14_Tim Hieu Cong Nghe Va Trien Khai Demo Mang Rieng Ao VPN

  • View
    56

  • Download
    0

Embed Size (px)

Text of 14_Tim Hieu Cong Nghe Va Trien Khai Demo Mang Rieng Ao VPN

  • TM HIU CNG NGH V TRIN KHAI DEMO MNG RING O VPN NM 2010

    SVTH: L NGC DUY 1

    Mc Lc ***

    Mc Lc .......................................................................................................... 1

    Danh Mc T Vit Tt & Thut Ng ............................................................ 4

    Danh Mc Bng Biu ..................................................................................... 6

    Danh Mc Hnh V & Th ........................................................................ 7

    M u ........................................................................................................... 8

    Chng 1. TNG QUAN CC VN V VPN .......................... 9

    1.1. Cc vn Traffic ................................................................................. 9

    1.1.1. Tn cng nghe trm ..................................................................................... 9

    1.1.2. Tn cng mo danh .................................................................................... 11

    1.1.3. Tn cng Man-in-the-middle ..................................................................... 12

    1.2. nh ngha VPN .................................................................................. 16

    1.2.1. M t VPN ................................................................................................. 16

    1.2.2. Cc mode kt ni VPN .............................................................................. 17

    1.2.3. Cc loi hnh VPN ..................................................................................... 21

    1.2.4. Cc lp VPN .............................................................................................. 25

    Chng 2. CC K THUT S DNG TRONG VPN ................ 27

    2.1. Kha ..................................................................................................... 27

    2.1.1. S dng kha ............................................................................................. 27

    2.1.2. Kha i xng ........................................................................................... 28

    2.1.3. Kha bt i xng ...................................................................................... 28

    2.2. M ha ................................................................................................. 32

    2.2.1. Tin trnh m ha ....................................................................................... 32

    2.2.2. Cc thut ton m ha ................................................................................ 33

  • TM HIU CNG NGH V TRIN KHAI DEMO MNG RING O VPN NM 2010

    SVTH: L NGC DUY 2

    2.2.3. Thut ton DES v 3DES .......................................................................... 34

    2.2.4. Thut ton AES .......................................................................................... 35

    2.3. Xc thc gi tin ................................................................................... 36

    2.3.1. Trin khai xc thc gi tin ......................................................................... 36

    2.3.2. S dng xc thc gi tin ............................................................................ 38

    2.3.3. Cc vn xc thc gi tin ........................................................................ 40

    2.4. Trao i kha ...................................................................................... 42

    2.4.1. Chia s kha Dilemma ............................................................................... 42

    2.4.2. Thut ton Diffie-Hellman ......................................................................... 44

    2.4.3. Thay mi kha ........................................................................................... 47

    2.4.4. Gii hn ca phng thc trao i kha ................................................... 48

    2.5. Cc phng thc xc thc .................................................................. 48

    2.5.1. Tn cng man-in-the-middle ..................................................................... 49

    2.5.2. Cc gii php xc thc ............................................................................... 50

    2.5.3. Xc thc thit b ......................................................................................... 50

    2.5.4. Xc thc ngi dng.................................................................................. 70

    Chng 3: IPSEC ............................................................................... 73

    3.1. Cc chun IPSec .................................................................................. 73

    3.1.1. Cc IETF RFC ........................................................................................... 74

    3.1.2. Cc kt ni IPSec ....................................................................................... 80

    3.1.3. Tin trnh c bn ca xy dng cc kt ni ............................................... 82

    3.2. ISAKMP/IKE Pha 1 ............................................................................ 84

    3.2.1. Kt ni qun l ........................................................................................... 85

    3.2.2. Giao thc trao i kha: Diffie-Hellman ................................................... 88

    3.2.3. Xc thc thit b ......................................................................................... 89

    3.2.4. Cc bc ph thm trong remote-access ................................................... 90

    3.3. ISAKMP/IKE Pha 2 .......................................................................... 102

    3.3.1. Cc thnh phn ISAKMP/IKE Pha 2 ....................................................... 103

  • TM HIU CNG NGH V TRIN KHAI DEMO MNG RING O VPN NM 2010

    SVTH: L NGC DUY 3

    3.3.2. Cc giao thc an ninh Pha 2 .................................................................... 104

    3.3.3. Cc mode kt ni Pha 2 ........................................................................... 108

    3.3.4. Cc transform Pha 2 ................................................................................. 108

    3.3.5. Cc kt ni d liu ................................................................................... 109

    3.4. Traffic IPSec v Network .................................................................. 111

    3.4.1. IPSec v chuyn i a ch ..................................................................... 111

    3.4.2. IPSec v Firewalls ................................................................................... 114

    3.4.3. Cc vn s dng IPSec khc ............................................................... 116

    Chng 4: TRIN KHAI DEMO ................................................... 117

    4.1. Mt vi nt chnh v giao thc SSTP ............................................... 117

    4.2. Trin khai demo theo giao thc SSTP ............................................. 118

    4.2.1. M t ........................................................................................................ 118

    4.2.2. Cc bc thc hin .................................................................................. 118

    TNG KT ....................................................................................... 119

    Danh mc ti liu tham kho .......................................................... 120

  • TM HIU CNG NGH V TRIN KHAI DEMO MNG RING O VPN NM 2010

    SVTH: L NGC DUY 4

    Danh Mc T Vit Tt & Thut Ng

    STT T Vit Tt, Thut Ng Dng y , Gii Ngha

    1 Payload D liu thc t ca ngi dng nm trong gi tin 2 VPN Virtual Private Network Mng Ring o 3 Remote Access Truy nhp t xa 4 Telecommuter Ngi lm vic nh s dng my tnh c kt ni ti

    vn phng t chc 5 Symmetric Key Kha i xng 6 Asymmetric Key Kha bt i xng 7 Authentication Xc thc 8 Encryption M ha 9 Public Key Kha dng chung 10 Private Key Kha ring t 11 AH Authentication Header 12 ESP Encapsulation Security Payload 13 MD5 Message Digest 5 14 SHA-1 Secure Hashing Algorithm-1 15 HMAC Hashing Message Authentication Codes 16 PKCS Public Key Cryptography Standard 17 DH Diffie Hellman 18 Digital Certificate Chng ch s 19 Digital Signature Ch k s 20 Pre-shared symmetric key Kha i xng chia-s-trc 21 Pre-shared asymmetric key Kha bt i xng chia-s-trc 22 CA Certificate Authority 23 CRL Certificate Revocation List: Danh sch chng ch thu

    hi 24 Identity Certificate Chng ch nh danh 25 Root Certificate Chng ch Root 26 SCEP Simple Certificate Enrollment Protocol: Giao thc kt

    np chng ch n gin 27 IPSec IP Security 28 Management Connection Kt ni qun l 29 Data Connection Kt ni d liu 30 ISAKMP Internet Security Association and Key Management

  • TM HIU CNG NGH V TRIN KHAI DEMO MNG RING O VPN NM 2010

    SVTH: L NGC DUY 5

    Protocol 31 SA Security Association 32 IKE Internet Key Exchange 33 Clear-text Dng vn bn bnh thng, khng m ha 34 credential Ti liu cung cp nh danh ngi dng 35 SOHO Small Office Home Office

  • TM HIU CNG NGH V TRIN KHAI DEMO MNG RING O VPN NM 2010

    SVTH: L NGC DUY