61

Ti: TM HIU V FIREWALL

Thc hin: Phm

Huy Thun

Nha Trang thng 4 nm 2012

61

MC LC
Contents Page
Contents Page........................................................................................................................... 2 Li m u.................................................................................................................. 4 CHNG I: TNG QUAN V ISA SERVER 2006...........................................................5 1. Gii thiu v ISA server 2006.............................................................................. 5 2. Cc phin bn ca ISA server 2006.....................................................................5 3. Tnh nng chnh ca ISA server 2006..................................................................5 CHNG II: Ci t ISA Server 2006 .........................................................................7 1.Yu cu cu hnh c bn...................................................................................... 7 2. Tin trnh ci t................................................................................................. 8 CHNG III: PHN LOI V CU HNH ISA SERVER CLIENTS....................................13 1. Phn loi............................................................................................................ 13 2. Cu hnh............................................................................................................ 14 a. SecureNAT Client............................................................................................ 14 b. Web Proxy Client............................................................................................ 15 c. Firewall Client................................................................................................. 16 CHNG IV: Trin khai ISA server 2006...................................................................17 1. To Rule ........................................................................................................... 17 2. Publish Web....................................................................................................... 23 3.VPN..................................................................................................................... 32 a. VPN Client to Site .......................................................................................... 32 b. VPN Site to Site.............................................................................................. 39 4. To Caching...................................................................................................... 52 CHNG V: MT S M HNH ISA FIREWALL THNG GP...................................62 1. Edge Firewall..................................................................................................... 62 2. 3-Leg Perimeter................................................................................................. 63 3. Front/Back Firewall............................................................................................ 64

61

CHNG VI. TNG KT............................................................................................ 65

61

Li m u
Trong thi i ngy ny Internet khng ngng pht trin v vn xa, p ng cc nhu cu ca ngi s dng, nhng vn nh gio dc t xa, t vn Y t, mua hng trc tuyn,vv. Khng cn l nhng khi nim tru tng na. Vi Internet mi th trong m tr thnh hin thc. Trong nhng nm gn y vi tr ca Cng ngh thng tin (CNTT) v ang c khng nh mt cch r nt. S pht trin ca CNTT tc ng tch cc n mi mt ca i sng chnh tr, kinh t, vn ha, x hi ca loi ngi, to ra s pht trin vt bc cha tng c trong lch s. ng dng CNTT c hiu qu v bn vng ang l tiu ch hng u ca nhiu quc gia. CNTT gip con ngi xch li gn nhau hn, khin cho khong cch a l khng cn tn ti l lc y cho mi hot ng trn mi lnh vc ca Quc gia. Xt theo bnh din l mt doanh nghip th hiu qu l iu bt buc v bn vng cng l tt yu. Di gc nhn ca mt chuyn gia v bo mt h thng, khi trin khai mt h thng thng tin v xy dng c c ch bo v cht ch, an ton, nh vy l gp phn duy tr tnh bn vng cho h thng thng tin ca doanh nghip . V tt c chng ta u hiu rng gi tr thng tin ca doanh nghip l ti sn v gi. Khng ch thun ty v vt cht, nhng gi tr khc khng th o m c nh uy tn ca h vi khch hng s ra sao, nu nhng thng tin giao dch vi khch hng b nh cp, ri sau b li dng vi nhng mc ch khc nhau..Hacker, attacker, virus, worm, phishing, nhng khi nim ny gi y khng cn xa l, v thc s l mi lo ngi hng u ca tt c cc h thng thng tin (PCs, Enterprise Networks, Internet, vv..). V chnh v vy, tt c nhng h thng ny cn trang b nhng cng c mnh, am hiu cch x l i ph vi nhng th lc en ti . Trc ht vi vai tr ca mt qun tr vin chng ta cn xy dng thc s dng my tnh cho cc nhn vin trong t chc doanh nghip mnh. Tip theo l cn mt cng t c lc mnh cng chng ta chng li cc th lc trn. l cc Firewall, t Personal Firewall bo v cho tng Computer cho n cc Enterprise Firewall c kh nng bo v ton h thng Network ca mt T chc. V Microsoft ISA Server 2006 l mt Enterprise Firewall nh th ! Mt sn phm tt v l ngi bn tin cy bo v an ton cho cc h thng thng tin. Vy ISA server l g? Cch thc trin khai v cu hnh ca n ra sao? Chc nng ca ISA nh th no? Tc dng ca ISA trong mi trng network..vv..vv. Chuyn ny s gii p nhng cu hi . V s cung cp mt ci nhn chi tit, r nt v ISA server.

61

CHNG I: TNG QUAN V ISA SERVER 2006

1. Gii thiu v ISA server 2006
Microsoft Internet Security and Acceleration Sever (ISA Server) l phn mm xy dng bc tng la (Firewall) kh ni ting v c s dng kh ph bin ca hng phn mm Microsoft. C th ni y l mt phn mm share internet kh hiu qu, n nh, d cu hnh, firewall tt, nhiu tnh nng cho php bn cu hnh sao cho tng thch vi mng LAN ca bn. Tc nhanh nh ch cache thng minh, vi tnh nng lu Cache vo RAM (Random Access Memory), gip bn truy xut thng tin nhanh hn, v tnh nng Schedule Cache (Lp lch cho t ng download thng tin trn cc WebServer lu vo Cache v my con ch cn ly thng tin trn cc Webserver bng mng LAN). Ngoi ra cn rt nhiu cc tnh nng khc na 2. Cc phin bn ca ISA server 2006 Standard : ISA Server 2006 Standard p ng nhu cu bo v v chia s bng thng cho cc cng ty c quy m trung bnh.
Enterprise : ISA Server 2006 Enterprise c s dng trong cc m hnh mng

ln, p ng nhiu yu cu truy xut ca ngi dng bn trong v ngoi h thng. Ngoi nhng tnh nng c trn ISA Server 2006, bn Enterprise cn cho php thit lp h thng mng cc ISA Server cng s dng mt chnh sch, iu ny gip d dng qun l v cung cp tnh nng Load Balancing (cn bng ti). 3. Tnh nng chnh ca ISA server 2006 ISA server l mt trong cc phn mm my ch thuc dng .NET Enterprise Server. Cc sn phm thuc dng .NET Enterprise Server l cc serverng dng ton din ca Microsoft trong vic xy dng, trin khai, qun l, tch hp, cc gii php da trn web v cc dch v. ISA server mang li mt s cc li ch cho cc t chc cn kt ni Internet nhanh, bo mt, d qun l Truy cp Web nhanh vi cache hiu sut cao:
o

Ngi dng c th truy cp web nhanh hn bng cci tng ti ch trong cache so vi vic phi kt ni vo Internet lc no cng tim tng nguy c tc nghn.

o Gim gi thnh bng thng nh gim lu lng internet

61

o Phn tn ni dung ca cc Web server v ccng dng thng miin t mt cch hiu qu,pngc nhu cu khch hng trn ton cu (kh nng phn phi ni dung web ch c trn phin bn ISA server Enterprise) Kt ni Internet an ton nh nhiu lp o Bo v mng trc cc truy nhp bt hp php bng cnh gim st lu lng mng ti nhiu lp.
o

Bo v cc my ch web, email v cc ng dng khc khi s tn cng t bn ngoi bng vic s dng web v server qung b x l mt cch an ton cc yu cu n

o Lc lu lng mngi vn m bo an ton. o Cung cp truy cp an toan cho ngi dng hp l t Internet ti mng ni ti nh s dng mng ringo (VPN) Qun l thng nht vi s qun tr tch hp
o iu khin truy cp tp trung m bo tnh an ton v pht huy hiu lc ca cc chnh sch vn hnh o Tng hiu xut nh vic gii hn truy cp ti internet ca mt s cc ng dng v ch n o Cp pht bng thng ph hp vi cc u tin o Cung cp cc cng c gim st ch ra cc kt ni internet c s dng nh th no o T ng ha cc dch v nh s dng script Kh nng m rng o Ch trng ti an ton v thi hnh nh s dng ISA server software development kit (SDK) vi cc thnh phn b sung o Chc nng m rng an ton cho cc sn xut th ba o T ng cc tc v qun tr vi cc i tng script COM ( component object model)

61

CHNG II: Ci t ISA Server 2006

1. Yu cu cu hnh c bn

Internet link Up to 5 T1 7.5 megabits Up to 25 Mbps bandwidth per second (Mbps) Processors/Core s Processor type 1 Pentium III750 megahertz (MHz) or higher 1

Up to T3 Up to 90 45 Mbps Mbps 2 2/2 Xeon Dual Core AMD Dual Core 2.03.0 GHz

Pentium 4 3.0 Xeon3.0 4.0 gigahertz(GHz) 4.0 GHz

Memory

512 megabytes(MB)

512 MB

1 gigabyte (GB)

2 GB

Disk space

150 MB

2.5 GB

5 GB

10 GB

Network adapter

10/100 Mbps

10/100 Mbps

100/1000 Mbps

100/1000 Mbps

S VPN ng 150 thi kt ni

700

850

2000

61

2. Tin trnh ci t
Trc tin ci t ISA th yu cu my ISA phi c t nht 2 card mng, mt card ni vi mng bn trong (Internal) v card mang cn li ni ra Internet (External) Cho a ISA server 2006 vo v chn Install ISA server 2006

Trong ca s Setup type chn Typical nu bn mun ci t theo ch mc nh v chn Custom nu mun ci t bng tay di y ti chn Custom Next

61

Sau chng ta nhp Next

Ti ca s Internal Network nhp Add

61

Chn tip Add Adapter

Trong Select Network Adapter, chn card mang no trc tip ni vo LAN OK

61

Nhp Next

Nhp Next Install Finish

61

y l giao din ca ISA server 2006 sau khi chng ta ci thnh cng

61

CHNG III: PHN LOI V CU HNH ISA SERVER CLIENTS

Mt ISA Server 2006 client l my tnh kt ni n cc ngun ti nguyn khc thng qua ISA Server 2006 firewall. Nhn chung, cc ISA Server 2006 client thng c t trong mt Internal hay perimeter network DMZ v kt ni ra Internet qua ISA Server 2006

1. Phn loi
C 3 loi ISA Server 2006 client:
SecureNAT client l my tnh c cu hnh vi thng s chnh Default gateway

gip nh tuyn ra Internet thng qua ISA Server 2006 firewall. Nu SecureNAT client nm trn Mng trc tip kt ni n ISA Server 2006 firewall, thng s default gateway ca SecureNAT client chnh l IP address ca network card trn ISA Server 2006 firewall gn vi Network . Nu SecureNAT client nm trn mt Network xa ISA Server 2006 firewall, khi SecureNAT client s cu hnh thng s default gateway l IP address ca router gn n nht, Router ny s gip nh tuyn thng tin t SecureNAT client n ISA Server 2006 firewall ra Internet. Web Proxy client l my tnh c trnh duyt internet (vd:Internet Explorer) c cu hnh dng ISA Server 2006 firewall nh mt Web Proxy server ca n. Web browser c th cu hnh s dng IP address ca ISA Server 2006 firewall lm Web Proxy server ca n cu hnh th cng, hoc c th cu hnh t ng thng qua cc Web Proxy autoconfiguration script ca ISA Server 2006 firewall. Cc autoconfiguration script cung cp mc ty bin cao trong vic iu khin lm th no Web Proxy clients c h kt ni Internet. Tn ca User (User name) c ghi nhn trong cc Web Proxy logs khi my tnh c cu hnh nh mt Web Proxy client.
Firewall client l my tnh c ci Firewall client software. Firewall client software

chn tt c cc yu cu thuc dng Winsock application (thng thng, l tt c cc ng dng chy trn TCP v UDP) v y cc yu cu ny trc tip n Firewall service trn ISA Server 2006 firewall. User names s t ng c a vo Firewall service log khi my tnh Firewall client thc hin kt ni Internet thng qua ISA Server 2006 firewall. Di y l bng so snh cc dng ISA server 2006 Client

61

Feature
Cn phi ci t

SecureNAT client

Firewall client

Web client

Proxy

Khng, ch cn xc lp Yes. Cn ci t Khng, ch cn thng s default gateway software cu hnh cc thng s ph hp ti trnh duyt WebWeb browser H tr H iu Bt c OS no h tr Ch Windows Bt k OS no c hnh no TCP/IP h tr cc Web application H tr Protocol Nh c b lc ng dng Hu ht cc ng HTTP, Secure -Application filters c dng trn Internet HTTP th h tr cc ng dng hin nay (HTTPS), v FTP chy kt hp nhiu protocols multiconnectionprotocols c

C h tr xc c, nhng ch dnh cho c thc ngi dng VPN clients hay khng .Nhm kim sot vic User truy cp ra ngoi

2. Cu hnh
a. SecureNAT Client Ti my CLIENT, right click My Network Places icon trn desktop v click Properties. Trong Network and Dial-up Connections, right click Local Area Connection v click Properties. Trong Local Area Connection Properties dialog box, click Internet Protocol (TCP/IP) , click Properties.
Trong Internet Protocol (TCP/IP) Properties dialog box, chng ta khai bo IP,

Subnet mask, DNS, quan trng nht l khai bo Default Gateway sao cho mi thng tin hng ra internet phi c nh tuyn n ISA server.

61

M hnh SecureNAT Client

b. Web Proxy Client Chng ta cu hnh trn Internet Explorer

Trn my CLIENT, right click Internet Explorer icon nm trn desktop,click

Properties. Trong Internet Properties dialog box, click Connections tab. trn Connections tab, click LAN Settings button. Trong Local Area Network (LAN) Settings dialog box. Ti Proxy server chng ta in IP ca ISA server v port 8080

61

c. Firewall Client Vo th mc Client trong a ISA 2006 chy file setup.exe .

61

Chn option I accept the terms in the licene agreement Next Next.

Chn option Connect ti this ISA server computer, nhp vo IP internal ca my ISA Next Install.

CHNG IV: Trin khai ISA server 2006

1. To Rule
To Rule cho php ngi qun tr c th cho php hay cm bt k my no trong mng hay ton b mng . Sau y l cc bc to ra 1 Access Rule Chy chng trnh ISA bng cc click chut vo ISA server Management Right click vo Firewall Policy chn New chn Access Rule

61

Sau ca s New Access Rule wizard hin ra chng ta g tn cho Rule chng hn nh Allow Internal to Internet vo Access Rule Name Next

61

Sau chng ta chn hnh ng cho rule l Allow ( cho php) hay Deny ( cm ) v click next

61

Sau chng ta s chn Protocol cho rule, nu chng ta cho my trm truy cp Internet v Email th chng ta ch chn cc giao thc nh DNS, http, https, POP3,SMTP chn rule ta click Add Next

Bc tip theo chng ta chn Source cho rule click Add sau chon ci bn mun add y ti chn Internal v Local Host. y l ngun l nhng mang hay my tnh bn mun cho php hay cm

61

Tip theo chng ta s chon Destination click Add chn im n

Chn Next sau chng ta chn User cho rule

61

Sau chng ta c th xem li cc option chng ta chn v finish kt thc vic to rule

Cui cng chng ta chn Apply thc thi Rule

61

2. Publish Web
Ti my ISA Server bt chng trnh ISA ln tip tc trong Firewall Policy to mt Rule mi bng cch chn New Web Site Publishing Rule

Sau chng ta t tn cho Rule ( vd nh Publish wed )

61

Trong Rule Action chn Allow Next

Chn Publish a single Web site or load balancer trong Publishing Type Next

61

Vi Rule ny chng ta s Publish dch v HTTP trc nn trong Server Connection Sercurity ti chn la chn Use non-secured connections to conect the published Web server or server farm Next

Internal site name bn nhp tn ca Wed server v click vo Use a computer name or IP address to connect to the published server sau in IP ca Wed server vo Next

61

Trong Internal Publishing Details bn cha trng Path Next

Trong tab Accept requests for chng ta chon Any domain name Next

61

Trong ca s Select Web Listener cha tn ti cc Web Listener no c v vy ta phi to cc Listener mi cho n. Nhp New

Sau chng ta t tn cho Web Listener Next

61

Tip tc chn ty chn l Do not require SSL secured connections with clients ch Publish dch v HTTP m thi Next

Chn External trong Web Listener IP Address Next

61

Ti Authentications Settings chn No Authentication Next

Nhp Next Finish

61

Nhp Next

61

Chn ty chn No delegation, and cliecnt cannot authenticate directly trong Authentication Delegation Next

Chn All Users trong User Sets

61

Mn hnh to Rule Publish Web sau khi hon tt

3.VPN
a. VPN Client to Site

Trc tin cho cc Client truy cp c vo mng thng qua VPN chng ta phi to mt User trn ISA server, click chut phi vo User chn Properties, chn th Dial-in, chn option Allow access ok, To 1 Group v add User trn vo Group ny

61

Ti my ISA Server bn chn Virtual Private Networks (VPN) chn tip Tab VPN Clients Click vo Configure Address Assignment Method

61

Ti Tab Address Assignment bn nhp mt dy IP gn cho cc my VPN Client trong Static address pool, di IP ny khng c trng vi bt k di no trong mng

Mc nh khi ci t hon tt ISA Server s khng bt VPN Clients ln nn bn tip tc chn Enable VNP Client Access trong bc ci t th 1 bt tnh nng ny.

61

Check vo ty chn Enable VPN client access Lu l gi tr trong Maximum number of VPN clients allowed phi nh hn di IP m ta gn cho cc VPN Clients

Sang tab Group add Group chng ta to trc

61

Ti tab protocols chn giao thc bo mt y l PPTP

61

Tip tc chng ta chn mc Firewall Policy to mt Rule mi cho php cc VPN Clients c php truy cp vo bn trong Internal Network t tn cho Rule

Rule Action: Allow Protocol: All outbound traffic Trong Access Rule Sources bn chn mt giao thc duy nht l VPN Clients

61

V cc my Client t bn ngoi truy cp vo bn trong Internal Network nn trong Access Rule Destinations ta chn l Internal

Mn hnh sau khi hon tt

61

b. VPN Site to Site

Trc tin HCM v HANOI c th truy cp c vi nhau thng qua VPN chng ta phi to User trn mi ISA Server Ti my ISA HCM to User/Pass l HCM/123 Ti my ISA HANOI to User/Pass l HANOI/123 Sau Double click vo User HCM chn Tab Dial-in Check ty chn Allow Access trong Remote Access Permission Lm tng t cho User HANOI Trn my ISA server HCM chn Virtual Private Networks (VPN) chn tip Tab Remote Sites Tip tc nhp vo Create VPN Site-to-Site Connection

61

Sau nhp VPN User va c to ra trong mng ca mnh ( HCM ) Next

61

Chn giao thc Point-to-Point Tunneling Protocol (PPTP) Next

Ti Local Network VPN Settings bn nhp mt dy IP gn cho cc my VPN Client trong Static address pool v d ny l dy s 11.0.0.1->11.0.0.100 ( dy IP ny khng c trng vi bt k di IP no trong mang ) Next

61

Trong Remote Site Gateway bn nhp IP Enternal ca mng HANOI Next

Nhp chnh xc VPN User ca mng HANOI vo ca s Remote Authentication Next

61

Tip tc trong ca s Network Addresses bn nhp nguyn dy IP ca mng HANOI vo Address ranges. Ngha l nhp nguyn c dy IP ca Internal Network mng HANOI

Gi nguyn gi tr mc nh trong ca s Site-to-Site Network Rule Next

61

Ty theo bn mun cc mng truy cp vi thng qua cc Protocol no m ti ca s Siteto-Site Network Access Rule bn Add chng vo Next

Sau nhp Finish

61

Mn hnh sau khi hon tt

Vo Firewall Policy bn s thy xut hin thm mt Access Rule mi

61

Vo Configuration/Netwoks chn th Netwok rules s thy rule HCM to Internal Netwok c to ra

Trn my ISA Server HANOI lm tng t nh trn may ISA Server HCM sau khi to User HANOI v cho php Allow Access chn Virtual Private Networks (VPN) chn tip Tab Remote Sites. Tip tc nhp vo Create VPN Site-to-Site Connection

61

Sau nhp VPN User va c to ra trong mng ca mnh ( HANOI ) Next

Chn giao thc Point-to-Point Tunneling Protocol (PPTP) Next

61

Ti Local Network VPN Settings bn nhp mt dy IP gn cho cc my VPN Client trong Static address pool v d ny l dy s 12.0.0.1->12.0.0.100 ( dy IP ny khng c trng vi bt k di IP no trong mang ) Next

Trong Remote Site Gateway bn nhp IP Enternal ca mng HCM Next

Nhp chnh xc VPN User ca mng HCM vo ca s Remote Authentication Next

61

Tip tc trong ca s Network Addresses bn nhp nguyn dy IP ca mng HCM vo Address ranges. Ngha l nhp nguyn c dy IP ca Internal Network HCM.

Gi nguyn gi tr mc nh trong ca s Site-to-Site Network Rule Next

61

Ty theo bn mun cc mng truy cp vi thng qua cc Protocol no m ti ca s Siteto-Site Network Access Rule bn Add chng vo Next

Mn hnh sau khi hon tt

61

61

4. To Caching
Mc nh sau khi ci t hon tt ISA Server s tt Cache i, Enable Cache bn chn Cache trong mc Configuration Ti ISA Server trong mn hnh gia chn Tab Cache Drivers , ca s bn phi chn Tab Tasks chn Define Cache Drives (Enable Caching)

61

Chn a lu Cache v dung lng Cache nhp set OK

61

Chn Save the changes and restart the services

n y ta cu hnh hon tt cho ISA Server Cache th ng tt c cc trang Web, ngha l vi nhng trang Web c ni dung khng c lu tr trong Cache ca ISA s phi tn cng ti nguyn c trang v. Nh vy vi mt s trang Web m ta mun ISA t ng Cache vo thi im nht nh no th ta phi to mt Job cho ISA cp nht ch ng trang ny Tr li my ISA Server chn Tab Content Download Jobs trong Cache tip tc nhp chn Schedule a Content Download Job Enable tnh nng ch ng Cache ln

61

Nhp tn cho Schedule Next

Chn Daily thc hin Cache mi ngy

61

Ch nh gi thc hin Cache ch ng cho ISA trong Daily Frequency

Nhp a ch trang Web m bn mun Cache ch ng vo

61

Gi nguyn gi tr mc nh trong mn hnh Content Caching Next Finish

Sau khi hon tt ta start ln

61

Nh vy mc nh ISA s Cache ton b cc trang Web m User truy cp. Vi mt s trang Web m ni dung thng xuyn thay i (cc trang Web chng khon...) th tnh nng Cache ny xem ra l khng kh thi gii quyt vn ny ta s to Rule nhm loi tr mt s trang m ta khng mun ISA Cache chng u tin ta phi to danh sch cc trang wed khng cache. Chn Firewall Policy, ca s bn phi chon Tab Toolbox click chut phi vo URL Sets chn New URL Set

Trong ca s New URL Set Rule Element ta in tn danh sch v add cc trang wed khng lu cache vo trong danh sch OK

61

Tip theo trong mn hnh ISA Server chn Cache nhp phi vo Cache chn New -> Cache Rule

61

t tn cho Rule ny l Deny Cache

Trong mn hnh Cache Rule Destination ta Add vo danh sch m ta va to lc trc

61

Nhn Next tip tc. Trong mn hnh Content Retrieval ta chn Option u tin l Only if a valid version

Nhn Next tip tc. Trong mn hnh Cache Content chn vo Never, no content will ever be cached Next

61

Nhp Finish

CHNG V: MT S M HNH ISA FIREWALL THNG GP

1. Edge Firewall

y l m hnh mng vi 1 ISA Server ni trc tip vi mng bn trong Internal . Do d nu h thng b bn ngoi tn cng vo v ISA Server b dnh sp th chng c th truy

61

cp vo tt c cc my tnh trong mng Internal Network. Vi m hnh ny tuy h thng vn c bo mt nhng cn tm rt hn ch.

2. 3-Leg Perimeter

Vi m hnh ny trong Internal Network chng ta s chia ra lm 2 nhm Nhm th 1 l cc my nh Mail Server, Web Server... ngi dng t External Network c th truy cp vo Nhm th 2 l cc my ni b cn c bo mt k cng hn nhm th 1 Ti my ISA Server ta cn n 3 Card Lan Card th 1 ni vi cc my thuc nhm th 2 trong Internal Network. ISA Server s m cc Port Outbound ti Card ny Card th 2 ni vi cc my thuc nhm th 1 trong Internal Network. ISA Server s m cc Port Outbound/Inbound ti Card ny Card th 3 ni vi cc my trong External Network. ISA Server s m cc Port Inbound ti Card ny Nh vy nu mt Hacker t External Network tn cng vo mng chng ta, sau khi nh sp c ISA Server chng c th truy cp vo tt c cc my tnh thuc nhm th 1 trong mng Internal Network. Vi m hnh ny tuy h thng vn c bo mt nhng cn cha c cht ch lm.

61

3. Front/Back Firewall

M hnh ny thc cht l mt m rng ca m hnh 3-Leg Perimeter ti m hnh ny ngi ta s dng nhiu ISA Server trong Local Host Khi nu Hacker tn cng mng chng ta chng phi lin tip nh sp nhiu ISA Server trong Local Host, tuy nhin khi mt vi ISA Server ca chng ta b tn cng th pha chng ta c bo ng v c bin php phng th, cng c li h thng an ton hn. M hnh ny tuy l c an ton cao nhng b li chi ph u t cho n l rt tn km.

61

CHNG VI. TNG KT

Hin nay bo mt h thng mng ang l vn nhc nhi ca cc qun tr vin. Mi ngy lm vic li c thm mt nguy c tn cng mi, tinh vi, hin i hn vi nhng hnh thc phc tp v quy m hn. S e da h thng lun rnh rp v d ch mt sai lm nh cng dn n hu qu kh lng. V vy chng ta vi vai tr l mt qun tr vin cn c mt trnh nht nh, lun lun cp nht cng ngh bn cnh l xy dng mt server mnh, mt firewall vng chc..vv.vv. Him ha lun lun tim n, c th l bn ngoi h thng mng ca mnh hay chnh t bn trong t chc. Thc t cc cng ty, hay mt t chc no th nhu cu trao i, tm hiu thng tin l iu thit yu v bt buc khng nhng trong mng cc b m cn ra ngoi Internet na. Nh vy cn c s qun l cht ch, kim sot mi truy cp ca local hay Internal ra ngoi Internet v ngc li. ISA server 2006 xng ng l mt s la chn tin cy. Khng nhng p ng hai iu kin trn ISA server cn c giao din thn thin d s dng v qun l. V vi mt vai tr l qun tr vin chng ta cn nng cao kin thc lin tc cp nht cng ngh a ra nhng la chn ng n nht nhm bo v tt nht, an ton nht cho h thng mng ca t chc hay cng ty mnh m nhim. /.