra trong vng ACK number m trm ngun sn sang nhn. - checksum 16bit m kim sot li ton b segment c phn header v d liu. - urgent point 16bit con tr ti s hiu tun t ca byte cui cng trong dng d liu khn cho php bn nhn bit c di d liu khn. vng ny ch c hiu lc khi bit URG c thit lp. - option khai bo cc ty chn ca TCP trong thng thng l kch thc cc i ca 1 segment:MSS - TCP data cha d liu tng ng dng c di ngm nh l 536byte. Gi tr ny c th iu chnh c bng cch khai bo trong vung option.

Cu 8: chc nng v la ch cc tin ch ARP, netstat,ping FTP, ipconfig, tracert, telnet nslookup.- ARP address resolution protocol - arp va l tin ch va l giao thc. l 1 phn ca chng giao thc TCP/ip n c dng chuyn a ch TCP/ip sang a ch MAC. - bng ARP trong win95/98.. l danh sch cc a ch TCP/ip v a ch vt l tng ng ca chng. Bng ny c lu tr trong b nh cache win ko cn phi truy cu bng ARP 1 cch thng xuyn truy cp a ch TCP/IP mi dng ko ch gm 1 a ch ip v 1 a ch MAC m cn 1 gi tr time to live gi tr ny cho bit 1 dng tn ti trong bng l bao lu. Bng ARP gm c 2 loi ng tnh. + Bng ARP ng c to ra khi windows TCP/IP c khi ng stask to 1 yu cu chuyn i i ch v a ch MAC tng ng ko c tm thy trong bng ARP. Yu cn ARP c truyn theo dng broadcast trn mng cc b. khi a ch MAC ca a ch TCP yu cu c tm thy th n s c thm v bng ARP. + bng ARP tnh going nh ARP ng nhng n c to bng tay bng cch s dng tin ch ARP. - Tin ch ARP hu dng trong vic x l cc a ch ip b trng. VD: my trm ca ta nhn c 1 a ch ip t DHCP server nhng ri thay n nhn c trng vi ip ca my trm khc khi ta c gng ping ta s ko nhn c s tr li. my trm ca ta c gn xc minh a chi MAC nhng n ko th lm c v c 2 my tr li cng nhn c 1 a chi ip. gii quyt vn ny, ta c th s dng tin ch ARP thc hin bng ARP cc b ca ta v bit c a ch TCP/IP no c phn cho a ch MAC no. a Swich: biu din ton b bng ARP hin ti. c php : ARP -a -S Switch : Thm nhng dng tnh vo bng ARP. Nhng n ny tn ti trong bng ARP cho n khi my khi ng li. 1 dng tnh s ni cng 1 chi IP vi chi MAC ring l n khi mt gi cn gi n chi MAC tng ng .c php: ARP-s[IPAddress] [MAC Address] VD: ARP-s 204.153.163.5 00- a0 c0 ab c3 -11 -d Switch : xa ! dng tnh khi bng ARP. C php : ARP-d [IP Address]. xa mt dng ng ta ch time out. Netstat: Dng kim tra cc kt ni TCP/ IP (ca inbound & outbound ) trn my v thng k c bao nhiu gi c gi v nhn , s gi b likhi khng dng ty chn no ,netstat s cho kt qu v tnh trng kt ni TCP/IP nh sau: Tin ch netstat c s dng khng i km 1 ty chn no s c bieeyj hu ch trong vic xc nh trng thi kt ni web outbound. Ct proto :lit k cc danh sch protocol c s dng . Ct local address lit k chi ngun v cng ngun. Ct foreign address lit k chi v cng ch. Ct state : ch tnh trng ca kt ni ( ESTABLISHED: thit lp kt ni) Cc ty chon : -a Switch : hin th tt c kt ni TCP/IP v UDP ( user Datagram Protocol) -e Switch : hin th tng hp cc packets c gi, nhn thng qua card mng NIC. ngha cc thng s :

Bytes : cc bytes truyn v nhn t khi m my. Xc nh d liu c tht s ang truyn i hay khng. Theo di cc tnh trng hot ng ca card mng. Unicast Packets : s lng cc gi gi nhn trc tip. Non-Unicast Packets : s lng cc Packets khng gi nhn trc tip t my ny sang my khc. Chng hn nh cc Broadcast packets. Nu s lng non-unicast packets ln hn s lng unicast packets th s coa nhiu broadcast packets c gi ln mng , ta phi tm ngun ca cacspackets ny v iu chnh hp l. Discards : s lng packets b loi b bi NIC trong sut qu trnh truyn nhn v n kt hp li khng ng (khp). Erros : s lng li xut hin trong qu trnh truyn nhn. Unknown Protocols : s packets nhn c khng hiu thuc protocol no tuy nhin tnh trng m netstat th hin ch mang tnh tng i. VD mc mng li nhiu hay t ty thuc vo t l s lng li vi khong thi gian kt ni. -R Switch : ta dng ty chon r hin th bng tm ng hin ti cho mt trm lm vi xem cc thng tinTCP/IP ang c tm ng nh th no. ( thch hp cho my c nhiu card mng). -s Switch : hin th tnh trng khc nhau ca giao thc TCP. UDP, IP, ICMP ( Interet Control Message Protocol ) v kt qu hin th trong ty chn ny: C: NETSTAT s n swich: ty chn ny b sung cho cc ty chn khc. Khi dung vi cc ty chn khc. Kt qu s hin th a ch mng thay cho tn mng tng ng. p swich: ging nh n, -p l 1 dng ty chn b sung. Thng thn dung chng vi s n hin th ring tnh trng ca ip,TCP,UDP,ICMP. VD: nu ta mun hin th tnh trng ca ICMP thay v hin th ht ton b trng thi TCP/IP ta dung nh sau: netstat s p ICMP ping l tin ch c bn nht. trong hu ht cc trng hp ping, tin ch vi 2 mc ch: - th xem c kt ni c vi host ko -th xem host c c phn hi ko. C php nh sau: ping Khi ta nhn c phn hi t my ch l bit kt ni c vi my ny. Bng sau lit k v m t swich thng dng nht cho tin ch ping ca win95/98 Swich: -? Hin th danh sch swich c dung vi ping. a gii quyt ping n tn my ch cng 1 lc. n# s ln ping n host c chia ra nhiu nht. t ping lien tc n host khi nhn Ctrl+c kt thc. r# ghi li hng trong cc bc ping. FTP(file transfer protocol) - ftp l tp con ca TCP/IP. c dung truyn file gia cc unix b. N c s dng ngy cng nhiu trong hu ht cc mi trng client/server. khi ng ftp g ftp du nhc lnh. Kt qu l du nhc lnh: FTP> t du nhc lnh ny c th download hay upload file cung nh thay i cch vn hnh ca ftp - khi ng FTP v login v 1 FTP server: a. du nhc lnh ftp g Open khong trng v tn ca ftp server . VD: FTP>open ftp.novell.com. b. g username hp l v enter.

c. g pass v nhn enter. - download file: Sau khi login v ftp server ta s tra cu cy th mc m n gm cc file m ta cn. bng sau lit k & m t nhng lnh tra cu thng dng ca FTP. Bn m t cc lnh: ls vit tt ca list. Lnh ny dung lit k th mc. cd chuyn ng dn th mc. pwd lnh ny dung hin th ng dn hin ti lcd lnh ny dung i ng dn trong th mc. Sau khi tim thy file cn download. Ta phi t bin cho kiu file. C 2 kiu file ASCII gm dng text. binary gm tt c cc loi khc. Nu t sai kiu file m ta download ch gm ton rc. Khi nghi ng th t l Binary file. - Upload file: upload file ln server. Ta phi c quyn trn server . upload c file ta login ri lm theo cc bc sau. - du nhc lnh FTP, dnh lenh lcd tm th mc trn my m ta cn upload. - G cd tm th mc ch. - Chn kiu file l ASCII hay binary. - S dng lnh put upload. C php: FTP>put Sau khi hon tt tin ch FTP g quit tr v command prompt. Ipconfig:tin ch ca chc nng ipconfig c chc nng tng t nh winipconfig, ipconfig c dung ch yu l hin cu hnh TCP/ip trn my. C php C:\>ipconfig Ipconfig c 4 swich: /?hin th cc swich ca ipconfig v m t tng swich. /all hin th tt c cc thng tin v TCP/ip. /release xa tt c cc thng tin cu hnh TCP/ip m DHCP cp pht. /renew xin cp pht li thng tin TCP t DHCP. Tracert (d vt) - tin ch dng lnh TCP/ip s cho ta bit cc tuyn m gi tin i qua trong qu trnh n ch. dung tracert trn mng hnh win 95/98 ta nh tracert 1 khon trng v DNS hay IP address host m ta mun nh tuyn. tin ch tracert phn hi li danh sch tt c cc DNS names l IP address ca cc router m packet i qua trn ng i ca n. Tin ch tracert cn ch ra khon thi gian th nghim ca tng on. vi d C:\>tracert yahoo.com - tracert hu dng nu ta gp trc trc khi tm 1 server trn internet v nu ta mun bit kt ni wan c b down hay server ko phn hi. - ta c th dung tracert xc nh c bao nhiu hop k t ngun n ch. Rt tin ch khi mun xc nh tc mng c nhanh hay ko. Thng thng s hop cn it th tc mng cng nhanh. Telnet: dung thit lp phin l vic gia Unix workstation t xa n Unix server. telnet s dng m hnh client/server.

-

telnet dung kim tra kt ni TCP. C th kim tra bt k cng thng tin no nhn phn hi. v vy c ch cho vic kim tra cng SMTP & HTTP cc cng thng thng v cc dich v tng ng. Port TCP/IP server 21 FTP 23 telnet 25 SMTP 80 HTTP 110 POP3 mail transfer protocol Nslookup: - Rt u vit kim tra a ch ip ca dns ang tr v chc chn rng ang lm vic hiu qu. - cho php nhanh chng truy xut tn server v tm ra tn ng vi a ch iP. - chy tt trn tt c cc h u hnh: win 2000,Unix,linux nhng ko chy trn win 95/98 - NSlookup cho ta thy cc c tnh khc nhau ca 1 domain name. tn ca server cung cp dch v cho n v cc domain name c cu hnh nh th no. - trong ca s command prompt, s dng nslookup bng cch g: C:\>nslookup enter.

Cu 9: Cc vn v qun tr v bo mt mng:1. chn clients qun tr ti khon, mt khu: 1. chn client: mt workstation giao tip vi server thng qua 1 giao thc s dng phn nm client. Giao thc c th l IPX/SPX. TCP/IP hay Netbeui. Cc giao thc ny l phn nm client nhng 1 vi trng hp cc giao thc ny c tch hp trong phn nm client. Cc phn nm client thng c s dng: MS network client NetWare client. Unix client. 2. qun tr ti khon v mt khu: User v pass l vn ch cht trong vic bo mt mng. ta c th dung chng ng nhp v h thng. nh qun tr c th cung cp user v pass cho ngi dung, v cung c th thay i chng. Ta cn chc chn user c nhng thng tin v cch to 1 pass tt nh th no. a. cc m hnh bo mt: ta c th bo mt tp tin chia s trn mng theo 2 cch: - cp chia s. - cp ngi dng. Cp chia s: ta cp pass ring cho tng file. Hay cc ti nguyn mng khc, ch c nhng user bit pass mi vo c. cch bo mt ny kh bit ai truy cp vo kiu ny ko thch hp cho m hnh mng cho lm. c s dng bo v ti nguyn cp thp. Cp ngi dung:ta phn quyn mc ngi dng, bo mt cp ngi dng ta d dng qun l cc user. V th cp ngi dng c p dng nhiu hn. b. qun l ti khon, mt khu: vic truy cp ti nguyn thng qua ti khon v vy ta phi qun l ti khon. nh qun tr mng bo tr cc ti khon ny hang ngy. Cch bo mt thng l i user name v

ci c s nh du truy cp ng thi. ta c th xc nh ng nhp theo v tr a l. V khon thi gian ng nhp, thi hn c hiu lc ca ti khon. 2. qun l mt khu: Qun l mt khu l bo mt cho ngi dng v trnh trng hp b kha. Pass mnh di ti thiu Ti khon yu Dng cc k t c bit pass mnh 3. cc tnh nng t bit ca h iu hnh: T ng kha ti khon. Pass ht hn Pass duy nht v pass histories

2. cc k thut tng la:Firewall bo v mng ring khi s xm nhp bt hp php ca cc users trn mng. firewall l 1 kt hp ca phn cng v phn nm. phn cng l 1 my tnh hay 1 thit b ring ca phn cng ( gm 2 card mt kt ni ra bn ngoi ci cn li kt ni vo trong). Gi firewall l 1 phn cng v n c th lp vo cc thit b khc. Tng la phi ch nht 2 card mng th mi to c ng i. a. ACL access control list: k thut phng v u tin cho mi mng ni vi internet l ACL. C cc danh sch t bn trong router. ACL l danh sch thit lp bo v ring. ACL dng kim sot a ch ip. Vi ip no c php qua ip no ko c php qua. Thit lp danh sch cm cc ip qua nh nhng hn thit lp cc ip cho qua. Thun li: - gi r - ch cn m file v lp danh sch. - Ngoi c s dng nh tng la. ACL cn c tc dng ngn chn mt s cuc gi. Bt l: - nh hng ti kh nng lm vic v phi kim tra nn cc gi tin gi i chm hn - ko mnh(c th b d danh dnh la). - lm bng tay c vn v bo v. b. DMZ The Demilitarized Zone ( vng phi qun s ) : Tt c cc h thng ngy nay u s dng DMZ . DMZ gia mng chung & mng ring ( na Pulic na Private ). Mng ring cn c bo v cn mng chung l mt phn ca th gi. DMZ to mt vng ring cha cc Serer cho ngi dng truy cp vo . v cc hacker c th truy cp vo cc server ny nn phi cc server ny vo DMZ. Bn ngoi ch c th truy cp vo DMZ. Ch khng truy cp vo mng ring. c l g khi s dng DMZ ? thng tin ca ta vn c bo v. ch c cc giao din l b tn cng. DMZ khng bo mt bi mt th to li. c. Ptocol switchinh ( o giao thc mng ): Protocol switchinh bo v d liu pha bn trong bc tng la. Dng 1 giao thc khc ( khng phi TCp/ IP) cho mng bn trong ca Firewall. Dng TCP/IP cho c mng ring v internet v dng 1 giaop thc khc trong dead zone gia mng ring v mng chung.

Protocol switching khng kh thi v va t li va chm. d. Dynamic Packet Filter ( lc gi ng): Packet filtering l kh nng ca routo hoc firewall loi b cc gi khng t tiu chun yu cu. Firewalls dng Dynamic packet filtering chc chn rng packet ph hp ng vi session ca vng pha trong firewall. A dynamic state lits danh sch tm trng ng . da trn firewall, theo di tt c cc phin giao tip gia trm bn trong firewall v trm bn ngoi. Danh sch ny thay i ty theo session. Dynamic state lists ny cho php firewall lc gi ng : chir cacs packets ph hp ng theo session hin thi mi c php i qua . Khuyt im : tn chi ph cho processor. Processer c th l card hay phn mn ( phn mm nng n v phi m cc gi ra xem c phi gi cn truyn khng. Do my phi mnh mi ci ni phn mm ny) e. Proxy server ( server y quyn () : s dng 1 my (hng l my ch) i din tip nhn. Proxy server i din cho mt thc t mng( clients hoc server) tch cc gi t mng cc b & mng bn ngoi. Mt client cc b gi request n server bn ngoi trn internet. u tin, request s c gi n mt proxy server. N s kim tra, phn nh & x l request bng 1 ng dng, sau ng dng ny to ra mt gi thng tin requesting mi gi ti external server. Proxy l FIREWALL tt v cc Packet b chia ra nn c th kim tra d liu cc on chia thng qua cc tn ca m hnh OSI. C nhiu loi proxy severs bao gm:IP,WEP.FTP,SMTP. Proxy nm lp Application nn ch khi ng dng chy thc thi proxy . Tc chm hn khi truy cp ln u nhng khi truy cp ln 2 ly cng mt thng tin s nhanh hn. u im: nu my bn ngoi s che c IP nhng khng bo v c mng.Do Proxy bn trong mng th mi bo v c mng do kim sot c a ch IP. Khuyt im:d b tn cng khi cc hacker tn cng proxy .Do phi SECURITI cn thn. IP PROXY. Mt IP proxy giu c mt a ch IP ca cc trm trong mng mc ch khng cho hacker bit c a ch IP ch mng bn trong. WEB sever trn internet s khng ch ra a ch IP ca request gi ti.tt c giao tip u da trn proxy server .loi proxy ny c gi l network address translation(NAT) Web (HTTP) proxy truy cp web thng qua proxy. Web proxies (cn gi l HTTP hyprtext transfer protocol) proxies da trn HTTP requests gi i t cc trm. trnh duyt web client yu cu trang web trn internet bng HTTP requests . v browser c cu hnh to ra HTTP requests dng HTTP proxy. Browser gi requests n proxy server . proxy server hay a ch from (a ch ni gi) ca HTTP requests thnh ch mng v gi n n internet web server .proxy server sau thay ch ca n thnh ch ni gi nguyn thy ban u. v gi li ni gi gc . Proxy cache server : server ny nhn receiver HTTP requests t web brower v to request i din . khi trang web c yu cu tr v. trang web c th c gi trc tip t b m cc b thay v proxy server phi lm li cng vic gi request mi n web

server trn internet . iu ny lm tng tc truy cp . web proxies cn tng bo mt mng bng cch lc ra cc thc th gy hi. nh cc on m scripts hoc viruses . FTP proxy FTP proxy da trn vic uploading v download in cc files t server i din mng . FTP proxy hot ng tng t theo kiu web proxy. Cng nh web proxies . FTP proxies c th lc cc ni dung gy hi. SMTP proxy : SMTP proxies da trn internet, imail. Cc packets hay messares cha cc dng vt cht khng bo m c th b blocked .cc SMTP proxies c phn mm chng virus qut mail nhn c f. sucurity protocols L tp hp cc iu kin hay quy c bo mt kt ni c bo tr nh th no khi truyn d liu qua mi trng khng bo mt. Bn quy tc -L2TP -IPSEC -SSL -Kerberos * L2TP-the layer 2 turneling protocol: L giao thc h tr cc giao thc khng phi TCP/IP trong mng ring o qua internet .n l s kt hp ca MS point-to-point turmeling protocol(PPTP) & Ciscos layer 2 forwarding(L2F)technology *Ipsec: IP security l giao thc cung cp quyn truy cp & m ha trn internet.IP Sec hot ng lp network ca m hnh OSI & bo v tt c cc ng dng thuc cc lp trn n . *SSL : Secure sockets layer l giao thc bo v c pht trin bi Netscape,c s dng cho Navigator browser(s dng tn Application).SSL s dng thut ton m ha bt i xng RSA. Mt sever nhn thng tin ca user v v tch username & paswork sang 2 phn ring . Do kh tn cng v cc thng tin mt c lu ni khc. *Kerberos Kerberos khng phi l giao thc,n l 1 h thng bo mt .c pht trin bi MIT,n cho php xc nh user khi h ln u ng nhp vo h thng s dng kerberos

Cc K thut tn cng v bo va. cc k thut tn cng-hacker tool tn cng trc tip: l mng b hacker tn cng trc tip. VD: hacker gi 1 gi tin winnuke n 1 my xc nh gi l tn cng trc tip.virut ko c gi l tn cng trc tip. Winnuke: l gi 1 gi tin sai tiu dn n vic windows s sa cha li n lm CPU i vo vng ln qun.

IP Spooling:l qu trnh gi gi tin gi mo a ch ngun bn nhn tng u n c gi t a ch ngun. chng li ta dng ACL.tn cng t chi dch v (Denial Of Services Attack ) Khi mt mng my tnh b Hacker tn cng n s chim mt lng ln ti nguyn trn server nh dung lng cng, b nh, CPU, bng thng . Lng ti nguyn ny ty thuc vo kh nng huy ng tn cng ca mi Hacker. Khi Server s khng th p ng ht nhng yu cu t nhng client ca nhng ngi s dng v t server c th s nhanh

chng b ngng hot ng, crash hoc reboot. Tn cng t chi dch v c rt nhiu dng nh Ping of Death, Teardrop, Aland Attack, Winnuke, Smurf Attack, UDP/ICMP Flooding, TCP/SYN Flooding, Attack DNS.

The ping of death:l loi dch v t chi hay cn gi l Dos, lm t lit h thng, lm v thng b v hiu ha. Hacker gi rt nhiu gi tin n my ch lm cho my ch bn. chng li ta thc hin ng 1 s cng trn h thng. hoc dng DMZ. Winnuke n c gi l gi tin sai tiu dn n vic windown s sa cha n lm CPU i v vng ln qun.Qua ta c th thy r nhng v tn cng t chi dch v (Denial Of Services Attack ) v nhng cuc tn cng v vic gi nhng gi d liu ti my ch (Flood Data Of Services Attack) ti tp l nhng mi lo s cho nhiu mng my tnh ln v nh hin nay, TCP/SYN Flooding: Bc 1: Khch hng gi mt TCP SYN packet n cng dch v ca my ch Khch hng -> SYN Packet -> My ch Bc 2 : My ch s phn hi li khch hng bng 1 SYN/ACK Packet v ch nhn mt 1 ACK packet t khch hng My ch -> SYN/ACK Packet -> Khch hng Bc 3: Khch hng phn hi li My ch bng mt ACK Packet v vic kt ni han tt Khch hng v my ch thc hin cng vic trao i d liu vi nhau. Khch hng -> ACK Packet -> My ch Trong trng hp Hacker thc hin vic SYN Flooding bng cch gi ti tp, hng lot TCP SYN packet n cng dch v ca my ch s lm my ch b qu ti v khng cn kh nng p ng c na. UDP/ICMP Flooding: Hacker thc hin bng cch gi 1 s lng ln cc gi tin UDP/ICMP c kch thc ln n h thng mng, khi h thng mng chu phi s tn cng ny s b qua ti v chim ht bng thng ng truyn i ra bn ngai ca mng ny, v th n gy ra nhng nh hng rt ln n ng truyn cng nh tc ca mng, gy nn nhng kh khn cho khch hng khi truy cp t bn ngoi vo mng ny. Nhng iu kin c nhng cuc tn cng DoS C hiu qu: c c nhng cuc tn cng DOS c hiu qu thng thng mt Hacker phi la chn cho mnh nhng ng truyn c dung lng ln cng nh tc my c dng lm cng c tn cng. Nu khng hi t c nhng iu kin trn th cuc tn cng s khng mang li my kh quan. Nhng vi nhng tin ch nh Trinoo, TFN2K, Stacheldraht ngi tn cng khng phi ch dng 1 ni tn cng m s dng nhiu mng li khc nhau thc hin vic tn cng ng lat. Cc my c dng tn cng thng l cc my c kt ni Internet b ngi tn cng xm nhp.

b. cc k thut phng v:

Active detection phng v ch ng ta lun lun tun tra kim tra h thng tm kim k tn cng vo. Passive detection phng v th ng ta dng cc phn nm tng ng,hoc ghi li cc s kin cho h thng. nhc im phi theo di thng xuyn. Proactive defense:chc nng chnh ca Proactive defense l m bo h thng ca ta ko b tn cng, bng cch to cc phin bn going hch nhau. Khi h thng b tn cng v cc phin bn ta s bit v khc phc.

Mt M v cc chnh sch bo mt.a. khi nim mt m: mt m l qu trnh m ha v gii m d liu. d liu gi i c m ha v gii m li khi bn nhn.thng thng d liu d liu c m ha=

phng thc c bit.c bn nhn v gii m u nhn kha ny. Kha ny dng trong m ha v gii m. b. cc ng dng ca mt m. Trong mng cc b. i khi m ha rt cn thit. nh m ha pass gi t workstation n server khi login. Mt m cung c dng trong h thng mail, cho cc user m ha c nhn. Hoc tt c cc mail. Mt m cn c dng trong vic truyn d liu trn mng ring o VPN dung internet cc user truy cp t xa. Mt m ngy cng quan trng trong thng mi in t. dch v ngn hang trn mng u t trn mng. c. kha mt m v phn loi m thng thng. kha mt m l cng thc dng chuyn cc k t trong d liu thnh cc k t khc. Phn loai: c 2 loi kha m ha public v private Public key: s dng thut ton diffie-hellman. Thut ton ny s dng 2 kha m ha v gii m d liu, public key dung cho bn gi cn bn nhn dung private gii m ch c ngi gii m mi c private key. xc thc ta dung private ,m ha thng ip v dng public gii m. Private key: cn gi l kha i xng c bn gi v nhn u c 1 kha going nhau v h dng kha ny m ha v gii m thng ip. thut ton dng m ha l thut ton DES. d. chnh sch bo mt: chnh sch bo mt cho ta bit vic bo mt c tin hnh nh th no trong t chc,bao gm bo mt vt l, bo mt vn bn v bo mt mng. chnh sch bo mt mng phi c thc hin ton vn v nu ko s b tnh trng bt u ny h u kia. Kim soat an ninh: kim tra an ninh mng xem cc phn no cha c bo mt. Chnh sch bn sch: tt c nhng ti liu quan trng phi c lm sch trnh tinh trng hack li dng tim kim thng tin xm nhp. Cc chnh sch bo mt khc: gm nhiu mc. Quy nh v vi phm an ton . chnh sch bo mt ko c gi tr nu ko c tnh bt buc. ngi s dng cn c mt vn bn r rang. Qui nh v gii thch ngi s dng. nu qui phm vo qui nh s b trng pht tuy theo mc vi phm m c mc s l khc nhau.