Triển khai Ipsec trên ipv6 trong window server 2008

HC VIN K THUT MT M
KHOA CNG NGH THNG TIN

TI THC TP C S :
Trin khai cng ngh IpSec trn giao thc IPv6 trong mi trng Window Server 2008
Gio vin hng dn :Nguyn Hng Vit Sinh vin thc hin : Dng Vn Tuyn Nguyn Quc Thun Nguyn Vn Nht
HC VIN K THUT MT M
KHOA CNG NGH THNG TIN TI THC TP C S :
Nhn xt ca gio vin hng dn :.. .. .. .. .. .. .. im chuyn cn ca nhm : . Chm im kt qu bn in hon chnh ca bo co thc tp ..
Lp AT5C-Hc Vin K Thut Mt M
Li ni u....4 Chng I.Tm hiu v Window Server 2008 I.1.Gii thiu Window Server 20085 I.2.Cc cng ngh ca Window Server 2008..6 I.2.1.Web...6 I.2.2.o ha...7 I.2.3.Bo mt.....7 I.2.4.Nn tng hp nht cho cng vic ca doanh nghip.....8 I.3.So snh cc h thng Windows,Linux,Unix..9 I.3.1 Windows,Linux(gi c,tnh nng,qun l,bo tr,bo mt.).9 I.3.2 Windows,Unix(gi c,tnh nng,qun l,bo tr,bo mt,.)..9 Chng II.Tm hiu v IPv6 II.1.Gii thiu Ipv610 II. 2.Phn loi IPv612 II.2.1- Unicast Address ..12 a. Global Unicast Address...12 b. Link-local Addresses13 c. Site-Local Addresses....................................................................14 d. Unique Local Address...14 II.2.2 Anycast Address................................................................................14 II.2. 3 Multicast Address............................................................................15 II.2.4 Cc loi a ch IPV6 c bit...........................................................15 II.3.Header Ipv6.16 Chng III. Tm hiu IPSec III.1.Tng quan..19
III.2.Cu trc bo mt 19 III.3.Hin trng...20 III.4.Thit k theo yu cu.20 III.5.Mode..2 0 III.5.1.Transport mode 20 III.5.2.Tunnel mode 21 III. 6. Phng thc 21 III.6.1.Authentication Header (AH)...21 III.6.2.Encapsulating Security Payload (ESP)...22 III. 7. Trao i kha trong IPSEC - Key Exchange(IKE).23 III.7.1 Trao i kha trong IpSec - Key Exchange(IKE)..23 III.7.1.1 ISAKMP phase 1.23 III.7.1.2 ISAKIMP phase 2...24 III.7.2 IKE Modes ....24 Chng IV:Demo..27 ( Trin khai Ipsec trn giao thc ipv6 trong window server 2008,dng cc Tool Network monitor,wireshark phn tch gi tin)
Danh mc bng
Bng 1- So snh Windows vi Linuxi Bng 2- So snh Windows vi Unix.ii Bng 3- M hnh AH header iii Bng 4- M hnh ESP...iv
Danh mc hnh v
Hnh 1- Global Unicast Addressi Hnh 2- Link-local Address...ii Hnh 3- Site-local Address iii Hnh 4- Unique Local Address..iv Hnh 5- Header Ipv6...v Hnh 6- Trao i kha trong IPSec IKE.vi Hnh 7- Main Mode..vii Hnh 8- Aggressive Mode viii Hnh 9- Quick Mode..ix Hnh 10- New Group Mode x
Li ni u
giao tip trn mng, chng ta cn a ch IP. Tng t cch thc chng ta gi th qua bu in, l th cn ghi r ni gi, ni n, mi gi tin (d liu) khi gi qua mng cng gm 2 thng tin: a ch IP ngun (ni gi), a ch IP ch (ni n). C 2 loi a ch IP: IP cng cng (public IP) cho php cc my tnh giao tip trn Internet, IP ring (private IP) cho php cc my tnh giao tip trong mng ni b (mng LAN). C khong 4 t a ch IPv4, chiu di 32 bit nh phn. a ch IPv6 c chiu di 128 bit nh phn, v vy IPv6 s c khong 340x1036 a ch. Cc chuyn gia cho rng con s a ch ny c th xem l v tn.Ipv4 ang cn kit nn vic chuyn sang Ipv6 l 1 tng lai khng xa. Khi chng ta giao tip qua mng liu c b tn cng , bo mt ra sao.Ring v giao thc IP c phn c ch bo mt thng qua IPSec(Internet Protocol Security) IPSec l tp hp y cc giao thc m bo thng tin truyn gia hai my tnh c m ha v bo mt trong h thng mng khng bo mt. Mng khng bo mt in hnh nht l Internet. IPSec c hai tc dng chnh l bo mt gi tin IP (IP Packet) v chng li cc tn cng. Chnh v s quan trng ca bo mt thng tin gip Nhm chn ti l nghin cu trin khai IPSec trn Ipv6 trong mi trng window server 2008
Chng I.Tm hiu v Window Server 2008

1.Gii thiu Window Server 2008 Microsoft Windows Server 2008 l th h k tip ca h iu hnh Windows Server, c th gip cc chuyn gia cng ngh thng tin c th kim sot ti a c s h tng ca h v cung cp kh nng qun l v hiu lc cha tng c, l sn phm hn hn trong vic m bo an ton, kh nng tin cy v mi trng my ch vng chc hn cc phin bn trc y. Windows Server 2008 cung cp nhng gi tr mi cho cc t chc bng vic bo m tt c ngi dng u c th c c nhng thnh phn b sung t cc dch v t mng. Windows Server 2008 cng cung cp nhiu tnh nng vt tri Lp AT5C-Hc Vin K Thut Mt M 6
bn trong h iu hnh v kh nng chun on, cho php cc qun tr vin tng c thi gian h tr cho cng vic ca doanh nghip. Windows Server 2008 xy dng trn s thnh cng v sc mnh ca h iu hnh c trc l Windows Server 2003 v nhng cch tn c trong bn Service Pack 1 v Windows Server 2003 R2. Mc d vy Windows Server 2008 hon ton hn hn cc h iu hnh tin nhim. Windows Server 2008 c thit k cung cp cho cc t chc c c nn tng sn xut tt nht cho ng dng, mng v cc dch v web t nhm lm vic n nhng trung tm d liu vi tnh nng ng, tnh nng mi c gi tr v nhng ci thin mnh m cho h iu hnh c bn. Ci thin cho h iu hnh my ch ca Windows Thm vo tnh nng mi, Windows Server 2008 cung cp nhiu ci thim tt hn cho h iu hnh c bn so vi Windows Server 2003. Nhng ci thin c th thy c gm c cc vn v mng, cc tnh nng bo mt nng cao, truy cp ng dng t xa, qun l role my ch tp trung, cc cng c kim tra tin cy v hiu sut, nhm chuyn i d phng, s trin khai v h thng file. Nhng ci thin ny v rt nhiu ci thin khc s gip cc t chc ti a c tnh linh hot, kh nng sn c v kim sot c cc my ch ca h
2.Cc cng ngh ca Window Server 2008 2.1.Web
2.2.o ha
2.3.Bo mt
10
2.4.Nn tng hp nht cho cng vic ca doanh nghip
3.So snh cc h thng Windows,Linux,Unix 3.1 Windows,Linux(gi c,tnh nng,qun l,bo tr,bo mt.) Window Server Red Hat Enterprise
11
-TCO:Chi Ph trin khai & s dng: $199-$3919 +Gim thi gian bo tr,qun l -Reliability - n nh +D cu hnh,qun l=>n nh hn (Chun ha,cung cp cc cng c qun tr c bn -mnh m..) +Kh nng tng thch,h tr t phn cng nhiu hn.. -Security-Bo mt +Qu trnh ti u ha bo mt,theo chun t khu thit k spbn thng mi +H tr ca cc hng bo mt -Choice-La chn +thuc hng sxpm c lp ln nht th gii +Thng dng,nhiu ng dng.
Chi Ph trin khai & s dng: Free $349-18000$ +Tnh ph h tr cho h iu hnh ny(server, Clustering..)
+Ci theo package(k ..) +Mt time cu hnh li 1 ht trong tng lai(bn v li mi,thiu tnh thng nht,kh support)
+Thiu s h tr t cc hng bo mt(m ngun m..) + nm 2006: l hng bo mt Windows Server <61% Novell Enterprise <73% Red Hat Enterprise Linux http://www.microsoft.com/windowsserver/com pare/ ReportsDetails.mspx?recid=23 )
+Mi sp l c trng ca 1 hng(Red hat,SUSe +Khng thng dng 3.2 Windows,Unix(gi c,tnh nng,qun l,bo tr,bo mt,.) -TCO:Chi ph trin khai: +Chi ph r p ng yu cu thng mi +window Server 2008 p ng nhiu yu cu v gi c,qun l,bo tr. -Mission-Critical Needs (ngdng trng yu). +Chi ph xy dng,bo dng,qun l cao
12
+ng dng a dng,ty tng loi,h tr a s cc cng ty va v nh,ln. + tin cy cho h thng ln <Unix +ng dng hn ch,chuyn vit cao,phn -Applications, Partners and Choice - ng dng, i cng gii hn,dng cho cty ln.. tc v la chn +M rng tin cy,bo mt +i tc,chuyn gia,k s hp tc nhiu.. +Phn cng p dng c h tr nhiu -Next Generation Technologies Trong tng lai cng ngh s th no? +Pht trin nhanh chng,hon thin,a dngnn tng cho nhu cu thng mi tng lai +L 1 cng ngh c,cc ng dng trong tng lai C th kh p ng yu cu thng mi +Cc hng phn mm,i tc,k s,chuyn gia t..(ch trng pht trin Unix) +Support kh khn(t ngi am hiu unix..)
13
Chng II.Tm hiu v IPv6

Nh chng ta bit IPv4 dng 32bit biu din a ch IP. S dng 32 bit ny, ta c th nh c khong 4,3 t a ch khc nhau.Nhng ch khong hn 10 nm sau khi ra i, vo na u thp k 90, nguy c thiu a ch IP xut hin ti 1 s nc nh Trung Quc, n , . gii quyt vn th IPv6 ra i. Vi 128 bit ln hn IPv4 gp 4 ln.y l khng gian a ch cc ln khng ch dnh ring cho Internet m cn cho tt c cc mng my tnh, h thng vin thng, h thng iu khin v thm ch l vt dng gia nh. 1.Gii thiu IPv6 IPv6 c tch hp trong Windows XP v Windows Server 2003,2008 nhng cha c s dng nhiu . Hin ti ngi ta ang quan tm nhiu n IPv6 v thc t mt s ni trn th gii ngi ta i vo trin khai chng Trong phn ny, nhm s gii thiu tng quan, cch trin khai v thit lp mt h thng mng c IPv6. IPv6 c tng cng l 128 bit c chia lm 2 phn: 64 bit u c gi l network, 64 bit cn li c gi l host. Phn network dng xc nh subnet, a ch ny c gn bi cc ISP hoc nhng t chc ln nh IANA (Internet Assigned Numbers Authority). Cn phn host l mt a ch ngu nhin da trn 48 bit ca MAC Address. a ch IPv6 c 128 bit, do vic nh c a ch ny rt kh khn. Cho nn vit a ch IPv6, ngi ta chia 128 bit ra thnh 8 nhm, mi nhm chim 2 bytes, gm 4 s c vit di h s 16, v mi nhm c ngn cch nhau bng du hai chm V d: FEDL:8435:7356:EADC:BA98:2010:3280:ABCD Nhng nu m vit theo kiu nh vy (p th c p ), nhng nhn mt hi nhc u w. Cho nn, cn phi n gin ci a ch ny mt cht. V IPv6 l mt a ch mi nn chng ta s ko xi ht 128 bits, cng ging nh SIM in thoi vy, u s 0122 mi ra c rt nhiu s v do chng ta c quyn la chn. V IPv6 cng vy, v mi ra cho nn s c nhiu s 0 cc bit u. Chng ta c th lc b cc s 0 ny i. Ti ly mt v d c th: a ch: 1088:0000:0000:0000:0008:0800:200C:463A > Bn c th vit 0 thay v phi vit l 0000, vit 8 thay v phi vit 0008,
14
vit 800 thay v phi vit l 0800 V y l a ch c rt gn: 1088:0:0:0:8:800:200C:463A Nhn chung nh vy cng c ri, nhng IPv6 cn c mt nguyn tc na l bn c th nhm cc s 0 li thnh 2 du hai chm ::, a ch trn, bn c th vit li nh sau: 1088::8:800:200C:463A Qua v d trn, bn s rt ra c 2 nguyn tc: - -Trong dy a ch IPV6, nu c s 0 ng u c th loi b. V d 0800 s c vit thnh 800, hoc 0008 s c vit thnh 8 -- Trong dy a ch IPv6, nu c cc nhm s 0 lin tip, c th n gin cc nhm ny bng 2 du :: ( ch p dng khi dy 0 lin tip nhau) V d 1: FADC:BA98::7654:3210 -> IPv6 c tng cng l 8 nhm, m trn c 4 nhm, nh vy gia 2 du hai chm, s l 4 nhm s 0. Vy a ch trn c th vit y l: FADC:BA98:0:0:0:0:7654:3210 V d 2: FADC:BA98:7654:3210:: -> c a ch y l: FADC:BA98:7654:3210:0:0:0:0 V d 3: ::FADC:BA98:7654:3210 -> c a ch y l: 0:0:0:0:FADC:BA98:7654:3210 C trng hp nh th ny: Gi s c a ch 0:0:0:AB65:8952:0:0:0, nh vy n gin a ch ny ta c 3 phng n nh sau: 1 ::AB65:8952:: 2 ::AB65:8952:0:0:0 3 0:0:0:AB65:8952:: Tuy nhin ch c p n 2 v 3 l ng. Mt nguyn tc na cn phi nh trong IPv6 l bn ch c th s dng 2 du hai chm mt ln vi a ch. Khng c vit nh vy ::AB65:8952::, v nu bn vit nh th s gy nhm ln khi dch ra y . V d: Nu bn vit ::AB65:8952::, th ngi ta c th on a ch y ca n nh th ny 0:0:AB65:8952:0:0:0:0 hoc 0:0:0:0:AB65:8952:0:0 , S dng cc a ch IPv6 trong vic truy cp URL Bn c th truy cp mt trang web bng tn hoc bng a ch IP. V d http://www.google.com.vn/ , c a ch IPv4 tng ng l 64.233.167.104. Vy bn hon ton c th vo website google.com.vn bng cch g: http://64.233.167.104 . Tng t nh vy bn c th truy cp mt trang web bng a ch IPv6 nhng phi n trong cp du {}. V d: http://{FEDL:8435:7356:EADC:BA98:2010:3280:ABCD} Ngoi ra, bn cng c th thm s port vo a ch URL, V d: http://{FEDL:8435:7356:EADC:BA98:2010:3280:ABCD}:80
15
2.Phn loi IPv6: IPv6 gm cc loi chnh sau y:
+ Unicast Address: Unicast Address dng xc nh mt Interface trong phm vi cc Unicast Address. Gi tin (Packet) c ch n l Unicast Address s thng qua Routing chuyn n 1 Interface duy nht + Anycast Address: Anycast Address dng xc nh nhiu Interfaces. Tuy vy, Packet c ch n l Anycast Address s thng qua Routing chuyn n mt Interface trong s cc Interface c cng Anycast Address, thng thng l Interface gn nht. Ch gn nht y c xc nh thng qua giao thc nh tuyn ang s dng + Multicast Address: Multicast Address dng xc nh nhiu Interfaces. Packet c ch n l Multicast Address s thng qua Routing chuyn n tt c cc Interfaces c cng Multicast Address nhn thy IPv6 khng c a ch Broadcast v chc nng ca a ch ny bao gm trong nhm a ch Multicast Ni tm li, c th hiu nh sau: Unicast : Gi ti 1 a ch xc nh Multicast: Gi ti tt c cc thnh vin ca 1 nhm Anycast: Gi ti 1 thnh vin gn nht ca 1 nhm By gi chng ta s i su vo tng loi : 2.1- Unicast Address: c chia thnh 4 nhm: a/ Global Unicast Address: a ch ny c s dng h tr cho cc ISP. Ni i khi cho d hiu l n ging nh a ch Public ca IPv4.
16
001: 3 bits u lun lun c gi tr = 001 TLA ID( Top Level Aggregation): Xc nh nh cung cp cao nht trong h thng cc nh cung cp dch v Res: cha s dng NLA ID (Next Level Aggregation): Xc nh nh cung cp tip theo trong h thng cc nh cung cp dch v SLA ID (Site Level Aggregation): Xc nh cc site to cc subnet Interface ID: L a ch ca Interface trong subnet
17
b/ Link-local Addresses: y l loi a ch dng cho cc host khi chng mun giao tip vi cc host khc trong cng mng. Tt c IPv6 ca cc interface u c a ch link local Theo hnh bn di, bn s thy 10 bits u tin lun l: 1111 1110 10 54 bits k tip c gi tr bng 0 -> Nh vy, trong Link Local Address: 64 bit u l gi tr c nh khng thay i (prefix : fe80::/64) + 64 bits cui cng l a ch ca Interface
V c mt lu dnh cho bn: Mt router khng th chuyn bt k gi tin no c a ch ngun hoc a ch ch l Link Local Address c/ Site-Local Addresses: Site-Local Addresses c s dng trong h thng ni b (Intranet) tng t cc a ch Private IPv4 (10.X.X.X, 172.16.X.X, 192.168.X.X). Phm vi s dng Site-Local Addresses l trong cng Site.
10 bits u tin lun l: 1111 1110 11 (Prefix FEC0::/10) 54 bits k tip : l gi tr Subnet ID 64 bits cui cng: l a ch ca Interface d/ Unique Local Address: Unique Local Address l a ch nh tuyn gia cc subnet trn mt private network
18
1111 1101 : 8 bits u l gi tr c nh FD00:: /8 40 bits k tip l Global ID : a ch Site (Site ID). C th gn ty 16 bits k tip l Subnet ID : a ch Subnet trong Site, c th to ra 65.536 subnet trong mt site 64 bits cui cng: l a ch ca Interface 2.2- Anycast Address: Anycast Address l a ch c bit c th gn cho nhiu interface, gi tin chuyn n Anycast Address s c vn chuyn bi h thng Routing n Interface gn nht. Hin nay, a ch Anycast c s dng rt hn ch, rt t ti liu ni v cch s dng loi a ch ny. Hu nh Anycast addresss ch c dng t cho Router, khng t cho Host, l do l bi v hin nay a ch ny ch c s dng vo mc ch cn bng ti. V d : khi mt nh cung cp dch v mng c rt nhiu khch hng mun truy cp dch v t nhiu ni khc nhau, nh cung cp mun tit kim nn ch mt Server trung tm phc v tt c, h xy dng nhiu Router kt ni khch hng vi Server trung tm, khi mi khch hng c th c nhiu con ng truy cp dch v. Nh cung cp dch v t a ch Anycast cho cc Interfaces l cc Router kt ni n Server trung tm, by gi mi khch hng ch vic ghi nh v truy cp vo mt a ch Anycast thi, t ng h s c kt ni ti Server thng qua Router gn nht. y tht s l mt cch x l n gin v hiu qu Khi tm hiu v a ch Anycast, chng ta s thy rt nhm ln. Bi v nu nh gn a ch ny cho mt Interface th n y nh l a ch Unicast, nhng khi gn cho nhiu Interfaces th n li c v nh l a ch Multicast 2.3 Multicast Address: Trong a ch IPv6 khng cn tn ti khi nim a ch Broadcast. Mi chc nng ca a ch Broadcast trong IPv4 c m nhim thay th bi a ch IPv6 Multicast. a ch Multicast ging a ch Broadcast ch im ch ca gi tin l mt nhm cc my trong mt mng, song khng phi tt c cc my. Trong khi Broadcast gi trc tip ti mi host trong mt subnet th Multicast ch gi trc tip cho mt nhm xc nh cc host, cc host ny li c th thuc cc subnet khc nhau. Host c th la chn c tham gia vo mt nhm Multicast c th no hay khng (thng c thc hin vi th tc qun l nhm internet Internet Group Management Protocol), trong khi vi Broadcast, mi host l thnh vin ca nhm Broadcast bt k n c mun hay khng. 2.4 Cc loi a ch IPV6 c bit: a. IPv4-Cpompatible Address (IPv4CA) : Format : 0:0:0:0:0:0:w.x.y.z Trong w,x,y,z l cc IPv4 Address Vd : 0:0:0:0:0:0:0:192.168.1.2 Lp AT5C-Hc Vin K Thut Mt M 19
IPv4CA l a ch tng thch ca mt IPv4/IPv6 Node. Khi s dng IPv4CA nh mt IPv6 Destination, gi tin s c ng gi (Packet) vi IPv4 Header truyn trong mi trng IPv4 b. IPv4-mapped address (IPv4MA) Format : 0:0:0:0:0:FFFF:w.x.y.z (::FFFF:w.x.y.z) Trong w,x,y,z l cc IPv4 Address Vd : 0:0:0:0:0:FFFF:192.168.1.2 IPv4MA l a ch ca mt IPv4 Only Node i vi mt IPv6 Node, IPv4MA ch c tc dng thng bo v khng c dng nh Resource hoc Destination Address c. 6to4 Address L a ch s dng trong lin lc gia cc IPv4/IPv6 nodes trong h thng h tng IPv4 (IPv4 Routing Infrastructure). 6to4 c to bi Prefix gm 64 bits nh sau : Prefix = 2002/16 + 32 bits IPv4 Address =64 bits 6to4 Address l a ch ca Tunnel (Tulneling Address) nh ngha bi RFC 3056 3.Header Ipv6
20
IPv6 l bn nng cp ca IPv4 , nh trong hnh trng Flow Label v Extension headers l nhng trng c thm mi vo trong IPv6 Cc trng c bn ca IPv6 Header: Version(4-bit) Phin bn ca giao thc IP. Trng ny cha gi tr 6 khc vi gi tr 4 ca IPv4 Traffic Class(8-bit) Trng ny c chc nay tng t trng Type of Service(ToS) trong IPv4. N c nh du gi tin IPv6 vi m Differentiated Services Code Point(DSCP), khi mt gi tin c nh du DSCP th cc router s bit gi tin c x l u tin nh th no. Flow Label(20-bit) Trng ny c tc dng nh du lung cho gi tin IPv6, n gip cho cc router chuyn gi tin mt cch lin tc t ngun ti ch . Flow Label c s dng trong IPv6 s h tr tt hn khi thc thi QoS. Khi nim mt dng (flow): Mt dng (flow) l mt chui cc gi tin c gi t mt ngun ti mt ch nht nh (c th l unicast hay multicast). Ngun s yu cu cc router c cc x l c bit i vi cc gi tin thuc mt flow. Vic cn phi x l nh th no i vi gi tin c th c truyn ti router bng mt th tc iu khin, hoc cng c th l thng tin cha trong chnh gi tin ca dng, v d nh header m rng hop-by-hop ca gi tin. Gia mt ngun v mt ch c th c nhiu dng. Vic kt hp gia a ch ngun v mt s Flow label khc 0 s xc nh duy nht mt dng. Nhng gi tin khng thuc dng no c s c thit lp ton b cc bt Flow Label c gi tr 0. Mi gi tin thuc cng mt dng phi c gi vi cng a ch ngun, cng a ch ch, v cng c mt s Flow label khc 0. Router x l gi tin s thit lp trng thi x l i vi mt label c th v c th la chn lu tr thng tin (cache), s dng gi tr a ch ngun v flow label lm kho. i vi nhng gi tin sau , c cng a ch ngun v gi tr flow label, router c th p dng cch thc x l da trn thng tin h tr t vng cache. Mt ngun IPv6 c th s dng 20 bt flow label trong IPv6 header xc nh gi tin gi i trong mt dng nht nh, yu cu cch thc c x c bit ca router. V d ngun yu cu cht lng dch v khng mc nh hoc dch v thi gian thc. Ti thi im hin nay, vic s dng trng ny trong thc thi QoS vn nm mc th nghim, cc tiu chun ho trng ny cn cha hon thin. Hin nay cha c mt cu trc thng dng cho vic s dng n. IETF ang tip tc tiu chun ho v a ra nhng yu cu r rng hn cho Internet v h tr trng Flow Label. Nhiu router, host cha h tr vic s dng trng label. i vi nhng router v host ny, ton b cc bt ca trng label s c thit lp gi tr 0 v cc host, router ny b qua trng khi nhn c gi tin. Payload Length(16-bit) - Dng o chiu di ca phn thng tin theo sau IPv6 Header Next Header(8-bit) Trng ny dng xc nh loi thng tin i sau header c bn ca IPv6. Cc loi thng tin c th l mt giao thc lp trn nh TCP hay UDP,
21
hoc n cng c th l Extension header. Trng ny ging vi trng Protocol ca IPv4 IPv6 Extension headers l mt la chn c th theo sau header c bn ca IPv6. Mt gi tin IPv6 c th khng c, c mt hoc l nhiu extension headers. Nh trong hnh ..... khi c nhiu extension headers cng c s dng trong gi tin IPv6, th chng c to thnh mt chui cc danh sch headers v c xc nh bi trng Next header ca header trc n. Khi gi i t ngun n ch, cc Node trung gian khng c php x l cc Extension Header n khi n trm ch, hoc nhng trm ch (trong trng hp Multicast) tr mt vi trng hp ngoi l. V vic x l cc Header ny cng phi din ra theo ng tun t m cc Header sp xp trong gi tin IPv6. Khng bao gi c php xy ra trng hp trm ch qut qua ton b gi tin v chn ra mt Header no x l trc. Trng hp ngoi l nh va cp chnh l trng hp Hop-by-hop Extension Header. S hin din ca Hop-by-hop Extension Header buc gi tin phi b kim tra bi tt c cc Node trung gian trn ng t ngun n ch, bao gm c trm ngun v ch. V vy, Hop-by-hop Extension Header lun phi ng sau IPv6 Header. S hin din ca Extension Header ny c ch th bi gi tr 0 trong Next-Header ca IPv6 Header. -Hop by Hop: l extension header c t u tin ngay sau header c bn. Header ny c s dng xc nh nhng tham s nht nh ti mi bc (hop) trn ng truyn dn gi tin t ngun ti ch. Do vy s c x l ti mi router trn ng truyn dn gi tin. -Destination: c s dng xc nh cc tham s truyn ti gi ti ch tip theo hoc ch cui cng trn ng i ca gi tin. Nu trong gi tin c extension header m "Routing" th extension header "Destination" mang thng tin tham s x l ti mi ch ti tip theo. Ngc li, nu trong gi tin khng c extension header "Routing" th thng tin trong extension header "Destination" l tham s x l ti ch cui cng. -Routing: m nhim xc nh ng dn nh tuyn ca gi tin. Nu mun gi tin c truyn i theo mt ng xc nh (khng la chn ng i ca cc thut ton nh tuyn), node IPv6 ngun c th s dng extension header Routing xc nh ng i, bng cch lit k a ch ca cc router m gi tin phi i qua. Cc a ch thuc danh sch ny s c ln lt dng lm a ch ch ca gi tin IPv6 theo th t c lit k v gi tin s c gi t router ny n router khc, theo danh sch lit k trong extension header Routing. -Fragment: extension header Fragment mang thng tin h tr cho qu trnh phn mnh v ti to gi tin IPv6, c s dng khi ngun IPv6 gi i gi tin ln hn gi tr MTU (Maximum Transmission Unit) nh nht trong ton b ng dn t ngun ti ch. Trong hot ng ca a ch IPv4, mi router trn ng dn cn tin hnh phn mnh gi tin theo gi tr ca MTU t cho mi giao din, iu ny lm gim hiu sut ca router. Bi vy trong a ch IPv6, router khng thc hin phn mnh gi tin. Vic ny c thc hin ti ngun gi gi tin. Node ngun IPv6 s thc hin thut ton tm kim gi tr MTU nh nht trn ton b mt ng dn nht nh t ngun ti ch (gi l gi tr PathMTU) v iu chnh
22
kch thc gi tin tu theo gi tr ny trc khi gi chng. Nu ti ngun p dng phng thc ny, n s gi d liu c kch thc ti u, v khng cn thit x l ti tng IP. Tuy nhin, nu ng dng khng s dng phng thc ny, n phi chia nh gi tin c kch thc ln hn PathMTU. Trong trng hp , nhng gi tin ny cn c phn mnh ti tng IP ca node ngun v mo u m rng Fragment c s dng mang nhng thng tin phc v cho qu trnh phn mnh v ti to gi tin IPv6 ti cc u cui ng kt ni. -Authentication and Encapsulating Security Payload : trong hot ng ca a ch IPv6, thc thi IPSec c coi l mt c tnh bt buc. Ty tng trng hp m IPSec c s dng. Khi IPSec c s dng, gi tin IPv6 cn c cc dng extension header Xc thc v M ho". Extension header Xc thc dng xc thc v bo mt tnh ng nht ca d liu .Extension header M ho dng xc nh nhng thng tin lin quan n m ho d liu
Chng III. Tm hiu IPSec

1.Tng quan Giao thc IPsec c lm vic ti tng Network Layer layer 3 ca m hnh OSI. Cc giao thc bo mt trn Internet khc nh SSL, TLS v SSH, c thc hin t tng transport layer tr ln (T tng 4 ti tng 7 m hnh OSI). iu ny to ra tnh mm do cho IPsec, giao thc ny c th hot ng t tng 4 vi TCP, UDP, hu ht cc giao thc s dng ti tng ny. IPsec c mt tnh nng cao cp hn SSL v cc phng thc khc hot ng ti cc tng trn ca m hnh OSI. Vi mt ng dng s dng IPsec m (code) khng b thay i, nhng nu ng dng bt buc s dng SSL v cc giao thc bo mt trn cc tng trn trong m hnh OSI th on m ng dng s b thay i ln 2. Cu trc bo mt IPsec c trin khai (1) s dng cc giao thc cung cp mt m (cryptographic protocols) nhm bo mt gi tin (packet) trong qu trnh truyn, (2) phng thc xc thc v (3) thit lp cc thng s m ho. Xy dng IPsec s dng khi nim v bo mt trn nn tng IP. Mt s kt hp bo mt rt n gin khi kt hp cc thut ton v cc thng s (v nh cc kho keys) l nn tng trong vic m ho v xc thc trong mt chiu. Tuy nhin trong cc giao tip hai chiu, cc giao thc bo mt s lm vic vi nhau v p ng qu trnh giao tip. Thc t la chn cc thut ton m ho v xc thc li ph thuc vo ngi qun tr IPsec bi IPsec bao gm mt nhm cc giao thc bo mt p ng m ho v xc thc cho mi gi tin IP.
23
Trong cc bc thc hin phi quyt nh ci g cn bo v v cung cp cho mt gi tin outgoing (i ra ngoi), IPsec s dng cc thng s Security Parameter Index (SPI), mi qu trnh Index (nh th t v lu trong d liu Index v nh mt cun danh b in thoi) bao gm Security Association Database (SADB), theo sut chiu di ca a ch ch trong header ca gi tin, cng vi s nhn dng duy nht ca mt tho hip bo mt (tm dch t - security association) cho mi gi tin. Mt qu trnh tng t cng c lm vi gi tin i vo (incoming packet), ni IPsec thc hin qu trnh gii m v kim tra cc kho t SADB. Cho cc gi multicast, mt tho hip bo mt s cung cp cho mt group, v thc hin cho ton b cc receiver trong group . C th c hn mt tho hip bo mt cho mt group, bng cch s dng cc SPI khc nhau, tuy nhin n cng cho php thc hin nhiu mc bo mt cho mt group. Mi ngi gi c th c nhiu tho hip bo mt, cho php xc thc, trong khi ngi nhn ch bit c cc keys c gi i trong d liu. Ch cc chun khng miu t lm th no cc tho hip v la chn vic nhn bn t group ti cc c nhn 3. Hin trng IPsec l mt phn bt bc ca IPv6, c th c la chn khi s dng IPv4. Trong khi cc chun c thit kt cho cc phin bn IP ging nhau, ph bin hin nay l p dng v trin khai trn nn tng IPv4.Cc giao thc IPsec c nh ngha t RFCs 1825 1829, v c ph bin nm 1995. Nm 1998, c nng cp vi cc phin bn RFC 2401 2412, n khng tng thch vi chun 1825 1929. Trong thng 12 nm 2005, th h th 3 ca chun IPSec, RFC 4301 4309. Cng khng khc nhiu so vi chun RFC 2401 2412 nhng th h mi c cung cp chun IKE second. Trong th h mi ny IP security cng c vit tt li l IPsec.S khc nhau trong quy nh vit tt trong th h c quy chun bi RFC 1825 1829 l ESP cn phin bn mi l ESPbis
24
4. Thit k theo yu cu. IPsec c cung cp bi Transport mode (end-to-end) p ng bo mt gia cc my tnh giao tip trc tip vi nhau hoc s dng Tunnel mode (portal-toportal) cho cc giao tip gia hai mng vi nhau v ch yu c s dng khi kt ni VPN. IPsec c th c s dng trong cc giao tip VPN, s dng rt nhiu trong giao tip. Tuy nhin trong vic trin khai thc hin s c s khc nhau gia hai mode ny.
25
Giao tip end-to-end c bo mt trong mng Internet c pht trin chm v phi ch i rt lu. Mt phn b l do tnh ph thng ca no khng cao, hay khng thit thc, Public Key Infrastructure (PKI) c s dng trong phng thc ny. IPsec c gii thiu v cung cp cc dch v bo mt: 1. M ho qu trnh truyn thng tin 2. m bo tnh nguyn ven ca d liu 3. Phi c xc thc gia cc giao tip 4. Chng qu trnh replay trong cc phin bo mt. 5. Modes Cc mode
Hai ch chnh c s dng trong ipsec l : transport v tunnel. AH v ESP u cung cp s bo mt bng cch thm vo trng header bo mt thng tin vo trong datagram.
1) Transport mode :
cch bo v thng tin c th hin khi m gi tin ip c chuyn xung t tng vn chuyn TCP. Th gi tn c s l bi AH hoc ESP thm trng header vo trc trng TCP/UDP header. Lc ny gi tin c chuyn tip hay s l thng qua ipsec header , khng cn s l trn ip header na.
26
2) Tunnel mode
Trong ch ng hm, ipsec c s dng bo v qu trnh ng gi ip datagram, sau khi ip header sn sng. Ipsec header c thm vo trc ip header, ri sau mt ip header mi, c thm vo trc ipsec header. Lc ip datagram c bo v.
27
28
6. Phng thc.
C hai giao thc c pht trin v cung cp bo mt cho cc gi tin ca c hai phin bn IPv4 v IPv6: IP Authentication Header gip m bo tnh ton vn v cung cp xc thc. IP Encapsulating Security Payload cung cp bo mt, v l option bn c th la chn c tnh nng authentication v Integrity m bo tnh ton vn d liu. Thut ton m ho c s dng trong IPsec bao gm HMAC-SHA1 cho tnh ton vn d liu (integrity protection), v thut ton TripleDES-CBC v AES-CBC cho m m ho v m bo an ton ca gi tin. Ton b thut ton ny c th hin trong RFC 4305. a. Authentication Header (AH) AH c s dng trong cc kt ni khng c tnh m bo d liu. Hn na n l la chn nhm chng li cc tn cng replay attack bng cch s dng cng ngh tn cng sliding windows v discarding older packets. AH bo v qu trnh truyn d liu khi s dng IP. Trong IPv4, IP header c bao gm TOS, Flags, Fragment Offset, TTL, v Header Checksum. AH thc hin trc tip trong phn u tin ca gi tin IP. di y l m hnh ca AH header. 5. Cc modes thc hin
0 - 7 bit Next header
8 - 15 bit Payload length
16 - 23 bit
24 - 31 bit
RESERVED
Security parameters index (SPI) Sequence number Authentication data (variable) ngha ca tng phn:
29
Next header Nhn dng giao thc trong s dng truyn thng tin. Payload length ln ca gi tin AH. RESERVED S dng trong tng lai (cho ti thi im ny n c biu din bng cc s 0). Security parameters index (SPI) Nhn ra cc thng s bo mt, c tch hp vi a ch IP, v nhn dng cc thng lng bo mt c kt hp vi gi tin. Sequence number Mt s t ng tng ln mi gi tin, s dng nhm chng li tn cng dng replay attacks. Authentication data Bao gm thng s Integrity check value (ICV) cn thit trong gi tin xc thc. b. Encapsulating Security Payload (ESP) Giao thc ESP cung cp xc thc, ton vn, m bo tnh bo mt cho gi tin. ESP cng h tr tnh nng cu hnh s dng trong tnh hung ch cn bo m ho v ch cn cho authentication, nhng s dng m ho m khng yu cu xc thc khng m bo tnh bo mt. Khng nh AH, header ca gi tin IP, bao gm cc option khc. ESP thc hin trn top IP s dng giao thc IP v mang s hiu 50 v AH mang s hiu 51.
0 - 7 bit
8 - 15 bit
16 - 23 bit
24 - 31 bit
Security parameters index (SPI) Sequence number
30
Payload data (variable) Padding (0-255 bytes) Pad Length Authentication Data (variable) Next Header
ngha ca cc phn: Security parameters index (SPI) Nhn ra cc thng s c tch hp vi a ch IP. Sequence number T ng tng c tc dng chng tn cng kiu replay attacks. Payload data Cho d liu truyn i Padding S dng vi block m ho Pad length ln ca padding. Next header Nhn ra giao thc c s dng trong qu trnh truyn thng tin. Authentication data Bao gm d liu xc thc cho gi tin. 7. Trao i kha trong IPSEC - Key Exchange(IKE)
31
IPsec c thc hin trong nhn vi cc trnh qun l cc key v qu trnh thng lng bo mt ISAKMP/IKE t ngi dng. Tuy nhin mt chun giao din cho qun l key, n c th c iu khin bi nhn ca IPsec.Bi v c cung cp cho ngi dng cui, IPsec c th c trin khai trn nhn ca Linux. D n FreeS/WAN l d n u tin hon thnh vic thc hin IPsec trong m ngun m c th l Linux. N bao gm mt nhn IPsec stack (KLIPS), kt hp vi trnh qun l key l deamon v rt nhiu shell scripts. D n FreeS/WAN c bt u vo thng 3 nm 2004. Openswan v strongSwan tip tc d n FreeS/WAN. D n KAME cng hon thnh vic trin khai s dng IPsec cho NetBSB, FreeBSB. Trnh qun l cc kho c gi l racoon. OpenBSB c to ra ISAKMP/IKE, vi tn n gin l isakmpd (n cng c trin khai trn nhiu h thng, bao gm c h thng Linux) 7.1 Trao i kha trong IpSec - Key Exchange(IKE) Chc nng chnh ca IKE l chp nhn cc thit b trao i thng tin di mc an ton. Thm vo kha m ha l s dng cho vic chng thc thng tin v m ha thng tin. IKE c bit n nh mt giao thc lai bi v n c phi hp t ba giao thc khc. u tin l ISAKMP(internet secury associaction and key management protocol). Cung cp mt nn tng cho vic trao i kha m ha v bo mt thng tin. ISAKMP h tr nhiu phng thc trao i kha khc nhau, hai giai on chnh ca ISAKMP l
7.1.2 ISAKMP phase 1: Giai on I ca IKE u tin xc nhn cc im thng tin, v sau thit lp mt knh bo mt cho s thit lp SA. Tip , cc bn thng tin tha thun mt ISAKMP SA ng ln nhau, bao gm cc thut
32
ton m ha, hm bm, v cc phng php xc nhn bo v m kha. Sau khi c ch m ha v hm bm c ng trn, mt kha chi s b mt c pht sinh. Theo sau l nhng thng tin c dng pht sinh kha b mt : -Gi tr Diffie-Hellman -SPI ca ISAKMP SA dng cookies -S ngu nhin known as nonces (used for signing purposes)
Nu hai bn ng s dng phng php xc nhn da trn public key, chng cng cn trao i IDs. Sau khi trao i cc thng tin cn thit, c hai bn pht sinh nhng key ring ca chnh mnh s dng chng chia s b mt. Theo cch ny, nhng kha m ha c pht sinh m khng cn thc s trao i bt k kha no thng qua mng 7.1.2 ISAKIMP phase 2: Trong khi giai on I tha thun thit lp SA cho ISAKMP, giai on II gii quyt bng vic thit lp SAs cho IPSec. Trong giai on ny, SAs dng nhiu dch v khc nhau tha thun. C ch xc nhn, hm bm, v thut ton m ha bo v gi d liu IPSec tip theo (s dng AH v ESP) dihnh thc mt phn ca giai on SA.S tha thun ca giai on xy ra thng xuyn hn giai on I. in hnh, s tha thun c th lp li sau 4-5 pht. S thay i thng xuyn cc m kha ngn cn cc hacker b gy nhng kha ny v sau l ni dung ca gi d liu. Tng qut, mt phin lm vic giai on II tng ng vi mt phin lmvic n ca giai on I. Tuy nhin, nhiu s thay i giai on II cng c th c h tr bi mt trng hp n giai on I. iu ny lm qu trnh giao dch chm chp ca IKE t ra tng i nhanh hn 7.2 IKE Modes 4 ch IKE ph bin thng c trin khai : Ch chnh (Main mode) Ch linh hot (Aggressive mode) Ch nhanh (Quick mode) Ch nhm mi (New Group mode) 7.2.1. Main Mode
33
Main mode xc nhn v bo v tnh ng nht ca cc bn c lin quan trong qua trnh giao dch. Trong ch ny, 6 thng ip c trao i gia cc im: 2 thng ip u tin dng tha thun chnh sch bo mt cho s thay i. 2 thng ip k tip phc v thay i cc kha Diffie-Hellman v nonces. Nhng kha sau ny thc hin mt vai tro quan trng trong c ch m ha. Hai thng ip cui cng ca ch ny dng xc nhn cc bn giao dch vi s gip ca ch k, cc hm bm, v tu chn vi chng nhn.
7.2.2 Aggressive Mode Aggressive mode v bn cht ging Main mode. Ch khc nhau thay v main mode c 6 thng ip th cht ny ch c 3 thng ip c trao i. Do , Aggressive mode nhanh hn mai mode. Cc thng ip bao gm : Thng ip u tin dng a ra chnh sch bo mt, pass data cho kha chnh, v trao i nonces cho vic k v xc minh tip theo. Thng ip k tip hi p li cho thng tin u tin. N xc thc ngi nhn v hon thnh chnh sch bo mt bng cc kha. Thng ip cui cng dng xc nhn ngi gi (hoc b khi to ca phin lm vic).
34
C Main mode v Aggressive mode u thuc giai on I. 7.2..3 Quick Mode Ch th ba ca IKE, Quick mode, l ch trong giai on II. N dng tha thun SA cho cc dch v bo mt IPSec. Ngoi ra, Quick mode cng c th pht sinh kha chnh mi. Nu chnh sch ca Perfect Forward Secrecy (PFS) c tha thun trong giai on I, mt s thay i hon ton Diffie-Hellman key c khi to. Mt khc, kha mi c pht sinh bng cc gi tr bm
7.2.4 New Group Mode New Group mode c dng tha thun mt private group mi nhm to iu kin trao i Diffie-Hellman key c d dng. Hnh 6-18 m t New Group mode. Mc d ch ny c thc hin sau giai on I, nhng n khng thuc giai on II.
35
Ngoi 4 ch IKE ph bin trn, cn c thm Informational mode. Ch ny kt hp vi qu trnh thay ca giai on II v SAs. Ch ny cung cp cho cc bn c lin quan mt s thng tin thm, xut pht t nhng tht bi trong qu trnh tha thun. V d, nu vic gii m tht bi ti ngi nhn hoc ch k khng c xc minh thnh cng, Informational mode c dng thng bo cho cc bn khc bit.
36
Chng IV.Demo Thc hnh: Chun b: -1 Server: Windw Server 2008 ( domain thuchanhipsec.local),ipv6 -1 client: win 2k8 ,ipv6 -Ci wireshark,Network monitor trn my Server
1.Cu hnh TCP/IPv6 Ti my Server, vo Run=>ncpa.cpl Hp thoi Local Area Connection Properties, b du chn Internet Protocol Version 4 (TCP/IPv4), chn Internet Protocol Version 6 (TCP/IPv6), chn Properties
Trong ca s Internet Protocol Version 6 (TCP/IPv6) Properties, nhp thng s nh hnh : IPv6 address: fc00:192:168:5::25 Subnet prefix length: 64 Preferred DNS server: fc00:192:168:5::25
37
-Tng t ta cng cu hnh a ch IPv6 ca client

server: fc00:192:168:5::25
fc00:192:168:5::27, Preferred DNS
2.Khi cha trin khai IPSec By gi t Client ping th ti Server
fc00:192:168:5::25
+ 2 my cha trin khai IPSec. Trn network monitor ca Server. Menu Capture. Nhn Pause thy kt qu khi capture gi tin ICMP (Destination Mac. Source Mac. IP) t my no n my no
--C th gi tin ICMP th trong phn d liu cha c m ha. D liu gm 32 bit. T a n w v a n i i t con s hexa. Trn wireshark: tng t
38
** Tng t nu ta gi gi tin ICMP t Server qua my client. Th khi client capture gi tin d liu cng khng b m ha. ( D liu cng l 32 bit t a dn w v a n i i t con s hexa ca gi tin)
3.Cu hnh IP Sec + Chng ta ln lt cu hnh IP Sec trn my Server v my client -Server: Vo Run=> G secpol.msc vo Local Security Policy
39
+ Trong Local Security Policy. Right click vo IP Security Policices on Local Computer chn Create IP Security Policy . . .
+ Mn hnh Welcome nhn Next
+ Hp thoi IP Security Policy Name. in 1 tn bt k. Nhn Next
+ Hp thoi Requests for Secure Communication. G du check Active the default response rule. Nhn Next
40
+ B du check Edit Properties. Nhn Finish hon tt
+ Right click vo policy mi to. Chn Assign
+ Tip tc right click vo policy. Chn Properties
+ Hp thoi Properties ca policy xut hin. Nhn Add to ra 1 rule mi
41
+ Hp thoi Welcome. Nhn Next
+ Hp thoi Tunnel Endpoint. mc nh. This rule does not specify a tunnel. Nhn Next
42
+ Hp thoi Network Type. Chn Local area network (Lan). Nhn Next
+ Hp thoi IP Filter List. chng ta c th chn All IP Traffic (mc nh ca IPsec). Chn Add.
Ti y chng ta c th ty chn danh sch lc IP ch,ngun
Click add,nhn Next chn source address
43
Next chn destination address
Next chn 1 loi giao thc
Nhn Next,n finish .Ra bng IP filter,chn IP filter list m ta va cu hnh
44
Nhn Next ra bng Filter
Click chn Filter Action,nhn Edit chnh sa kiu Security methods,chn Negotiate security ,sau nhn Edit chnh sa
45
Chn Custom,click setting ,ti y ta c th chn cc kiu m ha d liu nh MD5,SHA1.. Sau ta chn OK 2 ln
Tip theo lm nh hnh v,ty chn cc Tm dch Accept unsecured communication,but always respond using ipsec(Chp nhn khng c bo m thng tin lin lc, nhng lun lun p ng bng cch s dng ipsec) Allow fallback to unsecured communication if a secure connection can not be established(Cho php d phng giao tip khng c bo m nu mt kt ni an ton khng th c thit lp) Lp AT5C-Hc Vin K Thut Mt M 46
Use session key perfect forward secrecy(PFS)(S dng kha an ton chuyn tip cho phin lm vic)
,Apply,Nhn Next lm nh hnh v,Next tip
n Finish kt thc
47
Chn Apply ,OK kt thc qu trnh ci t ,cu hnh Ipsec
** Trn my Client ta cng lm tng t nh vy. By gi ta kim tra xem gi tin ICMP gi i c m ha hay cha ? ---Trng hp 1: Server cu hnh IPsec,Client khng cu hnh IPSec - Trn my Client thc hin lnh ping t ti Server. Bo khng thy ch n,do ta cu hnh IPsec trn Server Block,negotiate security tt c traffic t bn ngoi vo,tt IPsec trn Client
Trn Network monitor Giao thc IKE xut hin,IKE xc nhn cc im thng tin, v sau thit lp mt knh bo mt cho s thit lp SA. Tip , cc bn thng tin
48
tha thun mt ISAKMP SA ng ln nhau, bao gm cc thut ton m ha, hm bm, v cc phng php xc nhn bo v m kha.
Bt wireshark trn Server ta thy: ISAKMP(internet secury associaction and key management protocol) vic trao i xc thc kha 2 bn,nu Client khng c kha s nhn c kt qu nh trn
---Trng hp 2: Server,Client u cu hnh IPsec Khi bt Ipsec trn Client ta thy kt qu Ping t ti Server trn Network moniter trn Server ICMPv6 Echo Reply,Echo Request c thay th bng ESP
49
Nu ta chn Block tt c traffic trong IPSEc th kt qu nh sau:
------------------------The end------------------------
50
Kt qu t c v phng hng pht trin ti

Di s hng dn tn tnh ca thy gio hng dn ,s ch bo cc thy trong trng Hc Vin K Thut Mt M,v s tm ti nghin cu ca cc thnh vin trong nhm,c bn chng em xy dng,trin khai thnh cng cng ngh bo mt giao thc IP-IPSec,qun tr mt cch c bn v tng quan nht Window Server 2008. thc s tr thnh nhng K S,Chuyn gia trong lnh vc An Ton Thng Tin m trng ang o to ,nhm em s tch cc tm hiu chuyn su v cc vn bo mt ca cng ngh IPSec ngoi mi trng window server 2008,unix,linux......v nhng vn lin quan khc na. Kinh mong cc thy c ng gp kin bi Bo co thc tp ca nhm em c hon chnh v tng lai khng xa s c p dng thc tin. Chng em xin chn thnh cm n
Ti liu tham kho 1. www.ddth.com/showthread.php/186571-Bi-vit-v-IPsec 2. http://kmasecurity.net 3. http://www.vnpro.vn/ 4. http://technet.microsoft.com 5. http://www.nhatnghe.com/ 6. http://vnexperts.net/ 7. http://ictpress.vn/ 8. http://technet.com.vn/
51

Triển khai Ipsec trên ipv6 trong window server 2008

Cargado por

Información del documento

Derechos de autor

Formatos disponibles

Compartir este documento

Compartir o incrustar documentos

Opciones para compartir

¿Le pareció útil este documento?

¿Este contenido es inapropiado?

Copyright:

Formatos disponibles

Triển khai Ipsec trên ipv6 trong window server 2008

Cargado por

Copyright:

Formatos disponibles

HC VIN K THUT MT M

KHOA CNG NGH THNG TIN

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Chng I.Tm hiu v Window Server 2008

2.Cc cng ngh ca Window Server 2008 2.1.Web

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

2.4.Nn tng hp nht cho cng vic ca doanh nghip

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Chng II.Tm hiu v IPv6

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

2.Phn loi IPv6: IPv6 gm cc loi chnh sau y:

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Chng III. Tm hiu IPSec

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

0 - 7 bit Next header

8 - 15 bit Payload length

Lp AT5C-Hc Vin K Thut Mt M

Security parameters index (SPI) Sequence number

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

-Tng t ta cng cu hnh a ch IPv6 ca client

fc00:192:168:5::27, Preferred DNS

2.Khi cha trin khai IPSec By gi t Client ping th ti Server

Lp AT5C-Hc Vin K Thut Mt M

Lp AT5C-Hc Vin K Thut Mt M

+ Mn hnh Welcome nhn Next

+ Hp thoi IP Security Policy Name. in 1 tn bt k. Nhn Next

Lp AT5C-Hc Vin K Thut Mt M

+ B du check Edit Properties. Nhn Finish hon tt

+ Right click vo policy mi to. Chn Assign

+ Tip tc right click vo policy. Chn Properties

+ Hp thoi Properties ca policy xut hin. Nhn Add to ra 1 rule mi

Lp AT5C-Hc Vin K Thut Mt M

+ Hp thoi Welcome. Nhn Next

Lp AT5C-Hc Vin K Thut Mt M

Ti y chng ta c th ty chn danh sch lc IP ch,ngun

Click add,nhn Next chn source address

Lp AT5C-Hc Vin K Thut Mt M

Next chn destination address