1.1 An ton mng 1.1.

1 Khi nim an ton mng My tnh c phn cng cha d liu do h iu hnh qn l, a s cc my tnh nht l cc my tnh trong cng ty, doanh nghip c ni mng LAN v Internet. Nu nh my tnh, h thng mng ca bn khng c trang b h thng bo v vy chng khc no bn i khi cn phng mnh m qun kho ca, my tnh ca bn s l mc tiu ca virus, worm, chng c th tn cng vo my tnh hoc c h thng ca bn bt c lc no. Vy an ton mng c ngha l bo v h thng mng, my tnh khi s ph hoi phn cng hay phn mm(chnh sa d liu) m khng c s cho php t nhng ngi c hay v tnh. An ton mng cung cp gii php, chnh sch, bo v my tnh, h thng mng lm cho nhng ngi dng tri php, cng nh cc phn mm cha m c xm nhp bt hp php vo my tnh, h thng mng ca bn

1.1.2 Phn loi cc kiu tn cng h thng ph bin a) Tn cng trc tip Nhng cuc tn cng trc tip thng thng c s dng trong giai on u chim quyn truy nhp bn trong. Mt phng php tn cng c in l d tm tn ngi s dng v mt khu. y l phng php n gin, d thc hin v khng i hi mt iu kin c bit no bt u. K tn cng c th s dng nhng thng tin nh: tn ngi dng, ngy sinh, a ch, s nh, on mt khu. Phng php s dng cc li chng trnh ng dng v bn than h iu hnh c s dng t nhng v tn cng u tin v vn c tip tc chim quyn truy nhp. Trong mt s trng hp phng php ny cho php k tn cng c c quyn ca ngi qun tr h thng(Root hay Administrator). Hai v d thng xuyn c a ra minh ho cho phng php ny l chng trnh sendmail v chng trnh rlogin ca h iu hnh UNIX: +) Sendmail l mt chng trnh phc tp, vi m ngun bao gm hang ngn dng lnh ca ngn ng C. Sendmail c chy vi qun u tin ca ngi qun tr h thng, do chng trnh phi c quyn ghi vo hp th ca nhng ngi s dng my. Sendmail trc tip nhn cc yu cu v th tn trn mng

bn ngoi. y chnh l yu t lm cho Sendmail tr thnh mt ngun cung cp nhng l hng v bo mt truy nhp h thng. +) Rlogin cho php ngi s dng t mt my trn mng truy nhp t xa vo mt my khc s dng ti nguyn ca my ny. b) Nghe trm Vic nghe trm thng tin trn mng c th a li nhng thng tin c ch nh: tn, mt khu ca ngi s dng, cc thng tin mt chuyn qua mng. Vic nghe trm thng c tin hnh ngay sau khi k tn cng chim c quyn truy nhp h thng, thng qua cc chng trnh cho php a card mng(NIC Network Inteface Card) vo ch nhn ton b cc thng tin lu truyn trn mng. Nhng thng tin ny cng c th d dng ly c trn Internet.

c) Gi mo a ch Vic gi mo a ch IP c th thc hin c thng qua vic s dng kh nng dn ng trc tip. Vi cch tn cng ny, k tn cng gi cc gi tin IP ti mng bn trong vi mt a ch IP gi mo(thng thng l a ch ca mt mng hoc mt my c coi l an ton i vi mng bn trong), ng thi cng ch r ng dn m cc gi tin IP phi gi i

d) V hiu ho chc nng ca h thng y l kiu tn cng nhm t lit h thng, khng cho n thc hin chc nng m n thit k. Kiu tn cng ny khng th ngn chn c, do nhng phng tin c t chc tn cng cng chnh l cc phng tin lm vic v truy nhp thng tin trn mng. V d: s dng lnh ping vi tc cao nht c th, buc mt h thng tiu hao ton b tc tnh ton v kh nng ca mng tr li cc lnh ny, khng cn cc ti nguyn thc hin nhng cng vic c ch khc.

e) Li ca ngi qun tr h thng

y khng phi l mt kiu tn cng ca nhng k t nhp, tuy nhin li ca ngi qun tr h thng thng to ra nhng l hng cho php k tn cng s dng truy nhp vo mng ni b f) Tn cng vo yu t con ngi K tn cng c th lin lc vi mt ngi qun tr h thng, gi lm mt ngi s dng yu cu thay i mt khu, thay i quyn truy nhp ca mnh i vi h thng, hoc thm ch thay i mt s cu hnh ca h thng thc hin cc phng php tn cng khc. Vi kiu tn cng ny khng mt thit b no c th ngn chn mt cch hu hiu, v ch c mt cch gio dc ngi s dng mng ni b v nhng yu cu bo mt cao cnh gic vi nhng hin tng ng nghi. Ni chung, yu t con ngi l mt im yu trong bt k h thng bo v no, v ch c s gio dc cng vi tinh thn hp tc t pha ngi s dng c th nng cao c an ton ca h thng bo v.

1.1.3 Tm quan trng ca vic bo mt mng Bo mt mng my tnh c tm quan trng rt ln. Trong hu ht cc lnh vc kinh t, chnh tr, vn ho trong x hi v nht l i vi thi ai hin nay nghnh cng ngh thng tin ang pht trin mnh m v c ng dng rng ln th vic bo mt mng cng tr nn cp thit v quan trng hn bao gi ht. i vi c nhn ngi s dng vic bo mt mng gip h thng my tnh ca mnh khi s dm ng ca hacker, bo v an ton h thng phn cng, phn mm v d liu quan trng. Gip ngi dng cm thy an ton hn khi lm vic trn mi trng mng Internet. i cc Doanh nghip, T chc gip h gi an ton v b mt d liu cc thng tin ti mt, trnh gy mt mt, r r thng tin ra ngoi gy nh hng n danh tin v uy tn ca doanh nghip. To ra mt mi trng kinh doanh lnh mnh gia cc doanh nghip v hiu qu cng vic s cao hn, gim thiu ti a thit hi do nhng cuc tn cng ph hoi ca hacker gy ra Vn an nnh bo mt mng cn lien quan trc tip n an ninh Quc gia, chng s thm nhp, khng b ca tin tc nhm quy ri trt t tron dn chng, tuyn truyn s chng ph ng v Nh nc ta, ly cp thng tin ti mt Quc gia v khi hu qu s khng th lng trc c.

1.1.4 Gii php S bng n ca Cng ngh thng tin(CNTT) v ang anh hng su rng ti mi lnh vc ca cuc sng. i vi cc doanh nghip, CNTT tr thnh mt trong nhng nhn t tng sc mnh, kh nng cnh tranh trn th trng, dng vai tr nn tng trong vic khai thc cc ng dng nghip v. V trong thi i hin nay CNTT cng l cng c khng th thiu cho c nhn ngi dng, hay cc h gia nh nhm tng nng xut cng vic v phc v cho nhu cu tm kim thng tin. Chnh v vy, hin nay mi doanh nghip, c nhn ngi dng ang c gng xy dng cho mnh mt h thng thng tin vng mnh, n nh, an ton v hiu qu. lm c iu phi c mt cng gii php c th ph hp vi tnh hnh thc t hin nay, p ng c nhu cu bo mt thng tin, d liu chng mt mt, sai lch bp mo thng tin ca c nhn hay t chc s dng h thng, cng nh kim sot thng tin t bn trong mng cc b ra ngoi Internet. T nhu cu , h thng Internet Firewall ra i v n ngy cng c hon thin hn p ng c nhu cu ngy cng cao ca ngi s dng, gip bo v tt h thng my tnh c nhn v h thng mng cc b c an ton hn. Firewall ng vai tr nh ngi gc cng.

1.2 Tm hiu v Firewall 1.2.1 Khi nim Firewall Thut ng Firewall c ngun gc t mt k thut thit k trong xy dng ngn chn, hn ch ho hon. Trong cng ngh mng thng tin, Firewall l mt k thut c tch hp vo h thng mng chng s truy cp tri php, nhm bo v cc ngun thng tin ni b v hn ch s xm nhp khng mong mun vo h thng. Cng c th hiu Firewall l mt c ch bo v mng tin tng khi cc mang khng tin tng. Internet Firewall l mt thit b(Phn cng v Phn mm) gia mng ca mt T chc, mt Cng ty, mt Quc gia(Intranet) v Internet. N thc hin vai tr bo mt cc thng tin Intranet t Th gii Internet bn ngoi.

1.2.2 Phn loi v c im Firewall a) Firewall cng L nhng Firewall c tch hp trn Router

c im ca Firewall cng: Khng uc linh hot(Khng th them chc nng, them quy tc). Hot ng tng thp(Network v Transport). Khng th kim tra c ni dung ca gi tin

V d: Firewall cng NAT(Network Address Translate).

b) Firewall mm L nhng Firewall c ci t trn Server

c im ca Firewall mm: Tnh linh hot cao(c th them, bt cc quy tc, cc chc nng). Hot ng tng cao(Application). C th kim tra c ni dung ca cc gi tin(thng qua cc t kho).

V d: Firewall mm Zone Alarm, Norton Firewall, Internet Security Acceleration,

1.2.3 V sao cn Firewall

Nu cc my tnh ca bn khng c bo v, khi bn kt ni Internet, tt c cc giao thng ra vo mng u c cho php, v th hacker, Trojan, Virus c th truy cp v ly cp thng tin c nhn ca bn trn my tnh. Chng c th ci t

cc on m tn cng mt my tnh ca gia nh hoc doanh nghip khc kt ni Internet. Mt Firewall c th gip bn thot khi gi tin him c trc khi n n. 1.2.4 Chc nng Chc nng chnh ca Firewall l kim sot lung thng tin, thit lp c ch iu khin lung thng tin gia Intranet v Internet. Cho php hoc cm nhng dch v truy nhp ra ngoi Cho php hoc cm nhng dch v truy nhp vo trong Theo di lung d liu mng gia Internet v Intranet Kim sot a ch truy nhp, cm a ch truy nhp. Kim sot ngi s dng v vic truy nhp ca ngi s dng Kim sot ni dung thng tin lu chuyn trn mng

1.2.5 Nhim v Firewall 1.2.6 Nhng hn ch ca Firewall 1.2.7 Cc thnh phn ca Firewall v nguyn l hot ng 1.2.8 Kin trc c bn ca Firewall