Está en la página 1de 41

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

NHN XET CUA GIANG VIN HNG DN


.. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .

Trang 1

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Trang 2

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

LI NI U
Th k 21 c mnh danh l th k ca cng ngh thng tin, vi s bng n mnh m v khoa hc cng ngh. y l k nguyn ca nn vn minh da trn c s cng nghip tr tu . Ngy nay, tin hc tr thnh mt mn khoa hc quan trng trn th gii. S pht trin mnh m nh vy th vn qun l ngun ti nguyn cng ngh t ra cho ngi s dng l mt vn cp thit hin nay. p ng nhng nhu cu ca ngi s dng khi cn truy xut n nhng ng dng cung cp bi internet nhng vn m bo c an ton cho h thng cc b. Trong hu ht nhng phng php c a ra gii quyt iu ny l cung cp mt host n truy xut n Internet cho tt c nhng ngi s dng. Tuy nhin, phng php ny khng phi l phng php gii quyt tha mn nht bi v n to cho ngi s dung cm thy khng thoi mi. Khi truy xut n internet th h khng th thc hin nhng cng vic mt cch trc tip, phi login vo dual_homed host, thc hin tt c nhng cng vic y, v sau bng cch no chuyn i kt qu t c ca cng vic tr li workstation s hu. Proxy server gip ngi s dng thoi mi hn v an ton cho dual homed host, thay th yu cu ca ngi s dng bng cch gin tip thng qua dual homed host. H thng proxy cho php tt c nhng tng tc nm di mt hnh thc no . User c cm gic lm vic trc tip vi server trn internet m h tht s mun truy xut . Proxy application chnh l chng trnh trn application level, gateway firewall hot ng trn hnh thc chuyn i nhng yu cu ngi s dng thng qua firewall, tin trnh ny c thc hin trnh t nh sau: * Thnh lp mt kt ni application trn firewall. * Proxy application thu nhn thng tin v vic kt ni v yu cu ca user * S dng thng tin xc nhn yu cu c xc nhn khng, nu chp nhn proxy s to s kt ni khc t firewall n my ch * Sau thc hin s giao tip trung gian, truyn d liu qua li gia client v server
Trang 3

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Proxy systems gip gii quyt c nhng ri ro trn h thng bi v user login vo h thng v p buc user thng qua phn mm iu khin, thng qua chnh sch truy cp(access policy). Do thi gian thc hin n ngn, nn s c nhiu hn ch v sai st trong qa trnh thc hin, mong cc ging vin v cc bn ng gp kin ti ca ti c hon chnh hn. T lm c s ti c th cng c v pht trin thm . Cui cng, ti xin chn thnh cm n cc ging vin v bn b gip ti thc hin thnh cng ti ny.

HU, 11/03/11 Dng c Hng

Trang 4

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

MC LC
NHN XET CUA GIANG VIN HNG DN.....................................................................1 LI NI U............................................................................................................................3 MC LC..................................................................................................................................5 CHNG 1: TM HIU V PROXY.......................................................................................6 CHNG 2: TRIN KHAI M HNH PROXY VI ISA....................................................11 Phn 1: Chun b trc khi ci t...........................................................................................11 Phn 2: Tin hnh ci t ISA Server 2006.............................................................................17 2.1. Gii thiu.......................................................................................................................17 2.2. Chun b.........................................................................................................................18 2.3. Thc hin.......................................................................................................................19 KT LUN...............................................................................................................................40 1.u im........................................................................................................................40 2. Nhc im...............................................................................................................40 3. Hng pht trin ca n............................................................................................40 TI LIU THAM KHO........................................................................................................41

Trang 5

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

CHNG 1: TM HIU V PROXY


1.1.Khi nim
Proxy cung cp cho ngi s dng truy xut internet vi nhng host n. Nhng proxy server phc v nhng nghi thc c bit hoc mt tp nhng nghi thc thc thi trn dual_homed host hoc basion host. Nhng chng trnh client ca ngi s dung s qua trung gian proxy server thay th cho server tht s m ngi s dng cn giao tip. Proxy server xc nh nhng yu cu t client v quyt nh p ng hay khng p ng, nu yu cu c p ng, proxy server s kt ni vi server tht thay cho client v tip tc chuyn tip n nhng yu cu t client n server, cng nh p ng nhng yu cu ca server n client. V vy proxy server ging cu ni trung gian gia server v client

1.2.Ti Sao Ta Phi Cn Proxy


p ng nhng nhu cu ca ngi s dng khi cn truy xut n nhng ng dng cung cp bi internet nhng vn m bo c an ton cho h thng cc b. Trong hu ht nhng phng php c a ra gii quyt iu ny l cung cp mt host n truy xut n internet cho tt c nhng ngi s dng. Tuy nhin, phng php ny khng phi l phng php gii quyt tha mn nht bi v n to cho ngi s dung cm thy khng thoi mi. Khi truy xut n internet th h khng th thc hin nhng cng vic mt cch trc tip, phi login vo hual_homed host, thc hin tt c nhng cng vic y, v sau bng cch no chuyn i kt qu t c ca cng vic tr li workstation s ha iu ny tr nn rt ti t nhng h thng vi nhin h iu hnh khc nhau, vd: nu h thng l bastion_host nhng ring dual_host l unix. Khi dual_home host c thit k trn m hnh khng c proxy, iu s khin cho ngi s dng thm bc biva ng ch hn l gim i nhng tin ch m intenet cung cp, ti t hn l chng thng khng cung cp mt cch khng an ton v y ,khi mt my gm nhiu ngi s dng tt nhin an ton ca n s gim, t bit khi c gn bt vi vn vt bn ngoi. Proxy server gup ngi s dng thoi mi hn v an ton cho dual homed host, thay th yu cu ca ngi s dng bng cch gin tin thng qua dual homed host. H thng proxy cho php tt c nhng tng tc nng di mt hnh thc no . User c cm gic lm vic trc tip vi server trn internetm h tht s mun truy xut Proxy application chnh l chng trnh trn applycation level gateway firewall hnh ng trn hnh thc chuyn i nhng yu cu ngi s dng thng qua firewall, tin trnh ny c thc hin trnh t nh sau: * Thnh lp mt kt ni application trn firewall.
Trang 6

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

* Proxy applycation thu nhn thng tin v vic kt ni v yu ca ca user * S dng thng tin xc nhn yu cu c xc nhn khng, nu chp nhn proxy s to s kt ni khc t firewall n my ch * Sau thc hin s giao tip trung gian, truyn d liu qua li gia client v server proxy systti gii quyt c nhng ri ro trn h thng bi trnh user login vo h thng v p buc thng qua phn mm iu khin.

1.3.S cn thit ca Proxy


Proxy cho user truy xut dch v trn internet theo ngha trc tip. Vi dual host homed cn phi login vo host trc khi s dng dch v no trn internet. iu ny thng khng tin li, v mt s ngi tr nn tht vng khi h c cm gic thng qua firewall, vi proxy n gii quyt c vn ny. Tt nhin n cn c nhng giao thc mi nhng ni chung n cng kh tin li cho user. Bi v proxy cho php user truy xut nhng dch v trn internet t h thng c nhn ca h, v vy n khng cho php packet i trc tip gia h thng s dng v internet. ng i l ging tip thng qua dual homed host hoc thng qua s kt hp gia bastion host v screening rounter. Thc t proxy hiu c nhng nghi thc di, nn logging c thc hin theo hng hiu qu c bit, vd: thay v logging tt c thng tin thng qua ng truyn, mt proxy FPT server ch log nhng lnh pht ra v server p ng m nhn c. Kt qu ny n gin v ha dng hn rt nhiu.

1.4.Nhng khuyt im ca Proxy


Mc d phn mm prory c hiu qu rng ri nhng dch v lu i v n gin nh FPT v Telnet, nhng phn mm mi v t c s dng rng rai th him khi thy. Thng chnh l s chm tr gia thi gian xut xut hin mt dch v mi v proxy cho dch v , khong thi gian ph thuc vo phng php thit k proxy cho dch v , iu ny cho thy kh kh khn khi a dch v mi vo h thng khi cha c proxy cho n th nn t bn ngoi fire wall, bi v nu t bn trong h thng th chnh l yu im. i khi cn mt proxy khc nhau cho mi nghi thc, bi v proxy server phi hiu nghi thc xc nh nhng g c php v khng c php. thc hin nhim v nh l client n server tht v server tht n proxy client, s kt hp , install v config tt c nhng server khc nhau c th rt kh khn Nhng dch v proxy thng sa i chng trnh client, procedure hoc c hai. Ngoi tr mt s dch v c thit k cho proxying , proxy server yu cu sa i vi client hc procedure, mi s sa i c nhng bt tin ring ca n, khng th lun lun s dng cng c c sn vi nhng cu trc hin ti ca n Proxying da vo kh nng chn vo proxy server gia server tht v client m yu cu tc ng tng i thn thn c hai.

Trang 7

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Nhng dch v proxy khng bo v cho h thng ng vi nhng nghi thc km cht lng. Nh mt gii php an ton, proxying da vo nhng kh nng xc nh nhng tc v trong nghi thc an ton. Khng phi tt c cc dch v u cung cp theo khuynh hng an ton ny, nh nghi thc Xwindows cung cp kh nhiu nhng tc v khng an ton.

1.5.Proxying thc hin nh th no?


Nhng chi tic trong vic proxying thc hin nh th no khc nhau t dch v ny n dch v khc, khi setup proxying, c mt vi dch v thc hin d dng hoc t ng, nhng vi dch v c s chuyn i rt kh khn. Tuy nhin, trong hu ht nhng dch v ngoi yu cu nhng phn mm proxy server tng ng, trn client cng cn phi c nhng yu cu nh sau: Custum client software: phn mm loi ny phi bit nh th no lin kt vi proxy server thay server tht khi user yu cu v yu cu proxy server nhng g server tht kt ni n. Nhng phn mm custom client thng ch c hiu qu ch mt vi platform Vd: packet getaway t Sun l mt proxy packet cho FTP v Telnet, nhng n ch c s dng trn h thng SUN bi v n cung cp recompiled Sun binaries Mc d nu phn mm hiu qu cho platform tng ng, n cng c th khng phi iu m user mong mun, vd: macintosch c hng chc chng trnh PTF client, mt trong vi s c nhng giao din kh n tng vi user, nhng phn khc c nhng c im ha dng khc. Anarchie l chng trnh m n kt hp mt archie client v FPT client bn trong chng trnh n, v vy user c th tm file vi archie v dng FPT lt n, tt c vi giao din ngi s dng thch hp, iu ny s khng may mn cho chng ta nu mun h tr proxy server. S dng nhng chuyn i client cho proxying khng d dng thuyt phc user. Trong hu ht nhng h thng s dng client khng chuyn i nhng kt ni bn trong v mt s chuyn i ch vi nhng kt ni bn ngoi. Custom user procedure: user dng phn mm client chun giao tip vi proxy server v n kt ni vi server tht, thay th trc tip server tht. Proxy server c thit k thc thi vi phn mm client chun. Tuy nhin, chng yu cu user theo nhng custom procedure. User trc tin kt ni vi proxy server v sau cung cp proxy server tn host m n mun kt ni n. Bi v mt vi nghi thc c thit chuyn nhng thng tinny, user khng phi nh tn proxy server nhng cng phi nh tn host m n mun giao tip. Nh th no thc hin cng vic ny, cn phi nm c nhng th tc c trng theo sau mi nghi thc.

Trang 8

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Vd: vi FTP, c th user munn nhn mt file t anonymous FTP server, user cn thc hin nhng bc sau: * S dng bt k FTP client , user kt ni n proxy server thay th trc tip n anonumous FTP server. * Ti du nhc user name, trong vic thm vo tn ch nh mun s dng, user phi ch nh tn server tht mun kt ni

1.6.Cc dng Proxy Systems 1.6.1Dng kt ni trc tip


Phng php u tin c s dngtrong k thut proxy l cho user kt ni trc tip n firewall proxy, sau proxy hi user cgo a ch host hng n, l mt phng php brute force s dng bi firewall mt cch d dng, v cng l nguyn nhn ti sao n l phng php t thch hp. Trc tin, yu cu user phi bit a ch ca firewall, k tip n yu cu user nhp vo hai a ch hai a ch cho mi kt ni: a ch ca filewall v a ch ch hng n. Cui cng n ngn cn nhng ng dng hoc nhng nguyn bn trn my tnh ca user iu to s kt ni cho user, bi v chng khng bit nh th no iu khin nhng yu cu c bit cho s truyn thng vi proxy

1.6.2 Dnh thay i Client


Phng php k tip s dng proxy setup phi thm vo nhng ng dng ti my tnh ca user. User thc thi nhng ng dng c bit vi vic to ra s kt ni thng qua firewall. User vi ng dng hnh ng ch nh nhng ng dng khng sa i. User cho a ch ca host hng ti. Nhng ng dng thm vo bit a ch firewall t file config cuc b, setup s kt ni n ng dng proxy trn firewall, v truyn cho n a ch cung cp bi ngi s dng. Phng php ny rt kh hiu qu v c kh nng che du ngi s dng, tuy nhin, cn c mt ng dng client thm vo cho mi dch v mng l mt t tnh tr ngi.

1.6.3 Proxy v hnh


Mt phng php pht trin gn y cho php truy xut n proxy, trong vi h thng firewall c bit nh proxy v hnh. Trong m hnh ny, khng cn c nhng ng dng thm vo vi user v khng kt ni trc tip n firewall hoc bit rng firewall c tn ti. S dng s iu khin ng i c bn, tt c s kt ni n mng bn ngoi c ch ng thng qua firewall. Nh nhng packet nhp vo firewall, t ng chng c i hng n proxy ang ch. Theo hng ny,firewall thc hin rt tt vic gi nh host ch. Khi kt ni to ra firewall proxy , client applycation ngh rng n c kt ni n server tht, nu c php, proxy applycation sau thc hin hm proxy chun trong vic to kt ni th hai n server tht
Trang 9

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Proxy lp ng dng th i ngh vi proxy lp circuuit: application_level proxy c thc thi lp ng dng. N cung cp cho tng dch v ring v interpret nhng dng lnh trong nghi thc . Mt circuit_level proxy to nn mt circuit gia server v client khng cn phi interpret nhng nghi thc ny. Ni chung, application_level proxy s dung modified client. to ra kt ni proxy, phi bit v tr no mun kt ni n. Mt hybrid gateway n gin c th chn ng kt ni, nhng mt proxy host ch c th nhn kt nima ngh vi n, v phi ch ra v tr mun kt ni. Mt application_level proxy c th nhn thng tin trong tng nghi thc ring. Mt circuit_level proxy khng th interpret theo tng nghi thc v cn phi c thng tin h tr cho n thng qua mt cch no khc. u im ca circuit_level proxy server l n cung cp cho hu ht cc nghi thc khc nhau , hu nh circuit_level proxy cng l proxy server chung cho tt c cc dng nghi thc, tuy nhin khng phi tt c cc nghi thc u d dng c iu khin bi circuit_level proxy , khuyt im ca circuit_level proxy l n iu khin nhng g xy ra thng qua proxy ny nh l packet filter, n iu khin nhng kt ni c bn da vo a ch ngun v a ch ch v khng th xc nh nhng lnh i qua n l an ton hoc nhng s kin m nghi thc mong mun, circuit_level proxy d dng b nh la bi nhng server setup li nhng cng gn n nhng server khc. Proxy chung th i nghch vi nhng proxy chuyn bit: mc d application_level v circuit_level thng c dng, nhng i khi cng phn bit gia dedicated v generic proxy server l server ch phc v mt nghi thc n , generic proxy server l server phc v cho nhin nghi thc. Tht ra, dedicated proxy server l application_level, v generic proxy server l circuit_level. Intelligent proxy server: mt proxy server c th lm nhiu iu ch khng phi ch chuyn tip nhng yu cu, chnh l mt intelligent proxy server, vd: cern http proxy server caches data, v vy nhiu yu cu data khng ra khi h thng khi cha c s x l cca proxy server. Proxy server (t bit l application level server) c th cung cp login d dng v iu khin truy xut tt hn, cn circuit proxy thng b gii hn bi nhng kh nng ny Using proxying vi nhng dch v internet:v proxy server chn vo gia s kt ni client v server, n phi c thch ng vi tng dch v ring, i khi mt s dch v rt d vi cch phc v bnh thng nhng li rt kh khi thm vo proxy.

Trang 10

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

CHNG 2: TRIN KHAI M HNH PROXY VI ISA Phn 1: Chun b trc khi ci t
1.1.Cu hnh my ch cn thit:
- CPU Intel hoc AMD ti thiu 773 MHz. - RAM ti thiu 512MB. - Ti thiu 02 card mng. - a cng trng ti thiu 150MB, nh dng NTFS. - H iu hnh Windows server 2003 SP1 32 bit hoc Windows Server 2003 R2 32 bit Bng thng internet v cu hnh ngh tng ng: Bng thng: n 25 Mbps CPU: 3 n 4 GHz RAM: 512 MB Card mng: 10/100 Mbps S kt ni VPN ng thi ti a: 700 Bng thng: n 90 Mbps CPU: Dual core 2 n 3 GHz RAM: 2 GB Card mng: 100/1000 Mbps S kt ni VPN ng thi ti a: 2000 Tham kho thm cu hnh ti http://www.microsoft.com/technet/isa/2006/perf_bp.mspx u ti:

1.2. Hon chnh bng nh tuyn (routing table)


Bng nh tuyn trn my ISA v cc router ni b nn c cu hnh hon chnh trc khi ci ISA. Bng nh tuyn phi c nh tuyn mc nh (default route) hng n cng (gateway) ph hp v phi c cc nh tuyn (route) n mi mng con (network - subnet) trong ni b. Trong hu ht cc m hnh mng thng dng, nh tuyn mc nh s c to ra bng cch khai bo gi tr default gateway trn card mng m ISA dng kt ni internet. Theo nguyn tc nh tuyn, ch c th c 01 default gateway kh dng (ngha l ch c 01 nh tuyn mc nh kh dng); v th, phi to thm cc nh tuyn n cc mng con trong ni b ISA c th giao tip (v phc v) mi thnh phn mng trong ni b. Xin n c mt cu trc mng n gin thng thng:

Trang 11

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 1.2.a S bng nh tuyn Ch rng trn interface 192.168.3.254 ca router ni b phi c default gateway 192.168.3.1 Vi cu hnh IP nh trn, bng nh tuyn ca ISA s c cc nh tuyn: Dest. Subnet mask Gateway Interface 0.0.0.0 0.0.0.0 192.168.0.2 192.168.0.1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 192.168.3.0 255.255.255.0 192.168.3.1 192.168.3.1

Hnh 1.2.b
Trang 12

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 1.2.c ISA c th giao tip vi h thng mng ni b, phi thm 2 nh tuyn: Dest. Subnet mask Gateway Interface 192.168.1.0 255.255.255.0 192.168.3.254 192.168.3.1 192.168.2.0 255.255.255.0 192.168.3.254 192.168.3.1 to thm nh tuyn, c th dng console Routing and Rtiote Access hoc cc lnh NETSH v ROUTE v d: route add 192.168.1.0 mask 255.255.255.0 192.168.3.254 metric 1 route add 192.168.2.0 mask 255.255.255.0 192.168.3.254 metric 1

Trang 13

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

1.3. Ch thng s DNS


c th phc v cho Proxy client v Firewall client, ISA phi c kh nng phn gii c cc tn min (DNS name) ca ni b v ca internet. tho yu cu ny, ch khai bo thng s preferred DNS server trn card mng trong (card ni vi mng ni b - internal interface): - Preferred DNS server: a ch IP ca my ch DNS ni b. (xti li hnh minh ho). - Alternate DNS server: a ch IP ca my ch DNS th hai (backup / secondary DNS server) ni b. - C th tu chn tng tc phn gii bng cch khai bo DNS forwarder trn my ch DNS ni b. Cho d ISA c trin khai trn my n (stand-alone server) hay trn thnh vin ca domain (domain mtiber server) th vn khai bo my ch DNS nh va nu trn. Khng bao gi dng my ch DNS ca nh cung cp dch v internet (ISP). y l mt li thng gp khi cu hnh thng s IP trn my ISA. Li cu hnh ny s dn n qu trnh phn gii DNS ca ISA b chm hoc thm ch b tht bi. D nhin vn phi loi tr trng hp mng ni b khng c my ch DNS - ngha l khng c domain - th thng s DNS c cu hnh trn card mng ni internet (external interface) l a ch IP my ch DNS ca ISP.

1.4. Tinh chnh cu hnh external interface


bo m nhn vin bo v - ISA - ton tm ton vi cng vic ca mnh, cn c mt s quy nh sau y: - Quy nh 1: Khng c ... i nhu!!! - Quy nh 2: Khng c mi ai n phng bo v ... nhu!!! - Quy nh 3: Khng c nghe li ... bn xu d d!!! tng cng bo v chnh my ISA, cn thit lp cc hn ch trn external interface: - tho quy nh 1 v quy nh 2: External interface properties: b cc du kim "Client for Microsoft Networks" v "File and Printer Sharing for Microsoft Networks"

Trang 14

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 1.4.a B du kim - tho quy nh 3: External interface properties > Internet Protocol (TCP/IP) properties > nt Advanced > tab WINS: b du kim "Enable LMHOSTS lookup" v chn "Disable NetBIOS over TCP/IP"

Hnh 1.4.b: B du

1.5. Ci ISA trn mt my ch "sch"


Trang 15

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Cng vi mc tiu "o to" mt nhn vin bo v chuyn trch & gip nhn vin ny "v cm" trc "gi " ca nhng k "bt chnh", nn ci ISA trn mt my sch, ngha l ch c h iu hnh nh yu cu. Ci thm bt c dch v g trn ISA cng ng ngha vi vic chia s hiu sut ginh cho hot ng nh tuyn v chn lc thng tin. Ci thm bt c dch v g trn ISA cng ng ngha vi vic gia tng nguy c chnh ISA b tn cng. Tt nhin khng c php tit kim n mc ci ISA ngay trn Domain Controller. Khi khng ch ISA khng hon thnh nhim v m Domain Cotroller cng "t lit " nt. Nu nhn vin bo v ng thi l ... gim c doanh nghip th ... xin min kin!!!

1.6. Nn ci ISA trn stand-alone server hay domain mtiber server?


Khi ci ISA trn stand-alone server, ng nhin ISA s khng c bt c quan h lun l no vi domain. u im ca cu trc ny l k tn cng khng th thng qua ISA "vi ti" dch v danh b ng (Active Directory service) hay domain controller. Th nhng gi phi tr l ISA khng th kim sot v chng thc c domain user nu khng thng qua RADIUS server (Rtiote Authentication Dial-In User Service). Chn phng n cho ISA giao tip AD qua trung gian RADIUS c xti l mt phng php tng cng bo v h thng bng cch phc tp ha "l trnh" n AD ca k tn cng. V tt yu l cng tc ca qun tr vin cng s ... phc tp hn. Ci ISA trn mtiber server: C th dng quyn local administrator ci ISA trn domain mtiber server. Khi cu hnh cc rule vi quyn ca domain administrator, c th trin khai kim sot v chng thc c domain user. La chn stand-alone hay mtiber server c th xti l la chn gia bo mt vi phc tp cu hnh v ... ti tin. Xt trn kh nng chn lc hu hiu ca ISA, a s t chc thin v phng n gim phc tp v bo ton ... ngn qu tc ci ISA trn domain mtiber server. Tuy nhin, cc bc ci t l nh nhau trn c hai mi trng

1.7. Nhng lu rt quan trng khi ci t:


- Kch hot tp tin ISAAutorun.exe t a ci t ISA 2006. - Hp thoi Microsoft Internet Security and Acceleration Server 2006: Nu ISA c th truy cp internet, nn chn Review Release Notes v c release notes. Vn bn ny c mt s thng tin quan trng m t nhng thay i chc nng c bn m ta khng th tm c trong phn gip (Help) ca chng trnh ISA. Sau khi tham kho release notes, chn Install ISA Server 2006.

Trang 16

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Hp thoi Setup Type: Khc vi ISA 2004, ISA 2006 khng c phng thc ci Firewall Client Installation Share trn ISA server. Do vy, ch chn Custom (trn hp thoi k tip, chn Change) nu khng mun ci ISA trn a h thng hin hnh. Nu khng, chn Next. - Hp thoi Internal Network: Khai bo tt c cc khong IP thuc h mng ni b. Gi s h mng c cu trc nh u bi vit, cn phi khai bo 03 khong: 192.168.1.0 - 192.168.1.255, 192.168.2.0 - 192.168.2.255 v 192.168.3.0 192.168.3.255 (ISA tng thch RFC 1812). Nu khai bo thiu mt phn on mng no trong LAN th thng tin t phn on mng (khi n vi ISA) s b ISA xti nh "ngi ngoi" (External). ISA xti Internal Network l mt "vng tin cy" (trusted zone) v dng Internal Network trong cc Systti Policy rule phc v hot ng ca h iu hnh. Khai bo Internal Network sai hoc thiu s nh hng khng ch hot ng ca cc my trong LAN m cn nh hng n chnh ISA. - Hp thoi Firewall Client Connections: Ch cn check "Allow non-encrypted Firewall client connections" nu trong LAN c cc my c ci cc phin bn trc ca WinSock Proxy (MS Proxy Server 2.0) hoc Firewall Client ISA 2000. Nu chn phng thc ny th user name v password t cc my trong LAN gi n ISA s khng c m ha. Cch ti u l nn ci Firewall Client ISA 2006 trn cc my trm.

Phn 2: Tin hnh ci t ISA Server 2006


2.1. Gii thiu ISA Server 2006 l phin bn mi nht ca sn phm Microsoft ISA Server. V giao din th ISA 2006 ging ISA 2004 n 90%. Tuy nhin, n c nhng tnh nng mi ni tri hn m ISA 2004 vn cn hn ch, chng hn nh: + Pht trin h tr OWA, OMA , ActiveSync v RPC/HTTP pubishing + H tr SharePoint Portal Server + H tr cho vic kt ni nhiu certificates ti 1 Web listener + H tr vic chng thc LDAP cho Web Publishing Rules +

Trang 17

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.1.a: M hnh ISA server 2006

2.2. Chun b
Bao gm 2 my: - My DC: Windows Server 2003 nng cp ln Domain Controller
-

My Server: Windows Sever 2003 Join domain Cu hnh TCP/IP cho 2 my nh trong bng sau:

Card INT My ISA Server IP Address: 172.16.1.1 Card EXT IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0Subnet Mask: 255.255.255.0 Gateway: Preferred DNS: 172.16.1.2 Preferred DNS: My DC IP Address: 172.16.1.2 Subnet Mask: 255.255.255.0 Gateway: 172.16.1.1 Preferred DNS: 172.16.1.2 Gateway: 192.168.1.200 (a ch ADSL Router)

Trang 18

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

2.3. Thc hin 2.3.1. Ci t ISA Server 2006


- M Windows Explorer, vo th mc cha b ci t ISA SERVER 2006 - Chy file isaautorun.exe (Bn c th chy isauotorun.exe t CD ci t ISA Server 2006)

Hnh 2.3.1.a: Chn File

- Chn Install ISA Server 2006

Trang 19

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.1.b - Hp thoi Welcome to the Install Wizard, nhn Next

Hnh 2.3.1.c: Next


Trang 20

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Chn I accept the terms in the license agretient, nhn Next

Hnh 2.3.1.d: Click chn v next - Hp thoi Setup Type, chn Custom

Hnh 2.3.1.e: Chn typical

Trang 21

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Chn Install ISA Server v ISA Server Managtient, nhn Next

- Trong hp thoi Internal Network, nhn chn Add

Hnh 2.3.1.f: ADD - Sau bn chn Add Adapter

Hnh 2.3.1.g
Trang 22

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- nh du chn Int (Interface mt trong ca my ISA), chn OK

Hnh 2.3.1.h: CHn Lan - Chn IP: 172.16.255.255, nhn Delete

Hnh 2.3.1.i: Rtiove

Trang 23

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Chn OK

Hnh 2.3.1.j:

Hnh 2.3.1.k

Trang 24

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Tip theo trong hp thoi Firewalll Client Connections, nh du check vo Allow non-encrypted Firewall client connections

Hnh 2.3.1.l: Chn allow v Next - Tip theo bn ci t theo mc nh

Hnh 2.3.1.m: Next

Trang 25

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.1.n: Install - Hp thoi Installation Wizard Completed, nhn Finish

Hnh 2.3.1.p: Kt thc

2.3.2. Ci t v cu hnh Firewall Client trn my DC


Trang 26

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Ti my DC, logon MSOpenLab\Administrator - Ci t ISA Firewall Client trong a CD ci t (th mc Client)

Hnh 2.3.2.a: Chn client - Hp thoi Welcome to the Install, nhn Next

Hnh 2.3.2.b: Next - Tip theo bn ci t theo mc nh


Trang 27

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.2.c: Next - Hp thoi ISA Server Computer Selection, nhp vo a ch IP ca my ISA Server, nhn Next

Hnh 2.3.2.c: Nhp IP

Trang 28

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.2.d - Nhn Finish kt thc qu trnh ci t

Hnh 2.3.2.e

2.3.3. Cu hnh Auto Discovery


Trang 29

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- M ISA Server Managtient, phn Configuration, chn Network. khung bn phi, right click Internal, chn Properties

Hnh 2.3.3.a: Chn networks

- Chn tab Auto Discovery, nh du check vo Publish automatic discovery information for this network

Hnh 2.3.3.b: Internal

Trang 30

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.3.c: click chn Publish - Nhn Apply

Hnh 2.3.3.d: Apply - Ti my DC, m DNS manager t Administrative Tools - Click phi vo zone MSOpenLab.Com chn New Alias (CNAME)

Trang 31

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.3.e: New alas - Nhp WPAD vo Alias name - khung FQDN, bn Browse n my ISA Server

Hnh 2.3.3.f: Tm n ISA server

Trang 32

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Sau bn Restart li DNS - Vo cmd, g lnh ipconfig /flushdns xa cache DNS

Hnh 2.3.3.g: Xa cache - M ISA Firewall Client, vo tab Setting, chn Automatically detected ISA Server, chn Detect Now, kim tra my client detect uc tn my ISA Server, chn OK

Hnh 2.3.3.h: Kim duyt

Trang 33

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

2.3.4. To Access Rule kim tra kt ni Internet


- Ti my ISA Server, m ISA Server Managtient, chut phi Firewall Policy, chn New, chn Access Rule

Hnh 2.3.4.a: Chn new, accessrule - Hp thoi Access Rule Names, t tn rule l: Allow to Internet

Hnh 2.3.4.b: Allow to Internet

Trang 34

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

- Hp thoi Rule Action, bn chn Allow

Hnh 2.3.4.c:chn Allow - Hp thoi Protocols, chn All outbound traffic

Hnh 2.3.4.d: Chn All outbound traffic - Hp thoi Access Rule Sources, nhn Add, chn 2 mc: Internal v Localhost
Trang 35

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.4.e: Chn local Host - Hp thoi Access Rule Destinations, nhn Add, chn External

Hnh 2.3.4.f: Add - Hp thoi User Sets, chn All User


Trang 36

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.4.g: All user - Nhn Finish

Hnh 2.3.4.h: Kt thc

- Nhn Apply
Trang 37

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.4.i:

Hnh 2.3.4.j

- C 2 my truy cp trang: www.google.com.vn, kim tra truy cp thnh cng

Trang 38

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

Hnh 2.3.4.k: Kim tra

Trang 39

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

KT LUN
1.u im
C c s hng dn v ch bo kp thi ca gio vin hng dn. Ging vin lun lun gim st trong qu trnh lm n . Ti liu v ti kh nhiu v t nhiu ngun khc nhau nn trong qu trnh lm n ti c tr gip rt nhiu. Trong qu trnh thc hin n, ti rt ra c rt nhiu bi hc b ch cho chuyn ngnh ca mnh. Qua y to cho ti c s v nh hng cho ngnh hc ti chn.

2. Nhc im
V y l mt h thng tng i mi m i vi sinh vin nn vic tm hiu cha tht thu o. Cha th thc hin ci t trc tip kim chng Thi gian thc hin n tng i ngn nn khng thi gian tm hiu su v ti. Do vy khng m rng c n. Ti liu v ti c qu nhiu ngun c c chnh xc ln khng chnh xc, nn rt tn thi gian chn lc ti liu ph hp.

3. Hng pht trin ca n


Tin hnh ci t trc tip trn my server/ client c th nm r c c ch hot ng ca Proxy server. Nghin cu pht trin ti c hon thin hn, tm hiu thm mt s vn lin quan nh trin khai Firewall ISA, FaceIp trn my c nhn.

Trang 40

TRNG H KHOA HC HU KHOA CNG NGH THNG TIN

TI LIU THAM KHO


Mt s website v tin hc: http://msopenlab.com http://911.com.vn http://quantrimang.com http://ebook.com.vn Cng mt s ti liu khc.

Trang 41