Professional Documents
Culture Documents
HU NGH VIT-HN
KHOA KHOA HC MY TNH
N TT NGHIP
NGNH MNG MY TNH
TI
LI CM N
Sau hn ba thng n lc tm hiu v thc hin, n Nghin cu v trin khai h
thng firewall m ngun m cho doanh nghip va v nh c hon thnh, ngoi
s c gng ht mnh ca bn thn, em cn nhn c nhiu s ng vin, khch l t gia
nh, thy c v bn b.
Em xin chn thnh cm n cc thy c ca Trng Cao ng Cng Ngh Thng
Tin Hu Ngh Vit Hn truyn t nhiu kinh nghim v kin thc qu bu cho em
trong sut qu trnh hc tp ti trng. c bit em xin t lng bit n su sc ti Thy
ng Quang Hin ging vin khoa khoa hc my tnh v cc thy c trong khoa tn
tnh gip em trong sut qu trnh thc hin n tt nghip ny.
Mc d em c gng ht sc hon thnh n tt nghip ny, nhng v tham
kho nhiu ngun ti liu khc nhau, cng thm kin thc cn nhiu hn ch, do
khng th trnh khi nhng thiu st. Em rt mong nhn c s thng cm v ng
gp, ch bo tn tnh ca qu thy c v cc bn n ngy cng hon thin hn.
Mt ln na em xin gi li cm n chn thnh nht!
MC LC
Trang
LI CM N...................................................................................................................ii
MC LC..........................................................................................................................i
Trang...................................................................................................................................i
DANH MC CC T VIT TT..................................................................................iv
DANH MC CC HNH V...........................................................................................v
M U.........................................................................................................................vii
CHNG 1. TNG QUAN V GII PHP V AN TON AN NINH MNG......ix
1.1.TNG QUAN V AN TON AN NINH MNG...................................................ix
1.1.1.An ton mng l g..................................................................................ix
1.1.2.Cc c trng k thut ca an ton mng................................................x
1.1.3.nh gi v s e da, cc im yu ca h thng v cc kiu tn cng.
........................................................................................................................xi
1.1.3.1.nh gi v s e da......................................................................xi
1.1.3.2.Cc l hng v im yu ca mng..................................................xii
1.1.3.3.Cc kiu tn cng............................................................................xiv
1.1.3.4.Cc bin php pht hin h thng b tn cng.................................xvi
1.1.4.Mt s cng c an ninh an ton mng................................................xvii
1.1.4.1.Thc hin an ninh an ton t cng truy nhp dng tng la......xvii
1.1.4.2.M ha thng tin............................................................................xvii
1.1.5.Mt s gii php dng cho doanh nghip va v nh...........................xviii
1.2.GII PHP AN TON AN NINH MNG VI FIREWALL.................................xviii
1.2.1.Khi nim..............................................................................................xix
1.2.2.Chc nng..............................................................................................xx
1.2.3.Kin trc c bn ca Firewall..................................................................xx
1.2.3.1.Kin trc Dual homed Host...........................................................xxi
1.2.3.2.Kin trc Screend Host...................................................................xxii
1.2.3.3.Kin trc Screened Subnet Host.....................................................xxiii
i
KT LUN.....................................................................................................................liii
DANH MC TI LIU THAM KHO.........................................................................54
NHN XT CA CN B HNG DN..................................................................55
iii
DANH MC CC T VIT TT
CARP
DMZ
Denilitarized Zone
DoS
Denial of Services
FTP
HTTP
IP
Internet Protocol
LAN
NAT
OSI
PPTP
SMTP
VPN
WAN
iv
DANH MC CC HNH V
Hnh 1.1 S mng cho doanh nghip nh...............................................................xviii
Hnh 1.2. S mng cho doanh nghip c va..........................................................xviii
Hnh 1.3. M hnh tng la n gin...........................................................................xix
Hnh 1.4. Kin trc Dual homed Host.........................................................................xxi
Hnh 1.5. Kin trc Screened Host...............................................................................xxiii
Hnh 1.6. Kin trc Screened Subnet............................................................................xxiv
Hnh 1.7. Lc gi tin.....................................................................................................xxvi
Hnh 1.8. Cng mch....................................................................................................xxix
Hnh 1.9. M hnh mt mng VPN in hnh...............................................................xxxi
Hnh 1.10. Cu trc mt ng hm...........................................................................xxxii
Hnh 2.1. Biu tng ca pfSense...............................................................................xxxv
Hnh 2.2. M hnh trin khai pfSense cho doanh nghip nh.....................................xxxvi
Hnh 2.3. Chc nng Firewal: Aliases........................................................................xxxvi
Hnh 2.4. Thit lp Firewall: Aliases.........................................................................xxxvii
Hnh 2.5. Chc nng Firewall: Rules........................................................................xxxvii
Hnh 2.6. Thit lp chc nng Firewall Schedules...................................................xxxviii
Hnh 2.7. Chc nng Firewall Schedules.................................................................xxxviii
Hnh 2.8. Chc nng NAT..........................................................................................xxxix
Hnh 2.9. Chc nng Traffic Shaper...........................................................................xxxix
Hnh 2.10. Chc nng Virtual IPs...............................................................................xxxix
Hnh 2.11. Dch v Captive Portal....................................................................................xl
Hnh 2.12. Chy dch v DHCP Server...........................................................................xli
Hnh 2.13. Tnh nng cp IP ng..................................................................................xlii
Hnh 2.14. Cp a ch IP tnh........................................................................................xlii
Hnh 2.15. Dch v DHCP Relay...................................................................................xlii
Hnh 2.16. Dch v Load Balancer.................................................................................xlii
v
vi
M U
1. L do chn ti.
Ngy nay, my tnh v mng internet c ph bin rng ri, cc t chc, c
nhn u c nhu cu s dng my tnh v mng my tnh tnh ton, lu tr, qung b
thng tin hay s dng cc giao dch trc tuyn trn mng. Nhng ng thi vi nhng
c hi c m ra li c nhng nguy c khi mng my tnh khng c qun l s d
dng b tn cng, gy hu qu nghim trng.
Xc nh c tm quan trng trong vic bo mt h thng mng ca doanh
nghip nn em chn v nghin cu ti Nghin cu v trin khai h thng
Firewall m ngun m cho doanh nghip va v nh vi mc ch tm hiu su
sc v c ch hot ng ca n cng nh pht hin ra nhng nhc im tm gii php
khc phc nhng nhc im ny h thng mng trong doanh nghip lun c vn
hnh trn tru, an ton v hn ch s c xy ra.
2. Mc ch nghin cu
Nghin cu v h thng Firewall m ngun m vi pfSense.
Trin khai h thng Firewall m ngun m vi pfSense cho doanh nghip va v
nh.
3. i tng v phm vi nghin cu
Nghin cu m hnh h thng Firewall m ngun m vi pfSense.
Nghin cu trin khai h thng Firewall m ngun m vi pfSense cho doanh
nghip va v nh.
4. Phng php nghin cu
Di s hng dn ca ging vin hng dn.
Tm hiu cc ti liu lin quan v pfSense v cc h thng Firewall c trin khai
vi pfSense.
Trin khai thc nghim trn m hnh h thng mng kim chng l thuyt
nghin cu c.
5. ngha khoa hc v thc tin ca ti
- ngha khoa hc:
Cung cp mt b ti liu hc tp v tham kho cho cc kha sau.
Cung cp mt b ti liu tp hun trin khai h thng Firewall m ngun m vi
pfSense.
vii
viii
CHNG 1.
1.1.
ng thng kh c th pht hin nhng c th ngn chn hiu qu. Tri li, vi phm
ch ng rt d pht hin nhng li kh ngn chn.
1.1.2. Cc c trng k thut ca an ton mng
-
Kim tra da vo m hnh nhng thng tin c, i tng kim tra cn phi
th hin nhng thng tin m chng s hu, v d nh Private Key, hoc s th
tn dng.
Kim tra da vo m hnh nhng thng tin xc inh tnh duy nht, i tng
kim tra cn phi c nhng thng tin nh danh tnh duy nht ca mnh, v
d thng qua ging ni, du vn tay, ch k
cho cc thc th hay qu trnh khng c y quyn bit hoc khng cho i tng
xu li dng. Thng tin ch cho php thc th c y quyn s dng. K thut bo mt
thng l phng nga d la thu nhp, phng nga bc x, tng bo mt thng tin (di
x
Tnh ton vn (Integrity): L c tnh khi thng tin trn mng cha c y
quyn th khng th tin hnh c, tc l thng tin trn mng khi ang c lu gi
hoc trong qu trnh truyn dn m bo khng b xa b, sa i, gi mo, lm ri lon
trt t, pht li, xen vo mt cch ngu nhin hoc c v nhng s ph hoi khc.
Nhng nhn t ch yu nh hng ti s ton vn thng tin trn mng gm: s c thit
b, sai m, b con ngi tc ng, virus my tnh
Mt s phng php m bo tnh ton vn thng tin trn mng:
Giao thc an ton c th kim tra thng tin b sao chp, sa i hay sao chp,
Nu pht hin th thng tin s b v hiu ha.
Phng php pht hin sai v sa sai. Phng php sa sai m ha n gin
nht v thng dng l php kim tra chn l.
Bin php kim tra mt m ngn nga hnh vi xuyn tc v cn tr truyn tin.
Yu cu c quan qun l hoc trung gian chng minh chn thc ca thng
tin.
mng, xc nhn tnh chn thc ng nht ca nhng thc th tham gia, tc l tt c cc
thc th tham gia khng th chi b hoc ph nhn nhng thao tc v cam kt c
thc hin.
1.1.3. nh gi v s e da, cc im yu ca h thng v cc kiu tn cng.
1.1.3.1.
nh gi v s e da
V c bn c 4 mi e da n vn bo mt mng nh sau:
-
a) e da khng c cu trc
xi
Cc l hng v im yu ca mng
a) Cc l hng ca mng
xii
DoS l hnh thc tn cng s dng giao thc tng Internet trong b giao thc
TCP/IP lm h thng ngng tr dn n tnh trng t chi ngi s dng hp php
truy nhp hay s dng h thng. Mt s lng ln cc gi tin c gi ti Server trong
khong thi gian lin tc lm cho h thng tr nn qu ti, kt qu l Server p ng
chm hoc khng th p ng cc yu cu t client gi ti.
Mt v d in hnh ca phng thc tn cng DoS l vo mt s website ln
lm ngng tr hot ng ca website ny nh: vietnamnet, bkav
L hng loi B: Cho php ngi s dng c thm cc quyn trn h thng m
khng cn kim tra tnh hp l. Mc nguy him trung bnh, nhng l hng loi ny
thng c trong cc ng dng trn h thng, c th dn n l thng tin yu cu bo
mt.
Nhng l hng loi ny thng xut hin trong cc dch v trn h thng. Ngi
s dng local c hiu l ngi c quyn truy nhp vo h thng vi mt s quyn
hn nht nh.
Mt s l hng loi B thng xut hin trong cc ng dng nh l hng ca trnh
Sendmail trong h iu hnh Unix, Linux hay li trn b m trong cc chng trnh
vit bng C.
Nhng chng trnh vit bng C thng s dng b m l mt vng trong b
nh s dng lu tr d liu trc khi x l. Nhng ngi lp trnh thng s dng
vng m trong b nh trc khi gn mt khong khng gian b nh cho tng khi d
liu. V d: ngi s dng vit chng trnh nhp trng tn ngi s dng; qui nh
trng ny di 20 k t. Do h s khai bo:
Char first_name [20];
Vi khai bo ny, cho php ngi s dng nhp vo ti a 20 k t. Khi nhp d
liu, trc tin d liu c lu vng m; nu ngi s dng nhp vo 35 k t, s
xy ra hin tng trn vng m v kt qu l 15 k t d tha s nm mt v tr
khng kim sot c trong b nh. i vi nhng k tn cng c th li dng l hng
ny nhp vo nhng k t c bit thc hin mt s lnh c bit trn h thng.
Thng thng, l hng ny thng c li dng bi nhng ngi s dng trn h
thng t c quyn root khng hp l.
Vic kim sot cht ch cu hnh h thng v cc chng trnh s hn ch c
cc l hng loi B.
xiii
L hng loi A: Cho php ngi s dng ngoi c th truy nhp vo h thng
bt hp php. L hng loi ny rt nguy him, c th lm ph hy ton b h thng.
Cc l hng loi A c mc rt nguy him; e da tnh ton vn v bo mt
ca h thng. Cc l hng loi ny thng xut hin nhng h thng qun tr yu km
hoc khng kim sot c cu hnh mng.
Nhng l hng loi ny ht sc nguy him v n tn ti sn c trn phn mm
s dng; ngi qun tr nu khng hiu su v dch v v phn mm s dng s c th
b qua nhng im yu ny.
i vi h thng c, thng xuyn phi kim tra cc thng bo ca cc nhm tin
v bo mt trn mng pht hin nhng l hng loi ny. Mt lot cc chng trnh
phin bn c thng s dng c nhng l hng loi A nh: FTP, Sendmail,
b) nh hng ca cc l hng bo mt trn mng Internet
Phn trn trnh by mt s trng hp c nhng l hng bo mt, nhng k
tn cng c th li dng nhng l hng ny to ra nhng l hng khc to thnh mt
chui mt xch nhng l hng.
V d: Mt k ph hoi mun xm nhp vo h thng m anh ta khng c ti
khon truy nhp hp l trn h thng . Trong trng hp ny, trc tin k ph hoi
s tm ra cc im yu trn h thng, hoc t cc chnh sch bo mt, hoc s dng cc
cng c d tm thng tin trn h thng t c quyn truy nhp vo h thng; sau
khi mc tiu th nht t c, k ph hoi c th tip tc tm hiu cc dch v trn
h thng, nm bt c cc im yu v thc hin cc hnh ng ph hoi tinh vi hn.
Tuy nhin, khng phi bt k l hng no cng nguy him n h thng. C rt
nhiu thng bo lin quan n l hng bo mt trn mng, hu ht trong s l cc l
hng loi C v khng c bit nguy him i vi h thng. V d: khi nhng l hng v
sendmail c thng bo trn mng, khng phi ngay lp tc nh hng trn ton b h
thng. Khi nhng thng bo v l hng c khng nh chc chn, cc nhm tin s
a ra mt s phng php khc phc h thng.
1.1.3.3.
Cc kiu tn cng
Nhng cuc tn cng trc tip thng c s dng trong giai on u chim
c quyn truy nhp bn trong. Mt s phng php tn cng c in l d tm tn
ngi s dng v mt khu. y l phng php n gin, d thc hin v khng i
hi mt iu kin c bit no bt u. K tn cng c th da vo nhng thng tin
m chng bit nh tn ngi dng, ngy sinh, a ch, s nh v.v on mt khu
da trn mt chng trnh t ng ha v vic d tm mt khu. Trong mt s trng
hp, kh nng thnh cng ca phng php ny c th ln ti 30%.
Phng php s dng cc li ca chng trnh ng dng v bn thn h iu hnh
c s dng t nhng v tn cng u tin v vn c tip tc chim quyn
truy nhp. Trong mt s trng hp phng php ny cho php k tn cng c c
quyn ca ngi qun tr h thng.
Nghe trm
Vic nghe trm thng tin trn mng c th em li nhng thng tin c ch nh tn,
mt khu ca ngi s dng, cc thng tin mt chuyn qua mng. Vic nghe trm
thng c tin hnh ngay sau khi k tn cng chim c quyn truy nhp h
thng, thng qua cc chng trnh cho php. Nhng thng tin ny cng c th d dng
ly c t Internet.
Gi mo a ch
Vic gi mo a ch IP c th c thc hin thng qua vic s dng kh nng
dn ng trc tip. Vi cch tn cng ny, k tn cng gi cc gi tin IP ti mng bn
trong vi mt a ch IP gi mo (thng thng l a ch ca mt mng hoc mt my
c coi l an ton i vi mng bn trong), ng thi ch r ng dn m cc gi tin
IP phi gi i.
V hiu cc chc nng ca h thng
y l kiu tn cng nhm t lit h thng, khng cho n thc hin chc nng m
n thit k. Kiu tn cng ny khng th ngn chn c, do nhng phng tin c
t chc tn cng cng chnh l cc phng tin lm vic v truy nhp thng tin trn
mng. V d s dng lnh ping vi tc cao nht c th, buc mt h thng tiu hao
ton b tc tnh ton v kh nng ca mng tr li cc lnh ny, khng cn cc ti
nguyn thc hin nhng cng vic c ch khc.
Li ca ngi qun tr h thng
xv
Kim tra cc du hiu h thng b tn cng: H thng thng b treo bng nhng
thng bo li khng r rng. Kh xc nh nguyn nhn do thiu thng tin lin
quan. Trc tin, xc nh cc nguyn nhn c phi phn cng hay khng, nu
khng phi ngh n kh nng my tnh b tn cng.
Kim tra s xut hin ca cc tp tin l. Ngi qun tr h thng nn c thi quen
t tn tp tin theo mu nht nh d dng pht hin tp tin l.
xvi
Kim tra truy nhp h thng bng cc ti khon thng thng, phng trng
hp cc ti khon ny b truy nhp tri php v thay i quyn hn m ngi s
dng hp php khng kim sot c.
Kim tra cc file lin quan n cu hnh mng v dch v, b cc dch v khng
cn thit.
thng.
1.1.4. Mt s cng c an ninh an ton mng
1.1.4.1.
Tng la cho php qun tr mng iu khin truy nhp, thc hin chnh sch
ng hoc t chi dch v v lu lng i vo hoc i ra khi mng. Tng la c th
c s dng xc thc ngi s dng nhm m bo chc chn rng h ng l
ngi nh h khai bo trc khi cp quyn truy nhp ti nguyn mng.
Tng la cn c s dng phn chia mng thnh nhng phn on mng v
thit lp nhiu tng an ninh khc nhau trn cc phn on mng khc nhau c th
m bo rng nhng ti nguyn quan trng hn s c bo v tt hn, ng thi tng
la cn hn ch lu lng v iu khin lu lng ch cho php chng n nhng ni
chng c php n.
1.1.4.2.
M ha thng tin
Khng c linh hot nh Firewall mm (kh thm chc nng, thm quy tc
nh Firewall mm).
xix
Cho php hoc cm nhng dch v truy nhp ra ngoi (T Intranet ra Internet).
Cho php hoc cm nhng dch v t ngoi truy nhp vo trong (t Internet vo
Intranet).
Kim sot ngi s dng v vic truy nhp ca ngi s dng. Kim sot ni
dung thng tin lu chuyn trn mng.
Mt Firewall kho st tt c cc lung lu lng gia hai mng xem n t
1.2.3.1.
nh sau:
xxi
khng thch s dng dch v phin phc nh vy, v mi ln h mun s dng dch v
th phi logging in vo my khc (dual-homed host) khc vi my ca h y l vn
rt khng thun tin vi ngi s dng.
Nu dng Proxy Server: kh c th cung cp c nhiu dch v cho ngi s
dng v phn mm Proxy Server v Proxy Client khng phi loi dch v no cng c
sn. Hoc khi s dch v cung cp nhiu th kh nng p ng ca h thng c th gim
xung v tt c cc Proxy Server u t trn cng mt my.
Mt khuyt im c bn ca hai m hnh trn na l : khi m my dual-homed
host ni chung cng nh cc Proxy Server b t nhp vo. Ngi tn cng (attacker)
t nhp vo c qua n th lu thng bn trong mng ni b b attacker ny thy ht
iu ny th ht sc nguy him. Trong cc h thng mng dng Ethernet hoc Token
Ring th d liu lu thng trong h thng c th b bt k my no ni vo mng nh
cp d liu cho nn kin trc ny ch thch hp vi mt s mng nh.
1.2.3.2.
xxii
1.2.3.3.
xxiv
trn DMZ l c bit n bi Internet qua bng thng tin nh tuyn v trao i
thng tin nh tuyn DNS (Domain Name Server).
-
Thnh phn
1.2.4.2.
C ch hot ng
B lc gi tin
Firewall hot ng cht ch vi giao thc TCP/IP, v giao thc ny lm vic theo
thut ton chia nh cc d liu nhn c t cc ng dng trn mng, hay ni chnh xc
hn l cc dch v chy trn cc giao thc (Telnet, SMTP, DNS, NFS ) thnh cc gi
d liu (data packets) ri gn cho cc gi ny nhng a ch c th nhn dng, ti lp li
ch cn gi n, cc loi Firewall cng lin quan rt nhiu n cc packet v
nhng con s a ch ca chng.
xxv
a ch IP ni nhn (Destination)
chuyn qua, nu khng tha th s b loi b (drop). Vic kim sot cc cng lm cho
Firewall c kh nng ch cho php mt s loi kt ni nht nh c php mi vo
c h thng mng cc b.
u im:
-
Hn ch:
xxvi
Mi proxy duy tr mt quyn nht k ghi chp li ton b chi tit ca lu lng
qua n, mi s kt ni, khong thi gian kt ni. Nht k ny rt c ch trong
vic tm theo du vt hay ngn chn k ph hoi.
xxvii
Cho php ngi qun tr mng hon ton iu khin c tng dch v trn
mng, bi v ng dng proxy hn ch b lnh v quyt nh nhng my ch no
c th truy cp c bi dch v.
Cho php ngi qun tr mng hon ton iu khin c nhng dch v no cho
php, bi v s vng mt ca cc proxy cho cc dch v tng ng c ngha l
cc dch v y b kha.
Cng ng dng cho php kim tra xc thc rt tt v n c nht k ghi chp
li thng tin v truy nhp h thng.
Lut l filtering (lc) cho cng ng dng l d dng cu hnh v kim tra hn so
vi b lc gi tin.
Hn ch:
Yu cu cc user thc hin cc thao tc chnh sa phn mm ci t trn my
client cho truy nhp vo cc dch v proxy. V d, Telnet truy nhp qua cng ng dng
i hi hai bc ni vi my ch ch khng phi l mt bc. Tuy nhin, cng c
mt s phn mm client cho php ng dng trn cng ng dng l trong sut, bng cch
cho php user ch ra my ch ch khng phi cng ng dng trn lnh Telnet.
Cng mch
Cng mch l mt chc nng c bit c th thc hin c bi mt cng ng
dng. Cng mch n gin ch chuyn tip cc kt ni TCP m khng thc hin bt k
mt hnh ng x l hay lc gi tin no.
Hnh 1.8 minh ha mt hnh ng s dng ni telnet qua cng mch. Cng mch
n gin chuyn tip kt ni telnet qua Firewall m khng thc hin mt s kim tra,
lc hay iu khin cc th tc telnet. Cng mch lm vic nh mt si dy, sao chp cc
byte gia kt ni bn trong (inside connection) v cc kt ni bn ngoi (outside
connection). Tuy nhin, v s kt ni ny xut hin t h thng firewall nn n che du
thng tin v mng ni b.
xxviii
xxix
kim tra vi quy tc c to ra trn Firewall, cc thng tin ny c th l thi gian truy
nhp, giao thc s dng, cng.
Firewall kiu Packet Filtering c hai loi:
-
1.3.
u im ca VPN
Chi ph: Cng ngh VPN cho php tit kim ng k chi ph thu knh ring hoc
cc cuc gi ng di bng chi ph cuc gi ni ht. Vic s dng kt ni n ISP cn
xxxi
cho php va s dng VPN va truy cp Internet. Cng ngh VPN cho php s dng
bng thng t hiu qu cao nht. Gim nhiu chi ph qun l, bo tr h thng.
Tnh bo mt: Trong VPN s dng c ch ng hm v cc giao thc tng 2 v
tng 3 trong m hnh OSI, xc thc ngi dng, kim sot truy nhp, bo mt d liu
bng m ha. V vy VPN c tnh bo mt cao, gim thiu kh nng tn cng, tht thot
d liu.
Truy nhp d dng: Ngi s dng trn VPN ngoi vic s dng ti nguyn trn
VPN cn c s dng cc dch v khc ca Internet m khng cn quan tm n phn
phc tp tng di.
1.3.2. Kin trc ca VPN
Hai thnh phn c bn ca Internet to ra mng ring o VPN l:
-
C th truy nhp t xa, thc hin lin lc gia cc nhn vin ca mt t chc ti
cc ti nguyn mng.
Da trn nhng nhu cu c bn trn, ngy nay VPNs pht trin v phn chia ra
lm 3 loi chnh sau:
-
Remote Access VPNs (VPNs truy nhp t xa): cho php truy cp bt c lc no
bng Remote, mobile v cc thit b truyn thng ca nhn vin cc chi nhnh
kt ni n ti nguyn mng ca t chc.
v din rng ca mnh da trn cc th tc khc nhau v khng tun theo mt chun
nht nh ca nh cung cp dch v. Rt nhiu cc h thng mng khng s dng chun
TCP/IP v vy khng th kt ni trc tip vi Internet. c th s dng IP VPN tt c
cc h thng mng ring u phi chuyn sang mt h thng a ch theo chun s dng
trong Internet cng nh b sung cc tnh nng v to knh kt ni o, ci t cng kt
ni Internet c chc nng trong vic chuyn i cc th tc khc nhau sang chun IP.
-
Tnh bo mt:
Tnh bo mt cho khch hng l mt yu t quan trng nht i vi mt gii php
Cung cp tnh nng an ton thch hp bao gm: cung cp mt khu cho mi
ngi s dng trong mng v m ha d liu khi truyn.
Tnh kh dng:
Mt gii php VPN cn thit phi cung cp c tnh bo m v cht lng, hiu
sut s dng dch v cng nh dung lng truyn.
xxxiv
CHNG 2.
2.1.
2.2.1. Aliases
xxxvi
Host: to nhm cc a ch IP
Port: Cho php gom nhm cc port nhng khng cho php to nhm cc
protocol. Cc protocol c s dng trong cc rule
Any: Tt c
Network: a ch mng
PPTP clients: Cc clients thc hin kt ni VPN s dng giao thc PPTP
PPPoE clients: Cc clients thc hin kt ni VPN s dng giao thc PPPoE
xxxviii
CARP
xxxix
Proxy ARP
Other
2.3.
xl
xli
xliii
RRD Graph: Hin th cc thng tin di dng th. Cc thng tin m RRD
Graph s th hin l: System, Traffic, Packet, Quality, Queues.
xliv
CHNG 3.
3.1.
CI T FIREWALL PFSENSE
M hnh thc t
xlv
3.1.1.2.
M hnh gi lp
C 3 network interface:
My o pfSense
-
3.1.2. Ci t h thng
xlvi
3.1.2.1.
Mc ch lm bc ny gi lp 2 kt ni internet (WAN). Nu c 2 ng kt
ni internet ri th khng cn thc hin bc ny m kt ni thng hai ng vo 2
interface ca my pfSense.
Sau khi thm 2 interface v cu hnh IP cho cc interface. Bt y cu hnh
Routing and Remote Access.
Vo Administrator tool => Routing and Remote Access. Chn Configure and
Enable bt chc nng Routing and Remote Access.
Ci t pfSense
xlvii
xlviii
Kim tra trng thi ca interface bng cch vo Status => Interfaces. Nu trng
thi ca cc interface ny up l bnh thng.
Firewall Rule
xlix
li
Vic kim tra v ti u h thng cn c tin hnh tht chi tit vi tng chc
nng m ta trin khai trn h thng. Ngoi ra vic kim tra v ti u ny cn c
tin hnh nh k m bo h thng lun trong trng thi tt nht.
lii
KT LUN
bo v cho h thng mng bn trong th chng ta c nhiu gii php nh s
dng Router Cisco, dng tng la ca Microsoft nh ISA
Tuy nhin nhng thnh phn k trn tng i tn km. V vy i vi ngi
dng khng mun tn tin nhng li mun c mt tng la bo v h thng mng bn
trong (mng ni b) khi m chng ta giao tip vi h thng mng bn ngoi (Internet)
th pfSense l mt gii php tit kim v hiu qu tng i tt i vi ngi dng.
c im cng kh quan trng l cu hnh ci t v s dng phn mm
pfSense khng i hi phi cao nh nhng phn mm mi hin nay. Chng ta ch cn
mt my tnh P3, Ram 128, HDD 1GB th cng dng nn mt tng la pfSense
bo v mng bn trong.
pfSense l mt ng dng c chc nng nh tuyn vo tng la mnh v ng
dng ny s cho php bn m rng mng ca mnh m khng b tha hip v s bo
mt. Phn mm c thit k nh gn, d dng cu hnh thng qua giao din web v c
bit l c kh nng ci t thm gi dch v m rng tnh nng.
Tng la pfSense c th p ng c nhu cu ca mt mng doanh nghip nh
v n cng d dng trong qun l v cung cp nhiu tnh nng nh trong cc sn phm
thng mi. Mc d vy mt s tnh nng c s dng trong cc doanh nghip ln
vn cn nhiu hn ch. Vi thi gian v iu kin thc t cn nhiu hn ch, ti ch
dng li kh nng nghin cu v trin khai c nhng chc nng cn thit, cha
trin khai trn m hnh thc t do khng nh gi ht c nhng u nhc im
ca ng dng ny.
liii
Trang 54
NHN XT CA CN B HNG DN
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
Nguyn c Trung Lp CCMM03C
Trang 55
.............................................................................................................................................
.............................................................................................................................................
.............................................................................................................................................
Trang 56