Doko.vn Bao Mat Trong Mang Khong Day W
-
Upload
tdk-seraph -
Category
Documents
-
view
227 -
download
0
Transcript of Doko.vn Bao Mat Trong Mang Khong Day W
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
1/110
Bo mt mng khngdy
LI M U
Trong x hi cng ngh hin i,h thng thng tin lin lc c tm quan
trng ging nh h thng thn kinh xuyn sut c th con ngi.S gia tng nhu
cu truyn s liu tc cao v a dng ho cc loi hnh dch v cung cp nh
truy nhp Internet,thng mi in t thc y s pht trin ca cc gii php
mng cc b v tuyn (WLAN) vi nhng u im vt tri khc phc nhc
im ca Lan hu tuyn, cung cp nhng gii php mng hiu qu hn.
Cng ngh khng dy l mt phng php chuyn giao t im ny ti
im khc x dng sng v tuyn lm phng tin truyn dn nh sng
radio,cell,hng ngoi v v tinh gip gim thiu dy dn trong qu trnh truyn
v nhn thng tin.
Ngy nay mng khng dy t c nhng bc pht trin ng k.
Ti mt s nc c nn kinh t pht trin ti Chu u, Chu M mng khng dy
rt pht trin trong i sng.Ch vi mt laptop,PDA hoc mt phng tin
truy cp mng khng dy bt k ta cng c th truy cp vo mng ti bt c
u,ti c quan,trng hc, ngoi ng trong qun caf hay nhng ngay trn
cc phng tin giao thng cng cng khc,bt c u nm trong phm vi ph
sng ca mng WLAN.
Nhng chnh s h tr truy nhp cng cng vi cc phng tin truy cp
n gin cng nh phc tp em li nhiu rc ri cho cc nh qun tr trong
vic bo mt thng tin.Vn tch hp cc bin php bo mt vo cc phng
tin truy nhp nhng vn m bo nhng tin ch v vic h tr truy cp cng
cng l vn rt ng quan tm.
V c Thng T 901 - 1 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
2/110
Bo mt mng khngdy
Do em chn vn bo mt trong mng khng dy WLAN l ni
dung chnh ca An ny. An gm 8 chng vi 3 ni dung chnh :
Th nht l a ra ci nhn bao qut v mng khng dy t cu trc,
m hnh cho ti cc gii php k thut.Ni dung nm trong chng 1,chng 2v chng 3.
Th hai l tm hiu v cc kh nng tn cng t ngoi vo h thng
mng khng dy t a ra cc khuyn co v bo mt. Ni dung bao qut
trong 2 chng l chng 4 v chng 5.
Cui cng l vic tm hiu vic trin khai h thng mng khng dy
ti Trng i hc Dn L p Hi Phng.Ni dung nm trong 3 chng cn li l
chng 6, chng 7 v chng 8.
Mong rng An s gip mi ngi hiu thm 1 phn v mng Wireless
LAN v cc vn lin quan ti bo mt mng khng dy.Do hn ch v mt
kin thc v ti liu nn An s khng trnh khi nhiu thiu st.V vy em
rt mong c s ch bo, ph bnh v gp chn thnh t pha cc thy c v
cc bn.
V c Thng T 901 - 2 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
3/110
Bo mt mng khngdy
Chng 1
GII THIU V WIRELESS LAN
1.1.KHI NIM WLAN
Mng WLAN (Wireless Local Area Network) l mt mng truyn d liu
trn c s mt mng cc b LAN. WLAN s dng sng v tuyn lm phng
tin truyn dn v vy gim thiu kt ni dy dn trong vic truyn v nhn
thng tin.
WLAN l 1 cng nghtruy cp mng bng thng rng khng dy theo chun
ca 802.11 ca IEEE. c pht trin vi mc ch ban u l mt sn phm
phc v gia nh v vn phng kt ni cc my tnh c nhn m khng cn
dy,n cho php trao i d liu qua sng radio vi tc d rt nhanh .L c hi
cung cp ng truy cp internet bng thng rng ngy cng nhiu cc a
im cng cng nh sn bay, ca hng caf, nh ga, cc trung tm thng mi
hay trung tm bo ch.
1.2.CU TRC V C TNH CA MNG WLAN
1.2.1 Cu trc ca mng Wlan
WLAN tng t nh mt h thng t bo, mi im truy cp l mt trm
c s truyn d liu gia WLAN v c s h tng mng c dy. Mt im truy
cp n l c th h tr mt nhm ngi dng v cung cp thng tin trong mt
bn knh cho php. Cc im truy cp c kt ni ti mng c dy thng qua
hub Ethernet hoc switch. V nhng ngi dng truy cp WLAN thng qua cc
adapter WLAN (cc adapter ny cng tn ti trong cc laptop) hoc thng qua
cc PC card.
V c Thng T 901 - 3 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
4/110
Bo mt mng khngdy
Hnh 1.1: Cu trc ca WLAN
1.2.2 c tnh ca mng Wlan
Kh nng di chuyn:
Ngi dng c th di chuyn nhng vn c th truy nhp nhng h s,
nhng ti nguyn mng v internet m khng phi ni dy n mng c dy
truyn thng. Nhng ngi s dng c th di chuyn, tuy th vn gi nguyn struy nhp mng LAN vi tc cao v thi gian thc.
Ci t nhanh:
Thi gian yu cu cho vic ci t c rt ngn bi v nhng kt ni
mng c th lm m khng cn chuyn ng, thm dy hoc ko chng xuyn
qua tng v trn nh nh mng c dy vn hay lm.
Linh hot:
N linh hot v d thit lp v tho g mi ni. V th nhng ngi dng
c th nhanh chng thit lp mt WLAN nh cho nhng nhu cu tm thi nh
hi ngh thng mi hoc trong cc cuc hp.
V c Thng T 901 - 4 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
5/110
Bo mt mng khngdy
Tnh chuyn i:
Mng cu hnh WLAN c th d dng c nh hnh p ng nhu cu
ng dng v ci t c bit v c th chuyn i t nhng mng nh ln mng
ln hn. Kh nng m rng:
H thng WLAN c th cu hnh trong nhiu m hnh p ng cc ng
dng v cu hnh c th d thay i v phm vi t mng im - im xy dng
cho s nh ngi dng n cc mng phi hp vi hng ngn ngi dng cho
php chuyn vng trn phm vi rng.
H thp chi ph trin khai:
Mc d u t ban u v phn cng c th cao hn mng c dy, tuy
nhin xt chi ph tng th v chi ph theo tui th c th thp hn ng k. V
lu di, WLAN s em li li ch rt ln trong cc mi trng ng yu cu s
di chuyn v thay i nhiu.
1.3.I TNG V NG DNG CA MNG WLAN
1.3.1 i tng s dng
Mng WLAN ang tr nn ph bin trong cc mi trng:
H thng thng tin doanh nghip:
Cc nh qun l mng c th di chuyn nhn vin, lp ra cc vn phng
tm thi, hoc ci t my in v nhiu thit b khc m khng b nh hng bi
chi ph v tnh phc tp ca mng c dy. Cp lnh o c th truy cp vo h
thng thng tin quan trng ca cng ty t phng hp thng qua cc thit b cmtay c ci t card WLAN.
Du lch:
Khch sn v cc im du lch c th x l thng tin t phng, yu cu
V c Thng T 901 - 5 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
6/110
Bo mt mng khngdy
dch v hoc thng tin v hnh l ca khch hng.
Gio dc:
Sinh vin v ging vin c th lin lc vi nhau t bt c v tr no trong
khun vin i hc trao i hoc ti v cc bi ging c sn trn mng. MngWLAN cn gim thiu nhu cu s dng phng lab (phng thc hnh).
Thng tin sn phm:
Cc nhn vin chu trch nhim v xut kho c th cp nht v trao i
cc thng tin quan trng ca sn phm.
Y t:
Bc s, y t c th trao i cc thng tin v bnh nhn hoc liu php chatr
Ti vit nam th cc i tng c quan tm l cc khch hng dng
Laptop, Pocket PC hay PC c card moderm nh sinh vin ,doanh nhn, khch du
lch.
1.3.2 Kha nng ng dng
Kh khn trong lp t cp l yu t thc y mi trng v tuyn tr
thnh xu hng ngy cng nhn c s chp nhn rng ri ca con ngi. Mi
trng v tuyn c bit hu ch thit lp mng cho:
Nhng khu vc nhn nhp nh tin snh hay phng tip tn.
Nhng ngi lin tc di chuyn nh y t, bc s trong bnh vin.
Khu vc v to nh bit lp.
Nhng phng ban thng xuyn b thay i kiu b tr vt l.
WLAN c lp t ti cc khu tp trung ng ngi nh : Cc vn
phng, to nh,trng i hc,sn bay,nh ga,sn vn ng, khu trin lm,khch
sn,siu th hay khu dn c
V c Thng T 901 - 6 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
7/110
Bo mt mng khngdy
Chng 2
Cc gii php k thut
2.1.GII THIU TNG QUAN
WLAN lmt cng ngh truy cp mng bng rng khng dy theo chun
ca 802.11 ca IEEE. Tiu chun IEEE 802.11 nh ngha c hai kiu c s
h tng, vi s lng ti thiucc im truy nhp trung tm ti mt mnghu tuyn,v mt ch l Peer-to-peer, trong mt tp hp nhng i vtuyn lin lc trc tip vi nhau m khng cn mt im truy nhp trungtm hoc mng v tuyn no. S hp dn ca WLAN l tnh linh hot cachng. Chng c th m rng m rng truy cp ticc mng cc b, nhIntranet, cng nh h trs truy nhp bng rng ti Internet ti cc Hotspot.
WLAN c th cung cp kt ni khng dy nhanh chng v d dng ti cc my
tnh, cc my mc hay cc h thng trong mt khu vc, ni m cc hthng c s h tng truyn thng c nh khng tn ti hoc ni m s truy
nhp nh vy lkhng c php. Ngi dng c th c nh hoc di nghoc thm ch c th ang ngi trn 1 phng tin chuyn ng.
V kh nng s dng WLAN m rng mng hu tuyn thng thng,vi tc cao v tin li trong truy cp mng.
V c Thng T 901 - 7 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
8/110
Bo mt mng khngdy
Hnh 2.1: kh nng mrng mngV kh nng truy cp mng trong cc ta nh, nh kho, bnb i m
khnggpphi vn tn km v phc tp trong vici dy.
Hnh 2.2: kh nng truy cp mng m khng phi i dy
V kh nng n gin ha vic kt ni mng gia hai ta nh m giachng l a hnh phc tp kh thi cng i vi mng thng thng:
Hnh 2.3: tin li trong vic xy dng mng trn min ni
V c Thng T 901 - 8 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
9/110
Bo mt mng khngdy
Hay cc khu vc c a hnh lng ging vn c th truy cp mngbnh thng nh cc nikhc:
Hnh 2.4: Ti ni c a hnh lng cho
V s tin li trong vic truy cp mng m vn c th di chuyn:
Hnh 2.5 : kh nng truy cp trong khi di chuyn
T cc vn phng, nh ring:
Hnh 2.6 : truy cp t nh ringn cc khu ln hn nhiu nh cc trng i hc, cc khu trung c
V c Thng T 901 - 9 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
10/110
Bo mt mng khngdy
u c th truy cp mng vi tc cao v qu trnh thit lp n gin:
Hnh 2.7 : truy cp t cc trng i hc
2.2.CC CHUN 802.11
802.11 : Nm 1997, IEEE (Institute of Electrical and ElectronicsEngineers) gii thiu mt chun u tin cho WLAN. Chun ny c gi l
802.11 sau khi tn ca nhm c thit lp nhm gim st s pht trin ca n.
Tuy nhin, 802.11ch h tr cho bng tn mng cc i ln n 2Mbps qu
chm i vi hu ht cc ng dng. Vi l do , cc sn phm khng dy thit
k theo chun 802.11 ban u dn khng c sn xut.
802.11b: IEEE m rng trn chun 802.11 gc vo thng By nm
1999, chnh l chun 802.11b.
Chun ny h tr bng thng ln n 11Mbps,tng quan vi Ethernet truyn thng.
802.11b s dng tn s v tuyn (2.4 GHz) ging nh chun ban u
802.11. Cc hng thch s dng cc tn s ny chi ph trong sn xut ca h
c gim. Cc thit b 802.11b c th b xuyn nhiu t cc thit b in thoi
khng dy (ko di), l vi sng hoc cc thit b khc s dng cng di tn 2.4
GHz. Mc d vy, bng cch ci t cc thit b 802.11b cch xa cc thit b nh
vy c th gim c hin tng xuyn nhiu ny. u im ca 802.11b : gi thnh thp nht; phm vi tn hiu tt v
khng d b cn tr.
Nhc im ca 802.11b : tc ti a thp nht; cc ng dng gia
V c Thng T 901 - 10 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
11/110
Bo mt mng khngdy
nh c th xuyn nhiu.
802.11a: Trong khi 802.11b vn ang c pht trin, IEEE to mt
m rng th cp cho chun 802.11 c tn gi 802.11a. V 802.11b c s dng
rng ri qu nhanh so vi 802.11a, nn mt s ngi cho rng 802.11a c tosau 802.11b. Tuy nhin trong thc t, 802.11a v 802.11b c to mt cch
ng thi. Do gi thnh cao hn nn 802.11a ch c s dng trong cc mng
doanh nghip cn 802.11b thch hp hn vi th trng mng gia nh.
802.11a h tr bng thng ln n 54 Mbps v s dng tn s v tuyn
5GHz. Tn s ca 802.11a cao hn so vi 802.11b chnh v vy lm cho
phm vi ca h thng ny hp hn so vi cc mng 802.11b. Vi tn s ny, cc
tn hiu 802.11a cng kh xuyn qua cc vch tng v cc vt cn khc hn.Do 802.11a v 802.11b s dng cc tn s khc nhau, nn hai cng ngh
ny khng th tng thch vi nhau. Chnh v vy mt s hng cung cp cc
thit b mng hybrid cho 802.11a/b nhng cc sn phm ny ch n thun l b
sung thm hai chun ny.
u im ca 802.11a : tc cao; tn s 5Ghz trnh c s xuyn
nhiu t cc thit b khc.
Nhc im ca 802.11a : gi thnh t; phm vi hp v d b che
khut.
802.11g: Vo nm 2002 v 2003, cc sn phm WLAN h tr mt chun
mi hn l 802.11g, c nh gi cao trn th trng. 802.11g thc hin s
kt hp tt nht gia 802.11a v 802.11b. N h tr bng thng ln n 54Mbps
v s dng tn s 2.4 Ghz c phm vi rng. 802.11g c kh nng tng thch
vi cc chun 802.11b, iu c ngha l cc im truy cp 802.11g s lm
vic vi cc adapter mng khng dy 802.11b v ngc li.
u im ca 802.11g : tc cao, phm vi tn hiu tt v t b che
khut.
Nhc im ca 802.11g : gi thnh t hn 802.11b; cc thit b c
V c Thng T 901 - 11 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
12/110
Bo mt mng khngdy
th b xuyn nhiu t nhiu thit b khc s dng cng bng tn.
802.11n : Chun mi nht trong danh mc Wi-Fi chnh l 802.11n. y l
chun c thit k ci thin cho 802.11g trong tng s bng thng c h
tr bng cch tn dng nhiu tn hiu khng dy v cc anten (cng nghMIMO).
Khi chun ny c a ra, cc kt ni 802.11n s h tr tc d liu
ln n 100 Mbps. 802.11n cng cung cp phm vi bao ph tt hn so vi cc
chun Wi-Fi trc n nh cng tn hiu mnh ca n. Thit b 802.11n s
tng thch vi cc thit b 802.11g. D n nm 2010, 802.11n mi chnh thc
c ph duyt, cc sn phm dng chun ny (thc cht l theo "d tho"
chun) s khng thay i nhiu. Hn na, cc router802.11n c kh nng tngthch ngc vi thit b dng chun c, ch cn ngi dng ci t vi bc.
u im ca 802.11n : tc nhanh v phm vi tn hiu tt nht; kh
nng chu ng tt hn t vic xuyn nhiu t cc ngun bn ngoi.
Nhc im ca 802.11n : gi thnh t hn 802.11g; s dng nhiu
tn hiu c th gy nhiu vi cc mng 802.11b/g gn.
Ln u tin xut hin ti mt trng i hc ngoi thnh ph New
York (M), mng cc b khng dy theo chun 802.11n ny c 720 im truy
cp dng thit b AP 320 thay cho cc access point chun 11a/b/g.
Cha thi gian kim nghim hot ng thc t ton h thng nhng
thy tr v nhn vin trng Morrisville State u ghi nhn s ci thin ln so
vi h tng khng dy theo cc chun 11 a/b/g c, c th l nhng ng dng
ngn bng thng chy nhanh hn trn mng ny.
Cc lp hc trong trng c th pht bn tin dng video v t chc hptrc tuyn m khng b tnh trng ngng tr khi np d liu (buffering delay).
Hin ti, gi cao im nht ghi nhn hn 1.200 my khch truy cp khng
dy ng thi, trong ngoi laptop cn c cc thit b nh my nghe nhc
V c Thng T 901 - 12 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
13/110
Bo mt mng khngdy
iPod, in thoi iPhone, mt s thit b cm tay hoc my chi game console c
tnh nng kt ni wireless.
Trn y l 4 chun c nhc ti nhiu nht trong WLAN, ngoi ra
chng ta cn c bit ti mt s chun khc l cc chun m rng, michun phc v cho 1 mc ch c th nh:
802.11h: chun ny l mt bin th ca 802.11a Chu u c thm cc
c tnh ti u.
802.11i: chun ny vn ang c pht trin, n l mt l chn bo v
cc chun WLAN tn ti, n s nng cao mc bo mt bng cch nh l
mt ho tt hn v iu khin truy cp.
802.16: mt bn phc tho ca chun WLAN cho mng thnh ph (MAN)da trn OFDM v s dng 802.11a lm c s, c cng b vo thng 4
nm 2002. 802.16 h tr kin trc point-to-multipoint trong di tn t 10
n 66 GHz, tc d liu ln ti 120Mbps.
802.11e: ci thin cht lng dch v, cho php thit lp mc u tin.
802.11x: v bo mt WLAN v cc lp khc ca cc dch v c th.
802.11c: ci thin thao tc gia hai thit b.802.11d: chun LAN/MAN, ci thin roaming.
(roaming l kh nng a mt thit b khng dy t phm vi ca mt im
truy cp ny ti phm vi ca mt im truy cp khc m khng lm mt kt
ni). Ni cch khc roaming tc l chuyn vng.
802.11f: iu chnh lin im truy cp (regulate inter access point
handoffs).
Cho d chun WLAN no c s dng th cc khi nim c bn v
trin khai v bo mt u nh nhau.
V c Thng T 901 - 13 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
14/110
Bo mt mng khngdy
2.3 .TRUY CP KNH TRUYN , C CH A TRUY NHP
CSMA/CA
Mt trm khng dy mun truyn khung, u tin n s nghe trn mi
trng khng dy xc nh hin c trm no ang truyn hay khng(nhy cm sng mang). Nu mi trng ny hin dang b chim, trm
khng dy tnh ton mt khong tr lp li ngu nhin. Ngay sau khi thi
gian tr tri qua, trm khng dy li nghe xem liu c trm no ang
truyn hay khng. Bng cch to ra thi gian tr ngu nhin, nhiu trm
ang mun truyn tin s khng c gng truyn li ti cng mt thi im
(trnh xung t). Nhng va chm c th xy ra v khng ging nh
Ethernet, chng khng th b pht hin bi cc node truyn dn. Do ,802.11b dng giao thc Request To Send (RTS)/ Clear To Send (CTS) vi
tn hiu Acknowlegment (ACK) m bo rng mt khung no c
gi v nhn thnh cng.
Important factors:
Wait for silence Then talk Listen while talking. What do we do if theres 2 talkers? Backoff. Repeat
Hnh 2.8: Mt qu trnh truyn t A n B
Trong c ch CSMA/CA ta cn quan tm n hai vn l u cui
V c Thng T 901 - 14 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
15/110
Bo mt mng khngdy
n (Hidden Terminal) v u cui hin (Exposed Terminal).
2.3.1 Vn u cui n
Hnh 2.9: u cui n
A ni chuyn vi B. C cm nhn knh truyn.
C khng nghe thy A do C nm ngoi vng ph sng ca A.
C quyt nh ni chuyn vi B.
Ti B xy ra xung t.
Gii quyt vn u cui n:
Hnh 2.10: Gii quyt vn u cui n
V c Thng T 901 - 15 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
16/110
Bo mt mng khngdy
A gi RTS cho B. B gi li CTS nu n sn sng nhn. C nghe thy CTS. C khng ni chuyn vi B v ch i. A gi d liu thnh cng cho B.
Trong trng hp ny nu C mun ni chuyn vi D th n hon
ton c th gim cng sut cho ph hp.
Vn t ra l C phi ch bao lu th mi ni chuyn c vi B:
Trong RTS m A gi cho B c cha di ca DATA m n mun gi. B
cha thng tin chiu di ny trong gi CTS m n gi li A C, khi "nghe"
thy gi CTS s bit c chiu di gi d liu v s dng n t thi
gian km hm s truyn.
2.3.2 Vn u cui hin:
Hnh 2.11: u cui hin
B ni chuyn vi A. C mun ni chuyn vi D. C cm nhn knh truyn v thy n ang bn. C gi im lng (trong khi n hon ton c th ni chuyn vi D).
Gii quyt vn u cui hin :
Hnh 2.12: Gii quyt vn u cui n
B gi RTS cho A (bao trm c C).
A gi li CTS cho B (nu A ri).
V c Thng T 901 - 16 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
17/110
Bo mt mng khngdy
C khng th nghe thy CTS ca A.
C coi rng A hoc "cht" hoc ngoi phm vi.
C ni chuyn bnh thng vi D.
Tuy nhin cn c vn xy ra:Gi RTS c th b xung t,v d: C v A cng nhn thy c th
truyn cho B v cng gi RTS cho B, ti B s c xung t, nhng xung t
ny khng nghim trng nh xung t gi DATA bi chiu di gi RTS
thng nh hn nhiu DATA. Tuy nhin nhng gi CTS c th gy giao
thoa, nu kch thc ca gi RTS/CTS nh ca DATA thi iu ny rt ng
quan tm. Vn ny c khc phc bng cch to ra mt khong thi
gian tr lp li ngu nhin (nh trn trnh by).
2.4.CC K THUT IU CH
2.4.1 Ki thut iu ch s Shift Keying
Hin nay, c rt nhiu phng thc thc hin iu ch s Shift
Keying nh: ASK, FSK, PSK . . . Qu trnh iu ch c thc hin bi
kha chuyn (keying) gia hai trng thi (states), mt cch l thuyt th mt
trng thi s l 0 cn mt trng thi s l 1, (chui 0/1 trc khi iu ch lchui s c m ha ng truyn).
PSK
c pht trin trong sut thi k u ca chng trnh pht trin
v tr v ngy nay c s dng rng ri trong cc h thng thng tin qun
s v thng mi. N to ra xc sut li thp nht vi mc tn hiu thu cho
trc khi o mt chu k du hiu.
Nguyn l c bn ca iu ch PSK l dng xung nh phn coi nh l
u vo ca b iu ch PSK s bin i v pha dng tn hiu ra thnh
mt trng thi xc nh trc, khi s lng cac trng thi pha tng ln th
tc bit cng tng nhng tc baud vn gi nguyn. Tuy nhin mun
V c Thng T 901 - 17 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
18/110
Bo mt mng khngdy
tng tc s liu th phi tr gi. Ngha l, yu cu v SNR tng ln
gia nguyn c BER (t l li bit).
Binary PSK(Binary Phase Shifp Keying -Kha chuyn dch pha
nh phn):y l phng php thng dng nht, tn hiu sng mang c iu
ch da vo chui nh phn, tn hiu iu ch c bin khng i v bin
i gia hai trng thi 00 v 1800, mi trng thi ca tn hiu iu ch
c gi l mt symbol.
QPSK(Quardrature Phase Shift Keying):
phng php BPSK, mi symbol bin din cho mt bit nh phn.
Nu mi symbol ny biu din nhiu hn 1 bit, th s t c mt tc bit
ln hn. Vi QPSKs gp i s data throughput ca PSK vi cng mt
bng thng bng cch mi symbol mang 2 bits. Nh vy trng thi phase
ca tn hiu iu ch s chuyn i gia cc gi tr -900, 00, 900 v 1800.
CCK(Complementary Code Keying):
CCK l mt l mt k thut iu ch pht trin t iu ch QPSK,
nhng tc bit t n 11Mbps vi cng mt bng thng (hay dng sng)nh QPSK. y l mt k thut iu ch rt ph hp cho cc ng dng bng
rng. Theo chun IEEE802.11b, iu ch CCK dng chui s gi ngu nhin
complementary spreading code c chiu di m l 8 v tc chipping rate
l 11Mchip/s. 8 complex chips s kt hp to thnh mt symbol n (nh
trong QPSK 4 symbol). Khi tc symbol l 1,375MSymbol/s th tc
d liu s t c:1,375x8=11Mbps vi cng bng thng xp x nh iu
ch QPSK tc 2Mbps.
V c Thng T 901 - 18 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
19/110
Bo mt mng khngdy
2.4.2 K THUT IU CH SONG CNG( DUPLEX SCHEME)
Trong cc h thng im-a im, hin nay tn ti hai k thut song
cng (hot ng c chiu ln v chiu xung, upstream v downstream)
l:
Phn chia theo tn s (Frequency Division Duplexing, FDD):
K thut ny cho php chia tn s s dng ra lm hai knh ring bit:
mt knh cho chiu xung v mt knh cho chiu ln.
Phn chia theo thi gian (Time Division Duplexing, TDD):
K thut ny mi hn, cho php lu lng lu thng theo c hai
chiu trong cng mt knh, nhng ti cc khe thi gian khc nhau.
Vic la chn FDD hay TDD ph thuc ch yu vo mc ch s dng
chnh ca h thng, cc ng dng i xng (thoi-voice) hay khng i xng
(d liu- data). K thut FDD s dng bng thng t ra khng hiu qu i vi
cc ng dng d liu. Trong h thng s dng k thut FDD, bng thng cho
mi chiu c phn chia mt cch c nh. Do , nu lu lng ch lu
thng theo chiu xung (downstream), v d nh khi xem cc trang Web, th
bng thng ca chiu ln (upstream) khng c s dng. iu ny li khng
xy ra khi h thng c s dng cho cc ng dng thoi: Hai bn ni
chuyn thng ni nhiu nh nghe, do bng thng ca hai chiu ln, xung
c s dng xp x nh nhau. i vi cc ng dng truyn d liu tc
cao hoc ng dng hnh nh th ch c bng thng chiu xung c s
dng, cn chiu ln gn nh khng c s dng.
i vi k thut TDD, s lng khe thi gian cho mi chiu thay i
mt cch linh hot v thng xuyn. Khi lu lng chiu ln nhiu, s
lng khe thi gian dnh cho chiu ln s c tng ln, v ngc li. Vi s
gim st s lng khe thi gian cho mi chiu, h thng s dng k thut
V c Thng T 901 - 19 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
20/110
Bo mt mng khngdy
TDD h tr cho s bng n thng lng truyn dn i vi c hai chiu. Nu
mt trang Web ln ang c ti xung th cc khe thi gian ca chiu ln s
c chuyn sang cppht cho chiu xung.
Nhc im ch yu ca k thut TDD l vic thay i chiu ca lulng tn nhiu thi gian, vic cp pht khe thi gian l mt vn rt phc
tp cho cc h thng phn mm. Hn na, k thut TDD yu cu s chnh
xc cao v thi gian. Tt cc my trm trong khu vc ca mt h thng s
dng k thut TDD cn c mt im thi gian tham chiu c th xc c
nh chnh xc cc khe thi gian. Chnh iu ny lm gii hn phm vi a l
bao ph i vi cc h thng im-a im.
2.5.CC K THUT TRUY CP
2.5.1 FDMA
FDMA(Frequency Division Multiple Access) a truy nhp phn chia
theo tn s.
Ph tn dng cho thng tin lin lc c chia thnh 2N di tn s k
tip, cch nhau bi mt di tn phng v. Mi di tn s c gn cho mtknh lin lc, N di dnh cho lin lc hng ln, sau mt di tn phn cch
l N di tn dnh cho lin lc hng xung. Mi CPE c cp pht mt i
knh lin lc trong sut thi gian kt ni, nhiu giao thoa xy ra y l rt
ng k.
2.5.2 TDMA
TDMA (Time Division Multiple Access) a truy nhp phn chia
theo thi gian.
Ph tn s c chia thnh cc di tn lin lc, mi di tn ny c
dng chung cho N knh lin lc. Mi knh lin lc l mt khe thi gian
trong chu k mt khung. Lin lc c thc hin song cng theo mi hng
V c Thng T 901 - 20 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
21/110
Bo mt mng khngdy
thuc cc di tn lin lc khc nhau, iu ny s lm gim nhiu giao thoa
mt cch ng k.
2.5.3 CDMA
CDMA (Code Divison Multiple Access) - a truy nhp phn chia theo
m. Mi CPE c gn mt m ring bit, vi k thut tri ph tn hiu gip
cho cc CPE khng gy nhiu ln nhau trong iu kin ng thi dng
chung mt di tn s. Di tn s tn hiu c th rng ti hng chc Mhz. S
dng k thut tri ph phc tp cho php tn hiu v tuyn s dng c cng
trng rt nh v chng pha inh hiu qu hn FDMA, TDMA. Bn cnh
vic cc CPE trong cng mt trm gc s dng chung di tn s s gip
cho cu trc h thng truyn dn thu pht v tuyn tr nn rt n gin .
2.6.K THUT V TUYN
2.6.1 Ki thut Viba truyn thng:
Trong k thut vi ba truyn thng mi CPE s c cung cp mt hoc
mt cp tn s bng hp hot ng. Di tn bng hp ny c dnh vnh
vin cho thu bao ng k, mi tn hiu ca cc CPE khc lt vo trong ditn ny c coi l nhiu v lm nh hng n hot ng ca knh. Vic
cp pht tn s nh trn lm hn ch s ngi s dng knh v tuyn v ti
nguyn v tuyn l c hn. V v l di tn bng hp nn ng nhin s dn
n s hn ch v tc ca knh truyn dn. Do viba truyn thng t ra
ch thch hp cho cc ng dng thoi v d liu tc thp.
V c Thng T 901 - 21 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
22/110
Bo mt mng khngdy
Hnh 2.13: Tn hiu bng hp
2.6.2 K thut tri ph :
Khi ti nguyn v tuyn ngy cng tr nn cn kit, ngi ta bt u phi p
dng k thut tri ph nhm nng cao hiu nng s dng tn s. C hai k thut
tri ph thng dng nht hin nay l FHSS v DSSS. Bng thng cho mi
CPE s khng cn l mt di hp m s l ton b bng tn s, vic xc
nh CPE thng qua mt m code ca mi CPE - m gi ngu nhin (PN
sequence).
2.6.3 FHSS (Frequency Hopping Spread Spectrum):
Hnh 2.14: Nhy tn s
V c Thng T 901 - 22 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
23/110
Bo mt mng khngdy
Hnh 2.15: Cc knh trong FHSS
Tn hiu d liu c truyn trn mt di tn rng bng k thut
truyn tn hiu trn nhng tn s sng mang khc nhau ti nhng thi im
khc nhau. Khong cch gia cc tn s sng mang FHSS c qui nh trc,
bng thng cho mi knh khong 1Mhz, trt t nhy tn c xc nh bng
mt hm gi ngu nhin. FCC yu cu bng thng phi c chia t nht thnh
75 knh (subchannel). FHSS radio c gii hn ch gi mt lng nh d liutrn mi knh trong mt chu k thi gian xc nh, trc khi nhy sang knh
tn s k tip trong chui nhy tn. Chu k thi gian ny gi l dwell time,
thng c gi tr khong 400 microseconds. Sau mi bc nhy (hop) thit
b thu pht cnphi thc hin ng b li (resynchronize) vi nhng tn s v
V c Thng T 901 - 23 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
24/110
Bo mt mng khngdy
tuyn khc trc khi c th truyn d liu. Mc ch ch yu ca vic nhy
tn gi ngu nhin nh trn l trnh hin tng giao thoa tn hiu do
knh d liu khng lm vic qu lu trn mt knh tn s c th no . Gi
s nu nh xy ra nhiu giao thoa nghim trng trn mt tn s no trong
chui nhy tn th n cng s nh hng khng nhiu n h thng. Bi qu
trnh truyn ch c thc hin ti y trong mt khong thi gian nh.
2.6.4 DSSS (Direct Sequence Spread Strectrum) :
DSSS cng thc hin vic tri ph tn hiu nh trn nhng theo mt
k thut hon ton khc. Bng thng ca tn hiu thay v c truyn trn mt
bng hp (narrow band) nh truyn thng vi ba, s c truyn trn mt khong
tn s ln hn bng k thut m ha gi ngu nhin (Pseudo-Noise sequence).
Hnh 2.16: Qu trnh tri v nn ph trong DSSS
Tn hiu bng hp v tn hiu tri ph cng c pht vi mt cng sut
v mt dng thng tin nhng mt ph cng sut (power density) ca tn hiu
V c Thng T 901 - 24 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
25/110
Bo mt mng khngdy
triph ln hn nhiu so vi tn hiu bng hp. Tn hiu d liu kt hp vi
chui m gi ngu nhin trong qu trnh m ha s cho ra mt tn hiu vi
bng thng m rng hn nhiu so vi tn hiu ban u nhng vi mc cng
sut li thp hn. Mt u im ni bt ca k thut DSSS l kh nng d phng
d liu. Bn trong tn hiu DSSS s gp d phng t nht 10 d liu ngun
trong cng mt thi gian. Pha thu ch cn m bo thu tt c 1 trong 10
tn hiu d phng trn l thnh cng. Nu c tn hiu nhiu trong bng
tn hot ng ca tn hiu DSSS, tn hiu nhiu ny c cng sut ln hn v
s c hiu nh l mt tn hiu bng hp. Do , trong qu trnh gii m ti
u thu, tn hiu nhiu ny s c tri ph v d dng loi b bi vic s l
li (gain processing). X l li l qu trnh lm gim mt ph cng
xut khi tn hiu c x l truyn v tng mt ph cng sut khidespread, vi mc ch chnh l lm tng t s S/N (Signal to Noise ratio).
2.6.5 Tng quan gia FHSS v DSSS
FH khng c qu trnh x l li do tn hiu khng c tri ph. V
th n s phi dng nhiu cng xut hn c th truyn tn hiu vi cng
mc S/N so vi tn hiu DS. Tuy nhin ti ISM band theo quy nh c mc gii
hn cng xut pht, do FH khng th c t S/N ging nh DS. Bncnh vic dng FH rt kh khn trong vic ng b gia my pht v thu v
c thi gian v tn s u yu cu cn phi c ng b. Trong khi DS ch cn
ng b v thi gian ca cc chip. Chnh v vy FH s phi mt nhiu thi
gian tm tn hiu hn, lm tng tr trong vic truyn d liu hn so vi
DS.
Nh vy chng ta c th thy DSSS l k thut tri ph c nhiu c
im u vit hn hn FHSS.Theo chun 802.11b, th s dng 14 knh DS (Direct Sequence) trong di
tn s 2,402GHz 2,483GHz, mi knh truyn rng 22MHz, nhng cc
knh ch cch nhau 5MHz, v vy cc knh cnh nhau s gy giao thoa ln
V c Thng T 901 - 25 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
26/110
Bo mt mng khngdy
nhau, do trong mt khu vc ngi ta b ch cc knh truyn sao cho
min tn s ca chng khng trng ln nhau, trong h thng 14 knh DS th
ch c 3 knh m bo khng chng ln. V d nh trong hnh sau th cc
knh 1,6,11 c sdng pht trong mt khu vc m khng gy nhiu giao
thoa cho nhau:
Hnh 2.17: B tr s knh pht trong mt khu vc
Hnh 2.18: Kh nng s dng li tn s ca phng php DSSS
V c Thng T 901 - 26 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
27/110
Bo mt mng khngdy
Nh vy trong 1 vng n tc bt vn chuyn n c th ln ti : 11Mbps x 3
= 33 Mbps, thay v 11Mbps nh khi ch c 1 knh truyn c s dng trong 1
khu vc.
2.7.CHNG THC V BO MT H THNG WLAN
2.7.1 Chng thc qua h thng m (Open Authentication) :
y l hnh thc chng thc qua vic xc nh chnh xc SSIDs (Service
Set Identifiers). Mt tp dch v m rng (ESS - Extended Service Set) gm 2
hoc nhiu hn cc im truy nhp khng dy c kt ni n cng mt
mng c dy ) l mt phn on mng logic n ( cn c gi l mt
mng con ) v c nhn dng bi SSID. Bt k mt CPE no khng c SSIDhp l s khng c truy nhp ti ESS.
2.7.2 Chng thc qua kho chia s (Shared-key Authentication):
L kiu chng thc cho php kim tra xem mt khch hng khng dy
ang c chng thc c bit v b mt chung khng. iu ny tng t
vi kho chng thc c chia s trc trong Bo mt IP ( IPSec ). Chun
802.11 hin nay gi thit rng Kho dng chung c phn phi n cc ttc cc khch hng u cui thng qua mt knh bo mt ring, c lp vi
tt c cc knh khc ca IEEE 802.11. Tuy nhin, hnh thc chng thc qua
Kho chia s ni chung l khng an ton v khng c khuyn ngh s dng.
2.7.3 Bo mt d liu thng qua WEP (Wired Equivalent
Privacy)
Vi thuc tnh c hu ca mng khng dy, truy nhp an ton ti lp
vt l n mng khng dy l mt vn tng i kh khn. Bi v khng
cn n mt cng vt l ring, bt c ngi no trong pham vi ca mt
im truy nhp dch v khng dy cng c th gi v nhn khung cng nh
theo di cc khung ang c gi khc. Chnh v th WEP (c nh
V c Thng T 901 - 27 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
28/110
Bo mt mng khngdy
ngha bi chun IEEE 802.11) c xy dng vi mc ch cung cp mc bo
mt d liu tng ng vi cc mng c dy.
Nu khng c WEP, vic nghe trm v pht hin gi t xa s trnn
rt d dng. WEP cung cp cc dch v bo mt d liu bng cch m ho dliu c gi gia cc node khng dy. M ho WEP dng lung mt m i
xng RC4 vi t kho di 40 bit hoc104 bit. WEP cung cp ton vn ca d
liu t cc li ngu nhin bng cch gp mt gi tr kim tra ton vn (ICV -
Integrity Check Value) vo phn c m ho ca khung truyn khng
dy. Vic xc nh v phn phi cc cha kho WEP khng c nh ngha v
phi c phn phi thng qua mt knh an ton v c lp vi 802.11.
2.7.4 Bo mt d liu thng qua EAP (Extensible AuthenticationProtocol) :
y l mt trong nhng hnh thc chng thc ng, kho chng thc
c thay i gi tr mt cch ngu nhin mi ln chng thc hoc ti cc
khong c chu k trong thi gian thc hin mt kt ni c chng thc.
Ngoi ra, EAP cn xc nh chng thc qua RADIUS c ngha l: khi mt CPE
mun kt ni vo mng th n s gi yu cu ti AP. AP s yu cu CPE gi
cho n mt tn hiu Identify. Sau khi nhn c tn hiu Identify ca CPE,
AP s gi tn hiu Identify ny ti server RADIUS tin hnh chng thc.
Sau , RADIUS s tr li kt qu cho AP AP quyt nh c cho php
CPE ng nhp hay khng.
V c Thng T 901 - 28 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
29/110
Bo mt mng khngdy
Chng 3
TRUYN DN TI IM T HOTSPOT V CC M HNH
U NI CHO HOTSPOT
3.1.PHNG N TRUYN DN :
Cc im hotspot s c kt ni tp trung v trung tm qun l mng
di s iu khin ca Subsscriber Gateway chung ra Internet. Phng
thc truyn dn c la chn i vi m hnh ny s l dich v xDSL
WAN. Da trn chun cng nghip ton cu ITU, gii php SHDSL s dng
truyn d liu cn bng trn mt i cp n.
Thm vo , tn hiu SHDSL c kh nng truyn dn xa hn so vi cc
kt ni s dng cng ngh ADSL v SDSL, cho php cc nh cung cp dch
v tho mn nhu cu cc khch hng xa.Cng ging nh ADSL Router,
SHDSL Router cng c tch hp DHCP v NAT server bn trong. Cng
ngh ny khin cho chi ph u t c gim i ng k do khng phi u t
thm hai server ngoi phc v DHCP vNAT.
Hnh 3.1: Phng n truyn dn
V c Thng T 901 - 29 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
30/110
Bo mt mng khngdy
3.2.M HNH U NI CHO CC HOTSPORT
3.2.1 Cac gii php ki thut trong m hnh Wireless Hotspot:
i vi h thng Wi-Fi: mi trng truyn dn l mi trng sng,truyn tin theo cc chun 802.11a, 802.11b Thc cht y c th coi l mi
trngbroadcast, tt c cc my client ng vo vng ph sng u c th bt
c tn hiu, cc AP t c kh nng iu khin c truy nhp. Cc Acces
Point hin nay bt u c pht trin h tr chun bo mt thng tin trong mi
trng Wireless l EAP (cc hng sn xut thit b a ra cc chun EAP
khc nhau nh Cisco LEAP, Microsoft PEAP, Funk PEAP).
Vi 802.1x cc AP c kh nng xc thc client, v acconting nhng
hin ang cn rt nhiu hn ch nh: cc client phi c phn mm iu khin
thch hp, AP khng c kh nng iu khin truy nhp nh Access Server trong
mi trng Dial-up, AP c h trRADIUS nhng do c nhng thng s k
thut mi nn cha cho php c kh nng s dng cc h thng database tp
trung nh ORACLE do khng c kh nng cung cp dch v trn AP nh
Access Server trong mi trng Dialup.
Gii php c a ra l s dng thit b Subscriber Gateway: Subscriber
Gateway s ng chn ti ng ra ca cc AP i Internet, mi trng sng s
lun c cc AP cung cp cho bt c mt my trm no ng trong mi
trng truyn sng. Nhng khi ngi s dng truy nhp vo mi trng sng
ca mt Access point (AP) th ngay lp tc Subscriber Gateway s tin hnh
vic xc thc thu bao.
Ngi s dng s c iu khin t ng truy nhp vo mt trang
Web xc thc c xy dng tch hp trn cc Subcriber Gateway. Ti y,username/password s c nhp vo. Subscriber Gateway lin lc vi
AAA Server tp trung ti trung tm qun l iu hnh mng theo giao thc
RADIUS ly thng tin v khch hng trong h thng c s d liu. Nu xc
thc thnh cng th ngi s dng mi c php thng qua Subscriber
V c Thng T 901 - 30 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
31/110
Bo mt mng khngdy
Gateway i ra Internet, v thng tin tnh cc s c Subscriber Gateway
gi v AAA Server. Subscriber Gateway cn c kh nng iu khin truy nhp
theo thi gian thc, linh ng, cho php cung cp cc loi dch v a dng.
3.2.2 M hinh trin khai cua Subscriber Gateway
Yu cu ca Subcriber Gateway l n phi c t ti ng ra duy
nht ca nhng h thng m n qun l, nh n mi c th iu khin
c vic truy nhp thng tin ca khch hng. Phng n trong iu kin hin
nay l dng Subcriber Gateway tp trung ti trung tm mng.
c im: Trong m hnh ny tt c cc im truy nhp (hotspot) phi
kt ni tp trung v trung tm mng, sau i qua h thng Subcriber
Gateway i ra Internet. H thng mng gia cc im truy nhp vi trung
tm mng phi l mng ring khng lin quan ti Internet, ng ra Internet
duy nht l qua h thng SubcriberGateway.
Hnh 3.2: M hnh trin khai Gateway
u im: Qun l tp trung, trao i thng tin AAA gia
Subcriber Gateway v AAA Server ch l trao i thng tin trong
mng nib.
Nhc im: Tt c lu lng u phi i qua WAN v Subcriber
Gateway ti trung tm mng cho d thu bao l khng hp l, v
V c Thng T 901 - 31 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
32/110
Bo mt mng khngdy
khng c php i Internet,cc lu lng ny s lm gim hiu sut
mng.
3.2.3 M hinh u ni ca cc hotspot
Trin khai theo m hnh tp trung, k thut truyn dn s dng u
ni lSHDSL.
Hnh 3.3: M hnh u ni cc Hotspot
Trong m hnh ny cc im hotspot bao gm cc AP c kt ni v
trung tm bng mt SHDSL Router. Cc chc nng DHCP v NAT s c
thc hin trn cc Router.
V c Thng T 901 - 32 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
33/110
Bo mt mng khngdy
Chng 4
WEP VLC(FILTERING)
Wireless Lan vn khng phi l mt mng an ton, tuy nhin ngay c
vi Wired Lan v Wan, nu bn khng c bin php bo mt th n cng khng
an ton. Cha kha m ra s an ton ca WLAN v gi cho n c an
ton l s thc hin v qun l n. o to ngi qun tr mt cch cn bn,
trn nhng cng ngh tin tin l cch quan trng to s an ton cho WLAN.
Trong phn ny chng ta s bn n bin php bo mt theo chun 802.11
bit, WEP. Tuy nhin bn thn WEP khng phi l ngn ng bo mt duy
nht, mt mnh WEP khng th m bo an ton tuyt i cho WLAN. V vym chng ta cn xem xt ti sao c s hn ch trong bo mt ca WEP, phm vi
ng dng ca WEP, v cc bin php khcphc.
Trong phn ny chng ta cng cp n mt vi bin php tn cng,
t m ngi qun tr s a c ra cc bin php phng nga. Sau
chng ta cng bn v cc bin php bo mt sn c, nhng cha c tha
nhn chnh thc bi bt c chun 802. no. Cui cng chng ta cng a ra vi
khuyn ngh v cc chnh sch bo mt cho WLAN.
4.1.WEP ( WIRED EQUIVALENT PRIVACY )
WEP (Wired Equivalent Privacy) l mt thut ton m ha s dng qu
trnh chng thc kha chia s cho vic chng thc ngi dng v m ha
phn d liu truyn trn nhng phn on mng Lan khng dy. Chun
IEEE 802.11 c bit s dng WEP.
WEP l mt thut ton n gin, s dng b pht mt chui m ngu nhin,
Pseudo Random Number Generator (PRNG) v dng m RC4. Trong vi nm,
thut ton ny c bo mt v khng sn c, thng 9 nm 1994, mt vi
ngi a m ngun ca n ln mng. Mc d bay gi m ngun l sn c,
V c Thng T 901 - 33 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
34/110
Bo mt mng khngdy
nhng RC4 vn c ng k bi RSADSI.Chui m RC4 th m ha v gii
m rt nhanh, n rt d thc hin, v n gin cc nh pht trin phn
mm c th dng n m ha cc phn mm ca mnh.
Hnh 4.1: S qu trnh m ha s dng WEP
Hnh 4.2: S qu trnh gii m WEP
- ICV gi tr kim tra tnh ton vn
Thut ton RC4 khng thc s thch hp cho WEP, n khng lm
phng php bo mt duy nht cho mng 802.11. C hai loi 64 bit v 128bit u c cng vector khi to, Initialization Vector (IV), l 24 bit. Vector
khi to bng mt chui cc s 0, sau tng thm 1 sau mi gi dc gi. Vi
mt mng hot ng lin tc, th s kho st ch ra rng, chui m ny c th
s b trn trong vng na ngy, v th m vector ny cn c khi ng li
V c Thng T 901 - 34 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
35/110
Bo mt mng khngdy
t nht mi ln mt ngy, tc l cc bit li tr v 0. Khi WEP c s dng,
vectorkhi to (IV) c truyn m khng c m ha cng vi mt gi
c m ha. Vic phi khi ng li v truyn khng c m ha l
nguyn nhn cho mt vi kiu tn cng sau:
-Tn cng ch ng chn gi tin mi: Mt trm di ng khng
cphp c th chn cc gi tin vo mng m c th hiu c, m khng
cn gii m.
- Tn cng ch ng gii m thng tin: Da vo s nh la im
truy nhp.
- Tn cng nh vo t in tn cng c xy dng: Sau khi thu
thp thng tin, cha kha WEP co th b crack bng cc cng c phn mmminph. Khi WEP key b crack, th vic gii m cc gi thi gian thc c
th thc hin bng cch nghe cc gi Broadcast, s dng cha kha WEP.
- Tn cng b ng gii m thng tin: S dng cc phn tch
thng k gii m d liu ca WEP.
4.1.1 Tai sao WEP c chon
WEP khng c an ton, vy ti sao WEP li c chn v a vo
chun 802.11? Chun 802.11 a ra cc tiu chun cho mt vn c gi
lbo mt, l:
- C th xut khu
- mnh
- Kh nng tng thch
- Kh nng c tnh c
- Ty chn, khng btbuc
WEP hi t cc yu t ny, khi c a vo thc hin, WEP d
nh h tr bo mt cho mc ch tin cy, iu khin truy nhp, v ton vn d
liu. Ngi ta thy rng WEP khng phi l gii php bo mt y cho
V c Thng T 901 - 35 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
36/110
Bo mt mng khngdy
WLAN, tuy nhin cc thit b khng dy u c h tr kh nng dng
WEP, v iu c bit l h c th b sung cc bin php an ton cho WEP.
Mi nh sn xut c th s dng WEP vi cc cch khc nhau. Nh chun
Wi-fi ca WECA ch s dng t kha WEP 40 bit, mt vi hng sn xut la
chn cch tng cng cho WEP, mt vi hng khc li s dng mt chun mi
nh l 802.1X vi EAP hoc VPN.
4.1.2 Chia khoa WEP
Vn ct li ca WEP l cha kha WEP (WEP key). WEP key l
mt chui k t ch ci v s, c s dng cho hai mc ch cho WLAN
- Cha kha WEP c s dng xc nh s cho php ca mt Station
- Cha kha WEP dng m ha d liu
Khi mt client m s dng WEP c gng thc hin mt s xc thc v
lin kt ti vi mt AP (Access Point). AP s xc thc xem Client c cha
kha c xc thc hay khng, nu c, c ngha l Client phi c mt t kha l
mt phn ca cha kha WEP, cha kha WEP ny phi c so khp trn c
kt ni cui cng ca WLAN.
Mt nh qun tr mng WLAN (Admin), c th phn phi WEP key bngtay hoc mt phng php tin tin khc. H thng phn b WEP key c th
n gin nh s thc hin kha tnh, hoc tin tin s dng Server qun l cha
kha m ha tp trung. H thng WEP cng tin tin, cng ngn chn c
kh nngb ph hoi, hack.
WEP key tn ti hai loi, 64 bit v 128 bit, m i khi bn thy vit l 40
bit v 104 bit. L do ny l do c hai loi WEP key u s dng chung mt
vectorkhi to, Initialization Vector (IV) 24 bit v mt t kha b mt 40 bithoc 104 bit. Vic nhp WEP key vo client hoc cc thit b ph thuc
nh l bridge hoc AP th rt n gin. N c cu hnh nh hnh v sau :
V c Thng T 901 - 36 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
37/110
Bo mt mng khngdy
Hnh 4.3: Giao din nhp cha kha Wep
Hu ht cc Client v AP c th a ra ng thi 4 WEP key, nhm h
trcho vic phn on mng. V d, nu h tr cho mt mng c 100 trm
khch: a ra 4 WEP key thay v mt th c th phn s ngi dng ra lm
4 nhm ring bit, mi nhm 25, nu mt WEP key b mt, th ch phi
thay i 25 Station v mt n hai AP thay v ton b mng.
Mt l do na cho vic dng nhiu WEP key, l nu mt Card tch
hp c kha 64 bit v kha 128 bit, th n c th dng phng n ti u nht,
ng thi nu h tr 128 bit th cng c th lm vic c vi cha kha 64 bit.
Theo chun 802.11, th cha kha Wep c s dng l cha kha Wep
tnh. Nu chn Wep key tnh bn phi t gn mt wep key tnh cho mt
AP hoc Client lin kt vi n, Wep key ny s khng bao gi thay i. N c
th l mt phng php bo mt cn bn, n gin, thch hp cho nhng
WLAN nh, nhng khng thch hp vi nhng mng WLAN quy m ln
hn. Nu ch s dng Wep tnh th rt d dn n s mt an ton.
Xt trng hp nu mt ngi no lm mt Card mng WLAN ca
h, card mng cha chng trnh c s m c th truy nhp vo WLAN
cho ti khi kha tnh ca WLAN c thay i.
V c Thng T 901 - 37 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
38/110
Bo mt mng khngdy
Hnh 4.4 : S h tr s dng nhiu cha kha WEP
4.1.3 Sever qun l cha kho m ho tp trung
Vi nhng mng WLAN quy m ln s dng WEP nh mt phng
phpbo mt cn bn, server qun l cha kha m ha tp trung nn c s
dng v nhng l do sau :
- Qun l sinh cha kha tp trung.
- Qun l vic phn b cha kha mt cch tp trung.
- Thay i cha kha lunphin.
- Gim bt cng vic cho nh qun l.
Bt k s lng thit b khc nhau no cng c th ng vai tr mt
server qun l cha kha m ha tp trung. Bnh thng, khi s dng WEP,
nhng cha kha (c to bi ngi qun tr) thng c nhp bng tay
vo trong cc trm v cc AP. Khi s dng server qun l cha kha m ha tp
trung, mt qu trnh t ng gia cc trm, AP v server qun l s thc hin
vic trao cc cha kha WEP. Hnh sau m t cch thit lp mt h thng nh
V c Thng T 901 - 38 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
39/110
Bo mt mng khngdy
vy
Hnh 4.5 : Cu hnh qun l cha kha m ha tp trungServer qun l cha kha m ha tp trung cho php sinh cha kha trn
mi gi, mi phin, hoc cc phng php khc, ph thuc vo s thc hin ca
cc nh sn xut.
Phn phi cha kha WEP trn mi gi, mi cha kha mi s c gn
vophn cui ca cc kt ni cho mi gi c gi, trong khi , phn phi
cha kha WEP trn mi phin s dng mt cha kha mi cho mi mt
phin mi gia cc node.
4.1.4 Cach s dng WEP
Khi WEP c khi to, d liu phn ti ca mi gi c gi, s
dng WEP, c m ha; tuy nhin, phn header ca mi gi, bao gm
a ch MAC, khng c m ha, tt c thng tin lp 3 bao gm a ch
ngun v a ch ch c m ha bi WEP.
Khi mt AP gi ra ngoi nhng thng tin dn ng ca n trn mtWLAN ang s dng WEP, nhng thng tin ny khng c m ha. Hy
nh rng, thng tin dn ng th khng bao gm bt c thng tin no ca lp
3.
V c Thng T 901 - 39 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
40/110
Bo mt mng khngdy
Khi cc gi c gi i m s dng m ha WEP, nhng gi ny phi
c gii m. Qu trnh gii m ny chim cc chu k ca CPU, n lm gim
ng k thng lng trn WLAN. Mt vi nh sn xut tch hp cc CPU
trn cc AP ca h cho mc ch m ha v gii m WEP. Nhiu nh sn xut
li tch hp c m ha v gii m trn mt phn mm v s dng cng CPU
m c s dng cho qun l AP, chuyn tip gi. Nh tch hp WEP trong
phn cng, mt AP c th duy tr thng lng 5Mbps hoc nhiu hn. Tuy
nhin s bt li ca giiphp ny l gi thnh ca AP tng ln hn so vi AP
thng thng.
WEP c th c thc hin nh mt phng php bo mt cn bn,
nhng cc nh qun tr mng nn nm bt c nhng im yu ca WEP v
cch khc phc chng. Cc Admin cng nn hiu rng, mi nh cung cp s
dng WEP c th khc nhau, v vy gy ra tr ngi trong vic s dng phn
cng ca nhiu nh cung cp.
khc phc nhng khim khuyt ca WEP, chun m ha tin tin
Advanced Encryption Standard (AES) ang c cng nhn nh mt s
thay th thch hp cho thut ton RC4.AES s dng thut ton Rijndale (RINE-
dale) vi nhng loi cha kha sau:
- 128bit- 192bit- 256bit
AES c xt l mt phng php khng th crack bi hu ht ngi
vit mt m, v NIST (National Institute of Standards and Technology) chn
AES cho FIPS (Federal Information Processing Standard). Nh mt phn ci
tin cho chun 802.11, 802.11i c xem xt s dng AES trong WEP v.2.
AES, nu c ng bi 802.11i, s dng trong WEP v2, s c thc
hin trong phn vi chng trnh v cc phn mm bi cc nh cung cp.
Chng trnh c s trong AP v trong Client (Card v tuyn PCMCIA) s
phi c nng cp h tr AES. Phn mm trm khch (cc driver v cc
V c Thng T 901 - 40 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
41/110
Bo mt mng khngdy
tin ch my khch) s h tr cu hnh AES cng vi cha kha b mt.
4.2.LC ( FILTERING)
Lc (Filtering) l mt c ch bo mt cn bn m c th dng b sungcho WEP v/hoc AES. Lc theo ngha en l chn nhng g khng mong
mun v cho php nhng g c mong mun. Filter lm vic ging nh l
mt danh sch truy nhp trn router: bng cch xc nh cc tham s m cc
trm phi gn vo truy cp mng. Vi WLAN th vic xc nh xem
cc my trm l ai v phi cu hnh nh th no. C ba loi cn bn ca
Filtering c th thc hin trn WLAN.
- Lc SSID- Lc a ch MAC- Lc giao thc
on ny s miu t mi loi ny l g, n c th lm g cho ngi
qun tr v phi cu hnh n nh th no.
4.2.1 Loc SSID
Lc SSID (SSID Filtering) l mt phng php lc s ng, v nn chc dng cho hu ht cc iu khin truy nhp. SSID (Service Set Identifier)
ch l mt thut ng khc cho tn mng. SSID ca mt trm WLAN phi
khp vi SSID trn AP (ch c s, infracstructure mode) hoc ca cc
trm khc (ch c bit, Ad-hoc mode) chng thc v lin kt Client
thit lp dch v. V l do SSID c pht qung b trong nhng bn tin dn
ng m AP hoc cc Station gi ra, nn d dng tm c SSID ca mt
mng s dng mt b phn tch mng, Sniffer. Nhiu AP c kh nng ly
cc SSID ca cc khung thng tin dn ng (beacon frame). Trong trng
hp ny client phi so khp SSID lin kt vi AP. Khi mt h thng c
cu hnh theo kiu ny, n c gi l h thng ng, closed system. Lc
SSID c coi l mt phng php khng tin cy trong vic hn ch nhng
V c Thng T 901 - 41 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
42/110
Bo mt mng khngdy
ngi s dng tri php ca mt WLAN.
Mt vi loi AP c kh nng g b SSID t nhng thng tin dn ng
hoc cc thng tin kim tra. Trong trng hp ny, gia nhp dch v mt
trmphi c SSID c cu hnh bng tay trong vic thit t cu hnh driver.Mt vi li chung do ngi s dng WLAN to ra khi thc hin SSID l:
-S dng SSID mc nh: S thit lp ny l mt cch khc a ra
thng tin v WLAN ca bn. N n gin s dng mt b phn tch mng
ly a ch MAC khi ngun t AP, v sau xem MAC trong bng
OUI ca IEEE, bng ny lit k cc tin t a ch MAC khc nhau m c
gn cho cc nh sn xut. Cch tt nht khc phc li ny l: Lun lun
thay i SSID mc nh.-Lm cho SSID c g lin quan n cng ty: Loi thit lp ny l
mt mo him v bo mt v n lm n gin ha qu trnh mt hacker tm
thy v tr vt l ca cng ty. Khi tm kim WLAN trong mt vng a l c
bit th vic tm thy v tr vt l ca cng ty hon thnh mt na cng
vic. Khi mt ngi qun tr s dng SSID m t tn lin quan n tn cty
hoc t chc, vic tm thy WLAN s l rt d dng. Do hy nh rng:
lun lun s dng SSID khng lin quan n Cng ty.
-S dng SSID nh nhng phng tin bo mt mng WLAN: SSID
phi c ngi dng thay i trong vic thit lp cu hnh vo mng. N
nn c s dng nh mt phng tin phn on mng ch khng phi
bo mt, v th hy: lun coi SSID ch nh mt ci tn mng.
- Khng cn thit qung b cc SSID: Nu AP ca bn c kh
nng chuyn SSID t cc thng tin dn ng v cc thng tin phn hi
kim tra th hy cu hnh chng theo cch . Cu hnh ny ngn cn nhng
ngi nghe v tnh khi vic gy ri hoc s dng WLAN cabn.
V c Thng T 901 - 42 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
43/110
Bo mt mng khngdy
4.2.2 Loc a ch MAC
WLAN c th lc da vo a ch MAC ca cc trm khch. Hu ht
tt c cc AP, thm ch c nhng ci r tin, u c chc nng lc MAC.
Ngi qun tr mng c th bin tp, phn phi v bo tr mt danh sch nhnga ch MAC c php v lp trnh chng vo cc AP. Nu mt Card PC hoc
nhng Client khc vi mt a ch MAC m khng trong danh sch a ch
MAC ca AP, n s khng th n c im truy nhp . Hnh v:
Hnh 4.6: Lc a ch MAC
Tt nhin, lp trnh cc a ch MAC ca cc Client trong mng
WLAN vo cc AP trn mt mng rng th khng thc t. B lc MAC c th
c thc hin trn vi RADIUS Server thay v trn mi im truy nhp.
Cch cu hnh ny lm cho lc MAC l mt gii php an ton, v do c kh
nng c la chn nhiu hn. Vic nhp a ch MAC cng vi thng tin xc
nh ngi s dng vo RADIUS kh l n gin, m c th phi c nhp
bng bt c cch no, l mt gii php tt. RADIUS Server thng tr n cc
ngun chng thc khc, v vy cc ngun chng thc khc phi c h tr b
lc MAC.
B lc MAC c th lm vic tt trong ch ngc li. Xt mt v d,
mt ngi lm thu b vic v mang theo c Card Lan khng dy ca h. Card
Wlan ny nm gi c cha kha WEP v b lc MAC v th khng th h
V c Thng T 901 - 43 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
44/110
Bo mt mng khngdy
cn c quyn s dng. Khi ngi qun tr c th loi b a ch
MAC ca my khch ra khi danh sch chophp.
Mc d Lc MAC trng c v l mt phng php bo mt tt, chng
vn cn d b nh hng bi nhng thm nhp sau:- S n trm mt Card PC trong c mt b lc MAC ca AP.
- Vic thm d WLAN v sau gi mo vi mt a ch MAC thm nhp vo mng.
Vi nhng mng gia nh hoc nhng mng trong vn phng nh, ni m
c mt s lng nh cc trm khch, th vic dng b lc MAC l mt gii
phpbo mt hiu qa. V khng mt hacker thng minh no li tn hng gi
truy nhp vo mt mng c gi tr s dng thp.
4.2.3 Circumventing Mac Filter
a ch MAC ca Client WLAN thng c pht qung b bi cc AP
v Bridge, ngay c khi s dng WEP. V th mt hacker m c th nghe c
lu lng trn mng ca bn c th nhanh chng tm thy hu ht cc a ch
MAC m c cho php trn mng khng dy ca bn. mt b phn
tch mng thy c a ch MAC ca mt trm, trm phi truyn mt khungqua on mng khng dy, y chnh l c s a n vic xy dng mt
phng phpbo mt mng, to ng hm trong VPN, m s c cp
phn sau.
Mt vi card PC khng dy cho php thay i a ch MAC ca h thng
qua phn mm hoc thm ch qua cch thay i cu hnh h thng. Mt
hacker c danh sch cc a ch MAC cho php, c th d dng thay i a ch
MAC ca card PC ph hp vi mt card PC trn mng ca bn, v do truynhp ti ton b mng khng dy cabn.
Do hai trm vi cng a ch MAC khng th ng thi tn ti trn mt
WLAN, hacker phi tm mt a ch MAC ca mt trm m hin thi khng
trn mng. Chnh trong thi gian trm di ng hoc my tnh sch tay khng c
V c Thng T 901 - 44 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
45/110
Bo mt mng khngdy
trn mng l thi gian m hacker c th truy nhp vo mng tt nht.
Lc MAC nn c s dng khi kh thi, nhng khng phi l c ch
bo mt duy nht trn my cabn.
4.2.4 Loc giao thc
Mng Lan khng dy c th lc cc gi i qua mng da trn cc giao
thc lp 2-7. Trong nhiu trng hp, cc nh sn xut lm cc b lc giao
thc c th nh hnh c lp cho c nhng on mng hu tuyn v v tuyn
ca AP.
Tng tng mt hon cnh, trong mt nhm cu ni khng dy c
t trn mt Remote building trong mt mng WLAN ca mt trng ihc m kt ni li ti AP ca ta nh k thut trung tm. V tt c nhng ngi
s dng trong remote building chia s bng thng 5Mbs gia nhng ta nh
ny, nn mt s lng ng k cc iu khin trn cc s dng ny phi c
thc hin. Nu cc kt ni ny c ci t vi mc ch c bit ca s truy
nhp internet ca ngi s dng, th b lc giao thc s loi tr tt c cc
giao thc, ngoi trSMTP, POP3, HTTP, HTTPS, FTP. . .
Hnh 4.7: Lc giao thc
V c Thng T 901 - 45 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
46/110
Bo mt mng khngdy
Chng 5
KH NNG TN CNG TRN WLAN,CC GII
PHP,CHNH SCH V KHUYN CO V BO MT
5.1. CC KH NNG TN CNG TRN WLAN
Mt s tn cng c c th gy v hiu ha hoc c th tm cch truy
nhp WLAN tri php theo mt vi cch.
Tn cng b ng (Nghe trm) Passive attacks.
Tn cng ch ng (kt ni, d v cu hnh mng) Active attacks.
Tn cng theo kiu chn p, Jamming attacks.
Tn cng theo kiu thu ht, Man-in-the-middle attacks.
Trn y ch lit k mt vi kiu tn cng, trong mt vi kiu c th
thc hin c theo nhiu cch khc nhau.
5.1.1 Tn cng b ng
Nghe trm c l l phng php n gin nht, tuy nhin n vn c hiu
qu i vi WLAN. Tn cng b ng nh mt cuc nghe trm, m khng pht
hin c s c mt ca ngi nghe trm (hacker) trn hoc gn mng khi
hacker khng thc s kt ni ti AP lng nghe cc gi tin truyn qua
phn on mng khng dy. Nhng thit b phn tch mng hoc nhngng dng khc c s dng ly thng tin ca WLAN t mt khong
cch vi mt antenhng tnh.
V c Thng T 901 - 46 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
47/110
Bo mt mng khngdy
Hnh 5.1 : Tn cng b ng
Phng php ny cho php hacker gi khong cch thun li khng
b pht hin, nghe v thu nht thng tin qu gi.
Hnh 5.2 : Qu trnh ly cha kha WEP
C nhng ng dng c kh nng ly pass t cc Site HTTP, email,
cc instant messenger, cc phin FTP, cc phin telnet m c gi di dng
text khng c m ha. C nhng ng dng khc c th ly pass trn nhng
V c Thng T 901 - 47 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
48/110
Bo mt mng khngdy
phn on mng khng dy gia Client v Server cho mc ch truy nhp
mng.
Hy xem xt tc ng nu mt hacker tm c cch truy nhp ti
mt domain ca ngi s dng, hacker s ng nhp vo domain cangi s dng v gy hu qu nghim trng trn mng. Tt nhin vic l
do hacker thc hin, nhng ngi dng l ngi phi trc tip chu trch
nhim, v gnh chu mi hu qu, v c th i ti ch mt vic.
Xt mt tnh hung khc m trong HTTP hoc email password b ly
trn nhng phn on mng khng dy, v sau c hacker s dng vi mc
ch truy nhp ti WLAN .
5.1.2 Tn cng ch ng
Nhng hacker c th s dng phng php tn cng ch ng thc
hin mt vi chc nng trn mng. Mt s tn cng ch ng c th c
dng tm cch truy nhp ti mt server ly nhng d liu quan trng,
s dng s truy nhp ti mng internet ca t chc cho nhng mc ch c
hi, thm ch thay i cu hnh c s h tng mng. Bng cch kt ni ti
mt mng WLAN thng qua mt AP, mt ngi s dng c th bt uthm nhp xu hn vo trong mng v thm ch lm thay i chnh mng
khng dy .
Chng hn mt hacker qua c b lc MAC, sau hacker c th tm
cch ti AP v g b tt c cc b lc MAC, lm cho n d dng hn trong ln
truy nhp tip theo. Ngi qun tr c th khng n s kin ny trong
mt thigian. Hnh di y m t mt kiu tn cng ch ng trn WLAN.
V c Thng T 901 - 48 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
49/110
Bo mt mng khngdy
Hnh 5.3 : Tn cng ch ng
Mt vi v d ca tn cng ch ng c th nh vic gi bomb, cc spam
do cc spammer hoc cc doanh nghip i th mun truy nhp n h s ca
bn. Sau khi thu c mt a ch IP t DHCP server ca bn, hacker c th gi
hng ngn l th s dng kt ni Internet v ISPs email server ca bn m bn
khngbit. Kiu tn cng ny c th l nguyn nhn m ISP ca bn ct kt
ni cho email ca bn do s lm dng email, mc d li khng phi dobn gy ra. Mt i th c th ly bng danh sch khch hng, bng lng
ca bn m khng b pht hin.
Khi hacker c kt ni khng dy ti mng ca bn th anh ta cng c th
truy cp vo mng hu tuyn trong vn phng, v hai s kin khng khc nhau
nhiu. Nhng kt ni khng dy cho php hacker v tc , s truy nhp ti
server, kt ni ti mng din rng, kt ni internet, ti desktop v laptop ca
nhng ngi s dng.Vi mt vi cng c n gin, c th ly cc thng
tin quan trng, chim quyn ca ngi s dng, hoc thm ch ph hy
mng bng cch cu hnh li mng.
S dng cc server tm kim vi vic qut cc cng, to nhng phin rng
chia s v c nhng server phc v vic c nh password, hacker khng
V c Thng T 901 - 49 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
50/110
Bo mt mng khngdy
th thay i c pass, nng cao cc tin ch v ngn chn kiu tn cng
ny.
5.1.3 Tn cng theo kiu chn p
Trong khi mt hacker s dng phng php tn cng b ng, ch
ng ly thng tin t vic truy cp ti mng ca bn, tn cng theo kiu chn
p, Jamming, l mt k thut s dng n gin ng mng ca bn.
Tng t nh vic k ph hoi sp t mt s t chi dch v mt cch p
o, s tn cng c nhm vo Web server, v vy mt WLAN c th ngng
lm vicbi mt tn hiu RF p o. Tn hiu RF c th v tnh hoc c ,
v tn hiu c th di chuyn hoc c nh. Khi mt hacker thc hin mt
cuc tn cng Jamming c ch , hacker c th s dng thit b WLAN nhngc nhiu kh nng hn l hacker s dng mt my pht tn hiu RF cng sut
cao hoc myto sng qut.
Hnh 5.4 : Tn cng theo kiu chn p
loi b kiu tn cng ny, yu cu trc ht l tm c ngun pht
tnh hiu RF ,bng cch phn tch ph.C nhiu my phn tch ph trn
th trng, nhng mt my phn tch ph cm tay v chy bng pin thi tin li
V c Thng T 901 - 50 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
51/110
Bo mt mng khngdy
hn c.
Mt vi nh sn xut ch to nhng b phn tch ph cm tay, trong khi
mt vi nh sn xut khc to ra cc phn mm phn tch ph cho ngi
dng tch hp ngay trong cc thit b WLAN.Khi Jamming gy ra bi mt ngun c nh, khng ch , nh mt
thp truyn thng hoc cc h thng hp php khc, th ngi qun tr WLAN
c thphi xem xt n vic s dng b thit t cc tn s khc nhau.
V d nu mt admin c trch nhim thit k v ci t mt mng RF
trong mt khu phng rng, phc tp, th ngi cn phi xem xt mt cch k
cng theo th t. Nu ngun giao thoa l mt in thoi, hoc cc thit b lm
vic di tn 2,4Ghz, th admin c th s dng thit b di tn UNII, 5Ghz,thay v di tn 802.11b, 2,4Ghz v chia s di tn ISM 2,4Ghz vi cc thit b
khc.
S Jamming khng ch xy ra vi mi thit b m dng chung di
tn 2,4Ghz. Jamming khng phi l s e da nghim trng v jamming khng
th c thc hin ph bin bi hacker do vn gi c ca thit b, n
qu t trong khi hacker ch tm thi v hiu ha c mng.
5.1.4 Tn cng bng cch thu ht
Kiu tn cng ny, Man-in-the-middle Attacks, l mt tnh trng m
trong mt c nhn s dng mt AP chim ot s iu khin ca mt
node di ng bng cch gi nhng tn hiu mnh hn nhng tn hiu hp
php m AP ang gi ti nhng node . Sau node di ng kt hp vi
AP tri php ny, gi cc d liu ca ngi xm nhp ny, c th l cc
thng tin nhy cm. Hnh v sau a ra mt m hnh cho s tn cng kiu ny
V c Thng T 901 - 51 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
52/110
Bo mt mng khngdy
Hnh 5.5 : Man-in-the-middle attacks
cc client lin kt vi AP tri php th cng sut ca AP phi cao
hn nhiu ca cc AP khc trong khu vc v i khi phi l nguyn nhntch cc cho cc user truy nhp ti. Vic mt kt ni vi AP hp php c th
nh l mt vic tnh c trong qu trnh vo mng, v mt vi client s kt
ni ti AP triphp mt cch ngu nhin.
Ngi thc hin man-in-the-middle attack trc tin phi bit SSID
m client s dng, v phi bit WEP key ca mng, nu n ang c s dng.
Kt ni ngc (hng v pha mng li) t AP tri php c iu
khin thng qua mt thit b client nh l PC card, hoc workgroup bridge.
Nhiu khi man-in-the-middle attack c sp t s dng mt laptop vi
hai PCMCIA card. Phn mm AP chy trn mt laptop m mt PC card
c s dng nh l mt AP v PC card th hai c dng kt ni laptop ti
gn AP hpphp. Kiu cu hnh ny lm laptop thnh mt man-in-the-middle
attack vn hnh gia client v AP hp php. Mt hacker theo kiu man-
in-the-middle attack c th ly c cc thng tin c gi tr bng cch chy mt
chng trnhphn tch mng trn laptop trong trng hp ny.
V c Thng T 901 - 52 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
53/110
Bo mt mng khngdy
Hnh 5.6 : Trc cuc tn cng
Hnh 5.7 : V sau cuc tn cng
Mt iu c bit vi kiu tn cng ny l ngi s dng khng th
pht hin ra c cuc tn cng, v lng thng tin m thu nht c bng kiu
tn cng ny l gii hn, n bng lng thng tin th phm ly c trong
khi cn trn mng m khng b pht hin.
Bin php tt nht ngn nga loi tn cng ny l bo mt lp vt l
V c Thng T 901 - 53 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
54/110
Bo mt mng khngdy
5.2.CC GII PHP BO MT C NGH
V WLAN vn khng phi l an ton, bn cnh WEP cng
khng phi l phng php bo mt duy nht v hon ho cho WLAN,nn y l c hi quan trng a ra cc phng php bo mt b sung
cho WLAN.
Nhng phng php bo mt ny c a ra c th ng vai tr
quan trng trong mng Lan khng dy ca bn.
5.2.1 Quan l cha kho WEP
Thay v s dng cha kha WEP tnh, m c th d dng b pht hinbi hacker. WLAN c th c bo mt hn bi vic thc hin cc cha
kha trn tng phin hoc tng gi, s dng mt h thng phn phi cha
kha tp trung.
S phn phi cha kha WEP cho mi phin, mi gi s gn mt cha
kha WEP mi cho c Client v AP cho mi phin hoc mi gi
c gi gia chng. Trong khi kha ng thm nhiu overhead v gim
bt lu lng, chng lm cho vic hack vo mng thng qua nhng onmng khng dy tr ln kh khn hn nhiu. Hacker c th phi d on
chui cha kha m serverphnphi cha kha ang dng, iu ny l rt
kh.
Hy nh l WEP ch bo v thng tin lp 3-7 v d liu phn ti,
nhng khng m ha a ch MAC hoc cc thng tin dn ng. Mt
b phn tch mng c th bt bt c thng tin no c truyn qung b
trong bn tin dn ng t AP hoc bt c thng tin a ch MAC notrong nhng gi unicast t client.
t mt server qun l cha kha m ha tp trung vo ch
thch hp, ngi qun tr WLAN phi tm mt ng dng m thc hin
nhim v ny, mua mt server vi mt h iu hnh thch hp, v cu hnh
V c Thng T 901 - 54 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
55/110
Bo mt mng khngdy
ng dng theo nhu cu. Qu trnh ny c th tn km v cn nhiu thi gi,
ph thuc vo quy m trin khai. Tuy nhin chi ph s nhanh chng thu li
c nh vic ngn nga nhngph tn thit hi do hacker gy ra.
5.2.2 Wireless VPNs
Nhng nh sn xut WLAN ngy cng tng cc chng trnh phc v
mng ring o, VPN, trong cc AP, Gateway, cho php dng k thut VPN
bo mt cho kt ni WLAN. Khi VPN server c xy dng vo AP, cc
client s dng phn mm Off-the-shelf VPN, s dng cc giao thc nh
PPTP hoc Ipsec hnh thnh mt ng hm trc tip ti AP.
Trc tin client lin kt ti im truy nhp, sau quay s ktni VPN, c yu cu thc hin client i qua c AP. Tt c lu
lng c qua thng qua ng hm, v c th c m ha thm mt
lp an ton. Hnh sau y m t mt cu hnh mng nh vy :
Hnh 5.8: Wireless VPN
V c Thng T 901 - 55 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
56/110
Bo mt mng khngdy
S s dng PPTP vi nhng bo mt c chia s rt n gin
thc hin v cung cp mt mc an ton hp l, c bit khi c thm m
ha WEP. S s dng Ipsec vi nhng b mt dng chung hoc nhng scho php l gii php chung ca s la chn gia nhng k nng bo
mt trong phm vi hot ng ny. Khi VPN server c cung cp vo
trong mt Gateway, qu trnh xy ra tng t, ch c iu sau khi client
lin kt vi AP, ng hm VPN c thit lp vi thit b gateway thay
v vi bn thn AP.
Cng c nhng nh cung cp ang n gh ci tin cho nhng gii
php VPN hin thi ca h (phn cng hoc phn mm) h tr ccclient khng dy v cnh tranh trn th trng WLAN. Nhng thit b
hoc nhng ng dng ny phc v trong cng kh nng nh Gateway,
gia nhng on v tuyn v mng li hu tuyn. Nhng gii php VPN
khng dy kh n gin v kinh t. Nu mt admin cha c kinh nghim
vi cc gii php VPN, th nn tham d mt kha o to trc khi thc
hin n. VPN m h tr cho WLAN c thit k mt cch kh n gin,
c th c trin khai bi mt ngi ang tp s, chnh iu l gii tisao cc thit b ny li ph bin nh vy i vi ngi dng.
5.2.3 Ki thut ch kho nhy
Gn y, k thut cha kha nhy s dng m ha MD5 v nhng
cha kha m ha thay i lin tc tr ln sn dng trong mi trng
WLAN. Mng thay i lin tc, hops, t mt cha kha ny n mt
cha kha khc thng thng 3 giy mt ln. Gii php ny yu cu phn
cng ring v ch l gii php tm thi trong khi ch s chp thun
chun bo mt tin tin 802.11i. Thut ton cha kha ny thc hin nh
vy khc phc nhng nhc im ca WEP, nh vn v vector khi
to.
V c Thng T 901 - 56 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
57/110
Bo mt mng khngdy
5.2.4 Temporal Key Intergrity Protocol(TKIP)TKIP thc cht l mt s ci tin WEP m vn gi nhng vn bo
mt bit trong WEP ca chui dng s RC4. TKIP cung cp cch lm ri
vectorkhi to chng li vic nghe ln cc gi mt cch th ng. N
cng cung cp s kim tra tnh ton vn thng bo gip xc nh liu
c phi mt ngi s dng khng hp php sa i nhng gi tin bng
cch chn vo lu lng c th crack cha kha. TKIP bao gm s s
dng cc cha kha ng chng li s n cp cc cha kha mt cch bng, mt l hng ln trong chun WEP.
TKIP c th thc hin thng qua cc vi chng trnh c nng cp
cho AP v bridge cng nh nhng phn mm v vi chng trnh nng cp
cho thit b client khng dy. TKIP ch r cc quy tc s dng vector
khi to, cc th tc to li cha kha da trn 802.1x, s trn cha kha
trn mi gi v m ton vn thng bo. S c s gim tnh thc thi khi s
dng TKIP, tuy nhin b li l tnhbo mt c tng cng ng k, nto ra mt s cn bng hp l.
5.2.5 Nhng gii php da trn AES
Nhng gii php da trn AES c th thay th WEP s dng RC4,
nhng ch l tm thi. Mc d khng c sn phm no s dng AES
ang c trn th trng, mt vi nh sn xut ang thc hin a chng
ra th trng. Bn d tho 802.11i ch r s s dng ca AES, v xemxt cc ngi s dng trong vic s dng n. AES c v nh l mt b
phn hon thnh chun ny.
K thut m ha d liu ang thay i ti mt gii php mnh
nh AES s tc ng ng k trn bo mt mng WLAN, nhng vn phi
V c Thng T 901 - 57 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
58/110
Bo mt mng khngdy
l gii php ph bin s dng trn nhng mng rng nh nhng server
qun l cha kha m ha tp trung t ng ha qu trnh trao i cha
kha. Nu mt card v tuyn ca client b mt, m c nhng cha
kha m ha AES, n khng quan trng vi vic AES mnh n mc
no bi v th phm vn c th c c s truy nhp ti mng.
5.2.6 Wireless Gateway
Trn wireless gateway by gi sn sng vi cng ngh VPN, nh l
NT, DHCP, PPPoE, WEP, MAC filter v c l thm ch l mt filewall
xy dng sn. Nhng thit b ny cho cc vn phng nh vi mt vi
trm lm vic v dng chng kt ni ti internet. Gi ca nhng thit b
ny rt thay i ph thuc vo phm vi nhng dch v c ngh.
Nhng wireless gateway trn mng quy m ln hn l mt s thch
nghi cbit ca VPN v server chng thc cho WLAN. Gateway ny
nm trn on mng hu tuyn gia AP v mng hu tuyn. Nh tn
ca n, Gateway iu khin s truy nhp t WLAN ln on mng hu
tuyn, v th trong khi mt hacker c th lng nghe hoc truy cp c ti
on mng khng dy, gateway bo v h thng phn b hu tuyn khi
s tn cng.
Mt v d mt trng hp tt nht trin khai m hnh gateway nh
vy c th l hon cnh sau: gi thit mt bnh vin s dng 40 AP trn
vi tng cabnh vin. Vn u t ca h vo y l kh ln, v th nu cc
AP khng h trcc bin php an ton m c th nng cp, th tng tnh
bo mt, bnh vin phi thay ton b s AP. Trong khi nu h thu
mt gateway th cng vic ny s n gin v tn km hn nhiu.
Gateway ny c th c kt ni gia chuyn mch li v chuyn mch
phn b (m ni ti AP) v c th ng vai tr ca server chng thc,
server VPN m qua tt c cc client khng dy c th kt ni. Thay v
trin khai tt c cc AP mi, mt (hoc nhiu hn ty thuc quy m mng)
gateway c th c ci t ng sau cc AP.
V c Thng T 901 - 58 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
59/110
Bo mt mng khngdy
S dng kiu gateway ny cung cp mt s an ton thay cho nhm
cc AP. a s cc gateway mng khng dy h tr mt mng cc giao thc
nh PPTP, IPsec, L2TP, chng thc v thm ch c QoS
5.2.7 V 802.1x v giao thc chng thc m
Chun 802.1x cung cp nhng chi tit k thut cho s iu khin truy
nhp thng qua nhng cng c bn. S iu khin truy nhp thng qua
nhng cng cbn c khi u, v vn ang c s dng vi chuyn
mch Ethernet. Khi ngi dng th ni ti cng Ethernet, cng s t
kt ni ca ngi s dng ch kha v ch i s xc nhn ngi s
dng ca h thng chng thc.
Giao thc 802.1x c kt hp vo trong h thng WLAN v gn
nh tr thnh mt chun gia nhng nh cung cp. Khi c kt hp
giao thc chng thc m (EAP), 802.1x c th cung cp mt s
chng thc trn mt mi trng an ton v linh hot.
EAP, c nh ngha trc tin cho giao thc point-to-point
(PPP), l mt giao thc chuyn i mt phng php chng thc.
EAP c nh ngha trong RFC 2284 v nh ngha nhng c trngca phng php chng thc,bao gm nhng vn ngi s dng c
yu cu (password, certificate, v.v), giao thc c s dng (MD5, TLS,
GMS, OTP, v.v), h tr sinh cha kha t ng v h tr s chng thc ln
nhau. C l hin thi c c t loi EAP trn th trng, mt khi c nhng
ngi s dng cng ngh v IEEE u khng ng bt k mt loi
ring l no, hoc mt danh sch nh cc loi, t to ra mt chun.
M hnh chng thc 802.1x-EAP thnh cng thc hin nh sau:
V c Thng T 901 - 59 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
60/110
Bo mt mng khngdy
Hnh 5.9: Qu trnh chng thc 802.1x-EAP
1. Client yu cu lin kt ti AP.
2. AP p li yu cu lin kt vi mt yu cu nhn dng EAP.
3. Client gi p li yu cu nhn dng EAP cho AP.
4. Thng tin p li yu cu nhn dng EAP ca client cchuyn ti Server chng thc.
5. Server chng thc gi mt yu cu cho php ti AP.
6. AP chuyn yu cu cho php ti client.7. Client gi tr li s cp php EAP ti AP.
8. AP chuyn s tr li ti Server chng thc.
9. Server chng thc gi mt thng bo thnh cng EAP ti AP.
10. AP chuyn thng bo thnh cng ti client v t cng caclient trong ch forward.
V c Thng T 901 - 60 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
61/110
Bo mt mng khngdy
5.3.CHNH SCH BO MT
Mt cng ty m s dng WLAN nn c mt chnh sch bo mt
thch hp. V d , nu khng c chnh sch ng n m cho kch thc
cell khng thch hp, th s to iu kin cho hacker c c hi tt truycp vo mng ti nhng im ngoi vng kim sot ca cty, nhng vn
nm trong vng ph sng ca AP. Cc vn cn a ra trong chnh
sch bo mt ca cng ty l cc vn v password, cha kha WEP,
bo mt vt l, s s dng cc gii php bo mt tin tin, v nh gi
phn cng WLAN. Danh sch ny tt nhin khng y , bi cc gii php
an ton s thay i vi mi mt t chc. phc tp ca chnh sch bo
mt ph thuc vo nhng yu cu an ton ca t chc cng nh l phmvi ca mng WLAN trong mng.
Nhng li ch ca vic thc hin, bo tr mt chnh sch bo mt
em li l vic ngn nga s n cp d liu, s ph hoi ca cc tp on
cnh tranh, v c th pht hin v bt gi cc k xm nhp tri php.
S bt u tt nht cho cc chnh sch bo mt l vic qun l.
Cc chnh sch bo mt cn c xem xt v d on, v cn a vo cng
vi cc ti liu xy dng tp on. Vic bo mt cho WLAN cn c phn
b thch hp, v nhng ngi c giao trch nhim thc hin phi c
o to mt cch quy m. i ng ny li phi thnh lp chng mc ti
liu mt cch chi tit c th lm ti liu tham kho cho cc i ng k
cn.
5.3.1 Bao mt cc thng tin nhy cm
Mt vi thng tin nn ch c bit bi ngi qun tr mng l:
- Username v password ca AP v Bridge- Nhng chui SNMP- Cha kha WEP- Danh sch a ch MAC
V c Thng T 901 - 61 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
62/110
Bo mt mng khngdy
Nhng thng tin ny phi c ct gi bi mt ngi tin cy,
c kinh nghim, nh ngi qun tr mng, l rt quan trng bi n l
nhng thng tin nhy cm m nu l ra th c th l nguyn nhn ca
s truy nhp tri php, hoc thm ch l s ph hy c mt mng. Nhng
thng tin ny c th c ct gi trong nhiu kiu khc nhau.
5.3.2 S an ton vt l
Mc d bo mt vt l khi s dng mng hu tuyn truyn thng
l quan trng, thm ch quan trng hn cho mt cng ty s dng cng
ngh WLAN. Nh cp t trc, mt ngi m c card PC
wireless (v c th l mt anten) khng phi trong cng khu vc mng c
th truy cp ti mng . Thm ch phn mm d tm s xm nhp
khng ngn cn nhng hacker n cp thng tin nhy cm. S nghe ln
khng li du vt trn mng bi v khng c kt ni no c thc hin.
C nhng ng dng trn th trng by gi c th pht hin cc card
mng trong ch pha tp (dng chung), truy nhp d liu m khng
to kt ni.
Khi WEP l gii php bo mt WLAN thch hp, nhng iu khin
cht ch nn t trn nhng ngi dng m c s hu cc thit b client
khng dy ca cng ty, khng cho php h mang cc thit b client
ra khi cng ty. V cha kha WEP c gi trong cc chng trnh c s
trn thit b client, bt k ni no c card, v th ;lm cho mi lin kt an
ton ca mng yu nht.Ngi qun tr WLAN cn phi bit ai, u, khi
no mi card PC c mang i.
Thng nhng yu cu nh vy l qu gii hn ca mt ngi
qun tr, ngi qun tr cn nhn ra rng, bn thn WEP khng phi l
mt gii php an ton thch hp cho WLAN. K c vi s qun l cht
nh vy, nu mt card b mt hoc b n trm, ngi c trch nhim vi
card (ngi s dng) phi c yu cu bo co ngay vi ngi qun
tr, c nhng bin php phng thch hp. Nhng bin php ti thiu
V c Thng T 901 - 62 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
63/110
Bo mt mng khngdy
phi lm l t li b lc MAC, thay i cha kha WEP,v.v.
Cho php nhm bo v qut nh k xung quanh khu vc cng ty
pht hin nhng hot ng ng ng. Nhng nhn s ny c hun
luyn nhn raphn cng 802.11 v cnh gic cc nhn vin trong cngty lun lun quan st nhng ngi khng trong cng ty ang trn quanh
ta nh vi cc phn cng c bn ca 802.11 th cng rt hiu qu trong
vic thu hp nguy c tn cng.
5.3.3 Kim k thit b Wlan v kim nh s an ton
Nh mt s b sung ti chnh sch an ton vt l, tt c cc thit b
WLAN cn c kim k u n lp chng mc cho php v khngcho php cc ngi s dng thit b WLAN truy nhp ti mng ca t
chc. Nu mng qu ln v bao gm mt s lng ng k cc thit b
khng dy th vic kim k nh k c th khng kh thi. Trong nhng
trng hp nh vy th cn thit thc hin nhng gii php bo mt WLAN
m khng da trn phn cng, nhng dnhin l vn da trn username v
password hoc mt vi loi khc trong cc gii php bo mt khng da
trn phn cng. Vi nhng mng khng dy trung bnh v nh, s kim khng thng hoc hng qu gip pht hin nhng s mt mt cc phn cng.
Qut nh k vi cc b phn tch mng pht hin cc thit b xm
nhp, l cch rt tt bo mt mng WLAN.
5.3.4 S dng cc gii php bo mt tin tin
Nhng t chc WLAN cn tn dng mt vi c ch bo mt tin tin
c sn trn th trng. iu cng cn c cp trong chnh sch
bo mt ca cng ty. V nhng cng ngh ny kh mi,cn c quyn
v thng c s dng phi hp vi cc giao thc, cc cng ngh khc.
Chng cn c lp thnh ti liu hng dn, nu c mt s xm phm
xut hin, th ngi qun tr c th xc nh ni v cch m s xm nhp
xut hin.
V c Thng T 901 - 63 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
64/110
Bo mt mng khngdy
Bi ch c s t c o to v bo mt WLAN, do nhng
ngi ny l rt quan trng, v th chnh sch tin lng cng c
cp n trong cc chnh sch bo mt ca cng ty, tp on. N cng l
mt trong cc mc cn c lp ti liu chi tit.
5.3.5 Mang khng dy cng cng
iu tt yu s xy ra l nhng ngi s dng ca cng ty vi
nhng thng tin nhy cm ca h s kt ni t laptop ca h ti WLAN
cng cng. iu ny cng nm trong chnh sch bo mt ca cng ty.
Nhng ngi dng phi chy nhng phn mm firewall c nhn v
cc phn mm chng virus trn laptop ca h. a s cc mng WLANcng cng c t hoc khng c s bo mt no, nhm lm cho kt ni
ca ngi dng n gin v gim bt s lng cc h tr k thut
c yu cu.
5.3.6 S truy cp c kim tra v gii hn
Hu ht cc mng Lan ln u c mt vi phng php gii hn
v kim tra s truy nhp ca ngi s dng.
Tiu biu l mt h thng h tr chng thc,s cp php,v cc dch
v Accounting(Authentication,Authorization,Accountting(AAA))c trin
khai.Nhng dch v AAA cho php t chc gn quyn s dng vo nhng
lp cbit ca ngi dng. V d mt ngi dng tm thi c th ch
c truy cp vo internet trong mt phm vi no .
Vic qun l ngi s dng cn cho php xem xt ngi lm
g trn mng, thi gian v chng mc h vo.
V c Thng T 901 - 64 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
65/110
Bo mt mng khngdy
5.4.KHUYN CO V BO MT
Vi khuyn co trong vic bo mt mng WLAN :
5.4.1 Khuyn co v WEP
Khng c ch tin cy vo WEP, khng c mt bin php no hon
ton tt m bn c th ch dng n bo mt. Mt mi trng
khng dy m ch c bo v bi WEP th khng phi l mt mi
trng an ton. Khi s dng WEP khng c s dng cha kha WEP
m lin quan n SSID hoc tn ca t chc lm cho cha kha WEP kh
nh v kh lun ra. C nhiu trng hp trong thc t m cha kha WEP
c th d dng on c nh vic xem SSID hoc tn ca t chc.
WEP l mt gii php c hiu qa gim bt vic mt thng tin
khi tnh cb nghe thy, bi ngi khng c cha kha WEP thch hp,
do trnh c s truy nhp ca i tng ny.
5.4.2 inh c CELL
gim bt c hi nghe trm, ngi qun tr nn chc chn rng
kch ccell ca AP phi thch hp. Phn ln hacker tm nhng ni m tn
t thi gian v nng lng nht tm cch truy cp mng. V l do ny,
rt quan trng khi khng cho php nhng AP pht ra nhng tn hiu ra
ngoi khu vc an ton ca t chc, tr khi tuyt i cn thit. Vi AP cho
php cu hnh mc cng sut u ra, do c th iu khin kch thc
Cell RF xung quanh AP. Nu mt ngi nghe trm nm trong khu vc
khng c bo v ca t chc v khng pht hin c mng ca bn,
th mng ca bn khngphi l d b nh hng bi loi tn cng ny.
C th ngi qun tr mng s dng cc thit b vi cng sut ln
nht t thng lng ln v vng bao ph rng, nhng iu ny s phi
tr gi bng vic chi ph v cc bin php bo mt. V vy vi mi im
truy nhp cn bit cc thng s nh cng sut, vng ph sng, kh nng
V c Thng T 901 - 65 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
66/110
Bo mt mng khngdy
iu khin kch thc cell. V vic iu khin bn knh cell cn phi c
nghin cu cho k v lp thnh ti liu hng dn cng vi cu hnh ca
AP hoc ca bridge cho mi vng. Trong vi trng hp c th cn thit
t hai AP c kch c cell nh hn thay v mt AP trnh nhng tn hi
khng nn c.
C gng t AP ca bn v pha trung tm ca ta nh, n s gim
thiu vic r tn hiu ra ngoi phm vi mong i. Nu bn ang s
dng nhng anten ngoi, phi la chn ng loi anten c ch cho vic
ti gin phm vi tn hiu. Tt cc AP khi khng s dng. Nhng iu ny
s gim thiu nguy c b tn cng v gim nh gnh nng qun l mng.
5.4.3 S chng thc ngi dung
S chng thc ngi dng l mt mi lin kt yu nht ca
WLAN, v chun 802.11 khng ch r bt k mt phng php chng
thc no, l yu cu bt buc m ngi qun tr phi lm vi ngi s
dng ngay khi thit lp c s h tng cho WLAN. S chng thc
ngi dng da vo Username v Password, th thng minh, m thng
bo, hoc mt vi loi bo mt no dng xc nh ngi dng, khngphi l phn cng. Gi php thc hin cn h tr s chng thc song
hng gia Server chng thc v cc client khng dy, v d nh
RADIUS server).
RADIUS l chun khng chnh thc trong h thng chng thc
ngi s dng. Cc AP gi nhng yu cu chng thc ngi s dng n
mt RADIUS server, m c th hoc c mt c s d liu c gn sn
hoc c th qua yu cu chng thc ti mt b iu khin vng, nh
NDS server, active directory server, hoc thm ch l mt h thng c s
d liu tng hp LDAP.
Mt vi RADIUS vendor c nhng sn phm Radius hu hiu
hn, h trcc bn mi nht cho cc giao thc chng thc nh l nhiu
V c Thng T 901 - 66 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
67/110
Bo mt mng khngdy
loi EAP.
Vic qun tr mt Radius server c th rt n gin nhng cng
c th rtphc tp, ph thuc vo yu cu cn thc hin. Bi cc gii php
bo mt khng dy rt nhy cm, do cn cn thn khi chn mt giiphp Radius server chc chn rng ngi qun tr c th qun tr n
hoc n c th lm vic hiu qa vi ngi qun tr Radius ang tn ti.
5.4.4 S bo mt cn thit
Chn mt gii php bo mt m ph hp vi nhu cu v ngn
sch ca t chc, cho c by gi v mai sau. WLAN ang nhanh chng
ph bin nh vy v s thc hin d dng. Mt WLAN bt u vi 1 APv 5 client c th nhanh chng ln ti 15 AP v 300 client. Do cng
mt c ch an ton lm vic cho mt AP l iu hon ton khng th chp
nhn c cho 300 Ap, nh th s lm tng chi ph bo mt mt cch
ng k. Trong trng hp ny, t chc cn c cc phng php bo mt
cho c h thng nh: h thng pht hin xm nhp, firewalls, Radius server.
Khi quyt nh cc gii php trn WLAN, th cc thit b ny xt v lu
di, l mt nhn t quan trng gim chi ph.5.4.5 S dng thm cc cng c bo mt
Tn dng cc cng ngh sn c nh VPNs, firewall, h thng pht
hin xm nhp, Intrusion Detection System (IDS), cc giao thc v cc
chun nh 802.1x v EAP, v chng thc client vi Radius c th gip
cc gii php an ton nm ngoi phm vi m chun 802.11 yu cu,
v tha nhn. Gi v thi gian thc hin cc gii php ny thay i ty
theo quy m thc hin.
V c Thng T 901 - 67 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
68/110
Bo mt mng khngdy
5.4.6 Theo doi cc phn cng tri php
pht hin ra cc AP tri php, cc phin d cc AP cn
c hoch nh c th nhng khng c cng b. Tch cc tm v xa
b cc AP tri php s gi n nh cu hnh AP v lm tng tnh an ton.Vic ny c th c thc hin trong khi theo di mng mt cch bnh
thng v hp l. Kiu theo di ny thm ch c th tm thy cc thit b b
mt.
5.4.7 Swiches hay Hubs
Mt nguyn tc n gin khc l lun kt ni cc AP ti switch thay
v hub, hub l thit b qung b, do d b mt pass v IP address.
5.4.8 Wireless DMZ
tng khc trong vic thc hin bo mt cho nhng segment khng
dy l thit lp mt vng ring cho mng khng dy, Wireless
DeMilitarized Zone (WDMZ). To vng WDMZ s dng firewalls hoc
router th c th rt tn km, ph thuc vo quy m, mc thc hin.
WDMZ ni chung c thc hin vi nhng mi trng WLAN rng
ln. Bi cc AP v c bn l cc thit b khng bo m v khng an
ton, nn cn phi tch ra khi cc on mng khc bng thit b firewall.
V c Thng T 901 - 68 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
69/110
Bo mt mng khngdy
Hnh 5.10: Wireless DeMilitarized Zone
5.4.9 Cp nhp cc vi chng trnh v cc phn mm
Cp nht vi chng trnh v driver trn AP v card khng dy ca
bn. Lun lun s dng nhng chng trnh c s v driver mi nht
trn AP v card khng dy ca bn. Thng th cc c tnh an ton, cc
vn c bn s c c nh, b sung thm nhng c tnh mi, s khcphc cc l hng trong cc cp nht ny.
V c Thng T 901 - 69 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
70/110
Bo mt mng khngdy
Chng 6
TRIN KHAI MNG KHNG DY TI TRNG I
HC DN LP HI PHNG
Hin nay mng khng dy ngy cng ph bin, s ging vin, cn b,
sinh vin c my tnh xch tay ngy cng nhiu , nhu cu lm vic,hc tp
thng qua mng cng tng. Trc nhng i hi thc t , vic xy dng
h thng mng khng dy cho nh trng ngy cng cp thit.
6.1.Y NGHIA,MUC ICH CUA VIC TRIN KHAI MNGKHNG DY :
Phc v cho nhu vu lm vic , hc tp, nghin cu ca ging vin,
cn b cng nhn vin v sinh vin nh trng.
- Phc v nhu cu ca hc ch tn ch.
- Tn dng ti a ngun ti nguyn mng Lan v cc ng truyninternet ca nh trng.
- M rng kh nng lm vic ca cc ng dng nh trng.
- Phc v sinh vin ngy cng tt hn.
Trung tm Thng tin th vin thnh cng nghin cu v thit k
mng khng dy cho khu Ging ng v khu Khch sn sinh vin vi mc
tiu :
- Cung cp mng khng dy cho khch sn sinh vin v khu ging
ng Trng i hc Dn lp Hi Phng.
- Kt ni mng gia khu Ging ng v khu Khch sn Sinh vin.
- Ngi dng kt ni c ng LAN, s dng cc ng dng ca
V c Thng T 901 - 70 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
71/110
Bo mt mng khngdy
mng ni b.
- Ngi dng kt ni c vo mng Internet tc cao.
- p ng c cho 630 ngi dng ng thi.
- p ng c cc nhu cu bo mt khc nhau.
- Linh hot kh nng ty bin , thay i theo nhu cu thc t.
ng trc nhu cu nghin cu hc tp ngy cng ln cn b, sinh
vin, vi xu hng ngy cng hin i ha c s vt cht nhm a trng
i hc Dn Lp Hi Phng tr thnh 1 ngi trng hin i h thng mng
khng dy c chp thun trin khai ti khu Ging ng v khu Khch
sn sinh vin vi trang thit b h tng c s hin i.
6.2.S TRIN KHAI :
6.2.1 Khu Ging ng
S thit k :
Hnh 6.1 : V tr lp t cc AP ti khu Ging ng
V c Thng T 901 - 71 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
72/110
Bo mt mng khngdy
H thng cc AccessPoint bao gm 11 Wireless Router c b tr
lp t ti cc v tr ln lt 2 Wireless Router ti pha trc khu nh A, 1
Wireless Router ti pha trc nh C , 1 Wireless Router ti nh D, 1 thit b
ti nh H, 1 thit b ti nh E , 1 thit b ti nh phng qun tr mng, 1 thit
b ti cawngtin sinh vin v 4 Wireless Router lp t ti cc tng khu nhG.
AP Loi thit b V tr Knh Ghi ch
AP1 WRT110N hoc WRT610N A202 1
AP2 WRT110N hoc WRT610N A204 5
AP3 WRT110N hoc WRT610N E301 9
AP4 WRT110N hoc WRT610N Ban d n 11
AP5 WRT110N hoc WRT610N C203 3
AP6 WRT110N hoc WRT610N D202 7
AP7 WRT110N hoc WRT610N Pha sau C104 10 Dng cho cngtin SV
AP8 WRT110N hoc WRT610N Tng 2 nh G 2
AP9 WRT110N hoc WRT610N Tng 3 nh G 6
AP10 WRT110N hoc WRT610N Tng 4 nh G 8
AP11 WRT110N hoc WRT610N Tng 5 nh G 4
S kt ni vt l :
V c Thng T 901 - 72 - Trng i Hc Dn L p Hi Phng
-
7/29/2019 Doko.vn Bao Mat Trong Mang Khong Day W
73/110
Bo mt mng khngdy
Hnh 6.2 : s kt ni vt l cc AP ti khu Ging ng
Cc AP 1,2,3,5 c ni v phng