Está en la página 1de 47

MC LC

LI NI U
Gn ba mi nm qua b giao thc TCP/IP c a vo s dng v pht trin, n bt u t vic nghin cu ca B Quc phng M v th tc truyn dn ca mng my tnh trong hc vin, cc c quan chnh ph, cc doanh nghip, v ca ngi dng M. Mng truyn dn s dng b giao thc TCP/IP trong phm vi t mng ni ht (nh) vn phng trong nh n mt mng rng ln l mng Internet. Vi nm gn y vic s dng giao thc TCP/IP pht trin nhanh, nh n h tr trong nhiu ng dng mi. Ngy nay truyn dn m thanh v hnh nh i hi thi gian thc, cng nh thoi v fax s, c th c truyn qua mng Internet v Intranets. Khi tc s dng giao thc TCP/IP tng th vai tr ca n nh l mt ci my vn chuyn nhng loi d liu khc nhau. Trong thc t giao thc TCP/IP gii thiu nhiu vn mi cho vic qun l mng v ngi qun tr mng xem xt chng qun l mng Internet tt hn. V vy khi vic s dng dch v Internet tng, vic vn chuyn d liu trn mng nhiu i hi phi tng thm cc trm chuyn tip d dng cho vic qun l mng. Trong tiu lun ny chng ti ch tp trung nghin cu 2 vn c bn l: Nghin cu chung v qun l mng TCP/IP An ninh mng TCP/IP (security) Tuy nhin do thi gian v kh nng dch ti liu Ting Anh c hn nn khng khi thiu st. Rt mong s ng gp ca Thy C gio, ca cc c gi v c bit l s ng ca Gio vin hng dn tiu lun mn hc. Chng ti xin chn thnh cm n!

THUT NG VIT TT
SNMP RMON IOS OSI DSUs CSUs MIB HTTP TFTP TCP UDP IANA ICMP OSPF IGRP OSPF SMTP FTP S-HTTP SSL Simple Network Managerment Protocol Remote Moniter International Organization for Standardization Open System Interconnection Digital Service Units Channel Service Units Managing Information Base Trial File Transfer Protocol Trivial File Transfer Program Transmission Control Protocol User Datagram Protocol Internet Assigned Number Authority Internet Control Message Protocol Open shortest Patch First Interior Gateway Routing Protocol Open Shortest Path First Simple Mail Transport Protocol File Transfer Protocol Secure Hypertext Transfer Protocol Secure Sockets Layer 2

NAT PAT

Network Address Translation Port Address Translate

Chng 1

GII THIU CHUNG

1.1 C S QUN L MNG Nh cp trn, hin nay vic s dng b giao thc TCP/IP pht trin ng thi c hai lnh vc dung lng v ng dng truyn ti d liu. Ngy nay nhiu nh kinh doanh ph thuc rt nhiu vo cc trang Web ca h bn hng, nh kinh doanh c th t c doanh thu ln vi triu la trn mt ngy, mt nh kinh doanh dch v khc cung cp cc dch v truyn fax chi ph thp cho hng trm ngn khch hng nhiu ni trn th gii v hng triu doanh nghip v hng chc triu ngi tiu dng, trong lnh truyn th do th in t c nhiu u im nh tc truyn dn nhanh v khng mt tin nn ngi dng s dng th in t nhiu hn l s dng th truyn thng ca dch v bu chnh khi truyn tin nhiu quc gia khc nhau. Tc tng trng trong vic s dng giao thc TCP/IP lm cho c hai, ngi s dng dch v Internet v nh qun l mng ph thuc rt nhiu vo b giao thc TCP/IP thc hin nhng cng vic bnh thng hng ngy ca h. 1.1.1 Chi ph ngt dch v Nh cp trn u im mng Internet mang li cho ngi s dng rt ln, do vy khi mng b li nh dn n mng s b gin on iu ny s mang li hu qu nghim trng cho ngi dng. Ly v d, khi kt ni Internet khng thnh cng i vi cc nh doanh nghip s khng gi v nhn c cc th in t v khng th truy cp mng mua hoc t hng trc tuyn trn mng. Mt mt thng tin iu ny ng ngha vi vic doanh thu ca doanh nghip c th thit hi hng ngn hoc thm ch hng triu trong thi gian mng b gin on. Do vy cc phng php pht hin li v chun on li mt cch nhanh chng ca nhn vin iu hnh mng c th lm gim bt thit hi cho doanh nghip. Trong mi trng truyn thng ngy nay cc lnh vc cn quan tm l kch c v phc tp ca mng, cc chi ph, hiu qu vn hnh v kh nng tm hiu thng tin tn dng u im ca giao thc . 3

1.1.2 Kch c v phc tp ca mng Do nhu cu trao i thng tin ca ngi dng ngy cng tng, p ng nhu cu s dng ca ngi dng i hi kch c ca mng phi ln hay phc tp ca mng cao, ng thi chi ph hot ng ca mng ngy cng ln. iu ny to nn ng lc thc y s pht trin ca mng, tuy nhin mng hot ng tt i hi kh nng mng truyn dn phi tt, ng thi phi c thit b gim st tp trung trn mng. Trm trung tm cung cp cc gii php cng nh k thut nhm thc hin vic thay i cu hnh mng cng nh to ra cc cnh bo khi pht hin li trn mng. Nh c giao thc qun l mng SNMP (Simple Network Managerment Protocol) v giao thc gim st t xa RMON (Remote Moniter) ca b giao thc TCP/IP lm cho vic qun l mng n gin hn v t tn km nhn lc. Tuy nhin hiu qu s dng mng cao i hi nhn vin qun tr mng phi c s hiu bit nht nh v cc khi nim v giao thc truyn thng. 1.1.3 Gim st hiu sut Thng qua vic s dng cc giao thc qun l ca b giao thc TCP/IP c th gim st c hiu sut v nng lc ca mng. Mt vn lin quan l lm th no hiu sut s dng chi ph qun l mng tt nht, hiu sut cao nht khi chi ph cho qun l mng thp nht m vn m bo c vic qun l mng. V vy vic qun l mng tt s mang li nng lc v hiu sut s dng mng cao trong khi chi ph cho mng thp. 1.1.4 i ph vi cc trang thit b tinh xo Vi vic s dng b giao thc TCP/IP mng Internet ngy cng pht trin nhanh chng, cc thit b s dng trn mng c lp t v truy cp cng nhiu. V d c rt nhiu b nh tuyn c kh nng s ha tn hiu thoi. i ph vi cc thit b tinh xo c kh ly trm thng tin trn mng, i hi nhn vin qun tr mng c o to c trnh cao, c coi l mt kha cnh quan trng ca qun l mng. Hin nay c rt nhiu sn phm qun l mng n bn trong cc sn phm truyn thng mng, vi 1 giao din ha ngi dng c kh nng truy cp d dng bng lnh iu khin do nhn vin qun tr vit ra iu khin s hot ng ca thit b. Nh vy, sn phm qun l mng hin i gip chng ta i ph vi cc thit b tinh xo. S tin cy ca mng Hiu ng li mng Kch c v phc tp ca mng i ph vi s tinh vi ca thit b mng Cn bng hiu sut v nng lc mng Chnh sch chi ph hot ng

Bng 1.1 tm tt cc l do ch yu ti sao mng TCP/IP phi c qun l

1.2 QU TRNH QUN L MNG Qun l mng l mt qu trnh ging nh nhiu hot ng ph bin khc trong chc chn ngi qun l mng s gp nhiu kh khn. Di y l nhng hn ch trong qu trnh qun l. Qun l mng l mt qu trnh (m nhn vin qun tr mng) s dng phn cng v phn mm theo di tnh trng ca cc thnh phn v kh nng truyn dn mng, cu hi cui cng l lm th no ci thin hiu sut s dng ca mng, ng thi phi kt hp vic qun tr mng vi vic hng dn nh cung cp dch v v ngi dng trn mng. iu ny c ngha l nhn vin qun tr mng phi c kin thc v b giao thc TCP/IP v hiu c qu trnh hnh thnh v th tc gi v nhn cc gi tin. Vai tr, cch s dng, cc thnh phn cu to ca gi tin v cc khi nim c trng ca mng. Th nht khi truyn tn hiu thoi v tn hiu fax bng b giao thc TCP/IP trn mng bao gi cng c sai s nht nh. Th hai n lin quan n vic s dng phn cng v phn mm kim tra , thit b cu ni v b nh tuyn ca mng, thit b v kh nng truyn dn, d liu v knh d liu ca cc thnh phn mng. Ch rng nhn vin qun l mng c th can thip v h tr n ngi s dng mng, nh cung cp dch v cc yu t chuyn mn lin quan n mng. Ngoi ra sau khi thu thp cc yu cu, cc kin lin quan n mng t ngi dng v nh cung cp dch v nhn vin qun tr mng s nghin cu v ci to mng theo hng tt hn. ng thi h thng a ra cc gii php ci thin hiu sut s dng cng nh gim bt hin tng rt mch. Cc phng php ci thin hiu sut thng tin c th l thay i cu hnh mng hin ti hoc nghin cu cch thc t chc mng theo cc yu cu m h a ra. Cui cng hiu sut ca cng vic qun l mng phi c nhn vin qun tr mng nm bt tt c nh: gim st v a ra tin trnh pht trin mng, tnh ton li mng m bo tnh hp l gia chi ph u t mng pht trin vi hiu sut s dng mng cao nht. Thc ra cc vn a ra trn c th ty chn m bo rng ngi dng hp l

mi truy cp vo mng v cc nhn vin qun l mng cc b (mng LAN), cc nh qun l mng cn phi quan tm n vn an ninh mng. 1.2.1 T chc OSI trong qun l mng Da trn c s trc , chng ta c th chia nh cc cng vic lin quan n qun l v chc nng mng. Trong thc t, iu ny c thc hin theo chun quc t IOS (International Organization for Standardization) ca t chc OSI (Open System Interconnection). Trong m hnh t chc OSI nh ngha 5 chc nng (hoc cc qui tc) qun l mng c ch nh trong bng 1.2. Qun l cu hnh / thay i Qun l li / s c Qun l hiu sut / tc tng trng Qun l an ninh / truy cp Qun l ti khon / chi ph Bng 1.2 T chc OSI trong qun l mng Qun l cu hnh hoc qun l mng bao gm qu trnh theo di kh nng thay i cc tham s khc nhau ca cc thit b trn mng. Cc tham s c th c ci t, thit lp li hoc n gin l c v hin th. i vi mng phc tp c hng trm hoc hng ngn thit b v truyn dn, vic s dng cc SNMP v RMON s d dng hn cho vic iu khin mng t mt im hoc t mt vi v tr qun l mng. Tuy nhin, trn thc t nn tng SNMP v RMON c phm vi t mt h thng qun l mng my tnh c s n my tnh nh v h thng my trm. Trong thc t, hu ht cc h thng s bao gm thit b c kh nng t ng tm ra v hin th v tr ca mng, ngoi ra n cn cung cp cho ngi s dng kh nng c v c th thay i cc tham s thit b, cng nh hin th mt lot cc thng s ca ng truyn. khng ging nh cc thit trn cc tham s c th c hin th v thit lp li, thit b truyn dn c kim sot bi mt hoc nhiu hng truyn thng v iu chnh cc thng s ny thng l iu khin hot ng ngi s dng mng u cui. Mc d h thng qun l mng c nhiu u im, nhng t chc h thng qun l mng khng phi u cng c. iu ny bi v l SNMP v RMON c pht trin ch yu nh l mt thit b gim st v cnh bo, v cng v vi hn ch l yu t bo mt khng c tch hp cho php thay i cc tham s cc b nh tuyn, DSUs, CSUs v cc thit b mng khc. Thay vo , nhiu t chc duy tr mt s h thng, trong mt 6

s h thng nh cung cp c th c s dng kim sot cc thit b. Ngoi ra, mt s thit b c th c kim sot n gin t mn hnh hin th. Trong kt lun ban u ca chng ta vi vic tho lun v cu hnh hoc thay i qun l, cn lu rng lnh vc qun l mng ny ph thuc vo cc tham s ci t c s d liu v hiu bit ngha ca chng. C s d liu ny bao gm cc thng tin c ghi trn th 3* 5 inch, trang nh my, hoc files c lu tr trong my tnh. Bt k phng tin truyn thng c s dng lu tr thng tin, c s d liu ging nh mt kho thng tin c th c s dng xc nh la chn, thay th, cng nh trin khai thc hin thay i cu hnh v cch thc hot ng ca mng li. Qun l li/s c Vn qun l li l qu trnh nhm pht hin, ng nhp v th, vn tch bit, du vt v hon thnh cho quyt nh mt kt qu khng bnh thng. V bn phi bit rng mt s c tn ti, th nht l mt trong nhng bc quan trng nht trong qun l li l pht hin tnh trng khng bnh thng. iu ny c th hon thnh bng mt s phng php, bao gm t vic thit lp cc ngng trn mt h thng qun l mng pht ra cc loi hnh cnh bo hoc iu kin bo ng khi vt qu cho ngi s dng v khch hng gi mt k thut kim sot trung tm bo co cc vn . Sau khi mt vn c pht hin, nhiu t chc s c mt gii hn trc iu hnh th tc m tnh trng ny c ghi chp trong mt ng nhp, nu xc nh i din cho mt vn chnh ng, c phn cng mt v s c cho php theo di qu trnh gii quyt s c. iu quan trng hiu rng nhiu s c lin quan cc cuc gi n mt trung tm kim sot k thut c gii quyt ngay lp tc . Cc cuc gi c th yu cu nhn vin trung tm kim sot k thut n t mt vi pht n vi gi kim tra ci t thit b, xem hnh nh hin th kim tra tnh trng ca cc thit b t xa v hi ngi dng nhng ci t phn mm v phn cng lin quan hoc thc hin cc chc nng khc gii quyt s c m khng hnh ng. Cc cuc gi hoc bo ng khc c th dn n vic cp ca mt th s c i hi hnh ng trn mt phn ca nh cung cp dch v thng tin hoc s gip ca nh cung cp dch v. Bt k mc ca s c, ng nhp ban u bao gm mt c gng xc nh nguyn nhn ca tnh hung khng bnh thng v xc nh hnh ng thch hp cho cc chnh sa. Vn tch bit c th bao gm mt tho lun n gin vi mt ngi dng u cui, kim tra chn on thit b v ng truyn hoc m rng nghin cu. Sau khi nguyn nhn gy ra s c c c lp c th t chc vi ngi dng chnh sa, chng hn nh khng th chp nhn mc hiu 7

qu trn mt mch hoc mt li thit b khng kt ni n nh cung cp dch v t chc mng ca bn ang s dng. V vy, ngoi vic tm kim s tr gip thch hp, mt bc quan trng ca cc qu trnh qun l li l du vt c bn trong v bn ngoi nhn vin trong n lc ca h hng ti sa ng li . Rt nhiu ln, li qun l s i hi v tui s c c chuyn cp nhn c . Ti cc ln, lp i lp li cc cuc gi n mt nh cung cp hay nh cung cp dch v thng tin theo di s tin b ca mt s c th c th bc l rng cc th c ng li. Mc d chng ti hy vng rng cc l nh cung cp dch v hoc nh cung cp ng s c v khng c qun thng bo cho chng ti nhng gii quyt , chng ti sng trong mt th gii cha hon ho, trong mt mt th s c c th khng c b ng ca m khng gii quyt vn . V vy, n l rt quan trng i vi cc du s c, bao gm c th s c trng thi. Trong khi vic gii quyt ca mt iu kin khng bnh thng c th xut hin nhng cng vic sau trong qu trnh qun l li, trong thc t n c th yu cu hiu sut ca cu hnh hoc thay i cng vic qun l. V d, nu trong mt iu kin khng bnh thng do bi vic thc hin thay i nh tuyn,vic gii quyt s c th thay i cu hnh nh tuyn tr v trng thi ban u vi iu kin bnh thng ca n . iu ny gii thch bn trong quan h gia cc chc nng ca cc lnh vc qun l mng. Qun l hiu sut/tng trng Qun l hiu sut hoc tng trng bao gm nhng cng vic i hi nh gi vic s dng thit b qun l mng v kh nng truyn dn v iu chnh chng nh yu cu. Cng vic thc hin c th phm vi t quan st thit b hin th thu thp cc thng tin thng k vo mt c s d liu c th c s dng n cc xu hngd n s dng . Bt k phng php c s dng, mc tiu ca qun l hiu sut v tng trng l m bo kh nng tn ti h tr thng tin ngi dng cui cng yu cu. Do , mt thut ng thng c s dng cho qun l hiu sut hay tng trng l nng lc lp k hoch. Mt trong nhng chi tit th v bn ngoi ca nng lc lp k hoch phi hp phn ng li ca s c ngi dng cui. Nu t chc mng ca bn khng kh nng, ngi dng cui khiu ni s thng xy ra bt c khi no thi gian phn hi lu hoc ngi dng nhn mt tn hiu bn khi c gng truy cp mng t xa. Ngc li, bn s khng bao gi nhn khiu ni ngi dng cui m h lun lun nhn c mt thi gian phn hi tt hoc khng bao gi nhn mt tn hiu bn v rng mng c qu nhiu nng lc. iu ny c ngha l qu nhiu kh nng s yu cu cng nhn nhn vin qun l mng 8

v n l phn s nhn vin kim tra cc tim nng cho c hai thu hp hoc m rng mng. Mt lot cc cng c c th c s dng cho qu trnh qun l hiu sut hoc tng trng, bao gm cc ho n thanh ton ca nh cung cp dch v ,h thng qun l mng, chng hn nh cc ng dng tin ch Ping v Traceroute.Ho n thanh ton nh cung cp dch v c th hin th ng dy gi vo hoc ng dy cho thu ni vo nh cung cp dch v Internet .H thng qun l mng c th cung cp thng tin v vic s dng ni ht v mng t xa v mng li hot ng v s dng khc nhau ca thit b qun l mng. Vic s dng Ping, Tracerouter v cc chng trnh tin ch khc c th ch th mt thit b hot ng cng nh ngt thit b. Qun l an ninh /truy cp Qun l an ninh hoc truy cp m t ci t cc cng vic m m bo rng ch cho php nhn vin c th s dng mng. Ngoi ra, mt s t chc c th yu cu n cc ni dung ca d liu, c bit l khi s dng Internet nh l mt mng ring o. V vy, nhim v v chc nng lin quan n qun l an ninh c th bao gm xc nhn cc ngi dng, mt m ca d liu, qun l v phn phi kha mt m, bo tr v kim tra an ninh ca cc bn ghi, cu hnh danh sch truy cp b nh tuyn v vic trin khai thc hin nhng tnh nng frewall khc nhau bao gm cc dch v proxy v pht hin xm nhp v pht bo ng. Tng t vi qun l an ninh truy cp cc nhim v v chc nng bin php phng chng vi rt, cc th tc hot ng v lp k hoch trin khai thc hin khi cn thit ca phng php khi phc thm ha. Mc d nh qun l mng khng th thc hin cc nhim v trc s tn cng m bo rng nhn vin khng c hoc pht nhng fles ng ng qua mng, cc nh qun l c th cng khai cc phng php kim tra phn mm khng bit cng nh cc th tc i theo lin quan n vic phn phi phm vi phn mm chung thu c t nhng trang web chia s phn mm. Qun l thanh ton/chi ph Ngoi ra bo m s sinh, t vong v thu, bn cng c th mong i cu chm ngn c 'khng c ba n tra min ph' l c bn ng s tht. Mt trong nhng quy trnh qun l mng nh vy, bao gm vic nhn ng thng tin vo ng thi im, trong cung cp mt c s cho cc thit lp cc chi ph chm sc ca ti nguyn mng. Cng vic lin quan ti qun l thanh ton ton hoc chi ph bao gm vic a ra cc trang thit b, cc loi truyn dn, vic ha gii v cc ho n ghi , cc tnh ton gim gi v cc chi 9

ph khu hao, cc chng t chi ph c nhn chi ph nhn n hot ng mng, s thuyt minh cc thut ton tnh t l cc n ngi dng v nh k xem xt cc phng php thanh ton bo m cng bng v hp l cc chi ph ha n trn c s ngi s dng mng. Qu trnh qun l thanh ton c th yu cu nhng n lc ca mt nhm chuyn gia ti cc t chc ln. i vi cc t chc va v nh ,cc n lc bao gm qun l k ton c th vn l ng k, c bit khi so vi cc iu cn thit thc hin chc nng qun l mng li. Nhiu t chc tp trung vn u t chi ph cc thng tin hoc thm chi ph cho vic s dng x l d liu ca h. Trong khi iu ny chc chn s gim bt cc cng vic lin quan ti qun l thanh ton, cc chc nng qun l chi ph khc, bao gm c ngn sch, kim tra nh hng ca thu da trn s thay i cu trc ca mng li, v thm tra s ng n ca ngi bn v ha n ca nh cung cp dch v. Nhng chc nng qun l chi ph v thanh ton l mt phn quan trng trong qun l mng d c ngi dng hoc cc t chc c quan hay khng. 1.2.2 Cc chc nng qun l mng li Mc d qun l mng theo khun OSI l thng minh, n khng phi l tt c, bao gm hai phm khu vc chc nng m ch l mt phn kn o trong khun OSI l quan trng iu chnh nhn dng ca h nh l thc th ring bit l qun l ti sn v hoch nh hoc h tr qun l. Qun l ti sn Qun l ti sn l tp hp cc cng vic lin quan n s thuyt minh v thu hi cc h s ca thit b, iu kin thun li v nhn s. H s thit b c th bao gm mt hoc nhiu c s d liu thng tin-bao gm cc thit b c s dng trong mng, cc thng s ci t, d liu nh sn xut v s in thoi gi cho bo tr, v thng tin tng t. H s thit b c th h thng qun l mng hin c, c th b sung thm thng tin nhn c t h thng qun l mng hoc c th l h thng qun l mng hon ton c lp .H s kh nng truyn dn c th n gin bao gm s cc mch in v im lin lc ca nh cung cp dch v hoc chng c th cha cc thng tin b sung nh mong i hoc bo m mc hiu qu v kt qu theo di ca thi k trc .Sau bao gm ngi s dng cui lu xu hng pht trin, trong c th bao gm s h hng cht lng mch n.

10

1.3 CNG C V H THNG Cha kim tra kt qu thng tin thiu. S phn tch ca d liu h s mch in cho php ngi s dng cui cng lin lc vi nh cung cp dch v thng tin ca h yu cu h tr trc khi kt qu li xung cp ca mch c th ngn cn thng tin. Tht khng may, nhn vin thng loi tr qu trnh qun l ti sn mc d ti sn l qu gi nht . Theo qu trnh qun l ti sn, bn nn cn nhc vic pht trin cc h s v n biu th kinh nghim cng vic ngi lao ng, gio dc, o to, v mc giy chng nhn. Bn c th dng thng tin ny thun tin nhim v ngi lao ng n nhng k hoch mng khc nhau.Tng t thng tin lin quan n gio dc,o to v chng nhn c th c dng kt vi t chc yu cu thc hin phn chia pht trin k hoch phn phi o to v phn b ngan qu cho php ngi lao ng tip thu ph hp trong o to. Cc phn tch ca mch Qun l k hoch / h tr Qun l k hoch v h tr bao gm nhng cng vic cho php cc nh qun l mng v cc qun tr vin cung cp h tr cho ngi s dng hin ti cng nh ln k hoch cho tng lai. H tr cho ngi s dng hin ti c th c xem nh l mt siu thit lp trc y m t chc nng qun l mng. Trong thc t, h tr cng nh lp k hoch ph hp vi chc nng qun l mng li khc. V d v cc chc nng h tr qun l c th bao gm vic iu chnh kh nng mng cung cp cc thay i trong vic s dng, sp t thit b v phng tin h tr cc ng dng mi hoc ng dng m rng, v hp vi ngi s dng cui cng xc nh mc hi lng hoc khng hi lng ca h vi phng php truyn thng hin ti. Lin quan cht ch h tr qun l l qu trnh lp k hoch qun l. Trong qu trnh lp k hoch bn c th p ng vi ngi s dng cui cng xc nh cc yu cu cng nh s hi lng hoc khng hi lng vi cc thng tin lin lc hin c. Ngoi ra, qu trnh lp k hoch c th lin quan n vic thu thp d liu t cc chc nng qun l mng khc, trong cho php bn pht trin cc m hnh h tr trong vic thit k cu trc mng mi hoc ti u ha kin trc mng hin ti. Cui cng, nu kt qu trong qu trnh lp k hoch c khuyn ngh thay i trong kin trc ca mng, sau khi ph duyt cc thay i ny phi c thc hin. Do , qu trnh lp k hoch phi bao gm cc bc cn thit trin khai thc hin vic cu hnh hoc thay i nhng cng vic qun l. Hnh 1.1 tm tt vng chc nng qun l mng v nhng cng vic lin quan n mi vng. Bn nn lu rng trng hp hp l c th c thc hin bao gm nhiu cng vic di hai hoc nhiu chc nng. V vy, bn c th xem cc cng vic lin kt 11

vi cc chc nng trong hnh1.1 nh l mt ti liu hng dn cho cc lnh vc c bn trong nhng cng vic c thc hin khng phi nh l tt c cc v d ca nhng cng vic thc hin.

Hnh 1.1 Mng qun l cc khu vc chc nng v nhim v

Ngy nay c nhiu cng c c th s dng cung cp mt mc h tr ng k trong vic qun l TCP / IP da trn mng. Nh vy cc cng c trong phm vi s dng cc tin ch nh cc chng trnh Ping, Traceroute v NSLOOKUP phn tch cc giao thc v cc chng trnh bo co thng k cung cp mt s hiu bit lin quan n vic s dng mng. Ni chung, cng c qun l mng c th c chia lm ba loi chnh: cng c gim st, cng c chn on v h thng qun l da trn my vi tnh. 1.3.1 Cc cng c gim st Cc cng c gim st cung cp cho bn kh nng quan st cc hot ng v thi hnh ca cc thit b v cc kh nng truyn. V d v cc cng c gim st gm cc ng dng tin nh Ping c th thng bo cho bn nu mt thit b ang hot ng v pht hin c cng nh cc chng trnh phn mm gim st lp 2 v lp 3 chng hn nh EtherVision, EtherPeek, v cc sn phm khc s c m t v tho lun trong cc chng sau ca cun sch ny. 1.3.2 Cng c chn on Mt cng c chn on thng s dng pht hin cc s c trang thit b hoc phng tin truyn. V d v cc cng c chn on cng c th bao gm Ping n s dng cung cp thng tin v trng thi hot ng ca thit b cng nh cc b gii m gi c th a ra nh sang nhng l do ti sao cc thit b thng tin lin lc ang khng hot ng ng. 1.3.3 H thng qun l da trn my vi tnh 12

H thng qun l da trn my vi tnh chy chng trnh ho t my tnh c nhn trn nn qun l mng SNMP ti ton b cc nn tng ca h thng my tnh c h tr SNMP, cng nh cc nh cung cp c quyn phn cng qun l. Hnh 1.2 minh ha chung cc thnh phn ca mt h thng qun l da trn my vi tnh. Cng ngh qun l cung cp mt im iu khin cho truy cp vo cc thit b. im ny hoc t cng mt mng hoc nm trn mt mng xa. Trong mi trng TCP/IP trm qun l s dng giao thc SNMP l giao thc truyn thng truy cp vo cc thit b khc thc hin chc nng qun l khc nhau.

Hnh 1.2 Cc thnh phn chnh ca mt h thng qun l mng Trnh n l phn mm m c nhim v bin dch v hot ng theo yu cu t cc nn tng qun l mng. Thnh phn chnh th ba ca mt h thng qun l l c s thng tin qun l (MIB). MIB l c s d liu ca cc i tng din t lut thi hnh c duy tr bi mt thit b hoc cc gi tr ca cc tham s lien quan vi cc thit b m c th c c hoc c kh nng reset. Trong mi trng TCP/IP cc trnh n thc hin gim st t xa xy ra thng qua vic s dng cc thm d RMON, vi thut ng thm d c s dng din t trnh n xa v MIB ca n. Lu rng cc trnh n v cc MIB ca n c th nh l mt m-un trong mt thit b thng tin lin lc, chng hn nh mt b nh tuyn hoc CSU, hoc c th hot ng nh l mt trm c lp c kt ni vi mng, chng hn nh l mt my thm d. By gi chng ta c nh gi tng hp cho cc chc nng qun l mng, cc cng c, v cc h thng, chng ta s kt thc chng ny vi tng quan cc ni dung ca cc chng trong cun sch ny.

13

Chng 2

AN NINH MNG TCP/IP

2.1 AN NINH NH TUYN Mt b nh tuyn m t mt phn trong hu ht cc loi mng cng nh thit b truyn thng u tin c s dng truyn d liu gia cc mng. c hiu theo cch thng thng, n m t nhiu k hoch thit b mng truyn thng. Khi thay i cu hnh ca b nh tuyn (c hoc khng c ) c th u nh hng n trng thi hot ng ca n v nh hng n t chc mng. Mt iu na nu bng nh tuyn hoc cc tham s khc nhau thay i, n c th lm thay i t chc d liu gi n v tr ni m thng tin c th ghi v c bi b phn th 3. iu ny rt quan trng hiu rng ti sao ngi ta c th truy cp v iu khin b nh tuyn, v tng bc to ra an ton cho thit b mng truyn thng. Trong phn ny chng ti s xem xt v tho lun cc phng php truy cp nh tuyn trong c hai thut ng chung v ring. Tho lun truy cp nh tuyn ca chng ta trong thut ng chung s p dng n cc sn phm c sn xut bi nhiu nh cung cp khc nhau. Tuy nhin, khi tr v s ch n phng php truy cp c th v cc phng php chng ti c th s dng an ninh truy cp n b nh tuyn, chng ti s tng hp b sung c th chi tit ng dng n cc b nh tuyn do h thng Cisco sn xut . Mc d v d cc phng php c th bo v truy cp n cc b nh tuyn trong phn ny c nh hng theo nh tuyn Cisco, nhng trn thc t cc b nh tuyn c sn xut bi nhiu nh cung cp khc nhau nhng u c nhng kh nng tng t nhau. Nu t chc mng ca bn s dng cc b nh tuyn c sn xut bi nhiu hng khc nhau, bn c th kim tra chc nng an ninh truy cp ca b nh tuyn v cc lnh c th c h tr bi b nh tuyn n mt hoc nhiu chc nng an ninh truy cp cho php, khng cho php v bo v truy cp n thit b da vo ti liu hng dn s dng c th ca nh cung cp b nh tuyn. 2.1.1 S cn thit an ninh truy cp

14

Khi xem xt n an ninh nh tuyn, hu ht ngi ta ngh n nhng danh sch truy cp nh tuyn. Nhng danh sch truy cp nh tuyn ny c dng thit lp nhng gii hn khi truyn d liu thng qua cc cng ca b nh tuyn v c xem xt m t phm vi phng th mng u tin. Mc du danh sch truy cp nh tuyn l v cng quan trng v kha cnh an ninh mng, tc gi xem xt chng thc t m t phm vi phng th th hai ca mng. iu ny bi v kh nng truy cp v cu hnh b nh tuyn trnh by trong phm vi phng th u tin ca mng. Nu khc hn l ngi c ch r t c kh nng truy cp v thay i cu hnh t chc nh tuyn, iu ny c ngha l bt k danh sch truy cp trnh by trc y c th c thay i hoc loi b - trong hiu ng ct b cch bo v mng trnh by trc. Tng t nh ngi nng dn xy dng mt chung g hnh ba chiu, khi ra v v tnh ca ng h, do thiu st trong bo v nn mt loi ng vt qu gi cng nh trong t chc nh tuyn nu bo v khng tt c th ngi khc truy cp n ti nguyn mng . iu ny gii thch ti sao chng ti s tho lun an ninh truy cp nh tuyn trong phn ny trc khi tho lun li danh sch truy cp nh tuyn trong phn th hai. Khi kho st su hn vo trong truy cp nh tuyn, chng ti lu n vi phng php tc ng chn ca vo ra n thit b truyn thng ny. Trn thc t, mt phng php chng ta trao i gm vic s dng mt danh sch truy cp nh tuyn bng mt k thut iu khin n b nh tuyn chc chn xc nh trc a ch IP. Tuy nhin, trc khi lm iu , chng ta phi kha cng ra vo ,iu ny phi lm xong trc khi s dng kh nng danh sch truy cp nh tuyn. Nh vy, s dng danh sch truy cp c xem li mt phm vi phng th th hai. 2.1.2 Truy cp nh tuyn Mc ch ca vic tho lun ny l, thut ng truy cp nh tuyn m t kh nng ca mt ngi kt ni vi mt b nh tuyn v truy cp vo h iu hnh ca n. Hu ht cc b nh tuyn bao gm mt hoc nhiu cng ni tip c lp vo cc thit b cho php u cui hay my tnh c nhn, mt loi u cui c th truy cp n b nh tuyn. u cui truy cp ny c th kt ni trc tip bng cp hoc ng dn thng tin t xa. Sau c hon thnh thng qua ngi s dng modem hoc DSU c kt ni n mt cng ni tip b nh tuyn. Mc d s dng kt ni cng ni tip l phng php u tin c s dng hu ht cc t chc cung cp truy cp n h iu hnh mt b nh tuyn cho php cu hnh thit b, nhng n khng phi l phng php truy cp duy nht. Cng thm cc phng php c h tr bi nhiu b nh tuyn gm truy cp 15

Telnet v s dng giao thc HTTP (Trial File Transfer Protocol) lu tr v truyn ti hnh nh h thng, cc tp cu hnh gia b nh tuyn v my trm. 2.1.3 Truy cp Telnet Telnet cung cp kh nng truy cp mt thit b t xa bao gm mt b nh tuyn nh th thit b u cui mt chng trnh my khch Telnet c kt ni trc tip n thit b t xa. Telnet truy cp n b nh tuyn c th xy ra t pha trc hay pha sau b nh tuyn, thut ng pha trc c s dng da vo truy cp n b nh tuyn thng qua mng din rng (mng WAN) kt ni t mt v tr trm trn mng khc khng trc tip ni n cng b nh tuyn c th, trong khi thut ng pha sau cp n mt mt v tr trm trn mt mng kt ni trc tip n cng b nh tuyn mng ni b (mng LAN). iu ny ngha l truy cp Telnet n mt b nh tuyn c th xy ra t mt thit b ni b trn t chc mng ni b hoc nu b nh tuyn c kt ni n Internet, t bt k thit b u cui trn th gii c truy cp Internet. iu ny cng c ngha l, bt k v tr my khch hot ng chng trnh Telnet, nh iu hnh chng trnh ch cn bit a ch IP ca giao tip mng ca b nh tuyn bt u mt phin kt ni Telnet n b nh tuyn v truy cp n thit b. Nu nhn vin iu hnh ca my khch Telnet thc hin mt kt ni n b nh tuyn nhn vin iu hnh s nhn c mt nhc nh, chng hn nh: Tn nh tuyn> hay Xc nh ngi dng truy cp Mt khu: y tn nh tuyn m t tn mt t chc c ch nh b nh tuyn, trong khi mt khu m t nhc nh nhp mt khu thch hp truy cp vo b nh tuyn. Hnh 2.1 minh ha vic s dng mt my khch Telnet sn sng dng di Windows 95 v Windows 98 n hng triu ngi truy cp mt b nh tuyn c a ch IP l 205.131.176.1. Trong v d minh ho ca Hnh 2.1 b nh tuyn gin on kt ni sau ba ln th ng nhp khng thnh cng. Tuy nhin, tin tc c th ngay lp tc th li nhiu hn ba ln. Vi vic s dng mt tp lnh v mt t in in t, iu tr thnh mt cng vic tng i n gin cho ngi ta b kha mt khu (crack) chng trnh Telnet truy cp vo kh nng cu hnh b nh tuyn. V vy, iu quan trng chn mt khu l khng nhng khng c trong t in m cn khng m t cc iu nh trong cc t ca t in, chng hn nh dog7, t mt tin tc c th lp trnh lp i lp li nhiu t cho mt tn cng thnh cng sut thi gian. 16

Cn lu rng nhiu t chc c mt chnh sch a ch IP, chng ch nh ch thp cho giao tip b nh tuyn. V d, nu a ch mng IP thuc lp C l 205.123.124.0, chng c th ch nh 205.123.456.1 bng mt a ch giao tip t mng 205 n b nh tuyn. Nhiu t chc s dng vic sp xp a ch chung ny, thng thng s rt l d dng xc nh a ch ca b nh tuyn cho Telnet tip theo. im ny trong lc nhn vin iu hnh my khch cho php truy cp trc tip tt c cu hnh b nh tuyn v kim sot b nh tuyn. Bng vic m rng mt tp lnh gi vi vic s dng mt t in in t, nhiu tin tc bit cu hnh nhiu b nh tuyn do cc nh sn xut ci t mt khu mc nh truy cp Telnet. iu ny tht khng may cho cc t chc mng, tt hn h khng bao gi s dng mt khu mc nh. iu ny l do cc mt khu c trong danh sch trong hng dn s dng b nh tuyn ca nh cung cp, nhng mt khu ny c th mua vi gi 29,95 la hoc cho truy cp min ph thng qua World Wide Web. iu ny c ngha l hu nh khng c gii hn s ngi c kh nng khm ph cc mt khu mc nh cn thit truy cp vo mt b nh tuyn thng qua mt kt ni Telnet. Nu cc b nh tuyn m qun tr vin khng th thay i mt khu mc nh truy cp Telnet hay khng t thm bt k hn ch khi truy cpTelnet th bt k ngi no c kin thc v a ch IP ca giao tip b nh tuyn c th c truy cp vo thit b. 2.1.4 Truy cp TFTP Hu ht cc b nh tuyn c hai loi b nh: B nh truy cp ngu nhin (RAM) v b nh khng bay hi. Khng ging nh b nh RAM, ni dung ca n b xo hon ton khi mt ngun, ni dung ca b nh khng bay hi khng b xa. Khi cu hnh, b nh nh tuyn khng bay hi thng c s dng lu tr hnh nh ca b nh b nh tuyn cng nh sao lu d phng hoc thay th cu hnh nh tuyn. Bi v b nh tuyn khng cha a mm hoc khng c a cng, kh nng ca chng lu tr nhiu hn vi cu hnh thay i b gii hn. iu ny c ngha l cc qun tr vin i hi kh nng lu tr d phng hoc thay th cu hnh b nh tuyn vt ra ngoi kh nng gii hn b nh khng bay hi tiu biu ca b nh tuyn lm nh vy trn my trm v s dng chng trnh TFTP (Trivial File Transfer Program) ti v lu cc hnh nh h thng b nh tuyn v cc tp tin cu hnh. iu ny cng c ngha l nu c php truy cp TFTP, ty theo cch thc h tr truy cp TFTP ca b nh tuyn, n c th cho php c nhn khng c quyn to ra cu hnh d liu khi s dng b nh tuyn, dn n vi phm bo mt hoc khng c nh trc mi trng hot ng. 17

By gi chng ta nh gi cc phng php chnh c th c s dng truy cp vo b nh tuyn, chng ta quay v cc phng php c s dng l bo v truy cp hoc kha ca ra vo da trn phng php truy cp. iu ny s cung cp cho chng ta kh nng lm n kh khn i vi nhng ngi c php truy cp b nh tuyn v ginh c kh nng xem v thay i cc cu hnh thit b. Trong khi lm iu , chng ta s tho lun v mt s lnh nh tuyn cc h thng Cisco.

Hnh 2.1 Hnh 2.1 Qua vic s dng my khch Telnet bao gm hng triu bn sao ca Windows 95 v Windows 98, tin tc c th truy cp vo kh nng cu hnh nh tuyn kt ni vo Internet. 2.1.5 Bng iu khin v u cui o Sau khi bn m gi b nh tuyn v bt u qu trnh ci t ca n, iu ny v cng quan trng l xem xt cch thc truy cp vo cu hnh thit b. Nu bn cho php thay i cu hnh t mt kt ni trc tip thit b u cui, bn cn m bo Telnet v TFTP c php truy cp. Trong mi trng nh tuyn ca Cisco, bn c th truy cp

18

cu hnh t bn iu khin v u cui o thng qua vic s dng dng lnh. Dng lnh ny theo nh dng sau: dng [loi t kho]dng u tin [dng cui] y thng tin trong du ngoc n m t ty chn. Cc loi t kha nhp vo c th c nhp vo bng iu khin l 'aux' hoc 'vty'. Bng iu khin nhp m t mt ng dy u cui v thit b ni cp trc tip n mt cng trn b nh tuyn. So snh, aux c s dng ch th ng dy ph, cho php bn nh r quyn truy cp thng qua mt cng trn b nh tuyn c kt ni vi mt CSU, DSU hoc modem, cho php truyn thng ni tip t xa. Ty chn th ba, vty, m t kt ni u cui o vi truy cp bng iu khin t xa. Lu rng khi nhp dng lnh, dng lnh u tin v cui cng m t mt s p dng k nhau n thit b c th v c th c trnh b v lin kt vi mt ng dy. Khi cu hnh truy cp thng qua vic s dng dng lnh. iu rt quan trng xem xt lin kt mt mt khu vi thit b m bn cho php truy cp. Thm ch nu bn c k hoch cho php truy cp vo mt b nh tuyn thng qua thit b u cui kt ni cp trc tip trong mt trung tm kim sot k thut an ton, mi tnh hung xy ra s chng minh mt khu bo v. Trong trng hp m ngi dng l quen thuc, mt trung tm kim sot k thut ca mng chnh c mt nhm ngi theo di kt qu. phn cn li ca nhm ca trung tm kim sot k thut gim st tnh trng ca mng li bng hnh nh hin th, iu quan tm bt u vi mt cp ni trc tip u cui n mt b nh tuyn v cc chc nng bng hp thoi ca b nh tuyn. Khng bit nhp vo ci g, cc nhm theo di nhp vo mt du hi (?), cc kt qu c trong hin th cc lnh b nh tuyn. Trong khong thi gian ngn, ngi theo di ny qun l cu hnh b nh tuyn, trong khi phn cn li ca nhm nghe li ch dn bi ngi qun l trung tm. Khng cn thit ni, nu mt mt khu trc c lin kt vi u cui truy cp, mt cu hnh b nh tuyn trc v tn ph kt qu n to ra l khng th. Trong mi trng b nh tuyn ca Cisco, bn c th kt hp mt mt khu vi mt phng php truy cp t xa. lm c nh vy, bn nn s dng mt khu lnh. V d: Dng iu khin Mt khu Bugs4bny

19

Bng iu khin truy cp b kha cho n khi ngi iu hnh bng iu khin tr li mt khu bugs4bny ti du nhc bi b nh tuyn. Mt khu ca hng Cisco c th ln ti 80 k t. Cc mt khu ny thng c kt hp bt k ca cc ch ci, ch s v cc khong trng. Trong lc ny cc qun tr vin nh tuyn c quyn iu khin v thay i cc mt khu , ng thi mt khu ny gii hn ngi s dng truy cp vo b nh tuyn. iu ny bi v khi la chn mt mt khu thng da vo mt s lng ln con s v ch ci khc nhau ng thi trn ln chng li vi nhau. Khi s dng mt khu loi ny chc chn s kh on v trnh c s tn cng, ng thi mt khu ny cng gy kh khn cho qun tr vin nh tuyn nhp mt khu vo khng chnh xc. Nu nhp sai ba ln, b nh tuyn ca Cisco s kha. V vy, khi la chn mt mt khu, iu quan trng l phi ghi nh mt s nguyn tc mt khu. Trc tin, mt khu phi s dng hn hp cc k t ch v s trnh bt cc nguy c tn cng . Th hai, khi xy dng cu trc mt mt khu hy nh rng cng m rng di ca mt khu th cng lm tng kh nng xy ra li khi nhp mt khu. Ni chung, mt khu di t 10 n 15 k t l nu mt khu c cu to t lin kt gia ch vit tt v mt chui cc s. 2.1.6 Truyn file (tp) Chng ta nhn thy rng, trc y cc giao thc truyn tp thng (Trivial File Transfer Protocol) thng c h tr bi b nh tuyn nh l mt k thut cho php hnh nh h thng v cc file cu hnh c lu tr trn trm lm vic. Trong mi trng b nh tuyn ca Cisco, cho php ti cc file cu hnh mng khi khi ng li b nh tuyn, chng ta phi xc nh lnh dch v cu hnh l mc nh v v hiu ho kh nng ny. Nu kh nng ny c kch hot, b nh tuyn s pht tn hiu qua TFTP c mt tin nhn yu cu v trm u tin p ng s c file vi mt tn c th da vo cu hnh ca b nh tuyn c truyn qua mng. 2.1.7 An ninh bn trong b nh tuyn Mt khi t c quyn truy cp vo mt b nh tuyn, h iu hnh ca thit b c th cung cp thm kh nng bo v, bn c th s dng thm cho vic bo mt truy cp b nh tuyn. Trong b nh tuyn ca Cisco lnh phin dch trong h iu hnh c gi tt l Exec. Exec c hai mc truy cp: ngi dng v c quyn. Mc truy cp ca ngi dng cho php ngi dng s dng mt s lnh trong cc lnh b nh tuyn, v d nh lnh cho php m danh sch cc kt ni b nh tuyn, lnh cung cp tn n mt kt ni logic v lnh hin th s liu thng k lin quan n hot 20

ng ca b nh tuyn. Mc truy cp c quyn bao gm tt c cc lnh truy cp ca ngi dng cng nh cc lnh nh hng n cc hot ng ca b nh tuyn, chng hn nh lnh v cu hnh, lnh ny cho php nhn vin qun tr mng t li cu hnh ca b nh tuyn, ti li lnh, lnh tm dng hot ng ca thit b v ti li cu hnh ca thit b v cc lnh tng t c lin quan thit thc n tnh trng lm vic ca thit b. Quyn ca ngi c truy cp vo ch hot ng c quyn ca b nh tuyn Cisco nhn c kh nng iu khin trc tip cc hot ng b nh tuyn, mc truy cp ny c th c bo v bng mt khu. V vy, khi ci t b nh tuyn ca Cisco, iu quan trng khi s dng lnh v cu hnh ca b nh tuyn thng s dng mt khu. V d, ch nh mt khu power4you vi mc lnh c quyn, bn nn s dng mt khu lnh cho php nh sau: cho php mt khu power4you Tng t mt khu kt hp vi mt dy ni tip ti thit b u cui, mt khu ch nh n lnh c quyn l trng hp nhy cm, mt khu c th cha bt k hn hp ca k t ch ci v ch s, mt khu ny ti a n 80 k t. Do , bng cch t mt mt khu trn cng ni tip, hoc trn bt k cc kt ni u cui o cng nh trn cc lnh c quyn ca b nh tuyn, bn bo v c hai truy cp vo cc b nh tuyn ging nh vic s dng cc lnh truy cp c quyn.

21

Hnh 2.2 Hnh 2.2 minh ha cu hnh x l ban u ca b nh tuyn v ch nh mt khu. Lu rng sau giao din b nh tuyn c hin th v mt tn (BigMac) c nhp vo b nh tuyn, bn s c nhc nh nhp ba mt khu. Mt khu th nht gi tt l cho php b mt, l mt mt m b mt c s dng thay v mt khu cho php. Th hai l mt khu cho php l mt khu c s dng ni khng cn bo mt v khi s dng phn mm c v mt s hnh nh khi ng. Th ba, mt khu l mt khu u cui o. Sau khi cc mt khu c nhp vo, b nh tuyn s nhc bn nhp d liu cu hnh c trng ch l mt phn trong s c hin th trong hnh 2.2. Vic nhp mt khu c hin th trong hnh 2.2 l minh ha cho mc ch v phm vi m t cu to mt khu c cp trong phn ny. 2.1.8 Phm vi phng v b sung Nu bn cn cung cp mt hoc cho nhiu ngi dng trn mt mng vi cu hnh ca mng gm mt hoc nhiu b nh tuyn, bn c th b sung thm mt lp bo v mt khu ngoi. lm nh vy, bn c th lp trnh mt hoc nhiu danh sch truy cp b nh tuyn. Mc d vic s dng danh sch truy cp vo nh tuyn l c n, chng ta c th tm tt mt s lu rng mt khu ngoi i din cho cc chn la cho php hoc t chi p dng cho cc a ch Internet. iu ny c ngha l nu bn c th xc nh a ch IP ca cc trm, iu ny s cung cp cu hnh hot ng mt hoc nhiu b nh tuyn thng qua vic ni mng, bn c th s dng danh sch truy cp ca b nh tuyn hn ch truy cp Telnet cho mi b nh tuyn n mt hoc nhiu a ch c th IP. iu ny c ngha l khng nhng nh iu hnh u cui cn phi bit chnh xc mt khu truy cp vo b nh tuyn thch hp m h cn bit thm v tr xc nh trc ca b nh tuyn trn mng. Bng cch kt hp bo v mt khu b nh tuyn vi mt khu bo v c quyn ca ch iu hnh hn ch truy cp vo cu hnh ca b nh tuyn thng qua vic s dng mt hoc nhiu danh sch truy cp kha quyn truy cp vo b nh tuyn.

2.2 DANH SCH TRUY CP B NH TUYN

22

Trong phn trc ca chng ny, chng ta tp trung nghin cu n kh nng truy cp cu hnh ca b nh tuyn. Trong phn chng ta ch rng mt phng php truy cp n b nh tuyn thng qua vic s dng danh sch truy cp thch hp. Tuy nhin, khi truy cp su danh sch truy cp n s b thot ra ngoi thc hin chc nng bo mt. Trong phn ny, chng ta s kim tra hot ng, s dng, v hn ch ca danh sch truy cp. Mc d chng ta s tho lun v danh sch truy cp trong thut ng ng dng chung ca nhiu sn phm c sn xut bi cc nh sn xut khc nhau. Chng ta cng s tho lun cc loi danh sch truy cp c th v cp ti nhng v d minh ha lin quan n cch thc hot ng ca chng. ng thi chng ta s cp n danh sch truy cp c h tr bi cc b nh tuyn ca h thng Cisco, hin ti nh sn xut ny cung cp trn khong 70% thit b trn th trng. Mc d s dng danh sch truy cp trong phn ny c nh hng theo sn phm ca h thng Cisco, tuy nhin cn lu l b nh tuyn ca cc hng sn xut khc cng tnh nng tng ng. iu ny c ngha l cc v d c trnh by trong phn ny u c lin quan n cc nh cung cp khc? Thng thng c s thay i cht t. Cng lu rng v c rt nhiu phin bn b nh tuyn ca h thng Cisco da vo IOS nn kh nng thc t v m ha danh sch truy cp ty thuc vo phin bn IOS c s dng. Trong vn ny, chng ta s tp trung n danh sch truy cp chnh ca cc phin bn khc nhau ph bin ca h thng Cisco qua vi nm s dng. 2.2.1 Tng quan Mt danh sch truy cp m t mt chui chn la cho php v t chi cc iu kin m c p dng n trng gi tr trong cc gi tin chy qua mt giao din b nh tuyn.Ch mt danh sch truy cp c cu hnh, n c p dng n mt hoc nhiu giao din nh tuyn, dn n vic thc hin mt chnh sch an ninh. V cc gi thng qua mt giao din ca b nh tuyn, thit b so snh d liu trong mt hoc nhiu trng trong gi vi nhng pht biu trong danh sch truy cp kt hp vi giao din. D liu trong trng la chn ca gi c so snh tng pht biu trong danh sch truy cp theo th t m nhng pht biu c nhp vo to thnh danh sch. u tin kt hp gia cc ni dung hoc iu kin ca pht biu trong danh sch truy cp v mt hoc nhiu thnh phn d liu ca trng trong mi gi xc nh d cho b nh tuyn c cho php gi ngang qua giao din hay khng. Nu iu kin gi chy thng qua cc b nh tuyn khng cho php th b nh tuyn gi gi n thng trong bu tri qua hot ng lc. 23

Ti mt s nh nht, danh sch truy cp nh tuyn iu khin d liu theo lp mng. Bi v c rt nhiu loi giao thc lp mng, cng c nhiu loi danh sch truy cp chng hn nh danh sch truy cp Novell NetWare IPX, danh sch truy cp giao tc Internet IP v danh sch truy cp Decnet. Bi v trng tm ca cun sch ny trn qun l giao thc iu khin truyn/giao thc Internet ( TCP/IP) v qui tc quan trng ca giao thc Internet trong truy cp ca chng, chng ti s thu hp xem xt danh sch truy cp ca chng ti n nhng h tr giao thc TCP / IP.

2.2.2 Xem xt giao thc TCP/IP thu c mt nh gi cch thc hot ng trong danh sch truy cp IP, mt xem xt tm tt th t mt phn ca giao thc TCP/IP. Ti lp ng dng cc ni dung dng d liu m t mt lin quan ng dng trong giao thc, chng hn nh tp vn chuyn phin u cui xa hoc mt th in t c thng qua n mt trong hai lp vn chuyn giao thc h tr bi giao thc TCP/IP: giao thc iu khin truyn TCP (Transmission Control Protocol) v giao thc chng trnh d liu ngi dng UDP (User Datagram Protocol). C TCP v UDP l giao thc lp 4 hot ng ti lp vn chuyn (theo tiu chun ISO) m hnh tham kho h thng m OSI. Bi v mt my tnh ch iu hnh giao thc TCP/IP c h tr hot ng nhiu ng dng ng thi, mt k thut c i hi phn bit mt trong nhng ng dng khc nhau nh ng dng d liu c to thnh trong TCP hay chng trnh d liu UDP. K thut s dng phn bit mt ng dng t nhng ng dng khc l s cng, vi mi ng dng c h tr bi giao thc TCP/IP c kt hp vi s cng. V d, mt my ch c th truyn ti mt gi c cha mt email theo bi mt gi c cha mt phn ca mt tp vn chuyn, vi s cng khc nhau trong mi gi, xc nh loi d liu cha trong mi gi. Thng qua vic s dng s cng, cc ng dng khc c th c truyn n mt a ch chung vi a ch n s dng s cng trong mi gi nh l mt k thut phn knh t mt trong nhng ng dng khc nhau trong mt dng d liu nhn c t mt a ch ngun. S cng c ch nh bi quyn ch nh ca Internet IANA (Internet Assigned Number Authority). IANA duy tr mt danh sch ch nh s cng m bt k ai c quyn tuy cp Internet cng c th truy cp vo. TCP l mt giao thc kt ni lin kt, n cung cp mt k thut phn phi bo m. Bi v kh nng trao i d liu ch yu cu mt khong thi gian ngn thit lp mt kt ni TCP . N khng nhng v cng hiu qu ca ng dng 24

truyn dn m ch i hi nh s lng d liu trao i, chng hn mt cu hi qun l rng c th n gin ly li mt tham s c lu tr t my d pha xa. Cng nhn rng loi tnh trng mng ny i hi mt phng thc truyn dn cao hn kt qu l pht trin ca UDP. UDP c pht trin bng mt kt ni khng dy, n lc tt nht ca k thut phn phi. iu ny c ngha l khi mt phin UDP c bt u, d liu bt u truyn ngay lp tc thay v phi i cho n khi mt phin kt ni c thit lp. iu ny cng c ngha l trn lp ng dng tr thnh trch nhim phi ci t mt thi gian cho php mt khong thi gian kt thc m khng nhn c phn hi xc nh rng mt kt ni hoc c thit lp hoc mt. Mc d c hai TCP v UDP khc nhau mt trong nhng ng dng khc bng vic s dng cc gi tr s cng, thc t a ch thit b trch nhim ca IP, mt giao thc lp mng hot ng ti lp 3 ca tiu chun ISO, m hnh tham kho ca OSI. Mt ng dng d liu di giao thc TCP/IP hoc mt tiu TCP hoc mt tiu UDP c thm d liu, vi kt qu on d liu cha mt s cng thch hp m nhn dng ng dng ang c vn chuyn. Tip theo, d liu pha di giao thc, hot ng trong lp 3 dn n mt tiu IP c thm vo trc tiu TCP hoc UDP. Tiu cha a ch IP ch v a ch IP ngun bng 32-bit di chun IPv4. Chng ti thng xuyn m ha a ch IP khi cu hnh giao thc bng bn s thp phn tch ri nhau bi du chm. Da vo trc, c ba a ch c s dng trong mt danh sch truy cp IP m cho php hoc khng cho php lung gi tin thng qua giao din b nh tuyn: a ch IP ngun, a ch IP ch v s cng nhn dng d liu ng dng trong gi. Thc t h thng Cisco v b nh tuyn khc c sn xut cng h tr giao thc lin quan IP khc, chng hn nh giao thc tin nhn iu khin Internet ICMP (Internet Control Message Protocol) v giao thc mng m ngn nht u tin OSPF (Open shortest Patch First) bng mt k thut cho php hoc khng cho php lung ca cc loi tin nhn li xc nh trc v cc cht vn, vi mt v d tr l mt gi yu cu phn hi v tr li ICMP. 2.2.3 S dng danh sch truy cp Trong mi trng nh tuyn ca Cisco, c hai loi danh sch truy cp IP m bn c th cu hnh: danh sch cu hnh chun hoc c s v danh sch truy cp m rng. Mt danh sch truy cp chun cho php lc ch bng a ch ngun. iu ny c ngha bn ch c th cho php hoc t chi cc gi tin thng qua mt giao din da vo a ch ngun IP trong gi. Do danh sch truy cp loi ny c gii hn trong cc chc nng ca n. So snh danh sch truy cp m rng cho php lc a ch ngun, a ch ch v cc tham 25

s khc nhau kt hp vi cc lp pha trn trong giao thc, chng hn nh s cng TCP v UDP. Nguyn tc cu hnh Khi pht trin mt danh sch truy cp nh tuyn ca Cisco, c mt s nguyn tc quan trng cn lu . Trc tin danh sch truy cp ca Cisco c nh gi trong mt kiu lin tc bt u vi mc th nht trong danh sch. Khi ph hp, danh sch truy cp x l kt thc v khng c so snh thm xy ra. Nh vy iu quan trng ca n l t thm chi tit vo pha trn danh sch truy cp ca bn .iu quan trng th hai danh sch truy cp lun lun c n mt t chi vo cui danh sch truy cp. iu ny c ngha l ni dung ca mt gi khng r rng ph hp vi mt trong cc mc danh sch truy cp s t ng b t chi. Bn c th ln t chi n bng cch t mt giy php r rng all vo mc cui cng trong danh sch ca bn. Nguyn tc th ba lin quan n cu hnh danh sch truy cp l mi quan tm b sung vo danh sch. Bt c mc danh sch truy cp mi s c t ng thm vo di cng ca danh sch. y thc s l iu quan trng cn lu , c bit khi c gng thc hin mt hoc nhiu sa i danh sch truy cp. y l v nhng pht biu thm vo pha di cng ca mt danh sch truy cp c th khng c kt qu trong danh sch c th p ng yu cu ca t chc. Nhiu khi c th cn phi xa v to li mt danh sch truy cp thay v thm vo cc mc di cng ca danh sch. Nguyn tc th t lin quan n cc danh sch truy cp l chng c p dng n mt giao din. Mt trong nhng li ph bin mt s ngi cho l thch hp to ra mt danh sch truy cp v qun p dng n n mt giao din. Trong nhng tnh hung danh sch truy cp n gin c tr trong khu vc cu hnh b nh ca b nh tuyn nhng s khng c s dng kim tra lung cc gi d liu thng qua b nh tuyn, trong nh hng tng t li ca nh kho khp h sau khi mt thi gian xy dng mt cu trc tt. By gi chng ti c mt nh gi ca kha (key) nguyn tc cu hnh danh sch truy cp, chng ti hy tr li ch ca chng ti n s to ra chun v m rng danh sch truy cp b nh tuyn ca Cisco. Danh sch truy cp chun nh dng c bn ca mt danh sch truy cp chun nh sau: Danh sch- truy cp s {cho php /t chi} [a ch IP ] [mt n]

26

Mi danh sch truy cp c ch nh mt s duy nht nhn dng danh sch ring bit cng nh khai bo loi danh sch truy cp h iu hnh ca b nh tuyn . Chun danh sch truy cp IP ca Cisco c ch nh mt s nguyn t 1 n 99. Mt pht hnh mi ca h iu hnh nh tuyn ca Cisco cho php nh ngha tn danh sch truy cp . Tuy nhin, v t tn danh sch truy cp ngc li th khng tng thch vi cc phin bn h iu hnh b nh tuyn c trc, chng ti s s dng danh sch s trong cc v d c trnh by trong phn ny. Bi v danh sch truy cp chun ch h tr lc a ch ngun, a ch IP nh dng trong danh sch truy cp trn b gii hn m t khi u ca gi. Mt n theo a ch IP c nh r trong mt cch thc tng t nh cch thc m trong mt mt n mng nh r khi che mt a ch IP. Tuy nhin, khi dng mt danh sch truy cp, s nh phn 0 trong mt n c s dng nh mt php 'so snh', trong khi s nh phn 1 c s dng nh l s bt buc. iu ny l vn ngc nhau v vic s dng cc s nh phn 1 v cc s nh phn 0 trong mt mt n mng che mt a ch IP. Mt s khc bit l b nh tuyn ca Cisco thut ng mt n c s dng vi mt danh sch truy cp da vo l bng mt mt n wildcard, khng nh mt n mng hoc mt n mng con. minh ha vic s dng mt mt n wildcard ca b nh tuyn Cisco chng ti cho rng b nh tuyn ca t chc bn c kt ni vo Internet v cu hnh mng ca bn c minh ha trong hnh 2.3. Vi mt World Wide Web server nm sau b nh tuyn. Chng ti tip tc gi nh rng bn mun cho php tt c cc my ch trn lp C mng ti a im khc c a ch IP l 205.131.176.0 truy cp vo server. Nu bn s dng mt network mask truyn thng thnh phn ca n l 255.255.255.0. Vit mng v mask di dng nh phn s cho kt qu sau y, y k t x l iu kin 'khng quan tm', s nh phn 1 hoc 0 c th xy ra trong v tr bit thch hp : a ch mng 205.131.176.0 =11001101.10000011.10100110.00000000 mask mng 255.255.255.0 =11111111.11111111.11111111.00000000 =
-

--- - - - --- - - --- - - - --- - -kt qu a ch ph hp 11001101.10000011.10100110.xxxxxxxx

27

Hnh 2.3 Cu hnh mng ca Cisco Lu rng s nh phn 1 trong network mask m t mt so snh trong khi s nh phn 0 m t mt ph hp khng iu kin. Khi lm vic vi danh sch truy cp ca Cisco, s dng cc s nh phn 1 v 0 trong wildcard mask l nghch o. Tc l mt s nh phn 1 ch r mt ph hp khng iu kin trong khi mt s nh phn 0 ch r mt iu kin so snh. Tuy nhin, nu bn s dng cng thnh phn mask thay v nghch o thnh phn ca n, bn s c nhiu kh nng t c mt kt qu m khng cn cc yu cu hot ng ca bn. iu ny c minh ha bng v d sau, y mt wildcard mask c s dng thay v mt network mask: a ch mng 205.131.176.0 =11001101.10000011.10100110.00000000 Wildcard masks 255.255.255.0 =11111111.11111111.11111111.00000000 --- - - - --- - - --- - - - --- - - -Kt qu a ch ph hp xxxxxxxx.xxxxxxxx.xxxxxxxx.00000000 Trong v d trn bt k gi tr trong ba v tr nhm tm th nht c php di bng gi tr nhm tm cui cng (nhm cui cng tt c bng 0). iu ny r rng khng phi l mt gii php tha ng n i hi phc v Web khng c tht trc y ca chng ti. Tuy nhin, nu chng ta t cc s 0 trong wildcard mask th thng thng chng ti t cc s nh phn 1 trong network mask v ngc li, chng ti s nh ngha ng n wildcard mask. Sa i hot ng mt n mt ln na, chng ti thu c nh sau: : 28

a ch mng 205.131.176.0 =11001101.10000011.10100110.00000000 Wildcard mask 0.0.0.255 =00000000.00000000.00000000.11111111


-

--- - - - --- - - --- - - - --- - --

Kt qu a ch ph hp =11001101.10000011.10100110.xxxxxxxx Lu rng vic to thnh cc kt qu mask trn trong bt k my ch trn mng 205.131.176.0, yu cu m chng ti phi p ng. Mc d vic s dng wildcard mask ca Cisco c th b mt cht bi ri u tin ,c bit nu bn c mt lng kinh nghim ng k trong s dng subnet mask,ch mt khi nim nm c, n s p dng d dng n danh sch truy cp bng subnet mask n a ch mng. Tuy nhin, n l v cng quan trng hy nh rng wildcard mask l mt nghch o network mask, bao gm chc nng ca cc s nh phn 0 v 1, v tr ca chng trong mask v p dng n cho ph hp. By gi chng ta tm hiu s hnh thnh v cch s dng wildcard mask ca Cisco,chng ta quay tr li v d v hon tt vic to thnh danh sch truy cp chun .Danh sch truy cp c xy dng nh sau: Danh sch truy cp 77 cho php 205.131.176.0 0.0.0.255

Trong v d ny, chng ti s dng danh sch s 77, n t 1 n 99 ,nh ngha danh sch truy cp bng danh sch truy cp chun n h iu hnh b nh tuyn. Ngoi ra lu rng a ch mng 205.131.176.0 v wildcard mask 0.0.0.255 trong iu kin khng quan tm vi bt k gi tr trong nhm tm cui cng ca a ch mng, cho php bt k my ch trn mng 205.131.176.0 c cc gi ca n chy thng qua b nh tuyn m khng b lc. Vi tin tc na lin quan n danh sch truy cp cn ch . Trc tin, nu bn b qun mt mask t mt lin kt a ch IP, mt mask n 0.0.0.0 l gi nh, ng thi c yu cu ph hp gia a ch IP danh ngha trong danh sch truy cp v gi xy ra, cho php hoc t chi trong danh sch truy cp ly hiu lc. Th hai, nh cp trc , mt danh sch truy cp n t chi tt c cc truy cp khc. iu ny tng ng chm dt danh sch truy cp vi pht biu sau: Danh sch truy cp 77 t chi 0.0.0.0 255.255.255.255

cung cp mt v d na ca vic s dng danh sch truy cp chun, chng ta cho rng mng s dng mt b nh tuyn kt ni gia hai phn Ethernet vi nhau.

29

Hnh 10.4 S dng b nh tuyn kt ni hai phn Ethernet Xem xt vic s dng b nh tuyn minh ha trong hnh 10.4, chng ti gi s phn 1 c a ch mng 198.78.46.0 v bn mun cho cc my khch vi a ch my ch .16 v phn .18 trn phn 1 truy cp vo bt k my ch nm trn phn 2. lm nh vy, cu hnh nh tuyn u tin ca bn bao gm p dng danh sch truy cp n u giao din ra trn Ethernet 1 (E1),s bao gm cc pht biu sau : Giao din Ethernet 1 Nhm truy cp ra 23 Danh sch truy cp 23 cho php 198.78.46.160.0.0.0 Danh sch truy cp 23 cho php 198.78.46.180.0.0.0 Trong v d trc lu rng pht biu nhm truy cp c s dng nh ngha dng d liu trc tip c kt hp vi mt danh sch truy cp. Ngoi ra lu rng danh sch truy cp c p dng n giao din ra trn Ethernet 1 thay v n giao din vo trn Ethernet 0 (E0) theo hng nh tuyn t phn 1 bng mt danh sch truy cp vo. Trong khi c hai phng php lm vic, phng php sau khng xem xt hiu qu chn tt c cc lu thng khc t phn 1 li. Do , trong v d ny chng ti quyt nh p dng danh sch truy cp n giao din ra trn E1. By gi chng ta c mt nh gi chun danh sch truy cp IP, chng ta chuyn s ch n h hng m rng ca chng. Danh sch truy cp m rng 30

Mt chun danh sch truy cp c gii hn nh r mt b lc qua vic s dng mt a ch ngun IP . So snh, mt danh sch truy cp m rng cung cp cho bn kh nng lc a ch ngun, a ch ch v thng tin ca giao thc lp, v d cc gi tr UDP v TCP. Trong thc t, danh sch truy cp m rng cung cp cho bn kh nng to ra rt nhiu gi lc phc tp ,kh nng ca cc b lc ny c th m rng ng k vt ra ngoi gii hn danh sch truy cp chun. Danh sch truy cp m rng nh dng nh sau : S danh sch truy cp {cho php /t chi} giao thc a ch IP ngun Source-mask a ch IP ch destination-mask/ [ton hng iu hnh] [thit lp] Tng t danh sch truy cp chun, danh sch m rng c nh s. Danh sch truy cp m rng c nh s t 100 n 199 phn bit chng t danh sch truy cp chun IP. Tham s giao thc nh ngha r giao thc TCP/IP, chng hn nh ip, tcp, UDP, ICMP v mt s nh tuyn giao thc c th c lc. V d sau gm giao thc nh tuyn cng ni IGRP (Interior Gateway Routing Protocol) v ng dn ngn nht m th nht OSPF (Open Shortest Path First ). Cc i s a ch IP ngun v ch m t a ch IP ngun v ch c biu din bng du chm thp phn. i s source-mask v destination-mask m t nh tuyn wildcard c s dng trong cng mt cch nh c m t trc y khi chng ti nghin cu hot ng ca danh sch truy cp chun. t c kh nng nh r thng tin thm vi cc gi lc, bn c th ty chn cc i s hot ng v ton hng trong danh sch truy cp m rng ca bn. Khi s dng hot ng v ton hng c th c thu so snh gi tr cng tcp v udp. Lin quan n tcp v udp, i s cc hot ng c th l mt trong bn t kha sau: LT: t hn GT: ln hn EQ: bng NEQ: khng bng Trong s so snh, i s ton hng m t gi tr nguyn ca cng ch vi giao thc c nh r. i vi giao thc TCP c h tr ty chn l t kha 'thit lp'. Khi nh r, mt ph hp xy ra nu mt chng trnh d liu TCP c ACK hoc trng bit ci t RST, ch rng mt thit lp kt ni xy ra. minh ha vic s dng mt danh sch truy cp m rng, chng ti gi nh rng b nh tuyn minh ho trc trong hnh 2.4 s c kt ni vo Internet. Chng 31

ti tip tc gi nh rng bn mun cho php bt k my ch trn mng, ng sau b nh tuyn c a ch IP l 198.78.46.0 thit lp kt ni TCP vo bt k my ch trn Internet. Tuy nhin, chng ti cng cho rng, ngoi tr chp nhn th in t thng qua giao thc vn chuyn th n gin SMTP (Simple Mail Transport Protocol), n l chnh sch t chc ci bt k my ch trn mng Internet t thit lp cc kt ni TCP n my ch trn mng 198.78.46.0 hon thnh trc cng vic, bn phi bo m rng yu cu u tin cho mt kt ni SMTP l c thc hin trn cng ch 25 TCP , xy ra t s cng ln hn 1023, vi khi u lun lun s dng cng ch 25 truy cp trao i mail trn t chc mng ca bn v my ch kia s dng s cng ln hn 1023. Trn c s trc v gi thit rng a ch trao i th trn mng 198.78.46.0 l 198.78.46.77, sau y l hai danh sch truy cp c:

Danh sch truy cp 101 cho php tcp 198.78.46.00.0.0.255 0.0.0.0 255.255.255.255 Danh sch truy cp 102 cho php tcp 0.0.0.0 255.255.255.255 198.78.46.07 0.0.0.255 c thit lp. Danh sch truy cp 102 cho php tcp 0.0.0.0 255.255.255.255 198.78.46.07 EQ25 Giao din ni tip 0 Nhm truy cp ip 101 Giao din Ethernet 0 Nhm truy cp ip 102 Trong v d trc lu rng danh sch truy cp 101 c p dng n cng ni tip b nh tuyn v c xy dng cho php bt k my ch trn mng 198.78.46.0 thit lp mt kt ni TCP vo Internet. Danh sch truy cp th hai c nh s 102 trong v d trn c p dng cho giao din Ethernet 0 (E0) c minh ha trc trong hnh 2.4. Pht biu th nht trong danh sch truy cp 102 cho php bt k gi TCP m t mt thit lp kt ni xy ra. Trong khi pht biu th hai trong danh sch truy cp cho php cc gi TCP t bt k a ch ngun no chy n a ch mng nh r 198.78.46.77 vi gi tr cng 25 thng qua giao din. V vy, mt kt ni vo qua cng 32

25 phi xy ra ng th t cho pht biu th nht trong danh sch truy cp 102 cho php cc gi tin thnh cng vi s cng ln hn con s 1023 thng qua b nh tuyn. Hn ch Mc d cc danh sch truy cp cung cp mt kh nng ng k lc gi tin, chng c xem l mt k thut bo mt ton din. Nh vy, trong ton b nghin cu danh sch truy cp ny ca Cisco, chng ta cn ch nhng vn lin quan n hn ch ca chng. Trong nghin cu danh sch truy cp, chng ti lu rng chng c xy dng b lc da trn a ch mng. iu ny c ngha l chng d b tn cng mo danh a ch hoc bt chc. Thm na kho gii hn lin kt vi s dng ca chng trn thc t chng khng ghi ch hoc khng gi l mt phn tn ti lp hi thoi hoc vn hi thoi nhiu hng. iu ny c ngha l ngi ta c th chy mt t in tn cng thng qua gi lc kh nng (ca b nh tuyn) nu a ch ca h khng b chn.Tng t nh vy, mt my ch c php truy cp ftp c th pht hnh mt lnh mget *.* v ly mt vi gigabyte d liu t server, hiu ng to ra mt cuc tn cng t chi dch v. V cc gii hn trc, hu ht cc t chc b sung nh tuyn danh sch truy cp thng qua dch v proxy kt hp vi bc tng la m n l ch ca phn k tip.

2.3 S DNG DCH V BC TNG LA (PROXY) Bng vic s dng giao thc TCP/IP c m rng trong nhng nm 1990 vi s tng trng s dng Internet, cc t chc bt u nhn ra rng mt mi e da i vi an ninh mng khi mng ca h c kt ni vo Internet. Khi hi vin hc vin, chnh ph v cc mng li thng mi c ni vo Internet, chng tr thnh ch tn cng khng gii hn ngi dng my tnh nm khp ni trn th gii. Danh sch truy cp b nh tuyn cung cp mt k thut cho php hoc khng cho php lung cc gi thng qua cng b nh tuyn da vo a ch IP ngun, IP ch v loi d liu ng dng c biu din di dng s cng.T chc bt u nhn ra rng bn thn danh sch truy cp nh tuyn khng ngn chn ngn cn nhiu loi hot ng khng mong mun n my ch c tr ng sau b nh tuyn. Mt gii php c trnh by cung cp mc an ninh cao hn n t chc mng l s dng mt bc tng la s dng nng lc dch v proxy nm ng sau b nh tuyn, dch v proxy l tiu im ca phn ny.

33

Trong phn ny u tin chng ta xem ngn gn hot ng danh sch truy cp nh tuyn v vi gii hn ca n.S dng thng tin ny nh l mt c s,ri chng ta s m t v tho lun nhiu loi hot ng khc nhau ca dch v tng la proxy v chng c th s dng nh th no thu c mt mc bo v mng nng cao. 2.3.1 Nhng gii hn danh sch truy cp Hu ht cc b nh tuyn cha mt kh nng lc gi c to thnh bng cch m ha mt hoc nhiu pht biu vo trong mt vn c da vo mt danh sch truy cp, sau p dng danh sch truy cp n mt giao din nh tuyn. Cc pht biu danh sch truy cp gm cc tham s c nh gi ngc li cc gi tr trong trng gi nh dng ti lp 3 v 4 trong m hnh tham kho kt ni h thng m OSI ca t chc chun quc t ISO. Trong mi trng giao thc TCT/IP iu ny ngha l mt danh sch truy cp u tin hot ng bng vic kim tra a ch IP ngun v ch trong mt gi v s cng c cha trong gi m c nh ngha ng dng ang c vn chuyn trong gi nh dng lp 3 v 4 ca m hnh tham kho ISO. Mt cha kha gii hn kt hp vi vic s dng danh sch truy cp l s tht m chng l trong hiu ng che vi kha cnh n hot ng ang c cho php. Nhng kt qu ny t danh sch truy cp nh tuyn khng c kh nng nhn xa hn vo trong cc ni dung ca mt gi v xc nh hot ng c hi c xy ra hay khng v nu vy, ngc li dng hot ng hoc pht ra mt tin nhn bo ng thch hp n mt hoc nhiu ngi trong dng tn hiu m thanh , tin nhn th, trang bo ng hoc kt hp cc k thut nh vy. Minh ha tim nng gii hn ca danh sch truy cp nh tuyn xem xt ng dng giao thc vn chuyn tp FTP (File Transfer Protocol) ph bin dng truyn tp gia cc my ch. Khi s dng danh sch truy cp nh tuyn ,bn c th cho php hoc t chi cc phin ftp da trn a ch IP ngun hoc a ch IP ch c cha trong mi gi thng tin ftp vn chuyn. Tin rng t chc ca bn vn hnh mt ftp server h tr truy cp n danh,cho php bt c ai ni n Internet truy cp v ly li thng tin t ftp server, mt s kin tng i chung trn Internet. Chng ta hy cho thm rng t chc ca bn c s tp ln trn server c kh nng ti d liu. iu ny c ngha ngi ta c th c hoc khng c s dng lnh ftp mget(multiple get) ly li mt s tp ln vi mt dng lnh vo ftp. Trn thc t nu ngi ta truy cp, ftp server ca t chc bn a ra lnh mget s dng du hoa th (*) trong tn tp(file) hot ng wildcard v v tr tp m rng c to thnh t dng lnh mget *.* ri lnh ny a n trong ftp server ca t 34

chc bn ti xung mi tp trong th mc, sau n ngi dng u xa. Nu t chc ca bn c s tp ln, d liu lu tr tp hp vi gigabytes v tc kt ni vo Internet thp, chng hn 56 kbps,64 kbps hoc kt ni T1, s dng mt lnh mget *.* c th lin kt ra ngoi dng kt ni Internet nhiu gi v nhiu ngy. Nu t chc ca bn hot ng mt word wide web server cng nh mt ftp server v cung cp truy cp Internet n nhn vin qua mt ng dy truy cp, s dng mget trn c s c xem xt m t c n gin nhng phng php t chi dch v tn cng hiu qu (DOS). Loi tn cng ny l hon ton hp php,nh ngi ta thu lnh mget ang thc hin mt vn hnh hon ton hp l,thm ch thng qua kt qu vn hnh c th lin kt kt ni t chc ca bn n Internet cho nhiu gi hoc thm ch nhiu ngy. Mt cch tng t, cho php ngi ta c kh nng ti d liu n ftp server ca t chc bn ngha l chng c th xem xt s dng mget ngc li., l lnh mput. Thng qua s dng mput vi wildcard, chng c th ci t thit b 286 c v bm nhiu gigabyte d liu n ftp server ca bn, cn tr phn chia v ng dy truy cp Internet ca t chc bn. Tha nhn rng cn nghin cu hot ng lp ng dng v cung cp cc t chc vi kh nng iu khin ng dng dn n pht trin kh nng dch v proxy vi bc tng la. 2.3.2 Cc dch v proxy Cc dch v proxy m t thut ng c c im chung kt hp vi vic s dng proxy server. Proxy server thng thng c thc hin nh mt khi m ha phn mm trn bc tng la v h tr mt hoc nhiu ng dng cho cc hnh ng phc v nh mt vt trung gian hoc proxy gia mt yu cu v phc v hin ti ci m cung cp yu cu phc v .Khi thc hin trong cch ny,tt c yu cu cho ng dng nh r c xem xt u tin bng dch v hot ng proxy trn proxy server.Nu dch v proxy c cu hnh trc cho php hoc khng cho php mt hoc nhiu chc nng ng dng vi ng dng TCP/IP nh r th dch v proxy xem xt ni dung mi gi tin v c th mt chui gi tin v so snh ni dung n cu hnh dch v proxy. Nu ni dung ca gi tin hoc chui gi tin biu th mt hot ng nh r c cho php bi cu hnh ca dch v proxy th dch v cho php gi tin chy n server thch hp. Ngc li gi tin ngay lp tc gi n mt t thng ln trong bu tri hoc c th php. Server to ra tin nhn cnh bo v mt bo ng hoc tin nhn cnh bo n qun tr bc tng la hoc ngi c trch nhim khc . minh ha vic s dng dch v proxy, chng ta quay tr li v d truy cp ftp server ca chng ta. Mt dch v ftp proxy chung cho php qun tr bc tng la cho 35

php hoc lm mt hiu lc cc lnh ftp khc nhau. S dng chc nng ny, qun tr bc tng la c th iu khin kh nng ngi dng ftp a ra cc loi lnh ftp khc nhau, chng hn nh mget v mput. Trong mi trng Microsoft Window bn c th s dng mget kiu lung hoc kiu tng tc ln nhau.Lin quan na, ftp s nhc nh bn thng qua vic s dng du hi(?) l tp k tip s c truyn hoc khng c truyn. Mt v d s dng mget c minh ha trong hnh 2.5. Ch rng bng s nhp vo n gin mt s iu khin tr li l nhc nh? bn cnh tp c truyn. V vy ,n d dng lin h cho mt tin tc ghi mt m n lung tp khi s dng mget di kiu tng tc ln nhau ca Window v ano-brain di kiu lung ca n. Nu bn quen vi cch trong ftp server c cu hnh,bn hu nh chc chn nhn ra rng qun tr ftp server c gii hn ch nh c v/hoc vit cho php n danh mc v c th, ty theo h thng hot ng c dng n cc tp trong mt danh mc cho ngi s dng n danh hoc khng n danh, sau mt thut ng thng biu th ngi c mt ti khong trn server. Tuy nhin ,khng c k thut m tc gi ny c nhn thc cho php mt qun tr ftp server hoc mt qun tr nh tuyn cho php chn la hoc lm mt hiu lc cc lnh ftp ring l. V vy, mt dch v ftp proxy cung cp qun tr server ftp vi mt kh nng nng cao ng k c s dng cu hnh kh nng v chc nng dch v ftp m nhng ngi s dng khc c th truy cp.

Hnh 2.5

36

Hnh 2.5 S dng mget di windows NT i hi mt tr li n mi tp nhc nh, c th mt iu khin tr li. Kh nng thu dch v proxy l da vo s dng v tr bc tng la nm gia mt b nh tuyn v mng server c ni n mt mng LAN ng sau b nh tuyn.V vy,loi dch v proxy c th c cung cp ch gii hn bi nhu cu ca mt t chc v chng trnh ca cc chng trnh bc tng la.Vi loi dch v proxy ph bin na gm dch v proxy u cui xa Tenet , TN3720 ,Hypertext Transport Protocol(HTTP),dch v proxy ftp tho lun trc v dch v proxy ICMP.Sau y m t mt loi dch v proxy c bit v xng ng tho lun k lng v nng cao kh nng an ninh, n chc chn cung cp nhng g chng li cc loi tn cng ca tin tc. 2.3.3 Cc dch v proxy ICMP Giao thc tin nhn iu khin Internet ICMP (Internet Control Message Protocol) m t mmt giao thc lp 3 trong giao thc TCP/IP. ICMP quen vi truyn tin nhn li cng nh cc cu hi trng thi v tr li nhng cu hi . Nhng gi ICMP c to thnh bng vic s dng mt tiu giao thc Internet IP cha mt s thch hp trong trng loi (Type) ca n . Mc du s dng ICMP l u tin c nh hng theo vn chuyn tin nhn li gia thit b hot ng giao thc TCT/IP v vn chuyn n ngi s dng mng,giao thc cng c s dng ph bin bi nhiu c nhn m hu nh khng bit chc chn rng chng ang s dng gi truyn dn ICMP. Hai trong cc loi gi ICMP ph bin l yu cu phn hi(Echo Request) v yu cu tr li ( Response Request), loi c bit n hu ht mi ngi l hot ng Ping hoc ng dng. ng dng Ping c thc hin trn mt giao thc TCP/IP nh r, mt ngi dng tiu biu vo tn lnh ng dng Ping tip theo tn my ch (host) hoc a ch IP my ch v mt hoc nhiu tham s ty chn m cc tham s nh hng n cch hot ng ca Ping. S dng Ping vi nh ban u nh mt k thut cho php ngi dng xc nh mt my ch t xa l hot ng v s dng giao thc TCP/IP. Ping mt my ch xa mt gi yu cu phn hi (Echo Request ) ICMP kt qu my ch xa gi li mt gi tr li (Echo Response ) ICMP nu my ch xa nhn c, sn sng hot ng v thc hin chc nng TCT/IP. L do s dng Ping cng lu nu mt my ch xa nhn c v Ping timeout ngha l my ch xa khng hot ng ,mt hoc nhiu thit b truyn thng trong ng dn n my ch xa c th b rt mch.Tuy nhin ,hu ht cc 37

trng hp Ping m t phng php x l s c u tin dng khi n xut hin m mt my ch khng tr li cu hi. B sung thm rng mt my ch sn sng n nhn v sn sng hot ng ,s dng Ping cung cp thng tin lin quan quanh ngt vng tr n my ch t xa. Kt qu thng tin ny t ng dng Ping trn vic ci t ng h khi u v ghi nh thi gian cho n khi nhn c mt cu tr li hoc thi gian khng lm g xy ra v thu c cu khng tr li. Thi gian gia truyn Ping v nhn mt cu tr li m t gi tin thi gian tr trn vng v cung cp thng tin qu gi l ti sao mt hot ng ph thuc thi gian nh sn phm thoi trn IP (VoIP). Khi thi gian u bn Ping mt ch s dng tn my ch,giao tc ca bn c th phi thc hin mt hot ng gi php a ch xc nh a ch IP cn cho nh tuyn trc tip chnh xc gi tin n ng ch ca n, nh hng thm mt s tr. Do , hu ht thc hin Ping bng mt nh pht ra gia t ba n nm gi yu cu lin tc phn hi. Tuy nhin, mt vi thc hin ca Ping cho php ngi dng t mt ty chn m kt qu trong my ch lin tc pht ra Ping, cho n khi ngi ta iu khin my tnh to ra Ping a ra mt CTRL-BREAK kt thc ng dng. Mc du lin tc Ping xut hin c th khng c hi, trong thc t n m t mt phng php cho tin tc bt u mt tn cng t chi dch v. iu ny bi v Ping my ch phi dng iu n ang lm, thm ch ch vi mili giy v tr li Ping vi mt gi tr li ICMP. Nu ngi ta ci t ng dng Ping Ping lin tc cng ci t kch c gi kch c mc nh 32 hoc 64 bytes, ty theo s thc hin,m ngi ta bt buc ch n tr li vi di tr li tng, mt iu i hi dng thm ti nguyn mng. Vn na kt hp khng gii hn s dng Ping l c th dng k thut khm ph my ch lm vic xa mng bng cch tn cng my ch t xa.V d, mt tin tc c th ghi mt m theo chu k thng qua tt c 254 a ch trn lp C mng IP bng k thut khm ph a ch hot ng hin ti. Da trn c s c trc, nhiu t chc c th c mun iu khin hot ng Ping v cc loi tin nhn ICMP khc. Trong khi nhiu sanh sch truy cp nh tuyn cung cp ngi qun tr kh nng lc gi ICMP da trn a ch IP ngun v/hoc ch v loi tin nhn ICMP, nh vy lc danh sch truy cp l mt hot ng ton b hoc khng. Tc l,mt danh sch truy cp nh tuyn khng th xem xt chn la v lu rng chui yu cu phn hi ICMP t cng a ch ngun xy ra sau mt s yu cu xc nh trc c truyn qua b nh tuyn v yu cu tip theo l ngn chn. So snh mt chc nng 38

dch v proxy ICMP c th cu hnh khc nhau gia chui gi yu cu phn hi n v c hoc khng c ci t ng dng Ping lin tc Ping mt host. Tng t, mt kh nng dch v proxy ICMP c th c thu phn bit gia mt ngi c truy cp mt server kh khn v mt ngi khc ang s dng ng dng Ping trong mt n lc khm ph tt c host trn mng ca t chc bn. V vy, dch v proxy ICMP m t mt loi dch v proxy quan trng ,mt dch v c th nng cao an ninh cho mng. 2.3.4 Hn ch Mc du dch v proxy c th cung cp mt nghin cu nng cao v an ninh mng, tuy nhin chng ta cn tho lun nhng hn ch ca chng. Trc tin, mt dch v proxy i hi xem xt ni dung chi tit ca cc gi tin ring l v chui ring l nhng lin quan n cc gi tin, buc cc ng dng cn phi tm hiu su v cu trc ca mi mt gi tin. iu ny dn n mt x l thm xy ra trn mi mt gi, m u l mc tr. Th hai, chui gi c c xem xt quyt nh nu n chp nhn cho php cc gi truyn n ch ca chng. iu ny ngha l mt hoc nhiu gi trong mi chui phi lm vt m hoc lu tr tm thi cho n khi dch v proxy xc nh nu cc gi tip tc i n ch ca chng hoc s c gi n b lu tr. iu ny c ngha l i hi thm b m lu tr trong dch v proxy hoc bc tng la v lu tr tm thi cc gi tin trc khi a n server. Trn thc t, theo kim tra cho php bi vi th nghim kim tra truyn thng, s dng dch v proxy t cc nh cung cp bc tng la khc nhau kt qu t 20% n 40% bng thng ca mt kt ni Internet ti server proxy . iu ny cng dn n mt gi t 20% n 40%. V vy, bn phi xem xt hiu qu tr dch v proxy v tim nng cn n nng cp ng dy truy cp Internet ca bn phng xa tim nng nng cao an ninh mng cho t chc mng ca bn. 2.3.5 V d hot ng By gi chng ta nh gi kh nng ca bc tng la proxy,chng ta s kt lun phn ny bng vic xem xt vi cu hnh mn hnh chn bc tng la ca GA Atlanta (sn phm bc tng la cu GA Atlanta). Hnh 10.6 Minh ha mn hnh Interceptors Advanced Policy Options (ty chn chnh sch ngn chn trc) trn mn hnh con tr biu din im bt tt kim tra kt hp vi lnh FTP PUT n khi ti ln FTP.Trong xem xt hnh 10.6 v mn hnh hin th chn, ch rng chng m t mn hnh hin th HTML s dng Netscape browser. K thut chn bc tng la pht ra dng HTML cho php ngi qun l mng xem v sa i cu hnh d liu bc tng la. bo v hot ng, bc tng la s dng mt m 39

(encryption) v cho php bng h tr giao thc SSL ca Netscape (Netscapes Secure Socket Layer) vi mt m tt c lu thng gia bc tng la v Web browser dng cu hnh bc tng la trong khi mt m c s dng xc thc.iu ny c ngha ngi qun l mng c th cu hnh an ton bc tng la qua Word Wide Web.

Hnh 2.6 S dng k thut cu hnh mn hnh chn bc tng la kha tt c lnh FTP PUT Cc lp s dng K thut chn bc tng la gm c mt lp nh ngha kh nng cung cp ngi dng vi mt k thut thay th cc mu a ch,thi gian trong ngy hoc URLs bng cc tn biu tng.Cc lp c bt u bng s chn la cc lp phm n trn tri phn chia ca cu hnh mn hnh.Bng cch s dng k hiu du bng lm tin t ,chng c phn bit t cc mu ch. Thng qua s dng cc lp, c th xem xt kh nng cu hnh ca bc tng la.V d mun iu khin truy cp t ngi dng ng sau bc tng la n dch v Internet. lm iu , u tin bn vo a ch IP ca my tnh, my tnh s cho php truy cp cc dch v chung m bn mong c s dng. Ri th nh ngha tn lp m s

40

kt hp vi nhm a ch IP v to ra mt chnh sch nh ngha dch v m cc thnh vin ca lp c cho php dng. Hnh 2.7 Minh ha s dng cu hnh mn hnh k tht bin tp chnh sch ngn chn cho php lu thng vo vi FTP, HTTP,Telnet v SNMP. Lu rng chnh sch ny s dng tn lp =ALL-Internal-Host trong hp c nhn From. Mc du khng biu din, bn s c s dng cu hnh lp u tin vo tn lp v a ch IP m bn mun kt hp lp .Ri th, chnh sch bin tp mi ny s cho php nhng a ch IP trong lp nh trc = ALL-Internal-Host s dng FTP, HTTP, Telnet v ng dng SMTP.

Hnh 2.7 Hnh 2.7 S dng k tht chn bc tng la to mt chnh sch cho php lu thng ra ngoi lFTP, HTTP, Telnet v SMTP t tt c ngi dng trong lp All-InternalHostnh r trc. Pht bo ng Kh nng ca bc tng la c nng cao ng k bi kh nng pht ra bo ng,cho php bc tng la bo ng ngi qun l mng hoc qun tr mng c th

41

tn cng vo mng ca h.Hnh 2.8 minh ha mn hnh hin th k thut chn Add Alert, vi mu biu din chn la IP-Spoof. Trong v d biu din trong hnh 2.8 bo ng IP-Spoof c s dng bng k thut biu th mt yu cu kt ni xy ra t my ch i hi c mt a ch IP khng thuc v n.

Hnh 10.8 S dng k thut cu hnh mn hnh Add Alert chn bc tng la Trong thc t,n rt kh nhn thy IP-Snoof xy ra. iu ny bi v, tr phi bc tng la thu nhn thng tin v a ch IP trc, chn hn nh v tr ca chng trn cc on truy cp l ginh c qua cc cng bc tng la khc nhau hoc ghi ch s gii hn trn a ch IP, gi s rng mt a ch IP l hp l. So snh,cc mu khc, chng hn t chi kt ni hoc tht bi cho php l d nhn thy hn. Vi mi mt bo ng, u tin bn phi ch r tn cho nh ngha bo ng, chng hn IP-Snoof cho mu . Sau chn la mu, bn c th ch r ngy, gi v tng s xy ra bo ng, khi c ph hp s to ra mt bo ng. S chn hoc h tr hai phng php to ra bo ng hoc qua th in t hoc trang Web. Nu bn chn la s dng trang web truyn bo ng, c th gm mt tin nhn, chng hn nh m bo ng s, ntch yu ca loi bo ng. Gi lc 42

Trong ton b xem xt hot ng bc tng la vn tt, chng ta xem xt lc gi ban u. Mc du kh nng lc gi ca chc nng bc tng la tng t chc nng nh tuyn, bc tng la thng cu hnh d hn v cung cp tnh mm do hn trong s cho php hoc khng cho php truy cp da trn ci t cc qui tc.

Hnh 2.9 S dng k thut cu hnh mn hnh chn bc tng la bin tp dch v mng HTTP. Lu rng giao thc HTTP c chn la biu din ,cng nh bin tp dch v .Ch cc ct dn nhn Max v rate. Ct c dn nhn Maxch th s ln nht ca cc kt ni ng thi cho php mi mt dch v trong khi ct c dn nhn Ratech th tc ln nht ca kt ni mi cho mi mt dch v trn c s cho php. Bng cch nh r cc mc cho mt hoc hai ct, bn c th iu khin truy cp ng k dch v mng m bn cung cp cng nh cn bng ti trn cc dch v s v nng.

43

Hnh 2.10 S dng cu hnh hin th k thut bin tp dch v chn bc tng la ci t mt chui qui tt khng ch n HTTP Trong v d ny ,dch v HTTP c php kt ni n 256 v xp hng i vo kch c 64 , gi tr gii hn trong khi ch i kt ni TCP HTTP. Tc vo ln nht 300 m t tc ln nht ca cc kt ni mi c cho php vo mt dch v HTTP. Ch mt ln tc ny vt qu, bc tng la s khng cho php tm thi truy cp n dch v khong thi gian mt pht. Nu bn cho php c truy cp bn trong v truy cp bn ngoi n mt Web server, kh nng iu khin tc ln nht ca kt ni vo n dch v lin quan c th l mt v kh quan trng trong chin tranh chng li cc cuc tn cng t chi dch v. Vi k thut ny, ngi ta c tnh lm hi hoc nhm tin tc lp trnh mt hoc nhiu my tnh a ra dch v gi ban u yu cu s dng a ch IP ngu nhin. T mi kt qu yu cu truy cp dn n server ban u mt tr li bt tay, s tr li trc tip n a ch gi m khng p ng. Server s gi kt ni 60 hoc 120 giy, iu ny m t khong thi gian mt ngi dng hp l khng cho php truy cp server trong khi kh nng kt ni ca n l ln nht. Trong khi khng c mt hnh thc gii php n vn ny,bn c th dng ty chn kt ni Max gii hn kt ni HTTP v bn lun c th cho php ngi dng bn trong truy cp Web server ca bn. Thm na, nu bn nh r tc kt ni Max thp,

44

bn c th ph nhn vi ng lt ca kt ni gi, cho php vi ngi dng hp l vi ti Web server ca t chc bn. Khong trng xem xt Trong khi nh tuyn v bc tng la c th c s dng ngn cn khng chng thc truy cp n mng my ch, chng khng bo m an ninh kt ni truyn thng gia my khch v server hoc an ninh d liu c vn chuyn. ginh c an ninh ny, bn phi s dng vi loi chng thc v m ha. V d, khi s dng Web browser,bn nn xem xt s dng hai quan h giao thc Internet, SSL(Secure Sockets Layer) c pht trin bi Netscape hoc S-HTTP(Secure Hypertext Transfer Protocol) c pht trin bi Enterprise Intergration Technologies, cng nh giy chng nhn s c th s dng t vi t chc.Vi tr k thut mt m c s dng kha mt m cng cng cho chng nhn s cho php cung cp chng thc.

2.4 BIN DCH A CH MNG Nh c cp u tin ca chng ny ,chng ta s kt lun chc nng nh tuyn v bc tng la.Chc nng l bin dch a ch mng NAT(Network Address Translation). iu ny c tin trin bi v s khan him a ch IPv4. V s dng Internet m rng,kh nng t chc ginh c ng k a ch IP t cc nh cung cp dch v ca h tr nn kh khn hn. Thc t nhn ra rng ch mt phn nh ngi s dng mng ni ht truy cp Internet cng lc, c th cc t chc ch nh mi trm mt a ch IP ring, tiu biu t mt trong khi a ch d tr trong RFC 1918, n c bao trm trong chng trc. Ri th, mt bin dch a ch c dng sp t hoc bin dch a ch IP ring trong a ch ng k trn thit b. Nu mt t chc c 1000 trm, sp xp 1000 a ch IP ring khng ng k n a ch 254 trong lp C mng cho php mt a ch mng lp C c s dng thay v bn. Tuy nhin, nhiu hn 254 ngi dng i hi truy cp Internet ng thi, vi yu cu ngi dng phi c xp hng cho n khi mt a ch ng k s dng trc cho php. Mc du NAT c pht trin u tin nh mt k xo bo tn a ch Ipv4, bn cnh li ch ca s dng n l n a ch ca trm bn cnh b bin dch. iu ny ngha l mt tn cng trc tip trn t chc my ch l khng th di hn v dn n chc nng ngn chn NAT c thm vo bc tng la trong nh tuyn. Bt chp thit b s dng cho php NAT,hot ng ca n l tng ng. Tc l,bng cc gi n thit b cho php NAT, a ch ngun ring c bin dch vo trong 45

a ch cng cng. So snh,cc gi vo c a ch IP cng cng ca chng bin dch vo trong a ch IP ring tng ng ca chng da trn trng thi bn a ch IP c duy tr bi thit b. ============================================================== 2.4.1 Bin dch cc loi a ch C ba loi NAT m thit b c th thu.Cc loi ny hoc cc phng php bin dch a ch gm NAT tnh, pooled NAT v mc cng NAT vi tr cng da vo bin dch a ch cng PAT(Port Address Translate). NAT tnh NAT tnh dn n bn c nh ca mi my ch trn mt mng bn trong n mt a ch trn mng m rng.Mc d bn tnh khng cung cp mt ti to s a ch IP cn bi t chc, sau n c cu hnh thm hot ng cn thit v bng tra cu n gin ca n gim n mc ti thiu. Gp vn NAT Khi mt k thut gp vn NAT c s dng,mt phn a ch trn mng m rng c s dng cho ch nh a ch IP ng trong v tr a ch ring trn mng bn trong. Mc du gp vn NAT cho php ngi dng bo tn s dng a ch IP cng cng, s dng ca n c th chc chn nh hng bt li cc loi ng dng. V d, SNMP qun l vt cc thit b da trn a ch IP thit b v nhn dng i tng. Bi v gp vn NAT c ngha l a ch mng s l nhiu hn ging nh thay i vt thi gian, iu ny ngha l cc thit b pha trc thit b bin dch khng c cu hnh chc chn truyn cc by li n thit b ng sau thit b bin dch. Mt gii php c th cho vn ny l bn lu di mt qun l SNMP n a ch IP trong khi tt c nhng thit b khc chia s a ch cn li trong vn a ch. D nhin, thit b h tr gp vn NAT cng phi cho php kh nng h tr bn tnh. Bin dch cng a ch Mt loi kt qu bin dch a ch th ba trong bn a ch bn trong n mt a ch IP n trn mng m rng. hon thnh iu ny, b bin dch a ch ch nh s cng khc nhau n trng cng ngun TCP v UDP. S cng c s dng cho bn l trn 1023, cung cp 64512(=65535-1023) ng thi TCP/IP hoc UDP/IP kt ni trn mt a ch n. Bi v bn xy ra n mt a ch n thng qua vic s dng s cng khc nhau, k thut ny c da vo bin dch a ch cng PAT (Port Address 46

Translate). S dng kt qu PAT trong tt c lu lng truyn dn v pha trn mng cng cng xut hin n t a ch IP n. Bt k phng php s dng NAT, s dng ca n n a ch IP hin ti ca t chc mng. Khi c kt hp cht ch vo trong bc tng la, NAT m t mt k thut buc a ch IP trc tip tn cng bc tng la v hy vng rng cc l thuyt v bc tng la lm tin nghin cu phn cng chng li cc tn cng trn mng.

47