CHAPTER 2: Network Security and The Cisco PIX Firewall

Chng 2 AN NINH MNG V THIT B TNG LA PIX CA CISCO Tng quan

Chng ny bao gm cc ch sau: Ni dung An ninh mng Cisco AVVID v s an ton Tng kt

2.1 Ni dung
Sau khi hon thnh chng ny, bn c th thc hin c nhng nhim v sau: a ra l do cho vic cn thit phi m bo an ninh mng nh ngha th no l b kha my tnh v m t 4 mi e da chnh lin kt vi hnh ng nh ngha 4 cch thc c bn ngn chn cc mi e da trong an ninh mng M t 3 phng php chnh ngn chn s tn cng trong cc mng my tnh ngy nay M t mc ch ca Security Whell M t kin trc ca Cisco AVVID M t SAFE framework

2.2 An ninh mng

Phn ny s gii thch an ninh mng l g v ti sao li cn phi m bo an ninh mng.

1 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

An ninh mng l vn cn thit bi v Internet l mt mng ca cc mng c mi lin h vi nhau khng c ranh gii. V l do ny m mng ca cc t chc c th c s dng v cng c th b tn cng t bt k mt my tnh no trn th gii. Khi mt cng ty s dng Internet trong kinh doanh, cc nguy c mi s pht sinh t nhng ngi m khng cn thit phi truy cp n ti nguyn my tnh ca cng ty thng qua mi trng vt l. Trong mt nghin cu gn y ca Computer Security Institute (CIS), 70% cc t chc b mt mt thng tin do vn an ninh mng c l thng v 60% trong s nguyn nhn l do chnh trong cng ty ca h.

2 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

C 4 mi e da chnh i vi an ninh mng Mi e da khng cu trc Mi e da c cu trc Mi e da t bn ngoi Mi e da t bn trong

Mi e da khng c cu trc thng thng l nhng c nhn thiu kinh nghim s dng cc cng c n gin, sn c trn Internet. Mt s ngi thuc dng ny c ng c l mc ch ph hoi, nhng phn ln c ng c l tr ti tr c v rt tm thng. Chng c bit n nh l Script kiddies. Phn ln h khng phi l nhng ngi ti gii hoc l nhng hacker c kinh nghim., nhng h c nhng ng c thc y, m nhng ng c u quan trng. Mi e da c cu trc bao gm cc hacker - nhng ngi c ng c cao hn v c k thut thnh tho hn. Thng thng h hiu bit v thit k h thng mng v nhng ch c th tn cng, v h c th hiu cng nh to ra cc on m thm nhp vo nhng h thng mng ny Mi e da t bn ngoi l nhng c nhn, t chc lm vic bn ngoi cng ty.H khng c quyn truy cp n h thng mng hoc h thng my tnh ca

3 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

cng ty. H lm vic theo cch thc ca h vo trong mng chnh t mng Internet hoc mng quay s truy cp vo servers Mi e da t bn trong xy ra khi mt s ngi c quyn truy cp n h thng mng thng qua mt ti khon trn mt server hoc truy cp trc tip thng qua mi trng vt l. Thng thng nhng ngi ny ang c bt bnh vi nhng thnh vin hin ti hoc trc hoc bt bnh vi gim c cng ty.

C 3 cch thc tn cng mng: Tn cng theo kiu thm d: Mt k xm nhp c gng khai ph v xy dng s h thng, cc dch v v cc im c th tn cng. Tn cng theo kiu truy cp: Mt k xm nhp tn cng mng hoc h thng ly d liu, ginh quyn truy cp hoc c gng tin ti ch truy cp c quyn Tn cng kiu DoS: Mt k xm nhp tn cng mng, ph hy hoc lm hng h thng my tnh, hoc khng cho php bn v nhng ngi khc truy cp vo h thng mng ca bn v cc dch v khc

2.2.1 Tn cng theo kiu thm d

4 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Thm d l mt hnh thc tnh ton, khm ph bt hp php h thng, cc dch v hoc nhng im d b tn cng nht. N cn c bit n nh l vic thu thp thng tin. Trong hu ht cc trng hp n xy ra trc so vi cc hnh ng truy xut hp php khc hoc l tn cng theo kiu DoS. K thm nhp u tin s qut mng ch xc nh cc a ch IP cn hot ng. Sau khi hon thnh vic ny, tin tc s quyt nh cc dch v hoc cc cng c kch hot trn cc a ch IP ny. T nhng thng tin ny, tin tc tnh ton quyt nh ng kiu ca ng dng v phin bn cng nh l kiu v phin bn ca h iu hnh ang chy trn host ch. Thm d cng tng t nh mt k trm c phm vi hot ng ra ngoi mt lng ging i vi nhng ngi nh c kh nng b tn cng m chng c th xm nhp vo bn trong. Ging nh mt bit th b hoang, mt cnh ca chnh d dng m hoc mt ca s. Trong nhiu trng hp k chm k trm i xa trc khi ting ng cnh ca pht ra. Nhng khm ph nhng dch v c th tn cng c h c th phi mo him vo khong thi gian sau khi m lc c th c ai pht hin.

2.2.2. Tn cng theo kiu truy cp

Truy cp l mt hnh thc vt qua gii hn x l d liu tri php, truy cp h thng hoc tin vo ch c quyn. Truy tm d liu tri php thng thng l vic c, ghi, sao chp hoc g b cc files m n khng th c s dng bi nhng k thm nhp. i khi n cng tht n gin cng ging nh vic tm kim cc th mc chia s trong Window 9x hoc NT hoc cc th mc c xut dng NFS trong h thng UNIX vi vic c hoc c v ghi d liu c thc hin bi bt c ai. K thm nhp s khng gp bt c vn g i vi cc file d liu v thm ch l khng bao gi, d dng truy xut cc thng tin mang tnh ring t cao v hon ton khng b bo v bi nhng cp mt soi mi, c bit k tn cng l ngi s dng ni b

5 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Truy cp h thng l kh nng ca k thm nhp dnh quyn truy cp vo mt my m n khng c php truy cp (v d nh k thm nhp khng c ti khon hoc mt khu). Nhp hoc truy cp vo h thng m n khng c quyn truy cp thng thng bao gm vic chy cc hack, cc on kch bn hoc cc cng c khai thc cc l hng ca h thng hoc cc ng dng Mt dng khc ca tn cng theo kiu truy cp l tin ti ch c quyn. Vic ny c thc hin bi nhng ngi s dng hp php vi quyn truy cp thp hoc i vi nhng k thm nhp c quyn truy cp thp. Mc ch l thu thp thng tin hoc thc thi cc th tc m n khng c php cp truy cp hin ti. Trong nhiu trng hp iu ny bao gm vic dnh quyn truy cp gc trong h thng UNIX ci t sniffer ghi li tt c nhng lu lng mng c truyn qua, nh l username v password c th c s dng truy cp n cc ch khc. Trong mt vi trng hp k thm nhp ch mun dnh quyn truy cp m khng mun ly cp thng tin c bit khi ng c l s tranh ti v tr tu, t m hoc l do khng bit g.

2.2.3. Tn cng theo kiu DoS

DoS l khi mt k tn cng v hiu ha hoc lm hng mng, h thng hoc cc dch v vi mc ch ngn cn cc dch v dnh cho ngi s dng. N thng bao gm vic ph hy h thng hoc lm h thng chm xung v khng th s dng. Nhng Dos cng c th d dng xa sch hoc lm hng cc thng tin cn thit cho kinh doanh. Trong hu ht cc trng hp thc thi vic tn cng ch n gin l bao gm chy hack, cc kch bn hoc cc cng c. K tn cng khng cn phi truy cp n ch trc bi v tt c nhng vic thng i hi mt phng php t c. V nhng l do ny v bi v kh nng ph hoi ln nn Dos c bit lm lo s i vi ngi iu hnh cc web site thng mi.

6 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

An ninh mng cn phi l mt tin trnh lin tc c xy dng da trn cc chnh sch an ninh. Mt chnh sch an ninh lin tc mang li hiu qu ln nht bi v n xc tin qu trnh ti p dng v ti kim tra cc cp nht bo mt da trn c s lin tc. Tin trnh an ninh lin tc ny tiu biu cho Security Wheel. bt u tin trnh lin tc ny bn cn phi to mt chnh sch an ninh m n cho php bo mt cc ng dng. Mt chnh sch an ninh cn phi thc hin nhng nhim v sau: Nhn dng mc ch bo mt ca t chc Ti liu v ti nguyn cn bo v. Nhn dng c s h tng mng vi s hin ti v mt bn tm tt. to hoc thc thi mt chnh sch an ninh c hiu qu, bn cn phi xc nh ci m bn mun bo v v bo v n nh th no. Bn cn phi c hiu bit v cc im yu h thng mng v cch m ngi ta c th khai thc n. Bn cng cn phi hiu v cc chc nng thng thng ca h thng v th m bn phi bit l bn cn ci g v n cng ging vi cch m cc thit b thng thng c s dng. Cui cng l cn nhc n an ninh v mt vt l ca h thng mng v cch bo v n. Vic truy xut v mt vt l n mt my tnh, router, hoc tng la c th mang li cho ngi s dng kh nng tng iu khin trn ton b thit b. Sau chnh sch an ninh c pht trin th n phi ph hp vi bnh xe an ninh pha trn - bn bc k tip ca Security Wheel cn da vo:
7 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Bc 1: Bo mt h thng: bc ny bao gm vic cung cp cc thit b bo mt nh tng la, h thng chng thc, m ha,vi mc ch l ngn chn s truy cp tri php n h thng mng. y chnh l im m cc thit b tng la bo mt ca Cisco c hiu qu nht. Bc 2: kim tra h thng mng v cc vi phm v s tn cng chng li chnh sch bo mt ca cng ty. Cc vi phm c th xy ra t bn trong vnh ai an ninh ca mng do s phn n ca nhng ngi lao ng hoc l t bn ngoi do cc hacker. Vic kim tra mng vi h thng pht hin s xm nhp thi gian thc nh l Cisco Secure Intruction Detection System ( h thng pht hin s thm nhp bo mt ca Cisco) c th m bo cc thit b bo mt trong bc 1 c cu hnh ng. Bc 3: Th nghim kim tra hiu qu ca h thng bo mt. S dng thit b qut bo mt ca Cisco ( Cisco Secure Scanner) nhn dng tnh trng an ton ca mng. Bc 4: Hon thin an ninh ca cng ty. Su tm v phn tch cc thng tin t cc pha kim tra, th nghim hon thin hn C bn bc Bo mt, kim tra, th nghim v hon thin cn c lp i lp li lin tc v cn phi kt hp cht ch vi cc phin bn cp nht chnh sch an ninh ca cng ty

8 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Bo mt mng bng cch p dng cc chnh sch an ninh v thc thi cc chnh sch an ninh di y: Chng thc: ch em li quyn truy cp ca ngi s dng M ha: n cc lung ni dung nhm ngn cn s pht hin khng mong mun i vi cc c nhn c m mu ph hoi hoc c nhn tri php Tng la: Lc cc lu lng mng ch cho php cc lu lng v dch v hp php truyn qua V li: p dng vic sa cha hoc x l dng qu trnh khai thc cc l hng c pht hin. Cng vic ny bao gm vic tt cc dch v khng cn thit trn mi h thng, ch cho vi dch v c php chy, gy kh khn cho vic truy cp ca hacker.

Ch : Nh rng cn phi thc thi cc gii php an ninh mt vt l ngn cn vic truy cp tri php mt vt l n h thng mng

9 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Vim kim tra h thng mng i vi s xm nhp tri php v cc cuc tn cng chng li chnh sch an ninh ca cng ty. Cc cuc tn cng ny c th xy ra trong vnh ai an ninh ca h thng mng t nhng ngi lao ng c m mu hoc t bn ngoi h thng mng. Vic kim tra h thng mng cng cn thc hin vi cc thit b pht hin s xm nhp thi gian thc nh l Cisco Secure Intrusion Detection System (CSIDS). Nhng thit b ny tr gip bn trong vic pht hin ra cc phn tri php v n cng c vai tr nh l mt h thng kim tra cn bng (check balance system) m bo rng cc thit b trong bc 1 ca Security Wheel c cu hnh v lm vic ng n.

10 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Vic nh gi l cn thit. Bn c th c mt h thng an ninh mng tinh vi nht, nhng nu n khng lm vic th h thng mng ca bn c th b tn cng. iu ny gii thch ti sao bn cn phi kim tra, chy th cc thit b trong bc 1 v bc 2 m bo chng thc hin ng chc nng. Cisco Secure Scanner (thit b qut bo mt ca Cisco) c thit k nh gi bo mt ca h thng mng

Pha hon thin ca Security Wheel bao gm vic phn tch d liu c tng hp t hai pha kim tra v chy th nghim. K thut pht trin v hon thin n phc v cho chnh sch an ninh ca bn v n bo mt cho pha trong bc 1. Nu bn mun duy tr h thng mng c bo mt th cn phi lp li chu trnh ca Security
11 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Wheel bi v l hng v nguy c b xm phm ca h thng mng lun c to ra hng ngy.

Cisco AVVID c th c xem nh l mt khung m t mt mng ti u h tr gii php giao dch Internet v l bn ch dn cho vic b sung mng. Phn ny s tho lun v cc lp khc nhau ca khung Cisco AVVID. Di y l cc phn khc nhau ca kin trc Cisco AVVID: Clients (khch) S a dng ca cc thit b c th c s dng truy cp n gii php giao dch Internet thng qua mng l rng ln. Nhng thit b ny c th bao gm phones, PCs, PDAsMt im khc nhau chnh t kin trc truyn thng l gii php Standards-base (chun c s) c th m rng s ang dng ca cc thit b c kt ni. Thm ch i vi c cc thit b cha c s dng rng ri. Khng ging nh cc gii php video v in thoi truyn thng, cc thit b truy cp ring l khng cn thit. Thay vo cc chc nng c thm vo thng qua cc dch v mng thng minh c cung cp trong c s h tng hin ti. Network Platforms (cc nn tng ca mng) C s h tng ca mng cung cp cc kt ni vt l, logic cho cc thit b, gn kt chng vo trong h thng mng. Cc nn tng ca mng l LAN switches, routers, gateways v
12 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

cc thit b khc m n kt ni ngi s dng vi cc server. Cc nn tng mng ca Cisco c cnh tranh nhau v c tnh, hiu qu v gi thnh nhng s cnh tranh chnh l s tch hp v s tng tc vi cc yu t khc ca khung Cisco AVVID. Lp ny ca Cisco AVVID lm c s cho tt c cc ng dng m s c tch hp gii quyt vn giao dch. Intelligent Network Services ( Cc dch v mng thng minh) cc dch v mng thng minh c cung cp thng qua cc phn mm hot ng trn nn tng mng, l mt li ch to ln ca kin trc end-to-end cho vic trin khai gii php giao dch Internet. T cht lng ca dch v (QoS) n bo mt, tnh ton, v qun l, cc dch v mng thng minh phn nh chnh sch v quy tc giao dch ca doanh nghip. Vic thit lp nht qun cc dch v end-to-end thng qua mng l mt vn quan trng bi v c s h tng mng c s dng lm c s cho cc tin ch mng. Cc dch v nht qun ny c th l cc ng dng giao dch Internet mi v cc sng kin giao dch pht trin nhanh chng m khng cn phi xy dng li h thng mng. Ngc li vic xy dng mng da trn chin lc best-of-breed c th mang li nhiu hy vng hiu qu hn i vi mt thit b no nhng n khng th hy vng g vic phn phi c tnh end-to-end trong mt mi trng a nh cung cp. Cisco AVVID cung cp chun quy nh vic chuyn i v kt hp ca cc nh tch hp giao dch Internet. Nhng vic thm vo cc dch v mng thng minh c a ra bi gii php AVVID Cisco end-to-end n vt ra ngoi nhng g c th t c mt cch tt nht trong mi trng breed Internet middleware layer (lp phn mm chuyn dng Internet) trong phn k tip bao gm cc dch v iu khin v cc dch v truyn thng, l phn chnh ca bt k mt kin trc mng no, cung cp cc phn mm v cc cng c ph tan s rc di pht sinh t nhng cng ngh mi. S kt hp cc lp ny cung cp cho cc cng c cho ngi tch hp v nhng khch hng thit k c s h thng mng v ty chnh cc dch v mng thng minh nhm p ng nhu cu ca ng dng. Cc lp qun l truy
13 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

cp, thit lp cuc gi, vnh ai an ninh, u tin v bng thng, c quyn ngi s dng. Phn mm, chng hn nh phn phi danh b khch hng, cc gii php thng ip, a phng tin v phi hp cung cp cc kh nng v thit lp giao tip m n cho php phi hp gia ngi s dng v a dng ca cc nn ng dng. Trong chin lc best-of-breed bt k kh nng no cng cn phi c cu hnh v qun l ring bit. Trong truyn thng th cc i l iu khin cc lp ny, gii hn s i mi. Vic trin khai nhanh chng cc gii php giao dch Internet phi da trn s nht qun ca dch v iu khin v kh nng giao tip ca cc dch v trn ton b mng. Cc kh nng ny thng c phn pht bi cc server ca Cisco trn ton b mng. Cc lp dch v iu khin v dch v truyn thng l keo dnh gn kt cc lp cng ngh mng ca khung Cisco AVVID vi gii php giao dch Internet, trong hiu lc iu chnh c s h tng mng v cc dch v mng thng minh p ng nhu cu ca gii php giao dch Internet. i li cc gii php giao dch Internet cn iu chnh ph hp t c hiu qu cao nht v sn c trn c s h tng mng do khai thc cc dch v end-to-end sn c thng qua khung Cisco AVVID Nhng ngi tch hp giao dch Internet (Internet business integrators). Nh l mt phn ca h sinh thi m. N bt buc kch hot cc i tc ca Cisco AVVID. Cisco nhn cc yu cu quan trng i ng vi ngi tch hp, i tc chin lc v khch hng cung cp cc dch v kinh doanh hon tt. Cisco AVVID cung cp hng dn cho nhng tng tc ny bng cch m t mt thit lp nht qun cc dch v v kh nng m hnh thnh c s cho bt k kiu no ca cc mi quan h i tc.

Gii php giao dch Internet (Internet business solutions) Doanh nghip,
khch hng ang trin khai cc gii php kinh doanh Internet li cc t chc k s ca h. Lin kt cc ng dng vi gii php giao dch Internet khng phi l gii php c cung cp bi Cisco, nhng n cho php, tng cng,v phn phi thng qua Ciso AVVID. Kh nng cho cc cng ty chuyn i cc m hnh kinh doanh truyn thng ca h n cc m hnh
14 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

kinh doanh Internet v trin khai cc gii php kinh doanh Internet l cha kha sng cn ca h. Cisco AVVID l kin trc m e-Internet xy dng cc gii php giao dch Internet d dng c trin khai v qun l. Cui cng, thm cc gii php giao dch Internet c thc hin, cc cng ty s lm vic hiu qu hn v tng nng sut, gi tr.

Internet ang to ra c hi kinh doanh to ln cho Cisco v khch hng ca Cisco. Gii php kinh doanh thng qua Internet nh l thng mi in t, e-learning v chm sc khch hng em li hiu qu sn xut tng t ngt Cisco AVVID l mt kin trc doanh nghip, n cung cp c s h tng mng thng minh cho cc gii php kinh doanh thng qua mng Internet ngy nay. Cisoc AVVID cung cp s ch dn cho vic kt hp cc giao dch ca khc hng v cc chin lc cng ngh thnh mt khi kt dnh.

15 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Vi Cisco AVVID cc khch hng c mt s ch dn ton din cho php cc gii php kinh doanh thng qua Internet v to ra cc li th v cnh tranh. C 4 thun li ca Cisco AVVID: Intergration:(s tch hp) T tc dng ca kin trc Cisco AVVID v ng dng hiu bit v mng sn c trong IP, cc cng ty c th pht trin mt cch ton din cc cng c hon thin kh nng kinh doanh ca mnh Intelligence (s hiu bit) u tin cc lu lng truy cp v cc dch v mng thng minh lm tng ti a hiu qu ca mng cho vic thc thi cc ng dng c ti u. Invovation (S di mi) Cc khch hng c kh nng thch nghi mt cch nhanh chng trong mt mi trng kinh doanh c nhiu bin i Interoperability (thao tc gia cc phn) Cc chun da trn h giao tip lp trnh ng dng (APIs) cho php s tch hp m vi 3 phn l nh pht trin, nh cung cp v khch hng vi quyn c la chn v tnh mm do. Kt hp c s h tng mng v cc dch v vi cc ng dng mi trn th gii, Cisco AVVID tng cng s tch hp ca cc chin lc cng ngh vi tm nhn kinh doanh.

16 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

SAFE da trn Cisco AVVID, n c tnh mm do, nng ng m bo cho vic thit k mng. SAFE cho php m bo v thnh cng cho cc doanh nghip to thun li cho vic giao dch in t v cnh tranh trong nn kinh t Internet. L mt ngi i u trong cc hot ng mng, Cisco c mt v tr l tng gip cc cng ty trong vn an ninh mng ca h. SAFE blueprint cng vi best-ofbreed b sung cc sn phm, cc i tc v cc dch v m bo cc doanh nghip c th pht trin mt cch mnh m, m bo vn an ninh mng trong cc mng thi i

17 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

C mt s li ch to ln trong vic thc thi SAFE blueprint i vi vn an ninh ca giao dch in t: Cung cp c s tin ti vn m bo, gi c hp l, s hi t cc mng. Cho php cc cng ty thu li nhun, trin khai modular, cn bng c cu an ninh trong tng giai on Phn phi, tch hp s bo v mng thng qua cc sn phm v dch v cp cao

18 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

SAFE Blueprint cung cp mt k hoch an ninh mnh m c xy dng trn Cisco AVVID. Lp SAFE c st nhp thng qua kin trc Cisco AVVID Infrastructure layers (lp c s h tng) S thng minh, cn bng cc dch v an ninh trn nn ca Cisco nh l routers, switches, h thng pht hin s xm nhp v cc thit b khc. Appliances layer (lp cc thit b) S tch hp cc chc nng chnh trong cc thit b cm tay di ng v cc my khch remote PC Service control layer (lp iu khin dch v) Cc giao thc an ninh quan trng v cc APIs cho php cc gii php an ninh lm vic gn b vi nhau. Application layer (lp ng dng) yu t an ninh ca host v cc ng dng c bn m bo tnh ton vn ca cc ng dng giao dch in t quan trng thun tin cho vic trin khai mt cch nhanh chng, hp nht cc chnh sch an ninh trn ton b doanh nghip, SAFE bao gm cc modun m a ch ca n yu cu phi ring bit trn mi vng mng. Thng qua SAFE blueprint, ngi qun l vn an ninh khng cn phi thit k li ton b kin trc an ninh vo mi khi c mt dch v mi c thm vo mng. Vi mt modun mu, n s n gin hn v li nhun hn m bo mi mt dch v mi khi n cn thm vo v tch hp n vi ton b kin trc an ninh.
19 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Mt nt c trng duy nht ca SAFE blueprint l n l mt k hoch cng nghip u tin c c mt cch ng n. Cc gii php an ninh mng s bao gm n trong cc phn ca mng, v n gii thch ti sao chng s c trin khai. Mi mt modun trong SAFE blueprint c thit k ring cung cp hiu qu ti a cho cc giao dch in t, trong khi ti thi im n cho php cc doanh nghip duy tr tnh an ninh v tnh ton vn

Cisco m ra cc kin trc AVVID v SAFE blueprint cho cc nh cung cp th 3 to ra mt h cc gii php an ninh thc y s pht trin cc sn phm v cc ng dng a dch v best-in-class.Kin trc Cisco AVVID v SAFE blueprint cung cp thao tc vi phn cng v phn mm ca hng th 3 s dng giao din truyn thng chun, APIs v cc giao thc. H ny c a ra thng qua chng trnh kt hp gia Security v Virtual Provate Network (VPN). Mt chng trnh cc gii php thao tc, cung cp cho khch hng ca Cisco cng vi vic kim tra v chng nhn, b sung cc sn phm cho an ninh giao dch ca h. H ny cho php cc

20 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

doanh nghip thit k v pht trin an ninh mng tt nht cho cc giao dch v s nhanh nhy ti a

Security v VPN Solutions Set trong Cisco AVVID Partner Program l mt chng trnh cc gii php hot ng gia cc thnh phn c pht trin phn pht mt cch ton din vn bo mt v cc gii php VPN cho mng ca Cisco n cc khch hng ca Cisco. Chng trnh ny l mt phn chnh ca chin lc SAFE trong n cung cp mt h thng phong ph a dng cc sn phm, i tc v cc dch v m n cho php cc cng ty m bo an ton, tin cy v t li nhun, mang li thun li ca nn kinh t Internet. Chng trnh ny cung cp s m bo m cc gii php an ninh to nn cc sn phm Partner c kim tra v chng nhn l c th hot ng phi hp vi cc sn phm an ninh ca Cisco v n thm cc gi tr nht nh n mng li ca Cisco. Mc ch l cho php cc khch hng ca Cisco s an ton, to thun li m rng th trng giao dch in t.

21 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

An ninh v cc gii php VPN c to ra thng qua chng trnh phi hp hot ng gia cc thnh phn c hi t trn cc ng dng giao dch quan trng nh l thng mi in t, bo mt truy cp t xa, intranets, extranets, h tr tch hp v qun l. Cc gii php hin ti c mc tiu nhm n nhng khch hng ang tip tc yu cu v pht trin trong mng li ca h: Indentity solutions (gii php nhn dng) bao gm s chng thc, cp php v cc gii php Public Key Infrastructure (PKI) nh l card thng minh, th cng v th mm, cc server chng thc v cc server Certificate Authority (CA) Application security solutions (cc gii php an ninh ng dng) bao gm cc sn phm nh l cc ng dng bo v server v host Perimeter security solutions (cc gii php an ninh vnh ai) bao gm cc sn phm nh l cc ng dng lc URL, email, v cc ng dng qut virus Security management and monitoring solutions (Qun l bo mt v cc gii php kim tra) bao gm cc sn phm m n h tr bn bo co Syslog, phn tch cc s kin, bo co v qun tr bo mt t xa. Secure connectivity solutions (cc gii php kt ni an ton) bao gm cc sn phm nh l phn mm my khch VPN v sn phm VPN khng dy.

22 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Cc dch v an ninh c a ra thng qua AVVID Partner Program, c hi t trn cc vng ring bit ca cc dch v an ninh sn c. Cc loi dch v hin ti c mc ch nhm n cc khch hng tip tc yu cu v pht trin trong t chc ca h: Application and code view (ng dng v xem li m) kho st v phn tch cu trc an ninh v cc l hng ca phn cng v phn mm h thng Outsourced monitoring and management (kim tra v qun l bn ngoi ngun) cung cp mt cch thc qun l th 3, kim tra c s h tng an ninh vi thng bo tc th hoc l c hai. Policy and procedures (chnh sch v cc th tc) cung cp s tr gip vi vic xem xt v xy dng mt cch mnh m v hiu qu chnh sch an ninh. Incident response (phn hi tc th) phn hi lm gim s tn cng trn h thng.

23 Trn Gio: Lp K3D_Khoa CNTT_HTN

CHAPTER 2: Network Security and The Cisco PIX Firewall

Business impact and risk asessment (tc ng ca kinh doanh v nh gi ri do) Lin quan n trng thi an ninh ca mng, nh hng ln tin trnh kinh doanh Vulnerability assessment (nh gi tnh trng l hng) Cung cp ch kim sot tin phong dn xp da vo kin thc c bn v cc vn ca s tn cng Design and implementation (thit k v b sung) Cung cp s nh gi v kin trc, thit k v b sung cc sn phm v cng ngh an ninh

24 Trn Gio: Lp K3D_Khoa CNTT_HTN