Giao Trinh Mang Doanh Nghiep 0313

B GIO DC V O TO
TRNG I HC S PHM K THUT HNG YN
GIO TRNH MNG DOANH NGHIP

TRNH O TO:
NGNH O TO:
I HC
CNG NGH THNG TIN
(INFORMATION TECHNOLOGY)
Hng Yn, thng 12 nm 2008

http://www.ebook.edu.vn
LI NI U
Cng vi s pht trin nhanh chng ca nn kinh t. Vn ng dng h thng
Mng thng tin vo iu hnh v sn xut trong doanh nghip ngy cng c y
mnh. Nh qun l mong mun Qun tr vin mng thng tin phi nm c hu ht
cc cng ngh mng nhanh chng trin khai, ng dng nhng cng ngh mng
tin tin vo phc v iu hnh sn xut cng nh lp k hoch xy dng v bo v
h thng thng tin ni b ca doanh nghip trnh khi mi nguy c tn cng.
Vi cun gio trnh ny, ti c gng tp trung i su vo cc cng ngh mi nht
hin ang c p dng trong doanh nghip ti thi im hin ti.
Gio trnh ny gm 16 bi trong c 09 bi ging, 06 bi thc hnh v 01 bi tho
lun. Mc tiu cun sch i vo cc vn chnh sau:
Thit k lc a ch IP cho doanh nghip
C bn v cng ngh mng khng dy
Vn nh tuyn v chuyn mch trong mng doanh nghip
Trin khai cc dch v my ch (Mail Server, Web Server, DNS, DHCP)
C bn v bo mt
Mong mun th nhiu nhng trong thi gian 3 tn ch ca mn hc ny chng ta
cha th bao qut ton b cc cng ngh mng p dng cho doanh nghip m ch c
th i vo nhng cng ngh chnh. Hi vng t sinh vin t nghin cu, hc hi
c th lm ch c cc cng ngh v p dng tt kin thc hc vo cng vic
mai sau.
Mi kin ng gp ca sinh vin v cc bn ng nghip xin gi v theo a ch
sau
a ch lin h:
V Khnh Qu - B mn Mng my tnh v Truyn thng - Khoa Cng ngh
Thng tin, i hc S phm K thut Hng Yn
Tel: (03213) 713153
Email: quyvk@utehy.edu.vn
URL: http://www.utehy.edu.vn
Tn Module: Thit k mng doanh nghip

M Module:
Gio vin: V Khnh Qu
Ngnh hc: Cng ngh Thng tin
S gi hc: 140(30/30)
Loi hnh o to: Chnh qui
Thi gian thc hin: Hc k III
Nm hc: 2008/2009
Loi Module: LT+TH
Phin bn: 20090105
1. Mc tiu:
Sau khi hon thnh module ny, ngi hc c kh nng:
Sau khi hon thnh module ny, ngi hc c kh nng:

-
nh gi c cc hot ng ca cc thit b phn cng v phn mm trong mt m

hnh mng LAN, WAN sn c
T vn trong vic la chn cc thit b phn cng phn mm thit k mng LAN,
WAN ph hp vi nhu cu ca doanh nghip nh
nh gi c cc yu cu v qun l mng, an ninh mng v cc rng buc khc
trong qu trnh thit k mng
Thit k c mng LAN trong ta nh phc v cho cng tc ging dy v nghin
cu
Thit k c mng WAN cho Trng hc phc v cng tc o to v qun l ca
Nh trng.
Module ny gip ngi hc pht trin cc nng lc: Phn tch (2); T vn (2); Thc
hin (3); Thit k (3) v Bo tr (2).
2. iu kin tin quyt:

Ngi hc hc Mng my tnh.
3. M t module:
Module ny nhm cung cp cho ngi hc cc kin thc Thit k c cc h thng
mng LAN/WAN; Kim tra, nh gi hiu nng hot ng ca h thng; X l c
cc s c xy ra; C k nng c bn v bo mt trong h thng mng doanh nghip
nh.
4. Ni dung module:
Bi 1: Tng quan v mng doanh nghip
1.1.Gii thiu mn hc, phng php hc
1.2.Cch s dng cc phn mm thit k gi lp VMWare, Boson
1.3.Gii thiu h thng mng thc t ca mt s doanh nghip
Bi 2: a ch mng
2.1.a ch IP v Subnetmask
2.2.Cc loi a ch IP
2.2.1.a ch IP Private, Public
2.2.3.a ch IP Unicast, Multicast, Broadcast
2.3.Nguyn l dch chuyn a ch IP (NAT)
2.4 Nguyn l cp pht DHCP
Bi 3: Cng ngh Wireless
3.1. Tng quan v Wireless
3.2. Cc chun Wireless
3.3. Cu hnh mng Wireless
3.3.1. Cc thnh phn thit lp mng mng WLAN
3.3.2. WLAN v SSID
3.3.3. Cu hnh mt mng WLAN n gin
Bi 4: C bn v cu hnh nh tuyn
4.1. Cc giao thc nh tuyn
4.2. Giao thc nh tuyn ni vng RIP
4.3. Giao thc nh tuyn ng OSPF
Bi 5:Thc hnh v nh tuyn
Cu hnh nh tuyn cho cc mng
Bi 6:Cu hnh NAT trn Router
6.1. Khi nim v NAT
6.2. Nat tnh Static NAT
6.3. Nat ng Dynamic NAT
6.4. Nat Overload PAT

Bi 7:Thc hnh Cu hnh NAT trn Router
Bi 8:Cu hnh chuyn mch (Switching)
8.1. C bn v cu hnh Switch
8.2. Cu hnh VLAN
Bi 9:Thc hnh Cu hnh chuyn mch v VLAN
Bi 10: Tho lun
Mt s ch tho lun
Cc k nng cn c ca mt k s trong vai tr HelpDesk
Quy trnh thit k v nng cp h thng mng c
Tm hiu cc giao thc m ho trong mng WLAN
Mng Wimax
Tm hiu VoIP
Cng ngh VPN
Bi 11: Cu hnh cc Web Server, DNS Server
11.1. Dch v phn gii tn min DNS Server
11.1.1. Nguyn l phn gii tn min
11.1.2. Xy dng my ch phn gii tn min cho mng doanh nghip
11.2. Dch v Web Server
11.2.1. Giao thc HTTP v HTTPS
11.2.2. Trin khai Website doanh nghip trn Server
Bi 12: Thc hnh cu hnh cc dch v mng c bn
12.1. Cu hnh Active Directory (AD)
12.2 Cu hnh IIS
12.3 Cu hnh DNS
12.4 Cu hnh DHCP
Bi 13. Xy dng mt Mail Server
13.1. Giao thc SMTP, POP3, IMAP
13.2. Trin khai Mail Server cho doanh nghip
Bi 14. Thc hnh Xy dng mt Mail Server
Trin khai Mail Server cho doanh nghip
Bi 15: Thc hnh Proxy v Firewall
15.1. Nguyn l hot ng ca Proxy

15.2. Nguyn l hot ng ca Firewall
15.3. Trin khai xy dng h thng tng la cho doanh nghip
Bi 16. C bn v bo mt
16.1 Cc nguy c tim tng trn mng
16.2. Cc phng thc tn cng
16.2.1 Viruses, Worms, Trojan Horses.
16.2.2 Denial of Service (DoS) v Brute Force Attack
16.3. Cc chnh sch bo mt
5. Ti liu tham kho:

Sch gio trnh, Slide do gio vin bin son.
Sch tham kho:
[1]. Cisco System, "CCNA Discovery1 4.0", Cisco System, 2007
[3]. J.C. Mackin and Ian McLean, Windows Server 2003 Network Infrastructure,
Microsoft Press, 2005
6. Hc liu:
Gio trnh lu hnh ni b, sch tham kho, h thng bi tp mu, bi tp t lm, my
tnh, ti nguyn trn Internet, Projector.
7. nh gi:
Hnh thc nh gi:
- Kim tra gia k (Trin khai trn mi trng gi lp): 20%
- nh gi qu trnh (kt qu cc bui thc hnh): 10%
- Kim tra cui k: 70%
Tiu ch nh gi:
- K nng thit k, xy dng bi ton
- K nng ci t bi ton
Ngi nh gi: Gio vin ging dy v ngi hc.
8. K hoch hc tp
B tr ging dy module Mng doanh nghip (3 tn ch) nh sau:
27 tit l thuyt (thc hin trong 9 bui, mi bui 3 tit), 36 tit sinh vin lm tiu lun
(gio vin t b tr lch gp, hng dn sinh vin), 18 tit thc hnh (thc hin trong 6
bui, mi bui 3 tit) v 90 gi chun b c nhn ( cng 130 trang)
8. K hoch hc tp:
Bi
Mc tiu
Hot ng gio vin
- Xc nh c v tr, vai tr
v ni dung ca Module
trong chng trnh o to
- Xy dng c k hoch v
phng php hc tp ph
hp.
- La chn c ngun hc
liu phc v cho mn hc
- Trnh by c nhng li
ch em li cho doanh nghip
khi c h thng mng.
- Trnh by c cc bc
tr thnh mt nh qun tr
mng trong doanh nghip
- Nu mc tiu, ni dung v k hoch

hc tp ca Module
- Gii thiu ngun hc liu phc v
cho hc Mudule, phng php hc tp
v cc tiu ch nh gi
- T chc tho lun cc li ch em li
cho doanh nghip khi c h thng
mng
- Qu trnh tr thnh mt nh nh
qun tr mng trong doanh nghip
- Kt lun v tng kt cc ni dung
tho lun
- Tr li cc cu hi ca sinh vin
- Pht phiu yu cu cc ni dung cn
nghin cu trong bi 2
- Trnh by cu trc a ch
IP v4
- Mi quan h gia
Subnetmask v a ch IP.
- T chc tho lun v kin trc Ipv4

v mi lin quan gia a ch IP v
Subnetmask
- a ra bi tp yu cu sinh vin
SG
GV
3h
3h
Hot ng sinh vin
- Lnh hi v t cc cu hi
thc mc
- La chn c phng
php hc tp v ngun hc
liu phc v cho Module
- Tho lun cc ni dung
trong phiu yu cu
- Ghi ch nhng vn c
bn
- Nu cc cu hi thc mc
- Trnh by c cu trc IP
v4
- Hiu r mi quan h gia
a ch IP v Subnetmask
SG
SV
4h
4h
iu kin thc
hin
Phng hc l
thuyt c trang
b my tnh,
my chiu.
Phng hc l
thuyt c trang
b my tnh,
my chiu.
- Th hin phn chia di a

ch IP thnh cc Subnet c
subnetmask bng nhau v
khng bng nhau
- Thit k c lc IP
ph hp cho mt doanh
nghip.
thc hin phn chia a ch IP thnh

cc Subnet c Subnetmask bng nhau
v khng bng nhau.
- T vn v gii p cc vn kh
khn khi sinh vin gp vng mc
- Phn tch c cc u
nhc im ca mng khng
dy v mng c dy
- Trnh by c cc m
hnh ng dng mng khng
dy
- Trnh by c cc chun
mng 802.11a,b,g v c
im ca mi chun.
- Trnh by c chc nng
ca cc thit b c bn trong
mng WLAN
- Trnh by c khi nim
knh truyn v SSID trong
mng WLAN
- T chc tho lun v mng WLAn,

cc u nhc im v cc m hnh
ng dng
- Gii p cho sinh vin cc vn
kh khn v nh hng cho sinh vin
tho lun theo ng ch
- Tr li cc cu hi thc mc ca sinh
vin
- Cu hnh th nghim mng WLAN
cng nh cch tnh ton v

phn chia mt di IP thnh
cc Subnet theo p ng yu
cu ca ngi s dng
- Tham gia tr li nhng cu
hi tnh hung m gio vin
a ra
3h
- Tho lun theo cc ni dung

gio vin a ra
- Nu cc cu hi, thc mc
trong qu trnh tho lun
- Quan st cc gi v phn
tch ca gio vin v t
a ra nhng nhn nh v
kin ca mnh v vn tho
lun.
- Cu hnh th nghim mng
WLAN vi chc nng c bn
4h
Phng hc l
thuyt c trang
b my tnh,
my
chiu,
AccessPoint,
Card
mng
khng dy.
- Cu hnh mng WLAN n

gin
- Trnh by c cc giao
thc nh tuyn
- So snh nh tuyn tnh v
ng, Distance Vector v
Link State
- c im ca nh tuyn
Rip v1
- Cu hnh nh tuyn h
thng s dng Rip v1
- T chc tho lun v nh tuyn v

Router
- T chc tho lun v nh tuyn tnh
v nh tuyn ng, Distance Vector
v Linkstate
- Hng dn sinh vin cu hnh nh
tuyn h thng mng ni b
vin
3h
- Tho lun v cc ch do
gio vin hng dn
- Quan st v thc hin cu
hnh LAB nh tuyn vi
giao thc Rip V1
- Quan st cch gi v phn
tch ca gio vin t
a ra nhng nhn nh v
kin ca mnh v vn tho
lun.
4h
Phng hc l
thuyt c trang
b my tnh,
my chiu.
- Thit k c lc a
ch IP cho doanh nghip
- Thc hin cu hnh nh
tuyn cho cc mng bng
nh tuyn tnh v nh tuyn
ng vi Rip v1, Rip v2
- nh gi c u nhc
im gia nh tuyn tnh v
nh tuyn ng
- a trc ti liu tho lun cho sinh

vin
- Tho lun thit k lc a ch IP
- Cho sinh vin pht biu kin v
cc vn tho lun theo nhm
phn cng trc
vin
- Nhn xt, nh gi v tng kt vn
3h
- Sinh vin c trc ti liu

v vn tho lun
- Tham gia vo tho lun,
a ra cu hi
a ra
- Thit k lc a ch IP
cho doanh nghip v cu
6h
Phng hc thc
hnh c trang b
my tnh, my
chiu.
- Trnh by c cc khi
nim v NAT tnh, NAT
ng
- So snh u nhc im ca
cc loi NAT
- Trnh by nguyn l hot
ng ca PAT
- Cu hnh PAT trn Router
cho php cc IP trong LAN
ra IP Public
tho lun
hnh nh tuyn gia cc

mng
- T chc tho lun cho sinh vin hiu

r khi nim v NAT, so snh u
nhc im mi loi
- T chc tho lun v PAT v s cn
thit c PAT
- Hng dn sinh vin thc hin bi
lab cu hnh PAT
- Cung cp cc ti liu lin quan n
kin thc NAT
vin trong qu trnh thc hnh
tho lun
- Ch ng tham gia tho

lun v ch do gio vin
hng dn
- Trnh by cc ni dung m
mnh tm hiu
- Thc hin tm hiu v cu
hnh bi lab do gio vin a
ra
3h
Phng hc l
thuyt c trang
b my tnh,
my chiu.
4h
- So snh u nhc im mi
loi NAT
- Cu hnh PAT trn Router
NAT cc IP trong LAN ra
IP Public
- Phn tch c nguyn l
hot ng chuyn i a ch
IP
- Tho lun thit k lc a ch IP

phn cng trc
- Chun b bi thc hnh
- Kim tra tin thc hin bi tp
thc hnh ca sinh vin
- Giao cng vic cho tun tip theo

ng c bn ca Switch
- Trnh by khi nim VLAN
v nhng ng dng ca
VLAN trong thc tin
- Cu hnh VLAN trn
Switch
- S dng Router nh tuyn
gia cc VLAN
- T chc tho lun cho sinh vin tm

hiu nguyn l hot ng ca Switch
h tr VLAN, khi nim VLAN v
nguyn l hot ng ca gi tin trong
VLAN
- Cung cp cc ti liu lin quan n
kin thc VLAN, nh tuyn gia cc
VLAN vi Router
tho lun
3h
3h

v vn tho lun
a ra cu hi
a ra
- Thc hnh NAT cc IP
trong LAN ra IP Public
- Ch ng tham gia tho
lun v ch do gio vin
hng dn
- Trnh by cc ni dung m
mnh tm hiu
tch ca gio vin t
a ra nhng nhn nh v
kin ca mnh v vn tho
lun.
a ra
Phng hc thc
hnh c trang b
my tnh, my
chiu.
6h
Phng hc l
thuyt c trang
b my tnh,
my chiu.
4h
10

ng ca VLAN v cc ng
dng VLAN trong thc tin
- Cu hnh VLAN trn
Switch h tr VLAN
- Cu hnh nh tuyn gia
cc VLAN s dng Router
-ng dng m hnh mng c
VLAN vo thit k h thng
mng trong doanh nghip
- Tho lun nguyn l hot ng ca

VLAN
phn cng trc
- Chun b bi thc hnh
thc hnh ca sinh vin
- Phn nhm v giao ch - Phn nhm sinh vin

- Chun b cc ch tho lun
tho lun cho tng nhm
- Hng dn sinh vin cc bc thc
hin v ngun ti liu cn tm hiu
giao ch
3h

v vn tho lun
a ra cu hi
a ra
- Thc hnh bi lab chia
VLAN v nh tuyn gia
cc VLAN s dng Router
- Nhn nhm v bo co ch
mong mun tm hiu vi
gio vin nu c
- Tham gia cc hot ng do
gio vin t chc v a ra
cc cu hi thc mc cn gii
p
- Tm hiu cc ngun ti liu
do gio vin cung cp
6h
Phng hc thc
hnh c trang b
my tnh, my
chiu, Switch
h tr VLAN v
Router.
Phng hc l
thuyt c trang
b my tnh,
my chiu
11
12
- Trnh by nguyn l phn

gii tn min ca my ch
DNS v nhim v ca vic
phn gii tn min
- So snh hai giao thc http
v https
- Trnh by cch cu hnh
my ch DNS v Web Server
- Tho lun v nhim v ca vin

phn gii tn min v nguyn l phn
gii tn min
- Tho lun cc giao thc truy cp
web http v https
- Hng dn thc hin lab cu hnh
web server v DNS server
- Tr li cc cu hi, thc mc ca
sinh vin
- Kt lun, tng kt cc ni dung tho
lun
- Phn tch c nguyn l

lm vic ca my ch DNS
v web Server
- Thc hin Public mt
website n gin cho php
truy cp website vi tn min
Nam
- Bo mt d liu truy cp
vi https
- Cu hnh cp pht IP ng
cho cc Client
- Pht ti liu tho lun cho sinh vin

- Tho lun v nguyn l lm vic ca
DNS Server v web Server
- Tho lun v s cn thit xy dng
mt site ni b cho doanh nghip
- Giao bi thc hnh
thc hnh ca sinh vin
- nh gi v gi cc cch lm cho
sinh vin
3h
3h

v vn tho lun
a ra cu hi
a ra
tch ca gio vin t
a ra nhng nhn nh v
kin ca mnh v vn tho
lun
v vn tho lun
a ra cu hi
- Thc hin bi lab xy dng
mt site ni b cho doanh
nghip cho php cc nhn
vin truy cp vo thng qua
tn min vi Ip cho cc
Client c cp pht ng
Phng hc l
thuyt c trang
b my tnh,
my chiu.
4h
Phng hc l
thuyt c trang
b my tnh,
my chiu.
6h
13
14
- Trnh by cc giao thc gi

nhn mail POP3, SMTP,
IMAP
- Gi v nhn th s dng
SMTP qua Telnet
- Cu hnh Mail server phc
v cho doanh nghip
- Tho lun v nhu cu v s cn thit

trin khai h thng mail trong doanh
nghip
- Tho lun v cc giao thc gi nhn
mail POP3, SMTP, IMAP
- Hng dn sinh vin thc hin Lab
cu hnh trin khai h thng Mail vi
Mdaemon Server
sinh vin
tho lun
- Phn tch c nguyn l

lm vic ca my ch Mail
Server
- Gi v nhn th s dng
giao thc SMTP thng qua
telnet
- Cu hnh my ch Mail
Server
- T chc tho lun v nguyn l lm

vic ca my ch Mail Server
- Cc lnh thc hin nhn v gi mail
s dng SMTP qua telnet
- Giao bi thc hnh
thc hnh ca sinh vin
sinh vin
3h
3h

a ra cu hi
a ra
- Tham gia thc hin bi lab
do gio vin a ra
tch ca gio vin t
a ra nhng nhn nh v
kin ca mnh v vn tho
lun
v vn tho lun
a ra cu hi
- Thc hin bi Lab trin
khai Mail Server cho doanh
nghip
Phng hc l
thuyt c trang
b my tnh,
my chiu.
4h
Phng hc thc
hnh c trang b
my tnh, my
chiu.
6h
15
16
- So snh u nhc im v
nguyn l hot ng ca mi
loi Firewall
- Xy dng m hnh h thng
mng doanh nghip v thit
lp h thng tng la bo
v h thng mng doanh
nghip
- T chc tho lun cc loi firewall

v u nhc im mi loi
- Giao bi thc hnh
thc hnh ca sinh vin
sinh vin
- Trnh by cc nguy c trn

mng
- Phn bit c cc c
im ca Virus, Trojan,
Worm
- Nhn dng cc kiu tn
cng DoS
- Gii m Pass vi Brute
Force Attack
- Cc chnh sch bo mt
- T chc tho lun cc nguy c trn

mng
- T chc tho lun cc lai Virus,
Worm, Trojan
- T chc tho lun cc kiu tn cng
DoS
sinh vin
tho lun
Thng qua khoa/ b mn
3h
3h

v vn tho lun
a ra cu hi
khai tng la bo v h
thng mng ca doanh
nghip
v vn tho lun
a ra cu hi
khai tng la bo v h
thng mng ca doanh
nghip
Phng
thc
hnh
Ti liu tham
kho
6h
Phng l thuyt
c trang b my
chiu
Ti liu tham
kho
4h
Gio vin
V Khnh Qu Khoa CNTT H S phm K thut Hng Yn
Bi 1: Tng quan v mng doanh nghip ................................................................................. 21

1.1 Gii thiu mn hc, phng php hc ........................................................................... 21
1.2.Cch s dng cc phn mm thit k gi lp VMWare, Boson ..................................... 22
1.2.1 Phn mm VMWare ................................................................................................ 22
1.2.2 Phn mm Boson Netsim......................................................................................... 23
1.3. Gii thiu h thng mng thc t ca mt s doanh nghip.......................................... 24
Bi 2: a ch mng .................................................................................................................. 26
2.1.a ch IP v Subnetmask............................................................................................... 26
2.2. Cc loi a ch IP.......................................................................................................... 26
2.2.1. a ch IP Private, IP Public ................................................................................... 26
2.2.2.a ch IP Unicast, Multicast, Broadcast................................................................. 27
2.3.Nguyn l dch chuyn a ch IP (NAT) ....................................................................... 27
2.3.1 Cc thut ng trong NAT ........................................................................................ 27
2.3.2. Cc kiu NAT ......................................................................................................... 28
2.4. Nguyn l thu nhn mt a ch IP t DHCP Server..................................................... 29
Bi 3: Cng ngh Wireless ....................................................................................................... 31
3.1. Tng quan v Wireless .................................................................................................. 31
3.2. Cc chun Wireless........................................................................................................ 31
3.3. Cu hnh mng Wireless ................................................................................................ 32
3.3.1. Cc thnh phn thit lp mng WLAN................................................................... 32
3.3.2. WLAN v SSID ...................................................................................................... 40
3.3.3. Cu hnh mt mng WLAN n gin..................................................................... 41
Bi 4: C bn v cu hnh nh tuyn....................................................................................... 42
4.1. Cc giao thc nh tuyn ............................................................................................... 42
4.2. Giao thc nh tuyn ni vng RIP ............................................................................... 49
4.3. Giao thc nh tuyn ng OSPF .................................................................................. 55
Bi 5:Thc hnh v nh tuyn................................................................................................. 62
Bi 6: Cu hnh NAT trn Router............................................................................................. 63
6.1. Khi nim chung v NAT.............................................................................................. 63
6.2 Nat tnh Static NAT ..................................................................................................... 66
6.3. Nat ng Dynamic NAT............................................................................................. 67
6.4. Nat Overload PAT ...................................................................................................... 67
Bi 7:Thc hnh Cu hnh NAT trn Router............................................................................ 69
Bi 8:Cu hnh chuyn mch (Switching) ................................................................................ 70
8.1. Cu hnh Switch v VLAN............................................................................................ 70
Bi 9:Thc hnh Cu hnh chuyn mch v VLAN ................................................................. 75
Bi 10: Tho lun...................................................................................................................... 77
Bi 11: Cu hnh cc Web Server, DNS Server ....................................................................... 78
11.1. Dch v phn gii tn min DNS Server................................................................... 78
11.1.1. Nguyn l phn gii tn min ............................................................................... 78
11.1.2. Xy dng my ch phn gii tn min cho mng doanh nghip .......................... 80
11.2. Dch v Web Server..................................................................................................... 89
11.2.1. Giao thc HTTP v HTTPS.................................................................................. 89
11.2.2. Trin khai Website doanh nghip trn Server ...................................................... 89
Bi 12: Thc hnh cu hnh cc dch v mng c bn ........................................................... 103
19
Bi 13. Xy dng mt Mail Server......................................................................................... 104

13.1. Giao thc SMTP, POP3, IMAP................................................................................. 104
13.2. Trin khai Mail Server cho doanh nghip ................................................................. 110
Bi 14. Thc hnh Xy dng mt Mail Server....................................................................... 115
Bi 15: Thc hnh Proxy v Firewall ..................................................................................... 116
15.1. Nguyn l hot ng ca Proxy................................................................................. 116
15.2. Nguyn l hot ng ca Firewall............................................................................. 120
15.3. Trin khai xy dng h thng tng la cho doanh nghip ...................................... 127
Bi 16: C bn v bo mt...................................................................................................... 128
16.1. Mt s nguy c tn cng trn mng........................................................................... 128
16.2. Cc phng thc tn cng ......................................................................................... 130
16.2.1 Viruses, Worms, Trojan Horses........................................................................... 130
16.2.2 Denial of Service (DoS) v Brute Force Attack .................................................. 142
16.3. Cc chnh sch bo mt ............................................................................................. 145
20
Bi 1: Tng quan v mng doanh nghip
1.1 Gii thiu mn hc, phng php hc

Vi xu th ng dng h thng thng tin vo tt c cc hot ng sn xut ca cc
doanh nghip, vn trin khai mt h thng mng khi xy dng mt doanh
nghip l iu tt yu. Do vy nhu cu nhn lc trnh chuyn gia trong lnh
vc mng doanh nghip trn th trng lao ng hin nay ang rt nhiu.
Mng doanh nghip l mn hc c ging dy sau Module Mng c bn v
trc Module Bo mt mng v Module Mng th h mi. Mc ch ca mn
hc gip sinh vin t c cc k nng v qun tr mng LAN, t vn, thit k
v xy dng c mt h thng mng cho doanh nghip c quy m nh vi cc
yu cu c th nh sau:
- nh gi c cc hot ng ca cc thit b phn cng v phn mm trong
mt m hnh mng LAN, WAN sn c
- T vn trong vic la chn cc thit b phn cng phn mm thit k
mng LAN, WAN ph hp vi nhu cu ca doanh nghip nh
- nh gi c cc yu cu v qun l mng, an ninh mng v cc rng buc
khc trong qu trnh thit k mng
- Thit k c mng LAN trong ta nh phc v cho cng tc ging dy v
nghin cu
- Thit k c mng WAN cho Trng hc phc v cng tc o to v
qun l ca Nh trng.
y l mn hc mang tnh ng dng thc tin rt cao do vy i hi sinh vin
chun b k cc ti liu v phng tin hc tp cn thit. Gm c
- Cc phn mm gi lp thit k mng :
- VMWare Simulator, Boson Netsim Simulator
- ISA Server
- Mail Exchange Server, Mail Mdeamon Server
- Sch gio trnh, Slide do gio vin bin son.
21
- Sch tham kho:

[3]. J.C. Mackin and Ian McLean, Windows Server 2003 Network
Infrastructure, Microsoft Press, 2005
Trong qu trnh hc tp sinh vin cn ch ng c trc ti liu ti nh, cc ti
liu do gio vin giao cho v nh t hc, tham gia trao i kin thc trn forum
ca nh trng v cc forum khc nh :
http://quantrimang.com
http://nhatnghe.com.vn
http://vnpro.org.
1.2.Cch s dng cc phn mm thit k gi lp VMWare, Boson

1.2.1 Phn mm VMWare
VMWare l phn mm gi lp cho php ci t nhiu h iu hnh trn mt my
tnh c cu hnh mnh. VMWare cho php chng ta ci nhiu h iu hnh khc
nhau nh Window XP, Window Server 2003, Window Vista, Window Server
2008, Linux... trn cng mt my tnh v ti mt thi im c th cng khi
ng nhiu my tnh o trn mt my tnh tht. y l mt tin ch v cng th
v v cn thit cho cc sinh vin khi hc v mng my tnh v cn cu hnh mt
lc nhiu h thng khc nhau to thnh mt h thng mng o.
22
Trn y l hnh khi my o VMWare ang cng lc c ci t v chy c 03

h iu hnh gm Window Server 2003, Window XP v Red Hat Linux thc
tp.
1.2.2 Phn mm Boson Netsim
Boson Netsim l phn mm cho php gi lp cc hot ng ca cc thit b mng
Cisco. Vi th phn chim trn 70% ton th gii v thit b mng, cc thit b
mng ca cisco lun l la chn s mt cho tt c cc nh thit k v trin khai
h thng do n nh v tnh tin cy cng nh s bo m ca Cisco trong vn
an ton thng tin. Boson Netsim sau khi ci t gm 02 tin ch con :
Boson Netsim Design
Boson netsim Simulator
23
Boson Netsim Design l tin ch cho php chng ta thit k cc m hnh mng o
khi khng c iu kin tip xc vi thit b tht. D vy Boson Design c th
cho php gi lp n 90% cc m hnh tht.
Boson Netsim c thc hin sau khi bn thit k h thng gi lp. Nhim v
ca n l to ra mi trng gi lp thc hin cc cu lnh cu hnh h thng
c thit k bi Boson Design trn mi trng CLI (Conmand Line
Interface).
1.3. Gii thiu h thng mng thc t ca mt s doanh nghip

Gii thiu tng quan s h thng mng mt s doanh nghip. Trong hnh l
s h thng mng Trng H SPKT Hng Yn.
24
25
Bi 2: a ch mng
2.1.a ch IP v Subnetmask
Kin thc v a ch IP v cc kin thc lin quan n M hnh TCP/IP,
Subneting c trang b ti Module Mng c bn, y l mt khi kin thc
nn tng rt quan trng, sinh vin cn xem li ti liu hc. n tp li khi
kin thc ny sinh vin cn hon tt bi tp sau:.
H thng mng ca cng ty ABC nh hnh v, cng ty c cp pht di a ch
192.168.0.0/16. Thc hin chia di a ch trn thnh cc Subnet tho mn iu
kin s host trong mi Subnet nh trn hnh vi iu kin ti u ho khng gian
a ch IP.
250 host LAN 2
500 host LAN3
1000 host LAN1
2.2. Cc loi a ch IP
2.2.1. a ch IP Private, IP Public
IP private l nhng IP khng c nh tuyn trn Internet, bao gm cc di a
ch sau:
10.0.0.0 --> 10.255.255.255
172.16.0.0 --> 172.16.31.255
192.168.0.0 --> 192.168.255.255
26
Cc di a ch IP cn li ca lp A, B, C l nhng a ch IP Public (thuc

quyn s hu ca ISP v nh cung cp a ch Internet)
2.2.2.a ch IP Unicast, Multicast, Broadcast

a ch Broadcast l a ch qung b cho mt Subnet theo chiu t PC n tt c
cc PC trong cng Subnet : PC-> all PC
a ch Unicast l a ch cho php gi t mt a ch n mt a ch khc :
PC->PC
a ch Multicast l a ch cho php gi t mt host n mt nhm host khc:
PC-> Group PC, cc a ch ny thuc lp D.
2.3.Nguyn l dch chuyn a ch IP (NAT)

2.3.1 Cc thut ng trong NAT
Khi mt my thc hin NAT s c c 2 chiu out v in theo quy nh ca
Interface
- Cisco s dngthut ng 2 chiu ny ca NAT gi l inside v outside, cc
nhm a ch trong NAT bao gm:
+ Inside local: nhm a ch bn trong
+ Inside global: a ch ton cc bn trong (a ch ny i din cho cc
host ca bn kt ni ra ngoi Internet, chnh l a ch m ISP cp cho
bn)
+ Outside local address : l a ch ring ca host bn ngoi mng ni b
+ Outside global address: l a ch public ca host bn ngoi (vd
www.yahoo.com) khi host bn trong thc hin NAT chuyn i IP, qu
trnh NAT nh sau:
inside local ip address ----- inside global ip address ----- outside global ip address
vd: 192.168.1.2 ----- 58.187.41.17:2412 ------- 209.191.93.52
27
Chng hn, khi vo trang web www.yahoo.com, u tin s c mt request ti

web server yahoo, y chnh l thc hin NAT outside, khi bn nhn c reply
t Yahoo server, qu trnh ngc li, lc ny chnh l thc hin NAT inside
NAT inside ngc li vi NAT outside, khi gi d liu n c thit b thc

hin NAT, n xem trong bng NAT (NAT table) v thy rng 58.187.41.17:2412
tng ng vi 192.168.1.2, lc NAT s thc hin i li a ch IP ca gi tin
v gi d liu s n c ng a ch ca my trong LAN ca bn.
Hon ton tng t nh vy vi inbound v outbound (ch khc n l thut ng

ca Microsoft), nu c dng ch s port trong qu trnh chuyn i th l PAT,
cn ch dng a ch IP th lc chuyn i l NAT
Cu lnh net use thng dng map share trong mng lan (tuy vy bn c th
map mt my khc qua Internet, nu my php share nh vy - chng hn
NAT ht port v cho php ht cc service), kt ni trong Lan, hay kt ni qua
Internet u c th thc hin ging nhau, qua Internet th ch b hn ch bi tc
v cht lng, thng l chm hn nhiu so vi mng LAN, tuy vy t ai
dng lnh net use map mt share t ngoi Internet, thng dng cc cng c
khc, nh l FTP, HTTP... v cc cng c chia s qua Internet.
2.3.2. Cc kiu NAT

C 2 kiu NAT c bn l NAT v PAT :
Ging nhau
Dng chuyn i a ch IP private thnh a ch IP public, gip cho my
trong mng Lan ca bn c th kt ni vi Internet, v gip tit kim khng gian
ca a ch IP public, mt cty c th ch cn 1 hay vi a ch IP public m vn
cho php ton b mng ca h kt ni ra th gii bn ngoi.Khc nhau :
28
NAT : Network Address Translation : chuyn i a ch IP thnh a ch bn

ngoi (c 2 dng chuyn i l 1-1 : static, v chuyn i overload, khi bn c
cp nhiu IP t ISP)
V d: chuyn i 1-1 l : 192.168.0.1 <---> 186.15.4.2, cn chuyn i overload
th mt a ch bn trong s c chuyn i thnh mt a ch bn ngoi (nu
nh a ch bn ngoi cha s dng)
PAT (Port Address Translation), thng l cc router ADSL mc nh dng

kiu chuyn i ny, v ban ch c 1 IP public, nu ton b LAN ca bn u
mun kt ni ra ngoi - vi mt a ch IP public (58.187.168.41)=> lc a
ch bn trong s c chuyn i thnh a ch kt hp vi ch s port, nu
port cha s dng
V d: Bn c mt LAN nh vi di IP : 192.168.1.x , khi cc my trong lan
s c chuyn i chng hn vi vi my:
192.168.1.3 <-->58.187.168.41:2413
192.168.1.4 <-->58.187.168.41:2414
192.168.1.5 <-->58.187.168.41:2415
192.168.1.6 <-->58.187.168.41:2416
....
Cc ch s port thng dng t 1024 n 65535 (not well-known port), v
well-known port l ch yu dng cho server, s port ny p ng c hu ht
cc mng LAN.
2.4. Nguyn l thu nhn mt a ch IP t DHCP Server.

C hai cch mt host c th thu nhn c mt a ch IP, ngi s dng c
th cu hnh TCP/IP bng tay bng cch t nhp vo cc thng s, cch th 2
thng c s dng trong cc cng ty v cc nhn vin vng phng thng
29
khng th nh c cc con s do ngi qun tr h thng mng trong cng ty

cung cp. host c th thu nhn t ng mt IP t Server, bn phi ci t dch
v DHCP trn my ch. Client v Server s m phn vi nhau cp mt IP
cho Client theo s sau:
30
Bi 3: Cng ngh Wireless

3.1. Tng quan v Wireless
Wireless hay mng 802.11 l h thng mng khng dy s dng sng v tuyn,
ging nh in thoi di ng, truyn hnh v radio. H thng ny hin nay ang
c trin khai rng ri ti nhiu im cng cng hay ti nh ring. H thng
cho php truy cp Internet ti nhng khu vc c sng ca h thng ny, hon
ton khng cn n cp ni. Ngoi cc im kt ni cng cng (hotspots), WiFi
c th c thit lp ngay ti nh ring.
Tn gi 802.11 bt ngun t vin IEEE (Institute of Electrical and Electronics
Engineers). Vin ny to ra nhiu chun cho nhiu giao thc k thut khc nhau,
v n s dng mt h thng s nhm phn loi chng; 3 chun thng dng ca
Wireless hin nay l 802.11a/b/g.
3.2. Cc chun Wireless
Wireless truyn v pht tn hiu tn s 2.4 GHz hoc 5GHz. Tn s ny cao
hn so vi cc tn s s dng cho in thoi di ng, cc thit b cm tay v
truyn hnh. Tn s cao hn cho php tn hiu mang theo nhiu d liu hn.
Wireless s dng chun 802.11:
Chun 802.11b l phin bn u tin trn th trng. y l chun chm nht v
r tin nht, v n tr thnh t ph bin hn so vi cc chun khc. 802.11b pht
tn hiu tn s 2.4 GHz, n c th x l n 11 megabit/giy.
Chun 802.11g cng pht tn s 2.4 GHz, nhng nhanh hn so vi chun
802.11b, tc x l t 54 megabit/giy. Chun 802.11g nhanh hn v n s
dng m OFDM (orthogonal frequency-division multiplexing), mt cng ngh
m ha hiu qu hn.
Chun 802.11a pht tn s 5 GHz v c th t n 54 megabit/ giy. N cng
s dng m OFDM. Nhng chun mi hn sau ny nh 802.11n cn nhanh hn
chun 802.11a, nhng 802.11n vn cha phi l chun cui cng.
31
3.3. Cu hnh mng Wireless

3.3.1. Cc thnh phn thit lp mng WLAN
Card mng khng dy (NIC_Wireless)
Cc my tnh nm trong vng ph sng WiFi cn c cc b thu khng dy,

adapter, c th kt ni vo mng. Cc b ny c th c tch hp vo cc
my tnh xch tay hay bn hin i. Hoc c thit k dng cm vo
khe PC card hoc cng USB, hay khe PCI. Khi c ci t adapter khng
dy v phn mm iu khin (driver), my tnh c th t ng nhn din v hin
th cc mng khng dy ang tn ti trong khu vc.
Access Point (AP)
AP l thit b ph bin nht trong WLAN ch ng sau PC card khng dy. Nh
tn ca n ch ra, AP cung cp cho client mt im truy cp vo mng. AP l
mt thit b half-duplex c mc thng minh tng ng vi mt Switch
Ethernet phc tp. Hnh di y m t AP v ni s dng chng trong mng
WLAN.
32
AP c th giao tip vi cc client khng dy, vi mng c dy v vi cc AP

khc. C 3 mode hot ng chnh m bn c th cu hnh trong mt AP
Root mode
Repeater mode
Bridge mode
Root mode
Root mode c s dng khi AP c kt ni vi mng backbone c dy thng
qua giao din c dy (thng l Ethernet) ca n. Hu ht cc AP s h tr cc
mode khc ngoi root mode, tuy nhin root mode l cu hnh mc nh. Khi mt
AP c kt ni vi phn on c dy thng qua cng ethernet ca n, n s
c cu hnh hot ng trong root mode. Khi trong root mode, cc AP
c kt ni vi cng mt h thng phn phi c dy c th ni chuyn c vi
nhau thng qua phn on c dy. AP giao tip vi nhau thc hin cc chc
nng ca roaming nh reassociation. Cc client khng dy c th giao tip vi
cc client khng dy khc nm trong nhng cell ( t bo, hay vng ph sng
ca AP) khc nhau thng qua AP tng ng m chng kt ni vo, sau cc
33
AP ny s giao tip vi nhau thng qua phn on c dy nh v d trong hnh

di.
Bridge mode
Trong Bride mode, AP hot ng hon ton ging vi mt Bridge khng dy (s
c tho lun phn sau). Tht vy, AP s tr thnh mt Bridge khng dy khi
c cu hnh theo cch ny. Ch mt s t cc AP trn th trng c h tr chc
nng Bridge, iu ny s lm cho thit b c gi cao hn ng k. Chng ta s
gii thch mt cch ngn gn Bridge khng dy hot ng nh th no, nhng
bn c th thy t hnh di rng Client khng kt ni vi Bridge, nhng thay
vo , Bridge c s dng kt ni 2 hoc nhiu on mng c dy li vi
nhau bng kt ni khng dy.
34
Repeater Mode
Trong Repeater mode, AP c kh nng cung cp mt ng kt ni khng dy
upstream vo mng c dy thay v mt kt ni c dy bnh thng. Nh bn thy
trong hnh di, mt AP hot ng nh l mt root AP v AP cn li hot ng
nh l mt Repeater khng dy. AP trong repeater mode kt ni vi cc client
nh l mt AP v kt ni vi upstream AP nh l mt client. Vic s dng AP
trong Repeater mode l hon ton khng nn tr khi cc k cn thit bi v cc
cell xung quanh mi AP trong trng hp ny phi chng ln nhau t nht l
50%. Cu hnh ny s gim trm trng phm vi m mt client c th kt ni n
repeater AP. Thm vo , Repeater AP giao tip c vi client v vi upstream
AP thng qua kt ni khng dy, iu ny s lm gim throughput trn on
mng khng dy. Ngi s dng c kt ni vi mt Repeater AP s cm nhn
c throughput thp v tr cao. Thng thng th bn nn disable cng
Ethernet khi hot ng trong repeater mode.
35
Cc ty chn ph bin (Common Options)

AP c sn nhiu ty chn phn cng v phn mm khc nhau. Cc ty chn ph
bin bao gm:
+ Anten c nh hay c th tho lp.
+ Kh nng lc cao cp
+ Antenna c th tho c (Removeable hay Modular)
+ Thay i cng sut pht
+ Cc kiu khc nhau ca kt ni c dy
Fixed or Detachable Antenna
Ty thuc vo nhu cu doanh nghip ca bn hay nhu cu ca khch hng, bn
s cn phi chn gia AP c anten c nh hay AP c anten c th tho lp. Mt
AP vi anten c th tho lp cho bn kh nng s dng cc loi anten khc nhau
kt ni vi AP s dng cable c chiu di khc nhau ty nhu cu ca bn.
V d: Nu bn cn treo mt AP trong nh nhng li cho php ngi s dng
truy cp vo mng bn ngoi th bn s cn kt ni vi cable v anten ngoi
tri trc tip vi AP v ch treo anten bn ngoi.
36
AP c th c hoc khng c anten diversity (tnh nng a dng anten). WLAN

anten diversity l vic s dng nhiu anten vi nhiu input trn mt receiver duy
nht ly mu tn hiu n thng qua mi anten. Vic ly mu tn hiu t 2
anten cho php xc nh c tn hiu input ca anten no l tt hn. Hai anten
c th c mc nhn tn hiu khc nhau bi v mt hin tng c gi l
multipath.
Advanced Filtering Capability
Cc chc nng lc MAC hay protocol c th c bao gm trong AP. Lc
thng c s dng ngn chn k xm nhp vo mng WLAN ca bn. Nh
l mt phng thc bo mt c bn, mt AP c th c cu hnh lc nhng
thit b khng nm trong danh sch lc MAC ca AP.
Vic lc protocol cho php admin quyt nh v iu khin giao thc no nn
c s dng trong mng WLAN.
V d: Nu Admin ch mun cho php truy cp http trong mng WLAN ngi
dng c th lt web v truy cp mail dng web (yahoo), th vic cu hnh lc
giao thc http s ngn chn tt c cc loi giao thc khc.
Removable (Modular) Radio Card
Mt s nh sn xut cho php bn thm vo v tho ra cc radio card t khe
PCMCIA trn AP. Mt s AP c th c 2 Anten dnh cho cc mc ch c bit.
Vic c 2 Anten trong mt AP cho php mt radio card c th hot ng nh l
mt AP trong khi mt radio card khc hot ng nh l mt Bridge. Mt cch
khc l s dng mi radio card nh l mt AP c lp. Vic c mi card hot
ng nh l mt AP c lp cho php gp i s lng ngi s dng trong
cng mt khng gian vt l m khng cn phi mua thm mt AP khc. Khi AP
c cu hnh theo cch ny, mi radio card s c cu hnh trn mt knh
khng chng ln nhau, l tng l knh 1 v knh 11.
Variable Output Power
37
Vic thay i cng sut pht cho php admin iu khin cng sut (miliwatt) m
AP s dng truyn d liu. Vic iu khin cng sut pht ra c th l cn
thit trong mt s trng hp khi cc node xa khng th xc nh c AP. N
cng cho php bn iu khin vng ph sng ca mt AP. Khi cng sut pht ra
trn mt AP tng ln, client c th di chuyn xa AP hn m khng mt kt ni
vi AP. Tnh nng ny cng hu ch trong vic bo mt bng cch cho php thay
i kch thc ca cell RF lm cho cc k xm nhp khng th kt ni vi mng
t bn ngoi ta nh ca cng ty.
Ngoi AP c cng sut pht thay i th ta cng c th s dng AP c cng sut
pht c nh. Vi AP c cng sut pht c nh th bn c th s dng cc b
khuch i, b suy hao, cable di, hay anten c li cao. iu quan trng trong
vic iu khin cng sut pht ra trn c AP v Anten l phi tun theo qui nh
ca FCC
Varied Types of Connectivity
Cc ty chn kt ni cho mt AP c th bao gm 10BaseTx, 100BaseTx,
10/100BaseTx, 100BaseFx, Token Ring, Bi v AP thng l thit b m
client kt ni vo v giao tip vi backbone mng c dy, v th admin phi hiu
lm th no kt ni AP vo mng c dy. Thit k v kt ni AP chnh xc s
gip ngn chn vic nghn c chai AP hoc xa hn c th l trc trc thit b.
Hy xt vic s dng mt AP chun trong mng WLAN. Nu trong trng hp
ny AP c xc nh l s t v tr cch 150m t wiring closet gn nht,
th vic s dng cable CAT5 ethernet s khng th hot ng c. y l mt
vn bi v ethernet qua cable CAT5 ch hot ng c trong phm vi 100m.
Trong trng hp ny vic mua mt AP c kt ni 100BaseFx v chy cable
quang t wiring closet n AP lm trc ri th vn s d dng hn.
Configuration and Management
Cc phng php c s dng cu hnh v qun l AP s khc nhau ty nh
sn xut. Hu ht h u cung cp t nht l console, telnet, USB, hay web
server. Mt s AP cn c phn mm cu hnh v qun l ring. Nh sn xut cu
hnh AP vi mt IP address trong cu hnh khi to. Nu admin cn thit lp li
38
thit lp mc nh, thng th s c mt nt phc v chc nng ny nm bn

ngoi AP.
Cc chc nng trn AP l khc nhau. Tuy nhin, c mt iu l khng i: AP
c cng nhiu tnh nng th gi ca n cng cao. V d, mt s AP SOHO s c
WEP, MAC filter v thm ch l Web server. Nu cc tnh nng nh xem bng
association, h tr 802.1x/EAP, VPN, Routing, Inter AP Protocol, RADIUS th
gi ca n s gp nhiu ln so vi AP thng thng.
Thm ch cc tnh nng chun trn cc AP tng thch Wi-Fi i khi cng khc
nhau ty nh sn xut. V d 2 dng SOHO AP khc nhau c th h tr MAC
filter nhng ch mt trong s chng cho php bn permit hay deny c th mt
trm no . Mt s AP h tr kt ni c dy full-duplex 10/100Mbps, trong khi
mt s khc ch c kt ni 10BaseT half-duplex.
Vic hiu tnh nng no l cn thit cho AP trong mi trng SOHO, mid-range,
hay enterprise-level l mt iu quan trng nu bn mun tr thnh mt nh
qun tr mng khng dy. Di y l danh sch cc tnh nng cn c cho mt
AP trong mi trng SOHO v Enterprise. Danh sch ny khng c ngha l y
bi v mt s nh sn xut c nhiu tnh nng mi. Danh sch ny ch cung
cp mt im bt u chn AP cho SOHO.
Small Office, Home Office (SOHO)
+ Mac filter
+ WEP (64 hay 128 bit)
+ Giao din cu hnh USB hay console
+ Giao din cu hnh Web n gin
+ Cc phn mm cu hnh n gin
Enterprise
+ Phn mm cu hnh cao cp
+ Giao din cu hnh web cao cp
39
+ Telnet
+ SNMP
+ 802.1x/EAP
+ RADIUS client
+ VPN client v server
+ Routing (dynamic hoc static)
+ Chc nng Repeater
+ Chc nng Bridge
Vic s dng sch hng dn ca nh sn xut s cung cp nhiu thng tin chi
tit cho mi dng sn phm. Nu bn l mt nh qun tr mng WLAN th bn
nn bit mi trng hot ng ca bn tm kim nhng sn phm tha mn
nhu cu s dng cng nh bo mt, sau hy so snh cc tinh nng ca 3 hay 4
nh sn xut khc nhau chn c thit b ti u. Qu trnh ny c th tn
nhiu thi gian, nhng thi gian s dng hc v cc sn phm khc nhau trn
th trng l rt hu ch. Cc ngun ti nguyn tt nht tm hiu v dng sn
phm no trn th trng chnh l website ca nh sn xut. Khi chn mt
AP, hy nh chn nh sn xut c h tr ngoi cc tnh nng v gi c.
3.3.2. WLAN v SSID

Mng khng dy ni b theo chun IEEE 802.11 bo mt dng thng s cu
hnh SSID (Service Set ID). K thut ny hot ng theo 2 ch
+ Ch khng bo mt th theo chu k thi gian Access Point gi Broadcast
SSID ca mnh n cc my trm dng card mng wireless.M hnh ny thng
dng cho cc im internet cng cng (Hot Post)
+ Ch th 2 l ch bo mt, Access Point khng gi SSID ca mnh cho
my trm m my trm phi c cng thng s SSID (c cu hnh trong card
wireless trn my trm) vi Access Point. M hnh ny thng s dng cho h
thng mng cng ty)
40
3.3.3. Cu hnh mt mng WLAN n gin

Sinh vin thc hin bi lab cu hnh mng Wireless cho vn phng mt cng ty
nh
Yu cu thit b
Mt Modem ADSL
Mt ng Internet
Mt AccessPoint
PC c card Wireless
Cu hnh h thng
Cu hnh s h thng theo hnh
Cu hnh AccessPoint Wireless cho cc PC c card mng khng dy kt
ni c Internet
41
Bi 4: C bn v cu hnh nh tuyn
4.1. Cc giao thc nh tuyn
Trong ngnh mng my tnh, nh tuyn (ting Anh: routing hay routeing) l qu
trnh chn la cc ng i trn mt mng my tnh gi d liu qua . Vic
nh tuyn c thc hin cho nhiu loi mng, trong c mng in thoi,
lin mng, Internet, mng giao thng.
Routing ch ra hng, s di chuyn ca cc gi (d liu) c nh a ch t
mng ngun ca chng, hng n ch cui thng qua cc node trung gian;
thit b phn cng chuyn dng c gi l router (b nh tuyn). Tin trnh
nh tuyn thng ch hng i da vo bng nh tuyn, l bng cha nhng
l trnh tt nht n cc ch khc nhau trn mng. V vy vic xy dng bng
nh tuyn, c t chc trong b nh ca router, tr nn v cng quan trng
cho vic nh tuyn hiu qu.
Routing khc vi bridging (bc cu) ch trong nhim v ca n th cc cu trc
a ch gi nn s gn gi ca cc a ch tng t trong mng, qua cho php
nhp liu mt bng nh tuyn n m t l trnh n mt nhm cc a ch.
V th, routing lm vic tt hn bridging trong nhng mng ln, v n tr thnh
dng chim u th ca vic tm ng trn mng Internet.
Cc mng nh c th c cc bng nh tuyn c cu hnh th cng, cn nhng
mng ln hn c topo mng phc tp v thay i lin tc th xy dng th cng
cc bng nh tuyn l v cng kh khn. Tuy nhin, hu ht mng in thoi
chuyn mch chung (public switched telephone network - PSTN) s dng bng
nh tuyn c tnh ton trc, vi nhng tuyn d tr nu cc l trnh trc tip
u b nghn. nh tuyn ng (dynamic routing) c gng gii quyt vn ny
42
bng vic xy dng bng nh tuyn mt cch t ng, da vo nhng thng tin
c giao thc nh tuyn cung cp, v cho php mng hnh ng gn nh t tr
trong vic ngn chn mng b li v nghn.
nh tuyn ng chim u th trn Internet. Tuy nhin, vic cu hnh cc giao
thc nh tuyn thng i hi nhiu kinh nghim; ng nn ngh rng k thut
ni mng pht trin n mc hon thnh t ng vic nh tuyn. Cch tt
nht l nn kt hp gia nh tuyn th cng v t ng.
Nhng mng trong cc gi thng tin c vn chuyn, v d nh Internet,
chia d liu thnh cc gi, ri dn nhn vi cc ch n c th v mi gi c
lp l trnh ring bit. Cc mng xoay vng, nh mng in thoi, cng thc
hin nh tuyn tm ng cho cc vng (v d nh cuc gi in thoi)
chng c th gi lng d liu ln m khng phi tip tc lp li a ch ch.
nh tuyn IP truyn thng vn cn tng i n gin v n dng cch nh
tuyn bc k tip (next-hop routing), router ch xem xt n s gi gi thng tin
n u, v khng quan tm ng i sau ca gi trn nhng bc truyn cn
li. Tuy nhin, nhng chin lc nh tuyn phc tp hn c th c, v thng
c dng trong nhng h thng nh MPLS, ATM hay Frame Relay, nhng h
thng ny i khi c s dng nh cng ngh bn di h tr cho mng IP.
Thut ton vector (distance-vector routing protocols)
Thut ton ny dng thut ton Bellman-Ford. Phng php ny ch nh mt
con s, gi l chi ph (hay trng s), cho mi mt lin kt gia cc node trong
mng. Cc node s gi thng tin t im A n im B qua ng i mang li
tng chi ph thp nht (l tng cc chi ph ca cc kt ni gia cc node c
dng).
43
Thut ton hot ng vi nhng hnh ng rt n gin. Khi mt node khi

ng ln u, n ch bit cc node k trc tip vi n, v chi ph trc tip i
n (thng tin ny, danh sch ca cc ch, tng chi ph ca tng node, v
bc k tip gi d liu n to nn bng nh tuyn, hay bng khong
cch). Mi node, trong mt tin trnh, gi n tng hng xm tng chi ph ca
n i n cc ch m n bit. Cc node hng xm phn tch thng tin ny,
v so snh vi nhng thng tin m chng ang bit; bt k iu g ci thin
c nhng thng tin chng ang c s c a vo cc bng nh tuyn ca
nhng hng xm ny. n khi kt thc, tt c node trn mng s tm ra bc
truyn k tip ti u n tt c mi ch, v tng chi ph tt nht.
Khi mt trong cc node gp vn , nhng node khc c s dng node hng ny
trong l trnh ca mnh s loi b nhng l trnh , v to nn thng tin mi ca
bng nh tuyn. Sau chng chuyn thng tin ny n tt c node gn k v
lp li qu trnh trn. Cui cng, tt c node trn mng nhn c thng tin cp
nht, v sau s tm ng i mi n tt c cc ch m chng cn ti c.
Thut ton trng thi kt ni (Link-state routing protocols)
Khi p dng cc thut ton trng thi kt ni, mi node s dng d liu c s ca
n nh l mt bn ca mng vi dng mt th. lm iu ny, mi node
pht i ti tng th mng nhng thng tin v cc node khc m n c th kt ni
c, v tng node gp thng tin mt cch c lp vo bn . S dng bn
ny, mi router sau s quyt nh v tuyn ng tt nht t n n mi node
khc.
Thut ton lm theo cch ny l Dijkstra, bng cch xy dng cu trc d liu
khc, dng cy, trong node hin ti l gc, v cha mi noded khc trong
mng. Bt u vi mt cy ban u ch cha chnh n. Sau ln lt t tp cc
44
node cha c thm vo cy, n s thm node c chi ph thp nht n mt

node c trn cy. Tip tc qu trnh n khi mi node u c thm.
Cy ny sau phc v xy dng bng nh tuyn, a ra bc truyn k tip
tt u, t mt node n bt k node khc trn mng.
So snh cc thut ton nh tuyn
Cc giao thc nh tuyn vi thut ton vector t ra n gin v hiu qu trong
cc mng nh, v i hi t (nu c) s gim st. Tuy nhin, chng khng lm
vic tt, v c ti nguyn tp hp t i, dn n s pht trin ca cc thut ton
trng thi kt ni tuy phc tp hn nhng tt hn dng trong cc mng ln.
Giao thc vector km hn vi rc ri v m n v tn.
u im chnh ca nh tuyn bng trng thi kt ni l phn ng nhanh nhy
hn, v trong mt khong thi gian c hn, i vi s thay i kt ni. Ngoi ra,
nhng gi c gi qua mng trong nh tuyn bng trng thi kt ni th nh
hn nhng gi dng trong nh tuyn bng vector. nh tuyn bng vector i
hi bng nh tuyn y phi c truyn i, trong khi nh tuyn bng trng
thi kt ni th ch c thng tin v hng xm ca node c truyn i. V vy,
cc gi ny dng ti nguyn mng mc khng ng k. Khuyt im chnh ca
nh tuyn bng trng thi kt ni l n i hi nhiu s lu tr v tnh ton
chy hn nh tuyn bng vector.
Giao thc c nh tuyn v giao thc nh tuyn
S nhm ln thng xy ra gia giao thc c nh tuyn v giao thc nh
tuyn (routed protocols v routing protocols).
45
Giao thc c nh tuyn (routed protocols hay routable protocols )

Mt giao thc c nh tuyn l bt k mt giao thc mng no cung cp
y thng tin trong a ch tng mng ca n cho php mt gi tin c
truyn i t mt my ch (host) n my ch khc da trn s sp xp v a
ch, khng cn bit n ng i tng th t ngun n ch. Giao thc c
nh tuyn nh ngha khun dng v mc ch ca cc trng c trong mt gi.
Cc gi thng thng c vn chuyn t h thng cui n mt h thng cui
khc. Hu nh tt c giao thc tng 3 cc giao thc khc cc tng trn u c
th c nh tuyn, IP l mt v d. Ngha l gi tin uc nh hng (c a
ch r rng )ging nh l th c ghi a ch r ch cn ch routing (tm
ng i n a ch )
Cc giao thc tng 2 nh Ethernet l nhng giao thc khng nh tuyn c,
v chng ch cha a ch tng lin kt, khng nh tuyn: mt s giao thc
tng cao da trc tip vo y m khng c thm a ch tng mng, nh
NetBIOS, cng khng nh tuyn c.
Giao thc nh tuyn (routing protocols)
Giao thc nh tuyn c dng trong khi thi hnh thut ton nh tuyn
thun tin cho vic trao i thng tin gia cc mng, cho php cc router xy
dng bng nh tuyn mt cch linh hot. Trong mt s trng hp, giao thc
nh tuyn c th t chy ln giao thc c nh tuyn: v d, BGP chy
trn TCP: cn ch l trong qu trnh thi hnh h thng khng to ra s l
thuc gia giao thc nh tuyn v c nh tuyn.
Danh sch cc giao thc nh tuyn
Giao thc nh tuyn trong
46
Router Information Protocol (RIP)

Open Shortest Path First (OSPF)
Intermediate System to Intermediate System (IS-IS)
Hai giao thc sau y thuc s ha ca Cisco, v c h tr bi cc router
Cisco hay nhng router ca nhng nh cung cp m Cisco ng k cng
ngh:
Interior Gateway Routing Protocol (IGRP)
Enhanced IGRP (EIGRP)
Giao thc nh tuyn ngoi
Exterior Gateway Protocol (EGP)
Border Gateway Protocol (BGP)
Constrained Shortest Path First (CSPF)
Thng s nh tuyn (Routing metrics)
Mt thng s nh tuyn bao gm bt k gi tr no c dng bi thut ton
nh tuyn xc nh mt l trnh c tt hn l trnh khc hay khng. Cc
thng s c th l nhng thng tin nh bng thng (bandwidth), tr (delay),
m bc truyn, chi ph ng i, trng s, kch thc ti a gi tin (MTU Maximum transmission unit), tin cy, v chi ph truyn thng. Bng nh
tuyn ch lu tr nhng tuyn tt nht c th, trong khi c s d liu trng thi
kt ni hay topo c th lu tr tt c nhng thng tin khc.
Router dng tnh nng phn loi mc tin cy (administrative distance -AD)
chn ng i tt nht khi n bit hai hay nhiu ng n cng mt ch
theo cc giao thc khc nhau. AD nh ra tin cy ca mt giao thc nh
tuyn. Mi giao thc nh tuyn c u tin trong th t tin cy t cao n
47
thp nht c mt gi tr AD. Mt giao thc c gi tr AD thp hn th c tin

cy hn, v d: OSPF c AD l 110 s c chn thay v RIP c AD l 120.
Bng sau y cho bit s sp xp mc tin cy c dng trong cc router
Cisco
Cc lp giao thc nh tuyn

Da vo quan h ca cc dng router vi cc h thng t tr, c nhiu lp giao
thc nh tuyn nh sau:
48
Giao thc nh tuyn trong mng Ad-hoc xut hin nhng mng
khng c hoc t phng tin truyn dn.
Interior Gateway Protocols (IGPs) trao i thng tin nh tuyn trong
mt AS. Cc v d thng thy l:
o IGRP (Interior Gateway Routing Protocol)
o EIGRP (Enhanced Interior Gateway Routing Protocol)
o OSPF (Open Shortest Path First)
o RIP (Routing Information Protocol)
o IS-IS (Intermediate System to Intermediate System)
Ch : theo nhiu ti liu ca Cisco, EIGRP khng phn lp nh giao thc trng
thi kt ni.
Exterior Gateway Protocols (EGPs) nh tuyn gia cc AS. EGPs gm:
o EGP (giao thc c ni mng Internet trc y, by gi li
thi)
o BGP (Border Gateway Protocol: phin bn hin ti, BGPv4, c t
khong nm 1995)
4.2. Giao thc nh tuyn ni vng RIP

RIP (ting Anh: Routing Information Protocol) l mt giao thc nh tuyn ni
vng s dng thut ton nh tuyn Distance-vector.
Cc c im:
L giao thc nh tuyn theo vector khong cch (Distance Vector ) , tc l
RIP s cp nht ton b hoc 1 phn bng nh tuyn ca mnh cho cc
Router lng ging kt ni trc tip vi n . Bng nh tuyn gm cc thng
49
tin nh : a ch ca router k tip trn ng i , tng chi ph t chnh router

n mng ch
L giao thc nh tuyn theo kiu classful ( tc nh tuyn theo lp a ch) v
rip k mang theo thng tin subnet mask i km (FLSM)
Chn ng i da vo thng s nh tuyn l hop count ( s router ) hay cn
ni metric ca RIP l hop count, dng simple routing metric. Chnh v th m
i lc c 1 s ng m rip chn k phi l ng ti u nht n mng ch.
Nu 1 packet n mng ch c s lng hop vt qu 15 th n s b drop.
Do ci tnh kh chu ny ca RIP nn mi n c cho l kh m rng , ph
hp vi mng nh ( nhng mo thy n khng nh u i vi vn )
Update nh k 30s ( thay i bng cu lnh update-timers) . Ngoi ra RIP cn
cc gi tr thi gian khc nh invalid , holdown v flush timer set bng cu
lnh sau timers basic update invalid holdown flush
Administrative Distance (AD) = 120 , thng s ny cng nh th cng u tin
Load balacing ( chia ti ) maximum l 6 ng , default l 4 ng c th set
li bng cu lnh maximum-paths . Vic chia ti y i hi cc ng phi
c chi ph (cost)bng nhau mi c nh hay cn gi l equal-cost m cost
ca rip l hop count v th nu tc ca 2 ng khc nhau nh 1 ng l
dial-up v 1 ng l T1 th cng nh vy thi.
Cc c ch chng Loop
Count to infinity ( nh ngha gi tr ti a) khi trong mng xy ra loop , gi
tin chy lng vng hoi trong mng cho n khi c tin trnh no ct t
vng lp gi l m v hn .Vi rip metric l hop count v th mi khi thng
tin cp nht c i qua 1 router th s lng hop s tng ln 1. Bn thn
50
rip s khc phc tnh trng m n v hn bng cch c thng s nh tuyn

m vt qu 15 th packet s b drop
Route poisioning ( poison reverse ): thng th khi 1 ng mng no c
thng s nh tuyn tng dn ln th b tnh nghi l loop ri nh . Lc
router s pht i 1 thng tin poison reverse xa i ng v cho n vo
trng thi holddown .
Triggered update ( cu lnh ip rip triggered) : v rip cp nht thng tin nh
tuyn 30s 1 ln v th khi c 1 mng thay i th phi ch n ht 1 chu k
30s th cc router khc trong mng mi bit c s thay i . C ch
triggered update ny gip router cp nht ngay s thay i trong mng m k
cn phi i ht chu k . Kt hp c ch ny cng poison reverse l ok.
Holdown timer :khi router A nhn c 1 thng tin v 1 mng X t 1 router
B ni rng mng X b t th router A s set holddown timer. Trong sut thi
gian holddown ny , router s khng cp nht bt k thng tin nh tuyn no
v mng X t cc router khc trong mng , chng hn router C cp nht cho
A ni , mng X cn sng th router A s pht l thng tin i. Tr phi
router B ni vi n l mng X sng li ri th router A mi cp nht nh
Split Horizon tc l khi router gi thng tin nh tuyn ra 1 interface , th
router s k gi ngc tr li cc thng tin nh tuyn m n hc c t cng
. C ch ny ch trnh c loop gia 2 router
Kt hp Split horizon vi poision reverse : nu c pht qua , cc bn s thy
2 anh ny tri ngc nhau , chc l 2 c ch ny k nhau y . Nhng thc
ra khi kt hp li s hu dng trong khi mng gp s c , hnh nh mc nh
l n k dng c ch ny hay ni cch khc 2 c ch ny tch ring khng lm
chung v s lm tng kch thc ca bng nh tuyn. Khi router A hc c
51
1 mng X b die t router B t cng S0/0 chng hn , th A s advertise li

mng X ra cng s0/0 tip tc vi hop count l 16
Qu trnh gi v nhn thng tin nh tuyn
M hnh minh ha
Lc gi thng tin nh tuyn: Trc khi gi update (v ng mng 131.108 v

131.99) cho router 2 th router 1 phi check rng
ng mng 131.108.5.0/24 c cng major net vi 131.108.2.0/24 hay
khng?
Trong trng hp ny l c, Router 1 mi check tp 131.108.5.0 v
131.108.2.0 c cng subnet mask hay khng?
Nu trng, Router 1 s qung b ng mng ny.
Nu k trng , router 1 s drop packet
ng mng 137.99.88.0/24 c cng major net vi 131.108.2.0/24 hay
khng?
Nu khng th router 1 s lm ng tc l tng hp (summarize)
137.99.88.0/24 ti major net boundary thnh 137.99.0.0 v qung b n.
Trong m hnh ny th ta nhn c kt qu nh th ny trong khi thi hnh lnh
debug ip rip
52
Nhn update :
Lc ny debug ip rip ngay trn router 2 th ta thy nh th ny
Router 2 s check xem nn apply mask no cho ng mng 131 v 137 ny

y
131.108.5.0 v 131.108.2.0( xt trn interface m nhn update vo) c cng 1
major net k?
Nu c th apply thng mask ca interface m n nhn update, trong trng hp
ny l apply /24). Nu mng c qung b tc 131.108 m /32 th router 2 s
apply /32 v tp tc qung b cho cc router khc l /32( iu ny n khc vi
IGRP nh)
131.108.5.0 v 137.99.0.0 c cng major net k?
Nu khng xt tip, trong bng nh tuyn c subnet no hay mng con ca
major net ny m n hc t cc interface khc khng?
Nu khng th router 2 s apply thng classful subnet mask l /16 lun v 137 l
mng lp B. Ch y n s apply host mask nu nh gia 2 router l 1
unnumbered link v cha thng tin v subnet ( tc l khi cc bit trong phn
portion ca network c set).
Ngc li th router s ignore thng tin nh tuyn ny i
Lc ny show ip route th xem
53
Do ripv2 pht trin t ripv1 nn n cng cn tha hng nhng c im ca

ripv1 nh :
L giao thc nh tuyn theo vector khong cch
Cost ca n l hop count . y cho mo s dng t cost thay cho metric
nh . V nu l c ai xem qua BGP ri th s b ln 1 t . Maximum hop
count vn l 15
Cng s dng cc c ch chng lp vng nh ripv1
Nhng Ripv2 c cc im ci tin khc version 1 nh
Nhiu thng tin nh tuyn hn nh c gi subnet mask i km vi a ch
mng trong thng tin m n update.
H tr VLSM ( Variable length subnet mask ) subnet mask khc nhau,
CIDR ( Classless Interdomain Routing ) v route summarization
C c ch xc thc thng tin khi nhn c bng plaintext hoc m ha
MD5
Gi thng tin nh tuyn theo a ch multicast l 224.0.0.9 bng vi 0100-5E-00-00-09
54
4.3. Giao thc nh tuyn ng OSPF

Tng Quan V OSPF
OSPF l mt giao thc nh tuyn theo trng thi ng lin kt c trin khai
da trn cc chun m. OSPF c m t trong nhiu chun ca IETF (Internet
Engineering Task Force). Chun m y c ngha l OSPF hon ton m vi
cng cng, khng c tnh c quyn.
Nu so snh vi RIPv1 v RIPv2 l mt giao thc ni th IGP tt hn v kh
nng m rng ca n. RIP ch gii hn trong 15 hop, hi t chm v i khi cn
chn ng c tc chm v khi quyt nh chn ng n khng quan tm
n cc yu quan trng khc nh bng thng chng hn. OSPF khc phc c
cc nhc im ca RIP v n l mt giao thc nh tuyn mnh, c kh nng
mi rng, ph hp vi cc h thng mng hin i. OSPF c th cu hnh n
vng s dng cho cc mng nh.
So Snh OSPF Vi Giao Thc nh Tuyn Theo Distance Vector
Router nh tuyn theo trng thi ng lin kt c mt c s y v cu trc
h thng mng. Chng ch thc hin trao i thng tin v trng thi ng lin
kt lc khi ng v khi h thng mng c s thay i. Chng khng pht qung
b bng nh tuyn theo nh k nh cc router nh tuyn theo distance vector.
Do , cc router nh tuyn theo trng thi ng lin kt s dng t bng thng
hn cho hot ng duy tr bng nh tuyn.
RIP ph hp vi cc mng nh v ng tt nht i vi RIP l ng c s hop
t nht. OSPF th ph hp vi mng ln, c kh nng m rng, ng i tt nht
ca OSPF c xc nh da trn tc ca ng truyn. RIP cng nh cc
giao thc nh tuyn theo distance vector khc u s dng thut ton chn
55
ng n gin. Cn thut ton SPF th phc tp. Do , nu router chy theo

giao thc nh tuyn theo distance vector th s t tn b nh v cn nng lc x
l thp hn so vi khi chy OSPF.
OSPF chn ng da trn chi ph c tnh t tc ca ng truyn.
ng truyn c tc cng cao th chi ph OSPF tng ng cng thp.
OSPF chn ng tt nht t cy SPF.
OSPF bo m khng b nh tuyn lp vng. Cn giao thc nh tuyn
theo distance vector vn c th b loop.
Nu mt kt ni khng n nh, chp chn, vic pht lin tc cc thng tin v
trng thi ca ng kin kt ny s dn n tnh trng cc thng tin qung co
khng ng b lm cho kt qu chn ng ca cc router b o ln.
OSPF gii quyt c cc vn sau:
Tc hi t.
H tr VLSM (Variable Length Subnet Mask).
Kch c mng.
Chn ng.
Nhm cc thnh vin.
Trong mt h thng mng ln, RIP phi mt t nht vi pht mi c th hi t
c v mi router ch trao i bng nh tuyn vi cc router lng ging kt ni
trc tip vi mnh m thi. Cn i vi OSPF sau khi hi t vo lc khi
ng, khi c thay i th vic hi t s rt nhanh v ch c thng tin v s thay
i c pht ra cho mi router trong vng.
OSPF c h tr VLSM nn n c xem l mt giao thc nh tuyn khng theo
lp a ch. RIPv1 khng h tr VLSM, nhng RIPv2 th c.
56
i vi RIP, mt mng ch cch xa hn 15 router xem nh khng th n c

v RIP c s lng hop gii hn l 15. iu ny lm kch thc mng ca RIP b
gii hn trong phm vi nh. OSPF th khng gii hn v kch thc mng, n
hon ton c th ph hp vi mng va v ln.
Khi nhn c t router lng ging cc bo co v s lng hop n mng ch,
RIP s cng thm 1 vo thng s hop ny v da vo s lng hop chn
ng n mng ch. ng no c khong cch ngn nht hay ni cch khc
l c s lng hop t nht s l ng tt nht i vi RIP. Nhn xt thy thut
ton chn ng nh vy l rt n gin v khng i hi nhiu b nh v nng
lc x l ca router. RIP khng h quan tm n bng thng ng truyn khi
quyt nh chn ng.
OSPF th chn ng da vo chi ph c tnh t bng thng ca ng truyn.
Mi OSPF u c thng tin y v cu trc ca h thng mng v da vo
chn ng i tt nht. Do , thut ton chn ng ny rt phc tp, i
hi nhiu b nh v nng lc x l ca router cao hn so vi RIP.
RIP s dng cu trc mng dng ngang hng. Thng tin nh tuyn c truyn
ln lt cho mi router trong cng mt h thng RIP. Cn OSPF s dng khi
nim v phn vng. Mt mng OSPF c th chia cc router thnh nhiu nhm.
Bng cch ny, OSPF c th gii hn lu thng trong tng vng. Thay i trong
vng ny khng nh hng n hot ng ca cc vng khc. Cu trc phn lp
nh vy cho php h thng mng c kh nng m rng mt cch hiu qu.
Thut Ton Chn ng Ngn Nht
Theo thut ton ny, ng tt nht l ng c chi ph thp nht. Thut ton
c s dng l Dijkstra, thut ton ny xem h thng mng l mt tp hp cc
nodes c kt ni vi nhau bng kt ni point-to-point. Mi kt ni ny c mt
57
chi ph. Mi nodes c mt tn. Mi nodes c y c s d liu v trng thi

ca cc ng lin kt. Do , chng c y thng tin v cu trc vt l ca
h thng mng. Tt c cc c s d liu ny iu ging nhau cho mi router
trong cng mt vng.
Cc Loi Mng OSPF
Cc OSPF phi thit lp mi quan h lng ging trao i thng tin nh tuyn.
Trong mi mng IP kt ni vo router. N u c gng t nht l tr thnh mt
lng ging hoc l mt lng ging thn mt vi mt router khc, router OSPF
quyt nh chn router no lm lng ging thn mt l ty thuc vo tng loi
mng kt ni vi n. C mt s router c th c gng tr thnh lng ging thn
mt vi mi router lng ging khc. C mt s router khc li c th ch c gng
tr thnh lng ging thn mt vi mt hoc hai router lng ging thi. Mt khi
mi quan h lng ging thn mt c thit lp gia hai lng ging vi nhau
th thng tin v trng thi ng lin kt mi c trao i.
Giao thc OSPF nhn bit cc loi mng sau:
Mng qung b a truy cp, v d mng Ethernet.
Mng point-to-point.
Mng khng qung b a truy cp (NBMA NonBroadcast MultilAccess), v d Frame Relay.
Mng Point-to-Multipoint c th c nh qun tr mng cu hnh cho
mt cng ca router.
Trong mng a truy cp khng th bit c l c bao nhiu router s c th
c kt ni vo mng.
Trong mng point-to-point th ch c hai router c kt ni vi nhau.
58
Trong mng qung b a truy cp c rt nhiu router kt ni vo. Nu mi router

u thit lp mi quan h thn mt vi mi router khc v thc hin trao i
thng tin v trng thi ng lin kt vi mi router lng ging th s qu ti.
Nu c 10 router th s cn 45 mi lin h thn mt, nu c n router th s c
n*(n-1)/2 mi quan h lng ging cn thit lp.
Gii php cho vn qu ti trn l bu ra mt router lm i din (DRDesignated Router). Router ny s thit lp mi quan h thn mt vi mi router
khc trong mng qun b. Mi router cn li s ch gi thng tin v trng thi
ng lin kt cho DR. Sau DR s gi cc thng tin ny cho mi router khc
trong mng bng a ch multicast 224.0.0.5 DR ng vai tr nh mt ngi pht
ngn chung.
Vic bu DR rt c hiu qu nhng cng c mt nhc im. DR tr thnh mt
tm im nhy cm i vi s c. Do , cn c mt router th hai c bu ra
lm i din d phng (BDR Backup Designated Router), router ny s m
trch vai tr ca DR nu DR b s c. m bo c DR v BDR u nhn
c thng tin v trng thi ng lin kt t mi router khc trong cng mt
mng, a ch multicast 224.0.0.6 cho cc router i din.
Trong mng point-to-point ch c 2 router kt ni vi nhau nn khng cn bu ra
DR v DBR. Hai router ny s thit lp mi quan h lng ging thn mt vi
nhau.
Loi Mng Cc c Tnh Bu DR
Broadcast, Multi-Access Ethernet,ToKen Ring,FI
NonBroadcast Multi-Access Frame Relay,X25,SMDS
Point-to-Point PPP,HDLC
Khng
Point-to-Multipoint c cu hnh bi Administrator
Khng
59
Giao Thc OSPF Hello

Khi router bt u khi ng tin trnh nh tuyn OSPF trn mt cng no
th n s gi mt gi hello ra cng v tip tc gi hello theo nh k. Giao
thc hello a ra cc nguyn tc qun l vic trao i cc gi OSPF hello.
lp 3 ca m hnh OSI, gi hello mang a ch multicast 224.0.5.0 a ch ny
ch n tt c cc OSPF router. OSPF router s dng gi hello thit lp mt
quan h lng ging thn mt mi v xc nh l router lng ging c cn hot
ng hay khng. Mc nh hello c gi i 10 giy mt ln trong mng qung
b a truy cp v mng Point-to-Point. Trn cng ni vo mng NBMA, v d
nh Frame Relay, chu trnh mc nh ca hello l 30 giy.
Trong mng a truy cp, giao thc hello tin hnh bu DR v BDR.
Mc d gi hello rt nh nhng n cng bao gm c phn header ca gi OSPF.
Cu trc ca phn header trong gi OSPF c th hin nh hnh sau. Nu gi
hello th trng Type s c gi tr l mt.
Cc thng ip Hello trong OSPF thc hin ba chc nng chnh:
Tm ra nhng router chy OSPF khc trn cng mt mng chung.
Kim tra s tng thch trong cc thng s cu hnh.
Gim st tnh trng ca lng ging phn ng nu lng ging b fail.
tm ra nhng router lng ging, OSPF lng nghe nhng thng ip Hello
c gi n 224.0.0.5. y l a ch multicast tng trng cho tt c cc
router OSPF, trn bt c cng no bt OSPF. Cc gi Hello s ly ngun t
a ch primary trn cng, ni cch khc, Hello khng dng a ch ph. (OSPF
60
router s qung b cc a ch ph nhng n s khng gi Hello t nhng a ch

ny v khng bao gi hnh thnh mi quan h dng a ch ph.
Khi hai router tm ra nhau thng qua cc gi Hello, cc router thc hin cc php
kim tra cc thng s nh sau:
o Cc router phi vt qua tin trnh xc thc.
o Cc router phi trong cng a ch mng primary, phi c cng
subnetmask.
o Phi trong cng OSPF area.
o Phi c cng kiu vng OSPF.
o Khng c trng RID.
o OSPF Hello v Deadtimer phi bng nhau.
Nu bt k iu kin no nu trn khng tha mn, hai router n gin s khng
hnh thnh quan h lng ging. Cng lu rng mt trong nhng iu kin quan
trng nht m hai bn khng cn ging l ch s ID ca tin trnh OSPF, nh
c cu hnh trong cu lnh router ospf process-id. Bn cng nn lu rng gi
tr MTU phi bng nhau cc gi tin DD c gi thnh cng gia nhng lng
ging nhng thng s ny khng c kim tra trong tin trnh Hello.
Chc nng th ba ca Hello l duy tr lin lc gia nhng lng ging. Cc
lng ging gi Hello mi chu k hello interval; nu router khng nhn c
Hello trong khong thi gian dead interval s lm cho router tin rng lng ging
ca n fail. Khong thi gian hello interval mc nh bng 10 giy trn nhng
cng LAN v 30 giy trong nhng ng T1 hoc ng thp hn T1. Thi gian
dead interval mc nh bng bn ln thi gian hello interval.
61
Bi 5:Thc hnh v nh tuyn

Thit k s h thng mng nh trong hnh
Yu cu
S dng giao thc nh tuyn tnh cu hnh nh tuyn gia cc LAN
Su dng giao thc IGRP vi AS=100 cu hnh nh tuyn gia cc LAN
Kt qu
Cc PC thuc cc LAN ping c n nhau
62
Bi 6: Cu hnh NAT trn Router

6.1. Khi nim chung v NAT
Hai mi nm trc y, IPv4 a ra mt m hnh a ch v cng p ng c
mt trong khong thi gian, nhng trong tng lai gn khng p ng . Trong
khi , IPv6 c xem l mt khng gian a ch khng gii hn, th c trin
khai th nghim chm chp v chc chn s thay th IPv4 trong tng lai gn.
Trong thi gian ch i s thay i , mt s k thut c th s dng s
dng c hiu qu ti nguyn IP l: NAT (Network Address Translation); PAT
( Port address translation ); VLSM ( Variable-Length Subnet Mask ).
Nat l ch vit tt ca ch Network Address Translate (Dch a ch IP). NAT c
02 mc ch
n a ch IP trong h thng mng ni b trc khi gi tin i ra Internet
gim gim thiu nguy c tn cng trn mng
Tit kim khng gian a ch IP
C 03 phng n NAT
Nat tnh (Static Nat)
Nat ng (Dynamic Nat)
Nat overload PAT (Port Address Translate)
63
Host A s dng 1 a ch dnh ring 192.168.2.23, host B s dng 1 a ch cng

cng 192.31.7.130. Khi Host A gi mt packet n host B, backet s c
truyn qua router v router thc hin qa trnh NAT. NAT s thay th a ch
ngun private ip address (192.168.2.23) thnh mt public IP address
(203.10.5.23) v forwards the packet., vi a ch ny packet s c nh tuyn
trn internet ti destination address (192.31.7.130). Khi host B gi gi tin hi
p ti host A, destination address ca gi tin s l 203.10.5.23. gi tin ny i
qua router v s c NAT thnh a ch 192.168.2.23
Inside local address - a ch IP c gn cho mt host ca mng trong. y l
a ch c cu hnh nh l mt tham s ca h iu hnh trong my tnh hoc
c gn mt cch t ng thng qua cc giao thc nh DHCP. a ch ny
khng phi l nhng a ch IP hp l c cp bi NIC (Network Information
Center) hoc nh cung cp dch v Internet.
Inside global address - L mt a ch hp l c cp bi NIC hoc mt nh
cung cp dch v trung gian. a ch ny i din cho mt hay nhiu a ch IP
inside local trong vic giao tip vi mng bn ngoi
Outside local address - L a ch IP ca mt host thuc mng bn ngoi, cc
host thuc mng bn trong s nhn host thuc mng bn ngoi thng qua a ch
ny. Outside local khng nht thit phi l mt a ch hp l trn mng IP (c
th l a ch private).
64
Outside global address - L a ch IP c gn cho mt host thuc mng ngoi

bi ngi s hu host . a ch ny c gn bng mt a ch IP hp l trn
mng Internet.
Vi s mng (Hnh 6.1) ta c NAT Table
Inside local address 192.168.2.23
Inside global address 205.10.5.23
Outside globaladdress 197.31.7.130
Cc gi tin bt ngun t phn mng inside s c a ch source IP l a ch
kiu inside local v destination IP l ouside local khi n cn trong phn
mng inside. Cng gi tin , khi c chuyn ra mng outside source IP
address s c chuyn thnh "inside global address" v a destination IP ca
gi tin s l outside global address.
Ngc li, khi mt gi tin bt ngun t mt mng outside, khi n cn ang
mng outside , a ch source IP ca n s l "outside global address", a
ch destination IP s l "inside global address". Cng gi tin khi c chuyn
vo mng inside, a ch source s l "outside local address" v a ch
destination ca gi tin s l "inside local address".
65
6.2 Nat tnh Static NAT
Nat tnh hay cn gi l Static NAT l phng thc NAT mt i mt. Ngha l
mt a ch IP c nh trong LAN s c nh x ra mt a ch IP Public c
nh trc khi gi tin i ra Internet. Phng php ny khng nhm tit kim a
ch IP m ch c mc ch nh x mt IP trong LAN ra mt IP Public n IP
ngun trc khi i ra Internet lm gim nguy c b tn cng trn mng.
V d: chuyn i mt a ch IP ring 165.10.1.2 255.255.255.0 sang di a ch
IP cng cng t 169.10.1.50 dn 169.10.1.100. Dng (Netsim) cu hnh. Sau
khi cu hnh song ta dng lnh show ip nat translations s c k qu nh sau.
Phng n ny c nhc im l nu trong LAN c bao nhiu IP mun i ra

Internet th ta phi c tng IP Public nh x. Do vy phng n NAT tnh
ch c dng vi cc my ch thuc vng DMZ vi nhim v Public cc Server
ny ln Internet.
66
6.3. Nat ng Dynamic NAT

Nat ng (Dynamic NAT) l mt gii php tit kim IP Public cho NAT tnh.
Thay v nh x tng IP c nh trong LAN ra tng IP Public c nh. LAN ng
cho php NAT c di IP trong LAN ra mt di IP Public c nh ra bn ngoi.
V d:
H thng LAN trong cng ty c 100 IP, nu mun 100 IP ny truy cp Internet
th theo phng n NAT tnh cng ty s phi thu t ISP 100 IP Public. iu ny
qu tn km, gii php NAT ng cho php ch cn thu t ISP 10 IP Public nu
ti cng mt thi im ch c 10 IP trong LAN truy cp Internet. Tuy nhin gii
php NAT ng vn c hn ch v nu ti mt thi im cng ty cn 20 IP trong
LAN truy cp Internet th mi IP truy cp sau s phi i n khi no c IP ri
(cc IP trc khng chim dng IP Public na) th mi c th truy cp Internet
c. Chnh v th gii php NAT ng t khi c s dng.
6.4. Nat Overload PAT
67
Nat overload PAT l gii php c dng nhiu nht c bit l trong cc
Modem ADSL, y l gii php mang li c hai u im ca NAT l:
n a ch IP trong h thng mng ni b trc khi gi tin i ra Internet
gim gim thiu nguy c tn cng trn mng
Tit kim khng gian a ch IP
Bn cht PAT l kt hp IP Public v s hiu cng (port) trc khi i ra Internet.
Lc ny mi IP trong LAN khi i ra Internet s c nh x ra mt IP Public kt
hp vi s hiu cng
V d:
Trong v d trn PAT s dng s port ngun cng vi a ch IP ring bn trong

phn bit khi chuyn i. Router thc hin chuyn i a ch ip ngun t
10.0.0.4 sang 179.9.8.80. port ngun 1331. tng t ip ngun t 10.0.0.2 sang
179.9.8.80. port ngun l 1555
Gii php PAT thc s tit kim khng gian a ch IP v vi mi IP Public c
th i din cho 65.536 IP trong LAN theo l thuyt, tuy nhin thc t mi IP
Public i din cho khong 4000 IP trong LAN. y cng l mt con s a ch
IP khng l tha sc cung cp cho bt k mt cng ty no ln nht th gii.
68
Bi 7:Thc hnh Cu hnh NAT trn Router

Thc hnh cu hnh NAT tnh, ng, Overload
Cng ty du lch ABC cn khong 100 a ch IP ring dch sang mt dy a ch
IP tht c th nh tuyn ra ISP. ABC thc hin iu ny bng cch s
dng NAT, dch cc a ch ring thnh cc a ch cng cng c cp bi cc
nh cung cp dch v ISP.
S dng phn mm gi lp thit k mng Boson thit k s h thng
mng nh hnh v.
Thc hin
1. Cu hnh cc a ch IP trn cc router theo s trn, kim tra cc kt ni
trc tip bng lnh show cdp neighbor. Kim tra bng cch ping gia cc
workstation v router NAT, gia WebServer v router ISP1.
69
Bi 8:Cu hnh chuyn mch (Switching)

8.1. Cu hnh Switch v VLAN
Switch (ting Anh), hay cn gi l thit b chuyn mch, l mt thit b dng
kt ni cc on mng vi nhau theo m hnh mng hnh sao (star). Theo m
hnh ny, switch ng vai tr l thit b trung tm, tt c cc my tnh u c
ni v y. Trong m hnh tham chiu OSI, switch hot ng tng lin kt d
liu, ngoi ra c mt s loi switch cao cp hot ng tng mng.
Cu hnh cc thng s c bn cho Catalys Switch vi giao din dng lnh CLI.
Cc tc v cn thc hin bao gm t tn cho switch, cu hnh cc interface vlan,
cu hnh telnet vo switch.Dng my trm kt ni vi switch qua kt ni
console, giao din tng tc ngi dng s dng trnh HyperTerminal. y l
mt cng c uc MS Windows h tr.
Thc hin
Khi ng ngun ca switch.
Trn giao din Hyper Terminal hin ra cc thng s khi to trong qu trnh khi
ng Switch.
Would you like to enter the initial configuration dialog? [yes/no]: no
70
Ngi dng s c hi nu mun vo cc hp thoi cu hnh t ng, tr li

NO (v mc ch ca ngi dng l mun vo ch CLI (command line
interface).
Vo enable mode xem cu hnh mc nh ca switch
Switch>enable
Switch#show running-config
Thit lp cc thng s cho switch nh hostname, enable password,
console password v virtual terminal password.
Cc loi password s dng c phn bit ch thng v ch hoa. Do ngi
dng cn phn bit cc k t s dng ch vit hoa khc vi ch vit thng. V
d Cisco khc vi cisco.
Switch#config terminal
Switch(config)#hostname Vnpro
Vnpro(config)#enable password cisco
Vnpro(config)#enable secret class
Vnpro(config)#line console 0
Vnpro(config-line)#password console
Vnpro(config-line)#login
Vnpro(config-line)#^Z
Switch h tr cc Virtual Line dng cho cc phin telnet. Cn cu hnh password
cho cc line ny mi c th telnet vo Switch (trnh t cu hnh h tr telnet s
trnh by sau). xem thng tin v cc Virtual Line trn Switch: dng lnh
show line.
71
Vnpro#show line
Cu hnh password cho cc line vty
Vnpro#config terminal
Vnpro(config)#line vty 0 4
Vnpro(config-line)#password cisco
Vnpro(config-line)#login
Cu hnh trn thit b Cisco, mi dng lnh do ngi dng g vo. Sau khi nhn
phm enter cu hnh h thng s lp tc thay i. V vy, i vi cc h thng
mng tht, trc khi thay i mt thng s no ca thit b, cn phi sao lu
li cu hnh ban u c th khi phc li khi cn thit.
Cu hnh Vlan.
Kim tra cu hnh Vlan mc nh trn Switch
Vnpro#show vlan
Mc nh trn Switch ch c Vlan 1 vi tt c cc port u nm trong Vlan ny,
Vlan 1002 dnh ring cho FDDI, Vlan 1003 dnh ring cho TOKEN-RING
C hai cch to thm Vlan
Cch 1:Thao tc trn Vlan database
Vnpro#vlan database
Vnpro(vlan)#vtp domain Chuyenviet
Vnpro(vlan)#vtp server
Vnpro(vlan)#vlan 10 name Admin
Vnpro(vlan)#vlan 20 name User
Cch 2: Tong tc trc tip n Vlan cn to ra
Vnpro(config)#interface vlan 10
72
Vnpro(config-if)#exit
Vnpro(config)#
Vnpro(config-if)#exit
Vnpro(config)#
gn cc port vo cc Vlan, thc hin cc bc sau:
V d ta cn gn cc port fastethernet 2 vo Vlan 10, port fastetehnet 3 vo Vlan
20
Vnpro(config)#interface fastethernet0/2
Vnpro(config-if-range)#switchport access vlan 10
Vnpro(config-if-range)#exit
Vnpro(config)#interface fastethernet0/3
Vnpro(config-if-range)#switchport access vlan 20
Vnpro(config-if-range)#exit
Kim tra li cu hnh Vlan
Vnpro#show vlan
Cu hnh IP cho interface Vlan: cc interface Vlan c cu hnh IP ch mang
tnh cht lun l. IP ny phc v cho vic qun l, a ch IP lun l ny cn c
th dng telnet vo Switch t xa v chy cc ng dng SNMP.
Vnpro#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Vnpro(config-if)#ip address 10.0.0.1 255.255.255.0
Vnpro(config-if)#no shutdown
Lu cu hnh vo NVRAM
Vnpro#copy running-config startup-config
73
Cn ch gn default-gateway cho switch bng cu lnh

VnPro#ip default-gateway 10.0.0.100
a ch 10.0.0.100 c th dng l a ch ca PC c dng telnet vo switch.
74
Bi 9:Thc hnh Cu hnh chuyn mch v VLAN

Thc hin nh tuyn gia cc VLAN theo s sau y.
Cc bc thc hin trn Switch2900

1. Vo ch privileged mode, cu hnh mt khu telnet cho switch
2. Gn a ch IP v default gateway cho VLAN1 cho tin vic qun tr
3. Thit lp vtp transparent mode
4. To mi VLAN2 trong c s d liu VLAN ca switch. VLAN1 mc nh
c sn
5. Kch hot trunking trn cng giao tip Fa0/1
6. Encapsulation trunking bng s dng isl hay dot1q
7. Cho php tt c cc VLAN c chuyn qua kt ni trunk:
8. Gn cng Fa0/2 v VLAN 2.
75
Cu hnh trn Router 2600 Series

1. Vo privileged mode cu hnh mt khu telnet cho router
2. Chn cng fa0/0 cu hnh trunk,
3. Kch hot trunking trn sub-interface Fa0/0.1 v encapsulation bng isl
4. Cu hnh thng tin lp 3 cho sub-interface Fa0/0.1
5. Kch hot trunking trn sub-interface Fa0/0.2 v encapsulation bng isl
6. Cu hnh thng tin Layer 3 cho sub-interface Fa0/0.2
76
Bi 10: Tho lun

Mt s ch tho lun
Cc nguy c tim tng trn mng
o Viruses, Worms, Trojan Horses.
o Denial of Service (DoS) v Brute Force Attack
Cc k nng cn c ca mt k s trong vai tr HelpDesk
Quy trnh thit k v nng cp h thng mng c
Tm hiu cc giao thc m ho trong mng WLAN
77
Bi 11: Cu hnh cc Web Server, DNS Server

11.1. Dch v phn gii tn min DNS Server
11.1.1. Nguyn l phn gii tn min
Chc nng ca DNS
Mi Website c mt tn (l tn min hay ng dn URL:Universal Resource
Locator) v mt a ch IP. a ch IP gm 4 nhm s cch nhau bng du chm.
Khi m mt trnh duyt Web v nhp tn website, trnh duyt s n thng
website m khng cn phi thng qua vic nhp a ch IP ca trang web. Qu
trnh "dch" tn min thnh a ch IP cho trnh duyt hiu v truy cp c
vo website l cng vic ca mt DNS server. Cc DNS tr gip qua li vi
nhau dch a ch "IP" thnh "tn" v ngc li. Ngi s dng ch cn nh
"tn", khng cn phi nh a ch IP (a ch IP l nhng con s rt kh nh).
Nguyn tc lm vic ca DNS

Mi nh cung cp dch v vn hnh v duy tr DNS server ring ca mnh, gm
cc my bn trong phn ring ca mi nh cung cp dch v trong Internet.
78
Tc l, nu mt trnh duyt tm kim a ch ca mt website th DNS server

phn gii tn website ny phi l DNS server ca chnh t chc qun l website
ch khng phi l ca mt t chc (nh cung cp dch v) no khc.
INTERNIC (Internet Network Information Center) chu trch nhim theo di cc
tn min v cc DNS server tng ng. INTERNIC l mt t chc c thnh
lp bi NFS (National Science Foundation), AT&T v Network Solution, chu
trch nhim ng k cc tn min ca Internet. INTERNIC ch c nhim v qun
l tt c cc DNS server trn Internet ch khng c nhim v phn gii tn cho
tng a ch.
DNS c kh nng tra vn cc DNS server khc c c mt ci tn c
phn gii. DNS server ca mi tn min thng c hai vic khc bit. Th nht,
chu trch nhim phn gii tn t cc my bn trong min v cc a ch Internet,
c bn trong ln bn ngoi min n qun l. Th hai, chng tr li cc DNS
server bn ngoi ang c gng phn gii nhng ci tn bn trong min n qun
l. - DNS server c kh nng ghi nh li nhng tn va phn gii. dng cho
nhng yu cu phn gii ln sau. S lng nhng tn phn gii c lu li ty
thuc vo quy m ca tng DNS.
79
Cch s dng DNS

Do cc DNS c tc bin dch khc nhau, c th nhanh hoc c th chm, do
ngi s dng c th chn DNS server s dng cho ring mnh. C cc
cch chn la cho ngi s dng. S dng DNS mc nh ca nh cung cp dch
v (internet), trng hp ny ngi s dng khng cn in a ch DNS vo
network connections trong my ca mnh. S dng DNS server khc (min ph
hoc tr ph) th phi in a ch DNS server vo network connections. a ch
DNS server cng l 4 nhm s cch nhau bi cc du chm
11.1.2. Xy dng my ch phn gii tn min cho mng doanh nghip

My ch phn gii tn min DNS l g ?
Mi my tnh, thit b mng tham gia vo mng Internet u "ni chuyn " vi
nhau bng a ch IP (Internet Protocol). thun tin cho vic s dng v d
nh ta dng tn (Domain name) xc nh thit b . H thng tn min DNS
80
(Domain Name System) c s dng nh x tn min thnh a ch IP. V

vy, khi mun lin h ti cc my, chng ch cn s dng chui k t d nh
(domain name) nh: www.microsoft.com, www.ibm.com..., thay v s dng a
ch IP l mt dy s di kh nh.
My ch phn gii tn min (DNS server) l nhng my ch c ci t, v
cung cp dch v phn gii tn min DNS. My ch DNS c phn ra thnh 2
loi nh sau:
- Primary DNS Server (PDS)
Primary DNS Server (PDS) l ngun xc thc thng tin chnh thc cho cc tn
min m n c php qun l. Thng tin v mt tn min do PDS c phn
cp qun l th c lu tr ti y v sau c th c chuyn sang cc
Secondary DNS Server (SDS). Cc tn min do PDS qun l th c to, v sa
i ti PDS v sau c cp nht n cc SDS.
- Secondare DNS Server(SDS).
DNS c khuyn ngh nn s dng t nht l hai DNS server lu a ch cho
mi mt vng (zone). PDS qun l cc vng v SDS c s dng lu tr d
phng cho vng, v cho c PDS. SDS khng nht thit phi c nhng khuyn
khch hy s dng. SDS c php qun l tn min nhng d liu v tn min
khng phi c to ra t SDS m c ly v t PDS.
SDS c th cung cp cc hot ng ch khng ti trn mng. Khi lng
truy vn vng tng cao, PDS s chuyn bt ti sang SDS (qu trnh ny cn c
gi l cn bng ti), hoc khi PDS b s c th SDS hot ng thay th cho n
khi PDS hot ng tr li, SDS thng c s dng ti ni gn vi cc my
trm (client) c th phc v cho cc truy vn mt cch d dng. Tuy nhin,
ci t SDS trn cng mt subnet hoc dng mt kt ni vi PDS l khng nn.
81
iu s l mt gii php tt d phng cho PDS, v khi kt ni n PDS b

hng th cng khng nh hng g ti n SDS.
Ngoi ra PDS lun duy tr mt lng ln d liu v thng xuyn thay i hoc
thm cc a ch mi vo cc vng. Do , DNS server s dng mt c ch cho
php chuyn cc thng tin t PDS sang SDS v lu gi trn a. Khi cn phc
hi d liu v cc vng, chng ta c th s dng gii php ly ton b hoc ch
ly phn thay i.
Thay i DNS.
Thng thng khi kt ni Internet, tt c mi du hiu cho thy cuc kt ni
sun s. Th nhng, sau khi g a ch website vo trnh duyt ri m i mi
vn chng thy website hin ra.
Thanh Status (mu xanh lc) trn IE cng khng thy xut hin. Kim tra li mi
th th vn thy bnh thng... Mi mt lc lu sau mi thy trnh duyt thng
bo Connecting to 64.128.xxx.xxx ri sau vo website bnh thng. Nhng
mi ln click vo link no trn trang th vn lp li tnh trng c.
DNS, Domain Name Server, hay cn gi l my ch tn min - l mt trong
nhng khu v cng quan trng trong tin trnh duyt web ca bn.
Mi my tnh trn Internet c nh du bng mt a ch IP, l mt m s ,
nht l trong tng lai a ch IP s di gp bn ln a ch hin nay.
DNS chnh l gii php. Thay v bt con ngi nh s, mi s IP s c i
thnh ch v DNS c nhim v i ch thnh s tng ng khi c yu cu.
a ch ca DNS thng c cung cp t ng trc tip mi khi bn thit lp
kt ni vi ISP (nh cung cp dch v Internet). Vit Nam, mi ISP thng c
hai hoc nhiu DNS phc v s lng khch hng ca mnh.
82
Th nhng thng cng khng dng. V vy khng ai cm vic xi dch v

ca ISP ny nhng thit lp DNS ca ISP khc, hoc mt DNS no tt hn
trong cc gi cao im.
Thao tc thay DNS cng rt d dng. Bn m ca s Network/properties vo
Internet Protocol(TCP/IP) Properties. Nu bn dng mc nh DNS do ISP cung
cp th chn "Obtain DNS server address automatically"
Nu mun dng DNS theo mnh th chn dng " User the following DNS
server addresses", sau in a ch IP ca DNS vo 2 dng bn di. Preferrer
DNS server l a ch c trnh duyt tm n u tin. Alternate DNS server
dnh cho server d phng, trong trng hp server u tin qu bn. <Network
> chnh l tn ca kt ni Internet ca bn.
Cu hnh cho dch v DNS.
to mt Zone mi kch chut vo Action chn NewZone nh hnh trn.
83
Sau chn Next.
Chn Standard Primary nu bn mun thit lp mt zone mi, cn nu bn c

mt zone no ri th bn c th chn Secondary to mt bn sao lu.
Kch chut chn Next tip tc.
84
Nhp vo ni dung ca Zone bn mun thit lp ri chn Next.
Chn Next.
85
Sau chn Finish.
Chut phi vo phn m bn va to v chn NewHost to ra mt Host mi.
86
Chn tu mt ci tn v chn a ch IP ca Host.

Nhn Add Host -> Ok -> Done.
Tip tc thit lp Alias, y l mt nh danh ca Site m bn cn thit lp.
87
Chn mt tn thay th cho nh danh mng. K tip chn Browse

Tm ng Zone m bn to Host v chn Host - nhn OK.
Lc ny bn c thng tin y v mt tn min m mnh s to ra.

88
Nhn OK tip tc.

c th th nghim vic phn gii mt tn min vi DNS ta hy s dng mt
dch v ISS kim tra.
11.2. Dch v Web Server

11.2.1. Giao thc HTTP v HTTPS
Giao thc HTTP
HTTP (HyperText Transfer Protocol), ting Vit gi l Giao Thc Truyn Siu
Vn Bn. HTTP l mt giao thc chun trc thuc lp ng dng trong m hnh 7
lp OSI v c dng lin h thng tin gia my cung cp dch v (Web
Server) v my dng dch v (Client). HTTP tng thch vi nhiu nh dng
thng tin, media v h s.
Giao thc HTTPS
HTTPS( Secure HTTP), l mt s kt hp gia giao thc HTTP v giao thc bo
mt SSL hay TLS cho php trao i thng tin mt cch bo mt trn Internet.
Giao thc HTTPS thng c dng trong cc giao dch cn s bo mt nh ecommerce, e-banking ... trn Internet.
11.2.2. Trin khai Website doanh nghip trn Server
trin khai mt website doanh nghip trn Server ta phi ci dch v Web
Server ln my ch . Tu thuc vo H iu hnh v ngn ng lp trnh Web
m bn s quyt nh ci ln Server dch v Web Server IIS cho Window hay
Apache cho Linux. Sau y l cc bc trin khai dch v Webserver IIS trn
my ch Window.
89
Cc bc ci t ISS kh d dng cc bn c th ci cc mc nh vi ci DNS,

ch khc l trong hp thoi chn cc bn chn:
Nh trn hnh hoc c th tu chn trong mc Details.
90
Xut hin bng sau, chng ta chn Next.
91
t tn m t cho Website ny v chn Next.
Chn cc thit lp:
92
Nhp a ch IP ca my ch vo mc IP nu nh bn mun ch nh cc my
khc a ch web c ch ti l a ch no.
Chn cng truy cp trn my ch, thng thng chng ta cng 80 nhng tu
vo ngi qun tr mng m chng ta c th chn cng bt k trnh s dm
ng t bn ngoi.
Chn Next.
Trong mc ny bn hy chn ng dn lu trang web ca bn v chn Next.
93
Thit lp cc ch ghi c ca ngi dng trn Site ny v chn Next.
Click vo Finish kt thc chn.
94
Click chut phi vo trang web m bn va to v cu hnh cc thuc tnh cho

chng.
95
Trn trang tu chn ny bn c th cu hnh li cc thng s m trc bn

to ra.
thit lp trang ch nh khi trnh duyt web ca my Client yu cu s c

m ra. u tin bn chn Add thm mi tn trang v chn ,v d tn trang ch
ca ti l index.com th ti g vo l index.com v Add vo
96
Nhn Apply ri OK.

Khi trn trnh duyt ca my khch bn ch cn g thuongdao.com m khng
cn phi g a ch IP ca trang web vo.
Nu bn khng cng mc nh l 80 th ngay sau a ch bn g: v tn cng
vo.
V d nu ti cng l 8080 th ti g trong trnh duyt l
http://thuongdao.com:8080
2. Cu hnh dch v IIS
cu hnh dch v web cho IIS bn vo My Computer > Control Panel >
Administrative Tool > Internet Services Manager. Sau lm nh hnh minh
ho.
97
Sau khi nhp vo properties s hin ln bng website.
98
Description: M t tn ca Website.
Ip Address: Phn ny cho php chng ta gn a ch IP cho Website.
TCP Port: Cng cho php kt ni vo Website mc nh l cng 80
Unlimited: Cho php kt ni khng gii hn thi gian.
Limited To: Gii hn thi gian kt ni vi Website.
Th tip theo l Home Directory.
99
Directory Browsing: Chc nng cho php hin th Browser khi khng c trang
ch mc nh.
A redirection a URl: L tnh nng cho php ta chuyn tip n mt trang no
(dng bng URL)
Th tip theo l Document.
100
Phn ny cho php ta thm ch mc Index cho website ca mnh. Tc l nu bn

mun website ca mnh mc nh l chy files index.php. Th bn vo phn add
sau nh vo index.php. Ri dng du mi tn bn tri a index.php ln trn
u tin nh hnh minh ho. Nh rng ch mc document ny n s t tm t trn
xung di(sau index.php khng c n s t tm Default.htm)
Th tip theo l Directory Security.
101
Trong phn ny bn nh mc nh l cho php ch truy cp nc danh tc

l ai cng c th vo website ca mnh. Ta tick vo nh hnh minh ho trn. Cn
nu mun khi truy cp vo site ca mnh phi c Username v password (tc l
Uer trong computer) th b tick phn Anonymous access thay bng Basic
authentication .Khi bt c ai truy cp vo site ca bn cng cn phi c
username v password trn server ca bn.
102
Bi 12: Thc hnh cu hnh cc dch v mng c bn

Cu hnh Active Directory (AD)
Cu hnh IIS
Cu hnh DNS
Cu hnh DHCP
103
Bi 13. Xy dng mt Mail Server

13.1. Giao thc SMTP, POP3, IMAP
SMTP (ting Anh: Simple Mail Transfer Protocol - giao thc truyn ti th tn
n gin) l mt chun truyn ti th in t qua mng Internet. SMTP c
nh ngha trong bn RFC 821 (STD 10) v c chnh l bng bn RFC 1123
(STD 3). Giao thc hin dng c l ESMTP (extended SMTP - SMTP m
rng), c nh ngha trong bn RFC 2821.
Lch s
SMTP l mt giao thc dng nn vn bn v tng i n gin. Trc khi mt
thng ip c gi, ngi ta c th nh v mt hoc nhiu a ch nhn cho
thng ip - nhng a ch ny thng c kim tra v s tn ti trung thc ca
chng) . Vic kim th mt trnh ch SMTP l mt vic tng i d dng, dng
chng trnh ng dng "telnet" (xem di y).
SMTP dng cng 25 ca giao thc TCP. xc nh trnh ch SMTP ca mt
tn min no y (domain name), ngi ta dng mt mu tin MX (Mail
eXchange - Trao i th) ca DNS (Domain Name System - H thng tn min).
SMTP bt u c s dng rng ri vo nhng nm u thp nin k 1980. Ti
thi im , SMTP ch l mt phn mm b sung ca b trnh ng dng ng
giao thc UUCP (Unix to Unix CoPy - Sao chp t my Unix sang my Unix)
nhng tin li hn trong vic truyn ti th in t gia cc my vi tnh - nhng
my ny thnh thong mi li c kt ni vi nhau mt ln, truyn thng d
104
liu. Thc ra, SMTP s lm vic tt hn nu cc my gi v my nhn c kt

ni lin tc.
Sendmail l mt trong nhng phn mm c v truyn ti th tn (mail transfer
agent) u tin (nu khng phi l ci trc tin nht) thc thi giao thc SMTP.
Tnh n nm 2001, ngi ta thy c t nht l 50 chng trnh ng dng thc
thi giao thc SMTP, bao gm c trnh khch (phn mm dng gi thng ip)
v trnh ch (phn mm dng nhn thng ip). Mt s trnh ch SMTP ni
ting c th lit k bao gm: exim, Postfix, qmail, v Microsoft Exchange
Server.
Do thit k ca giao thc dng dng thc vn bn thng ca b m ASCII, khi
bn thit k c khi cng, chc nng ca SMTP gii quyt tp tin c dng
thc nhi phn rt km. Nhng tiu chun nh MIME c xy dng m
ha nhng tp tin nh phn, cho php chng c truyn ti dng giao thc
SMTP. Hin nay, phn ln cc trnh ch SMTP h tr phn m rng
8BITMIME ca SMTP, cho php cc tp tin dng thc nh phn c truyn
thng qua ng dy, d nh vic truyn ti vn bn thng vy.
SMTP l mt giao thc "y" thng ip v khng cho php ai "rt" thng ip
t my ch xa, theo yu cu ca mnh, mt cch ty tin. ly c thng
ip, mt trnh khch th in t phi dng POP3 (Post Office Protocol - Giao
thc bu in t) hoc IMAP (Internet Message Access Protocol - Giao thc
truy cp thng ip Internet). Chng ta cn c th dng phn mm ETRN
(Extended Turn) khi ng mt trnh ch SMTP phn pht thng ip m n
ang lu tr.
105
V d v truyn thng ca SMTP

Sau khi kt ni gia ngi gi (trnh khch) v ngi nhn (trnh ch) c
thit lp, nhng vic lm sau y l nhng vic hon ton hp l, i vi mt
phin giao dch dng giao thc SMTP. Trong cuc hi thoi di y, nhng g
trnh khch gi c nh du bng ch C: ng trc, cn nhng g trnh ch
gi c nh du bng S:. Cc h thng my tnh u c th thit lp mt kt
ni, bng cch dng nhng dng lnh ca phn mm telnet, trn mt my khch.
Chng hn:
telnet www.example.com 25
khi ng mt kt ni SMTP t my gi thng ip n my ch site
www.example.com.
106
Bo v trong SMTP v th rc
Mt trong nhng gii hn ca bn thit k SMTP gc l vic n khng cung cp
mt phng tin no chng thc (authentication) ngi gi khi chng ta cn.
Chnh v th m phn m rng SMTP-AUTH c thit k v b sung.
Mc du c phn chng thc ngi gi b sung, nhng lm th in t vn
cn l mt vn ln, kh gii quyt. Vic sa i giao thc SMTP mt cch
trit , hoc thay th giao thc ton bng mt ci khc, l mt vic khng d g
thc hin c, v s thay i s gy nh hng n mng li truyn thng ca
nhng my ch SMTP khng l, v ang c dng. Internet Mail 2000 l
mt trong nhng bn d tho cp n vn ny.
V l do trn, mt s ngh v vic dng cc giao thc bn l h tr hot
ng ca SMTP c cng b. Nhm nghin cu chng th nhng lm (AntiSpam Research Group) ca Lc lng chuyn trch nghin cu lin mng
(Internet Research Task Force - vit tt l IRTF) hin ang lm vic trn mt s
d tho v chng thc th in t (E-mail authentication) v mt s nhng d
tho khc lin quan n vic cung cp mt c ch chng thc ngun gi vi tnh
nng: tuy n gin song linh hot, tuy mc hng nh song c kh nng
khuch trng. Nhng hot ng gn y ca Lc lng chuyn trch nghin
cu lin mng (Internet Engineering Task Force - vit tt l IETF), bao gm
MARID (2004) (cng vi s tin ti hai cuc th nghim c IETF chp thun
trong nm 2005 sau ), v DKIM (DomainKeys - tm dch l "Cha kha ti
vng") trong nm 2006.
107
POP3
Post Office Protocol phin bn 3 (POP3) l mt giao thc tng ng dng, dng
ly th in t t server mail, thng qua kt ni TCP/IP. POP3 v IMAP4
(Internet Message Access Protocol) l 2 chun giao thc Internet thng dng
nht dng ly nhn email. Hu nh cc my tnh hin nay u h tr c 2 giao
thc
Trc POP3, c 2 phin bn l POP1 v POP2. Khi POP3 ra i, ngay lp
tc thay th hon ton cc phin bn c. V vy, ngy nay, nhc n POP th
thng l m ch POP3.
Thit k ca POP3 h tr chc nng cho ngi dng c kt ni internet khng
thng trc (nh kt ni dial-up), cho php ngi dng kt ni vi server, ti
mail v, sau c th xem, thao tc vi mail offline. Mc d trong giao thc h
tr leave mail on server ( nguyn mail trn server), nhng hu ht ngi dng
u thc hin mc nh, tc l: kt ni, ti mail v, xa mail trn server ri ngt
kt ni.
IMAP
Internet Message Access Protocol (IMAP) cung cp lnh phn mm th in
t trn my khch v my ch dng trong trao i thng tin. l phng php
ngi dng cui truy cp thng ip th in t hay bng tin in t t my
ch v th trong mi trng cng tc. N cho php chng trnh th in t
dng cho my khch - nh Netscape Mail, Eudora ca Qualcomm, Lotus Notes
hay Microsoft Outlook - ly thng ip t xa trn my ch mt cch d dng nh
trn a cng cc b.
108
Chun v th in t c ng h
IMAP l c ch cho php ly thng tin v th in t ca bn, hay chnh cc
thng ip t mail server ca mi trng cng tc.
Giao thc th in t ny cho php ngi dng kt ni bng ng in thoi
vo my ch Internet t xa, xem xt phn tiu v ngi gi ca th in t
trc khi ti nhng th ny v my ch ca mnh.
Vi IMAP ngi dng c th truy cp cc thng ip nh chng c lu tr
cc b trong khi thc t li l thao tc trn my ch cch xa hng ki l mt.
Vi kh nng truy cp t xa ny, IMAP d c ngi dng cng tc chp nhn
v h coi trng kh nng lm vic lu ng.
Kh nng truy cp l cha kha
Ngi dng thng xuyn i li mun lu thng ip ca h trn my ch
n bt k u cui no cng c th c v lm vic c. IMAP cho php thc
hin iu .
IMAP khc vi giao thc truy cp th in t Post Office Protocol (POP). POP
lu tr ton b thng ip trn my ch. Ngi dng kt ni bng ng in
thoi vo my ch v POP s a cc thng ip vo in-box ca ngi dng, sau
xa th trn my ch. Hai giao thc ny c dng t hn 10 nm nay.
Theo mt nh phn tch th khc bit chnh gia POP (phin bn hin hnh 3.0)
v IMAP (phin bn hin hnh 4.0) l POP3 cho ngi dng t quyn iu khin
hn trn thng ip.
109
IMAP mang li cho ngi dng mt phng thc lu tr th in t thng minh

v nh c th xem nhng thng ip ny trc khi ti chng xung, bao gm
c vic c ti xung nhng file nh km th hay khng. Ngi dng cng c th
p dng cc b lc v c ch tm kim trn my ch v c th ly th t bt k
my no, bt c u.
Tuy nhin, cc nh sn xut thng dch cc c t m h ca IMAP 4 theo
nhiu cch khc nhau v iu dn n s khng nht qun trong chng trnh
th dnh cho my khch v my ch, chng hn ngi dng c th s khng c
c file nh km trong Netscape Mail bng chng trnh Eudora Pro. Tuy
nhin, theo d on nhng vn ny s nhanh chng c gii quyt trong thi
gian ti.
13.2. Trin khai Mail Server cho doanh nghip

C nhiu Mail Server trin khai mt h thng Mail cho doanh nghip. Trong
phn ny ti xin gii thiu Mdaemon l mt mail Server d trin khai v c y
cc tnh nng thng dng phc v cho mt doanh nghip.
110
Ci t v cu hnh Mdaemon
Setup > Primary Domain

Primary domain, FQDN domain, machine name: tn domain ca bn
Primary Domain IP: IP my bn
111
Qua tab DNS : chnh v IP m ISP bn ang dng ( y ti dng Viettel)
112
to mailbox vi password n gin, vo Menu Setup > Miscellaneous

Options > Tab Misc > b chn "Require strong passwords"
113
To Account
114
Bi 14. Thc hnh Xy dng mt Mail Server

Chun b
Mt Server ci dch v DNS, IIS
Mail Server Mdeamon hoc Exchange
Yu cu:
Cu hnh mail Server v to account cho cc thnh vin trong lp s dng
gi v nhn mail
115
Bi 15: Thc hnh Proxy v Firewall

15.1. Nguyn l hot ng ca Proxy
Khi nim Proxy
Proxy l mt Internet server lm nhim v chuyn tip thng tin v kim sot to
s an ton cho vic truy cp Internet ca cc my khch, cn gi l khch hng
s dng dch v internet. Trm ci t proxy gi l proxy server. Proxy hay trm
ci t proxy c a ch IP v mt cng truy cp c nh. V d:
123.234.111.222:80 a ch IP ca proxy trong v d l 123.234.111.222 v cng
truy cp l 80.
Chc nng ca proxy
i vi mt s hng, cng ty ngi ta s dng proxy vo vic:
-Proxy chia s ng truyn: gip nhiu my truy cp Internet thng qua 1 my,
m my ny gi l Proxy server. Ch duy nht my Proxy ny cn modem v
account truy cp internet, cc my client (cc my trc thuc) mun truy cp
internet qua my ny ch cn ni mng LAN ti my Proxy v truy cp a ch
yu cu.Nhng yu cu ca ngi s dung s qua trung gian proxy server thay
th cho server tht s m ngi s dng cn giao tip, ti im trung gian ny
cng ty kim sot c mi giao tip t trong cng ty ra ngoi intrnet v t
internet vo my ca cng ty. S dng Proxy, cng ty c th cm nhn vin truy
cp nhng a ch web khng cho php, ci thin tc truy cp nh s lu tr
cc b cc trang web trong b nh ca proxy server v giu nh danh a ch
ca mng ni b gy kh khn cho vic thm nhp t bn ngoi vo cc my ca
cng ty.
116
Hnh 15.1
i vi cc nh cung cp dch v ng truyn internet:
-Do trn mng internet c lng thng tin rt phong ph, theo quan im ca
tng quc gia, ca tng chng tc hay a phng, cc nh cung cp dch v
internet khu vc s phi hp proxy vi k thut tng la to ra mt b
lc gi l firewall proxy nhm ngn chn cc thng tin c hi hoc tri thun
phong m tc i vi quc gia, i vi chng tc hay a phng . a ch cc
websit m khch hng yu cu truy cp s c lc ti b lc ny, nu a ch
khng b cm th yu cu ca khch hng tip tc c gi i, ti cc DNS
server ca cc nh cung cp dch v. Firewall proxy s lc tt c cc thng tin t
internet gi vo my ca khch hng v ngc li.
ngha ca proxy
Proxy khng ch c gi tr bi n lm c nhim v ca mt b lc thng tin,
n cn to ra c s an ton cho cc khch hng ca n, firewal Proxy ngn
chn hiu qut s xm nhp ca cc i tng khng mong mun vo my ca
117
khch hng. Proxy lu tr dc cc thng tin m khch hng cn trong b nh,

do lm gim thi gian truy tm lm cho vic s dng bng thng hiu qu.
Proxy server ging nh mt v s bo v khi nhng rc ri trn Internet. Mt Ps
thng nm bn trong tng la, gia trnh duyt web v server tht, lm chc
nng tm gi nhng yu cu Internet ca cc my khch chng khng giao
tip trc tip Internet. Ngi dng s khng truy cp c nhng trang web
khng cho php (b cng ty cm).
Mi yu cu ca my khch phi qua Ps, nu a ch IP c trn proxy, ngha l
Website ny c lu tr cc b, th trang ny s c truy cp m khng cn
phi kt ni Internet, nu khng c trn Ps v trang ny khng b cm yu cu s
c chuyn n server tht, DNS server... v ra Internet. Ps lu tr cc b cc
trang Web thng truy cp nht trong b m gim chi ph, tc hin th trang
Web nhanh.
Proxy server bo v mng ni b khi b xc nh bi bn ngoi bng cch mang
li cho mng hai nh danh: mt cho ni b, mt cho bn ngoi. iu ny to ra
mt b danh i vi th gii bn ngoi gy kh khn i vi nu ngi dng
t tung t tc hay cc tay b kha mun xm nhp trc tip my no .
Cch s dng proxy hiu qu

Do cc proxy c quy m b nh khc nhau v s lng ngi ang s dng
proxy nhiu-t khc nhau, Proxy server hot ng qu ti th tc truy cp
internet ca khch hng c th b chm. Mt khc mt s websit khch hng c
y iu kin nhn thn c, nghin cu nhng b tng la chn khng
truy cp c th bin php i proxy truy cp l iu cn thit nhm m bo
cng vic. Do ngi s dng c th chn proxy server s dng cho ring
118
mnh. C cc cch chn la cho ngi s dng. S dng proxy mc nh ca nh

cung cp dch v (internet), trng hp ny ngi s dng khng cn in a
ch IP ca proxy vo ca s internet option ca trnh duyt trong my ca mnh.
S dng proxy server khc (phi tr ph hoc min ph) th phi in a ch IP
ca proxy server vo ca s internet option ca trnh duyt.
Mt s Proxy min ph tham kho
119
15.2. Nguyn l hot ng ca Firewall

Khi nim tng la (Firewall)
Trong ngnh mng my tnh, bc tng la (ting Anh: firewall) l ro chn m
mt s c nhn, t chc, doanh nghip, c quan nh nc lp ra nhm ngn chn
ngi dng mng Internet truy cp cc thng tin khng mong mun hoc/v
ngn chn ngi dng t bn ngoi truy nhp cc thng tin bo mt nm trong
mng ni b.
Tng la l mt thit b phn cng v/hoc mt phn mm hot ng trong mt
mi trng my tnh ni mng ngn chn mt s lin lc b cm bi chnh
sch an ninh ca c nhn hay t chc, vic ny tng t vi hot ng ca cc
bc tng ngn la trong cc ta nh. Tng la cn c gi l Thit b bo v
bin gii (Border Protection Device - BPD), c bit trong cc ng cnh ca
NATO, hay b lc gi tin (packet filter) trong h iu hnh BSD - mt phin bn
Unix ca i hc California, Berkeley.
Nhim v c bn ca tng la l kim sot giao thng d liu gia hai vng tin
cy khc nhau. Cc vng tin cy (zone of trust) in hnh bao gm: mng
Internet (vng khng ng tin cy) v mng ni b (mt vng c tin cy cao).
Mc ch cui cng l cung cp kt ni c kim sot gia cc vng vi tin
cy khc nhau thng qua vic p dng mt chnh sch an ninh v m hnh kt
ni da trn nguyn tc quyn ti thiu (principle of least privilege).
Cu hnh ng n cho cc tng la i hi k nng ca ngi qun tr h
thng. Vic ny i hi hiu bit ng k v cc giao thc mng v v an ninh
120
my tnh. Nhng li nh c th bin tng la thnh mt cng c an ninh v

dng.
Lch s pht trin Firewall
Cng ngh tng la bt u xut hin vo cui nhng nm 1980 khi Internet
vn cn l mt cng ngh kh mi m theo kha cnh kt ni v s dng trn
ton cu. tng u tin c hnh thnh sau khi hng lot cc v xm
phm nghim trng i vi an ninh lin mng xy ra vo cui nhng nm 1980.
Nm 1988, mt nhn vin ti trung tm nghin cu NASA Ames ti California
gi mt bn ghi nh qua th in t ti ng nghip rng: "Chng ta ang b
mt con VIRUS Internet tn cng! N nh Berkeley, UC San Diego,
Lawrence Livermore, Stanford, v NASA Ames." Con virus c bit n vi
tn Su Morris ny c pht tn qua th in t v khi l mt s kh
chu chung ngay c i vi nhng ngi dng v thng v pht nht. Su
Morris l cuc tn cng din rng u tin i vi an ninh Internet. Cng ng
mng khng h chun b cho mt cuc tn cng nh vy v hon ton b
bt ng. Sau , cng ng Internet quyt nh rng u tin ti cao l phi
ngn chn khng cho mt cuc tn cng bt k no na c th xy ra, h bt u
cng tc a ra cc tng mi, nhng h thng v phn mm mi lm cho
mng Internet c th tr li an ton.
121
Nm 1988, bi bo u tin v cng ngh tng la c cng b, khi Jeff

Mogul thuc Digital Equipment Corp. pht trin cc h thng lc u tin c
bit n vi tn cc tng la lc gi tin. H thng kh c bn ny l th h
u tin ca ci m sau ny s tr thnh mt tnh nng k thut an ton mng
c pht trin cao. T nm 1980 n nm 1990, hai nh nghin cu ti phng
th nghim AT&T Bell, Dave Presetto v Howard Trickey, pht trin th h
tng la th hai, c bin n vi tn cc tng la tng mch (circuit level
firewall). Cc bi bo ca Gene Spafford i hc Purdue, Bill Cheswick
phng th nghim AT&T v Marcus Ranum m t th h tng la th ba,
vi tn gi tng la tng ng dng (application layer firewall), hay tng la
da proxy (proxy-based firewall). Nghin cu cng ngh ca Marcus Ranum
khi u cho vic to ra sn phn thng mi u tin. Sn phm ny c
122
Digital Equipment Corporation's (DEC) pht hnh vi tn SEAL. t bn hng

ln u tin ca DEC l vo ngy 13 thng 9 nm 1991 cho mt cng ty ha cht
ti b bin pha ng ca M.
Ti AT&T, Bill Cheswick v Steve Bellovin tip tc nghin cu ca h v lc
gi tin v pht trin mt m hnh chy c cho cng ty ca chnh h, da
trn kin trc ca th h tng la th nht ca mnh. Nm 1992, Bob Braden v
Annette DeSchon ti i hc Nam California pht trin h thng tng la
lc gi tin th h th t. Sn phm c tn Visas ny l h thng u tin c
mt giao din vi mu sc v cc biu tng, c th d dng ci t thnh phn
mm cho cc h iu hnh chng hn Microsoft Windows v Mac/OS ca Apple
v truy nhp t cc h iu hnh . Nm 1994, mt cng ty Israel c tn Check
Point Software Technologies xy dng sn phm ny thnh mt phn mm
sn sng cho s dng, l FireWall-1. Mt th h th hai ca cc tng la
proxy c da trn cng ngh Kernel Proxy. Thit k ny lin tc c ci
tin nhng cc tnh nng v m chng trnh c bn hin ang c s dng
rng ri trong c cc h thng my tnh gia nh v thng mi. Cisco, mt trong
nhng cng ty an ninh mng ln nht trn th gii pht hnh sn phm ny
nm 1997.
Th h FireWall-1 mi to thm hiu lc cho ng c kim tra su gi tin bng
cch chia s chc nng ny vi mt h thng ngn chn xm nhp.
Cc loi tng la
C ba loi tng la c bn ty theo:
Truyn thng c thc hin gia mt nt n v mng, hay gia mt s
mng.
Truyn thng c chn ti tng mng, hay ti tng ng dng.
123
Tng la c theo di trng thi ca truyn thng hay khng.

Phn loi theo phm vi ca cc truyn trng c lc, c cc loi sau:
Tng la c nhn, mt ng dng phn mm vi chc nng thng thng
l lc d liu ra vo mt my tnh n.
Tng la mng, thng chy trn mt thit b mng hay my tnh chuyn
dng t ti ranh gii ca hai hay nhiu mng hoc cc khu phi qun s
(mng con trung gian nm gia mng ni b v mng bn ngoi). Mt
tng la thuc loi ny lc tt c giao thng d liu vo hoc ra cc
mng c kt ni qua n.
Loi tng la mng tng ng vi ngha truyn thng ca thut ng "tng
la" trong ngnh mng my tnh.
Khi phn loi theo cc tng giao thc ni giao thng d liu c th b chn, c ba
loi tng la chnh:
Tng la tng mng. V d iptables.
Tng la tng ng dng. V d TCP Wrappers.
Tng la ng dng. V d: hn ch cc dch v ftp bng vic nh cu
hnh ti tp /etc/ftpaccess.
Cc loi tng la tng mng v tng la tng ng dng thng trm ln nhau,
mc d tng la c nhn khng phc v mng, nhng mt s h thng n
ci t chung c hai.
Cui cng, nu phn loi theo tiu ch rng tng la theo di trng thi ca cc
kt ni mng hay ch quan tm n tng gi tin mt cch ring r, c hai loi
tng la:
Tng la c trng thi (Stateful firewall)
Tng la phi trng thi (Stateless firewall)
124
L do s dng tng la
Mng internet ngy cng pht trin v ph bin rng khp mi ni, li ch ca n
rt ln. Tuy nhin cng c rt nhiu ngoi tc khng mong mun i vi cc c
nhn l cha m hay t chc, doanh nghip, c quan nh nc... nh cc trang
web khng ph hp la tui, nhim v, li ch, o c, php lut hoc trao i
thng tin bt li cho c nhn, doanh nghip... Do vy h (cc c nhn, t chc,
c quan v nh nc) s dng tng la ngn chn.
Mt l do khc l mt s quc gia theo ch c ti, c ng p dng tng
la ngn chn quyn trao i, tip cn thng tin ca cng dn nc mnh
khng cho h truy cp vo cc trang web hoc trao i vi bn ngoi, iu m
nh cm quyn cho rng khng c li cho ch .
Cch thc ngn chn
ngn chn cc trang web khng mong mun, cc trao i thng tin khng
mong mun ngi ta dng cch lc cc a ch web khng mong mun m h
tp hp c hoc lc ni dung thng tin trong cc trang thng qua cc t kha
ngn chn nhng ngi dng khng mong mun truy cp vo mng v cho
php ngi dng hp l thc hin vic truy xut.
Bc tng la c th l mt thit b nh hng (Router, mt thit b kt ni gia
hai hay nhiu mng v chuyn cc thng tin gia cc mng ny) hay trn mt
my ch (Server), bao gm phn cng v/hoc phn mm nm gia hai mng
(chng hn mng Internet v mng lin kt cc gia nh, im kinh doanh
internet, t chc, cng ty, h thng Ngn hng, c quan nh nc.
C quan nh nc c th lp bc tng la ngay t cng Internet quc gia hoc
yu cu cc nh cung cp dch v ng truyn (IXP) v cung cp dch v
Internet (ISP) thit lp h thng tng la hu hiu hoc yu cu cc i l kinh
125
doanh internet thc hin cc bin php khc nh Thng t lin tch s
02/2005/TTLT v qun l i l Internet c hiu lc vo u thng 8-2005
Vit Nam.
Vt tng la
Cc trang web b chn nht l cc trang web sex thng rt linh ng thay i
a ch trnh s nhn din hoc nhanh chng thng bo a ch mi mt cch
hn ch vi cc i tng dng nh.
Ngi dng cc nc c h thng tng la c th tip cn vi ni dung b
chn qua cc ng khc bng cch thay i a ch Proxy, DNS hoc qua vng
nh m cached ca trang tm kim thng dng nh Google, Yahoo..., hoc s
dng phn mm min ph Tor. Ni chung ngi dng mng hiu bit nhiu v
my tnh th bit nhiu k xo vt tng la.
Hiu qu khi s dng tng la
Bc tng la ch c hiu qu tt mt thi gian sau cc trang web b chn
cng nh ngi s dng dng mu mo, k xo, k thut n v vut tng, v
vy phi lun lun cp nht k thut, nhn in cc a ch mi thay i
phng thc hot ng, iu ny lm tc truy cp chung b gim v i hi
phi nng cp trang thit b, k thut.
Nhc im khi s dng tng la
S dng tng la cn phi x l mt lng ln thng tin nn vic x l lc
thng tin c th lm chm qu trnh kt ni ca ngi kt ni.
Vic s dng tng la ch hu hiu i vi nhng ngi khng thnh tho k
thut vt tng la, nhng ngi s dng khc c hiu bit c th d dng vt
qua tng la bng cch s dng cc proxy khng b ngn chn.
126
15.3. Trin khai xy dng h thng tng la cho doanh nghip
M t s h thng:
Gm 01 PC ng vai tr Domain Controller (DC)
Mng LAN thuc di IP 192.168.1.0/24
DMZ thuc di IP 172.16.1.0/24
External c di IP 10.0.0.0/30
Firewall c 03 Fast Ethernet tng ng 03 phn vng LAN (Internal),
DMZ v External
Yu cu:
Cc PC join vo Domain (DC)
File Server v Web Server thuc vng DMZ cho php cc PC thuc LAN
truy cp vo
Cc PC thuc LAN c th truy cp Internet theo s cho php ca Firewall
127
Bi 16: C bn v bo mt
16.1. Mt s nguy c tn cng trn mng

Nhng nguy c bo mt e da mt mt d liu nhy cm lun l mi lo ngi
ca nhng doanh nghip va v nh. Sau y l 10 nguy c bo mt c nh
gi l nguy him nht m doanh nghip phi i mt.
Nhng nhn vin bt mn vi cng ty

Trong mt s doanh nghip va v nh, nhng d liu kinh doanh quan trng
hay thng tin khch hng thng c giao ph cho mt c nhn. iu ny to
nn tnh trng "l thuc quyn hn" nguy him. Khi c nhn bt m v mt l
do no vi cng ty v ban iu hnh cng ty. Lc ny vn ch cn l thi
gian v quyn hn kim sot thng tin ca anh ta m thi.
Khng c k hoch x l ri ro
H thng my tnh, mng ca doanh nghip lun phi i mt vi nhiu nguy c
bo mt, t vic h hng vt l cho n cc trng hp b tn cng t tin tc hay
virus u c kh nng gy tn hi cho d liu. Kh nhiu doanh nghip va v
nh thiu hn chnh sch phn ng vi vic tht thot d liu hay k hoch khc
phc s c. i a s u lng tng v bt u cc hot ng mang tnh ng
ph.
Nhng thit lp mc nh khng c thay i
128
Tin tc hin nay thng dng cc tp tin cha ng hng trm ngn ti khon
mc nh (username v password) ca cc thit b kt ni mng d tm quyn
hn truy xut kh nng ng nhp vo h thng mng. Nu cc ti khon, thit
lp mc nh khng c thay i, tin tc s d dng chim quyn iu khin ti
nguyn mng.
Mi trng mng ti gia khng an ton
i vi mt vi doanh nghip nh, cc nhn vin thng em my tnh xch tay
(laptop) ca mnh n vn phng lm vic. Trong mi trng mng ti gia
nh, ch bo mt thng rt km hay thm ch khng c nhng thit lp bo
v. Do , nhng chic laptop ca nhn vin c th l ngun gc pht tn virus,
malware hay tr thnh zombie trung gian tin tc tn cng vo h thng mng
ca doanh nghip.
Thiu cnh gic vi mng cng cng
Mt th on chung tin tc hay s dng dn d nhng nn nhn l t mt
thit b trung chuyn wireless access-point khng ci t mt khu (unsecured)
ri gn mt ci nhn nh "Mng Wi-Fi min ph" v rung i ngi ch nhng
kt ni "ngy th" ri vo by. Tin tc s dng cc cng c thu tm gi d liu
mng gip nhn bit c nhng vn bn hay bt k nhng g m nhn vin doanh
nghip g ri gi ra ngoi.
Mt mt thit b di ng
Rt nhiu doanh nghip, thm ch gn y cn c c mt vi hng ln b tht
thot d liu quan trng do mt cp my tnh xch tay, tht lc in thoi di ng
hay cc a flash USB lu tr. D liu trong cc thit b ny thng t c m
ha hay bo v bng mt khu, rt d dng x l mt khi s hu chng.
Li t my ch web
Hin cn kh nhiu doanh nghip khng coi trng vic t website ca mnh ti
my ch no, mc bo mt ra sao. Do , website kinh doanh ca doanh
nghip s l mi ngon ca cc t tn cng SQL Injection hay botnet.
Duyt web trn lan
129
Khng phi nhn vin vn phng no cng am hiu tng tn v nhng him
ha rnh rp trn mng Internet nh malware, spyware, virus, trojan... H c v
t truy cp vo cc website khng xc nh hoc b dn d click vo nhng
website c tin tc by c cho n v th l my tnh ca nhn vin s l cnh
ca gip tin tc xm nhp vo trong mng ca doanh nghip.
Email cha ng m c
Nhng cuc gii bom th rc s lm trn ngp hp th ca bn vi nhng tiu
hp dn nh nhng v scandal tnh i, hnh nh nng bng hay cc li mi cho
kinh doanh... ch mt c nhp chut sai lm th ngay lp tc my tnh s ti v
cc on m c lm tin cho hng lot phn mm c hi i sau xm nhp
vo my tnh.
Khng v li bo mt
Hn 90% cc cuc tn cng vo h thng mng u c gng khai thc cc li
bo mt c bit n. Mc d cc bn v li vn thng xuyn c nhng
hng sn xut cung cp ngay sau khi li c pht hin nhng mt vi doanh
nghip li khng coi trng vic cp nht li thng nht dn n vic cc li bo
mt m toang cng cho n nhng cuc tn cng.
16.2. Cc phng thc tn cng

16.2.1 Viruses, Worms, Trojan Horses.
Trong khoa hc my tnh, virus my tnh (thng c ngi s dng gi tt l
virus) l nhng chng trnh hay on m c thit k t nhn bn v sao
chp chnh n vo cc i tng ly nhim khc (file, a, my tnh ..).
Trc y, virus thng c vit bi mt s ngi am hiu v lp trnh mun
chng t kh nng ca mnh nn thng virus c cc hnh ng nh: cho mt
chng trnh khng hot ng ng, xa d liu, lm hng cng,... hoc gy ra
nhng tr a kh chu.
Nhng virus mi c vit trong thi gian gn y khng cn thc hin cc tr
a hay s ph hoi i my tnh ca nn nhn b ly nhim na, m a phn
130
hng n vic ly cp cc thng tin c nhn nhy cm (cc m s th tn dng)

m ca sau cho tin tc t nhp chim quyn iu khin hoc cc hnh ng
khc nhm c li cho ngi pht tn virus.
Chim trn 90% s virus c pht hin l nhm vo h thng s dng h
iu hnh h Windows ch n gin bi h iu hnh ny c s dng nhiu
nht trn thn gii. Do tnh thng dng ca Windows nn cc tin tc thng tp
trung hng vo chng nhiu hn l cc h iu hnh khc. (Cng c quan im
cho rng Windows c tnh bo mt khng tt bng cc h iu hnh khc (nh
Linux) nn c nhiu virus hn, tuy nhin nu cc h iu hnh khc cng thng
dng nh Windows hoc th phn cc h iu hnh ngang bng nhau th cng
lng virus xut hin c l cng tng ng nhau).
Lc s ca virus
C nhiu quan im khc nhau v lch s ca virus in ton. y ch nu rt
vn tt v khi qut nhng im chung nht v, qua , chng ta c th hiu chi
tit hn v cc loi virus:
Nm 1949: John von Neuman (1903-1957) pht trin nn tng l thuyt t
nhn bn ca mt chng trnh cho my tnh.
Vo cui thp nin 1960 u thp nin 1970 xut hin trn cc my
Univax 1108 mt chng trnh gi l "Pervading Animal" t n c th ni
vi phn sau ca cc tp tin t hnh. Lc cha c khi nim virus.
Nm 1981: Cc virus u tin xut hin trong h iu hnh ca my tnh
Apple II.
Nm 1983: Ti i Hc min Nam California, ti Hoa K, Fred Cohen ln
u a ra khi nim computer virus nh nh ngha ngy nay.
Nm 1986: Virus "the Brain", virus cho my tnh c nhn (PC) u tin,
c to ra ti Pakistan bi Basit v Amjad. Chng trnh ny nm trong
phn khi ng (boot sector) ca mt da mm 360Kb v n s ly nhim
tt c cc da mm. y l loi "stealth virus" u tin.
131
Cng trong thng 12 nm ny, virus cho DOS c khm ph ra l virus

"VirDem". N c kh nng t chp m ca mnh vo cc tp t thi hnh
(executable file) v ph hoi cc my tnh VAX/VMS.
Nm 1987: Virus u tin tn cng vo command.com l virus "Lehigh".
Nm 1988: Virus Jerusalem tn cng ng lot cc i hc v cc cng ty
trong cc quc gia vo ngy th Su 13. y l loi virus hot ng theo
ng h ca my tnh (ging bom n chm ci hng lot cho cng mt
thi im).
Thng 11 cng nm, Robert Morris, 22 tui, ch ra worm chim c cc
my tnh ca ARPANET, lm lit khong 6.000 my. Morris b pht t 3
nm v 10.000 dollar. Mc d vy anh ta khai rng ch ra virus v "chn
i" (boresome).
Nm 1990: Chng trnh thng mi chng virus u tin ra i bi
Norton.
Nm 1991: Virus a hnh (polymorphic virus) ra i u tin l virus
"Tequilla". Loi ny bit t thay i hnh thc ca n, gy ra s kh khn
cho cc chng trnh chng virus.
Nm 1994: Nhng ngi thiu kinh nghim, v lng tt chuyn cho
nhau mt in th cnh bo tt c mi ngi khng m tt c nhng in
th c cm t "Good Times" trong dng b ch (subject line) ca chng.
y l mt loi virus gi (hoax virus) u tin xut hin trn cc in th
v li dng vo "tinh thn trch nhim" ca cc ngi nhn c in th
ny to ra s lun chuyn.
Nm 1995: Virus vn bn (macro virus) u tin xut hin trong cc m
macro trong cc tp ca Word v lan truyn qua rt nhiu my. Loi virus
ny c th lm h h iu hnh ch. Macro virus l loi virus vit ra bng
ngn ng lp trnh Visual Basic cho cc ng dng (VBA) v ty theo kh
nng, c th lan nhim trong cc ng dng vn phng ca Microsoft nh
Word, Excel, PowerPoint, OutLook,.... Loi macro ny, ni ting c virus
Baza v virus Laroux, xut hin nm 1996, c th nm trong c Word hay
132
Excel. Sau ny, virus Melissa, nm 1997, tn cng hn 1 triu my, lan
truyn bi mt tp nh km kiu Word bng cch c v gi n cc a
ch ca Outlook trong cc my b nhim virus. Virus Tristate, nm
1999, c th nm trong cc tp Word, Excel v Power Point.
Nm 2000: Virus Love Bug, cn c tn ILOVEYOU, nh la tnh hiu k
ca mi ngi. y l mt loi macro virus. c im l n dng ui tp
tin dng "ILOVEYOU.txt.exe". Li dng im yu ca Outlook thi by
gi: theo mc nh sn, ui dng .exe s t ng b du i. Ngoi ra,
virus ny cn c mt c tnh mi ca spyware: n tm cch c tn v m
nhp ca my ch v gi v cho tay hc o. Khi truy cu ra th l mt
sinh vin ngi Philippines. Tn ny c tha bng v Philippines cha c
lut trng tr nhng ngi to ra virus cho my tnh.
Nm 2002: Tc gi ca virus Melissa, David L. Smith, b x 20 thng t.
Nm 2003: Virus Slammer, mt loi worm lan truyn vi vn tc k lc,
truyn cho khong 75 ngn my trong 10 pht.
Nm 2004: nh du mt th h mi ca virus l worm Sasser. Vi virus
ny th ngi ta khng cn phi m nh km ca in th m ch cn m
l th l cho n xm nhp vo my. Cng may l Sasser khng hon
ton hy hoi my m ch lm cho my ch tr nn chm hn v i khi
n lm my t khi ng tr li. Tc gi ca worm ny cng lp mt k
lc khc: tay hc o (hacker) ni ting tr nht, ch mi 18 tui, Sven
Jaschan, ngi c. Tuy vy, v cn nh tui, nn vo thng 7 nm 2005
nn ta n c ch pht anh ny 3 nm t treo v 30 gi lao ng cng
ch.
Vi kh nng ca cc tay hacker, virus ngy ngay c th xm nhp bng cch b
gy cc ro an ton ca h iu hnh hay chui vo cc ch h ca cc phn mm
nht l cc chng trnh th in t, ri t lan ta khp ni theo cc ni kt
mng hay qua th in t. Do d, vic truy tm ra ngun gc pht tn virus s
cng kh hn nhiu. Chnh Microsoft, hng ch to cc phn mm ph bin,
cng l mt nn nhn. H phi nghin cu, sa cha v pht hnh rt nhiu
133
cc phn mm nhm sa cc khuyt tt ca phn mm cng nh pht hnh cc

th h ca gi dch v (service pack) nhm gim hay v hiu ha cc tn cng
ca virus. Nhng d nhin vi cc phn mm c hng triu dng m ngun th
mong c chng hon ho theo ngha ca s an ton ch c trong l thuyt.
y cng l c hi cho cc nh sn xut cc loi phn mm bo v c t dng
v.
Tng lai khng xa c l virus s tin thm cc bc khc nh: n bao gm mi
im mnh sn c (polymorphic, sasser hay tn cng bng nhiu cch thc,
nhiu kiu) v cn kt hp vi cc th an khc ca phn mm gin ip
(spyware). ng thi n c th tn cng vo nhiu h iu hnh khc nhau ch
khng nht thit nhm vo mt h iu hnh c nht nh trong trng hp ca
Windows hin gi. V c l virus s khng h (thm ch l khng cn) thay i
phng thc tn cng: li dng im yu ca my tnh cng nh chng trnh.
Cc khi nim c lin quan
Su my tnh(worm): l cc chng trnh cng c kh nng t nhn bn t tm
cch lan truyn qua h thng mng (thng l qua h thng th in t). im
cn lu y, ngoi tc hi thng ln my b nhim, nhim v chnh ca worm
l ph cc mng (network) thng tin, lm gim kh nng hot ng hay ngay c
hy hoi cc mng ny. Nhiu nh phn tch cho rng worm khc vi virus, h
nhn mnh vo c tnh ph hoi mng nhng y worm c l mt loi
virus c bit.
Worm ni ting nht c to bi Robert Morris vo nm 1988. N c th lm
hng bt k h iu hnh UNIX no trn Internet. Tuy vy, c l worm tn ti lu
nht l virus happy99, hay cc th h sau ca n c tn l Trojan. Cc worm
ny s thay i ni dung tp wsok32.dll ca Windows v t gi bn sao ca
chnh chng i n cc a ch cho mi ln gi in th hay message.
Phn mm c tnh (malware): (ch ghp ca maliciuos v software) ch chung
cc phn mm c tnh nng gy hi nh virus, worm v Trojan horse.
Trojan Horse: y l loi chng trnh cng c tc hi tng t nh virus ch
khc l n khng t nhn bn ra. Nh th, cch lan truyn duy nht l thng qua
134
cc th dy chuyn tr loi ny ngi ch my ch vic tm ra tp tin Trojan

horse ri xa n i l xong. Tuy nhin, khng c ngha l khng th c hai con
Trojan horse trn cng mt h thng. Chnh nhng k to ra cc phn mm ny
s s dng k nng lp trnh ca mnh sao lu tht nhiu con trc khi pht
tn ln mng. y cng l loi virus cc k nguy him. N c th hy cng,
hy d liu.
Phn mm gin ip (spyware): y l loi virus c kh nng thm nhp trc
tip vo h iu hnh m khng li "di chng". Thng mt s chng trnh
dit virus c km trnh dit spyware nhng dit kh km i vi cc t "dch".
Phn mm qung co (adware): Loi phn mm qung co, rt hay c trong
cc chng trnh ci t ti t trn mng. Mt s phn mm v hi, nhng mt
s c kh nng hin th thng tin kt mn hnh, cng ch ngi s dng.
Botnet: Trc y, loi ny thng dng nhm vo cc h thng iu khin
my tnh t xa, nhng hin gi li nhm vo ngi dng.
iu c bit nguy him l cc botnet c phi by t cc hacker khng cn k
thut lp trnh cao. N c rao bn vi gi t 20USD tr ln cho cc hacker.
Hu qu ca n li khng nh: mt ti khon. Nu lin kt vi mt h thng
my tnh ln, n c th tng tin c mt doanh nghip.
Nhm ca Sites Sunbelt cng vi i phn ng nhanh ca cng ty bo mt
iDefense Labs tm ra mt botnet chy trn nn web c tn l Metaphisher.
Thay cho cch s dng dng lnh, tin tc c th s dng giao din ha, cc
biu tng c th thay i theo thch, ch vic dch con tr, nhn chut v tn
cng.
Theo iDefense Labs, cc bot do Metaphisher iu khin ly nhim hn 1 triu
PC trn ton cu. Thm ch trnh iu khin cn m ha lin lc gia n v bot
"n em" v chuyn i mi thng tin v cc PC b nhim cho ngi ch bot nh
v tr a l, cc bn v bo mt ca Windows v nhng trnh duyt ang chy
trn mi PC.
Nhng cng c to bot v iu khin d dng trn gp phn lm tng vt s PC
b nhim bot c pht hin trong thi gian gn y. Th d, Jeanson James
135
Ancheta, 21 tui, ngi M bang California, b tuyn n 57 thng t v vn

hnh mt doanh nghip "en" thu li bt chnh da vo cc botnet iu khin
400.000 "thnh vin" v 3 tay iu khin bot b bt H Lan ma thu nm trc
chnh l trung tm "u no" iu khin hn 1,5 triu PC!
Mc d c lut bt nhng ti phm kiu ny, nhng do d dng c c
nhng cng c ph hoi nn lun c thm ngi mi gia nhp hng ng hacker
v tin hay v t m.
Keylogger: l phn mm ghi li chui phm g ca ngi dng. N c th hu
ch cho vic tm ngun gc li sai trong cc h thng my tnh v i khi c
dng o nng sut lm vic ca nhn vin vn phng. Cc phn mm kiu ny
rt hu dng cho ngnh lut php v tnh bo - v d, cung cp mt phng tin
ly mt khu hoc cc kha mt m v nh qua mt c cc thit b an
ninh. Tuy nhin, cc phn mm keylogger c ph bin rng ri trn Internet
v bt c ai cng c th s dng cho mc ch ly trm mt khu v cha kha
m ha.
Phishing: l mt hot ng phm ti dng cc k thut la o. K la o c
gng la ly cc thng tin nhy cm, chng hn nh mt khu v thng tin v th
tn dng, bng cch gi l mt ngi hoc mt doanh nghip ng tin cy trong
mt giao dch in t. Phishing thng c thc hin bng cch s dng th
in t hoc tin nhn, i khi cn s dng c in thoi.
Rootkit: l mt b cng c phn mm dnh cho vic che du lm cc tin trnh
ang chy, cc file hoc d liu h thng. Rootkit c ngun gc t cc ng dng
tng i hin, nhng nhng nm gn y, rootkit b s dng ngy cng
nhiu bi cc phn mm c tnh, gip k xm nhp h thng gi c ng
truy nhp mt h thng trong khi trnh b pht hin. Ngi ta bit n cc
rootkit dnh cho nhiu h iu hnh khc nhau chng hn Linux, Solaris v mt
s phin bn ca Microsoft Windows. Cc rootkit thng sa i mt s phn
ca h iu hnh hoc t ci t chng thnh cc driver hay cc mdule trong
nhn h iu hnh (kernel module).
136
Khi hay tin CD nhc ca Sony ci t rookit giu file chng sao chp xut
hin vo thng 11 nm ngoi, gii tin tc hn hoan v nhanh chng khai thc ng
dng ca Sony. Phn mm ca Sony giu bt k file hay tin trnh bt u vi
"$sys$", nhng k vit phn mm c hi i tn file li dng c im
ny .
Vo thng 3, nh sn xut phn mm chng virus Ty Ban Nha l Panda
Software cho bit h ang tm bin th ca su Bagle cc k c hi c trang b
kh nng ca rootkit. Trm trng hn, tng t nh cc "nh sn xut" chng
trnh botnet, nhng k to phn mm rootkit cn bn hoc pht tn min ph cc
cng c, gip nhng tay vit phn mm c hi d dng b sung chc nng
rootkit cho cc virus c nh Bagle hay to loi mi. Mt d n do Microsoft v
cc nh nghin cu ca i hc Michigan thc hin tht s m ng cho
nghin cu rootkit, to ra mt phng thc mi gn nh "t" HH chy trn
phn mm c tn SubVirt (tn ca d n nghin cu). HH vn lm vic bnh
thng, nhng "my o" iu khin mi th HH nhn thy v c th d dng
giu chnh n.
May mn l k thut ny khng d thc hin v ngi dng d nhn ra v lm
chm h thng v lm thay i nhng file nht nh. Hin gi, loi siu rootkit
ny ch mi dng tng, cn nhiu thi gian trc khi tin tc c th thc hin
phng thc tn cng ny.
Phn mm tng tin (Ransomware): l loi phn mm c tnh s dng mt h

thng mt m ha yu (ph c) m ha d liu thuc v mt c nhn v i
tin chuc th mi khi phc li.
Ca hu (Backdoor): trong mt h thng my tnh, ca hu l mt phng
php vt qua th tc chng thc ngi dng thng thng hoc gi ng
truy nhp t xa ti mt my tnh, trong khi c gng khng b pht hin bi vic
gim st thng thng. Ca hu c th c hnh thc mt chng trnh c ci
t (v d Back Orifice hoc ca hu rookit Sony/BMG rootkit c ci t khi
mt a bt k trong s hng triu a CD nhc ca Sony c chi trn mt my
137
tnh chy Windows), hoc c th l mt sa i i vi mt chng trnh hp

php - l khi n i km vi Trojan.
Virus ly qua passport: Loi virus ny ly qua cc th RFID c nhn thay
i ni dung ca th, buc ti ngi dng v c th n cp passport. V sng
RFID khng ly qua kim loi nn khi khng cn dng, bn nn trong hp kim
loi.
Virus in thoi di ng: ch ring h thng PC lm ngi dng au u,
nay li c virus in thoi di ng. Loi ny thng ly qua tin nhn. Mt vi
virus TD cng nh sp HH v lm hng thit b. Mt s khc ch gy kh
chu nh thay i cc biu tng lm thit b tr nn kh s dng. Mt s t cn
nhm vo tin. V d, mt Trojan ly lan cc in thoi Nga gi tin nhn ti
nhng dch v tnh tin ngi gi.
Danh sch cc ui tp c kh nng di truyn v b ly nhim
Cc tp tin trn h iu hnh Windows mang ui m rng sau c nhiu kh

nng b virus tn cng.
.bat: Microsoft Batch File (Tp x l theo l)

.chm: Compressed HTML Help File (Tp ti liu di dng nn HTML)
.cmd: Command file for Windows NT (Tp thc thi ca Windows NT)
.com: Command file (program) (Tp thc thi)
.cpl: Control Panel extension (Tp ca Control Panel)
.doc: Microsoft Word (Tp ca chng trnh Microsoft Word)
.exe: Executable File (Tp thc thi)
.hlp: Help file (Tp ni dung tr gip ngi dng)
.hta: HTML Application (ng dng HTML)
138
.js: JavaScript File (Tp JavaScript)

.jse: JavaScript Encoded Script File (Tp m ho JavaScript)
.lnk: Shortcut File (Tp ng dn)
.msi: Microsoft Installer File (Tp ci t)
.pif: Program Information File (Tp thng tin chng trnh)
.reg: Registry File
.scr: Screen Saver (Portable Executable File)
.sct: Windows Script Component
.shb: Document Shortcut File
.shs: Shell Scrap Object
.vb: Visual Basic File
.vbe: Visual Basic Encoded Script File
.vbs: Visual Basic File
.wsc: Windows Script Component
.wsf: Windows Script File
.wsh: Windows Script Host File
.{*}: Class ID (CLSID) File Extensions
Cc hnh thc ly nhim ca virus my tnh

Virus ly nhim theo cch c in
Cch c in nht ca s ly nhim, bnh trng ca cc loai virus my tnh l
thng qua cc thit b lu tr di ng: Trc y a mm v a CD cha
chng trnh thng l phng tin b li dng nhiu nht pht tn. Ngy nay
khi a mm rt t c s dng th phng thc ly nhim ny chuyn qua cc
USB, cc a cng di ng hoc cc thit b gii tr k thut s.
139
Virus ly nhim qua th in t

Khi m th in t (e-mail) c s dng rng ri trn th gii th virus chuyn
hng sang ly nhim thng qua th in t thay cho cc cch ly nhim truyn
thng.
Khi ly nhim vo my nn nhn, virus c th t tm ra danh sch cc a ch
th in t sn c trong my v n t ng gi i hng lot (mass mail) cho
nhng a ch tm thy. Nu cc ch nhn ca cc my nhn c th b nhim
virus m khng b pht hin, tip tc ly nhim vo my, virus li tip tc tm
n cc a ch v gi tip theo. Chnh v vy s lng pht tn c th tng theo
cp s nhn khin cho trong mt thi gian ngn hng hng triu my tnh b ly
nhim, c th lm t lit nhiu c quan trn ton th gii trong mt thi gian rt
ngn.
Khi m cc phn mm qun l th in t kt hp vi cc phn mm dit virus
c th khc phc hnh ng t gi nhn bn hng lot pht tn n cc a ch
khc trong danh b ca my nn nhn th ch nhn pht tn virus chuyn qua
hnh thc t gi th pht tn virus bng ngun a ch su tp c trc .
Phng thc ly nhim qua th in t bao gm:
Ly nhim vo cc file nh km theo th in t (attached mail). Khi ngi
dng s khng b nhim virus cho ti khi file nh km b nhim virus c kch
hot (do c dim ny cc virus thng c "tr hnh" bi cc tiu hp dn
nh sex, th thao hay qung co bn phn mm vi gi v cng r.)
Ly nhim do m mt lin kt trong th in t Cc lin kt trong th in t c
th dn n mt trang web c ci sn virus, cch ny thng khai thc cc l
hng ca trnh duyt v h iu hnh. Mt cch khc, lin kt dn ti vic thc
thi mt on m, v my tnh b c th b ly nhim virus.
Ly nhim ngay khi m xem th in t: Cch ny v cng nguy him bi
cha cn kch hot cc file hoc m cc lin kt, my tnh c th b ly nhim
virus. Cch ny cng thng khai thc cc li ca h iu hnh.
Virus ly nhim qua mng Internet
140
Theo s pht trin rng ri ca Internet trn th gii m hin nay cc hnh thc
ly nhim virus qua Internet tr thnh cc phng thc chnh ca virus ngy nay.
C cc hnh thc ly nhim virus v phn mm c hi thng qua Internet nh
sau:
Ly nhim thng qua cc file ti liu, phn mm: L cch ly nhim c in,
nhng thay th cc hnh thc truyn file theo cch c in (a mm, a USB...)
bng cch ti t Internet, trao i, thng qua cc phn mm...
Ly nhim khi ang truy cp cc trang web c ci t virus (theo cch v tnh
hoc c ): Cc trang web c th c cha cc m him c gy ly nhim virus
v phn mm c hi vo my tnh ca ngi s dng khi truy cp vo cc trang
web .
Ly nhim virus hoc chim quyn iu khin my tnh thng qua cc li bo
mt h iu hnh, ng dng sn c trn h iu hnh hoc phn mm ca hng
th ba: iu ny c th kh tin i vi mt s ngi s dng, tuy nhin tin tc
c th li dng cc li bo mt ca h iu hnh, phn mm sn c trn h iu
hnh (v d Winidow Media Player) hoc li bo mt ca cc phn mm ca
hng th ba (v d Acrobat Reader) ly nhim virus hoc chim quyn kim
sot my tnh nn nhn khi m cc file lin kt vi cc phn mm ny.
Bin th
Mt hnh thc trong c ch hot ng ca virus l to ra cc bin th ca chng.
Bin th ca virus l s thay i m ngun nhm cc mc ch trnh s pht hin
ca phn mm dit virus hoc lm thay i hnh ng ca n.
Mt s loi virus c th t to ra cc bin th khc nhau gy kh khn cho qu
trnh pht hin v tiu dit chng. Mt s bin th khc xut hin do sau khi
virus b nhn dng ca cc phn mm dit virus, chnh tc gi hoc cc tin tc
khc (bit c m ca chng) vit li, nng cp hoc ci tin chng tip
tc pht tn.
Virus c kh nng v hiu ho phn mm dit virus
141
Mt s virus c kh nng v hiu ho hoc can thip vo h iu hnh lm t lit

(mt s) phn mm dit virus. Sau hnh ng ny chng mi tin hnh ly
nhim v tip tc pht tn. Mt s khc ly nhim chnh vo phn mm dit
virus (tuy kh khn hn) hoc ngn cn s cp nht ca cc phn mm dit
virus.
Cc cch thc ny khng qu kh nu nh chng nm r c c ch hot ng
ca cc phn mm dit virus v c ly nhim hoc pht tc trc khi h thng
khi ng cc phn mm ny. Chng cng c th sa i file hots ca h iu
hnh Windows ngi s dng khng th truy cp vo cc website v phn
mm dit virus khng th lin lc vi server ca mnh cp nht.
16.2.2 Denial of Service (DoS) v Brute Force Attack

Mt cuc tn cng t chi dch v (tn cng DoS) hay tn cng t chi dch v
phn tn (tn cng DDoS) l s c gng lm cho ti nguyn ca mt my tnh
khng th s dng c nhm vo nhng ngi dng ca n. Mc d phng
tin tin hnh, ng c, mc tiu ca tn cng t chi dch v l khc nhau,
nhng ni chung n gm c s phi hp, s c gng c ca mt ngi hay
nhiu ngi chng li Internet site hoc service (dch v Web) vn hnh hiu
qu hoc trong tt c, tm thi hay mt cch khng xc nh. Th phm tn cng
t chi dch v nhm vo cc mc tiu site hay server tiu biu nh ngn hng,
cng thanh ton th tn dng v thm ch DNS root servers.
Mt phng thc tn cng ph bin ko theo s bo ho my mc tiu vi cc
yu cu lin lc bn ngoi, n mc n khng th p ng giao thng hp php,
hoc dp ng qu chm. Trong iu kin chung, cc cuc tn cng DoS c b
sung bi p my mc tiu khi ng li hoc tiu th ht ti nguyn ca n n
mc n khng cung cp dch v, hoc lm tc nghn lin lc gia ngi s dng
v nn nhn.
Tn cng t chi dch v oc lu s vi phm chnh sch s dng ng
internet ca IAB(Internet Architecture Board). Chng cng cu thnh s vi phm
lut dn s.
142
Nhn din
US-CERT xc nh du hiu ca mt v tn cng t chi dch v gm c :
Mng thc thi chm khc thng (m file hay truy cp Website).
Khng th dng mt Website c th.
Khng c th truy cp bt k Website no
Tng lng th rc nhn c (nh mt trn "boom mail")
Khng phi tt cc cc dch v ngng chy,thm ch l kt qu ca
mt hot ng nguy hi, tt yu ca tn cng DoS.
143
Tn cng t chi dch cng c th dn ti vn v nhnh mng ca my ang

b tn cng. V d bng thng ca router gia Internet v Lan c th b tiu th
bi tn cng, lm tn hi khng ch my tnh nh tn cng m cn l ton th
mng. Nu cuc tn cng dn ti t l ln thch ng, ton b vng a l ca kt
ni Internet c th b tn hi nm ngoi s hiu bit ca k tn cng cu hnh
chnh xc, trang thit b mong manh.
Cc phng thc tn cng
Tn cng t chi dch v l mt loi hnh tn cng nhm ngn chn nhng ngi
dng hp l c s dng mt dch v no . Cc cuc tn cng c th c
thc hin nhm vo bt k mt thit b mng no bao gm l tn cng vo cc
thit b nh tuyn, web, th in t v h thng DNS.
Tn cng t chi dch v c th c thc hin theo mt s cch nht nh. C
nm kiu tn cng c bn sau y:
Nhm tiu tn ti nguyn tnh ton nh bng thng, dung lng a cng
hoc thi gian x l
Ph v cc thng tin cu hnh nh thng tin nh tuyn
Ph v cc trng thi thng tin nh vic t ng reset li cc phin TCP.
Ph v cc thnh phn vt l ca mng my tnh
Lm tc nghn thng tin lin lc c ch ch gia cc ngi dng v nn
nhn dn n vic lin lc gia hai bn khng c thng sut.
Mt cuc tn cng t chi dch v c th bao gm c vic thc thi malware
nhm:
Lm qu ti nng lc x l, dn n h thng khng th thc thi bt k
mt cng vic no khc.
Nhng li gi tc th trong microcode ca my tnh.
Nhng li gi tc th trong chui ch th, dn n my tnh ri vo trng
thi hot ng khng n nh hoc b .
144
Nhng li c th khai thc c h iu hnh dn n vic thiu thn ti

nguyn hoc b thrashing. VD: nh s dng tt c cc nng lc c sn dn
n khng mt cng vic thc t no c th hon thnh c.
Gy crash h thng.
Tn cng t chi dch v iFrame: trong mt trang HTML c th gi n
mt trang web no vi rt nhiu yu cu v trong rt nhiu ln cho n
khi bng thng ca trang web b qu hn.
Cc v tn cng
Ngy 10 thng 10 nm 2008, trang web 5giay.vn chnh thc cng nhn b
tn cng DDOS
16.3. Cc chnh sch bo mt

Cch phng chng virus v ngn chn tc hi ca n
C mt cu ni vui rng khng b ly nhim virus th ngt kt ni khi mng,
khng s dng mm, USB hoc copy bt k file no vo my tnh. Nhng
nghim tc ra th iu ny c v ng khi m hin nay s tng trng s lng
virus hng nm trn th gii rt ln.
Khng th khng nh chc chn bo v an ton 100% cho my tnh trc him
ho virus v cc phn mm him c, nhng chng ta c th hn ch n ti a
c th v c cc bin php bo v d liu ca mnh.
145
S dng phn mm dit virus

Bo v bng cch trang b thm mt phn mm dit virus c kh nng nhn bit
nhiu loi virus my tnh v lin tc cp nht d liu phn mm lun nhn
bit c cc virus mi.
Trn th trng hin c rt nhiu phn mm dit virus. Mt s hng ni ting vit
cc phn mm virus c nhiu ngi s dng c th k n l: McAfee,
Symantec, Kaspersky
S dng tng la
Tng la (Firewall) khng phi mt ci g qu xa vi hoc ch dnh cho cc
nh cung cp dch v internet (ISP) m mi my tnh c nhn cng cn phi s
dng tng la bo v trc virus v cc phn mm c hi. Khi s dng
tng la, cc thng tin vo v ra i vi my tnh c kim sot mt cch v
thc hoc c ch . Nu mt phn mm c hi c ci vo my tnh c
hnh ng kt ni ra Internet th tng la c th cnh bo gip ngi s dng
loi b hoc v hiu ho chng. Tng la gip ngn chn cc kt ni n
khng mong mun gim nguy c b kim sot my tnh ngoi mun hoc
ci t vo cc chng trnh c hi hay virus my tnh.
S dng tng la bng phn cng nu ngi s dng kt ni vi mng Internet
thng qua mt modem c chc nng ny. Thng thng ch mc nh ca
nh sn xut th chc nng "tng la" b tt, ngi s dng c th truy cp vo
modem cho php hiu lc (bt). S dng tng la bng phn cng khng
146
phi tuyt i an ton bi chng thng ch ngn chn kt ni n tri php, do

kt hp s dng tng la bng cc phn mm.
S dng tng la bng phn mm: Ngay cc h iu hnh h Windows ngy
nay c tch hp sn tnh nng tng la bng phn mm, tuy nhin thng
thng cc phn mm ca hng th ba c th lm vic tt hn v tch hp nhiu
cng c hn so vi tng la phn mm sn c ca Windows. V d b phn
mm ZoneAlarm Security Suite ca hng ZoneLab l mt b cng c bo v hu
hiu trc virus, cc phn mm c hi, chng spam, v tng la.
Cp nht cc bn sa li ca h iu hnh
H iu hnh Windows (chim a s) lun lun b pht hin cc li bo mt
chnh bi s thng dng ca n, tin tc c th li dng cc li bo mt chim
quyn iu khin hoc pht tn virus v cc phn mm c hi. Ngi s dng
lun cn cp nht cc bn v li ca Windows thng qua trang web Microsoft
Update (cho vic nng cp tt c cc phn mm ca hng Microsoft) hoc
Windows Update (ch cp nht ring cho Windows). Cch tt nht hy t ch
nng cp (sa cha) t ng (Automatic Updates) ca Windows. Tnh nng
ny ch h tr i vi cc bn Windows m Microsoft nhn thy rng chng hp
php.
Vn dng kinh nghim s dng my tnh
Cho d s dng tt c cc phn mm v phng thc trn nhng my tnh vn c
kh nng b ly nhim virus v cc phn mm c hi bi mu virus mi cha
c cp nht kp thi i vi phn mm dit virus. Ngi s dng my tnh cn
s dng trit cc chc nng, ng dng sn c trong h iu hnh v cc kinh
nghim khc bo v cho h iu hnh v d liu ca mnh. Mt s kinh
nghim tham kho nh sau:
Pht hin s hot ng khc thng ca my tnh: a phn ngi s dng my
tnh khng c thi quen ci t, g b phn mm hoc thng xuyn lm h iu
hnh thay i - c ngha l mt s s dng n nh - s nhn bit c s thay
i khc thng ca my tnh. V d n gin: Nhn thy s hot ng chm
chp ca my tnh, nhn thy cc kt ni ra ngoi khc thng thng qua tng
147
la ca h iu hnh hoc ca hng th ba (thng qua cc thng bo hi s cho

php truy cp ra ngoi hoc s hot ng khc ca tng la). Mi s hot ng
khc thng ny nu khng phi do phn cng gy ra th cn nghi ng s xut
hin ca virus. Ngay khi c nghi ng, cn kim tra bng cch cp nht d liu
mi nht cho phn mm dit virus hoc th s dng mt phn mm dit virus
khc qut ton h thng.
Kim sot cc ng dng ang hot ng: Kim sot s hot ng ca cc phn
mm trong h thng thng qua Task Manager hoc cc phn mm ca hng th
ba (chng hn: ProcessViewer) bit mt phin lm vic bnh thng h thng
thng np cc ng dng no, chng chim lng b nh bao nhiu, chim CPU
bao nhiu, tn file hot ng l g...ngay khi c iu bt thng ca h thng (d
cha c biu hin ca s nhim virus) cng c th c s nghi ng v c hnh
ng phng nga hp l. Tuy nhin cch ny i hi mt s am hiu nht nh
ca ngi s dng.
Loi b mt s tnh nng ca h iu hnh c th to iu kin cho s ly nhim
virus: Theo mc nh Windows thng cho php cc tnh nng autorun gip
ngi s dng thun tin cho vic t ng ci t phn mm khi a a CD
hoc a USB vo h thng. Chnh cc tnh nng ny c mt s loi virus li
dng ly nhim ngay khi va cm USB hoc a a CD phn mm vo h
thng (mt vi loi virus lan truyn rt nhanh trong thi gian gn y thng qua
cc USB bng cch to cc file autorun.ini trn USB t chy cc virus
ngay khi cm USB vo my tnh). Cn loi b tnh nng ny bng cc phn
mm ca hng th ba nh TWEAKUI hoc sa i trong Registry.
S dng thm cc trang web cho php pht hin virus trc tuyn: Xem thm
phn "Phn mm dit virus trc tuyn" ti bi phn mm dit virus
Bo v d liu my tnh
Nu nh khng chc chn 100% rng c th khng b ly nhim virus my tnh
v cc phn mm him c khc th bn nn t bo v s ton vn ca d liu
ca mnh trc khi d liu b h hng do virus (hoc ngay c cc nguy c tim
tng khc nh s h hng ca cc thit b lu tr d liu ca my tnh). Trong
148
phm vi v bi vit v virus my tnh, bn c th tham kho cc tng chnh

nh sau:
Sao lu d liu theo chu k l bin php ng n nht hin nay bo v d
liu. Bn c th thng xuyn sao lu d liu theo chu k n mt ni an ton
nh: cc thit b nh m rng ( USB, cng di ng, ghi ra a quang...), hnh
thc ny c th thc hin theo chu k hng tun hoc khc hn tu theo mc
cp nht, thay i ca d liu ca bn.
To cc d liu phc hi cho ton h thng khng dng li cc tin ch sn c
ca h iu hnh (v d System Restore ca Windows Me, XP...) m c th cn
n cc phn mm ca hng th ba, v d bn c th to cc bn sao lu h thng
bng cc phn mm ghost, cc phn mm to nh a hoc phn vng khc.
Thc cht cc hnh ng trn khng chc chn l cc d liu c sao lu khng
b ly nhim virus, nhng nu c virus th cc phin bn cp nht mi hn ca
phn mm dit virus trong tng lai c th loi b c chng.
149

Giao Trinh Mang Doanh Nghiep 0313

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Giao Trinh Mang Doanh Nghiep 0313

Uploaded by

Copyright:

Available Formats

B GIO DC V O TO

TRNG I HC S PHM K THUT HNG YN

GIO TRNH MNG DOANH NGHIP

Hng Yn, thng 12 nm 2008

Tn Module: Thit k mng doanh nghip

Sau khi hon thnh module ny, ngi hc c kh nng:

nh gi c cc hot ng ca cc thit b phn cng v phn mm trong mt m

2. iu kin tin quyt:

6.4. Nat Overload PAT

15.1. Nguyn l hot ng ca Proxy

5. Ti liu tham kho:

Hot ng gio vin

- Nu mc tiu, ni dung v k hoch

- T chc tho lun v kin trc Ipv4

Hot ng sinh vin

- Th hin phn chia di a

thc hin phn chia a ch IP thnh

- T chc tho lun v mng WLAn,

cng nh cch tnh ton v

- Tho lun theo cc ni dung

- Cu hnh mng WLAN n

- T chc tho lun v nh tuyn v

- a trc ti liu tho lun cho sinh

- Sinh vin c trc ti liu

hnh nh tuyn gia cc

- T chc tho lun cho sinh vin hiu

- Ch ng tham gia tho

- Tho lun thit k lc a ch IP

- Trnh by nguyn l hot

- T chc tho lun cho sinh vin tm

- Sinh vin c trc ti liu

- Trnh by nguyn l hot

- Tho lun nguyn l hot ng ca

- Phn nhm v giao ch - Phn nhm sinh vin

- Sinh vin c trc ti liu

- Trnh by nguyn l phn

- Tho lun v nhim v ca vin

- Phn tch c nguyn l

- Pht ti liu tho lun cho sinh vin

- Sinh vin c trc ti liu

- Trnh by cc giao thc gi

- Tho lun v nhu cu v s cn thit

- Phn tch c nguyn l

- T chc tho lun v nguyn l lm

- Tham gia vo tho lun,

- T chc tho lun cc loi firewall

- Trnh by cc nguy c trn

- T chc tho lun cc nguy c trn

Thng qua khoa/ b mn

- Sinh vin c trc ti liu

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

Bi 1: Tng quan v mng doanh nghip ................................................................................. 21

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

Bi 13. Xy dng mt Mail Server......................................................................................... 104

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

Bi 1: Tng quan v mng doanh nghip

1.1 Gii thiu mn hc, phng php hc

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

- Sch tham kho:

1.2.Cch s dng cc phn mm thit k gi lp VMWare, Boson

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

V Khnh Qu Khoa CNTT H S phm K thut Hng Yn

Trn y l hnh khi my o VMWare ang cng lc c ci t v chy c 03