8/12/2019 BI GING TNG LA CHNG I

1/34

Phm Minh Thun Khoa An ton thng tin

8/12/2019 BI GING TNG LA CHNG I

2/34

Phm Minh Thun Khoa ATTT 1

8/12/2019 BI GING TNG LA CHNG I

3/34

Ti liu tham kho

Phm Minh Thun Khoa ATTT 2

8/12/2019 BI GING TNG LA CHNG I

4/34

Ti liu tham kho

Phm Minh Thun Khoa ATTT 3

8/12/2019 BI GING TNG LA CHNG I

5/34

Ti liu tham kho

Phm Minh Thun Khoa ATTT 4

8/12/2019 BI GING TNG LA CHNG I

6/34

Ti liu tham kho

Gio trnh Bc tng la

Tm hiu vtng la Firewall

Building Internet Firewall 2nd Edition

Firewalls 24Seven 2nd

EditionInternet Firewalls and Network Security 2nd Edition

Firewall Fundamentals (Cisco Press)

Linux Firewalls 3th Edition

Best Damn Firewall Period

www.google.com

Phm Minh Thun Khoa ATTT 5

8/12/2019 BI GING TNG LA CHNG I

7/34

Mc tiu v yu cu mn hc

Mc tiu Cung cp khi nim, nguyn l cbn vbc tng la. Gip hc vin nm vng cc cng ngh, m hnh kin trc,

xy dng cc chnh sch tng la t thit lp v bo trtng la.

Yu cu Nm vng kin thc mng my tnh c bit l m hnh

OSI v TCP/IP.

Phm Minh Thun Khoa ATTT 6

8/12/2019 BI GING TNG LA CHNG I

8/34

Ni dung mn hc

Tng quan vbc tng la

Cc cng nghtng la

Cc kin trc bo vca tng la

Xy dng chnh sch bo mt cho mt bctng la

Bo tr tng la

Cc sn phm tng la in hnh

Phm Minh Thun Khoa ATTT 7

8/12/2019 BI GING TNG LA CHNG I

9/34

Chng 1

Tng quan vBc tng la

Phm Minh Thun Khoa ATTT 8

8/12/2019 BI GING TNG LA CHNG I

10/34

Cc cu hi t ra:

Tng la l g?

Ti sao phi sdng tng la?

Phm Minh Thun Khoa ATTT 9

8/12/2019 BI GING TNG LA CHNG I

11/34

Tng quan vbc tng la

Khi nim tng la1

Lch spht trin tng la2

Chc nng tng la3

Cc hn chca tng la4

Cc sn phm tng la5

Phm Minh Thun Khoa ATTT 10

8/12/2019 BI GING TNG LA CHNG I

12/34

t vn

Hthng mng thng tin pht trin mnh m(nht lmng Internet) xut hin nhu cu m bo an tonthng tin

Slng vtn cng trn mng ngy cng tng,phng php ngy cng tinh vi, gy tn hi ln.

Sdng mt trong cc bin php phng chng huhiu l bc tng la

Phm Minh Thun Khoa ATTT 11

8/12/2019 BI GING TNG LA CHNG I

13/34

1. Khi nim tng la

Tng la (Firewall) l hthng ngn

cch mt svng v bo vchng trccc vng cn li Tng la l nhng thit bhoc cc h

thng kim sot traffic gia cc mngc mc an ton khc nhau.

Tng la l mt cchngn cch bo vmng tin cy (trustednetwork) khi cc mng khng tin cy (untrusted network).

=> Ch : Firewall khng gn lin vi vic bo vmng trc Internet

Tng la nhmt Barrier, trm kim sot cc im ni gia ccvng, lm nhim vkim tra v quyt nh traffic mng c c iqua hay khng.

Tng la c thl thit bphn cng hoc phn mm

Phm Minh Thun Khoa ATTT 12

8/12/2019 BI GING TNG LA CHNG I

14/34

2. Lch spht trin tng la

1980: Xut hin cng nghtng la

1988: Tng la lc gi tin xut hin, Jeff Mogul(DEC) cng b1988

1980 1990: Xut hin thhtng la th2:Circuit Level Firewall, Dave Presotto v HowardTrickey (AT&T Bell lab) nghin cu

1990 - 1991: Cng ng dng xut hin. Tng lathng mi u tin ca hng DEC (DigitalEquipment Corporations) pht hnh vi tn SEAL.

Phm Minh Thun Khoa ATTT 13

8/12/2019 BI GING TNG LA CHNG I

15/34

2. Lch spht trin tng la

1992: Bob Braden v Annette DeSchon (!H NamCalifornia) pht trin hthng lng la lc gi tinthhtht: Visas

1994: CheckPoint Software Technologies xy dngthnh phn mm s"n sng cho sdng: Firewall-1.

Phm Minh Thun Khoa ATTT 14

8/12/2019 BI GING TNG LA CHNG I

16/34

Cc thhtng la

Lc gi tin xut hin ln u tin vo nm 1988Cng vng xut hin trong giai on 1988 1990Cng ng dng xut hin vo nhng nm 1990 -

1991

Thanh tra trng thi xut hin vo nm 1994

Phm Minh Thun Khoa ATTT 15

8/12/2019 BI GING TNG LA CHNG I

17/34

3. Chc nng tng la

Chc nng chnh ca tng la l iu khin, kimsot truy nhp: Kim sot dch v(service control)

Kim sot hng (direction control)

Kim sot ngi dng (user control)

Kim sot hnh vi (behaviour control)

Phm Minh Thun Khoa ATTT 16

8/12/2019 BI GING TNG LA CHNG I

18/34

3. Chc nng tng la

Gip trin khai gim st cc skin an ninh mng.Cc hthng cnh bo, IDS & IPS c thtrin khaitrn hthng tng la

Gip trin khai mt vi chc nng trn nn tng la:NAT, thng k, logs ....

Sdng trong vic trin khai mng ring o

Phm Minh Thun Khoa ATTT 17

8/12/2019 BI GING TNG LA CHNG I

19/34

4. Cc hn chca tng la

Tng lakhng thchng li cc tn cng vngqua tng la

Tng lakhng thchng li cc nguy ce da tbn trong

Tng lakhng thbo vmng kh#i tt ccccuc tn cng c hi

Phm Minh Thun Khoa ATTT 18

8/12/2019 BI GING TNG LA CHNG I

20/34

5. Cc sn phm tng la

Checkpoint (CheckPoint Software Technologies)

Hng u vcng nghtng la, mng ring o

86 quc gia, 1900 i tc.

Ni ting vi cng nghStatefull Inspection

Sn ph$m: Firewall 1, UTM-1, ...

Phm Minh Thun Khoa ATTT 19

8/12/2019 BI GING TNG LA CHNG I

21/34

CheckPoint Software Technologies

Phm Minh Thun Khoa ATTT 20

8/12/2019 BI GING TNG LA CHNG I

22/34

5. Cc sn phm tng la

Cisco

PIX (Private Internet Exchange)

Hiu hnh ring

Thut ton bo mt ASA (Adaptive Security Alogrithm)

Tch hp mng ring o

Lc URL: WebSense v N2H2

Dphng l%i (High Availbility)

Phm Minh Thun Khoa ATTT 21

8/12/2019 BI GING TNG LA CHNG I

23/34

Cisco PIX

Phm Minh Thun Khoa ATTT 22

8/12/2019 BI GING TNG LA CHNG I

24/34

PIX Firewall

Phm Minh Thun Khoa ATTT 23

8/12/2019 BI GING TNG LA CHNG I

25/34

PIX Firewall

Phm Minh Thun Khoa ATTT 24

8/12/2019 BI GING TNG LA CHNG I

26/34

PIX Firewall

Phm Minh Thun Khoa ATTT 25

8/12/2019 BI GING TNG LA CHNG I

27/34

PIX Firewall

Phm Minh Thun Khoa ATTT 26

8/12/2019 BI GING TNG LA CHNG I

28/34

PIX Firewall

Phm Minh Thun Khoa ATTT 27

8/12/2019 BI GING TNG LA CHNG I

29/34

PIX Firewall

Phm Minh Thun Khoa ATTT 28

8/12/2019 BI GING TNG LA CHNG I

30/34

5. Cc sn phm tng la

NetScreen

Chip ASIC (Application Specific Integrated Circuit)

Tng tc tng la, vt tri vhiu nng

Sdng bvi xl RICS, SDRAN chy hiu hnhScreenOS

Phm Minh Thun Khoa ATTT 29

8/12/2019 BI GING TNG LA CHNG I

31/34

NetScreen

Phm Minh Thun Khoa ATTT 30

8/12/2019 BI GING TNG LA CHNG I

32/34

5. Cc sn phm tng la

Microsoft ISA (Internet Security Acceleration)

Gii php phn mm ng dng cho cc hthng mngdoanh nghip

Tch hp Firewall, VPN, Web proxy, caching...

Phm Minh Thun Khoa ATTT 31

8/12/2019 BI GING TNG LA CHNG I

33/34

Microsoft ISA

Phm Minh Thun Khoa ATTT 32

8/12/2019 BI GING TNG LA CHNG I

34/34