security toan tap version 1.1 2012

7/22/2019 Security Toan Tap Version 1.1 2012

1/259

T O C B A T D A T S E C U R I T Y T O N T P

Security ton tp Version 1.2 2012

4pro.info__Key Windows Server 2k3,2k8,R2,2012,Kaspersky,Bitdefender,Trendmicro,SharePoint,Exchan
http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


2/259

Ti liu v Bo mt Version 1 2012 7, 2012

Page | 2 Copyright by Tocbatdat

BNG THEO DI THAY I

Phin bn Ngy cp nht Ngi cp nht Ch thch

1 7/2012 Hong Tun t First Release

pro.info__Key Windows Server 2k3,2k8,R2,2012,Kaspersky,Bitdefender,Trendmicro,SharePoint,Exchange

www.cd4pro.info__Key Windows Server 2k3,2k8,R2,2012,Kaspersky,Bitdefender,Trendmicro,SharePoint,Exchange
http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


3/259



Mc lc ti liu

I. MC CH V PHM VI TI LIU ............................................................................................. 9

1. Mc ch ca ti liu......................................................................................................... 92. Phm vi ti liu.................................................................................................................. 9

II. TNG QUAN V AN NINH MNG (SECURITY OVERVIEW).............................................. 101. Khi nim c bn v an ton thng tin (security). ....................................................... 112. H thng mng c bn.................................................................................................... 11

a. M hnh mng OSI...................................................................................................................... 11

b. M hnh mng TCP/IP ................................................................................................................ 17

c. So snh m hnh TCP/IP v OSI ................................................................................................. 19

d. Cu to gi tin IP, TCP,UDP, ICMP .......................................................................................... 19

e. Mt s Port thng s dng........................................................................................................ 22

f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP.......................................... 22

g. Phn tch tng gi tin v ton phin kt ni................................................................................ 22

3. Khi nim v iu khin truy cp (Access Controls). .................................................. 23a. Access Control Systems .............................................................................................................. 23

b. Nguyn tc thit lp Access Control........................................................................................... 24

c. Cc dng Access Controls.................................................................... ....................................... 24

4. Khi nim v Authentications........................................................................................ 27a. Nhng yu t nhn dng v xc thc ngi dng.................................................................. 27

b. Cc phng thc xc thc .......................................................................................................... 27

5. Authorization ................................................................................................................... 31a. C bn vAuthorization ............................................................................................................. 31

b. Cc phng thc Authorization.................................................................................................. 31

6. Khi nim v Accounting................................................................................................ 337. Tam gic bo mt CIA.................................................................................................... 34

a. Confidentiality ............................................................................................................................ 34

b. Integrity ....................................................................................................................................... 35

c. Availability ................................................................................................................................. 35

8. Mt m hc c bn.......................................................................................................... 36

a. Khi nim c bn v mt m hc................................................................................................ 36b. Hm bm Hash ......................................................................................................................... 36

c. M ha i xng Symmetric .................................................................................................... 37

d. M ha bt i xng Assymmetric .......................................................................................... 37

e. Tng quan v h thng PKI ........................................................................................................ 39

f. Thc hnh m ha v gii m vi cng c Cryptography tools.................................................. 42


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


4/259



9. Khi nim c bn v tn cng mng.................................................................................. 42a. bc c bn ca mt cuc tn cng............................................................................................ 42

b. Mt s khi nim v bo mt...................................................................................................... 44

c. Cc phng thc tn cng c bn............................................................................................... 44

d. ch ca cc dng tn cng......................................................................................................... 45III. INFRASTRUCTURE SECURITY (AN NINH H TNG)......................................................... 47

1. Cc gii php v l trnh xy dng bo mt h tng mng ........................................ 483. Thit k m hnh mng an ton..................................................................................... 504. Router v Switch ............................................................................................................. 51

a. Chc nng ca Router ..................................................................................................................... 51

b. Chc nng ca Switch..................................................................................................................... 52

c. Bo mt trn Switch ........................................................................................................................ 52

d. Bomt trn Router ........................................................................................................................ 52

e. Thit lp bo mt cho Router .......................................................................................................... 535. Firewall v Proxy ............................................................................................................ 58

a. Khi nim Firewall ..................................................................................................................... 58

b. Chc nng ca Firewall .............................................................................................................. 58

c. Nguyn l hot ng ca Firewall .............................................................................................. 59

d. Cc loi Firewall ......................................................................................................................... 60

e. Thit k Firewall trong m hnh mng........................................................................................ 61

6. Cu hnh firewall IPtable trn Linux............................................................................ 647. Ci t v cu hnh SQUID lm Proxy Server............................................................. 68

a. Linux SQUID Proxy Server: ....................................................................................................... 68

b. Ci t: ........................................................................................................................................ 68

c. Cu hnh Squid:........................................................................................................................... 70

d. Khi ng Squid: ........................................................................................................................ 72

8. Trin khai VPN trn nn tng OpenVPN..................................................................... 74a. Tng quan v OpenVPN. ............................................................................................................ 74

b. Trin khai OpenVPN vi SSL trn mi trng Ubuntu linux.................................................... 75

9. ng dng VPN bo v h thng Wifi............................................................................ 82

a. Cc phng thc bo mt Wifi................................................................................................... 82b. Thit lp cu hnh trn thit b Access Point v VPN Server 2003............................................ 83

c. To kt ni VPN t cc thit b truy cp qua Wifi...................................................................... 95

10. H thng pht hin v ngn chn truy cp bt hp php IDS/IPS .......................... 100a. Nguyn l phn tch gi tin ....................................................................................................... 100

a. Ci t v cu hnh Snort lm IDS/IPS..................................................................................... 104


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


5/259



11. Ci t v cu hnh Sourcefire IPS............................................................................. 111a. Tnh nng ca hthng IPS Sourcefire .................................................................................... 111

b. M hnh trin khai in hnh h thng IDS/IPS........................................................................ 113

c. Nguyn l hot ng ca h thng IDS/IPS Sourcefire............................................................ 114

d. Thit lp cc thng s qun tr cho cc thit b Sourcefire....................................................... 117e. Upgrade cho cc thit b Sourcefire.......................................................................................... 118

f. Cu hnh cc thit lp h thng (System settings) .................................................................... 118

g. Thit lp qun tr tp trung cho cc thit b Sourcefire............................................................. 122

h. Cu hnh Interface Sets v Detection Engine............................................................................ 124

i. Qun tr v thit lp chnh sch cho IPS................................................................................... 127

j. Phn tch Event v IPS.............................................................................................................. 143

12. Endpoint Security .......................................................................................................... 147

a. Gii php Kaspersky Open Space Security (KOSS)................................................................. 147b. Tnh nng ca gi Kaspersky Endpoint Security...................................................................... 148

c. Lab ci t KSC v Endpoint Security cho my trm.............................................................. 149

13. Data Loss Prevent...................................................................... .................................... 14914. Network Access Control ............................................................................................... 15115. Bo mt h iu hnh................................................................................................... 154

a. Bo mt choh iu hnh Windows......................................................................................... 154

b. Lab: S dng Ipsec Policy bo v mt s ng dng trn Windows..................................... 156

c. Bo v cho h iu hnh Linux................................................................................................. 156

16. Chnh sch an ninh mng............................................................................................. 159a. Yu cu xy dng chnh sch an ninh mng............................................................................. 159

b. Quy trnh tng quan xy dng chnh sch tng quan:.............................................................. 159

c. H thng ISMS ......................................................................................................................... 160

d. ISO 27000 Series ...................................................................................................................... 161

IV. AN TON NG DNG ................................................................................................................. 164

1. Bo mt cho ng dng DNS......................................................................................... 164a. S dng DNS Forwarder........................................................................................................... 164

b. S dng my ch DNS lu tr.................................................................................................. 165

c. S dng DNS Advertiser .......................................................................................................... 165

d. S dng DNS Resolver. ............................................................................................................ 166

e. Bo v b nh m DNS .......................................................................................................... 166

f. Bo mt kt ni bng DDNS..................................................................................................... 166

g. Ngng chy Zone Transfer ....................................................................................................... 167




6/259



h. S dng Firewall kim sot truy cp DNS.................................................................................... 167

i. Ci t kim sot truy cp vo Registry ca DNS......................................................................... 167

j. Ci t kim sot truy cp vo file h thng DNS......................................................................... 168

2. Bo mt cho ng dng Web......................................................................................... 168

a. Gii thiu ..................................................................................................................................... 168b. Cc l hng trn dch v Web ................................................................................................... 168

c. Khai thc l hng bo mt tng h iu hnh v bo mt cho my ch Web ...................... 169

d. Khai thc l hng trn Web Service ......................................................................................... 171

e. Khai thc l hng DoS trn Apache 2.0.x -2.0.64 v 2.2.x2.2.19 ..................................... 173

f. Khai thc l hng trn Web Application .................................................................................. 173

3. An ton dch v Mail Server........................................................................................ 175a. Gii thiu tng quan v SMTP, POP, IMAP................................................................................ 175

b. Cc nguy c b tn cng khi sdng Email...................................................................................................... 1854. Bo mt truy cp t xa................................................................................................. 1875. L hng bo mt Buffer overflow v cch phng chng ........................................... 187

a. L thuyt.............................................................................................. ..................................... 187

b. M t k thut .......................................................................................................................... 188

c. V d c bn........................................................................................ ..................................... 188

d. Trn b nh m trn stack ..................................................................................................... 188

e. M ngun v d ........................................................................................................................ 189

f. Khai thc ................................................................................................................................... 190

g. Chng trn b m ................................................................................................................... 191

h. Thc hnh: ................................................................................................................................ 194

V. AN TON D LIU ...................................................................................................................... 194

1. An ton c s d liu.......................................................................................................... 194a. S viphman ton csd liu. ............................................................................................ 195

b. Cc mc an ton c s d liu............................................................................................ 195

c. Nhng quyn hn khi s dng h c s d liu........................................................................ 196

d. Khung nhnmt c ch bo v................................................................................................ 197

e. Cp php cc quyn truy nhp.................................................................................................. 198f. Kim tra du vt ........................................................................................................................ 201

2. Gim st thng k c s d liu........................................................................................ 2013. Phng thc an ton c s d liu.................................................................................... 208

VI. CC CNG C NH GI V PHN TCH MNG ............................................................. 212

1. K nng Scan Open Port.............................................................................................. 212a. Nguyn tc truyn thng tin TCP/IP............................................................................................. 212




7/259



b. Nguyn tc Scan Port trn mt h thng...................................................................................... 214

c. Scan Port vi Nmap. ..................................................................................................................... 216

2. Scan l hng bo mt trn OS...................................................................................... 219a. S dng Nmap Scan l hng bo mt ca OS..................................................................... 219

b. S dng Nessus Scan l hng bo mt ca OS.................................................................... 220c. S dng GFI Scan l hng bo mt ca OS......................................................................... 228

3. Scan l hng bo mt trn Web................................................................................... 231a. S dng Acunetix scan l hng bo mt trn Web.............................................................. 232

b. Lab S dng IBM App Scan Scan l hng bo mt trn Web............................................. 234

4. K thut phn tch gi tin v nghe nn trn mng. .................................................... 234a. Bn cht ca Sniffer .................................................................................................................. 234

b. M hnh phn tch d liu chuyn nghip cho doanh nghip................................................... 235

c. Mi trng Hub ........................................................................................................................ 236

d. K thut Sniffer trong mi trng Switch................................................................................ 236

e. M hnh Sniffer s dng cng c h tr ARP Attack............................................................... 239

5. Cng c khai thc l hng Metasploit......................................................................... 240a. Gii thiu tng quan v cng c Metasploit............................................................................. 240

b. S dng Metasploit Farmwork ................................................................................................. 242

c. Kt lun ..................................................................................................................................... 248

6. S dng Wireshark v Colasoft phn tch gi tin ................................................. 248d. S dng Wireshark phn tch gi tin v traffic ca h thng mng..................................... 248

e. S dng Colasoft phn tch traffic ca h thng mng........................................................ 252VII.KT LUN ...................................................................................................................................... 259


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


8/259



Bng cc thut ng s dng trong ti liu

STT Thut ng Vit y Mt vi thng tin

1 ATTT An ton thng tin

2 Security Bo Mt3

4

5

6

7

8

9

10

1112

13

14

15




9/259



I. MC CH V PHM VI TI LIU

1. Mc ch ca ti liu

L ti liu o to v An ton thng tin cho cc cn b vn hnh v qun tr mng caABC.Cung cp y cho hc vin cc khi nim, m hnh h thng, cu hnh trin

khai cc gii php, qun l ri ro v nhiu kin thc khc v An ton thng tin.

2. Phm vi ti liu

L ti liu c vit ring cho kha hc An ton thng tin cho cc cn b ca ABC




10/259



II. TNG QUAN VAN NINH MNG (SECURITY OVERVIEW)

1. Khi nim c bn v an ton thng tin (security).

2. H thng mng c bn

3. Khi nim v iu khin truy cp (Access Controls).

4. Khi nim v Authentications

5. Authorization

6. Khi nim v Accounting

7. Tam gic bo mt CIA

8. Mt m hc c bn

9. Khi nim c bn v tn cng mng




11/259



1. Khi nim c bn v an ton thng tin (security).

Mt s t chc ln trn th gii a ra cc khi nim v Security Bo Mt hay An

ton thng tin nh sau:

- Bo mt hay an ton thng tin l mc bo v thng tin trc cc mi e ra v

thng tn l, thng tin khng cn ton vn v thng tin khng sn sng.

- Bo mt hay an ton thng tin l mc bo vchng li cc nguy c vmt an ton

thng tin nhnguy him, thit hi, mt mt v cc ti phm khc. Bo mt nh

l hnh thc vmc bo v thng tin bao gm cu trc v qu trnh x l

nng cao bo mt.

- T chc Institute for Security and Open Methodologies nh ngha Security l hnhthc bo v, ni tch bit gia ti nguyn v nhng mi e ra.

2. H thngmng c bn

a. M hnh mng OSI

Khi mt ng dng hay mt dch v hot ng phc v cc nhu cu trao i thng tin

ca ngi dng, h thng mng s hot ng vic trao i thng tin c din ra

vi nhng quy tc ring.

Khi nhn vo si dy mng hay cc thit b khng dy con ngi s khng th hiu

c nhng nguyn tc truyn thng tin . d dng hiu cc nguyn tc, nguyn l

phc ph qu trnh nghin cu, pht trin ng dngcng nh khc phc s c mng t

chc tiu chun th gii dng m hnh OSI nh l mt tiu chun ISO.

M hnh OSI (Open Systems Interconnection Reference Model, vit ngn l OSI

Model hoc OSI Reference Model) - tm dch l M hnh tham chiu kt ni cch

thng m - l mt thit k da vo nguyn l tng cp, l gii mt cch tru tng k

thut kt ni truyn thng gia cc my vi tnh v thit k giao thc mng gia chng.

M hnh ny c pht trin thnh mt phn trong k hoch Kt ni cc h thng m

(Open Systems Interconnection) do ISO v IUT-T khi xng. N cn c gi l M

hnh by tng ca OSI. (Ngun Wikipedia).


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


12/259



Mc ch ca m hnh OSI:

M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp.

Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng

thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t ccgiao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc"(protocol

stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t

hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong

phn cng, cn nhng tng khc c ci t trong phn mm.

M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng

mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp,

tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny c ngha l cho

d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khcnhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l

cc c t c thu o mt cch ng n). Trong cng ngTCP/IP,cc c t ny

thng c bit n vi ci tn RFC (Requests for Comments, dch st l " ngh

duyt tho v bnh lun"). Trong cng ng OSI, chng l cc tiu chun ISO (ISO

standards).

Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t

nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn

c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao

dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n,

trong tnh nng ca nhiu tng c gp li lm mt.

Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v

hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k

cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v

cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay

di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI,thng c gi l mt "chng giao thc" (v d nhchng giao thc TCP/IP).

M hnh tham chiu OSI l mt cu trc ph h c 7 tng, n xc nh cc yu cu cho

s giao tip gia hai my tnh.M hnh ny c nh ngha biT chc tiu chun

ho quc t(International Organization for Standardization) trongtiu chun s 7498-1


http://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9chttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9chttp://www.cd4pro.info/http://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/IPhttp://vi.wikipedia.org/wiki/IPhttp://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/Ti%C3%AAu_chu%E1%BA%A9n_ISOhttp://vi.wikipedia.org/wiki/Ti%C3%AAu_chu%E1%BA%A9n_ISOhttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9c_TCP/IPhttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9c_TCP/IPhttp://vi.wikipedia.org/wiki/T%E1%BB%95_ch%E1%BB%A9c_ti%C3%AAu_chu%E1%BA%A9n_ho%C3%A1_qu%E1%BB%91c_t%E1%BA%BFhttp://vi.wikipedia.org/wiki/T%E1%BB%95_ch%E1%BB%A9c_ti%C3%AAu_chu%E1%BA%A9n_ho%C3%A1_qu%E1%BB%91c_t%E1%BA%BFhttp://vi.wikipedia.org/wiki/T%E1%BB%95_ch%E1%BB%A9c_ti%C3%AAu_chu%E1%BA%A9n_ho%C3%A1_qu%E1%BB%91c_t%E1%BA%BFhttp://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.ziphttp://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.ziphttp://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.ziphttp://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.ziphttp://vi.wikipedia.org/wiki/T%E1%BB%95_ch%E1%BB%A9c_ti%C3%AAu_chu%E1%BA%A9n_ho%C3%A1_qu%E1%BB%91c_t%E1%BA%BFhttp://vi.wikipedia.org/wiki/T%E1%BB%95_ch%E1%BB%A9c_ti%C3%AAu_chu%E1%BA%A9n_ho%C3%A1_qu%E1%BB%91c_t%E1%BA%BFhttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9c_TCP/IPhttp://vi.wikipedia.org/wiki/Ti%C3%AAu_chu%E1%BA%A9n_ISOhttp://vi.wikipedia.org/wiki/%C4%90%E1%BB%81_ngh%E1%BB%8B_duy%E1%BB%87t_th%E1%BA%A3o_v%C3%A0_b%C3%ACnh_lu%E1%BA%ADn_%28RFC%29http://vi.wikipedia.org/wiki/IPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9c


13/259



(ISO standard 7498-1). Mc ch ca m hnh l cho php s tng giao

(interoperability) gia cc h my (platform) a dng c cung cp bi cc nh sn

xut khc nhau. M hnh cho php tt c cc thnh phn ca mng hot ng ha ng,

bt k thnh phn y do ai to dng. Vo nhng nm cuithp nin 1980,ISO tin

c vic thc thi m hnh OSI nh mt tiu chun mng.

Ti thi im , TCP/IP c s dng ph bin trong nhiu nm. TCP/IP l nn

tng ca ARPANET, v cc mng khc - l nhng ci c tin ha v tr thnh

Internet. (Xin xem thmRFC 871 bit c s khc bit ch yu gia TCP/IP v

ARPANET.)

Hin nay ch c mt phn ca m hnh OSI c s dng. Nhiu ngi tin rng i b

phn cc c t ca OSI qu phc tp v vic ci t y cc chc nng ca n s

i hi mt lng thi gian qu di, cho d c nhiu ngi nhit tnh ng h m hnhOSI i chng na.

Chi tit cctng ca m hnh OSI:

Tng 1: Tng vt l:

Tng vt lnh ngha tt c cc c t

v in v vt l cho cc thit b.

Trong bao gm b tr ca ccchn

cm (pin), cc hiu in th, v cc

c t vcp ni(cable). Cc thit b

tng vt l bao gm Hub, b lp

(repeater), thit b tip hp mng

(network adapter) v thit b tip hp

knh my ch (Host Bus Adapter)-

(HBA dng trong mng lu tr

(Storage Area Network)). Chc nngv dch v cn bn c thc hin bi

tng vt l bao gm:

Thit lp hoc ngt mchkt ni in


http://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.ziphttp://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.ziphttp://vi.wikipedia.org/wiki/Th%E1%BA%ADp_ni%C3%AAn_1980http://vi.wikipedia.org/wiki/TCP/IPhttp://vi.wikipedia.org/wiki/ARPANEThttp://vi.wikipedia.org/wiki/ARPANEThttp://tools.ietf.org/html/871http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/w/index.php?title=T%E1%BA%A7ng_v%E1%BA%ADt_l%C3%AD&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=T%E1%BA%A7ng_v%E1%BA%ADt_l%C3%AD&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Ch%C3%A2n_c%E1%BA%AFm&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Ch%C3%A2n_c%E1%BA%AFm&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Ch%C3%A2n_c%E1%BA%AFm&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Ch%C3%A2n_c%E1%BA%AFm&action=edit&redlink=1http://vi.wikipedia.org/wiki/Hi%E1%BB%87u_%C4%91i%E1%BB%87n_th%E1%BA%BFhttp://vi.wikipedia.org/wiki/Hi%E1%BB%87u_%C4%91i%E1%BB%87n_th%E1%BA%BFhttp://vi.wikipedia.org/wiki/D%C3%A2y_c%C3%A1phttp://vi.wikipedia.org/wiki/D%C3%A2y_c%C3%A1phttp://vi.wikipedia.org/w/index.php?title=Ethernet_hub&action=edit&redlink=1http://vi.wikipedia.org/wiki/B%E1%BB%99_l%E1%BA%B7phttp://vi.wikipedia.org/wiki/B%E1%BB%99_l%E1%BA%B7phttp://vi.wikipedia.org/wiki/Card_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/Card_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/HBAhttp://vi.wikipedia.org/wiki/HBAhttp://vi.wikipedia.org/wiki/HBAhttp://vi.wikipedia.org/wiki/M%E1%BA%A1ng_l%C6%B0u_tr%E1%BB%AFhttp://vi.wikipedia.org/wiki/M%E1%BA%A1ng_l%C6%B0u_tr%E1%BB%AFhttp://vi.wikipedia.org/w/index.php?title=K%E1%BA%BFt_n%E1%BB%91i_%C4%91i%E1%BB%87n&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=K%E1%BA%BFt_n%E1%BB%91i_%C4%91i%E1%BB%87n&action=edit&redlink=1http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/w/index.php?title=K%E1%BA%BFt_n%E1%BB%91i_%C4%91i%E1%BB%87n&action=edit&redlink=1http://vi.wikipedia.org/wiki/M%E1%BA%A1ng_l%C6%B0u_tr%E1%BB%AFhttp://vi.wikipedia.org/wiki/HBAhttp://vi.wikipedia.org/wiki/HBAhttp://vi.wikipedia.org/wiki/Card_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/B%E1%BB%99_l%E1%BA%B7phttp://vi.wikipedia.org/w/index.php?title=Ethernet_hub&action=edit&redlink=1http://vi.wikipedia.org/wiki/D%C3%A2y_c%C3%A1phttp://vi.wikipedia.org/wiki/Hi%E1%BB%87u_%C4%91i%E1%BB%87n_th%E1%BA%BFhttp://vi.wikipedia.org/w/index.php?title=Ch%C3%A2n_c%E1%BA%AFm&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Ch%C3%A2n_c%E1%BA%AFm&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=T%E1%BA%A7ng_v%E1%BA%ADt_l%C3%AD&action=edit&redlink=1http://tools.ietf.org/html/871http://vi.wikipedia.org/wiki/ARPANEThttp://vi.wikipedia.org/wiki/TCP/IPhttp://vi.wikipedia.org/wiki/Th%E1%BA%ADp_ni%C3%AAn_1980http://standards.iso.org/ittf/PubliclyAvailableStandards/s020269_ISO_IEC_7498-1_1994%28E%29.zip


14/259



(electrical connection) vi mt [[mi trng truyn dnphng tintruyn thng

(transmission medium).

Tham gia vo quy trnh m trong cc ti nguyn truyn thng c chia s hiu qu

gia nhiu ngi dng. Chng hn gii quyt tranh chp ti nguyn (contention) viu khin lu lng.

iu bin(modulation), hoc bini gia biu dind liu s(digital data) ca cc

thit b ngi dng v cc tn hiu tng ng c truyn qua knh truyn thng

(communication channel).

Cp (bus)SCSI song song hot ng tng cp ny. Nhiu tiu chun khc nhau ca

Ethernet dnh cho tng vt l cng nm trong tng ny; Ethernet nhp tng vt l vi

tng lin kt d liu vo lm mt. iu tng t cng xy ra i vi cc mng cc bnhToken ring,FDDI vIEEE 802.11.]]

Tng 2: Tng lin kt d liu (Data Link Layer)

Tng lin kt d liu cung cp cc phng tin c tnh chc nng v quy trnh

truyn d liu gia cc thc th mng, pht hin v c th sa cha cc li trong tng

vt l nu c. Cch nh a ch mang tnh vt l, ngha l a ch (a ch MAC)c

m ha cng vo trong cc th mng (network card) khi chng c sn xut. H thng

xc nh a ch ny khng c ng cp (flat scheme). Ch : V d in hnhnht l

Ethernet.Nhng v d khc v cc giao thc lin kt d liu (data link protocol) l cc

giao thcHDLC;ADCCP dnh cho cc mngim-ti-imhoc mngchuyn mch

gi (packet-switched networks) v giao thc Aloha cho cc mng cc b.Trong cc

mng cc b theo tiu chun IEEE 802,v mt s mng theo tiu chun khc, chng

hn FDDI, tng lin kt d liu c th c chia ra thnh 2 tng con: tng MAC

(Media Access Control - iu khin Truy nhp ng truyn) v tng LLC (Logical

Link Control - iu khin Lin kt Lgic) theo tiu chunIEEE 802.2.

Tng lin kt d liu chnh l ni cc cu ni (bridge) v cc thit b chuyn mch

(switches) hot ng. Kt ni ch c cung cp gia cc nt mng c ni vi nhau

trong ni b mng. Tuy nhin, c lp lun kh hp l cho rng thc ra cc thit b ny

thuc v tng 2,5 ch khng hon ton thuc v tng 2.


http://vi.wikipedia.org/wiki/T%E1%BA%ADp_tinhttp://vi.wikipedia.org/wiki/T%E1%BA%ADp_tinhttp://vi.wikipedia.org/w/index.php?title=Tranh_ch%E1%BA%A5p_t%C3%A0i_nguy%C3%AAn_%28truy%E1%BB%81n_th%C3%B4ng%29&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Tranh_ch%E1%BA%A5p_t%C3%A0i_nguy%C3%AAn_%28truy%E1%BB%81n_th%C3%B4ng%29&action=edit&redlink=1http://vi.wikipedia.org/wiki/%C4%90i%E1%BB%81u_khi%E1%BB%83n_l%C6%B0u_l%C6%B0%E1%BB%A3nghttp://vi.wikipedia.org/wiki/%C4%90i%E1%BB%81u_khi%E1%BB%83n_l%C6%B0u_l%C6%B0%E1%BB%A3nghttp://vi.wikipedia.org/w/index.php?title=%C4%90i%E1%BB%81u_bi%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=%C4%90i%E1%BB%81u_bi%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=D%E1%BB%AF_li%E1%BB%87u_s%E1%BB%91&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=D%E1%BB%AF_li%E1%BB%87u_s%E1%BB%91&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=K%C3%AAnh_%28truy%E1%BB%81n_th%C3%B4ng%29&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=SCSI_song_song&action=edit&redlink=1http://vi.wikipedia.org/wiki/Ethernethttp://vi.wikipedia.org/wiki/M%E1%BA%A1ng_c%E1%BB%A5c_b%E1%BB%99http://vi.wikipedia.org/wiki/M%E1%BA%A1ng_c%E1%BB%A5c_b%E1%BB%99http://vi.wikipedia.org/wiki/Token_ringhttp://vi.wikipedia.org/wiki/Token_ringhttp://vi.wikipedia.org/w/index.php?title=FDDI&action=edit&redlink=1http://vi.wikipedia.org/wiki/IEEE_802.11http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_li%C3%AAn_k%E1%BA%BFt_d%E1%BB%AF_li%E1%BB%87uhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_li%C3%AAn_k%E1%BA%BFt_d%E1%BB%AF_li%E1%BB%87uhttp://vi.wikipedia.org/wiki/%C4%90%E1%BB%8Ba_ch%E1%BB%89_MAChttp://vi.wikipedia.org/wiki/Ethernethttp://vi.wikipedia.org/wiki/Ethernethttp://vi.wikipedia.org/w/index.php?title=HDLC&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=HDLC&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=ADCCP&action=edit&redlink=1http://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/wiki/Chuy%E1%BB%83n_m%E1%BA%A1ch_g%C3%B3ihttp://vi.wikipedia.org/wiki/Chuy%E1%BB%83n_m%E1%BA%A1ch_g%C3%B3ihttp://vi.wikipedia.org/wiki/Alohahttp://vi.wikipedia.org/wiki/M%E1%BA%A1ng_c%E1%BB%A5c_b%E1%BB%99http://vi.wikipedia.org/wiki/M%E1%BA%A1ng_c%E1%BB%A5c_b%E1%BB%99http://vi.wikipedia.org/wiki/IEEE_802http://vi.wikipedia.org/wiki/IEEE_802http://vi.wikipedia.org/wiki/IEEE_802http://vi.wikipedia.org/w/index.php?title=FDDI&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=FDDI&action=edit&redlink=1http://vi.wikipedia.org/wiki/MAChttp://vi.wikipedia.org/wiki/LLChttp://vi.wikipedia.org/w/index.php?title=IEEE_802.2&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=IEEE_802.2&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=C%E1%BA%A7u_n%E1%BB%91i_m%E1%BA%A1ng&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=C%E1%BA%A7u_n%E1%BB%91i_m%E1%BA%A1ng&action=edit&redlink=1http://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/w/index.php?title=C%E1%BA%A7u_n%E1%BB%91i_m%E1%BA%A1ng&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=IEEE_802.2&action=edit&redlink=1http://vi.wikipedia.org/wiki/LLChttp://vi.wikipedia.org/wiki/MAChttp://vi.wikipedia.org/w/index.php?title=FDDI&action=edit&redlink=1http://vi.wikipedia.org/wiki/IEEE_802http://vi.wikipedia.org/wiki/M%E1%BA%A1ng_c%E1%BB%A5c_b%E1%BB%99http://vi.wikipedia.org/wiki/Alohahttp://vi.wikipedia.org/wiki/Chuy%E1%BB%83n_m%E1%BA%A1ch_g%C3%B3ihttp://vi.wikipedia.org/wiki/Chuy%E1%BB%83n_m%E1%BA%A1ch_g%C3%B3ihttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_%C4%91i%E1%BB%83m-t%E1%BB%9Bi-%C4%91i%E1%BB%83mhttp://vi.wikipedia.org/w/index.php?title=ADCCP&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=HDLC&action=edit&redlink=1http://vi.wikipedia.org/wiki/Ethernethttp://vi.wikipedia.org/wiki/%C4%90%E1%BB%8Ba_ch%E1%BB%89_MAChttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_li%C3%AAn_k%E1%BA%BFt_d%E1%BB%AF_li%E1%BB%87uhttp://vi.wikipedia.org/wiki/IEEE_802.11http://vi.wikipedia.org/w/index.php?title=FDDI&action=edit&redlink=1http://vi.wikipedia.org/wiki/Token_ringhttp://vi.wikipedia.org/wiki/M%E1%BA%A1ng_c%E1%BB%A5c_b%E1%BB%99http://vi.wikipedia.org/wiki/Ethernethttp://vi.wikipedia.org/w/index.php?title=SCSI_song_song&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=K%C3%AAnh_%28truy%E1%BB%81n_th%C3%B4ng%29&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=D%E1%BB%AF_li%E1%BB%87u_s%E1%BB%91&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=%C4%90i%E1%BB%81u_bi%E1%BA%BFn&action=edit&redlink=1http://vi.wikipedia.org/wiki/%C4%90i%E1%BB%81u_khi%E1%BB%83n_l%C6%B0u_l%C6%B0%E1%BB%A3nghttp://vi.wikipedia.org/w/index.php?title=Tranh_ch%E1%BA%A5p_t%C3%A0i_nguy%C3%AAn_%28truy%E1%BB%81n_th%C3%B4ng%29&action=edit&redlink=1http://vi.wikipedia.org/wiki/T%E1%BA%ADp_tinhttp://vi.wikipedia.org/wiki/T%E1%BA%ADp_tin


15/259



Tng 3: Tng mng (Network Layer)

Tng mngcung cp cc chc nng v qui trnh cho vic truyn cc chui d liu c

di a dng, t mt ngun ti mt ch, thng qua mt hoc nhiu mng, trong khi vn

duy trcht lng dch v(quality of service) m tng giao vn yu cu. Tng mngthc hin chc nngnh tuyn,.Ccthit b nh tuyn(router) hot ng ti tng ny

gi d liu ra khp mng m rng, lm cho lin mng tr nn kh thi (cn c thit

b chuyn mch(switch) tng 3, cn gi l chuyn mch IP). y l mt h thng nh

v a ch lgic (logical addressing scheme) cc gi tr c chn bi k s mng. H

thng ny c cu trc ph h. V d in hnh ca giao thc tng 3 lgiao thc IP.

Tng 4: Tng giao vn (Transport Layer)

Tng giao vncung cp dch v chuyn dng chuyn d liu gia cc ngi dng tiu cui, nh cc tng trn khng phi quan tm n vic cung cp dch v truyn

d liu ngtin cy v hiu qu. Tng giao vn kim sot tin cy ca mt kt ni

c cho trc. Mt s giao thc c nh hng trng thi v kt ni (state and

connection orientated). C ngha l tng giao vn c th theo di cc gi tin v truyn

li cc gi b tht bi. Mt v d in hnh ca giao thc tng 4 l TCP. Tng ny l ni

cc thng ip c chuyn sang thnh cc gi tinTCP hocUDP. tng 4 a ch

c nh l address ports, thng qua address ports phn bit c ng dng tra o

i.

Tng 5: Tng phin (Session layer)

Tng phinkim sot cc (phin) hi thoi gia cc my tnh. Tng ny thit lp, qun

l v kt thc cc kt ni gia trnh ng dng a phng v trnh ng dng xa. Tng

ny cn h tr hot ngsong cng (duplex) hocbn song cng (half-duplex) hoc

n cng(Single) v thit lp cc qui trnh nh du im hon thnh (checkpointing) -

gip vic phc hi truyn thng nhanh hn khi c li xy ra, v im hon thnh

c nh du - tr hon (adjournment), kt thc (termination) v khi ng li(restart). M hnh OSI u nhim cho tng ny trch nhim "ngt mch nh nhng"

(graceful close) cc phin giao dch (mt tnh cht ca giao thc kim sot giao vn

TCP)v trch nhim kim tra v phc hi phin, y l phn thng khng c dng

n trong b giao thcTCP/IP.


http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/Ch%E1%BA%A5t_l%C6%B0%E1%BB%A3ng_d%E1%BB%8Bch_v%E1%BB%A5http://vi.wikipedia.org/wiki/Ch%E1%BA%A5t_l%C6%B0%E1%BB%A3ng_d%E1%BB%8Bch_v%E1%BB%A5http://vi.wikipedia.org/wiki/Ch%E1%BA%A5t_l%C6%B0%E1%BB%A3ng_d%E1%BB%8Bch_v%E1%BB%A5http://vi.wikipedia.org/wiki/%C4%90%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/%C4%90%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_%C4%91%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_%C4%91%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_%C4%91%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_IPhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_IPhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_IPhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_giao_v%E1%BA%ADnhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_giao_v%E1%BA%ADnhttp://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/UDPhttp://vi.wikipedia.org/wiki/UDPhttp://vi.wikipedia.org/wiki/UDPhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_phi%C3%AAnhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_phi%C3%AAnhttp://vi.wikipedia.org/wiki/Song_c%C3%B4nghttp://vi.wikipedia.org/wiki/Song_c%C3%B4nghttp://vi.wikipedia.org/wiki/B%C3%A1n_song_c%C3%B4nghttp://vi.wikipedia.org/wiki/B%C3%A1n_song_c%C3%B4nghttp://vi.wikipedia.org/w/index.php?title=%C4%90%C6%A1n_c%C3%B4ng&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=%C4%90%C6%A1n_c%C3%B4ng&action=edit&redlink=1http://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/TCP/IPhttp://vi.wikipedia.org/wiki/TCP/IPhttp://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/TCP/IPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/w/index.php?title=%C4%90%C6%A1n_c%C3%B4ng&action=edit&redlink=1http://vi.wikipedia.org/wiki/B%C3%A1n_song_c%C3%B4nghttp://vi.wikipedia.org/wiki/Song_c%C3%B4nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_phi%C3%AAnhttp://vi.wikipedia.org/wiki/UDPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_giao_v%E1%BA%ADnhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_IPhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_chuy%E1%BB%83n_m%E1%BA%A1chhttp://vi.wikipedia.org/wiki/Thi%E1%BA%BFt_b%E1%BB%8B_%C4%91%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/%C4%90%E1%BB%8Bnh_tuy%E1%BA%BFnhttp://vi.wikipedia.org/wiki/Ch%E1%BA%A5t_l%C6%B0%E1%BB%A3ng_d%E1%BB%8Bch_v%E1%BB%A5http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1ng


16/259



Tng 6: Tng trnh din (Presentation layer)

Lp trnh din hot ng nh tng d liu trn mng. lp ny trn my tnh truyn d

liu lm nhim v dch d liu c gi t tng Application sang dng Fomat chung.

V ti my tnh nhn, lp ny li chuyn t Fomat chung sang nh dng ca tngApplication. Lp th hin thc hin cc chc nng sau: - Dch cc m k t t ASCII

sang EBCDIC. - Chuyn i d liu, v d t s interger sang s du phy ng. - Nn

d liu gim lng d liu truyn trn mng. - M ho v gii m d liu m

bo s bo mt trn mng.

Tng 7: Tng ng dng (Application layer)

Tng ng dng l tng gn vi ngi s dng nht. N cung cp phng tin cho

ngi dng truy nhp cc thng tin v d liu trn mng thng qua chng trnh ngdng. Tng nyl giao din chnh ngi dng tng tc vi chng trnh ng dng,

v qua vi mng. Mt s v d v cc ng dng trong tng ny bao gm Telnet,

Giao thc truyn tp tin FTP v Giao thc truyn th in t SMTP, HTTP,X.400

Mail remote

M hnh m t d hiu m hnh OSI vi cc hnh thc trao i thng tin thc t:


http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5nghttp://www.cd4pro.info/http://vi.wikipedia.org/wiki/Telnethttp://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/SMTPhttp://vi.wikipedia.org/wiki/HTTPhttp://vi.wikipedia.org/w/index.php?title=X.400_Mail&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=X.400_Mail&action=edit&redlink=1http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/w/index.php?title=X.400_Mail&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=X.400_Mail&action=edit&redlink=1http://vi.wikipedia.org/wiki/HTTPhttp://vi.wikipedia.org/wiki/SMTPhttp://vi.wikipedia.org/wiki/FTPhttp://vi.wikipedia.org/wiki/Telnethttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5ng


17/259



b. M hnh mng TCP/IP

TCP/IP (ting Anh:Internet protocol suite hoc IP suite hoc TCP/IP protocol suite -

b giao thc lin mng), l mt b ccgiao thc truyn thngci tchng giao thcmInternet v hu ht cc mngmy tnh thng mi ang chy trn . B giao thc

ny c t tn theo hai giao thc chnh ca n lTCP (Giao thc iu khin Giao

vn) v IP (Giao thc Lin mng). Chng cng l hai giao thc u tin c nh

ngha.

Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hp cc

tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn d liu, v

cung cp cho ccgiao thc tng cp trnmt dch v c nh ngha r rng da trn

vic s dng cc dch v ca cc tng thp hn. V mt lgic, cc tng trn gn vingi dng hn v lm vic vi d liu tru tng hn, chng da vo cc giao thc

tng cp di bin i d liu thnh cc dng m cui cng c th c truyn i

mt cch vt l.


http://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Anhhttp://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Anhhttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_truy%E1%BB%81n_th%C3%B4nghttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_truy%E1%BB%81n_th%C3%B4nghttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9chttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9chttp://vi.wikipedia.org/wiki/Internethttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/IPhttp://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_tr%C3%AAn&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_tr%C3%AAn&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_d%C6%B0%E1%BB%9Bi&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_d%C6%B0%E1%BB%9Bi&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_d%C6%B0%E1%BB%9Bi&action=edit&redlink=1http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_d%C6%B0%E1%BB%9Bi&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_d%C6%B0%E1%BB%9Bi&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Giao_th%E1%BB%A9c_t%E1%BA%A7ng_c%E1%BA%A5p_tr%C3%AAn&action=edit&redlink=1http://vi.wikipedia.org/wiki/IPhttp://vi.wikipedia.org/wiki/TCPhttp://vi.wikipedia.org/wiki/Internethttp://vi.wikipedia.org/wiki/Ch%E1%BB%93ng_giao_th%E1%BB%A9chttp://vi.wikipedia.org/wiki/Giao_th%E1%BB%A9c_truy%E1%BB%81n_th%C3%B4nghttp://vi.wikipedia.org/wiki/Ti%E1%BA%BFng_Anh


18/259



M hnh OSI miu t mt tp c nh gm 7 tng m mt s nh sn xut la chn v

n c th c so snh tng i vi b giao thc TCP/IP. S so snh ny c th gy

nhm ln hoc mang li s hiu bit su hn v b giao thc TCP/IP.

Tng ng dng:

Gm cc ng dng: DNS, TFTP,

TLS/SSL, FTP, HTTP, IMAP, IRC,

NNTP, POP3, SIP, SMTP, SNMP,

SSH, TELNET, ECHO, BitTorrent,

RTP,PNRP,rlogin,ENRP,

Cc giao thc nh tuyn nhBGP v

RIP, v mt s l do, chy trn TCPv UDP - theo th t tng cp: BGP

dng TCP, RIP dng UDP - cn c

th c coil mt phn ca tng ng

dnghoctng mng.

Tng giao vn:

Gm cc giao thc:TCP, UDP,

DCCP,SCTP,IL,RUDP,

Cc giao thc nh tuyn nh OSPF (tuyn ngn nht c chn u tin),chy trn

IP, cng c th c coi l mt phn ca tng giao vn, hoc tng mng. ICMP

(Internet control message protocol| - tm dch l Giao thc iu khin thng ip

Internet) vIGMP (Internet group management protocol - tm dch l Giao thc qun

l nhm Internet) chy trn IP, c th c coi l mt phn catng mng.

Tng mng:

Giao thc:IP (IPv4,IPv6)ARP (Address Resolution Protocol| - tm dch l Giao thc

tm a ch) v RARP (Reverse Address Resolution Protocol - tm dch l Giao thc

tm a ch ngc li) hot ng bn di IP nhng trn tng lin kt(link layer),

vy c th ni l n nm khong trung gian gia hai tng.


http://vi.wikipedia.org/wiki/M%C3%B4_h%C3%ACnh_OSIhttp://vi.wikipedia.org/wiki/Domain_Name_Systemhttp://vi.wikipedia.org/w/index.php?title=Trivial_File_Transfer_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Transport_Layer_Security&action=edit&redlink=1http://vi.wikipedia.org/wiki/File_Transfer_Protocolhttp://vi.wikipedia.org/wiki/HyperText_Transfer_Protocolhttp://vi.wikipedia.org/w/index.php?title=Internet_Message_Access_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/Internet_Relay_Chathttp://vi.wikipedia.org/w/index.php?title=Network_News_Transfer_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Post_Office_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Session_Initiation_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/Simple_Mail_Transfer_Protocolhttp://vi.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://vi.wikipedia.org/wiki/Secure_Shellhttp://vi.wikipedia.org/wiki/Telnethttp://vi.wikipedia.org/w/index.php?title=ECHO_protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/BitTorrenthttp://vi.wikipedia.org/w/index.php?title=Real-time_Transport_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Peer_Name_Resolution_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Rlogin&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Endpoint_Handlespace_Redundancy_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Endpoint_Handlespace_Redundancy_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/BGPhttp://vi.wikipedia.org/wiki/BGPhttp://vi.wikipedia.org/wiki/RIPhttp://vi.wikipedia.org/wiki/RIPhttp://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/wiki/Transmission_Control_Protocolhttp://vi.wikipedia.org/wiki/Transmission_Control_Protocolhttp://vi.wikipedia.org/wiki/User_Datagram_Protocolhttp://vi.wikipedia.org/w/index.php?title=Datagram_Congestion_Control_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Stream_Control_Transmission_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=IL_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Reliable_User_Datagram_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Reliable_User_Datagram_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=OSPF&action=edit&redlink=1http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_giao_v%E1%BA%ADnhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/w/index.php?title=ICMP&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=IGMP&action=edit&redlink=1http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/w/index.php?title=Internet_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Internet_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/IPv4http://vi.wikipedia.org/wiki/IPv6http://vi.wikipedia.org/w/index.php?title=ARP&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=RARP&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=T%E1%BA%A7ng_li%C3%AAn_k%E1%BA%BFt&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=T%E1%BA%A7ng_li%C3%AAn_k%E1%BA%BFt&action=edit&redlink=1http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/w/index.php?title=T%E1%BA%A7ng_li%C3%AAn_k%E1%BA%BFt&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=RARP&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=ARP&action=edit&redlink=1http://vi.wikipedia.org/wiki/IPv6http://vi.wikipedia.org/wiki/IPv4http://vi.wikipedia.org/w/index.php?title=Internet_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/w/index.php?title=IGMP&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=ICMP&action=edit&redlink=1http://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_giao_v%E1%BA%ADnhttp://vi.wikipedia.org/w/index.php?title=OSPF&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Reliable_User_Datagram_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=IL_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Stream_Control_Transmission_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Datagram_Congestion_Control_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/User_Datagram_Protocolhttp://vi.wikipedia.org/wiki/Transmission_Control_Protocolhttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_m%E1%BA%A1nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5nghttp://vi.wikipedia.org/wiki/T%E1%BA%A7ng_%E1%BB%A9ng_d%E1%BB%A5nghttp://vi.wikipedia.org/wiki/RIPhttp://vi.wikipedia.org/wiki/BGPhttp://vi.wikipedia.org/w/index.php?title=Endpoint_Handlespace_Redundancy_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Rlogin&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Peer_Name_Resolution_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Real-time_Transport_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/BitTorrenthttp://vi.wikipedia.org/w/index.php?title=ECHO_protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/Telnethttp://vi.wikipedia.org/wiki/Secure_Shellhttp://vi.wikipedia.org/wiki/Simple_Network_Management_Protocolhttp://vi.wikipedia.org/wiki/Simple_Mail_Transfer_Protocolhttp://vi.wikipedia.org/w/index.php?title=Session_Initiation_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Post_Office_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Network_News_Transfer_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/Internet_Relay_Chathttp://vi.wikipedia.org/w/index.php?title=Internet_Message_Access_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/HyperText_Transfer_Protocolhttp://vi.wikipedia.org/wiki/File_Transfer_Protocolhttp://vi.wikipedia.org/w/index.php?title=Transport_Layer_Security&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Trivial_File_Transfer_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/Domain_Name_Systemhttp://vi.wikipedia.org/wiki/M%C3%B4_h%C3%ACnh_OSI


19/259



Tng lin kt:

Gm cc giao thc: Ethernet, Wi-Fi, Token ring, PPP, SLIP, FDDI, ATM, Frame

Relay,SMDS,

c. So snh m hnh TCP/IP v OSI

M hnh n gin hn m hnh OSI vn th hin c qu trnh giao tip trn mng.

M hnh TCP/IP c chia lm 4 Layer

OSI Model TCP/IP Model7. Application 4. Application6. Presentation5. Session4. Transport 3. Transport

3. Network 2. Internet2. Data Link 1. Network Access1. Physical

d. Cu to gi tin IP, TCP,UDP, ICMP

phc v cng tc nghin cu v Security cn phi hiu r cu to gi tin cc layer

c th hiu v phn tch gi tin.

M hnh ng gi thng tin cc Layer ca m hnh TCP/IP


http://vi.wikipedia.org/wiki/Ethernethttp://vi.wikipedia.org/wiki/Wi-Fihttp://vi.wikipedia.org/wiki/Token_ringhttp://vi.wikipedia.org/wiki/Point-to-Point_Protocolhttp://vi.wikipedia.org/w/index.php?title=Serial_Line_Internet_Protocol&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Fiber_distributed_data_interface&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Asynchronous_Transfer_Mode&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Frame_Relay&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Frame_Relay&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=SMDS&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=SMDS&action=edit&redlink=1http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://vi.wikipedia.org/w/index.php?title=SMDS&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Frame_Relay&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Frame_Relay&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Asynchronous_Transfer_Mode&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Fiber_distributed_data_interface&action=edit&redlink=1http://vi.wikipedia.org/w/index.php?title=Serial_Line_Internet_Protocol&action=edit&redlink=1http://vi.wikipedia.org/wiki/Point-to-Point_Protocolhttp://vi.wikipedia.org/wiki/Token_ringhttp://vi.wikipedia.org/wiki/Wi-Fihttp://vi.wikipedia.org/wiki/Ethernet


20/259



Cu to gi tin IPv4

y l cu to ca gi

tin IPv4, gm phn

Header v data. Headerbao gm 160 hoc 192

bits phn cn li l Data.

Phn a ch l 32bits

Cu to gi tin IPv6:

Gi tin IPv6 cng gm hai

phn l Hearder v Data.

Phn Header ca gi tin

bao gm 40 octec

(320bits), trong a ch

IPv6 l 128bit.

Cu to ca gi tin TCP:


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


21/259



Cu to ca gi tin TCP bao gm hai phn Header v Data. Trong phn Header l

192bit.

Ba bc bt u kt ni TCP:

+ Bc I: Client bn n Server mt gi

tin SYN

+ Bc II: Server tr li ti Client mt

gi tin SYN/ACK

+ Bc III: Khi Client nhn c gi tin SYN/ACK s gi li server mt gi ACK v

qu trnh trao i thng tin gia hai my bt u.

Bn bc kt thc kt ni TCP:

+ Bc I: Client gi n Server mt gi tin

FIN ACK

+ Bc II:Server gi li cho Client mt gi

tin ACK

+ Bc III: Server li gi cho Client mt gi FIN ACK

+ Bc IV: Client gi li cho Server gi ACK v qu trnh ngt kt ni gia Server v

Client c thc hin.

Cu to gi tin UDP:

G

i

t

i

UDP bao gm hai phn Header v Data, trong phn Header gm 64bit.


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


22/259



Cu to gi tin ICMP

Type (8 bits) [8 bt s dng nhn din loi ICMP]

Code (8 bits) [Mi Type c th c nhng code c th ring miu t cho dng]

Checksum (16 bits) [Checksum gm 16bits]

Message (Khng c nh) [Ph thuc vo type v code]

e. Mt s Port thng s dng

nhiu dch v c th cng lc giao tip trn mt kt ni, mi dch v c s dng

mt port nht nh. Khi nghin cu v Security chng ta cng nn c mt s kin thc

v cc port hay c s dng:

Protocol PortFTP 20/21SSH 22Telnet 23SMTP 25DNS 53TFTP 69

HTTP 80POP3 110SNMP 161/162HTTPS 443SMB 445NetBIOS 135,137,139VPN 1723,500Remote Desktop 3389

f. S dng cng c Sniffer phn tch gi tin IP, ICMP, UDP, TCP.

Thc hnh:Ci t Wireshark v Colasoft phn tch

g. Phn tch tng gi tin v ton phin kt ni

Thc hnh:Ci t Wireshark v Colasoft phn tch




23/259



3. Khi nim v iu khin truy cp (Access Controls).

Trc khi c cp thm quyn mi ngi u truy cp vi quyn user Anonymouse.

Sau khi ngi dng c xc thc (Authentication)s c h thng cp cho thm

quyn s dng ti nguyn (Authorization) v ton b qu trnh truy cp ca ngidng s c gim st v ghi li (Accounting).

a. Access Control Systems

Ti nguyn ch c th truy cp bi nhng c nhn c xc thc. Qu trnh qun l

truy cp ti nguyn ca ngi dng cn thc hin qua cc bc:

- Identification: Qu trnh nhn dng ngi dng, ngi dng cung cp cc thng tin

cho hthng nhn dng.

- Authentication: Bc xc thc ngi dng, ngi dng cung cp cc thng tin xc

nhn dng, hthng tin hnh xc thc bng nhiu phng thc khc nhau.

- Authorization:Thm quyn truy cp ti nguyn c hthngcp cho ngi dng sau

khi xc thc Authentication.

- Accounting: Hthng gim st v thng k qu trnh truy cp ca ngi dng vo cc

vng ti nguyn.

Tt c cc h thng iu khin truy cp (access control systems) u phi c ba yu t

c bn nht:

- Subjects:Ton bi tng c thgn quyn truy cp. C thcoi y l User/Group

trong hthng

- Objects:Ti nguyn c sdng.

- Access Permissions c sdng gn quyn truy cp cc Objects cho Subjects. (V

dmt User l mt Subject, mt foder l mt Object, Permission l quyn gn cho User

truy cp vo Folder). Bng Access Permissions cho mt i tng gi l Access

Control List (ACLs), ACL ca ton b h thng c thng k trong bng Access

Control Entries (ACEs).


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


24/259



b. Nguyn tc thit lp Access Control

Ngi lm v chnh sch bo mt cn phi a ra cc nguyn tc qun tr ti nguyn h

thng m bo: Bo mt nht cho ti nguyn, p ng c cng vic ca ngi

dng. Cc nguyn tc c chia ra:

- Principle of Least Privilege Ngi dng (Subjects) c gn quyn nh nht

(minimum permissions) vi cc ti nguyn (Object) v vn m bo c cng vic.

- Principle of Separation of Duties and ResponsibilitiesCc hthng quan trng cn

phi phn chia thnh cc thnh phn khc nhau ddng phn quyn iu khin hp

l.

- Principle of Need to KnowNgi dng chtruy cp vo nhng vng ti nguyn mhcn v c hiu bit vti nguyn m bo cho cng vic ca h.

c. Cc dng Access Controls

Ti nguyn c nhiu dng, ngi dng c nhiu i tng vy chng ta cn phi s

dng nhng dng iu khin truy cp d liu hp l.

- Mandatory Access Control (MAC)

+ L phng thc iu khin da vo Rule-Base gn quyn truy cp cho cc i

tng.

+ Vic gn quyn cho cc i tng da vo vic phn chia ti nguyn ra cc loi

khc nhau (classification resources).

+ Phng thc iu khin truy cp ny thng p dng cho: t chc chnh ph,

cng ty

+ V d: mt cng ty sn xut bia cc vng ti nguyn c chia: Public (website),

Private (d liu k ton), Confidential (cng thc nu bia). Mi vng ti nguyn

s c nhng i tng c truy cp ring, v vic iu khin truy cp ny chnh l

Mandatory Access Control.




25/259



- Discretionary Access Control (DAC)

+ Ngi dng (Subjects) c iu khin

truy cp qua ACLs.

+ Cc mc truy cp vo d liu c th

c phn lm cc mc khc nhau (v d:

NTFS Permission, vic gn quyn cho

User/Group theo cc mc nh Full

control, Modify, Read).

+ Access Control List c th c s

dng khi gn Permission truy cp ti

nguyn, hoc trn router, firewall. Khi sdng ACLs l phng thc iu khin

truy cp Discretionary Access Control. bng Access Control List ca NTFSPermission




26/259



Role-Base Access Control

+ Ngi qun tr s da vo vai tr ca ngi dng gn quyn cho ngi dng.

Nhng quyn ca ngi dng c th l nhng tc v ngi dng c th thc thi vih thng.

+ V d ngi qun tr c th gn cc quyn cho User: Shutdown, change network

setings, remote desktop, backup v mt s quyn khc da vo vai tr (role) ca

ngi dng.

+ Trong h thng Windows ca Microsoft phng thc iu khin truy cp ny c

th hiu l gn User Rights.

+ V d thit lp User Right ca h thng Microsoft.

Ngoi ra Access Control c th c chia lm hai dng:

- Centralized Access Control (CAC)




27/259



Qu trnh xc thc v cp thm quyn c thc hin tp trung cho ton b h

thng. C ba phng thc iu khin truy cp tp trung thng c s dng l:

+ Remote Authentication Dial-In User Service (RADIUS)

+ Terminal Access Control Access System (TACAS)

+ Active Directory

- Decetranlized Access Control Systems (DACS)

L phng thc iu khin tp trung bao gm nhiu h thng CACs khc nhau

trong mt t chc c tch hp trong cc h thng khc nhau khng cn lin quan

ti phn cng v phn mm.

Da vo cc hnh ng vi h thng Access Control cng c th c chia lm cc

loi:

+ Administrative Controls

4. Khi nim v Authentications

a. Nhng yu t nhn dng v xc thc ngi dng

Cc phng thc xc thc ngi dng da vo cc yu t c bn:

- Something you KNOW - Da vo mt vi ci bn bit (vd: user/pass)

- Something you HAVE - Da vo mt vi ci bn c (vd: rt tin ATM bn phi c

th)

- Something you ARE - Da vo mt vi ci l bn (vd: vn tay, ging ni)

b. Cc phng thc xc thc

Trong thc t c kh nhiu phng thc xc thc ngi dng hay trong CNTT, mi

dng xc thc c th ph hp vi mt hoc nhiu dch v khc nhau. Di y ti trnh

by mt s phng thc xc thc hay c s dng trong CNTT.




28/259



- PAP - Password Authentication Protocol

PAP c s dng bi cc ngi dng t xa cn xc thc qua cc kt ni PPP. PAP

cung cp kar nng nhn din v xc thc ngi dng khi h kt ni t h thng t

xa. Giao thc xc thc ny yu cu ngi dng phi nhp Pasword trc khi cxc thc. Username v Password c truyn i trn mng sau khi kt ni c

thc hin qua PPP. Server xc thc cha d liu xc thc, khi ngi dng nhp

thng tin s c gi v my ch ny. Ton b Username/Password c truyn

trn mng hon ton khng c m ha (cleartext).

- CHAPChallenge Handshark Authentication Protocol

CHAP l phng thc xc thc sinh ra khc phc cc im yu v l hng ca

phng thc xc thc PAP. CHAP s dng phng thc challenge/response xcthc ngi dng. Khi ngi dng mun thit lp mt kt ni PPP c hai s phi

ng s dng phng thc xc thc CHAP. Challenge c m ha s dng mt

khu v encryption key. CHAP hot ng c m t trongm hnh di y:

- Kerberos

L phng thc xc thc m User/Password khng c truyn i trn mng. (VD:

h thng Active Directory ca Microsoft s dng phng thc xc thc Kerberos).

Phng thc xc thc Kerberos c th c miu t ging nh chng ta i xem

phim:




29/259



+ u tin ngi dng phi c User/Password c thm quyn (i xem phim phi c

tin)

+ Ngi dng yu cu mt dch v (ngi xem cn xem mt b phim chiu lc

gi.)

+ Ngi dng a thm quyn ca mnh cho ngi xc thc (a tin mua v)

+ My ch KDC cung cp thm quyn truy cp dch v cho ngi dng (Phng v

a v cho ngi mua)

+ Ngi dng mang thm quyn c cp mang ti my ch dch v (ngi xem

phim a v ti phng chiu phim ngi xot v kim tra).

Kerberos c th c miu t cc bc nh sau:

- Multi factor

L phng thc xc thc nhiu yu t.

V d s dng dch v ATM ca ngn hng bn cn c th ngn hng + mt khu

( l xc thc da vo 2 yu t). Ngoi ra mt s dch v s dng nhiu phng

thc xc thc kt hp nng cao mc bo mt.

- Certificate




30/259



L phng thc xc thc rng ri trn Internet, cung cp kh nng xc thc an ton

cho ngi dng. Khi ni dung c m ha gi i, ch c Private Key mi gii m

c ni dung, v thng Private key khng c truyn i trn mng.

V d qu trnh xc thc bnh thng khi ngi dng truy cp Gmail:

Bc 1: Ngi dng truy cp gmail.com

Bc 2: Gmail s gi thng tin ti Versign ly Certificate

Bc 3: Versign gi li cho Gmail Certificate bao gm: Public Key v Private key

Bc 4: Gmail gi li cho ngi dng Public Key m ha thng tin xc thc

Bc 5: Ngi dng s dng Public Key m ha gi ln Gmail

Bc 6: Gmail s dng Private key gii m

Phng thc xc thc ny khng an ton khi nhim cc loi m c v nh

Keylogger, ngi dng vn c kh nng mt User/Password

- RSA

RSA phng thc xc thc t tin v an ton cho qu trnh xc thc v truyn

thng tin trn Internet. RSA khc phc mt s nhc im ca phng thc xc

thc Certificate. y l phng thc hay c s dng giao dch ngn hng.

- Biometric




31/259



Phng thc xc thc s dng sinh trc hc nhn dng ngi dng nh dng:

Vn tay, tnh mch, vng mc, m thanh, khun mt xc thc ngi dng.

5. Authorization

a. C bn v Authorization

Authorization (Dch ting Vit: S cp quyn) l vic cp quyn cho ngi dng trong

mt h thng sau khi ngi dng xc thc (Authenticaion).

Authorization th hin cc quyn m ngi dng c th thc thi trn h thng.

Authorization lm vic trc tip vi iu khin truy cpAccess Control

V d: Trn h thng Authorization ca Windows sau khi ngi dng ng nhp(Authentication) h thng s cp quyn i vi:

- File v Folder c NTFS Permmission: Quyn c, ghi, xa, chnh sa. chnh l

thm quyn ngi dng c cp i vi file v folder

- i vi h thng c User Right: Cp quyn chnh sa h thng cho ngi dng nh

remote desktop, sthng scard mng..

b. Cc phng thc Authorization

RADIUS

Remote Authentication Dial-in User Service

(RADIUS) cung cp xc thc v iu khin truy

cp s dng giao thc UDP xc thc tp trung

cho ton b h thng mng.

RADIUS c th s dng cho ngi dng truy cpVPN, RAS hay cung cp xc thc cho cc dch v

s dng RADIUS.

Kerberos

M hnh RADIUS xc thccho h thng WIFI


http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/http://www.cd4pro.info/


32/259



Tng t nh phn Authentication

TACACS

Terminal Access Controller Access Control System (TACACS) iu khin truy cpbng cch xc thc v cp thm quyn trong h thng UNIX network. Hot ng tng

t nh h thng RADIUS, khi mt h thng cn xc thc s chuy n qua Username v

Password cho my ch TACACS v my ch ny s xc thc v cp quyn truy cp.

TACACS s dng dch v UDP v TCP qua port 49.

TACACS+

Extended Terminal Access Controller Access Control System Plus (TACACS+) l mtbin th t TACACS. Tngt nh RADIUS giao thc TACACS+ cung cp xc thc

v cp thmquyn c tnh nng Accounting cho vic cp thmquyn tp trung vi yu

cu xc thc.

LDAP

Lightweight Directory Access Protocol (LDAP) cung cp truy cp ti directory

services (dch v danh mc), c tch hp trong Microsoft Active Directory. LDAP

c to ra nh mt phn gin lc ca dch v X.500 Directory Access Protocol, v

s dng port 389. LDAP c s dng rt rng ri trong cc dch v cung cp

directory nh: Directory Service Markup Language (DSML), Service Location

Protocol (SLP), v Microsoft Active Directory.

XTACACS

L mt phin bn ca h thng TACACS c pht trin v cung cp bi Cisco v

c gi li Extended Terminal Access Controller Access Control System(XTACACS). Dch v pht trin m rng t giao thc TACACS cho php h tr thm

tnh nng Accounting v Auditing, vi hai tnh nng ch c trong TACACS+ v

RADIUS.

IEEE 802.1x




33/259



IEEE 802.1x l chun cho wireless, s dng port ph thuc vo dch v cung cp xc

thc (authentication) v cp thm quyn (authorization) nh RADIUS v TACACS+.

Giao thc ny c th c s dng bo mt cho cc giao thc WPA/WPA2.

Ngoi ra IPsec cng l mt giao thc kh ph bin c s dng kt hp vi IEEE802.1x cung cp bo mt cho h thng mng.

6. Khi nim v Accounting

Gim st l qun l vic truy cp vo h thng ra sao v vic truy cp

din ra nh th no.

- Qun l gim st s gip ngi qun tr xc nh c li do ai aiv l

security toan tap version 1.1 2012

Documents