Professional Documents
Culture Documents
Trang 1
Trang 2
LI NI U
Th k 21 c mnh danh l th k ca cng ngh thng tin, vi s bng n mnh m v khoa hc cng ngh. y l k nguyn ca nn vn minh da trn c s cng nghip tr tu . Ngy nay, tin hc tr thnh mt mn khoa hc quan trng trn th gii. S pht trin mnh m nh vy th vn qun l ngun ti nguyn cng ngh t ra cho ngi s dng l mt vn cp thit hin nay. p ng nhng nhu cu ca ngi s dng khi cn truy xut n nhng ng dng cung cp bi internet nhng vn m bo c an ton cho h thng cc b. Trong hu ht nhng phng php c a ra gii quyt iu ny l cung cp mt host n truy xut n Internet cho tt c nhng ngi s dng. Tuy nhin, phng php ny khng phi l phng php gii quyt tha mn nht bi v n to cho ngi s dung cm thy khng thoi mi. Khi truy xut n internet th h khng th thc hin nhng cng vic mt cch trc tip, phi login vo dual_homed host, thc hin tt c nhng cng vic y, v sau bng cch no chuyn i kt qu t c ca cng vic tr li workstation s hu. Proxy server gip ngi s dng thoi mi hn v an ton cho dual homed host, thay th yu cu ca ngi s dng bng cch gin tip thng qua dual homed host. H thng proxy cho php tt c nhng tng tc nm di mt hnh thc no . User c cm gic lm vic trc tip vi server trn internet m h tht s mun truy xut . Proxy application chnh l chng trnh trn application level, gateway firewall hot ng trn hnh thc chuyn i nhng yu cu ngi s dng thng qua firewall, tin trnh ny c thc hin trnh t nh sau: * Thnh lp mt kt ni application trn firewall. * Proxy application thu nhn thng tin v vic kt ni v yu cu ca user * S dng thng tin xc nhn yu cu c xc nhn khng, nu chp nhn proxy s to s kt ni khc t firewall n my ch * Sau thc hin s giao tip trung gian, truyn d liu qua li gia client v server
Trang 3
Proxy systems gip gii quyt c nhng ri ro trn h thng bi v user login vo h thng v p buc user thng qua phn mm iu khin, thng qua chnh sch truy cp(access policy). Do thi gian thc hin n ngn, nn s c nhiu hn ch v sai st trong qa trnh thc hin, mong cc ging vin v cc bn ng gp kin ti ca ti c hon chnh hn. T lm c s ti c th cng c v pht trin thm . Cui cng, ti xin chn thnh cm n cc ging vin v bn b gip ti thc hin thnh cng ti ny.
Trang 4
MC LC
NHN XET CUA GIANG VIN HNG DN.....................................................................1 LI NI U............................................................................................................................3 MC LC..................................................................................................................................5 CHNG 1: TM HIU V PROXY.......................................................................................6 CHNG 2: TRIN KHAI M HNH PROXY VI ISA....................................................11 Phn 1: Chun b trc khi ci t...........................................................................................11 Phn 2: Tin hnh ci t ISA Server 2006.............................................................................17 2.1. Gii thiu.......................................................................................................................17 2.2. Chun b.........................................................................................................................18 2.3. Thc hin.......................................................................................................................19 KT LUN...............................................................................................................................40 1.u im........................................................................................................................40 2. Nhc im...............................................................................................................40 3. Hng pht trin ca n............................................................................................40 TI LIU THAM KHO........................................................................................................41
Trang 5
* Proxy applycation thu nhn thng tin v vic kt ni v yu ca ca user * S dng thng tin xc nhn yu cu c xc nhn khng, nu chp nhn proxy s to s kt ni khc t firewall n my ch * Sau thc hin s giao tip trung gian, truyn d liu qua li gia client v server proxy systti gii quyt c nhng ri ro trn h thng bi trnh user login vo h thng v p buc thng qua phn mm iu khin.
Trang 7
Nhng dch v proxy khng bo v cho h thng ng vi nhng nghi thc km cht lng. Nh mt gii php an ton, proxying da vo nhng kh nng xc nh nhng tc v trong nghi thc an ton. Khng phi tt c cc dch v u cung cp theo khuynh hng an ton ny, nh nghi thc Xwindows cung cp kh nhiu nhng tc v khng an ton.
Trang 8
Vd: vi FTP, c th user munn nhn mt file t anonymous FTP server, user cn thc hin nhng bc sau: * S dng bt k FTP client , user kt ni n proxy server thay th trc tip n anonumous FTP server. * Ti du nhc user name, trong vic thm vo tn ch nh mun s dng, user phi ch nh tn server tht mun kt ni
Proxy lp ng dng th i ngh vi proxy lp circuuit: application_level proxy c thc thi lp ng dng. N cung cp cho tng dch v ring v interpret nhng dng lnh trong nghi thc . Mt circuit_level proxy to nn mt circuit gia server v client khng cn phi interpret nhng nghi thc ny. Ni chung, application_level proxy s dung modified client. to ra kt ni proxy, phi bit v tr no mun kt ni n. Mt hybrid gateway n gin c th chn ng kt ni, nhng mt proxy host ch c th nhn kt nima ngh vi n, v phi ch ra v tr mun kt ni. Mt application_level proxy c th nhn thng tin trong tng nghi thc ring. Mt circuit_level proxy khng th interpret theo tng nghi thc v cn phi c thng tin h tr cho n thng qua mt cch no khc. u im ca circuit_level proxy server l n cung cp cho hu ht cc nghi thc khc nhau , hu nh circuit_level proxy cng l proxy server chung cho tt c cc dng nghi thc, tuy nhin khng phi tt c cc nghi thc u d dng c iu khin bi circuit_level proxy , khuyt im ca circuit_level proxy l n iu khin nhng g xy ra thng qua proxy ny nh l packet filter, n iu khin nhng kt ni c bn da vo a ch ngun v a ch ch v khng th xc nh nhng lnh i qua n l an ton hoc nhng s kin m nghi thc mong mun, circuit_level proxy d dng b nh la bi nhng server setup li nhng cng gn n nhng server khc. Proxy chung th i nghch vi nhng proxy chuyn bit: mc d application_level v circuit_level thng c dng, nhng i khi cng phn bit gia dedicated v generic proxy server l server ch phc v mt nghi thc n , generic proxy server l server phc v cho nhin nghi thc. Tht ra, dedicated proxy server l application_level, v generic proxy server l circuit_level. Intelligent proxy server: mt proxy server c th lm nhiu iu ch khng phi ch chuyn tip nhng yu cu, chnh l mt intelligent proxy server, vd: cern http proxy server caches data, v vy nhiu yu cu data khng ra khi h thng khi cha c s x l cca proxy server. Proxy server (t bit l application level server) c th cung cp login d dng v iu khin truy xut tt hn, cn circuit proxy thng b gii hn bi nhng kh nng ny Using proxying vi nhng dch v internet:v proxy server chn vo gia s kt ni client v server, n phi c thch ng vi tng dch v ring, i khi mt s dch v rt d vi cch phc v bnh thng nhng li rt kh khi thm vo proxy.
Trang 10
CHNG 2: TRIN KHAI M HNH PROXY VI ISA Phn 1: Chun b trc khi ci t
1.1.Cu hnh my ch cn thit:
- CPU Intel hoc AMD ti thiu 773 MHz. - RAM ti thiu 512MB. - Ti thiu 02 card mng. - a cng trng ti thiu 150MB, nh dng NTFS. - H iu hnh Windows server 2003 SP1 32 bit hoc Windows Server 2003 R2 32 bit Bng thng internet v cu hnh ngh tng ng: Bng thng: n 25 Mbps CPU: 3 n 4 GHz RAM: 512 MB Card mng: 10/100 Mbps S kt ni VPN ng thi ti a: 700 Bng thng: n 90 Mbps CPU: Dual core 2 n 3 GHz RAM: 2 GB Card mng: 100/1000 Mbps S kt ni VPN ng thi ti a: 2000 Tham kho thm cu hnh ti http://www.microsoft.com/technet/isa/2006/perf_bp.mspx u ti:
Trang 11
Hnh 1.2.a S bng nh tuyn Ch rng trn interface 192.168.3.254 ca router ni b phi c default gateway 192.168.3.1 Vi cu hnh IP nh trn, bng nh tuyn ca ISA s c cc nh tuyn: Dest. Subnet mask Gateway Interface 0.0.0.0 0.0.0.0 192.168.0.2 192.168.0.1 192.168.0.0 255.255.255.0 192.168.0.1 192.168.0.1 192.168.3.0 255.255.255.0 192.168.3.1 192.168.3.1
Hnh 1.2.b
Trang 12
Hnh 1.2.c ISA c th giao tip vi h thng mng ni b, phi thm 2 nh tuyn: Dest. Subnet mask Gateway Interface 192.168.1.0 255.255.255.0 192.168.3.254 192.168.3.1 192.168.2.0 255.255.255.0 192.168.3.254 192.168.3.1 to thm nh tuyn, c th dng console Routing and Rtiote Access hoc cc lnh NETSH v ROUTE v d: route add 192.168.1.0 mask 255.255.255.0 192.168.3.254 metric 1 route add 192.168.2.0 mask 255.255.255.0 192.168.3.254 metric 1
Trang 13
Trang 14
Hnh 1.4.a B du kim - tho quy nh 3: External interface properties > Internet Protocol (TCP/IP) properties > nt Advanced > tab WINS: b du kim "Enable LMHOSTS lookup" v chn "Disable NetBIOS over TCP/IP"
Hnh 1.4.b: B du
Cng vi mc tiu "o to" mt nhn vin bo v chuyn trch & gip nhn vin ny "v cm" trc "gi " ca nhng k "bt chnh", nn ci ISA trn mt my sch, ngha l ch c h iu hnh nh yu cu. Ci thm bt c dch v g trn ISA cng ng ngha vi vic chia s hiu sut ginh cho hot ng nh tuyn v chn lc thng tin. Ci thm bt c dch v g trn ISA cng ng ngha vi vic gia tng nguy c chnh ISA b tn cng. Tt nhin khng c php tit kim n mc ci ISA ngay trn Domain Controller. Khi khng ch ISA khng hon thnh nhim v m Domain Cotroller cng "t lit " nt. Nu nhn vin bo v ng thi l ... gim c doanh nghip th ... xin min kin!!!
Trang 16
- Hp thoi Setup Type: Khc vi ISA 2004, ISA 2006 khng c phng thc ci Firewall Client Installation Share trn ISA server. Do vy, ch chn Custom (trn hp thoi k tip, chn Change) nu khng mun ci ISA trn a h thng hin hnh. Nu khng, chn Next. - Hp thoi Internal Network: Khai bo tt c cc khong IP thuc h mng ni b. Gi s h mng c cu trc nh u bi vit, cn phi khai bo 03 khong: 192.168.1.0 - 192.168.1.255, 192.168.2.0 - 192.168.2.255 v 192.168.3.0 192.168.3.255 (ISA tng thch RFC 1812). Nu khai bo thiu mt phn on mng no trong LAN th thng tin t phn on mng (khi n vi ISA) s b ISA xti nh "ngi ngoi" (External). ISA xti Internal Network l mt "vng tin cy" (trusted zone) v dng Internal Network trong cc Systti Policy rule phc v hot ng ca h iu hnh. Khai bo Internal Network sai hoc thiu s nh hng khng ch hot ng ca cc my trong LAN m cn nh hng n chnh ISA. - Hp thoi Firewall Client Connections: Ch cn check "Allow non-encrypted Firewall client connections" nu trong LAN c cc my c ci cc phin bn trc ca WinSock Proxy (MS Proxy Server 2.0) hoc Firewall Client ISA 2000. Nu chn phng thc ny th user name v password t cc my trong LAN gi n ISA s khng c m ha. Cch ti u l nn ci Firewall Client ISA 2006 trn cc my trm.
Trang 17
2.2. Chun b
Bao gm 2 my: - My DC: Windows Server 2003 nng cp ln Domain Controller
-
My Server: Windows Sever 2003 Join domain Cu hnh TCP/IP cho 2 my nh trong bng sau:
Card INT My ISA Server IP Address: 172.16.1.1 Card EXT IP Address: 192.168.1.1
Subnet Mask: 255.255.255.0Subnet Mask: 255.255.255.0 Gateway: Preferred DNS: 172.16.1.2 Preferred DNS: My DC IP Address: 172.16.1.2 Subnet Mask: 255.255.255.0 Gateway: 172.16.1.1 Preferred DNS: 172.16.1.2 Gateway: 192.168.1.200 (a ch ADSL Router)
Trang 18
Trang 19
Hnh 2.3.1.d: Click chn v next - Hp thoi Setup Type, chn Custom
Trang 21
Hnh 2.3.1.g
Trang 22
Trang 23
- Chn OK
Hnh 2.3.1.j:
Hnh 2.3.1.k
Trang 24
- Tip theo trong hp thoi Firewalll Client Connections, nh du check vo Allow non-encrypted Firewall client connections
Trang 25
Hnh 2.3.2.a: Chn client - Hp thoi Welcome to the Install, nhn Next
Hnh 2.3.2.c: Next - Hp thoi ISA Server Computer Selection, nhp vo a ch IP ca my ISA Server, nhn Next
Trang 28
Hnh 2.3.2.e
- M ISA Server Managtient, phn Configuration, chn Network. khung bn phi, right click Internal, chn Properties
- Chn tab Auto Discovery, nh du check vo Publish automatic discovery information for this network
Trang 30
Hnh 2.3.3.d: Apply - Ti my DC, m DNS manager t Administrative Tools - Click phi vo zone MSOpenLab.Com chn New Alias (CNAME)
Trang 31
Hnh 2.3.3.e: New alas - Nhp WPAD vo Alias name - khung FQDN, bn Browse n my ISA Server
Trang 32
Hnh 2.3.3.g: Xa cache - M ISA Firewall Client, vo tab Setting, chn Automatically detected ISA Server, chn Detect Now, kim tra my client detect uc tn my ISA Server, chn OK
Trang 33
Hnh 2.3.4.a: Chn new, accessrule - Hp thoi Access Rule Names, t tn rule l: Allow to Internet
Trang 34
Hnh 2.3.4.d: Chn All outbound traffic - Hp thoi Access Rule Sources, nhn Add, chn 2 mc: Internal v Localhost
Trang 35
Hnh 2.3.4.e: Chn local Host - Hp thoi Access Rule Destinations, nhn Add, chn External
- Nhn Apply
Trang 37
Hnh 2.3.4.i:
Hnh 2.3.4.j
Trang 38
Trang 39
KT LUN
1.u im
C c s hng dn v ch bo kp thi ca gio vin hng dn. Ging vin lun lun gim st trong qu trnh lm n . Ti liu v ti kh nhiu v t nhiu ngun khc nhau nn trong qu trnh lm n ti c tr gip rt nhiu. Trong qu trnh thc hin n, ti rt ra c rt nhiu bi hc b ch cho chuyn ngnh ca mnh. Qua y to cho ti c s v nh hng cho ngnh hc ti chn.
2. Nhc im
V y l mt h thng tng i mi m i vi sinh vin nn vic tm hiu cha tht thu o. Cha th thc hin ci t trc tip kim chng Thi gian thc hin n tng i ngn nn khng thi gian tm hiu su v ti. Do vy khng m rng c n. Ti liu v ti c qu nhiu ngun c c chnh xc ln khng chnh xc, nn rt tn thi gian chn lc ti liu ph hp.
Trang 40
Trang 41