.., .., 2003-2008
. . : . ., 1992. . . : . ., 1992.
15408-02 .., 2002. . . ..: , 2002. / 17799-2005. .
( ); , ; , , , , ; , ; , ;
, , ; , , , ; , ; ;
, , , , (), ..; . . , .
: ( )
()
:
() BIOS
BIOS (, CD-ROM, USB-)
Security (Password) : MBR Bios Setup (Supervisor)
Advanced CMOS Features
- () - - -
( .. )
Min 8-10 QWERTY IVAN, PAROL, gfhjkm Aa1; + Alt+. Rz23Sa5v,
()100
(-)Touch-memory (Dallas iButton) (e-token USB-, PCMCIA - )-
, Windows 2000, XP MCBC 3.0 Windows XP
3.0 , 2 , ,
() :
( () ) 1. 2. 3. -- 4. ,
1
2
3
User 1
R
RW
User 2
R
RW
User 3
RW
RW
RW
- ( )
,
-
Intel Windows NT/2000OC Novell NetWare Linux Trusted Xenix Trusted Oracle
Secret Net Windows NT/2000 Dallas Lock Windows NT/2000 - Windows NT/2000 OC Novell NetWare
- ()
-
- , , , , .
: ( )
() :
BIOS
Security (Password) : MBR Bios Setup (Supervisor)
Advanced CMOS Features
Wavetrend (Link-IT)
Wavetrend (Link-IT)
- -( )
Wavetrend (Link-IT)- - ( )
Secret Net 2000( )
Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( )
- -PCI
Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( ) - -PCI ( )
NT 2.0 ( )
Wavetrend (Link-IT)- - ( ) Secret Net 2000 ( ) - -PCI ( ) NT 2.0 ( )
, ,
() ( .. )
! .
Min 8-10 QWERTY IVAN, PAROL, gfhjkm Aa1; + Alt+. Rz23Sa5v,
( )
( , , ) : (SmartPen) ,
()100
- - -
?
(-)Touch-memory (Dallas iButton) (e-token USB-, PCCard , PCMCIA - )-
:
BIOS MBR BR
- BIOS MBR BR
NT BIOS MBR BR
, ,
, ,
: .
()
-
(
Main BIOS
BIOS
, ,
, ,
, ,
.
:
Secret Disk Standart (Aladdin Software Security R.D.) StrongDisk Pro Windows 95/98/NT/2000 ( "-")PGP, BestCrypt,
Secret Disk Standart (Aladdin Software Security R.D.)
StrongDisk Pro Windows 95/98/NT/2000 ( "-")
-
() -
( ) .
, -
-
: (swap file - win386.swp) (free space) (file slacks)
(wipe) -
Dallas Lock /, /
ViPNet, , +
ViPNet,
-
/ , / ( BIOS) , ( - ) 300 1540 $
Virtual Private Network (VPN) , , ,
VPN
, VPN (, , )
VPN
VPN IP- IP- , IP- (IP- )IP- IP-
(IP, IPX, NetBEUI)PPTP (Point-to-Point Tunneling Protocol)-MSL2F (Layer-2 Forwarding) Cisco SystemsL2TP (Layer-2 Tunneling Protocol)
PPTPPPTP L2TP Point-to-Point Protocol (PPP) PPP - , - PPP, PPTP L2TP
PPTP
PPTP PPP- Generic Routing Encapsulation (GRE ) GRE , IPX, AppleTalk, DECnet, IP-
IP GRE PPP IP TCPUDPIP TCP 1723 , PPP
TCP-, 110Source IP195.12.90.175Dest IP194.226.237.16Source Port1134Dest Port110
POP3
DNS-, 53
HTTP-, 80
PPTP Extensible Authentication Protocol (EAP),Microsoft Challenge Handshake Authentication Protocol (MSCHAP) 1 2, Challenge Handshake Authentication Protocol (CHAP), Shiva Password Authentication Protocol (SPAP) Password Authentication Protocol (PAP) - MSCHAP 2 -
Microsoft PPTP : : /: MS-CHAP (/)
MSCHAP . . - Lan Manager, 21- . , 24- . . - Windows NT. - , - . , .
PPTP DES RSA Data Security, " Microsoft" (Microsoft Point-to-Point Encryption - MPPE). , RC4 40- 128-
RC440- 64- - Lan Manager ( ) SHA. 24 0xD1269E128- Windows NT 64- , MS-CHAP. , , . 128- SHA.
SKIP (Simple Key management for Internet Protocol IP-) Sun Microsystems, 1994
-
- , , . :
Ko = gKc mod n, g n - .
SKIP I, J, Kij.Kij = (Koj)Kci mod n = (gKcj)Kci mod n = gKci*Kcj mod n Kij I J . :Kij = (Koj)Kci mod n = (Koi)Kcj mod n = Kji
SKIP
, , ; , .
(n), Kijn Kp - (MD5) Kij n.n , 00 00 01.01.95 n 1 ,
SKIP counter
, AH ESP, .IP - IPSKIP - SKIPAH - ESP - , Inner protocol - .
Kc Kij ( ) Kp .
man-in-the-middle , i j. - i "" Koj, j -, Koi. , , , .
( ). (Certificate Authority ) , , . () ()
, , . , , , , .. , (ITU Rec. X.509)
X.509 X.509 ITU-T - () ; ; ; () ; , (basicConstraints, nameConstraints); ( ).
X.509
Version 1, 2, 3Certificate Serial Number 40:00:00:00:00:00:00:ab:38:1e:8b:e9:00:31:0c:60Signature Algorithm Identifier 34.10-94Issuer X.500 Name C=RU, ST=Moscow,O=PKI, CN=Certification AuthorityValidity Period : 2 06:59:00 1999 GMT : 6 06:59:00 2004 GMTSubject X.500 Name C=RU, ST=Moscow, O=PKI, CN=SidorovSubject Public Key Info : : 1024 : AF:ED:80:43.....Issuer Unique ID version 2 Subject Unique ID version 2 CA Signature
X.509
X.509
PKI (public key infrastructure) ()PKI ,
: ,
,
, , , ,
, SKIP , . .
, SKIP (replay) SKIP- , , ./ , .
, SKIP .Man-in-the-middle . .
, SKIP : ( 256 ); 5-10 IP ; .
, SKIP DoS , IP. .
" " , , . (, Web-) VPN- ,
IPSec ( IKE - Internet Key Exchange) ( AH - Authentication Header) (ESP - Encapsulating Security Payload)
IPSec
(AH) , MD5: AH - .
ESP ESP
IKE IKE
IKE- -
, 60%
VPN Intranet VPN Remote Access VPN Client/Server VPN Extranet VPN
VPN Intranet VPN , Remote Access VPN Client/Server VPN Extranet VPN
VPN Intranet VPN Remote Access VPN , IP- Client/Server VPN Extranet VPN
VPN Intranet VPN Remote Access VPN Client/Server VPN ( ) , Extranet VPN
VPN Intranet VPN Remote Access VPN Client/Server VPN Extranet VPN , " ", ,
VPN ();VPN ;VPN ();VPN
VPN Windows NT/2000/XP ( TP IPSec) -
VPN Cisco Systems - DES
VPN CheckPoint Software Technologies CheckPoint Firewall-1 /VPN-1 IPSec, DES, CAST, IDEA, FWZ -IP , DataGuard -, VPN SKIP
VPN VPN -
VPN " IP-" () - (), SKIP
VPN "" 2.5 SKIP1
VPN ViPNet
Physical & Data Link LayersFTPIP (Internet Protocol)TCPUDPApplication LayerTransport LayerNetwork LayerSMTPIPTelephony IP-LIR ViPNet - IP - , , .ViPNet Isolation LayerS S LSecure Sockets Layer(IP-LIR driver)
SSL (Secure Socket Layer)Netscape Communications, 3.0 TLS (Transport Layer Secur)1999., 1.0 , HTTP ( HTTPS)
SSL ( ) -
SSL- TCP-, 443
SSL- TCP-, 443 Client-Hello SSLChallenge_Data
SSL- TCP-, 443 Client-Hello Server-Hello SSL Connection_id () ( )
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key ,
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-VerifyChallenge_Data,
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-Verify Client-Finished Connection_id,
SSL- TCP-, 443 Client-Hello Server-Hello Client_Master_Key Server-Verify Client-Finished
,
S-HTTP Secure HTTP
HTTP S-HTTP : ( ): Secure * Secure-HTTP/1.1: Secure-HTTP/1.1 200 RFC-822