Wireless Tieng Viet

Nguyn Huy Bc _ in t vin thng_i hc Bch Khoa_H ni
TRNG I HC BCH KHOA H NI

KHOA IN T VIN THNG
----------o0o----------

BO MT MNG LAN KHNG DY
WIRELESS LAN SECURITY

Gio vin hng dn : NGUYN TRUNG DNG
Sinh vin thc hin : NGUYN HUY BC
Lp : Chuyn 2B K44

H NI - 2004
Wireless lan security
Nguyn Huy Bc i Hc Bch Khoa H Ni
2

LI M U............................................................................................................ 7
PHN I....................................................................................................................... 9
GII THIU V WIRELESS LAN........................................................................ 9
I. TNG QUAN V WLAN..................................................................................... 9
1. Tng quan:...........................................................................................................9
2. Cng ngh s dng:.............................................................................................9
3. i tng s dng: ............................................................................................10
4. a im lp t: ...............................................................................................11
5. Kh nng ng dng ti Vit Nam:.....................................................................11
II/ PHNG N K THUT............................................................................... 11
1. Tng quan:.........................................................................................................11
2. Cc tnh nng ca WLAN 802.11 .....................................................................14
3. Truy nhp knh truyn, c ch a truy nhp CSMA/CA:.................................18
4. K thut iu ch:..............................................................................................22
5. K thut truy nhp: ............................................................................................26
6. K thut v tuyn ..............................................................................................27
7. Vn bo mt:.................................................................................................32
III/ PHNG N TRUYN DN N IM T HOTSPOT DNG
XDSL-WAN............................................................................................................. 33
1. Phng n truyn dn:.......................................................................................33
IV/ M HNH U NI CHO CC HOTSPOT............................................... 34
1. Cc k thut trong m hnh Wireless hotspot: ..................................................34
2. M hnh trin khai ca Subscriber Gateway: ....................................................35
3. M hnh u ni ca cc hotspot:......................................................................36
PHN II ................................................................................................................... 38
BO MT MNG LAN KHNG DY............................................................... 38
I/ WEP, WIRED EQUIVALENT PRIVACY...................................................... 38
1. Ti sao Wep c la chn...............................................................................40
2. Cha kha wep...................................................................................................40
3. SERVER qun l cha kha m ha tp trung ..................................................42
4. Cch s dng Wep.............................................................................................43
II/ LC..................................................................................................................... 45
1. Lc SSID...........................................................................................................45
2. Lc a ch MAC...............................................................................................46
3. Circumventing MAC Filters..............................................................................47
4. Lc giao thc.....................................................................................................48
III/ NHNG S TN CNG TRN WLAN...................................................... 49
1. Tn cng b ng...............................................................................................49
2. Tn cng ch ng ............................................................................................50
3
3. Tn cng theo kiu chn p...............................................................................52
4. Tn cng bng cch thu ht...............................................................................53
IV/ CC GII PHP BO MT C NGH .......................................... 55
1. Qun l cha kha WEP ....................................................................................56
2. Wireless VPNs...................................................................................................56
3. K thut cha kha nhy....................................................................................58
4. Temporal Key Integrity Protocol (TKIP)..........................................................58
5. Nhng gii php da trn AES .........................................................................58
6. Wireless Gateways ............................................................................................59
7. 802.1x v giao thc chng thc m..................................................................59
V/ CHNH SCH BO MT................................................................................ 61
1. Bo mt cc thng tin nhy cm.......................................................................61
2. S an ton vt l................................................................................................62
3. Kim k thit b WLAN v kim nh s an ton.............................................63
4. S dng cc gii php bo mt tin tin............................................................63
5. Mng khng dy cng cng ..............................................................................63
6. S truy nhp c kim tra v gii hn ................................................................63
VI/ NHNG KHUYN CO V BO MT..................................................... 64
1. Wep....................................................................................................................64
2. nh c cell .......................................................................................................64
3. S chng thc ngi dng ................................................................................65
4. S bo mt cn thit ..........................................................................................66
5. S dng thm cc cng c bo mt ...................................................................66
6. Theo di cc phn cng tri php......................................................................66
7. Switches hay Hubs ............................................................................................66
8. Wireless DMZ...................................................................................................66
9. Cp nht cc vi chng trnh v cc phn mm................................................67
PH LC................................................................................................................. 68
CC THUT NG C S DNG...............................................................68
S nh v mt WLAN:........................................................................................... 70
Beacons:.................................................................................................................... 70
S ng b:............................................................................................................70
Tp hp cc tham s ca FH v DS: .....................................................................70
Thng tin v SSID: ................................................................................................70
Chng thc v lin kt: .......................................................................................... 70
Qu trnh chng thc h thng m:...................................................................... 71
Chng thc kha chia s: ....................................................................................... 72
Cc thit b c bn ca WLAN.............................................................................. 73
Access Point ............................................................................................................. 73
Anten c nh v anten c th tho ri ................................................................. 75
4
B bin i cng sut u ra:................................................................................. 75
Cu ni khng dy .................................................................................................. 75
Nhm cu ni khng dy........................................................................................ 77
Cc thit b my khch ca WLAN....................................................................... 78
PCMCIA & Compact Flash Cards ........................................................................78
Wireless Ethernet & serial converter.....................................................................78
B tip hp USB....................................................................................................78
PCI & ISA Adapters..............................................................................................79
Wireless Residential Gateways .............................................................................79
Enterprise Wireless Gateway ................................................................................80
Cc Topo mng cn bn trong WLAN................................................................. 81
Tp dch v c bn c lp: Independent Basic Service Set (IBSS) ....................81
Tp dch v c bn: Basic Service Set (BSS) .......................................................81
Tp dch v m rng: Extended Service Set (ESS) ..............................................81
802.11 Frame Format [34 - 2344 bytes]................................................................. 82
802.11 Frame Control Field [16 bits] .................................................................... 82
Danh mc sch tham kho ..................................................................................... 83

5

Danh mc hnh v
Hnh 1: Vai tr v v tr ca Lan............................................................................ 9
Hnh 2: cu trc mng.......................................................................................... 10
Hnh 3: kh nng m rng mng ......................................................................... 12
Hnh 4: kh nng truy cp mng m khng phi i dy...................................... 12
Hnh 5: tin li trong vic xy dng mng trn min ni.................................... 13
Hnh 6: Ti ni c a hnh lng cho ................................................................. 13
Hnh 7: kh nng truy cp trong khi di chuyn ................................................... 13
Hnh 8: truy cp t nh ring............................................................................... 14
Hnh 9: truy cp t cc trng i hc ................................................................ 14
Hnh 10: V tr ca WLAN trn m hnh 7 lp ..................................................... 15
Hnh 11: S lin quan gia tc v bn knh ph sng...................................... 17
Hnh 12: Tc v s AP...................................................................................... 17
Hnh 13: Mt qu trnh truyn t A n B: ........................................................... 19
Hnh 14: u cui n............................................................................................. 19
Hnh 15: u cui hin.......................................................................................... 20
Hnh 16: Gii quyt vn u cui n ................................................................ 20
Hnh 17: Gii quyt vn u cui n ................................................................ 21
Hnh 18: Cc trng thi pha ca PSK.................................................................... 22
Hnh 19: Cc dng tn hiu iu ch...................................................................... 23
Hnh 20: S iu ch BPSK ............................................................................. 23
Hnh 21: Tn hiu iu ch BPSK......................................................................... 24
Hnh 22: B iu ch QPSK.................................................................................. 24
Hnh 23: Tn hiu bng hp ................................................................................... 27
Hnh 24: Nhy tn s ............................................................................................. 28
Hnh 25: Cc knh trong FHSS ............................................................................. 28
Hnh 26: Qu trnh tri v nn ph trong DSSS.................................................... 30
Hnh 27: B tr s knh pht trong mt khu vc ................................................... 31
Hnh 28: Kh nng s dng li tn s ca phng php DSSS ............................ 32
Hnh 29: Phng n truyn dn............................................................................. 34
Hnh 30: M hnh trin khai Gateway................................................................... 36
Hnh 31: M hnh u ni cc Hotspot.................................................................. 36
Hnh 32: S qu trnh m ha s dng WEP.................................................... 39
Hnh 33: S qu trnh gii m WEP ................................................................. 39
Hnh 34: Giao din nhp cha kha Wep............................................................... 41
Hnh 35: S h tr s dng nhiu cha kha WEP................................................ 42
Hnh 36: Cu hnh qun l cha kha m ha tp trung ........................................ 43
Hnh 37: Lc a ch MAC.................................................................................... 46
Hnh 38: Lc giao thc .......................................................................................... 48
6
Hnh 39: Tn cng b ng .................................................................................... 49
Hnh 40: Qu trnh ly cha kha WEP ................................................................. 50
Hnh 41: Tn cng ch ng.................................................................................. 51
Hnh 42: Tn cng theo kiu chn p.................................................................... 52
Hnh 43: Man-in-the-middle attacks...................................................................... 54
Hnh 44: Trc cuc tn cng ............................................................................... 55
Hnh 45: V sau cuc tn cng.............................................................................. 55
Hnh 46: Wireless VPN......................................................................................... 57
Hnh 47: Qu trnh chng thc 802.1x-EAP......................................................... 60
Hnh 48: Wireless DeMilitarized Zone.................................................................. 67

7

LI M U
Cng ngh khng dy l mt phng php chuyn giao t im ny n
im khc m khng s dng ng truyn vt l, m s dng radio, Cell, hng
ngoi v v tinh. Mng khng dy ngy nay bt ngun t nhiu giai on pht
trin. ca thng tin v tuyn, v nhng ng dng in bo v radio. Mc du
mt vi pht minh xut hin t nhng nm 1800, nhng s pht trin ni bt t
c vo k nguyn ca cng ngh in t, v chu nh hng ln ca nn kinh
t hc hin i, cng nh cc khm ph trong lnh vc vt l. Cho n nay,
mng khng dy t c nhng bc pht trin ng k. Ti mt s nc c
nn cng ngh thng tin pht trin, mng khng dy thc s i vo cuc sng.
Ch cn mt laptop, PDA hoc mt phng tin truy nhp mng khng dy bt
k, bn c th truy nhp vo mng bt c ni u, trn c quan, trong nh,
ngoi ng, trong qun cafe, trn my bay v.v, bt c ni u nm trong phm
vi ph sng ca WLAN. Tuy nhin chnh s h tr truy nhp cng cng, cc
phng tin truy nhp li a dng, n gin, cng nh phc tp, kch c cng c
nhiu loi, em li s au u cho cc nh qun tr trong vn bo mt.
Lm th no tch hp c cc bin php bo mt vo cc phng tin truy
nhp, m vn m bo nhng tin ch nh nh gn, gi thnh, hoc vn m bo
h tr truy cp cng cng.v.v.
Trong tp ti liu nh b ny chng ta s c mt ci nhn tng quan v
WLAN, lch s pht trin, chun thc hin, mt s c tnh k thut, cc phng
php bo mt vn c v cc gii php c ngh.
hon thnh tp ti liu ny, em xin cm n:
Thy Nguyn Trung Dng, ging vin khoa in t vin thng, Trng i
hc Bch Khoa-H Ni
Anh Nguyn ng Hng, ph phng Tch hp v pht trin h thng, cng
ty VDC
Anh L Minh c, trng phng k thut, trung tm Saigonctt
ch bo v gip em hon thnh tp ti liu ny.
Ti cng xin cm n gia nh v bn b to iu kin, gip v ng
vin ti trong qu trnh vit tp ti liu ny.

8

Tp ti liu ny c chia lm hai phn
Phn I: Gii thiu v WLAN
Phn II: Bo mt mng WLAN
Trong phn I trnh by mt ci nhn tng quan v Wlan, cng ngh s dng,
cc chun, cc c tnh k thut, kh nng ng dng trn th trng Vit Nam.
Phn ny cng cp n vn a truy nhp, CSMA/CA, k thut iu ch, k
thut a truy nhp, FDMA, TDMA, v CDMA. Trong phn ny cng ni n
vn tri ph, tri ph trc tip v tri ph nhy tn, v gii thiu s qua v
cc phng php bo mt.
Phn II i vo chi tit tng phng php bo mt, cc phng php c
cng nhn chun cng nh cc phng php cn ang xem xt. Cc nguy c
mt an ton i vi mng v cc bin php khc phc. Cui phn l mt vi
khuyn ngh c a ra i vi ngi thc hin, nhm khc phc cc nhc
im c hu ca cc phng php bo mt.
Trong qu trnh lm, do iu kin thi gian v trnh c hn, bn cnh
y li l mt cng ngh cn kh mi Vit Nam, nn t c iu kin tip xc
vi cc thit b thc t, do khng trnh khi mt s sai st.
V vy mong cc bn tham kho v ng gp kin dn hon thin tp ti
liu ny.
Mi kin ng gp xin lin lc theo a ch: Nguyn Huy Bc,
0953.334337 hoc qua hm th: bacnh@dts.com.vn.
Ti xin chn thnh cm n!

Huy Bc, thng 05 nm 2004

9
PHN I
GII THIU V WIRELESS LAN
I. TNG QUAN V WLAN
1. Tng quan:
c ph chun ca IEEE 802.11 vo nm 1999, n nay Wireless Local Area
Network (WLAN) tr ln pht trin mnh trn th gii, tuy nhin mt s
nc m nn cng ngh thng tin mi pht trin nh Vit Nam hin nay th
WLAN vn cn l mt cng ngh kh mi m cn c nghin cu v u t
thch ng...

Hnh 1: Vai tr v v tr ca Lan
2. Cng ngh s dng:
IEEE 802.11: WLAN l mt cng ngh internet khng dy tc cao theo
chun 802.11 IEEE
- Kch thc ph sng mi HOTSPOT: < 300m.
10
- Tn s: Tn s s dng ph bin: 802.11b, 2,4GHz (gii IMS), cng sut
pht : 100mW, rng bng thng 22MHz.
- Tc : 11Mbps vi chun 802.11b
- Bo mt: WEP (Wired Equivalent Privacy)
- H qun l: Radius (Remote Authentication Dial _ In User Service)

Hnh 2: cu trc mng
3. i tng s dng:
- nhng nc pht trin WLAN c trin khai rng ri trong nhng
phng hi ngh vn phng tp on, nhng kho hng ln, nhng lp hc
c s dng Internet thm ch c nhng qun cafe.
- Vi nhng nc nh Vit Nam th cc i tng ng quan tm l cc
khch hng dng Laptop, Pocket PC: C th l cc doanh nhn, cc khch
du lch
- C dn: dng PC + card modem.
- Nhng ngi dng di ng, Sinh vin, . . .
11
4. a im lp t:
- Ti cc khu tp trung ng ngi nh: Cc vn phng, ta nh,trng i
hc, sn bay, nh ga, sn vn ng, khu trin lm, khch sn, siu th, khu
dn c. . .
5. Kh nng ng dng ti Vit Nam:
- Vit nam l mt nc cng ngh thng tin ang trn pht trin nhanh
chng, v vy tim nng khai thc l rt ln.
- Hn th trong nhng nm va qua v nhng nm ti, Vit Nam l im
n ca cc nh u t, cc khch du lch nc ngoi, nm 2003 va qua c
cc gii th thao ln nh Seagames, Paragames .v.v. Cc khch quc t, du
lch c Laptop cm card ni mng WLAN, hoc Laptop i mi Cetrino
l i tng ngi dng. (theo boingo: nm 2005 90% Laptop c sn tnh
nng kt ni mng WLAN m khng cn n card ring, M 27 triu trn
tng s 36 triu doanh nhn c my tnh xch tay)
- Dn c nm trong vng HOTSPOT dng card chuyn dng (di 100
USD) l i tng ca nh u t.
- Nu c nhng chnh sch u t gim gi thch hp, th i tng sinh
vin cc trng i hc s dng Laptop, PC, PDA, Pocket PC l i tng
tim nng cn quan tm, cn pht trin s im HOTSPOT, gim gi cc,
c chin dch xc tin, tip th.
II/ PHNG N K THUT
1. Tng quan:
WLAN l mt cng ngh truy cp mng bng rng khng dy theo chun
ca 802.11 ca IEEE. c pht trin vi mc ch ban u l mt sn phm
phc v gia nh v vn phng kt ni cc my tnh c nhn m khng cn
dy, n cho php trao i d liu qua sng radio vi tc rt nhanh. L c
hi cung cp ng truy cp internet bng thng rng ngy cng nhiu
cc a im cng cng nh sn bay, ca hng cafe, nh ga, cc trung tm
thng mi hay trung tm bo ch .
Tiu chun IEEE 802.11 nh ngha c hai kiu c s h tng, vi s
lng ti thiu cc im truy nhp trung tm ti mt mng hu tuyn, v mt
ch l Peer-to-peer, trong mt tp hp nhng i v tuyn lin lc trc
tip vi nhau m khng cn mt im truy nhp trung tm hoc mng v
tuyn no. S hp dn ca WLAN l tnh linh hot ca chng. Chng c th
m rng m rng truy cp ti cc mng cc b, nh Intranet, cng nh h tr
12
s truy nhp bng rng ti Internet ti cc Hotspot. WLAN c th cung cp
kt ni khng dy nhanh chng v d dng ti cc my tnh, cc my mc
hay cc h thng trong mt khu vc, ni m cc h thng c s h tng
truyn thng c nh khng tn ti hoc ni m s truy nhp nh vy l
khng c php. Ngi dung c th c nh hoc di ng hoc thm ch c
th ang ngi trn mt phng tin chuyn ng. Mt vi hnh v sau s a
ra cho ban ci nhn tng quan v kh nng ng dng ca WLAN:
V kh nng s dng WLAN m rng mng hu tuyn thng thng, vi
tc cao v tin li trong truy nhp mng

Hnh 3: kh nng m rng mng
V kh nng truy cp mng trong cc ta nh, nh kho, bn bi m khng
gp phi vn tn km v phc tp trong vic di dy

Hnh 4: kh nng truy cp mng m khng phi i dy
13

V kh nng n gin ha vic kt ni mng gia hai ta nh m gia chng
l a hnh phc tp kh thi cng i vi mng thng thng

Hnh 5: tin li trong vic xy dng mng trn min ni
hay cc khu vc c a hnh lng ging vn c th truy cp mng bnh
thng nh cc ni khc

Hnh 6: Ti ni c a hnh lng cho
v s tin li trong vic truy cp mng m vn c th di chuyn

Hnh 7: kh nng truy cp trong khi di chuyn
14
T cc vn phng, nh ring

Hnh 8: truy cp t nh ring
n cc khu ln hn nhiu nh cc trng i hc, cc khu trung c u c
th truy cp mng vi tc cao v qu trnh thit lp n gin

Hnh 9: truy cp t cc trng i hc
2. Cc tnh nng ca WLAN 802.11
WLAN l cng ngh thuc lp truy nhp (hnh v), n v bn cht l mt
mng LAN c c ch trnh xung t CSMA/CA
15

Hnh 10: V tr ca WLAN trn m hnh 7 lp
IEEE 802.11 gm c cc chun:
- 802.11a: 56 GHz, 54Mbps, S dng phng php iu ch OFDM
(Orthogonal Frequency Division Multiplexing), hot ng di tn 56 GHz,
tc truyn d liu ln ti 54Mbps, hin chun ny ang c mt s hng u
t hy vng chim lnh th trng thay cho chun 802.11b.
- 802.11b: 2.4GHz, 11Mbps, DSSS y l mt chun kh ph bin, n hat
ng di tn 2.4GHz, l di tn ISM (Industrial, Scientific v Medical). M,
thit b hot ng di tn ny khng phi ng k. Tc truyn d liu c th
ln n 11Mbps. Wi-Fi l tn gi ca cc dng sn phm tng thch vi chun
802.11b v c m bo bi t chc WECA (Wireless Ethernet Compatibility
Alliance).
- 802.11c: h tr cc khung (frame) thng tin ca 802.11.
- 802.11d: cng h tr cc khung thng tin ca 802.11 nhng tun theo
nhng tiu chun mi.
- 802.11e: nng cao QoS lp MAC.
- 802.11f: Inter Access Point Protocol
- 802.11g: (2.4GHz, 54Mbps, OFDM): tng cng s dng di tn 2.4 GHz,
n l phin bn nng cp ca chun 802.11b, c thng qua bi IEEE, tc
truyn th ln ti 54Mbps nhng ch truyn c gia nhng i tng nm
trong khong cch ngn.
16
- 802.11h: c thm tnh nng la chn knh t ng, Dynamic Channel
Selection (DCS) v iu khin cng sut truyn dn (Transmit Power Control).
- 802.1x: mt chun mi c cp nht v thc hin, n cung cp s iu
khin truy cp mng trn cng c s. Mc d lc u IEEE thit k 802.1x cho
thng tin hu tuyn, nhng c p dng cho WLANs cung cp mt vi s
bo mt cn thit. Li ch chnh ca 802.1x i vi WLANs l n cung cp s
chng thc ln nhau gia mt network v mt client ca n.
- 802.11i: nng cao kh nng an ninh bo mt lp MAC, chun ny ang
c hon thin, n s l mt nn tng vng chc cho cc chun WLAN sau ny.
N cung cp nhiu dch v bo mt hn cho WLAN 802.11 bi nhng vn
nh v gn lin vi c s iu khin phng tin truy nhp, Media Access
Control (MAC), ln nhng lp vt l ca mng Wireless. Nhng kiu chng thc
da trn nn tng l 802.1x v giao thc chng thc c th m rng Extensible
Authentication Protocol (EAP), m c th cho php cc nh cung cp to ra mt
vi kh nng chng thc khc. Trong thi gian sau 802.11i c th cung cp mt
s thng nht s dng nhng tiu chun m ha tin tin,advanced encryption
standard (AES) cho nhng dch v m ha ca n, nhng n s vn tng thch
vi thut ton RC4
- 802.11j: l chun thng nht ton cu cho cc tiu chun: IEEE, ETSI,
HiperLAN2, ARIB, HiSWANa.
Vi cc chun 802.11, th chun 802.11b v 802.11g hot ng di tn
2.4GHZ, tuy nhin di tn s ISM l di tn s hot ng m khng cn cp
php, do c th b giao thoa ng k vi cc phng tin nh xe cp cu, t
cnh st, xe taxi, cng nh t nhng ngi dng khc v nhiu thit b gia nh
v vn phng hot ng trong bng ISM. V l m chun 802.11a c a
ra. Nhng tt c cc version khc li s dng di 2.4GHz, do kh nng tng
thch ngc li l mt vn .
802.11a c nhng u im ni bt nh tc truyn d liu nhanh hn,
trong khi 802.11b ch cung cp 3 knh c lp th 802.11a mc d khu vc ph
sng nh hn, li c th cung cp ti 12 knh. Nhng bng thng ph thm ny
c ngha rt qua trng trong vic chng nhiu sng khi thit k mng vi dung
lng ti a. Mt im yu ca 802.11a l di ph sng hp, do chun ny s
dng di tn 5GHz (tn s cng cao th di truyn tn hiu cng ngn).
17

Hnh 11: S lin quan gia tc v bn knh ph sng

Tc truyn d liu thp hn th phm vi hot ng ca AP rng hn, do
vic la chn gia tc truyn v phm vi hot ng cn phi cn nhc, khi
nh hng trc tip ti vic b tr cc AP.

Hnh 12: Tc v s AP
18
Xt trong cng mt phm vi ph sng, th nu yu cu tc l 2Mbps th
ch cn b tr 6 AP, trong khi vi tc truyn yu cu l 5.5Mbps th phm
vi ph sng bao ht khu vc trn th cn gp i s AP, 12 AP (h.v).
Khi nim In-door v Out-door: In-door l khi nim dng v tuyn trong
phm vi khng gian nh, nh trong mt ta nh. Out-door l khi nim dng v
tuyn trong phm vi khng gian ln hn, vi WALN th bn knh n cc CPE (
Customer Premises Equipment) m n qun l c th t 540km. Vi khong
cch nh hn 1km th thm ch CPE khng cn trong tm nhn thng (Light of
Sight) vi AP. CPE l thit b truyn thng c nhn dng kt ni vi mng
trong mt t chc. Thit b CPE bao gm cc thit PBX (Private Branch
Exchange), cc ng in thoi, h thng kha, cc thit b fax, modem, thit
b x l ting ni, v thit b truyn video.
3. Truy nhp knh truyn, c ch a truy nhp CSMA/CA:
Mt trm khng dy mun truyn khung, u tin n s nghe trn mi trng
khng dy xc nh hin c trm no ang truyn hay khng (nhy cm sng
mang). Nu mi trng ny hin dang b chim, trm khng dy tnh ton mt
khong tr lp li ngu nhin. Ngay sau khi thi gian tr tri qua, trm khng
dy li nghe xem liu c trm no ang truyn hay khng. Bng cch to ra thi
gian tr ngu nhin, nhiu trm ang mun truyn tin s khng c gng truyn
li ti cng mt thi im (trnh xung t). Nhng va chm c th xy ra v
khng ging nh Ethernet, chng khng th b pht hin bi cc node truyn
dn. Do , 802.11b dng giao thc Request To Send (RTS)/ Clear To Send
(CTS) vi tn hiu Acknowlegment (ACK) m bo rng mt khung no
c gi v nhn thnh cng.

Important factors:
Wait for silence
Then talk
Listen while talking.
What do we do if theres 2 talkers? Backoff.
Repeat

19

Hnh 13: Mt qu trnh truyn t A n B:

Trong c ch CSMA/CA ta cn quan tm n hai vn l u cui n
(Hidden Terminal) v u cui hin (Exposed Terminal).

Hnh 14: u cui n
A ni chuyn vi B
C cm nhn knh truyn
C khng nghe thy A do C nm ngoi vng ph sng ca A
C quyt nh ni chuyn vi B
Ti B xy ra xung t

20
u cui hin:

Hnh 15: u cui hin
B ni chuyn vi A
C mun ni chuyn vi D
C cm nhn knh truyn v thy n ang bn
C gi im lng (trong khi n hon ton c th ni chuyn vi D)

Gii quyt vn u cui n:

Hnh 16: Gii quyt vn u cui n

A gi RTS cho B
B gi li CTS nu n sn sng nhn
21
C nghe thy CTS
C khng ni chuyn vi B v ch i
A gi d liu thnh cng cho B
Trong trng hp ny nu C mun ni chuyn vi D th n hon
ton c th gim cng sut cho ph hp
Vn t ra l C phi ch bao lu th mi ni chuyn c vi B:
Trong RTS m A gi cho B c cha di ca DATA m n mun gi.
B cha thng tin chiu di ny trong gi CTS m n gi li A
C, khi "nghe" thy gi CTS s bit c chiu di gi d liu v s dng n
t thi gian km hm s truyn.
Gii quyt vn u cui hin:

Hnh 17: Gii quyt vn u cui n
B gi RTS cho A (bao trm c C)
A gi li CTS cho B (nu A ri)
C khng th nghe thy CTS ca A
C coi rng A hoc "cht" hoc ngoi phm vi
C ni chuyn bnh thng vi D
Tuy nhin cn c vn xy ra:
Gi RTS c th b xung t, v d: C v A cng nhn thy c th truyn cho
B v cng gi RTS cho B, ti B s c xung t, nhng xung t ny khng
nghim trng nh xung t gi DATA bi chiu di gi RTS thng nh hn
nhiu DATA. Tuy nhin nhng gi CTS c th gy giao thoa, nu kch thc ca
gi RTS/CTS nh ca DATA thi iu ny rt ng quan tm. Vn ny c
khc phc bng cch to ra mt khong thi gian tr lp li ngu nhin (nh trn
trnh by).
22
4. K thut iu ch:
K thut iu ch s SHIFT KEYING
Hin nay, c rt nhiu phng thc thc hin iu ch s Shift Keying nh:
ASK, FSK, PSK . . . Qu trnh iu ch c thc hin bi kha chuyn (keying)
gia hai trng thi (states), mt cch l thuyt th mt trng thi s l 0 cn mt
trng thi s l 1, (chui 0/1 trc khi iu ch l chui s c m ha ng
truyn).
PSK c pht trin trong sut thi k u ca chng trnh pht trin v
tr v ngy nay c s dng rng ri trong cc h thng thng tin qun s v
thng mi. N to ra xc sut li thp nht vi mc tn hiu thu cho trc khi o
mt chu k du hiu.
a/ Nguyn l c bn ca iu ch PSK
Dng xung nh phn coi nh l u vo ca b iu ch PSK s bin i v pha
dng tn hiu ra thnh mt trng thi xc nh trc, v do tn hiu ra c
biu th bng phng trnh sau

i=1,2,...,M
M=2N, s lng trng thi pha cho php
N= S lng cc bit s liu cn thit thit k trng thi pha M
Nhn chung th c 3 k thut iu ch PSK: khi M=2 th l BPSK, khi M=4
th l QPSK v khi M=8 th l 8(phi)-PSK. Cc trng thi pha ca chng c
minh ho trn hnh .

Hnh 18: Cc trng thi pha ca PSK
23
y cn ghi nh rng khi s lng cc trng thi pha tng ln th tc bit
cng tng nhng tc boud vn gi nguyn. Tuy nhin mun tng tc s
liu th phi tr gi. Ngha l, yu cu v SNR tng ln gia nguyn c
BER (t l li bit).
PSK/Binary PSK (Phase Shifp Keying - Kha chuyn dch pha):
y l phng php thng dng nht, tn hiu sng mang c c iu ch
da vo chui nh phn, tn hiu iu ch c bin khng i v bin i gia
hai trng thi 0
0
v 180
0
, mi trng thi ca tn hiu iu ch c gi l mt
symbol.

Hnh 19: Cc dng tn hiu iu ch

Hnh 20: S iu ch BPSK
24

Hnh 21: Tn hiu iu ch BPSK
QPSK (Quardrature Phase Shift Keying):
phng php BPSK, mi symbol bin din cho mt bit nh phn. Nu mi
symbol ny biu din nhiu hn 1 bit, th s t c mt tc bit ln hn. Vi
QPSKs gp i s data throughput ca PSK vi cng mt bng thng bng cch
mi symbol mang 2 bits. Nh vy trng thi phase ca tn hiu iu ch s
chuyn i gia cc gi tr -90
0
, 0
0
, 90
0
v 180
0
.

Hnh 22: B iu ch QPSK

25
CCK (Complementary Code Keying):
CCK l mt l mt k thut iu ch pht trin t iu ch QPSK, nhng tc
bit t n 11Mbps vi cng mt bng thng (hay dng sng) nh QPSK. y
l mt k thut iu ch rt ph hp cho cc ng dng bng rng. Theo chun
IEEE802.11b, iu ch CCK dng chui s gi ngu nhin complementary
spreading code c chiu di m l 8 v tc chipping rate l 11Mchip/s. 8
complex chips s kt hp to thnh mt symbol n (nh trong QPSK 4
symbol). Khi tc symbol l 1,375MSymbol/s th tc d liu s t c:
1,375x8=11Mbps vi cng bng thng xp x nh iu ch QPSK tc
2Mbps.
4.1 K thut iu ch song cng (DUPLEX SCHEME)
Trong cc h thng im-a im, hin nay tn ti hai k thut song cng
(hot ng c chiu ln v chiu xung, upstream v downstream) l:
Phn chia theo tn s (Frequency Division Duplexing, FDD): K thut ny
cho php chia tn s s dng ra lm hai knh ring bit: mt knh cho chiu
xung v mt knh cho chiu ln.
Phn chia theo thi gian (Time Division Duplexing, TDD): K thut ny mi
hn, cho php lu lng lu thng theo c hai chiu trong cng mt knh,
nhng ti cc khe thi gian khc nhau.
Vic la chn FDD hay TDD ph thuc ch yu vo mc ch s dng chnh
ca h thng, cc ng dng i xng (thoi-voice) hay khng i xng (d liu-
data). K thut FDD s dng bng thng t ra khng hiu qu i vi cc ng
dng d liu. Trong h thng s dng k thut FDD, bng thng cho mi chiu
c phn chia mt cch c nh. Do , nu lu lng ch lu thng theo
chiu xung (downstream), v d nh khi xem cc trang Web, th bng thng
ca chiu ln (upstream) khng c s dng. iu ny li khng xy ra khi h
thng c s dng cho cc ng dng thoi: Hai bn ni chuyn thng ni
nhiu nh nghe, do bng thng ca hai chiu ln, xung c s dng xp x
nh nhau. i vi cc ng dng truyn d liu tc cao hoc ng dng hnh
nh th ch c bng thng chiu xung c s dng, cn chiu ln gn nh
khng c s dng.
i vi k thut TDD, s lng khe thi gian cho mi chiu thay i mt
cch linh hot v thng xuyn. Khi lu lng chiu ln nhiu, s lng khe
thi gian dnh cho chiu ln s c tng ln, v ngc li. Vi s gim st s
lng khe thi gian cho mi chiu, h thng s dng k thut TDD h tr cho
26
s bng n thng lng truyn dn i vi c hai chiu. Nu mt trang Web ln
ang c ti xung th cc khe thi gian ca chiu ln s c chuyn sang cp
pht cho chiu xung.
Nhc im ch yu ca k thut TDD l vic thay i chiu ca lu lng
tn nhiu thi gian, vic cp pht khe thi gian l mt vn rt phc tp cho
cc h thng phn mm. Hn na, k thut TDD yu cu s chnh xc cao v
thi gian. Tt cc my trm trong khu vc ca mt h thng s dng k thut
TDD cn c mt im thi gian tham chiu c th xc c nh chnh xc
cc khe thi gian. Chnh iu ny lm gii hn phm vi a l bao ph i vi
cc h thng im-a im.
5. K thut truy nhp:
FDMA (Frequency Division Multiple Access) a truy nhp phn chia
theo tn s
Ph tn dng cho thng tin lin lc c chia thnh 2N di tn s k tip,
cch nhau bi mt di tn phng v. Mi di tn s c gn cho mt knh lin
lc, N di dnh cho lin lc hng ln, sau mt di tn phn cch l N di tn
dnh cho lin lc hng xung. Mi CPE c cp pht mt i knh lin lc
trong sut thi gian kt ni, nhiu giao thoa xy ra y l rt ng k.
TDMA (Time Division Multiple Access) a truy nhp phn chia theo thi
gian
Ph tn s c chia thnh cc di tn lin lc, mi di tn ny c dng
chung cho N knh lin lc. Mi knh lin lc l mt khe thi gian trong chu k
mt khung. Lin lc c thc hin song cng theo mi hng thuc cc di tn
lin lc khc nhau, iu ny s lm gim nhiu giao thoa mt cch ng k.
CDMA (Code Divison Multiple Access) - a truy nhp phn chia theo m
Mi CPE c gn mt m ring bit, vi k thut tri ph tn hiu gip cho
cc CPE khng gy nhiu ln nhau trong iu kin ng thi dng chung mt
di tn s. Di tn s tn hiu c th rng ti hng chc Mhz. S dng k thut
tri ph phc tp cho php tn hiu v tuyn s dng c cng trng rt nh
v chng pha inh hiu qu hn FDMA, TDMA. Bn cnh vic cc CPE
trong cng mt trm gc s dng chung di tn s s gip cho cu trc h thng
truyn dn thu pht v tuyn tr nn rt n gin.
27
6. K thut v tuyn
Viba truyn thng
Trong k thut vi ba truyn thng mi CPE s c cung cp mt hoc mt cp
tn s bng hp hot ng. Di tn bng hp ny c dnh vnh vin cho
thu bao ng k, mi tn hiu ca cc CPE khc lt vo trong di tn ny c
coi l nhiu v lm nh hng n hot ng ca knh. Vic cp pht tn s nh
trn lm hn ch s ngi s dng knh v tuyn v ti nguyn v tuyn l c
hn. V v l di tn bng hp nn ng nhin s dn n s hn ch v tc
ca knh truyn dn. Do viba truyn thng t ra ch thch hp cho cc ng
dng thoi v d liu tc thp.

Hnh 23: Tn hiu bng hp

K thut tri ph
Khi ti nguyn v tuyn ngy cng tr nn cn kit, ngi ta bt u phi p
dng k thut tri ph nhm nng cao hiu nng s dng tn s. C hai k thut
tri ph thng dng nht hin nay l FHSS v DSSS. Bng thng cho mi CPE
s khng cn l mt di hp m s l ton b bng tn s, vic xc nh CPE
thng qua mt m code ca mi CPE - m gi ngu nhin (PN sequence).

28
FHSS (Frequency Hopping Spread Spectrum)

Hnh 24: Nhy tn s

Hnh 25: Cc knh trong FHSS
29
Tn hiu d liu c truyn trn mt di tn rng bng k thut truyn tn
hiu trn nhng tn s sng mang khc nhau ti nhng thi im khc nhau.
Khong cch gia cc tn s sng mang FHSS c qui nh trc, bng thng
cho mi knh khong 1Mhz, trt t nhy tn c xc nh bng mt hm gi
ngu nhin. FCC yu cu bng thng phi c chia t nht thnh 75 knh
(subchannel). FHSS radio c gii hn ch gi mt lng nh d liu trn mi
knh trong mt chu k thi gian xc nh, trc khi nhy sang knh tn s k
tip trong chui nhy tn. Chu k thi gian ny gi l dwell time, thng c gi
tr khong 400 microseconds. Sau mi bc nhy (hop) thit b thu pht cn
phi thc hin ng b li (resynchronize) vi nhng tn s v tuyn khc trc
khi c th truyn d liu. Mc ch ch yu ca vic nhy tn gi ngu nhin
nh trn l trnh hin tng giao thoa tn hiu do knh d liu khng lm
vic qu lu trn mt knh tn s c th no . Gi s nu nh xy ra nhiu
giao thoa nghim trng trn mt tn s no trong chui nhy tn th n cng
s nh hng khng nhiu n h thng. Bi qu trnh truyn ch c thc hin
ti y trong mt khong thi gian nh.
DSSS (Direct Sequence Spread Strectrum)
DSSS cng thc hin vic tri ph tn hiu nh trn nhng theo mt k thut
hon ton khc. Bng thng ca tn hiu thay v c truyn trn mt bng hp
(narrow band) nh truyn thng vi ba, s c truyn trn mt khong tn s ln
hn bng k thut m ha gi ngu nhin (Pseudo-Noise sequence).

30

Hnh 26: Qu trnh tri v nn ph trong DSSS
Tn hiu bng hp v tn hiu tri ph cng c pht vi mt cng sut v
mt dng thng tin nhng mt ph cng sut (power density) ca tn hiu tri
ph ln hn nhiu so vi tn hiu bng hp. Tn hiu d liu kt hp vi chui
m gi ngu nhin trong qu trnh m ha s cho ra mt tn hiu vi bng thng
m rng hn nhiu so vi tn hiu ban u nhng vi mc cng sut li thp
hn. Mt u im ni bt ca k thut DSSS l kh nng d phng d liu. Bn
trong tn hiu DSSS s gp d phng t nht 10 d liu ngun trong cng mt
thi gian. Pha thu ch cn m bo thu tt c 1 trong 10 tn hiu d phng
trn l thnh cng. Nu c tn hiu nhiu trong bng tn hot ng ca tn
hiu DSSS, tn hiu nhiu ny c cng sut ln hn v s c hiu nh l mt
tn hiu bng hp. Do , trong qu trnh gii m ti u thu, tn hiu nhiu ny
s c tri ph v d dng loi b bi vic s l li (gain processing). X l
li l qu trnh lm gim mt ph cng xut khi tn hiu c x l
truyn v tng mt ph cng sut khi despread, vi mc ch chnh l lm
tng t s S/N (Signal to Noise ratio).
So snh FHSS v DSSS
FH khng c qu trnh x l li do tn hiu khng c tri ph. V th
n s phi dng nhiu cng xut hn c th truyn tn hiu vi cng mc S/N
31
so vi tn hiu DS. Tuy nhin ti ISM band theo quy nh c mc gii hn cng
xut pht, do FH khng th c t S/N ging nh DS. Bn cnh vic
dng FH rt kh khn trong vic ng b gia my pht v thu v c thi gian v
tn s u yu cu cn phi c ng b. Trong khi DS ch cn ng b v thi
gian ca cc chip. Chnh v vy FH s phi mt nhiu thi gian tm tn hiu
hn, lm tng tr trong vic truyn d liu hn so vi DS.
Nh vy chng ta c th thy DSSS l k thut tri ph c nhiu c im
u vit hn hn FHSS.
Theo chun 802.11b, th s dng 14 knh DS (Direct Sequence) trong di tn
s 2,402GHz 2,483GHz, mi knh truyn rng 22MHz, nhng cc knh ch
cch nhau 5MHz, v vy cc knh cnh nhau s gy giao thoa ln nhau, do
trong mt khu vc ngi ta b ch cc knh truyn sao cho min tn s ca
chng khng trng ln nhau, trong h thng 14 knh DS th ch c 3 knh m
bo khng chng ln, v d nh trong hnh sau th cc knh 1, 6, 11 c s
dng pht trong mt khu vc m khng gy nhiu giao thoa cho nhau:

Hnh 27: B tr s knh pht trong mt khu vc
32

Hnh 28: Kh nng s dng li tn s ca phng php DSSS
Nh vy trong mt vng n tc bit vn chuyn n c th ln ti:
11Mbps x 3 = 33Mbps, thay v 11Mbps nh khi ch c mt knh truyn c s
dng trong mt khu vc.
7. Vn bo mt:
Chng thc qua h thng m (Open Authentication)
y l hnh thc chng thc qua vic xc nh chnh xc SSIDs (Service Set
Identifiers). Mt tp dch v m rng (ESS - Extended Service Set) gm 2 hoc
nhiu hn cc im truy nhp khng dy c kt ni n cng mt mng c
dy ) l mt phn on mng logic n ( cn c gi l mt mng con ) v
c nhn dng bi SSID. Bt k mt CPE no khng c SSID hp l s khng
c truy nhp ti ESS.
Chng thc qua kho chia s (Shared-key Authentication)
L kiu chng thc cho php kim tra xem mt khch hng khng dy ang
c chng thc c bit v b mt chung khng. iu ny tng t vi kho
chng thc c chia s trc trong Bo mt IP ( IPSec ). Chun 802.11 hin
nay gi thit rng Kho dng chung c phn phi n cc tt c cc khch
hng u cui thng qua mt knh bo mt ring, c lp vi tt c cc knh
khc ca IEEE 802.11. Tuy nhin, hnh thc chng thc qua Kho chia s ni
chung l khng an ton v khng c khuyn ngh s dng.

33
Bo mt d liu thng qua WEP (Wired Equivalent Privacy) Vi thuc
tnh c hu ca mng khng dy, truy nhp an ton ti lp vt l n mng
khng dy l mt vn tng i kh khn. Bi v khng cn n mt cng
vt l ring, bt c ngi no trong pham vi ca mt im truy nhp dch v
khng dy cng c th gi v nhn khung cng nh theo di cc khung ang
c gi khc. Chnh v th WEP (c nh ngha bi chun IEEE 802.11)
c xy dng vi mc ch cung cp mc bo mt d liu tng ng vi cc
mng c dy. Nu khng c WEP, vic nghe trm v pht hin gi t xa s tr
nn rt d dng. WEP cung cp cc dch v bo mt d liu bng cch m ho
d liu c gi gia cc node khng dy. M ho WEP dng lung mt m i
xng RC4 vi t kho di 40 bit hoc104 bit. WEP cung cp ton vn ca d
liu t cc li ngu nhin bng cch gp mt gi tr kim tra ton vn (ICV -
Integrity Check Value) vo phn c m ho ca khung truyn khng dy.
Vic xc nh v phn phi cc cha kho WEP khng c nh ngha v phi
c phn phi thng qua mt knh an ton v c lp vi 802.11.
Bo mt d liu thng qua EAP (Extensible Authentication Protocol)
y l mt trong nhng hnh thc chng thc ng, kho chng thc c
thay i gi tr mt cch ngu nhin mi ln chng thc hoc ti cc khong
c chu k trong thi gian thc hin mt kt ni c chng thc. Ngoi ra,
EAP cn xc nh chng thc qua RADIUS c ngha l: khi mt CPE mun kt
ni vo mng th n s gi yu cu ti AP. AP s yu cu CPE gi cho n mt
tn hiu Identify. Sau khi nhn c tn hiu Identify ca CPE, AP s gi tn
hiu Identify ny ti server RADIUS tin hnh chng thc. Sau , RADIUS
s tr li kt qu cho AP AP quyt nh c cho php CPE ng nhp hay
khng.
III/ PHNG N TRUYN DN N IM T HOTSPOT DNG
XDSL-WAN
1. Phng n truyn dn:
Cc im hotspot s c kt ni tp trung v trung tm qun l mng di
s iu khin ca Subsscriber Gateway chung ra Internet. Phng thc
truyn dn c la chn i vi m hnh ny s l dich v xDSL WAN. Da
trn chun cng nghip ton cu ITU, gii php SHDSL s dng truyn d liu
cn bng vi tc c th t t 192 Kbps ti 2.3Mbps trn mt i cp n.
Thm vo , tn hiu SHDSL c kh nng truyn dn xa hn so vi cc kt ni
s dng cng ngh ADSL v SDSL, cho php cc nh cung cp dch v tho
mn nhu cu cc khch hng xa. S dng cng ngh ny, ti mi im truy
cp hotspot phi c mt SHDSL router. Cng ging nh ADSL Router, SHDSL
34
Router cng c tch hp DHCP v NAT server bn trong. Cng ngh ny
khin cho chi ph u t c gim i ng k do khng phi u t thm hai
server ngoi phc v DHCP v NAT.

Hnh 29: Phng n truyn dn
IV/ M HNH U NI CHO CC HOTSPOT
1. Cc k thut trong m hnh Wireless hotspot:
i vi h thng Wi-Fi: mi trng truyn dn l mi trng sng, truyn
tin theo cc chun 802.11a, 802.11b Thc cht y c th coi l mi trng
broadcast, tt c cc my client ng vo vng ph sng u c th bt c tn
hiu, cc AP t c kh nng iu khin c truy nhp. Cc Acces Point hin
nay bt u c pht trin h tr chun bo mt thng tin trong mi trng
Wireless l EAP (cc hng sn xut thit b a ra cc chun EAP khc nhau
nh Cisco LEAP, Microsoft PEAP, Funk PEAP). Vi 802.1x cc AP c
kh nng xc thc client, v acconting nhng hin ang cn rt nhiu hn ch
nh: cc client phi c phn mm iu khin thch hp, AP khng c kh nng
iu khin truy nhp nh Access Server trong mi trng Dial-up, AP c h tr
RADIUS nhng do c nhng thng s k thut mi nn cha cho php c kh
35
nng s dng cc h thng database tp trung nh ORACLE do khng c
kh nng cung cp dch v trn AP nh Access Server trong mi trng Dialup.
Gii php c a ra l s dng thit b Subscriber Gateway: Subscriber
Gateway s ng chn ti ng ra ca cc AP i Internet, mi trng sng s
lun c cc AP cung cp cho bt c mt my trm no ng trong mi trng
truyn sng. Nhng khi ngi s dng truy nhp vo mi trng sng ca mt
Access point (AP) th ngay lp tc Subscriber Gateway s tin hnh vic xc
thc thu bao. Ngi s dng s c iu khin t ng truy nhp vo mt
trang Web xc thc c xy dng tch hp trn cc Subcriber Gateway. Ti
y, username/password s c nhp vo. Subscriber Gateway lin lc vi
AAA Server tp trung ti trung tm qun l iu hnh mng theo giao thc
RADIUS ly thng tin v khch hng trong h thng c s d liu. Nu xc
thc thnh cng th ngi s dng mi c php thng qua Subscriber
Gateway i ra Internet, v thng tin tnh cc s c Subscriber Gateway gi
v AAA Server. Subscriber Gateway cn c kh nng iu khin truy nhp theo
thi gian thc, linh ng, cho php cung cp cc loi dch v a dng.
2. M hnh trin khai ca Subscriber Gateway:
Yu cu ca Subcriber Gateway l n phi c t ti ng ra duy nht
ca nhng h thng m n qun l, nh n mi c th iu khin c vic
truy nhp thng tin ca khch hng. Phng n trong iu kin hin nay l dng
Subcriber Gateway tp trung ti trung tm mng.
- c im: Trong m hnh ny tt c cc im truy nhp (hotspot) phi kt
ni tp trung v trung tm mng, sau i qua h thng Subcriber Gateway
i ra Internet. H thng mng gia cc im truy nhp vi trung tm mng phi
l mng ring khng lin quan ti Internet, ng ra Internet duy nht l qua h
thng Subcriber Gateway.

36

Hnh 30: M hnh trin khai Gateway
- u im: Qun l tp trung, trao i thng tin AAA gia Subcriber
Gateway v AAA Server ch l trao i thng tin trong mng ni b
ng kt ni Internet tp trung d qun l.
- Nhc im: Tt c lu lng u phi i qua WAN v Subcriber Gateway
ti trung tm mng cho d thu bao l khng hp l, v khng c php i
Internet, cc lu lng ny s lm gim hiu sut mng.
3. M hnh u ni ca cc hotspot:
Trin khai theo m hnh tp trung, k thut truyn dn s dng u ni l
SHDSL.

Hnh 31: M hnh u ni cc Hotspot
37
Trong m hnh ny cc im hotspot bao gm cc AP c kt ni v trung
tm bng mt SHDSL Router. Cc chc nng DHCP v NAT s c thc hin
trn cc Router.

38
PHN II
BO MT MNG LAN KHNG DY
Wireless Lan vn khng phi l mt mng an ton, tuy nhin ngay c vi
Wired Lan v Wan, nu bn khng c bin php bo mt th n cng khng an
ton. Cha kha m ra s an ton ca WLAN v gi cho n c an ton l
s thc hin v qun l n. o to ngi qun tr mt cch cn bn, trn nhng
cng ngh tin tin l cch quan trng to s an ton cho WLAN. Trong phn
ny chng ta s bn n bin php bo mt theo chun 802.11 bit, WEP.
Tuy nhin bn thn WEP khng phi l ngn ng bo mt duy nht, mt mnh
WEP khng th m bo an ton tuyt i cho WLAN. V vy m chng ta cn
xem xt ti sao c s hn ch trong bo mt ca WEP, phm vi ng dng ca
WEP, v cc bin php khc phc.
Trong phn ny chng ta cng cp n mt vi bin php tn cng, t
m ngi qun tr s a c ra cc bin php phng nga. Sau chng ta
cng bn v cc bin php bo mt sn c, nhng cha c tha nhn chnh
thc bi bt c chun 802. no. Cui cng chng ta cng a ra vi khuyn ngh
v cc chnh sch bo mt cho WLAN.
I/ WEP, WIRED EQUIVALENT PRIVACY
WEP (Wired Equivalent Privacy) l mt thut ton m ha s dng qu trnh
chng thc kha chia s cho vic chng thc ngi dng v m ha phn d
liu truyn trn nhng phn on mng Lan khng dy. Chun IEEE 802.11
c bit s dng WEP.
WEP l mt thut ton n gin, s dng b pht mt chui m ngu nhin,
Pseudo Random Number Generator (PRNG) v dng m RC4. Trong vi nm,
thut ton ny c bo mt v khng sn c, thng 9 nm 1994, mt vi ngi
a m ngun ca n ln mng. Mc d bay gi m ngun l sn c, nhng
RC4 vn c ng k bi RSADSI. Chui m RC4 th m ha v gii m rt
nhanh, n rt d thc hin, v n gin cc nh pht trin phn mm c
th dng n m ha cc phn mm ca mnh.
39

Hnh 32: S qu trnh m ha s dng WEP

Hnh 33: S qu trnh gii m WEP
ICV gi tr kim tra tnh ton vn
Thut ton RC4 khng thc s thch hp cho WEP, n khng lm
phng php bo mt duy nht cho mng 802.11. C hai loi 64 bit v 128 bit
u c cng vector khi to, Initialization Vector (IV), l 24 bit. Vector khi
to bng mt chui cc s 0, sau tng thm 1 sau mi gi dc gi. Vi mt
mng hot ng lin tc, th s kho st ch ra rng, chui m ny c th s b
trn trong vng na ngy, v th m vector ny cn c khi ng li t nht
mi ln mt ngy, tc l cc bit li tr v 0. Khi WEP c s dng, vector khi
to (IV) c truyn m khng c m ha cng vi mt gi c m ha.
Vic phi khi ng li v truyn khng c m ha l nguyn nhn cho
mt vi kiu tn cng sau:
40
- Tn cng ch ng chn gi tin mi: Mt trm di ng khng c
php c th chn cc gi tin vo mng m c th hiu c, m khng cn
gii m.
- Tn cng ch ng gii m thng tin: Da vo s nh la im truy
nhp.
- Tn cng nh vo t in tn cng c xy dng: Sau khi thu thp
thng tin, cha kha WEP co th b crack bng cc cng c phn mm min
ph. Khi WEP key b crack, th vic gii m cc gi thi gian thc c th
thc hin bng cch nghe cc gi Broadcast, s dng cha kha WEP.
- Tn cng b ng gii m thng tin: S dng cc phn tch thng k
gii m d liu ca WEP
1. Ti sao Wep c la chn
WEP khng c an ton, vy ti sao WEP li c chn v a vo chun
802.11? Chun 802.11 a ra cc tiu chun cho mt vn c gi l bo
mt, l:
- C th xut khu
- mnh
- Kh nng tng thch
- Kh nng c tnh c
- Ty chn, khng bt buc
WEP hi t cc yu t ny, khi c a vo thc hin, WEP d nh
h tr bo mt cho mc ch tin cy, iu khin truy nhp, v ton vn d liu.
Ngi ta thy rng WEP khng phi l gii php bo mt y cho WLAN,
tuy nhin cc thit b khng dy u c h tr kh nng dng WEP, v iu
c bit l h c th b sung cc bin php an ton cho WEP. Mi nh sn xut
c th s dng WEP vi cc cch khc nhau. Nh chun Wi-fi ca WECA ch
s dng t kha WEP 40 bit, mt vi hng sn xut la chn cch tng cng
cho WEP, mt vi hng khc li s dng mt chun mi nh l 802.1X vi EAP
hoc VPN.
2. Cha kha wep
Vn ct li ca WEP l cha kha WEP (WEP key). WEP key l mt
chui k t ch ci v s, c s dng cho hai mc ch cho WLAN (xem k
hn trong phn ph lc v vai tr ca cha kha WEP, trong vn chng thc
m v chng thc kha chia s):
- Cha kha WEP c s dng xc nh s cho php ca mt Station
41
- Cha kha WEP dng m ha d liu.
Khi mt client m s dng WEP c gng thc hin mt s xc thc v lin
kt ti vi mt AP (Access Point). AP s xc thc xem Client c cha kha c
xc thc hay khng, nu c, c ngha l Client phi c mt t kha l mt phn
ca cha kha WEP, cha kha WEP ny phi c so khp trn c kt ni cui
cng ca WLAN.
Mt nh qun tr mng WLAN (Admin), c th phn phi WEP key bng tay
hoc mt phng php tin tin khc. H thng phn b WEP key c th n
gin nh s thc hin kha tnh, hoc tin tin s dng Server qun l cha kha
m ha tp trung. H thng WEP cng tin tin, cng ngn chn c kh nng
b ph hoi, hack.
WEP key tn ti hai loi, 64 bit v 128 bit, m i khi bn thy vit l 40 bit
v 104 bit. L do ny l do c hai loi WEP key u s dng chung mt vector
khi to, Initialization Vector (IV) 24 bit v mt t kha b mt 40 bit hoc 104
bit. Vic nhp WEP key vo client hoc cc thit b ph thuc nh l bridge
hoc AP th rt n gin. N c cu hnh nh hnh v sau:

Hnh 34: Giao din nhp cha kha Wep
Hu ht cc Client v AP c th a ra ng thi 4 WEP key, nhm h tr
cho vic phn on mng. V d, nu h tr cho mt mng c 100 trm khch:
a ra 4 WEP key thay v mt th c th phn s ngi dng ra lm 4 nhm
ring bit, mi nhm 25, nu mt WEP key b mt, th ch phi thay i 25
Station v mt n hai AP thay v ton b mng.
42
Mt l do na cho vic dng nhiu WEP key, l nu mt Card tch hp c
kha 64 bit v kha 128 bit, th n c th dng phng n ti u nht, ng thi
nu h tr 128 bit th cng c th lm vic c vi cha kha 64 bit.

Hnh 35: S h tr s dng nhiu cha kha WEP
Theo chun 802.11, th cha kha Wep c s dng l cha kha Wep tnh.
Nu chn Wep key tnh bn phi t gn mt wep key tnh cho mt AP hoc
Client lin kt vi n, Wep key ny s khng bao gi thay i. N c th l mt
phng php bo mt cn bn, n gin, thch hp cho nhng WLAN nh,
nhng khng thch hp vi nhng mng WLAN quy m ln hn. Nu ch s
dng Wep tnh th rt d dn n s mt an ton.
Xt trng hp nu mt ngi no lm mt Card mng WLAN ca h,
card mng cha chng trnh c s m c th truy nhp vo WLAN cho
ti khi kha tnh ca WLAN c thay i.
3. SERVER qun l cha kha m ha tp trung
Vi nhng mng WLAN quy m ln s dng WEP nh mt phng php
bo mt cn bn, server qun l cha kha m ha tp trung nn c s dng v
nhng l do sau:
- Qun l sinh cha kha tp trung
- Qun l vic phn b cha kha mt cch tp trung
43
- Thay i cha kha lun phin
- Gim bt cng vic cho nh qun l
Bt k s lng thit b khc nhau no cng c th ng vai tr mt server
qun l cha kha m ha tp trung. Bnh thng, khi s dng WEP, nhng cha
kha (c to bi ngi qun tr) thng c nhp bng tay vo trong cc
trm v cc AP. Khi s dng server qun l cha kha m ha tp trung, mt qu
trnh t ng gia cc trm, AP v server qun l s thc hin vic trao cc cha
kha WEP. Hnh sau m t cch thit lp mt h thng nh vy

Hnh 36: Cu hnh qun l cha kha m ha tp trung
Server qun l cha kha m ha tp trung cho php sinh cha kha trn mi
gi, mi phin, hoc cc phng php khc, ph thuc vo s thc hin ca cc
nh sn xut.
Phn phi cha kha WEP trn mi gi, mi cha kha mi s c gn vo
phn cui ca cc kt ni cho mi gi c gi, trong khi , phn phi cha
kha WEP trn mi phin s dng mt cha kha mi cho mi mt phin mi
gia cc node.
4. Cch s dng Wep
Khi WEP c khi to, d liu phn ti ca mi gi c gi, s dng
WEP, c m ha; tuy nhin, phn header ca mi gi, bao gm a ch
MAC, khng c m ha, tt c thng tin lp 3 bao gm a ch ngun v a
ch ch c m ha bi WEP.
44
Khi mt AP gi ra ngoi nhng thng tin dn ng ca n trn mt WLAN
ang s dng WEP, nhng thng tin ny khng c m ha. Hy nh rng,
thng tin dn ng th khng bao gm bt c thng tin no ca lp 3.
Khi cc gi c gi i m s dng m ha WEP, nhng gi ny phi c
gii m. Qu trnh gii m ny chim cc chu k ca CPU, n lm gim ng k
thng lng trn WLAN. Mt vi nh sn xut tch hp cc CPU trn cc AP
ca h cho mc ch m ha v gii m WEP. Nhiu nh sn xut li tch hp c
m ha v gii m trn mt phn mm v s dng cng CPU m c s dng
cho qun l AP, chuyn tip gi. Nh tch hp WEP trong phn cng, mt AP
c th duy tr thng lng 5Mbps hoc nhiu hn. Tuy nhin s bt li ca gii
php ny l gi thnh ca AP tng ln hn so vi AP thng thng.
WEP c th c thc hin nh mt phng php bo mt cn bn, nhng
cc nh qun tr mng nn nm bt c nhng im yu ca WEP v cch khc
phc chng. Cc Admin cng nn hiu rng, mi nh cung cp s dng WEP c
th khc nhau, v vy gy ra tr ngi trong vic s dng phn cng ca nhiu
nh cung cp.
khc phc nhng khim khuyt ca WEP, chun m ha tin tin
Advanced Encryption Standard (AES) ang c cng nhn nh mt s thay
th thch hp cho thut ton RC4. AES s dng thut ton Rijndale (RINE-dale)
vi nhng loi cha kha sau:
- 128 bit
- 192 bit
- 256 bit
AES c xt l mt phng php khng th crack bi hu ht ngi vit
mt m, v NIST (National Institute of Standards and Technology) chn AES
cho FIPS (Federal Information Processing Standard). Nh mt phn ci tin cho
chun 802.11, 802.11i c xem xt s dng AES trong WEP v.2.
AES, nu c ng bi 802.11i, s dng trong WEP v2, s c thc
hin trong phn vi chng trnh v cc phn mm bi cc nh cung cp. Chng
trnh c s trong AP v trong Client (Card v tuyn PCMCIA) s phi c
nng cp h tr AES. Phn mm trm khch (cc driver v cc tin ch my
khch) s h tr cu hnh AES cng vi cha kha b mt.
45
II/ LC
Lc (Filtering) l mt c ch bo mt cn bn m c th dng b sung cho
WEP v/hoc AES. Lc theo ngha en l chn nhng g khng mong mun v
cho php nhng g c mong mun. Filter lm vic ging nh l mt danh
sch truy nhp trn router: bng cch xc nh cc tham s m cc trm phi gn
vo truy cp mng. Vi WLAN th vic xc nh xem cc my trm l ai
v phi cu hnh nh th no. C ba loi cn bn ca Filtering c th thc hin
trn WLAN
- Lc SSID
- Lc a ch MAC
- Lc giao thc
on ny s miu t mi loi ny l g, n c th lm g cho ngi qun tr
v phi cu hnh n nh th no.
1. Lc SSID
Lc SSID (SSID Filtering) l mt phng php lc s ng, v nn ch c
dng cho hu ht cc iu khin truy nhp. SSID (Service Set Identifier) ch l
mt thut ng khc cho tn mng. SSID ca mt trm WLAN phi khp vi
SSID trn AP (ch c s, infracstructure mode) hoc ca cc trm khc (ch
c bit, Ad-hoc mode) chng thc v lin kt Client thit lp dch v.
V l do SSID c pht qung b trong nhng bn tin dn ng m AP hoc
cc Station gi ra, nn d dng tm c SSID ca mt mng s dng mt b
phn tch mng, Sniffer. Nhiu AP c kh nng ly cc SSID ca cc khung
thng tin dn ng (beacon frame). Trong trng hp ny client phi so khp
SSID lin kt vi AP. Khi mt h thng c cu hnh theo kiu ny, n
c gi l h thng ng, closed system. Lc SSID c coi l mt phng
php khng tin cy trong vic hn ch nhng ngi s dng tri php ca mt
WLAN.
Mt vi loi AP c kh nng g b SSID t nhng thng tin dn ng hoc
cc thng tin kim tra. Trong trng hp ny, gia nhp dch v mt trm phi
c SSID c cu hnh bng tay trong vic thit t cu hnh driver.
Mt vi li chung do ngi s dng WLAN to ra khi thc hin SSID l:
- S dng SSID mc nh: S thit lp ny l mt cch khc a ra
thng tin v WLAN ca bn. N n gin s dng mt b phn tch
mng ly a ch MAC khi ngun t AP, v sau xem MAC trong
46
bng OUI ca IEEE, bng ny lit k cc tin t a ch MAC khc nhau m
c gn cho cc nh sn xut. Cch tt nht khc phc li ny l: Lun
lun thay i SSID mc nh
- Lm cho SSID c g lin quan n cng ty: Loi thit lp ny l
mt mo him v bo mt v n lm n gin ha qu trnh mt hacker tm
thy v tr vt l ca cng ty. Khi tm kim WLAN trong mt vng a l c
bit th vic tm thy v tr vt l ca cng ty hon thnh mt na cng
vic. Khi mt ngi qun tr s dng SSID m t tn lin quan n tn cty
hoc t chc, vic tm thy WLAN s l rt d dng. Do hy nh rng:
lun lun s dng SSID khng lin quan n Cng ty.
- S dng SSID nh nhng phng tin bo mt mng WLAN: SSID
phi c ngi dng thay i trong vic thit lp cu hnh vo mng. N
nn c s dng nh mt phng tin phn on mng ch khng phi
bo mt, v th hy: lun coi SSID ch nh mt ci tn mng.
- Khng cn thit qung b cc SSID: Nu AP ca bn c kh nng
chuyn SSID t cc thng tin dn ng v cc thng tin phn hi kim
tra th hy cu hnh chng theo cch . Cu hnh ny ngn cn nhng ngi
nghe v tnh khi vic gy ri hoc s dng WLAN ca bn.
2. Lc a ch MAC
WLAN c th lc da vo a ch MAC ca cc trm khch. Hu ht tt c
cc AP, thm ch c nhng ci r tin, u c chc nng lc MAC. Ngi qun
tr mng c th bin tp, phn phi v bo tr mt danh sch nhng a ch MAC
c php v lp trnh chng vo cc AP. Nu mt Card PC hoc nhng Client
khc vi mt a ch MAC m khng trong danh sch a ch MAC ca AP, n
s khng th n c im truy nhp . Hnh v:

Hnh 37: Lc a ch MAC
47
Tt nhin, lp trnh cc a ch MAC ca cc Client trong mng WLAN
vo cc AP trn mt mng rng th khng thc t. B lc MAC c th c thc
hin trn vi RADIUS Server thay v trn mi im truy nhp. Cch cu hnh
ny lm cho lc MAC l mt gii php an ton, v do c kh nng c la
chn nhiu hn. Vic nhp a ch MAC cng vi thng tin xc nh ngi s
dng vo RADIUS kh l n gin, m c th phi c nhp bng bt c cch
no, l mt gii php tt. RADIUS Server thng tr n cc ngun chng thc
khc, v vy cc ngun chng thc khc phi c h tr b lc MAC.
B lc MAC c th lm vic tt trong ch ngc li. Xt mt v d, mt
ngi lm thu b vic v mang theo c Card Lan khng dy ca h. Card Wlan
ny nm gi c cha kha WEP v b lc MAC v th khng th h cn c
quyn s dng. Khi ngi qun tr c th loi b a ch MAC ca my
khch ra khi danh sch cho php.
Mc d Lc MAC trng c v l mt phng php bo mt tt, chng vn
cn d b nh hng bi nhng thm nhp sau:
- S n trm mt Card PC trong c mt b lc MAC ca AP
- Vic thm d WLAN v sau gi mo vi mt a ch MAC thm
nhp vo mng.
Vi nhng mng gia nh hoc nhng mng trong vn phng nh, ni m c
mt s lng nh cc trm khch, th vic dng b lc MAC l mt gii php
bo mt hiu qa. V khng mt hacker thng minh no li tn hng gi truy
nhp vo mt mng c gi tr s dng thp.
3. Circumventing MAC Filters
a ch MAC ca Client WLAN thng c pht qung b bi cc AP v
Bridge, ngay c khi s dng WEP. V th mt hacker m c th nghe c lu
lng trn mng ca bn c th nhanh chng tm thy hu ht cc a ch MAC
m c cho php trn mng khng dy ca bn. mt b phn tch mng
thy c a ch MAC ca mt trm, trm phi truyn mt khung qua on
mng khng dy, y chnh l c s a n vic xy dng mt phng php
bo mt mng, to ng hm trong VPN, m s c cp phn sau.
Mt vi card PC khng dy cho php thay i a ch MAC ca h thng qua
phn mm hoc thm ch qua cch thay i cu hnh h thng. Mt hacker c
danh sch cc a ch MAC cho php, c th d dng thay i a ch MAC ca
card PC ph hp vi mt card PC trn mng ca bn, v do truy nhp ti
ton b mng khng dy ca bn.
48
Do hai trm vi cng a ch MAC khng th ng thi tn ti trn mt
WLAN, hacker phi tm mt a ch MAC ca mt trm m hin thi khng trn
mng. Chnh trong thi gian trm di ng hoc my tnh sch tay khng c trn
mng l thi gian m hacker c th truy nhp vo mng tt nht.
Lc MAC nn c s dng khi kh thi, nhng khng phi l c ch bo
mt duy nht trn my ca bn
4. Lc giao thc
Mng Lan khng dy c th lc cc gi i qua mng da trn cc giao thc
lp 2-7. Trong nhiu trng hp, cc nh sn xut lm cc b lc giao thc c
th nh hnh c lp cho c nhng on mng hu tuyn v v tuyn ca AP.
Tng tng mt hon cnh, trong mt nhm cu ni khng dy c t
trn mt Remote building trong mt mng WLAN ca mt trng i hc m
kt ni li ti AP ca ta nh k thut trung tm. V tt c nhng ngi s dng
trong remote building chia s bng thng 5Mbs gia nhng ta nh ny, nn mt
s lng ng k cc iu khin trn cc s dng ny phi c thc hin. Nu
cc kt ni ny c ci t vi mc ch c bit ca s truy nhp internet ca
ngi s dng, th b lc giao thc s loi tr tt c cc giao thc, ngoi tr
SMTP, POP3, HTTP, HTTPS, FTP. . .

Hnh 38: Lc giao thc
49
III/ NHNG S TN CNG TRN WLAN
Mt s tn cng c c th gy v hiu ha hoc c th tm cch truy nhp
WLAN tri php theo mt vi cch.
- Tn cng b ng (Nghe trm) Passive attacks
- Tn cng ch ng (kt ni, d v cu hnh mng) Active attacks
- Tn cng kiu chn p, Jamming attacks
- Tn cng theo kiu thu ht, Man-in-the-middle attacks
Trn y ch lit k mt vi kiu tn cng, trong mt vi kiu c th thc
hin c theo nhiu cch khc nhau.
1. Tn cng b ng
Nghe trm c l l phng php n gin nht, tuy nhin n vn c hiu qu
i vi WLAN. Tn cng b ng nh mt cuc nghe trm, m khng pht hin
c s c mt ca ngi nghe trm (hacker) trn hoc gn mng khi hacker
khng thc s kt ni ti AP lng nghe cc gi tin truyn qua phn on
mng khng dy. Nhng thit b phn tch mng hoc nhng ng dng khc
c s dng ly thng tin ca WLAN t mt khong cch vi mt anten
hng tnh

Hnh 39: Tn cng b ng
50
Phng php ny cho php hacker gi khong cch thun li khng b
pht hin, nghe v thu nht thng tin qu gi.

Hnh 40: Qu trnh ly cha kha WEP
C nhng ng dng c kh nng ly pass t cc Site HTTP, email, cc
instant messenger, cc phin FTP, cc phin telnet m c gi di dng text
khng c m ha. C nhng ng dng khc c th ly pass trn nhng phn
on mng khng dy gia Client v Server cho mc ch truy nhp mng.
Hy xem xt tc ng nu mt hacker tm c cch truy nhp ti mt
domain ca ngi s dng, hacker s ng nhp vo domain ca ngi s
dng v gy hu qu nghim trng trn mng. Tt nhin vic l do hacker
thc hin, nhng ngi dng l ngi phi trc tip chu trch nhim, v gnh
chu mi hu qu, v c th i ti ch mt vic.
Xt mt tnh hung khc m trong HTTP hoc email password b ly trn
nhng phn on mng khng dy, v sau c hacker s dng vi mc ch
truy nhp ti WLAN .
2. Tn cng ch ng
Nhng hacker c th s dng phng php tn cng ch ng thc hin
mt vi chc nng trn mng. Mt s tn cng ch ng c th c dng
tm cch truy nhp ti mt server ly nhng d liu quan trng, s dng s
truy nhp ti mng internet ca t chc cho nhng mc ch c hi, thm ch
thay i cu hnh c s h tng mng. Bng cch kt ni ti mt mng WLAN
51
thng qua mt AP, mt ngi s dng c th bt u thm nhp xu hn vo
trong mng v thm ch lm thay i chnh mng khng dy .
Chng hn mt hacker qua c b lc MAC, sau hacker c th tm cch
ti AP v g b tt c cc b lc MAC, lm cho n d dng hn trong ln truy
nhp tip theo. Ngi qun tr c th khng n s kin ny trong mt thi
gian. Hnh di y m t mt kiu tn cng ch ng trn WLAN

Hnh 41: Tn cng ch ng
Mt vi v d ca tn cng ch ng c th nh vic gi bomb, cc spam do
cc spammer hoc cc doanh nghip i th mun truy nhp n h s ca bn.
Sau khi thu c mt a ch IP t DHCP server ca bn, hacker c th gi hng
ngn l th s dng kt ni Internet v ISPs email server ca bn m bn khng
bit. Kiu tn cng ny c th l nguyn nhn m ISP ca bn ct kt ni cho
email ca bn do s lm dng email, mc d li khng phi do bn gy ra.
Mt i th c th ly bng danh sch khch hng, bng lng ca bn m
khng b pht hin.
Khi hacker c kt ni khng dy ti mng ca bn th anh ta cng c th truy
cp vo mng hu tuyn trong vn phng, v hai s kin khng khc nhau nhiu.
Nhng kt ni khng dy cho php hacker v tc , s truy nhp ti server, kt
ni ti mng din rng, kt ni internet, ti desktop v laptop ca nhng ngi
s dng.Vi mt vi cng c n gin, c th ly cc thng tin quan trng,
52
chim quyn ca ngi s dng, hoc thm ch ph hy mng bng cch cu
hnh li mng.
S dng cc server tm kim vi vic qut cc cng, to nhng phin rng
chia s v c nhng server phc v vic c nh password, hacker khng th
thay i c pass, nng cao cc tin ch v ngn chn kiu tn cng ny.
3. Tn cng theo kiu chn p
Trong khi mt hacker s dng phng php tn cng b ng, ch ng
ly thng tin t vic truy cp ti mng ca bn, tn cng theo kiu chn p,
Jamming, l mt k thut s dng n gin ng mng ca bn. Tng t
nh vic k ph hoi sp t mt s t chi dch v mt cch p o, s tn
cng c nhm vo Web server, v vy mt WLAN c th ngng lm vic bi
mt tn hiu RF p o. Tn hiu RF c th v tnh hoc c , v tn hiu c
th di chuyn hoc c nh. Khi mt hacker thc hin mt cuc tn cng
Jamming c ch , hacker c th s dng thit b WLAN nhng c nhiu kh
nng hn l hacker s dng mt my pht tn hiu RF cng sut cao hoc my
to sng qut.

Hnh 42: Tn cng theo kiu chn p

53
loi b kiu tn cng ny, yu cu trc ht l tm c ngun pht tnh
hiu RF , bng cch phn tch ph. C nhiu my phn tch ph trn th
trng, nhng mt my phn tch ph cm tay v chy bng pin thi tin li hn
c.
Mt vi nh sn xut ch to nhng b phn tch ph cm tay, trong khi mt
vi nh sn xut khc to ra cc phn mm phn tch ph cho ngi dng tch
hp ngay trong cc thit b WLAN.
Khi Jamming gy ra bi mt ngun c nh, khng ch , nh mt thp
truyn thng hoc cc h thng hp php khc, th ngi qun tr WLAN c th
phi xem xt n vic s dng b thit t cc tn s khc nhau.
V d nu mt admin c trch nhim thit k v ci t mt mng RF trong
mt khu phng rng, phc tp, th ngi cn phi xem xt mt cch k cng
theo th t. Nu ngun giao thoa l mt in thoi, hoc cc thit b lm vic
di tn 2,4Ghz, th admin c th s dng thit b di tn UNII, 5Ghz, thay v
di tn 802.11b, 2,4Ghz v chia s di tn ISM 2,4Ghz vi cc thit b khc.
S Jamming khng ch xy ra vi mi thit b m dng chung di tn
2,4Ghz. Jamming khng phi l s e da nghim trng v jamming khng th
c thc hin ph bin bi hacker do vn gi c ca thit b, n qu t
trong khi hacker ch tm thi v hiu ha c mng..
4. Tn cng bng cch thu ht
Kiu tn cng ny, Man-in-the-middle Attacks, l mt tnh trng m trong
mt c nhn s dng mt AP chim ot s iu khin ca mt node di ng
bng cch gi nhng tn hiu mnh hn nhng tn hiu hp php m AP ang
gi ti nhng node . Sau node di ng kt hp vi AP tri php ny,
gi cc d liu ca ngi xm nhp ny, c th l cc thng tin nhy cm. Hnh
v sau a ra mt m hnh cho s tn cng kiu ny
54

Hnh 43: Man-in-the-middle attacks
cc client lin kt vi AP tri php th cng sut ca AP phi cao hn
nhiu ca cc AP khc trong khu vc v i khi phi l nguyn nhn tch cc
cho cc user truy nhp ti. Vic mt kt ni vi AP hp php c th nh l mt
vic tnh c trong qu trnh vo mng, v mt vi client s kt ni ti AP tri
php mt cch ngu nhin.
Ngi thc hin man-in-the-middle attack trc tin phi bit SSID m
client s dng, v phi bit WEP key ca mng, nu n ang c s dng.
Kt ni ngc (hng v pha mng li) t AP tri php c iu khin
thng qua mt thit b client nh l PC card, hoc workgroup bridge. Nhiu khi
man-in-the-middle attack c sp t s dng mt laptop vi hai PCMCIA
card. Phn mm AP chy trn mt laptop m mt PC card c s dng
nh l mt AP v PC card th hai c dng kt ni laptop ti gn AP hp
php. Kiu cu hnh ny lm laptop thnh mt man-in-the-middle attack vn
hnh gia client v AP hp php. Mt hacker theo kiu man-in-the-middle
attack c th ly c cc thng tin c gi tr bng cch chy mt chng trnh
phn tch mng trn laptop trong trng hp ny.
55

Hnh 44: Trc cuc tn cng

Hnh 45: V sau cuc tn cng
Mt iu c bit vi kiu tn cng ny l ngi s dng khng th pht
hin ra c cuc tn cng, v lng thng tin m thu nht c bng kiu tn
cng ny l gii hn, n bng lng thng tin th phm ly c trong khi cn
trn mng m khng b pht hin.
Bin php tt nht ngn nga loi tn cng ny l bo mt lp vt l.
IV/ CC GII PHP BO MT C NGH
V WLAN vn khng phi l an ton, bn cnh WEP cng khng phi
l phng php bo mt duy nht v hon ho cho WLAN, nn y l c hi
quan trng a ra cc phng php bo mt b sung cho WLAN.
56
Nhng phng php bo mt ny c a ra, v tt nhin cn cha c
cng nhn bi chun 802.11, tuy nhin c th ng vai tr quan trng trong
mng Lan khng dy ca bn. Nh chun 802.1x c chp nhn bi IEEE
nhng vn cha c chnh thc coi l mt phn ca h 802.11. Chun 802.11i
th vn cn nm trn bn tho.
1. Qun l cha kha WEP
Thay v s dng cha kha WEP tnh, m c th d dng b pht hin bi
hacker. WLAN c th c bo mt hn bi vic thc hin cc cha kha trn
tng phin hoc tng gi, s dng mt h thng phn phi cha kha tp trung.
S phn phi cha kha WEP cho mi phin, mi gi s gn mt cha kha
WEP mi cho c Client v AP cho mi phin hoc mi gi c gi gia
chng. Trong khi kha ng thm nhiu overhead v gim bt lu lng, chng
lm cho vic hack vo mng thng qua nhng on mng khng dy tr ln kh
khn hn nhiu. Hacker c th phi d on chui cha kha m server phn
phi cha kha ang dng, iu ny l rt kh.
Hy nh l WEP ch bo v thng tin lp 3-7 v d liu phn ti, nhng
khng m ha a ch MAC hoc cc thng tin dn ng. Mt b phn tch
mng c th bt bt c thng tin no c truyn qung b trong bn tin dn
ng t AP hoc bt c thng tin a ch MAC no trong nhng gi unicast t
client.
t mt server qun l cha kha m ha tp trung vo ch thch hp,
ngi qun tr WLAN phi tm mt ng dng m thc hin nhim v ny, mua
mt server vi mt h iu hnh thch hp, v cu hnh ng dng theo nhu cu.
Qu trnh ny c th tn km v cn nhiu thi gi, ph thuc vo quy m trin
khai. Tuy nhin chi ph s nhanh chng thu li c nh vic ngn nga nhng
ph tn thit hi do hacker gy ra.
2. Wireless VPNs
Nhng nh sn xut WLAN ngy cng tng cc chng trnh phc v mng
ring o, VPN, trong cc AP, Gateway, cho php dng k thut VPN bo mt
cho kt ni WLAN. Khi VPN server c xy dng vo AP, cc client s dng
phn mm Off-the-shelf VPN, s dng cc giao thc nh PPTP hoc Ipsec
hnh thnh mt ng hm trc tip ti AP.
Trc tin client lin kt ti im truy nhp, sau quay s kt ni VPN,
c yu cu thc hin client i qua c AP. Tt c lu lng c qua
57
thng qua ng hm, v c th c m ha thm mt lp an ton. Hnh sau
y m t mt cu hnh mng nh vy:

Hnh 46: Wireless VPN
S s dng PPTP vi nhng bo mt c chia s rt n gin thc hin
v cung cp mt mc an ton hp l, c bit khi c thm m ha WEP. S s
dng Ipsec vi nhng b mt dng chung hoc nhng s cho php l gii php
chung ca s la chn gia nhng k nng bo mt trong phm vi hot ng
ny. Khi VPN server c cung cp vo trong mt Gateway, qu trnh xy ra
tng t, ch c iu sau khi client lin kt vi AP, ng hm VPN c thit
lp vi thit b gateway thay v vi bn thn AP.
Cng c nhng nh cung cp ang n gh ci tin cho nhng gii php VPN
hin thi ca h (phn cng hoc phn mm) h tr cc client khng dy v
cnh tranh tn th trng WLAN. Nhng thit b hoc nhng ng dng ny
phc v trong cng kh nng nh gateway, gia nhng on v tuyn v mng
li hu tuyn. Nhng gii php VPN khng dy kh n gin v kinh t. Nu
mt admin cha c kinh nghim vi cc gii php VPN, th nn tham d mt
58
kha o to trc khi thc hin n. VPN m h tr cho WLAN c thit k
mt cch kh n gin, c th c trin khai bi mt ngi ang tp s, chnh
iu l gii ti sao cc thit b ny li ph bin nh vy i vi ngi dng.
3. K thut cha kha nhy
Gn y, k thut cha kha nhy s dng m ha MD5 v nhng cha kha
m ha thay i lin tc tr ln sn dng trong mi trng WLAN. Mng thay
i lin tc, hops, t mt cha kha ny n mt cha kha khc thng thng
3 giy mt ln. Gii php ny yu cu phn cng ring v ch l gii php tm
thi trong khi ch s chp thun chun bo mt tin tin 802.11i. Thut ton
cha kha ny thc hin nh vy khc phc nhng nhc im ca WEP, nh
vn v vector khi to.
4. Temporal Key Integrity Protocol (TKIP)
TKIP thc cht l mt s ci tin WEP m vn gi nhng vn bo mt
bit trong WEP ca chui dng s RC4. TKIP cung cp cch lm ri vector khi
to chng li vic nghe ln cc gi mt cch th ng. N cng cung cp s
kim tra tnh ton vn thng bo gip xc nh liu c phi mt ngi s
dng khng hp php sa i nhng gi tin bng cch chn vo lu lng
c th crack cha kha. TKIP bao gm s s dng cc cha kha ng chng
li s n cp cc cha kha mt cch b ng, mt l hng ln trong chun WEP.
TKIP c th thc hin thng qua cc vi chng trnh c nng cp cho AP
v bridge cng nh nhng phn mm v vi chng trnh nng cp cho thit b
client khng dy. TKIP ch r cc quy tc s dng vector khi to, cc th tc
to li cha kha da trn 802.1x, s trn cha kha trn mi gi v m ton vn
thng bo. S c s gim tnh thc thi khi s dng TKIP, tuy nhin b li l tnh
bo mt c tng cng ng k, n to ra mt s cn bng hp l.
5. Nhng gii php da trn AES
Nhng gii php da trn AES c th thay th WEP s dng RC4, nhng ch
l tm thi. Mc d khng c sn phm no s dng AES ang c trn th
trng, mt vi nh sn xut ang thc hin a chng ra th trng. Bn d
tho 802.11i ch r s s dng ca AES, v xem xt cc ngi s dng trong
vic s dng n. AES c v nh l mt b phn hon thnh chun ny.
K thut m ha d liu ang thay i ti mt gii php mnh nh AES
s tc ng ng k trn bo mt mng WLAN, nhng vn phi l gii php ph
bin s dng trn nhng mng rng nh nhng server qun l cha kha m ha
59
tp trung t ng ha qu trnh trao i cha kha. Nu mt card v tuyn ca
client b mt, m c nhng cha kha m ha AES, n khng quan trng
vi vic AES mnh n mc no bi v th phm vn c th c c s truy
nhp ti mng.
6. Wireless Gateways
Trn wireless gateway by gi sn sng vi cng ngh VPN, nh l NT,
DHCP, PPPoE, WEP, MAC filter v c l thm ch l mt filewall xy dng
sn. Nhng thit b ny cho cc vn phng nh vi mt vi trm lm vic v
dng chng kt ni ti internet. Gi ca nhng thit b ny rt thay i ph
thuc vo phm vi nhng dch v c ngh.
Nhng wireless gateway trn mng quy m ln hn l mt s thch nghi c
bit ca VPN v server chng thc cho WLAN. Gateway ny nm trn on
mng hu tuyn gia AP v mng hu tuyn. Nh tn ca n, gateway iu
khin s truy nhp t WLAN ln on mng hu tuyn, v th trong khi mt
hacker c th lng nghe hoc truy cp c ti on mng khng dy, gateway
bo v h thng phn b hu tuyn khi s tn cng.
Mt v d mt trng hp tt nht trin khai m hnh gateway nh vy c
th l hon cnh sau: gi thit mt bnh vin s dng 40 AP trn vi tng ca
bnh vin. Vn u t ca h vo y l kh ln, v th nu cc AP khng h tr
cc bin php an ton m c th nng cp, th tng tnh bo mt, bnh vin
phi thay ton b s AP. Trong khi nu h thu mt gateway th cng vic
ny s n gin v tn km hn nhiu. Gateway ny c th c kt ni gia
chuyn mch li v chuyn mch phn b (m ni ti AP) v c th ng vai tr
ca server chng thc, server VPN m qua tt c cc client khng dy c th
kt ni. Thay v trin khai tt c cc AP mi, mt (hoc nhiu hn ty thuc quy
m mng) gateway c th c ci t ng sau cc AP.
S dng kiu gateway ny cung cp mt s an ton thay cho nhm cc AP.
a s cc gateway mng khng dy h tr mt mng cc giao thc nh PPTP,
IPsec, L2TP, chng thc v thm ch c QoS.
7. 802.1x v giao thc chng thc m
Chun 802.1x cung cp nhng chi tit k thut cho s iu khin truy nhp
thng qua nhng cng c bn. S iu khin truy nhp thng qua nhng cng c
bn c khi u, v vn ang c s dng vi chuyn mch Ethernet. Khi
ngi dng th ni ti cng Ethernet, cng s t kt ni ca ngi s dng
ch kha v ch i s xc nhn ngi s dng ca h thng chng thc.
60
Giao thc 802.1x c kt hp vo trong h thng WLAN v gn nh tr
thnh mt chun gia nhng nh cung cp. Khi c kt hp giao thc chng
thc m (EAP), 802.1x c th cung cp mt s chng thc trn mt mi
trng an ton v linh hot.
EAP, c nh ngha trc tin cho giao thc point-to-point (PPP), l mt
giao thc chuyn i mt phng php chng thc. EAP c nh ngha
trong RFC 2284 v nh ngha nhng c trng ca phng php chng thc,
bao gm nhng vn ngi s dng c yu cu (password, certificate, v.v),
giao thc c s dng (MD5, TLS, GMS, OTP, v.v), h tr sinh cha kha t
ng v h tr s chng thc ln nhau. C l hin thi c c t loi EAP trn th
trng, mt khi c nhng ngi s dng cng ngh v IEEE u khng ng
bt k mt loi ring l no, hoc mt danh sch nh cc loi, t to ra
mt chun.
M hnh chng thc 802.1x-EAP thnh cng thc hin nh sau:

Hnh 47: Qu trnh chng thc 802.1x-EAP
1. Client yu cu lin kt ti AP
2. AP p li yu cu lin kt vi mt yu cu nhn dng EAP
3. Client gi p li yu cu nhn dng EAP cho AP
61
4. Thng tin p li yu cu nhn dng EAP ca client c chuyn ti
Server chng thc
5. Server chng thc gi mt yu cu cho php ti AP
6. AP chuyn yu cu cho php ti client
7. Client gi tr li s cp php EAP ti AP
8. AP chuyn s tr li ti Server chng thc
9. Server chng thc gi mt thng bo thnh cng EAP ti AP
10. AP chuyn thng bo thnh cng ti client v t cng ca client trong
ch forward.
V/ CHNH SCH BO MT
Mt cng ty m s dng WLAN nn c mt chnh sch bo mt thch hp.
V d , nu khng c chnh sch ng n m cho kch thc cell khng thch
hp, th s to iu kin cho hacker c c hi tt truy cp vo mng ti nhng
im ngoi vng kim sot ca cty, nhng vn nm trong vng ph sng ca
AP. Cc vn cn a ra trong chnh sch bo mt ca cng ty l cc vn
v password, cha kha WEP, bo mt vt l, s s dng cc gii php bo
mt tin tin, v nh gi phn cng WLAN. Danh sch ny tt nhin khng y
, bi cc gii php an ton s thay i vi mi mt t chc. phc tp ca
chnh sch bo mt ph thuc vo nhng yu cu an ton ca t chc cng nh
l phm vi ca mng WLAN trong mng.
Nhng li ch ca vic thc hin, bo tr mt chnh sch bo mt em li l
vic ngn nga s n cp d liu, s ph hoi ca cc tp on cnh tranh, v c
th pht hin v bt gi cc k xm nhp tri php.
S bt u tt nht cho cc chnh sch bo mt l vic qun l. Cc chnh
sch bo mt cn c xem xt v d on, v cn a vo cng vi cc ti liu
xy dng tp on. Vic bo mt cho WLAN cn c phn b thch hp, v
nhng ngi c giao trch nhim thc hin phi c o to mt cch quy
m. i ng ny li phi thnh lp chng mc ti liu mt cch chi tit c
th lm ti liu tham kho cho cc i ng k cn.
1. Bo mt cc thng tin nhy cm
Mt vi thng tin nn ch c bit bi ngi qun tr mng l:
- Username v password ca AP v Bridge
- Nhng chui SNMP
- Cha kha WEP
- Danh sch a ch MAC
62
Nhng thng tin ny phi c ct gi bi mt ngi tin cy, c kinh
nghim, nh ngi qun tr mng, l rt quan trng bi n l nhng thng tin
nhy cm m nu l ra th c th l nguyn nhn ca s truy nhp tri php,
hoc thm ch l s ph hy c mt mng. Nhng thng tin ny c th c ct
gi trong nhiu kiu khc nhau.
2. S an ton vt l
Mc d bo mt vt l khi s dng mng hu tuyn truyn thng l quan
trng, thm ch quan trng hn cho mt cng ty s dng cng ngh WLAN.
Nh cp t trc, mt ngi m c card PC wireless (v c th l mt
anten) khng phi trong cng khu vc mng c th truy cp ti mng . Thm
ch phn mm d tm s xm nhp khng ngn cn nhng hacker n cp
thng tin nhy cm. S nghe ln khng li du vt trn mng bi v khng c
kt ni no c thc hin. C nhng ng dng trn th trng by gi c th
pht hin cc card mng trong ch pha tp (dng chung), truy nhp d liu
m khng to kt ni.
Khi WEP l gii php bo mt WLAN thch hp, nhng iu khin cht ch
nn t trn nhng ngi dng m c s hu cc thit b client khng dy ca
cng ty, khng cho php h mang cc thit b client ra khi cng ty. V
cha kha WEP c gi trong cc chng trnh c s trn thit b client, bt k
ni no c card, v th ;lm cho mi lin kt an ton ca mng yu nht. Ngi
qun tr WLAN cn phi bit ai, u, khi no mi card PC c mang i.
Thng nhng yu cu nh vy l qu gii hn ca mt ngi qun tr,
ngi qun tr cn nhn ra rng, bn thn WEP khng phi l mt gii php an
ton thch hp cho WLAN. K c vi s qun l cht nh vy, nu mt card b
mt hoc b n trm, ngi c trch nhim vi card (ngi s dng) phi
c yu cu bo co ngay vi ngi qun tr, c nhng bin php n phng
thch hp. Nhng bin php ti thiu phi lm l t li b lc MAC, thay i
cha kha WEP,v.v.
Cho php nhm bo v qut nh k xung quanh khu vc cng ty pht
hin nhng hot ng ng ng. Nhng nhn s ny c hun luyn nhn ra
phn cng 802.11 v cnh gic cc nhn vin trong cng ty lun lun quan st
nhng ngi khng trong cng ty ang trn quanh ta nh vi cc phn cng
c bn ca 802.11 th cng rt hiu qu trong vic thu hp nguy c tn cng.
63
3. Kim k thit b WLAN v kim nh s an ton
Nh mt s b sung ti chnh sch an ton vt l, tt c cc thit b WLAN
cn c kim k u n lp chng mc cho php v khng cho php cc
ngi s dng thit b WLAN truy nhp ti mng ca t chc. Nu mng qu
ln v bao gm mt s lng ng k cc thit b khng dy th vic kim k
nh k c th khng kh thi. Trong nhng trng hp nh vy th cn thit thc
hin nhng gii php bo mt WLAN m khng da trn phn cng, nhng d
nhin l vn da trn username v password hoc mt vi loi khc trong cc
gii php bo mt khng da trn phn cng. Vi nhng mng khng dy trung
bnh v nh, s kim k hng thng hoc hng qu gip pht hin nhng s mt
mt cc phn cng. Qut nh k vi cc b phn tch mng pht hin cc
thit b xm nhp, l cch rt tt bo mt mng WLAN.
4. S dng cc gii php bo mt tin tin
Nhng t chc WLAN cn tn dng mt vi c ch bo mt tin tin c sn
trn th trng. iu cng cn c cp trong chnh sch bo mt ca
cng ty. V nhng cng ngh ny kh mi,cn c quyn v thng c s
dng phi hp vi cc giao thc, cc cng ngh khc. Chng cn c lp thnh
ti liu hng dn, nu c mt s xm phm xut hin, th ngi qun tr c
th xc nh ni v cch m s xm nhp xut hin.
Bi ch c s t c o to v bo mt WLAN, do nhng ngi ny l
rt quan trng, v th chnh sch tin lng cng c cp n trong cc
chnh sch bo mt ca cng ty, tp on. N cng l mt trong cc mc cn
c lp ti liu chi tit.
5. Mng khng dy cng cng
iu tt yu s xy ra l nhng ngi s dng ca cng ty vi nhng thng
tin nhy cm ca h s kt ni t laptop ca h ti WLAN cng cng. iu ny
cng nm trong chnh sch bo mt ca cng ty. Nhng ngi dng phi
chy nhng phn mm firewall c nhn v cc phn mm chng virus trn
laptop ca h. a s cc mng WLAN cng cng c t hoc khng c s bo
mt no, nhm lm cho kt ni ca ngi dng n gin v gim bt s
lng cc h tr k thut c yu cu.
6. S truy nhp c kim tra v gii hn
Hu ht cc mng Lan ln u c mt vi phng php gii hn v kim
tra s truy nhp ca ngi s dng. Tiu biu l mt h thng h tr chng thc,
64
s cp php, v cc dch v Accounting, (Authentication, Authorization,
Accountting (AAA)) c trin khai.
Nhng dch v AAA cho php t chc gn quyn s dng vo nhng lp c
bit ca ngi dng. V d mt ngi dng tm thi c th ch c truy cp
vo internet trong mt phm vi no .
Vic qun l ngi s dng cn cho php xem xt ngi lm g trn
mng, thi gian v chng mc h vo
VI/ NHNG KHUYN CO V BO MT
Nh mt s tm lc ca phn II, phn di y a ra vi khuyn co trong
vic bo mt mng WLAN.
1. Wep
Khng c ch tin cy vo WEP, khng c mt bin php no hon ton tt
m bn c th ch dng n bo mt. Mt mi trng khng dy m ch
c bo v bi WEP th khng phi l mt mi trng an ton. Khi s dng
WEP khng c s dng cha kha WEP m lin quan n SSID hoc tn ca
t chc lm cho cha kha WEP kh nh v kh lun ra. C nhiu trng hp
trong thc t m cha kha WEP c th d dng on c nh vic xem SSID
hoc tn ca t chc.
WEP l mt gii php c hiu qa gim bt vic mt thng tin khi tnh c
b nghe thy, bi ngi khng c cha kha WEP thch hp, do trnh c
s truy nhp ca i tng ny.
2. nh c cell
gim bt c hi nghe trm, ngi qun tr nn chc chn rng kch c
cell ca AP phi thch hp. Phn ln hacker tm nhng ni m tn t thi gian v
nng lng nht tm cch truy cp mng. V l do ny, rt quan trng khi
khng cho php nhng AP pht ra nhng tn hiu ra ngoi khu vc an ton ca
t chc, tr khi tuyt i cn thit. Vi AP cho php cu hnh mc cng sut u
ra, do c th iu khin kch thc Cell RF xung quanh AP. Nu mt ngi
nghe trm nm trong khu vc khng c bo v ca t chc v khng pht
hin c mng ca bn, th mng ca bn khngphi l d b nh hng bi
loi tn cng ny.
C th ngi qun tr mng s dng cc thit b vi cng sut ln nht t
thng lng ln v vng bao ph rng, nhng iu ny s phi tr gi bng vic
65
chi ph v cc bin php bo mt. V vy vi mi im truy nhp cn bit cc
thng s nh cng sut, vng ph sng, kh nng iu khin kch thc cell. V
vic iu khin bn knh cell cn phi c nghin cu cho k v lp thnh ti
liu hng dn cng vi cu hnh ca AP hoc ca bridge cho mi vng. Trong
vi trng hp c th cn thit t hai AP c kch c cell nh hn thay v mt
AP trnh nhng tn hi khng nn c.
C gng t AP ca bn v pha trung tm ca ta nh, n s gim thiu vic
r tn hiu ra ngoi phm vi mong i. Nu bn ang s dng nhng anten
ngoi, phi la chn ng loi anten c ch cho vic ti gin phm vi tn hiu.
Tt cc AP khi khng s dng. Nhng iu ny s gim thiu nguy c b tn
cng v gim nh gnh nng qun l mng
3. S chng thc ngi dng
S chng thc ngi dng l mt mi lin kt yu nht ca WLAN, v
chun 802.11 khng ch r bt k mt phng php chng thc no, l yu
cu bt buc m ngi qun tr phi lm vi ngi s dng ngay khi thit lp c
s h tng cho WLAN. S chng thc ngi dng da vo Username v
Password, th thng minh, m thng bo, hoc mt vi loi bo mt no dng
xc nh ngi dng, khng phi l phn cng. Gi php thc hin cn h tr
s chng thc song hng gia Server chng thc v cc client khng dy, v
d nh RADIUS server).
RADIUS l chun khng chnh thc trong h thng chng thc ngi s
dng. Cc AP gi nhng yu cu chng thc ngi s dng n mt RADIUS
server, m c th hoc c mt c s d liu c gn sn hoc c th qua yu
cu chng thc ti mt b iu khin vng, nh NDS server, active directory
server, hoc thm ch l mt h thng c s d liu tng hp LDAP.
Mt vi RADIUS vendor c nhng sn phm Radius hu hiu hn, h tr
cc bn mi nht cho cc giao thc chng thc nh l nhiu loi EAP.
Vic qun tr mt Radius server c th rt n gin nhng cng c th rt
phc tp, ph thuc vo yu cu cn thc hin. Bi cc gii php bo mt khng
dy rt nhy cm, do cn cn thn khi chn mt gii php Radius server
chc chn rng ngi qun tr c th qun tr n hoc n c th lm vic hiu
qa vi ngi qun tr Radius ang tn ti.
66
4. S bo mt cn thit
Chn mt gii php bo mt m ph hp vi nhu cu v ngn sch ca t
chc, cho c bay gi v mai sau. WLAN ang nhanh chng ph bin nh vy v
s thc hin d dng. Mt WLAN bt u vi 1 AP v 5 client c th nhanh
chng ln ti 15 AP v 300 client. Do cng mt c ch an ton lm vic cho
mt AP l iu hon ton khng th chp nhn c cho 300 Ap, nh th s lm
tng chi ph bo mt mt cch ng k. Trong trng hp ny, t chc cn c
cc phng php bo mt cho c h thng nh: h thng pht hin xm nhp,
firewalls, Radius server. Khi quyt nh cc gii php trn WLAN, th cc thit
b ny xt v lu di, l mt nhn t quan trng gim chi ph.
5. S dng thm cc cng c bo mt
Tn dng cc cng ngh sn c nh VPNs, firewall, h thng pht hin xm
nhp, Intrusion Detection System (IDS), cc giao thc v cc chun nh 802.1x
v EAP, v chng thc client vi Radius c th gip cc gii php an ton
nm ngoi phm vi m chun 802.11 yu cu, v tha nhn. Gi v thi gian
thc hin cc gii php ny thay i ty theo quy m thc hin.
6. Theo di cc phn cng tri php
pht hin ra cc AP tri php, cc phin d cc AP cn c hoch
nh c th nhng khng c cng b. Tch cc tm v xa b cc AP tri php
s gi n nh cu hnh AP v lm tng tnh an ton. Vic ny c th c thc
hin trong khi theo di mng mt cch bnh thng v hp l. Kiu theo di ny
thm ch c th tm thy cc thit b b mt.
7. Switches hay Hubs
Mt nguyn tc n gin khc l lun kt ni cc AP ti switch thay v hub,
hub l thit b qung b, do d b mt pass v IP address.
8. Wireless DMZ
tng khc trong vic thc hin bo mt cho nhng segment khng dy l
thit lp mt vng ring cho mng khng dy, Wireless DeMilitarized Zone
(WDMZ). To vng WDMZ s dng firewalls hoc router th c th rt tn
km, ph thuc vo quy m, mc thc hin. WDMZ ni chung c thc
hin vi nhng mi trng WLAN rng ln. Bi cc AP v c bn l cc thit
b khng bo m v khng an ton, nn cn phi tch ra khi cc on mng
khc bng thit b firewall.
67

Hnh 48: Wireless DeMilitarized Zone

9. Cp nht cc vi chng trnh v cc phn mm
Cp nht vi chng trnh v driver trn AP v card khng dy ca bn. Lun
lun s dng nhng chng trnh c s v driver mi nht trn AP v card
khng dy ca bn. Thng th cc c tnh an ton, cc vn c bn s c
c nh, b sung thm nhng c tnh mi, s khc phc cc l hng trong cc
cp nht ny.

68
PH LC
CC THUT NG C S DNG
AAA Authentication, Authorization, Accountting
ACK Acknowlegment
ADSL Asymmetric Digital Subscriber Line
AES Advanced encryption standard
AES Advanced Encryption Standard
AP Access point
ASK Amplitude shift keying
CCK Complementary Code Keying
CDMA Code Divison Multiple Access
CPE Customer Premises Equipment
CSMA/CA Carrier Sense Multiple Access /Collision Avoidance
CTS Clear To Send
DCS Dynamic Channel Selection
DHCP Dynamic Host Configuration Protocol
DSSS Direct Sequence Spread Strectrum
EAP Extensible Authentication Protocol
EAP Extensible Authentication Protocol
ESS Extended Service Set
FDD Frequency Division Duplexing
FDMA Frequency Division Multiple Access
FHSS Frequency Hopping Spread Spectrum
FIPS Federal Information Processing Standard
FSK Frequency Shift keying
ICV Integrity Check Value
IDS Intrusion Detection System
IEEE Institute of Electrical and Electronics Engineers
IMS Industrial, Scientific and Medical
IV Initialization Vector
MAC Media Access Control
69
NIST National Institute of Standards and Technology
OFDM Orthogonal Frequency Division Multiplexing
PCMCIA Personal Computer Memory Card International
Association
PDA Personal digital assistant
PRNG Pseudo Random Number Generator
PSK Phase Shifp Keying
QoS Quality of Service
QPSK Quardrature Phase Shift Keying
RADIUS Remote Authentication Dial _ In User Service
RTS Request To Send
SSIDs Service Set Identifiers
TDD Time Division Duplexing
TDMA Time Division Multiple Access
TKIP Temporal Key Integrity Protocol
VPN Virtual Private Network
WDMZ Wireless DeMilitarized Zone
WECA Wireless Ethernet Compatibility Alliance uh
WEP Wired Equivalent Privacy
WEP Wired Equivalent Privacy
Wi-fi Wireless fidelity

70
S nh v mt WLAN:
Mt my Client mun nh v mt WLAN th n s nghe trn mng tm
kim nhng vt tin li bi AP, cc SSID hoc cc bn tin dn ng
(Beacons). Qu trnh ny c gi l qut, c hai loi qut l: qut ch ng v
qut b ng
Beacons:
Vit y l Beacon management frame, l cc khung ngn m c gi t
AP ti cc my trm (Station) trong ch c s, hoc t cc trm ti cc trm
trong ch c bit, thit lp v ng b thng tin v tuyn trn mng
WLAN. Trong bn tin dn ng cha cc thng tin phc v:
S ng b:
Khi cc client nhn c bn tin dn ng, th chng s ng b ng h
ca mnh vi ng h ca AP.
Tp hp cc tham s ca FH v DS:
Cha ng cc thng tin c bit phc v cho cng ngh tri ph: vi h
thng FHSS, th l cc thng s v thi gin nhy v ngng. Cn vi DSSS, bn
tin dn ng cha cc thng tin v knh truyn.
Thng tin v SSID:
Cc trm tm trong bn tin dn ng thng tin SSID ca mng m chng
mun truy cp. Khi cc thng tin ny c tm thy, cc trm xem a ch MAC
ca ni xut pht bn tin dn ng v gi yu cu chng thc lin kt vi
im truy nhp. Nu mt trm c thit lp chp nhn bt c SSID no,
trm s c gng truy cp n mng thng qua AP u tin m gi bn tin dn
ng hoc thng qua AP c tn hiu tt nht trong trng hp c nhiu AP.

Chng thc v lin kt:
Qu trnh ny c ba trng thi phn bit:
1. Khng chng thc v khng lin kt (Unauthenticated and unassociated)
2. Chng thc v khng lin kt (Authenticated and unassociated)
3. Chng thc v lin kt (Authenticated and associated)

71
Xy ra theo s sau:

Qu trnh chng thc h thng m:
Qu trnh ny thc hin n gin theo hai bc sau:
1. My client gi mt yu cu lin kt ti AP
2. AP chng thc my khch v gi mt tr li xc thc client c lin kt

Phng php ny th n gin v bo mt hn phng php chng thc kha
chia s, phng php ny c 802.11 ci t mc nh trong cc thit b
WLAN. S dng phng php ny mt trm c th lin kt vi bt c mt AP
no s dng phng php chng thc h thng m khi n c SSID ng. SSID
phi ph hp trn c AP v Client trc khi Client hon thnh qu trnh
chng thc. Qu trnh chng thc h thng m dng cho c mi trng bo mt
72
v mi trng khng bo mt. Trong phng php ny th WEP ch c s
dng m ha d liu, nu c.
Chng thc kha chia s:
Phng php ny bt buc phi dng WEP.
Mt qu trnh chng thc kha chia s xy ra theo cc bc sau:
1. Mt clien gi yu cu lin kt ti AP, bc ny ging nh chng thc h
thng m.
2. AP gi mt on vn bn ngu nhin ti Client, vn bn ny cha c
m ha, v yu cu Client dng cha kha WEP ca n m ha.
3. Clien m ha vn bn vi cha kha WEP ca n v gi vn bn c
m ha n AP.
4. AP s th gii m vn bn , xc nh xem cha kha WEP ca
Client c hp l khng, nu c th n gi mt tr li cho php, cn nu
khng, th n tr li bng mt thng bo khng cho php Client lin
kt.

Nhn qua th phng php ny c v an ton hn phng php chng thc h
thng m, nhng nu xem xt k th trong phng php ny, cha kha Wep
c dng cho hai mc ch, chng thc v m ha d liu, y chnh l
k h hacker c c hi thm nhp mng. Hacker s thu c hai tn hiu, vn
bn cha m ha do AP gi v vn bn m ha, do Client gi, v t hai thng
tin hacker c th gii m ra c cha kha WEP.
73

Cc thit b c bn ca WLAN
Access Point
Thit b ny l mt trong nhng thit b ph bin nht trong c s mng
WLAN. N c vai tr l mt im truy nhp, cung cp cho khch hng mt
im truy nhp vo trong mng. AP l mt thit b bn song cng. Hnh sau m
t mt AP vi hai anten v v tr ca mt AP trong mng

Cc ch lm vic ca AP:
AP lin lc vi cc my Client, vi mng hu tuyn, vi cc AP khc, theo ba
ch m n c th c cu hnh:
Ch gc, ch repeater, ch bridge
Ch gc:
Ch ny c cu hnh mc nh trong mng WLAN, n c dng khi
AP c ni ti mt mng backbone, thng qua mng hu tuyn, thng l
mng Ethernet.

74

Ch cu ni
Trong ch ny, AP ng vai tr nh mt cu ni khng dy, wireless
bridge, thc t chng ng vai tr cu ni trong khi cu hnh chng theo cch
ny. Ch mt s lng nh cc AP c chc nng cu ni, n l do vn gi c
thit b. Vi vai tr l mt cu ni, th AP c s dng kt ni hai hay nhiu
on mng vi nhau m khng cn dy.

Ch lp:

Trong ch b lp, AP s dng cung cp ng link khng dy n
mng thng thng tt hn l cc kt ni thng thng

75

Anten c nh v anten c th tho ri
Ty thuc vo nhu cu ca ngi s dng m bn c th chn thit b anten
c nh hoc anten c th tho ri. Mt anten m c th tho ri c s cho bn
kh nng kt ni ti mt anten khc m khng cn quan tm lm ti di cable
bn ang c
Card v tuyn c th tho ri c
Mt vi nh sn xut cho php bn c th thm hoc b card v tuyn trong
khe cm PCMCIA trn AP. Mt vi AP c th c hai khe PCMCIA cho nhng
chc nng c bit. C hai khe trong mt AP cho php mt card v tuyn ng
vai tr mt im truy nhp, AP, trong khi card kia ng vai tr mt cu ni. Mt
tin ch khc l c th s dng hai card nh cc AP c lp. Mi card ng vai
tr mt AP c lp cho php mt ngi qun tr cung cp c cho gp i s
ngi s dng trong cng mt phm vi vt l m khng phi dng hai AP. Tuy
nhin khi cu hnh theo cch ny th m bo vn chng nhiu giao thoa,
mi card v tuyn nn c cu hnh trn nhng knh khng chng ln ln
nhau, v d nh knh 1 v knh 11.
B bin i cng sut u ra:
Cng sut u ra bin i cho php ngi qun tr iu khin cng sut m
AP s dng pht tn hiu. iu khin cng sut u ra rt c ch trong vic
cu hnh vt l mt mng. N c th tng cng sut u ra m rng phm vi
kt ni ca cc khch hng, nhng ng thi cng c th iu chnh phm vi
ph sng hp l, trnh s r r thng tin ra ngoi.
Cu ni khng dy
Mt cu ni khng dy cung cp kt ni gia hai phn on mng LAN hu
tuyn, n c dng trong cu hnh point-to-point hoc cu hnh point-to-
multipoint. Mt cu ni khng dy l mt thit b bn song cng, ch hot ng
trn kt ni khng dy ca lp hai. Hnh sau a ra mt hnh nh ca cu ni
khng dy, v v tr ca cu ni khng dy trn mng LAN khng dy.

76

Cng nh AP, cu ni khng dy cng hot ng trong nhiu ch khc
nhau:
Ch gc:
Trong ch ny mi cu ni trong nhm cu ni phi c thit lp nh
mt cu ni gc. Mt cu ni gc ch c th lin lc vi nhng cu ni khng
phi l gc v cc thit b Client khc m khng th lin kt vi cu ni gc
khc.

Ch non - root
Kt ni vi cu ni ch gc, theo cu hnh trn
77
Ch AP
Mt vi nh sn xut cho php nhng ngi qun tr c th kt ni cc Client
ti cu ni, lc ny cu ni ng vai tr nh mt AP.
Ch lp
Cu ni cng c th cu hnh nh mt b lp, ng vai tr kt ni hai mng
vi nhau, cu ni lc ny phi l cu ni ch khng phi l ch gc.

Nhm cu ni khng dy
Tng t v i khi nhm ln vi cu ni khng dy l nhm cu ni khng
dy. S khc nhau c bn ca cu ni khng dy v nhm cu ni khng dy l
nhm cu ni khng dy l mt thit b my khch. Nhm cu ni khng dy c
vai tr kt ni cho mt nhm cc my khch ca on mng hu tuyn vi on
mng v tuyn. Hnh v:

78

Cc thit b my khch ca WLAN
- PCMCIA v Card flash
- Wireless Ethernet & serial converter
- B tng hp USB, USB Adapter
- PCI v ISA adapter
PCMCIA & Compact Flash Cards
y l thnh phn chung cho mi mng khng dy, thng c gi l PC
card, thit b ny c dng trong laptop v PDA. PC card l thnh phn cung
cp kt ni gia thit b client v mng. Server PC card nh mt modul v tuyn
trong AP, Bridge, Workgroup bridges, USB adapters, PCI & ISA adapters, v
thm ch c Server phc v in n. Hnh di y l PCMCIA card

Wireless Ethernet & serial converter

B tip hp USB
USB adapter tr nn thng dng do kh nng kt ni n gin ca chng.
Thit b my khch USB h tr plug-and-play. Mt vi USB client c card c
th d dng rt ra c, trong khi mt vi ci khc th khng th rt card ra
c.

79

PCI & ISA Adapters

Wireless Residential Gateways
Wireless gateway l mt thit b c thit k kt ni mt s lng nh
cc node khng dy ti mt thit b n l ca lp 2 (mng v tuyn hoc hu
tuyn) v lp 3 ca internet hoc ti mt mng khc. Nhiu nh sn xut tch
hp c AP v Gateway trn mt thit b. c kt ni.

80

Enterprise Wireless Gateway
y l thit b m c th cung cp kh nng chng thc v kt ni c bit
cho nhng client khng dy. N thch hp vi mt mng WLAN quy m ln,
cung cp rt nhiu cc dch v c th qun l cho WLAN, nh gii hn tc ,
cht lng dch v (QoS) .v.v.
Thit b gateway ny vn c mt CPU cng sut ln, v mt giao din
Ethernet nhanh, n c th h tr nhiu AP, gi v nhn thng tin qua n.
Gateway loi ny thng h tr nhiu loi WLAN hay WPAN nh cc thit b
chun 802.11, Bluetooth, HomeRF, v nhiu loi na.
V d ca mt Gateway ni trn v v tr ca n trong mng

81
Cc Topo mng cn bn trong WLAN
Tp dch v c bn c lp: Independent Basic Service Set (IBSS)
Topo ny tham chiu ti cu hnh mng c lp, hay Ad-hoc, ca WLAN.
Mt cu hnh IBSS tng t mt mng peer-to-peer m trong khng c mt
node n no c chc nng nh mt server. IBSS WLAN bao gm mt s node
hoc trm khng dy lin lc trc tip vi nhau trn cu hnh c s Ad-hoc,
peer-to-peer. Nh vy n gm tp hp cc trm khng dy lin lc trc tip vi
nhau m khng s dng bt c AP cng nh bt c kt ni no n mng hu
tuyn. Cu trc ny hu ch cho vic thit lp nhanh chng v d dng mt
mng WLAN ti nhng ni m c s h tng mng khng dy khng tn ti
hoc khng c yu cu, nh phng trong khch sn, trung tm hi ngh, sn
bay v.v. Topo mng loi ny che ph mt din tch gii hn v khng kt ni ti
bt k mng rng hn no.

Tp dch v c bn: Basic Service Set (BSS)
BSS bao gm t nht mt AP c kt ni ti c s h tng ca mng hu
tuyn v mt tp cc trm khng dy cui (Infrastructure mode). Trong cu
hnh ny AP ng vai tr nh mt server cho mt mng hoc knh WLAN
n. Truyn thng gia node A v node B s thc hin t node A ti AP v sau
t AP n node B.
Tp dch v m rng: Extended Service Set (ESS)
ESS bao gm mt nhm cc BSS gi ln nhau (mi ci cha ng AP) kt
ni vi nhau theo h thng phn b. Distributed System (DS). Mc d h thng
phn b c th l bt c kiu mng no nhng thng l mng Ethernet LAN.
Nhng node di ng c th roam gia cc AP. Cu hnh ny ph hp vi
nhng mng WLAN m yu cu truy nhp ti cc mng Lan hu tuyn cho cc
dch v nh (files servers, Printer, Internet links)
82

802.11 Frame Format [34 - 2344 bytes]

802.11 Frame Control Field [16 bits]

83
Danh mc sch tham kho
1. Wireless LAN Protokolle und Anwendungen
2. Introduction to Wireless Technology
3. Designing a Wireless Network
4. Building a Cisco Network Wireless LAN
5. Security problems and solutions in WLAN access zones
6. 802.11 Wireless Network
7. Building Wireless Community Networks
8. Hack broofing your Wireless Network
9. Cisco AVVID Wireless Design
10. IEEE Std 802.11-1999

84
PHN III: QU TRNH CU HNH THIT B WIRELESS
Tn thit b: Wireless-B, Broadband Router, 2.4GHz 802.11b
Cc bc cu hnh
Cc thng s c th v chc nng ca cc cng, nt, n led c trong ti liu i km
thit b

t thit b ti trung tm khu vc ph sng, trnh cc vt cn (nh cp trong
phn khuyn ngh).
Kt ni cable mng vo cng internet (hnh v trn) v ni thit b mng ca bn
vo trong 4 cng cn li: 1,2,3,4

85
Cp ngun cho Router v cu hnh cho thit b theo cc bc sau:
- Thit b ny mc nh a ch l 192.168.1.1, a ch ny nn thay i ngay khi cu
hnh.

Nhp user name v password do nh sn xut cung cp

Thit lp cc thng s theo yu cu ca bn
t SSID ch khng qung b:
Wireless SSID Broadcast: Enabled Disabled

86

Vo Wireless Security t cha kha Wep:

Vo Wireless Network Access t bng a ch Mac, v xem cc thit b mng
hin ang truy cp mng thng qua router

Ngoi ra bn cng c th t cc bin php bo mt nh: t bng lc a ch MAC,
thay i SSID, gii hn s my tham gia mng trong mt thi gian, bng cch cp
mt s gii hn cc a ch IP, v.v.
Thng xuyn theo di cc my truy cp mng thng qua Router wireless, thay i
password admin thng xuyn

Wireless Tieng Viet

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Wireless Tieng Viet

Uploaded by

Copyright:

Available Formats

Nguyn Huy Bc _ in t vin thng_i hc Bch Khoa_H ni

TRNG I HC BCH KHOA H NI

You might also like