Upload
vinh-daica
View
252
Download
0
Embed Size (px)
Citation preview
7/31/2019 08 - IPSec & VPN
1/18
1
7/31/2019 08 - IPSec & VPN
2/18
2
Trng i Hc Quy NhnKhoa K Thut & Cng Ngh
ti:
Nghin cu IPSec cho an ton v
bo mt thng tin trn h thngmng ring o
Gio vin hng dn :Th.S Nguyn nh Luyn
Sinh vin thc hin :Phm Quang VinhLp :in T-vin Thng K30
Bnh nh,05/2012
7/31/2019 08 - IPSec & VPN
3/18
3
TNG QUAN
Chng 1: Cng ngh mng ring o trnInternet IP-VPN.
Chng 2: Giao thc IPSec cho IP-VPN. Chng 3: An ton d liu trong IP-VPN.
Chng 4: M phng IPSec VPN site-to-
site.
7/31/2019 08 - IPSec & VPN
4/18
4
Chng 1:Cng ngh mng ring o trn Internet IP-
VPN.
Mng cng cng truyn d liu 1 cch tin cy dng framerelay & atm
A VIRTUAL Private Network replaces all of the above utilizing thepublic Internet Performance and availability depend on your ISP
and the Internet
7/31/2019 08 - IPSec & VPN
5/18
5
VPN?
L mt phng thc to lp mt kt nimng o, an ton thng qua knh truyninternet cng cng (WAN).
7/31/2019 08 - IPSec & VPN
6/18
6
Yu cu di vi VPN
VPN phi c m ha
Khng ai c th c c d liu truyn
qua VPN VPN phi c chng thc
Khi dng VPN cn phi tun theo cc thuctnh bo mt
7/31/2019 08 - IPSec & VPN
7/18
7
Cc thnh phn ca VPN
7/31/2019 08 - IPSec & VPN
8/18
8
IPSEC
7/31/2019 08 - IPSec & VPN
9/18
9
M haGii m
Bn r
Bn m
M ha (Encryption) Gii m (Decryption)
7/31/2019 08 - IPSec & VPN
10/18
10
M ha bt i xng
ASymmetric Cryptography
7/31/2019 08 - IPSec & VPN
11/18
11
M ha i xng
Symmetric Cryptography
7/31/2019 08 - IPSec & VPN
12/18
12
Chng thc
Authentication
7/31/2019 08 - IPSec & VPN
13/18
13
Tn cng man-in-the-middle
7/31/2019 08 - IPSec & VPN
14/18
14
IPSec
IP Security
IPSec l giao thc h tr kt ni an tan datrn IP
Hat ng tng 3 m hnh OSI
IPSec hat ng qua theo cc lut (rule)
Mt lut gm 2 phn: B lc (IPSec filter)
Hnh ng (IPSec action)
7/31/2019 08 - IPSec & VPN
15/18
15
IPSec IPSec dng Security Association (SA) v kha
mt m m ha d liu truyn gia 2 my
Kha ny dng vi cc thut ton DES, 3DES,hoc AES m ha/gii m
Kha c t ng thit lp, thay i v qun
tr bi thit b IPSec dng IKE (InternetKeyExchange)
Trc khi kha c thit lp, IKE s chng thc
Public key v private key, dng m ha/giim
Diffie-Hellman dng trao i kha
7/31/2019 08 - IPSec & VPN
16/18
16
IPSec Cc chc nng
Chng thc v m ha d liu truyn gia 2my
Chng thc ngi gi gi tin
M ha cc gi d liu trc khi truyn
Dng ESP (Encapsulation Security Payload) m ha
Trong sut vi ngi dng
Mail, file, telnet, Kha lung d liu truyn c th khi vo hoc
ra 1 my
Cho php lung d liu c th vo hoc ra 1my
7/31/2019 08 - IPSec & VPN
17/18
17
IPSec Microsoft h tr 3 phng php chng thc Kerberos
p dng cho nhng my trong cng min(domain) hoc trong nhng min c yquyn
Chng thc (Certificate) Dng PKI chng thc
Kha tha thun (Agreed-upon key) Dng kha chia s
B lc IPSec a ch IP, subnet hoc tn DNS ca my
ngun & my ch. Theo s hiu cng (port) v phng thc
truyn thng (TCP, UDP, ICMP, )
7/31/2019 08 - IPSec & VPN
18/18
18
4 bc thit lp IPSec