Está en la página 1de 62

Nghin cu khoa hc

ti: Nghin cu v tng la

PHN I: TNG QUAN V AN TON THNG TIN TRN MNG


An ton thng tin l nhu cu rt quan trng i vi c nhn cng nh i vi x hi v cc quc gia trn th gii. Mng my tnh an ton thng tin c tin hnh thng qua c phng php vt l v hnh chnh. T khi ra i cho n nay mng my tnh em li hiu qu v cng to ln trong tt c cc lnh vc ca i sng. Bn cnh ngi s dng phi i mt vi cc him ha do thng tin trn mng ca h b tn cng. An ton thng tin trn mng my tnh bao gm cc phng php nhm bo v thng tin c lu gi v truyn trn mng. An ton thng tin trn mng my tnh l mt lnh vc ang c quan tm c bit ng thi cng l mt cng vic ht sc kh khn v phc tp. Thc t chng t rng c mt tnh trng rt ng lo ngi khi b tn cng thng tin trong qu trnh x l, truyn v lu gi thng tin. Nhng tc ng bt hp php ln thng tin vi mc ch lm tn tht, sai lc, ly cp cc tp lu gi tin, sao chp cc thng tin mt, gi mo ngi c php s dng thng tin trong cc mng my tnh. Sau y l mt vi v d in hnh v cc tc ng bt hp php vo cc mng my tnh: Cc sinh vin trng i hc Tng hp M lp v ci t vo my tnh mt chng trnh bt chc s lm vic vi ngi s dng xa. Bng chng trnh h nm trc c nhu cu ca ngi s dng v hi mt khu ca h. n khi b pht hin cc sinh vin ny kp ly c mt khu ca hn 100 ngi s dng hp php h thng my tnh. Cc nhn vin ca hng CDC(M) xm nhp vo trung tm tnh ton ca mt hng sn xut ha phm v ph hy cc d liu lu gi trn bng t gy thit hi cho hng ny ti hn 100.000$.
1

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hng bch khoa ton th ca Anh a ra ta 3 k thut vin trong trung tm my tnh ca mnh vi li buc ti h sao chp t a ca my ch tn tui gn 3 triu khch hng ng gi ca hng bn cho hng khc. Chim v tr ng k hn c trong s cc hnh ng phi php tn cng mng my tnh l cc hnh vi xm nhp vo h thng, ph hoi ngm, gy n, lm hng ng cp kt ni v cc h thng m ha. Song ph bin nht vn l vic ph hy cc phn mm x l thng tin t ng, chnh cc hnh vi ny thng gy thit hi v cng ln lao. Cng vi s gia tng ca nguy c e da thng tin trong cc mng my tnh, vn bo v thng tin cng c quan tm nhiu hn. Sau kt qu nghin cu iu tra ca ca vin Stendfooc (M), tnh hnh bo v thng tin c nhng thay i ng k. n nm 1985 nhiu chuyn gia M i n kt lun rng cc tc ng phi php trong h thng thng tin tnh ton tr thnh tai ha quc gia.Khi c cc ti liu nghin cu, hip hi lut gia M tin hnh mt cuc nghin cu c bit. Kt qu l gn mt na s kin thm d thng bo rng trong nm 1984 h l nn nhn ca cc hnh ng ti phm c thc hin bng my tnh, rt nhiu trong s cc nn nhn ny thng bo cho chnh quyn v ti phm., 39% s nn nhn tuy c thng bo nhng li khng ch ra c mc tiu m mnh nghi vn. c bit nhiu l cc v phm php xy ra trn mng my tnh ca cc c quan kinh doanh v nh bng. Theo cc chuyn gia, tnh n trc nm 1990 M li lc thu c t vic thm nhp phi php vo cc h thng thng tin ln ti gn 10 triu la. Tn tht trung bnh m nn nhn phi tr v cc v phm php y t 400.000 n 1.5 triu la. C hng phi tuyn b ph sn v mt nhn vin c ph b tt c cc ti liu k ton cha trong b nh ca my tnh v s n ca cc con n.

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

I. CC HNH THC TN CNG.


1.1 Tn cng trc tip:
Nhng cuc tn cng trc tip thng thng c s dng trong giai on u chim c quyn truy nhp bn trong. Mt phng php tn cng c in l d tm tn ngi s dng v mt khu. y l phng php n gin, d thc hin v khng i hi mt iu kin c bit no bt u. K tn cng c th s dng nhng thng tin nh tn ngi dng, ngy sinh, a ch, s nh vv.. on mt khu. Trong trng hp c c danh sch ngi s dng v nhng thng tin v mi trng lm vic, c mt trng trnh t ng ho v vic d tm mt khu ny. Mt chng trnh c th d dng ly c t Internet gii cc mt khu m ho ca cc h thng unix c tn l crack, c kh nng th cc t hp cc t trong mt t in ln, theo nhng quy tc do ngi dng t nh ngha. Trong mt s trng hp, kh nng thnh cng ca phng php ny c th ln ti 30%. Phng php s dng cc li ca chng trnh ng dng v bn thn h iu hnh c s dng t nhng v tn cng u tin v vn c tip tc chim quyn truy nhp. Trong mt s trng hp phng php ny cho php k tn cng c c quyn ca ngi qun tr h thng (root hay administrator). Hai v d thng xuyn c a ra minh ho cho phng php ny l v d vi chng trnh sendmail v chng trnh rlogin ca h iu hnh UNIX. Sendmail l mt chng trnh phc tp, vi m ngun bao gm hng ngn dng lnh ca ngn ng C. Sendmail c chy vi quyn u tin ca ngi qun tr h thng, do chng trnh phi c quyn ghi vo hp th
3

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

ca nhng ngi s dng my. V Sendmail trc tip nhn cc yu cu v th tn trn mng bn ngoi. y chnh l nhng yu t lm cho sendmail tr thnh mt ngun cung cp nhng l hng v bo mt truy nhp h thng. Rlogin cho php ngi s dng t mt my trn mng truy nhp t xa vo mt my khc s dng ti nguyn ca my ny. Trong qu trnh nhn tn v mt khu ca ngi s dng, rlogin khng kim tra di ca dng nhp, do k tn cng c th a vo mt xu c tnh ton trc ghi ln m chng trnh ca rlogin, qua chim c quyn truy nhp.

1.2. Nghe trm:


Vic nghe trm thng tin trn mng c th a li nhng thng tin c ch nh tn, mt khu ca ngi s dng, cc thng tin mt chuyn qua mng. Vic nghe trm thng c tin hnh ngay sau khi k tn cng chim c quyn truy nhp h thng, thng qua cc chng trnh cho php bt cc gi tin vo ch nhn ton b cc thng tin lu truyn trn mng. Nhng thng tin ny cng c th d dng ly c trn Internet.

1.3. Gi mo a ch:
Vic gi mo a ch IP c th c thc hin thng qua vic s dng kh nng dn ng trc tip (source-routing). Vi cch tn cng ny, k tn cng gi cc gi tin IP ti mng bn trong vi mt a ch IP gi mo (thng thng l a ch ca mt mng hoc mt my c coi l an ton i vi mng bn trong), ng thi ch r ng dn m cc gi tin IP phi gi i.

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

1.4. V hiu cc chc nng ca h thng (DoS, DDoS):


y l ku tn cng nhm t lit h thng, khng cho n thc hin chc nng m n thit k. Kiu tn cng ny khng th ngn chn c, do nhng phng tin c t chc tn cng cng chnh l cc phng tin lm vic v truy nhp thng tin trn mng. V d s dng lnh ping vi tc cao nht c th, buc mt h thng tiu hao ton b tc tnh ton v kh nng ca mng tr li cc lnh ny, khng cn cc ti nguyn thc hin nhng cng vic c ch khc.

Hnh 1 M hnh tn cng DdoS

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Client l mt attacker sp xp mt cuc tn cng Handler l mt host c tha hip chy nhng chng Mi handler c kh nng iu khin nhiu agent Mi agent c trch nhim gi stream data ti victim

trnh c bit dng tn cng

1.5. Li ca ngi qun tr h thng:


y khng phi l mt kiu tn cng ca nhng k t nhp, tuy nhin li ca ngi qun tr h thng thng to ra nhng l hng cho php k tn cng s dng truy nhp vo mng ni b.

1.6. Tn cng vo yu t con ngi:


K tn cng c th lin lc vi mt ngi qun tr h thng, gi lm mt ngi s dng yu cu thay i mt khu, thay i quyn truy nhp ca mnh i vi h thng, hoc thm ch thay i mt s cu hnh ca h thng thc hin cc phng php tn cng khc. Vi kiu tn cng ny khng mt thit b no c th ngn chn mt cch hu hiu, v ch c mt cch gio dc ngi s dng mng ni b v nhng yu cu bo mt cao cnh gic vi nhng hin tng ng nghi. Ni chung yu t con ngi l mt im yu trong bt k mt h thng bo v no, v ch c s gio dc cng vi tinh thn hp tc t pha ngi s dng c th nng cao c an ton ca h thng bo v.

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

II. CC DCH V BO V THNG TIN TRN MNG


Chng ta c th coi cc dch v bo v thng tin nh l bn sao ca cc thao tc bo v ti liu vt l. Cc ti liu vt l c cc ch k v thng tin v ngy to ra n. Chng c bo v nhm chng li vic c trm, gi mo, ph hy Chng c th c cng chng, chng thc, ghi m, chp nh Tuy nhin c cc im khc nhau gia ti liu in t v ti liu giy: - Ta c th phn bit gia ti liu giy nguyn bn v mt ti liu sao chp. Nhng ti liu in t ch l mt dy cc bit nn khng th phn bt c u l ti liu nguyn bn u l ti liu sao chp.
-

Mt s thay i trong ti liu giy u li du vt nh vt xa, ty

Tuy nhin s thay i ti liu in t hon ton khng li du vt. Di y l cc dch v bo v thng tin trn mng my tnh.

2.1. Dch v b mt (Confidentiality)


Dch v b mt bo m rng thng tin trong h thng my tnh v thng tin c truyn ch c c bi nhng bn c y quyn. Thao tc c bao gm in, hin th,Ni cch khc, dch v b mt bo v d liu c truyn chng li cc tn cng b ng nhm khm ph ni dung thng bo. Thng tin c bo v c th l tt c d liu c truyn gia hai ngi dng trong mt khong thi gian hoc mt thng bo l hay mt s trng trong thng bo.

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Dch v ny cn cung cp kh nng bo v lung thng tin khi b tn cng phn tch tnh hung.

2.2.

Dch v xc thc (Authentication)


Dch v xc thc m bo rng vic truyn thng l xc thc ngha l c

ngi gi v ngi nhn khng b mo danh. Trong trng hp c mt thng bo n nh mt tn hiu cnh bo, tn hiu chung, dch v xc thc m bo vi bn nhn rng thng bo n t ng bn nu danh. Trong trng hp c mt giao dch ang xy ra, dch v xc thc m bo rng hai bn giao dch l xc thc v khng c k no gi danh lm mt trong cc bn trao i. Ni cch khc, dch v xc thc yu cu ngun gc ca thng bo c nhn dng ng vi cc nh danh ng.

2.3. Dch v ton vn (Integrity)


Dch v ton vn i hi rng cc ti nguyn h thng my tnh v thng tin c truyn khng b s i tri php. Vic sa i bao gm cc thao tc vit, thay i, thay i trng thi, xa thng bo, to thng bo, lm tr hoc dng li cc thng bo c truyn. Dch v ton vn c th p dng cho mt thng bo, mt lung thng bo hay ch mt s trng trong thng bo. Dch v ton vn nh hng kt ni (connection-oriented) p dng cho mt lung thng bo v n bo m rng cc thng bo c nhn c ni dung ging nh khi c gi, khng b nhn bn, chn, sa i, thay i trt t hay dng li k c hy hoi s liu. Nh vy dch v ton vn nh hng kt ni quan tm n c vic thay i thng bo v t chi dch v. Mt khc, dch v
8

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

ton vn phi kt ni ch quan tm n vic s i thng bo. Dch v ton vn ny thin v pht hin hn l ngn chn.

2.4. Khng th chi b (Nonrepudiation)


Dch v khng th chi b ngn chn ngi gi hay ngi nhn chi b thng bo c truyn. Khi thng bo c gi i ngi nhn c th chng minh rng ngi gi nu danh gi n i. Khi thng bo nhn c, ngi gi c th chng minh thng bo c nhn bi ngi nhn hp php.

2.5. Kim sot truy nhp (Access control)


Kim sot truy nhp l kh nng hn ch v kim sot truy nhp n cc h thng my tnh v cc ng dng theo cc ng truyn thng. Mi thc th mun truy nhp u phi nh danh hay xc nhn c quyn truy nhp ph hp.

2.6. Sn sng phc v (Availability)


Sn sng phc v i hi rng cc ti nguyn h thng my tnh lun sn sng i vi nhng bn c y quyn khi cn thit. Cc tn cng c th lm mt hoc gim kh nng sn sng phc v ca cc chng trnh phn mm v cc ti nguyn phn cng ca mng my tnh. Cc phn mm hot ng sai chc nng c th gy hu qu khng lng trc c. Cc mi e da ch yu ti s an ton trong cc h thng mng xut pht t tnh m ca cc knh truyn thng (chng l cc cng c dng cho truyn thng hp php gia cc tin trnh nh client, server) v hu qu l lm cho h thng b tn cng. Chng ta phi tha nhn rng trong mi knh truyn thng, ti tt c cc
9

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

mc ca phn cng v phn mm ca h thng u chu s nguy him ca cc mi e da . Bin php ngn chn cc kiu tn cng trn l: - Xy dng cc knh truyn thng an ton trnh vic nghe trm - Thit k cc giao thc xc nhn ln nhau gia my khch hng v my ch: + Cc my ch phi m bo rng cc my khch hng ng l my ca nhng ngi dng m chng i hi + Cc my khch hng phi m bo rng cc my ch cung cp cc dch v c trng l cc my ch c y quyn cho cc dch v . + m bo rng knh truyn thng l ti nhm trnh vic dng li thng bo.

III. CC K THUT BO V THNG TIN TRN MNG


M ha
Vic m ha cc thng bo c cc vai tr sau:
1.

N dng che du thng tin mt c t trong h thng. Nh chng ta

bit, cc knh truyn thng vt l lun b tn cng bi s nghe trm v xuyn tc thng bo. Theo truyn thng, vic trao i th t bng mt m c dng trong cc hot ng qun s, tnh bo. iu ny da trn nguyn tc l mt thng bo c m ha vi mt kha m xc nh v ch c th c gii m bi ngi bit kha ngc tng ng.
2.

N c dng h tr cho c ch truyn thng xc thc gia cc cp

ngi dng hp php m ta gi l ngi y nhim (Principal). Mt ngi y nhim


10

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

sau khi gii m thnh cng mt thng bo bng cch dng mt kha dch xc nh c th tha nhn rng thng bo c xc thc nu n cha mt vi gi tr mong mun. T ngi nhn c th suy ra rng ngi gi ca thng bo c kha m tng ng. Nh vy nu c kha c gi b mt th vic gi m thnh cng s xc thc thng bo n t mt ngi gi xc nh.
3.

N c dng ci t mt c ch ch k s. Ch k s c vai tr quan

trng nh mt ch k thng thng trong vic xc nhn vi mt thnh vin th ba rng mt thng bo l mt bn sao khng b thay i ca mt thng bo c to bi ngi y nhim c bit. Kh nng cung cp mt ch k s da trn nguyn tc : c nhng vic ch c ngi y nhim l ngi gi thc s mi c th lm cn nhng ngi khc th khng th. iu ny c th t c bng vic i hi mt thnh vin th 3 tin cy m anh ta c bng chng nh danh ca ngi yu cu m thng bo hoc m mt dng ngn ca thng bo c gi l digest tng t nh mt checksum. Thng bo hoc digest c m ng vai tr nh mt ch k i km vi thng bo.

C ch st thc
Trong cc h thng nhiu ngi dng tp trung cc c ch xc thc thng l n gin. nh danh ca ngi dng c th c xc thc bi vic kim tra mt khu ca mi phin giao dch. Cch tip cn ny da vo c ch qun l ti nguyn ht thng ca nhn h iu hnh. N chn tt c cc phin giao dch mi bng cch gi mo ngi khc. Trong cc mng my tnh, vic xc thc l bin php m nh n cc nh danh ca cc my ch v cc my khch hng c xc minh l ng tin cy. C ch c dng t iu ny l da trn quyn s hu cc kha m. T thc t rng ch mt ngi y nhim mi c quyn s hu kha b mt, chng
11

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

ta suy ra rng ngi y nhim chnh l ngi c nh danh m n i hi. Vic s hu mt mt khu b mt cng c dng xc nhn nh danh ca ngi s hu. Cc dch v xc thc da vo vic dng mt m c an ton cao . Dch v phn phi kha c chc nng to, lu gi v phn phi tt c cc kha mt m cn thit cho tt c ngi dng trn mng.

Cc c ch iu khin truy nhp


Cc c ch iu khin truy nhp c dng m bo rng ch c mt s ngi dng c gn quyn mi c th truy nhp n cc ti nguyn thng tin (tp, tin trnh, cng truyn thng) v cc ti nguyn phn cng (my ch, processor, Gateway) Cc c ch iu khin truy nhp xy ra trong cc h iu hnh a ngi dng khng phn tn. Trong UNIX v cc h thng nhiu ngi dng khc, cc tp l cc ti nguyn thng tin c th chia x quan trng nht v mt c ch iu khin truy nhp c cung cp cho php mi ngi dng qun l mt s tp b mt v chia x chng trong mt cch thc c iu khin no .

12

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

IV. GII PHP TNG TH CHO AN TON THNG TIN TRN MNG
Khi ni n gi php tng th cho an ton thng tin trn mng, cc chuyn gia u nhn mnh mt thc t l khng c th g l an ton tuyt i. H thng bo v c chc chn n u i na ri cng c lc b v hiu ha bi nhng k ph hoi iu luyn v k xo v c thi gian. Cha k trong nhiu trng hp k ph hoi li nm ngay trong ni b c quan c mng cn bo v. T c th thy rng vn an ton mng my tnh thc t l mt cuc chy tip sc khng ngng v khng ai dm khng nh l c ch cui cng hay khng.

Cc mc bo v thng tin trn mng


V khng th c mt gii php an ton tuyt i nn ngi ta thng phi s dng ng thi nhiu mc bo v khc nhau to thnh nhiu lp ro chn i vi cc hot ng xm phm. Ngoi vic bo v thng tin trn ng truyn, chng ta cn phi bo v thng tin c ct gi trong cc my tnh, c bit l trong cc my ch trn mng. Bi th ngoi mt s bin php nhm chng li vic tn cng vo thng tin trn ng truyn, mi c gng phi tp trung vo vic xy dng cc mc ro chn t ngoi vo trong cho cc h thng kt ni vo mng. Hnh 1.3 m t cc lp ro chn thng dng hin nay bo v thng tin trn mng my tnh:

13

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Thng tin
Quyn truy nhp

Login/password

M ha d liu

Bo v vt l

Firewall

Hnh 2: Cc mc bo v thng tin trn mng my tnh Quyn truy nhp:

Lp bo v trong cng l quyn truy nhp nhm kim sot cc ti nguyn thng tin ca mng v quyn hn ca ngi s dng trn ti nguyn . Hin ti vic kim sot thng mc tp.

ng k tn v mt khu:

Lp bo v tip theo l ng k tn/ mt khu (login/password). Thc ra y cng l lp kim sot quyn truy nhp, nhng khng phi truy nhp mc thng tin m mc h thng. y l phng php bo v ph bin nht v n n gin, t ph tn v cng rt hiu qu. Mi ngi s dng, k c ngi qun tr mng mun vo c mng s dng cc ti nguyn ca mng u phi
14

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

ng k tn v mt khu trc. Ngi qun tr mng c trch nhim qun l, kim sot mi hot ng ca mng v xc nh quyn truy nhp ca nhng ngi s dng khc ty theo thi gian v khng gian, ngha l mt ngi s dng ch c php vo mng nhng thi im v t nhng v tr xc nh. V l thuyt, nu mi ngi u gi kn c tn v mt khu ng k ca mnh th s khng xy ra cc truy nhp tri php. Song iu rt kh m bo trong thc t v nhiu nguyn nhn, chng hn nh ngi s dng thiu cn thn khi chn mt khu trng vi ngy sinh, tn ngi thn hoc ghi mt khu ra giy iu lm gim hiu qu ca lp bo v ny. C th khc phc bng nhiu cch nh ngi qun tr c trch nhim t mt khu, thay i mt khu theo thi gian

M ha d liu;

bo mt thng tin truyn trn mng, ngi ta s dng cc phng php m ha. D liu c bin i t dng nhn thc c sang dng khng nhn thc c theo mt thut ton no (lp m) v s c bin i ngc li (dch m) ni nhn. y l lp bo v thng tin rt quan trng v c s dng rng ri trong mi trng mng. Bo v vt l Nhm ngn cn cc truy nhp vt l bt hp php vo h thng. Ngi ta thng dng cc bin php truyn thng nh cm tuyt i ngi khng phn s vo phng t my mng, dng kha trn my tnh (ngt ngun in n mn hnh v bn phm nhng vn gi lin lc trc tuyn gia my tnh vi mng, hoc ci c ch bo ng khi c truy nhp vo h thng) hoc dng cc trm khng c a mm

15

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Bc tng la (Firewall)

bo v t xa mt my tnh hoc cho c mt mng ni b, ngi ta thng dng cc h thng c bit l tng la. Chc nng ca cc tng la l ngn chn cc thm nhp tri php (theo danh sch truy nhp xc nh trc) v thm ch c th lc b cc gi tin m ta khng mun gi i hoc nhn v nhng l do no . Phng thc ny c s dng nhiu trong mi trng mng Internet. Mt cch tip cn khc trong vic xy dng gii php tng th v an ton thng tin trn mng my tnh l a ra cc phng php v phng tin bo v thng tin.

Cc phng php v phng tin bo v thng tin


Trong giai on u tin, ngi ta cho rng vic bo v thng tin trong h thng thng tin tnh ton c th c thc hin tng i d dng, thun ty bng cc chng trnh phn mm. Chnh v vy cc phng tin chng trnh c km theo vic b sung cc bin php t chc cn thit c pht trin mt cch ng k. Nhng cho n lc ch ring cc phng tin t ra khng th m bo chc chn vic bo v thng tin th cc thit b k thut a nng, thm ch c mt h thng k thut li pht trin mt cch mnh m. T cn thit phi trin khai mt cch ng b tt c cc phng tin bo v thng tin. Cc phng php bo v thng tin bao gm v. Cc chng ngi: Chng ngi l nhm ngn cn k tn cng tip cn thng tin c bo

16

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

iu khin s tip cn:

iu khin s tip cn l phng php bo v thng tin bng cch kim sot vic s dng tt c cc ti nguyn ca h thng. Trong mt mng my tnh cn xy dng cc qui nh r rng v cht ch v ch lm vic ca ngi s dng, cc k thut vin s dng cc chng trnh phn mm, cc c s d liu v cc thit b mang tin. Cn phi quy nh thi gian lm vic trong tun, trong ngy cho ngi s dng v nhn vin k thut trn mng. Trong thi gian lm vic, cn phi xc nh mt danh mc nhng ti nguyn ca mng c php tip cn v trnh t tip cn chng. Cn thit phi c c mt danh sch cc c nhn c quyn s dng cc phng tin k thut, cc chng trnh. Vi cc ngn hng d liu ngi ta cng ch ra mt danh sch nhng ngi s dng dc quyn tip cn n. i vi cc thit b mang tin, phi xc nh cht ch v tr lu gi thng xuyn, danh sch cc c nhn c quyn nhn cc thit b ny.

17

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Cc chng ngi iu khin

Vt l

My mc Chng trnh

Cc phng php bo v

M ha thng tin

Quy nh

T chc

Cc phng tin bo v

Cng bc

Lut php

Kch thch

o c

Hnh 3: Cc phng php v phng tin bo v thng tin.

18

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

M ha thng tin:

L phng php bo v thng tin trn mng my tnh bng cch dng cc phng php mt m che du thng tin mt. Dng bo v ny c s dng rng ri trong qu trnh truyn v lu gi thng tin. Khi truyn tin theo knh truyn cng khai th vic m ha l phng php duy nht bo v thng tin. Cc qui nh:

Cc qui nh nhm trnh c mt cch ti a cc kh nng tip cn phi php thng tin trong cc h thng x l t ng. bo v mt cch c hiu qu cng cn phi quy nh mt cch cht ch v kin trc ca h thng thng tin tnh ton, v lc cng ngh ca vic x l t ng cc thng tin cn bo v , t chc v m bo iu kin lm vic ca tt c cc nhn vin x l thng tin Cng bc: L phng php bo v bt buc ngi s dng v cc nhn vin ca h thng phi tun theo nguyn tc x l v s dng thng tin cn bo v di p lc ca cc hnh pht v ti chnh v trch nhim hnh s. Kch thch: L cc bin php ng vin gio dc thc, tnh t gic i vi vn bo v thng tin ngi s dng. Cc phng php bo v thng tin xt trn thng c thc hin bng cch s dng cc phng tin bo v khc nhau, ng thi cc phng tin bo v ny cng c phn chia thnh cc phng tin k thut, cc phng tin chng trnh, t chc, lut php v o c. Cc phng tin bo v l tt c cc bin php t chc v k thut. Cc bin php t chc v php l c thc hin trong qu trnh thit k v vn hnh h
19

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

thng thng tin. Cc bin php t chc cn c quan tm mt ch y trong qu trnh thit k, xy dng v hot ng ca h thng. Cc phng tin lut php bao gm cc iu khon lut php ca nh nc qui nh v nguyn tc s dng v x l thng tin, v vic tip cn c hn ch thng tin v nhng bin php x l khi vi phm nhng nguyn tc . Qu trnh xy dng h thng bo v thng tin tri qua nhiu giai on. Trong giai on u cc phng tin chng trnh chim u th pht trin cn n giai on hai th tt c cc phng tin bo v u c quan tm. Nhng n giai on ba th hnh thnh r rt cc khuynh hng sau: - To ra nhng thit b c chc nng bo v c bn. - Xy dng cc phng tin bo v phc hp c th thc hin mt vi chc nng bo v khc nhau.
-

Thng nht v chun ha cc phng tin bo v.

20

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

PHN II: FIREWALL


A. GII THIU V FIREWALL

Ngy nay, bt k u chng ta cng nghe ni n mng Internet, cc phng tin thng tin i chng nh bo ch, pht thanh, truyn hnh Qua mng Internet, con ngi c th kinh doanh tip th trn ton cu v tip cn c khi lng thng tin khng l, cp nht trong thi gian nhanh. Li ch ca Internet mang li l khng nh, nhng nguy him khi tham gia vo mng cng khng t. Nguy him chnh l ngy cng c nhiu mi e do n s bo mt v mt mt thng tin. Thng tin l s sng cn ca mt doanh nghip, mt t chc hay mt quc gia. Do thng tin l v gi. Chng ta bng mi cch bo v chng trnh cc mi nguy him, mt trong nhng gii php tt hin nay l xy dng Firewall. S dng cc bc tng la (Firewall) bo v mng, trnh s tn cng t bn ngoi m bo c cc yu t: An ton cho s hot ng ca ton b h thng mng Bo mt cao trn nhiu phng din Kh nng kim sot cao m bo tc nhanh Mm do v d s dng Trong sut vi ngi s dng m bo kin trc m
21

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc
I.

ti: Nghin cu v tng la

I TNG BO V
Nhu cu bo v thng tin trn mng c th chia thnh ba loi gm: Bo v

d liu; Bo v cc ti nguyn s dng trn mng v Bo v uy tn ca c quan.

1.1

i vi d liu
Nhng thng tin lu tr trn h thng my tnh cn c bo v do cc

yu cu sau:
-

Tnh b mt (Secrecy): Nhng thng tin c gi tr v kinh t, qun s,

chnh sch vv... cn c gi kn. L lt thng tin c th do con ngi hoc h thng bo mt km.
-

Tnh ton vn (Integriry): Thng tin khng b mt mt hoc sa i, nh

tro. Nhng ngi s dng c th l nguyn nhn ln nht gy ra li. Vic lu tr cc thng tin khng chnh xc trong h thng cng c th gy nn nhng kt qu xu nh l b mt d liu. Nhng k tn cng h thng c th sa i, xa b hoc lm hng thng tin quan trng mang tnh sng cn cho cc hot ng ca t chc. - Tnh kp thi: Yu cu truy nhp thng tin vo ng thi im cn thit. Trong cc yu cu ny, thng thng yu cu v tnh b mt c coi l yu cu s 1 i vi thng tin lu tr trn mng. Tuy nhin, ngay c khi nhng thng tin ny khng c gi b mt, th nhng yu cu v tnh ton vn cng rt quan trng. Khng mt c nhn, mt t chc no lng ph ti nguyn vt cht v thi gian lu tr nhng thng tin m khng bit v tnh ng n ca nhng thng tin .

22

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

1.2

i vi ti nguyn
Ti nguyn ni y bao gm khng gian b nh, khng gian a, cc

chng trnh ng dng, thi gian thc thi chng trnh, nng lc ca b vi x l. Trn thc t, trong cc cuc tn cng trn Internet, k tn cng, sau khi lm ch c h thng bn trong, c th s dng cc my ny phc v cho mc ch ca mnh nhm chy cc chng trnh d mt khu ngi s dng, s dng cc lin kt mng sn c tip tc tn cng cc h thng khc vv...

1.3 i vi uy tn
Mt phn ln cc cuc tn cng khng c thng bo rng ri, v mt trong nhng nguyn nhn l ni lo b mt uy tn ca c quan, c bit l cc cng ty ln v cc c quan quan trng trong b my nh nc. Trong trng hp ngi qun tr h thng ch c bit n sau khi chnh h thng ca mnh c dng lm bn p tn cng cc h thng khc, th tn tht v uy tn l rt ln v c th li hu qu lu di.

23

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

II. PHN LOI K TN CNG


C rt nhiu k tn cng trn mng ton cu-Internet v chng ta cng khng th phn loi chng mt cch chnh xc, bt c mt bn phn loi kiu ny cng ch nn c xem nh l mt s gii thiu hn l mt cch nhn rp khun.

2.1

Ngi qua ng
L nhng k bun chn vi cc cng vic hng ngy, h mun tm nhng

tr gi tr mi. H t nhp vo my tnh ca bn v h ngh bn c th c nhng d liu hay, hoc bi h cm thy thch th khi c s dng my tnh ca ngi khc, hoc ch n gin l h khng tm c mt vic g hay hn lm. H c th l ngi t m nhng khng ch inh lm hi bn. Tuy nhin, h thng gy h hng h thng khi t nhp hay khi xa b du vt ca h.

2.2

K ph hoi
L nhng k ch nh ph hoi h thng ca bn, h c th khng thch

bn, h cng c th khng bit bn nhng h tm thy nim vui khi i ph hoi. Thng thng, trn Internet k ph hoi kh him. Mi ngi khng thch h. Nhiu ngi cn thch tm v chn ng nhng k ph hoi. Tuy t nhng k ph hoi thng gy hng trm trng cho h thng ca bn nh xa ton b d liu, ph hng cc thit b trn my tnh ca bn.

24

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

2.3

K ghi im
Rt nhiu k qua ng b cun ht vo vic t nhp, ph hoi. H

mun c khng nh mnh thng qua s lng v cc kiu h thng m h t nhp qua. t nhp c vo nhng ni ni ting, nhng ni phng b cht ch, nhng ni thit k tinh xo c gi tr nhiu im i vi h. Tuy nhin h cng s tn cng tt c nhng ni h c th, vi mc ch s lng cng nh mc ch cht lng. Nhng ngi ny khng quan tm n nhng thng tin bn c hay nhng c tnh khc v ti nguyn ca bn. Tuy nhin, t c mc ch l t nhp, v tnh hay hu h s lm h hng h thng ca bn.

2.4

Gin ip
Hin nay c rt nhiu thng tin quan trng c lu gi trn my tnh

nh cc thng tin v qun s, kinh tGin ip my tnh l mt vn phc tp v kh pht hin. Thc t, phn ln cc t chc khng th phng th kiu tn cng ny mt cch hiu qu v bn c th chc rng ng ln kt vi Internet khng phi l con ng d nht gin ip thu lm thng tin.

III. INTERNET FIREWALL


Firewall l g ?
Mt vi thut ng:
-

Mng ni b (Inernal network) : bao gm cc my tnh,

cc thit b mng. Mng my tnh thuc mt n v qun l (Trng hc, cng ty, t chc. on th, Quc gia) cng nm

25

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

mt bn vi firewall, m thng tin n v i t mt my thuc n n mt my khng thuc n u phi qua firewall .


-

Host bn trong (Internal Host) : my thuc mng ni b. Host bn ngoi (External Host): my bt k kt ni vo Thut ng Firewall c ngun gc t mt k thut thit k trong xy dng

lin mng v khng thuc mng ni b ni trn. ngn chn, hn ch ho hon. Trong cng ngh mng thng tin, Firewall l mt k thut c tch hp vo h thng mng chng s truy cp tri php, nhm bo v cc ngun thng tin ni b v hn ch s xm nhp khng mong mun vo h thng. Cng c th hiu Firewall l mt c ch (mechanism) bo v mng tin tng (Trusted network) khi cc mng khng tin tng (Untrusted network). Thng thng Firewall c t gia mng bn trong ca mt cng ty, t chc, ngnh hay mt quc gia, v Internet. Vai tr chnh l bo mt thng tin, ngn chn s truy nhp khng mong mun t bn ngoi v cm truy nhp t bn trong ti mt s a ch nht nh trn Internet.

Hnh 4: M hnh firewall


26

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Mt cch vn tt, firewall l h thng ngn chn vic truy nhp tri php t bn ngoi vo mng cng nh nhng kt ni khng hp l t bn trong ra. Firewall thc hin vic lc b nhng a ch khng hp l da theo cc quy tc hay ch tiu nh trc.

Hnh 5: Lc gi tin ti Firewall Firewall c th l h thng phn cng, phn mm hoc kt hp c hai. Nu l phn cng, n c th ch bao gm duy nht b lc gi tin hoc l thit b nh tuyn (router c tch hp sn chc nng lc gi tin). B nh tuyn c cc tnh nng bo mt cao cp, trong c kh nng kim sot a ch IP. Quy trnh kim sot cho php bn nh ra nhng a ch IP c th kt ni vi mng
27

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

ca bn v ngc li. Tnh cht chung ca cc Firewall l phn bit a ch IP da trn cc gi tin hay t chi vic truy nhp bt hp php cn c trn a ch ngun.

Chc nng
Chc nng chnh ca Firewall l kim sot lung thng tin gia mng bn trong (Intranet) v mng Internet. Thit lp c ch iu khin dng thng tin gia mng Intranet v mng Internet. C th l:

Cho php hoc cm nhng dch v truy nhp ra ngoi (t Intranet ra Internet). Cho php hoc cm nhng dch v php truy nhp vo trong (t Internet vo Intranet).

Theo di lung d liu mng gia Internet v Intranet. Kim sot a ch truy nhp, cm a ch truy nhp.

Kim sot ngi s dng v vic truy nhp ca ngi s dng. Kim sot ni dung thng tin lu chuyn trn mng.

28

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hnh 6: Mt s chc nng ca Firewall

Cc thnh phn
Firewall chun bao gm mt hay nhiu cc thnh phn sau y:

B lc gi tin (packet-filtering router) Cng vng (circuite level gateway)

Cng ng dng (application-level gateway hay proxy server)

29

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

B lc gi tin (packet-filtering router)


a. Nguyn l: Khi ni n vic lu thng d liu gia cc mng vi nhau thng qua Firewall th iu c ngha rng Firewall hot ng cht ch vi giao thc TCP/IP. V giao thc ny lm vic theo thut ton chia nh cc d liu nhn c t cc ng dng trn mng, hay ni chnh xc hn l cc dch v chy trn cc giao thc (Telnet, SMTP, DNS, SMNP, NFS...) thnh cc gi d liu (data pakets) ri gn cho cc packet ny nhng a ch c th nhn dng, ti lp li ch cn gi n, do cc loi Firewall cng lin quan rt nhiu n cc packet v nhng con s a ch ca chng

Hnh 7: Lc gi tin
30

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

B lc packet cho php hay t chi mi packet m n nhn c. N kim tra ton b on d liu quyt nh xem on d liu c tho mn mt trong s cc lut l ca lc packet hay khng. Cc lut l lc packet ny l da trn cc thng tin u mi packet (packet header), dng cho php truyn cc packet trn mng. l: - a ch IP ni xut pht ( IP Source address) - a ch IP ni nhn (IP Destination address) - Nhng th tc truyn tin (TCP, UDP, ICMP, IP tunnel) - Cng TCP/UDP ni xut pht (TCP/UDP source port) - Cng TCP/UDP ni nhn (TCP/UDP destination port) - Dng thng bo ICMP ( ICMP message type) - Giao din packet n ( incomming interface of packet) - Giao din packet i ( outcomming interface of packet) Nu lut l lc packet c tho mn th packet c chuyn qua Firewall. Nu khng packet s b b i. Nh vy m Firewall c th ngn cn c cc kt ni vo cc my ch hoc mng no c xc nh, hoc kho vic truy cp vo h thng mng ni b t nhng a ch khng cho php. Hn na, vic kim sot cc cng lm cho Firewall c kh nng ch cho php mt s loi kt ni nht nh vo cc loi my ch no , hoc ch c nhng dch v no (Telnet, SMTP, FTP...) c php mi chy c trn h thng mng cc b. b. u im:
-

a s cc h thng Firewall u s dng b lc packet. Mt trong

nhng u im ca phng php dng b lc packet l chi ph thp v c ch lc packet c bao gm trong mi phn mm router.

31

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc
-

ti: Nghin cu v tng la

Ngoi ra, b lc packet l trong sut i vi ngi s dng v cc ng

dng, v vy n khng yu cu s hun luyn c bit no c. c. Hn ch:


-

Vic nh ngha cc ch lc package l mt vic kh phc tp; i

hi ngi qun tr mng cn c hiu bit chi tit v cc dch v Internet, cc dng packet header, v cc gi tr c th c th nhn trn mi trng.
-

Do lm vic da trn header ca cc packet, r rng l b lc packet

khng kim sot c ni dung thng tin ca packet. Cc packet chuyn qua vn c th mang theo nhng hnh ng vi n cp thng tin hay ph hoi ca k xu.

Cng ng dng(application-level gateway hay proxy server)


a. Nguyn l: Mt dng ph bin l Firewall da trn ng dng application-proxy. Loi ny hot ng hi khc vi Firewall da trn b nh tuyn lc gi tin. Application gateway da trn c s phn mm. Khi mt ngi dng khng xc nh kt ni t xa vo mng chy application gateway, gateway s ngn chn kt ni t xa ny. Thay v ni thng, gateway s kim tra cc thnh phn ca kt ni theo nhng quy tc nh trc. Nu tho mn cc quy tc, gateway s to cu ni (bridge) gia trm ngun v trm ch.

32

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hnh 8: Firewall mm Cu ni ng vai tr trung gian gia hai giao thc. V d, trong mt m hnh gateway c trng, gi tin theo giao thc IP khng c chuyn tip ti mng cc b, lc s hnh thnh qu trnh dch m gateway ng vai tr b phin dch.

33

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

b. u im: u im ca Firewall application gateway l khng phi chuyn tip IP. Quan trng hn, cc iu khin thc hin ngay trn kt ni. Sau cng, mi cng c u cung cp nhng tnh nng thun tin cho vic truy nhp mng. Do s lu chuyn ca cc gi tin u c chp nhn, xem xt, dch v chuyn li nnFirewall loi ny b hn ch v tc . Qu trnh chuyn tip IP din ra khi mt server nhn c tn hiu t bn ngoi yu cu chuyn tip thng tin theo nh dng IP vo mng ni b. Vic cho php chuyn tip IP l li khng trnh khi, khi , hacker c th thm nhp vo trm lm vic trn mng ca bn. c. Hn ch: Hn ch khc ca m hnh Firewall ny l mi ng dng bo mt (proxy application) phi c to ra cho tng dch v mng. Nh vy mt ng dng dng cho Telnet, ng dng khc dng cho HTTP, v.v.. Do khng thng qua qu trnh chuyn dch IP nn gi tin IP t a ch khng xc nh s khng th ti my tnh trong mng ca bn, do h thng application gateway c bo mt cao hn.

Cng vng (circuite level gateway)


Cng vng l mt chc nng c bit c th thc hin c bi mt cng ng dng(application gateway). Cng vng n gin ch chuyn tip (relay) cc kt ni TCP m khng thc hin bt k mt hnh ng x l hay lc packet no. VD: Cng vng n gin chuyn tip kt ni telnet qua firewall m khng thc hin mt s kim tra, lc hay iu khin cc th tc Telnet no.Cng vng lm vic nh mt si dy, sao chp cc byte gia kt ni bn
34

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

trong (inside connection) v cc kt ni bn ngoi (outside connection). Tuy nhin, v s kt ni ny xut hin t h thng firewall, nn n che du thng tin v mng ni b. Cng vng thng c s dng cho nhng kt ni ra ngoi, ni m cc qun tr mng tht s tin tng nhng ngi dng bn trong. u im ln nht l mt bastion host c th c cu hnh nh l mt hn hp cung cp Cng ng dng cho nhng kt ni n, v cng vng cho cc kt ni i. iu ny lm cho h thng Firewall d dng s dng cho nhng ngi trong mng ni b mun trc tip truy nhp ti cc dch v Internet, trong khi vn cung cp chc nng Firewall bo v mng ni b t nhng s tn cng bn ngoi.

out out out o u tsid e h o s t

in in in C irc u it-le v e l G a te w ay In sid e h o st

Hnh 9: Cng vng

35

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Cc dng Firewall
Mi dng Firewall khc nhau c nhng thun li v hn ch ring. Dng ph bin nht l Firewall mc mng (Network-level firewall). Loi Firewall ny thng da trn b nh tuyn, v vy cc quy tc quy nh tnh hp php cho vic truy nhp c thit lp ngay trn b nh tuyn. M hnh Firewall ny s dng k thut lc gi tin (packetfiltering technique), l tin trnh kim sot cc gi tin qua b nh tuyn.

Hnh 10: Firewall c cu hnh ti router

36

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Khi hot ng, Firewall s da trn b nh tuyn m kim tra a ch ngun (source address) hay a ch xut pht ca gi tin. Sau khi nhn din xong, mi a ch ngun IP s c kim tra theo cc quy tc do ngi qun tr mng nh trc. Firewall da trn b nh tuyn lm vic rt nhanh do n ch kim tra lt trn cc a ch ngun m khng h c yu cu thc s no i vi b nh tuyn, khng tn thi gian x l nhng a ch sai hay khng hp l. Tuy nhin, bn phi tr gi: ngoi tr nhng iu khin chng truy nhp, cc gi tin mang a ch gi mo vn c th thm nhp mt mc no trn my ch ca bn. Mt s k thut lc gi tin c th c s dng kt hp vi Firewall khc phc nhc im ni trn. a ch IP khng phi l thnh phn duy nht ca gi tin c th mc by b nh tuyn. Ngi qun tr nn p dng ng thi cc quy tc, s dng thng tin nh danh km theo gi tin nh thi gian, giao thc, cng... tng cng iu kin lc. Tuy nhin, s yu km trong k thut lc gi tin ca Firewall da trn b nh tuyn khng ch c vy. Mt s dch v gi th tc t xa (Remote Procedure Call - RPC) rt kh lc mt cch hiu qu do cc server lin kt ph thuc vo cc cng c gn ngu nhin khi khi ng h thng. Dch v gi l nh x cng (portmapper) s nh x cc li gi ti dch v RPC thnh s dch v gn sn, tuy nhin, do khng c s tng ng gia s dch v vi b nh tuyn lc gi tin, nn b nh tuyn khng nhn bit c dch v no dng cng no, v th n khng th ngn chn hon ton cc dch v ny, tr khi b nh tuyn ngn ton b cc gi tin UDP (cc dch v RPC ch yu s dng giao thc UDP hay User Datagram Protocol). Vic ngn chn tt c cc gi tin UDP cng s ngn lun c cc dch v cn thit, v d nh DNS (Domain Name Service dch v t tn vng). V th, dn n tnh trng tin thoi lng nan.
37

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hn ch ca Firewall.

Firewall khng thng minh nh con ngi c th c hiu tng loi

thng tin v phn tch ni dung tt hay xu ca n. Firewall ch c th ngn chn s xm nhp ca nhng ngun thng tin khng mong mun nhng phi xc nh r cc thng s a ch.

Firewall khng th ngn chn mt cuc tn cng nu cuc tn cng ny

khng "i qua" n. Mt cch c th, firewall khng th chng li mt cuc tn cng t mt ng dial-up, hoc s d r thng tin do d liu b sao chp bt hp php ln a mm.

Firewall cng khng th chng li cc cuc tn cng bng d liu

(datadriven attack). Khi c mt s chng trnh c chuyn theo th in t, vt qua firewall vo trong mng c bo v v bt u hot ng y.

Mt v d l cc virus my tnh. Firewall khng th lm nhim v r qut

virus trn cc d liu c chuyn qua n, do tc lm vic, s xut hin lin tc ca cc virus mi v do c rt nhiu cch m ha d liu, thot khi kh nng kim sot ca firewall. Tuy nhin, Firewall vn l gii php hu hiu c p dng rng ri.

Firewall c d ph hay khng?


Cu tr li l khng. L thuyt khng chng minh c c khe h trn Firewall, tuy nhin thc tin th li c. Cc hacker nghin cu nhiu cch ph Firewall. Qu trnh ph Firewall gm hai giai on: u tin phi tm ra dng Firewall m mng s dng cng cc loi dch v hot ng pha sau n; tip theo l pht hin khe h trn Firewall , giai on ny thng kh khn hn. Theo nghin cu ca cc hacker, khe h trn Firewall tn ti l do li nh cu hnh ca ngi qun tr h thng, sai st ny cng khng him khi xy ra.
38

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Ngi qun tr phi chc chn s khng c bt trc cho d s dng h iu hnh (HH) mng no, y l c mt vn nan gii. Trong cc mng UNIX, iu ny mt phn l do HH UNIX qu phc tp, c ti hng trm ng dng, giao thc v lnh ring. Sai st trong xy dng Firewall c th do ngi qun tr mng khng nm vng v TCP/IP. Mt trong nhng vic phi lm ca cc hacker l tch cc thnh phn thc ra khi cc thnh phn gi mo. Nhiu Firewall s dng trm hy sinh (sacrificial hosts) - l h thng c thit k nh cc server Web (c th sn sng b i) hay by (decoys), dng bt cc hnh vi thm nhp ca hacker. By c th cn dng ti nhng thit b ngy trang phc tp nhm che du tnh cht tht ca n, v d: a ra cu tr li tng t h thng tp tin hay cc ng dng thc. V vy, cng vic u tin ca hacker l phi xc nh y l cc i tng tn ti tht.

39

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hnh 11: Tn cng h thng t bn ngoi. c c thng tin v h thng, hacker cn dng ti thit b c kh nng phc v mail v cc dch v khc. Hacker s tm cch nhn c mt thng ip n t bn trong h thng, khi , ng i c kim tra v c th tm ra nhng manh mi v cu trc h thng. Ngoi ra, khng Firewall no c th ngn cn vic ph hoi t bn trong. Nu hacker tn ti ngay trong ni b t chc, chng bao lu mng ca bn s b
40

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

hack. Thc t xy ra vi mt cng ty du la ln: mt tay hacker tr trn vo i ng nhn vin v thu thp nhng thng tin quan trng khng ch v mng m cn v cc trm Firewall.

Mt s m hnh Firewall Packet-Filtering Router (B trung chuyn c lc gi)


H thng Internet firewall ph bin nht ch bao gm mt packetfiltering router t gia mng ni b v Internet. Mt packet-filtering router c hai chc nng: chuyn tip truyn thng gia hai mng v s dng cc quy lut v lc gi cho php hay t chi truyn thng. Cn bn, cc quy lut lc c nh ngha sao cho cc host trn mng ni b c quyn truy nhp trc tip ti Internet, trong khi cc host trn Internet ch c mt s gii hn cc truy nhp vo cc my tnh trn mng ni b. T tng ca m cu trc firewall ny l tt c nhng g khng c ch ra r rng l cho php th c ngha l b t chi. a. u im: - Gi thnh thp, cu hnh n gin - Trong sut(transparent) i vi user. b. Hn ch:
-

C rt nhiu hn ch i vi mt packet-filtering router, nh l d b

tn cng vo cc b lc m cu hnh c t khng hon ho, hoc l b tn cng ngm di nhng dch v c php.
-

Bi v cc packet c trao i trc tip gia hai mng thng qua


41

router, nguy c b tn cng quyt nh bi s lng cc host v dch v c


Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

php. iu dn n mi mt host c php truy nhp trc tip vo Internet cn phi c cung cp mt h thng xc thc phc tp, v thng xuyn kim tra bi ngi qun tr mng xem c du hiu ca s tn cng no khng.
-

Nu mt packet-filtering router do mt s c no ngng hot ng,

tt c h thng trn mng ni b c th b tn cng.

42

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Bn ngoi

Packet filtering router

Bn trong Mng ni b

The Internet

Hnh 12: Packet-Filtering Router


43

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

M hnh Screened Host Firewall


H thng ny bao gm mt packet-filtering router v mt bastion host. H thng ny cung cp bo mt cao hn h thng trn, v n thc hin c bo mt tng network (packet-filtering) v tng ng dng (application level). ng thi, k tn cng phi ph v c hai tng bo mt tn cng vo mng ni b.
Bn trong

Bn ngoi

Packet filtering router

Bastion host my ni b

The Internet

Information server

Hnh 13: M hnh Screened Host Firewall( single-Homed Bastion Host)


44

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Trong h thng ny, bastion host c cu hnh trong mng ni b. Qui lut filtering trn packet-filtering router c nh ngha sao cho tt c cc h thng bn ngoi ch c th truy nhp bastion host; Vic truyn thng ti tt c cc h thng bn trong u b kho. Bi v cc h thng ni b v bastion host trn cng mt mng, chnh sch bo mt ca mt t chc s quyt nh xem cc h thng ni b c php truy nhp trc tip vo bastion Internet hay l chng phi s dng dch v proxy trn bastion host. Vic bt buc nhng user ni b c thc hin bng cch t cu hnh blc ca router sao cho ch chp nhn nhng truyn thng ni b xut pht t bastion host. u im: My ch cung cp cc thng tin cng cng qua dch v Web v FTP c th t trn packet-filtering router v bastion. Trong trng hp yu cu an ton cao nht, bastion host c th chy cc dch v proxy yu cu tt c cc user c trong v ngoi truy cp qua bastion host trc khi ni vi my ch. Trong trng hp khng yu cu an ton cao th cc my ni b c th ni thng vi my ch. Nu cn bo mt cao hn na th c th dng h thng Firewall dual-homed(hai chiu) bastion host (hnh 14). Mt h thng bastion host nh vy c hai giao din mng (network interface), nhng khi kh nng truyn thng trc tip gia hai giao din qua dch v proxy l b cm.

45

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la


Bn trong

Bn ngo i

Packet filtering router

Bastion host m ni b y

The Internet

Information server

Hnh 14: M hnh Screened Host Firewall (Dual-Homed Bastion Host) Bi v bastion host l h thng bn trong duy nht c th truy nhp c t Internet, s tn cng cng ch gii hn n bastion host m thi. Tuy nhin, nu nh user log on c vo bastion host th h c th d dng truy nhp ton b mng ni b. V vy cn phi cm khng cho user logon vo bastion host.

M hnh Demilitarized Zone (DMZ-khu vc phi qun s) hay Screened-subnet Firewall.


H thng bao gm hai packet-filtering router v mt bastion host. H c an ton cao nht v n cung cp c mc bo mt network v application, trong khi nh ngha mt mng "phi qun s". Mng DMZ ng vai tr nh mt mng nh, c lp t gia Internet v mng ni b. C bn, mt DMZ c cu hnh sao cho cc h thng trn Internet v mng ni b ch c th truy nhp c mt s gii hn cc h thng trn mng DMZ, v s truyn trc tip qua mng DMZ l khng th c.
46

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc
Bn tron g

ti: Nghin cu v tng la

DMZ Bnn o g i Packet filtering router Bastion host

The Internet Outside router Inside router

Information server

Hnh 15: M hnh DMZ


47

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Vi nhng thng tin n, router ngoi chng li nhng s tn cng chun (nh gi mo a ch IP), v iu khin truy nhp ti DMZ. H thng ch cho php bn ngoi truy nhp vo bastion host. Router trong cung cp s bo v th hai bng cch iu khin DMZ truy nhp mng ni b ch vi nhng truyn thng bt u t bastion host. Vi nhng thng tin i, router trong iu khin mng ni b truy nhp ti DMZ. N ch cho php cc h thng bn trong truy nhp bastion host v c th c information server. Quy lut filtering trn router ngoi yu cu s dung dich v proxy bng cch ch cho php thng tin ra bt ngun t bastion host. u im: K tn cng cn ph v ba tng bo v: router ngoi, bastion host v router trong. Bi v router ngoi ch qung co DMZ network ti Internet, h thng mng ni b l khng th nhn thy c (invisible). Ch c mt s h thng c chn ra trn DMZ l c bit n bi Internet qua routing table v DNS information exchange (Domain Name Server) Bi v router trong ch qung co DMZ network ti mng ni b, cc h thng trong mng ni b khng th truy nhp trc tip vo Internet. iu nay m bo rng nhng user bn trong bt buc phi truy nhp Internet qua dch v proxy

48

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

B.

BASTION HOST

Bastion Host l mt my tnh c an ton cao, c b tr nh l im giao tip chnh i vi ngi s dng trn mng ni b v mng bn ngoi, do n l ni thng b tn cng nht trong mng ni b.

I. NGUYN L C BN THIT K V XY DNG BASTION HOST


S n gin: Mt bastion host cng n gin th cng d bo v. bt k mt bastion host u c th c li phn mm hay li cu hnh trong n, y l vn cn quan tm trong bo mt. V th mt bastion host t kh nng li th n ch nn cung cp mt tp nh cc dch v vi c quyn ti thiu m vn cn y vai tr ca n. D phng cho phng n khi bastion host b tn thng m khng nh hng n mng ni b. Nn on trc nhng g xu nht c th xy ra c k hoch cho n, lun dt cu hi iu g s xy ra nu baston host b tn thng. Chng ta nhn mnh iu ny v my bastion host d b tn cng nht, do mng bn ngoi truy cp n n v n cn chng li s tn cng t mng bn ngoi vo h thng mng ni b.

49

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

II. CC LOI BASTION HOST C BIT


C nhiu loi bastion host, c loi c xy dng trong Screened host hoc host cung cp dch v trn mt Screened network. Thng c cu hnh tng t nhau nhng c mt vi yu cu c bit.

Dual-homed host khng c chc nng nh tuyn


Bn thn n c th l firewall, hoc mt phn ca firewall phc tp. N c cu hnh nh cc bastion host khc nhng phi rt cn thn.

Victim machines(my dng th nghim)


Victim machine hu dng chy cc dch v kh cung cp an ton vi proxy, packet filtering hoc c dch v mi m chng ta cha bit chnh sch bo mt thch hp. N ch cung cp nhu cu ti thiu cn thit cho dch v, trnh cc tng tc khng cn thit. N c cu hnh nh cc bastion host khc, ngoi tr chng lun cho ngi s dng login vo.

Internal bastion host


L host trn mng ni b c ci t nh mt bastion host v tng tc vi bastion host chnh. N khng ging nh cc bastion host khc trong mng n b, vai tr ca n l mt bastion host ph, cc bastion host trong mng n b tng tc vi bastion host ph.

50

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

External bastion host.


L mt bastion host ch cung cp cc dch v trn Internet, n l ni d b tn cng, nn cc my ny cn tng cng bo mt. N ch cn gii hn vic truy cp n mng bn trong, chng thng ch cung cp mt t dch v vi mt s nh ngha tt v bo mt v khng cn h tr cc ngi s dng bn trong.

III. CHN MY
Bc u tin xy dng bastion host l quyt nh s dng loi my g? H iu hnh g? Bastion host cn nhanh nh th no? Phn cng no c h tr.

H iu hnh
Nn chn h iu hnh UNIX/LINUX/WINDOWS NT/ WINDOWS 2K ty theo kh nng lm ch h iu hnh no, sao cho ci t c proxy server, b lc packet, server phc v cho SMTP v DNS.

Chn my tnh nhanh nh th no


Thng th bastion host khng cn my tnh mnh bi s gii hn tc kt ni ra Internet v khng x l nhiu, tr khi mng ni b cung cp dch v trn Internet v mng ni b c nhiu ngi bit n trn phm vi rng ln. Nu mng ni b cung cp dch v web th cn bastion host c kh nng chu ti cao. Mt vi l do m bastion host khng cn my tnh qu mnh:

Mt my chm khng l s tng uy tn ca k tn cng.


51

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

chm.

Nu bastion host b tn thng, n t hu dng cho vic tn cng vo

mng ni b hoc d mt khu. Mt bastion host chm s t hp dn cho nhng ngi trong mng ni

b lm tn thng. My tnh tc nhanh lm tng thi hian ch nn kt ni

Chn phn cng


Chn phn cng c tc x l khng cn mnh, nhng b nh phi nhiu v dung lng a ln c th lu tr thng tin yu cu cung cp cho nhng yu cu ging yu cu c hoc ghi li du vt ca cc kt ni.

IV. CHN V TR HOST

VT L T BASTION

Cn t bastion host mt v tr vt l an ton, nhng ngi khng c trch nhim s khng c n . Ngoi ra cn ch n nhit , ngun in thch hp.

V. V TR BASTION HOST TRN MNG


Ty theo nhu cu c th t trn mng ni b, nhng nn t trn mng ngoi vi.

52

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

VI. CHN DCH V MNG M BASTTION HOST CUNG CP


C th chia cc dch v thnh 4 lp: Cc dch v an ton c th c cung cp qua packet filtering. Cc dch v khng an ton khi c cung cp bnh thng nhng c kh nng t c an ton iu kin khc. Cc dch v khng an ton khi c cung cp bnh thng v khng th t c an ton, dch v ny phi c v hiu ha v cung cp trn my th nghim. Cc dch v khng n, hoc khng dng trong vic kt ni vi Internet. Cc dch v thng c cung cp trn bastion host: SMTP (th in t) FTP (truyn d liu) HTTP (web) DNS (chuyn i host thnh a ch IP v ngc li). DNS t khi c dng trc tip. V tng chng ta c th t mi dch v trn mt bastion host, nhng trn thc t th t khi t c iu ny. Do vn ti chnh v qun l s kh hn khi c qu nhiu my. C mt vi nhn xt khi nhm cc dch v vi nhau thnh mt nhm: Cc dch v quan trng: Web server phc v khch hng. Cc dch v theo i tng: ngi s dng bn trong, ngi siwr dng bn ngoi.
53

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Cc dch v an ton: dch v tin cy v dch v khng tin cy trn cc my khc nhau. Cc dch v truy cp c mc khc nhau: thng tin cng cng v thng tin ring t.

VII.L DO KHNG CUNG CP TI KHON TRUY CP TRN BASTION HOST


Khng cung cp ti khon cho ngi s dng truy cp trn Bastion host v cc l do sau: Ti khon ca ngi s dng d b tn thng Gim n nh v tin cy ca Bastion host. S v ca ngi s dng lm ph v tnh bo mt Gia tng kh khn khi d tm s tn cng.

VIII.

XY DNG MT BASTION HOST AN

TON V CHNG LI S TN CNG


Bo m my khng kt ni vi Internet cho n bc cui cng.

Bo v an ton cho my
Ci t mt h iu hnh sch ti thiu theo yu cu Sa cc li ca h iu hnh qua thng tin ca cc nh sn xut h iu hnh. S dng bng lit k cc mc cn kim tra an ton ph hp vi phin bn ca h iu hnh.
54

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Bo v an ton cho cc tp tin nht k h thng (system log): l phng php th hin hot ng ca bastion host, c s kim tra b tn cng. Nn c hai bn sao system log phng trng hp tai ha ln xy ra, hai bn system log ny phi c t v tr khc nhau.

Hy cc dch v khng dng


Hy bt k dch v khng cn thit cung cp cho bastion host. Nu khng bit chc nng ca mt dch v no th nn tt n, nu tt n c vn th ta bit ngay c chc nng ca n.

Tt cc chc nng nh tuyn


Tt tt c cc chng trnh c chc nng nh tuyn. Hy chc nng chuyn tip a ch IP

Cu hnh cho dch v chy tt nht v kt ni bastion host vo mng

Cu hnh h iu hnh ln cui. Loi b cc chng trnh khng cn thit. Dng h thng file ch c. Chy kim tra (dng phn mm) s an ton: bit l hng bo mt,

thit lp mt c s d liu tng hp thng tin ca tt c cc tp tin trong h thng nhn bit c s thay i cc tp tin ny v sau bi nhng ngi thay i tri php.
55

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

C.

CC DCH V INTERNET

Internet cung cp mt h thng cc dch v cho php ngi dng ni vo Internet, truy nhp v s dng cc thng tin trn mng Internet. H thng cc dch v ny , ang c b sung thwo s pht trin khng ngng ca Internet. Cc dch v ny bao gm: World Wide Web (vit tt l WWW hay Web), Email (th in t), FTP (File transfer protocols-dch v chuyn file), Telnet (ng dng cho php truy nhp my tnh xa), Archie (h thng xc nh thng tin cc file v directory), Finger (h thng xc nh cc user trn Internet), Rlogin (remote loginvo mng t xa) v mt s dch v khc.

I.

WORLD WIDE WEB (WWW)

WWW l dch v Internet ra i gn y nht v pht trin nhanh nht hin nay. N cung cp mt giao din rt thn thin i vi ngi s dng, d s dng, v cng n gin v thun li cho vic tm kim thng tin.WWW lin kt thng tin da trn cng ngh hyper-link (siu lin kt), cho php cc trang web lin kt trc tip vi nhau qua a ch ca chng. Thng qua WWW ngi dng c th: Pht hnh tin tc ca mnh v c tin tc t khp ni trn th gii.

Qung co v mnh, v cng ty hay t chc ca mnh cng nh xem cc

loi qung co trn Th gii, t kim vic lm, tuyn m nhn vin, coonng ngh v sn phm mi, tm bn

Trao i thng tn vi bn b, cc t chc x hi, trung tm nghin cu

trng hc Thc hin cc dch v chuyn tin hay mua bn hng ha Truy cp C s d liu ca cc t chc nu nh c php.
56

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

V cn nhiu hot ng khc

II.

ELECTRONIC MAIL ( EMAIL-

TH IN T )
Email l dch v Internet c s dng rng ri nht hin nay. Hu ht cc thng bo dng text (vn bn) n gin, nhng ngi s dng c th gi km cc file dng hnh nh, m thanh. H thng email trn Internet l h thng th in t ln nht trn th gii hin nay, v thng c s dng vi cc h thng chuyn th khc. Kh nng chuyn th in t trn Web c b hn ch hn so vi cc h thng chuyn th trn Internet, bi v Web l mt phng tin trao i cng cng, cn th c tnh cht ring t. V vy, khng phi tt c cc Web brower u cung cp chc nng email. Hai brower ln nht hin nay l Netscape v Internet Explorer u cunng cp chc nng email.

III.

FTP(FILE

TRANSFER

PROTOCOLS)
FTP l mt dch v cho php sao chp file t mt h thng my tnh ny sang h thng my tnh khc. FTP bao gm th tc v chng trnh ng dng, v l mt trong s dch v ra sm nht trn Internet. FTP c th c dng mc h thng (g lnh vo command-line) trong web brower hay trn mt s tin ch khc. FTP v cng hu ch cho ngi dng Internet, bi v khi tm kim trn Internet bn c th thy rt nhiu th vin phn mm hu ch trn cc lnh vc m bn mun sao chp v my s dng.
57

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

IV.

TELNET V RLOGIN

Telnet l mt dch v cho php bn truy nhp vo mt my tnh xa v chy cc ng dng trn my . Telnet rt hu ch khi bn mun chy mt ng dng m khng c hoc khng chy dc trn my tnh ca bn, v d bn mun chy mt ng dng UNIX nhng my ca bn li l PC. Hay my tnh ca bn khng mnh hoc khng c cc file d liu cn thit. Telnet cho bn kh nng lm vic trn mt my tnh xa hng ngn cy s m bn vn c cm gic nh ang ngi trc my . Chc nng ca Rlogin(vo mng t xa) cng tng t nh Telnet.

V.

ARCHIE

Archie l mt loi th vin thng xuyn t ng tm kim cc my tnh trn Internet, to ra mt kho d liu v danh sch cc file c th np xung (down load) t Internet. Do d liu trong cc file ny l lun lun mi nht. Archie do rt tin dng cho ngi dng trong vic tm kim v download cc file. Ngi dng ch cn gi tn file hoc t kha tm kim n Archie, Archie s cho li a ch ca cc file c tn hoc cha nhng t kha .

VI.

FINGER

58

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Finger l mt chng trnh ng dng cho php tm a ch ca cc user khc trn mng Internet. Ti thiu Finger c th cho bn bit ai ang truy nhp mt h thng my tnh no , tn login ca ngi l g. Fnger hay c s dng tm a ch email ca bn b trn Internet. Finger cn c th cung cp cho bn cc thng tin khc, nh l mt ngi no login vo mng bao lu. V th Finger c th c coi l ngi tr gip c lc nhng cng l mi him ha cho an ton mng.

D.
I.

PROXY
PROXY L G???

Theo www.learnthat.com: proxy l mt thit b cho php kt ni vo internet, n ng gia cc workstation trong mt mng v internet, cho php bo mt kt ni, ch cho php mt s cng v protocol no , vd: tcp, http, telnet trn cc cng 80, 23. Khi mt client yu cu mt trang no , yu cu ny s c chuyn n proxy server, proxy server s chuyn tip yu cu ny n site . Khi yu cu c p tr, proxy s tr kt qu ny li cho client tng ng. Proxy server c th c dng ghi nhn vic s dng internet v ngn chn nhng trang b cm Theo www.nyu.edu: proxy server l mt server ng gia mt ng dng ca client, nh web browser, v mt server xa (remote server). Proxy server xem xt cc request xem n c th x l bng cache ca n khng, nu khng th, n s chuyn yu cu ny n remote server.Theo www.webopedia.com: proxy server l mt server ng gia mt ng dng client, nh web browser, v mt server thc. N chn tt c cc yu cu n cc server thc xem xem n c kh nng ng c khng, nu khng th, n s chuyn cc yu cu ny n cc server thc. Theo www.stayinvisible.com: proxy server l mt loi buffer gia my tnh ca bn v cc ti nguyn trn mng internet m bn ang truy cp, d liu bn yu cu s n proxy trc, sau mi c chuyn n my ca bn.

59

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hnh 16: M hnh Proxy

60

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Hnh 17: M hnh 1 proxy n gin

II. TI SAO PROXY RA I


Tng tc kt ni: cc proxy c mt c ch gi l cache, c ch cache cho php proxy lu tr li nhng trang c truy cp nhiu nht, iu ny lm cho vic truy cp ca bn s nhanh hn, v bn c p ng yu cu mt cch ni b m khng phi ly thng tin trc tip t internet. Bo mt: mi truy cp u phi thng qua proxy nn vic bo mt c thc hin trit . Filtering: ngn cn cc truy cp khng c cho php nh cc trang i try, cc trang phn ng

III. TNG KT CHUNG V PROXY.


61

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123

Nghin cu khoa hc

ti: Nghin cu v tng la

Theo cc nh ngha cng nh nhng gi tr m proxy mang li nh cp trn, ta c th thy proxy qu tht rt c li. Tuy nhin, li dng v tng proxy, mt s server trn mng t bin mnh thnh nhng trm chung chuyn, nhng trung gian cho cc kt ni khng c cho php. Chnh iu ny a ra thm mt nh ngha mi, mt ngha mi ginh cho proxy. Rt nhiu a ch trn mng do mt l do no m b cm truy cp i vi ngi dng nh l cc trang web i try, cc trang phn ng, ni dung khng lnh mnh. Tuy nhin, chng li iu ny, nh ni trn, mt s server bin mnh thnh proxy gip cho nhng kt ni cm ny c th thc hin c.

62

Gio vin hng dn: TS. Nguyn Mnh Hng Sinh vin thc hin: Trn Th Hnh_M sinh vin:5417123