Ketnooi.com din n chia s kin thc, cng nghQUAN LY MANG

SOLARWINDS

HC VIN CNG NGH BU CHNH VIN THNG

KHOA CNG NGH THNG TIN

QUN L MNG

ti : TM HIU PHN MM PHC

V QUN L MNG SOLARWINDS

Giang vin hng dn : c Huy

Sinh vin thc hin :

Ha Ni, 04 2011

LI M U

Trong thi i cng ngh thng tin hin nay vic s dng cc ng dng qun l mng ngy cng tr nn cn thit. Mi c quan, doanh nghip ngy cng pht trin phm vi ln mnh vi quy m ln v ngy phc tp, do vic s dng cc phn mm qun l mng s h tr rt tt cho vic qun l mng. Ngay trong ti ny chng em i vo tm hiu phn mm qun l mng SolarWinds. y l mt h thng gim st mnh m cho php cc t chc xc nh v gii quyt cc vn c s h tng CNTT trc khi chng nh hng nghim trng n qu trnh hot ng ca cc t chc, c quan hay doanh nghip.

Trong qu tm hiu ti chc rng s cn nhiu nhng hn ch v thiu st chng em rt mong nhn c s ch bo ca cc thy cung s ng gp kin ca cc bn trong lp ti ca nhm em c hon thin hn.

Chng em xin chn thnh cm n!Muc Luc4I.Gii thiu Solarwinds:

41)Network Discovery Tool

52)Network Monitoring Tool:

53)Ping and Diagnostic Tools:

64)IP Address Management Tools:

65)Cisco Tool

76)SNMP Tools

77)Security Tools:

7II.5 chc nng qun tr:

71)Performance Mgmt

82)Configuration Mgmt:

83)Fault Mgmt:

84)Security Mgmt:

85)Accounting Mgmt:

9III.M hnh mng kho st

10IV.QUN TR PERFORMANCE

101)Ti sao ngi qun tr phi lm nhng vic ny?

102)Cc thng s Mib lin quan n qun tr performance:

133)Muc ich

134)Tin hanh khao sat

17V.QUN TR FAULT

171)Mc tiu:

172)Gii thiu:

183)Qun tr li vi Network Performance Monitor

28VI.QUN TR SERCURITY

281)Gii thiu v Security Managenment

282)Qun tr bo mt trn cng c Solarwind v9.2

283)SNMP Brute Force Attack

334)Port Scanner:

345)Tng kt

35VII.QUN TR ACCOUNTING

351)Tp MIB c s dng cho qun tr Accounting :

362)Cng vic cn tin hnh:

363)Tin hnh kho st:

41VIII.QUN TR CONFIGURATION

411)Gii thiu cng c:

412)M hnh thc hin:

453)DNS Analyse.

I. Gii thiu Solarwinds:

Phin bn c tm hiu trong ti l: SolarWind Engineers Tools Set v9.2

Solarwinds l b cng c h tr c lc cho cho nh qun tr: phn tch li cng nh cc cng c qun l vic thc thi trn h thng mng. Phn ln cc ng dng trong Solarwinds u s dng giao thc SNMP truyn thng. B SolarWind Engineers Tools Set bao gm khoang 60 ng dng chia lm 7 phn ln:

Network Discovery Tools

Network Monitoring Tools

Ping and Network Diagnostics Tools

IP Address Management Tools Cisco-Specific Network Tools

SNMP Tools

Security Tools

1) Network Discovery Tool

DNS Audit: Duyt qua dy a ch IP v a ra danh sach cac DNS tng ng quan ly IP o. IP Address Management: T ng gim st a ch IP trong cac subnet v thng bo IP o a c cp phat hay cha. Ping Sweep: Duyt qua dy a ch IP v ch ra a ch no ang s dng, a ch no khng s dng. N c th c dng truy vn domain name cho mi a ch IP.

IP Network Browser: c th duyt qua mt subnet v cho bit chi tit v cc thit b trong subnet

MAC Address Discovery: truy vn ia chi MAC ng vi ia chi IP Network Sonar: L mt cng c kho st mng c hiu sut cao, n gip xy dng c s d liu v cu trc v thit b trong mng TCP/IP

Port Scanner: Kim tra t xa trng thi port trn cc thit b

SNMP Sweep: Duyt qua dy a ch IP, cho bit a ch no ang s dng, ng thi gip truy vn DNS, system name, location, contact

Subnet List: To bng cc subnet trong mng bng cch duyt qua tt c cc mc trong bng nh tuyn.

Switch Port Mapper: Kim sot t xa cc thit b kt ni vi cc cng ca switch/hub. N c th xc nh c a ch MAC, a ch IP v hostname kt ni vi thit b v chi tit v mi port

2) Network Monitoring Tool:

Advanced CPU Load: gim st v v lc th hin ti trn cc Router Cisco v cc server

Bandwidth Gauges: giam sat bng thng h thng CPU Gauge: gim st ti ca CPU

Network Monitor: kim sot hng trm thit b v duy tr thi gian p ng v s gi b mt. Network Monitor cng c th gi Email thng bao khi cc thit b ngng p ng.

Network Performance Monitor: y l mt cng c mnh gip gim st lu lng v mc s dng trn hng trm interface.

Router CPU Load: Gim st ti trn router Cisco ti thi im thc

SNMP Graph: lc thng k thng tin MIB

SysLogServer: Syslog Server s lng nghe cc thng ip UDP Syslog n trn cng 514, sau m ha cho mc ch lu li(logging)

Watch it!: Gim st server, router, web sites, v cnh bo khi thi gian p ng ca mng tng hoc thit b ngng hat ng.

3) Ping and Diagnostic Tools:

DNS Analyzer: m t kin trc ca cc bn ghi DNS nh CNAME, PTR, NS

Enhanced Ping: kim tra kt ni lin tc v ghi li thi gian p ng

Ping: kim tra kt ni

Ping Sweep: tm trong mt dy a ch IP xc nh a ch no c dng v khng c dng. C th tm tn min ng vi a ch IP

Proxy Ping: ping t cc Cisco Router xa

TraceRoute: tm vt ca cc gi SNMP, tc cao

Spam Blacklist: cho php kim tra a ch IP ca mail server v chng thc rng mail server cha b tn cng

WAN Killer: Gi goi tin vi kich thc ngu nhin (hoc tuy chinh) vao mang nhm kim tra ng truyn. Wake-On-LAN: tin ch truyn mt gi packet magic n mt thit b hay server xa v cp ngun cho thit b . Thit b phi c card mng hay mainboard h tr Wake-On-LAN Send Page: gip thc hin gi mt E-Mail hoc mt Page nhanh chng

4) IP Address Management Tools:

Advanced Subnet Calculator: Gip qun l vic tnh ton a ch IP v subnet mask

DHCP Scope Monitor: gim st dy a ch hot ng ca DHCP

DNS & Whols Resolver: thu thp thng tin v domain name v a ch mng

DNS Analyzer: c s dng hin th mt cch trc quan cu trc ca cc bn ghi trong DNS, bao gm bn ghi NS, CNAME, PTR

DNS Audit: Duyt qua dy a ch IP v tm kim li DNS bng cch thc hin truy vn hng ti v truy vn ngc cho mi a ch IP.

IP Address Management: T ng gim st a ch IP trong nhiu subnet v thng bo v mc s dng ca chng.

Ping Sweep: Duyt qua dy a ch IP v ch ra a ch no ang s dng, a ch no khng s dng. N c th c dng truy vn domain name cho mi a ch IP.

5) Cisco Tool

Compare Running vs Starup configs: c s dng ti v v so snh cu hnh hin ti vi cu hnh khi ng trong b nh ca cc switch hay router Cisco

Config Download & Config Upload: c dng download & upload cu hnh t router hay switch Cisco

Config Viewer: ti cu hnh t router hay switch Cisco

CPU Gauge: theo di ti trn CPU ca router Cisco

IP Network Browser: c th duyt qua mt subnet v cho bit chi tit v cc thit b trong subnet

Netflow Realtime: cung cp mt ci nhn chi tit lu lng s dung mng ca bn, co th tm hiu chnh xc c bng thng ca bn ang c s dng v bi ai.

Router CPU Load: Gim st ti trn router Cisco ti thi im thc

Cisco Router Password Decryption: M ha password theo mt dng ring trong Cisco

Proxy Ping: Cho php ping n mt router xa

TFTP Server: Chc nng ny ging nh mt TFTP Server a tuyn. Chng ta c th gi v nhn nhiu file cng lc. SolarWinds TFTP Server cng c chc nng bo mt.

6) SNMP Tools

MIB viewer: hin th mi OID hay table trong mib

MIB Walk: Duyt qua cy SNMP cho mi thit b lin quan v chuyn gi tr cho cc OID

SNMP MIB Browser: Trnh duyt MIB y hin th kt qu gip qun l cc table v view mt cch d dng. CSDL ca MIB c hn 100,000 OID

Trap Editor: To v gi thng ip trap

SNMP Trap Receiver: nhn thng ip trap

7) Security Tools:

Edit Dictionaries: xy dng c s d liu gm cc t dng cho SNMP

Port Scanner: gim st t xa trng thi port trn thit b

Remote TCP Reset: thit lp li cc phin kt ni trn cc thit b xa nh router, server u cui, server truy cp

Router Password Decryption: gii m password ca Cisco loi 7

SNMP Brute Force Attack: dng cc cu truy vn SNMP vi cc k t tun t c gng xc nh chui community

SNMP Dictionary Attack tn cng dng dictionary bit tm chui community

II. 5 chc nng qun tr:

8) Performance Mgmt

Qun l vic thc thi ca h thng mng:

tin cy.

Tnh hiu qu.

Thi gian truyn

Cng c gii thiu: Network Performance Monitor (Alert + SNMP

Trap reciever)

9) Configuration Mgmt:

Qun l cc thng s cu hnh ca h thng mng:

Install

Update

Extension

Cng c gii thiu: DNS/Whois Resolver, DNS Analyser

10) Fault Mgmt:

Qun l li cho h thng mng:

Preactive: khi c s c th bt tay vo khc phc.

Proactive: tc ng n h thng trc khi h thng xy ra li, iu ny da nhiu vo kinh nghim ca nh qun tr.

Cng c gii thiu: Network Performance Monitor (Alert+SNMP Trap receiver)11) Security Mgmt:

Packet filter: loc goi tin Access Control: iu khin truy cp Ti nguyn mng.

Service:

Xc thc ai mun dng ti nguyn

Bt k ai mun s dng ti nguyn cng phi gii hn quyn

Bt k d liu lu tr no cng cp quyn

Tnh ton vn d liu trn ng truyn

Tnh khng chi ci ca vic chia s.

Cng c gii thiu:

Port Scanner: xc nh trn Agent c nhng dch v no ang m (thng qua cng dch v) SNMP Brute Force Attack: cng c qut Community ca mt Agent.

12) Accounting Mgmt:

Xc thc.

Cp quyn.

Gim st cc quyn hn trn Agent.

Cng c gii thiu: IP Network Browser.

III. M hnh mng kho st

S mng nhm tin hnh kho st

IV. QUN TR PERFORMANCE

13) Ti sao ngi qun tr phi lm nhng vic ny?

Ngi qun tr phi qun tr tng pht tng, giy t c mt c s d liu hay mt bng biu c nhng nh gi hng ngy hay bo co v nhng vic y.

H tr tt nht cho ngi dng u cui v bit ngi s dng ti nguyn n u hay c bao nhiu ngi s dng u cui.

m bo hot ng mng tin cy v nh gi c phn cng, phn mm (nh gi kh nng thc thi h thng mng).

Nhu cu thc s v xu hng s dng (bt gi phn tch).

Ngi qun tr phi c tm nhn xa da vo d on.

K tha c h tng mng (lm sao cho nhng cng ngh mi v c c th tng thch vi nhau cng sng chung vi nhau).

Qua gim st performance, ta t c d liu m ta s s dng

Hiu c nhng vic mnh lm v nhng tc ng tng ng trn h thng ti nguyn ca ta.

Ngi gim st theo doi s thay i v c phng hng lm vic v ti nguyn m ta s dng t c k hoch nng cp cht lng cho sau ny.

Kim tra s thay i qua c nhng iu chnh c kt qu tt.

Chun on nhng vn ca h thng v xc nh cc thnh phn hoc cc tin trnh sao cho ti u.

Phn tch d liu thc thi pht hin v x l s c mt cch chnh xc.

14) Cc thng s Mib lin quan n qun tr performance:

a) Interfaces (1.3.6.1.2.1.2)

ifInOctets: s octet nhn c trn mt interface. ifInUcastPkts: s gi unicast nhn c trn mt interface. ifInNUcastPkts: s gi khng phi l unicast nhn c trn mt interface. ifOutOctets: s octet gi ra t mt interface. ifOutUcastPkts: s gi unicast gi ra t mt interface. ifOutNUcastPkts: s gi khng phi l unicast gi ra t mt interface. ifSpeed: bng thng hin ti trn interface tnh theo n v bit/s. ifInErrors: s packet nhn c b li trn mt interface. ifInDiscard: s packet nhn c khng c li b loi b. ifOutDiscard: s packet b loi b khi ra ngoi interface.b) IP (1.3.6.1.2.1.4)

ipInReceive: tng s datagram nhn c bao gm cc gi b li.

ipReasmReqds: s lng ca cc phn mnh IP nhn m ang ch ti hp.

ipReasmOKs: s lng ca cc gi IP ti hp thnh cng.

ipReasmFails: s lng cc gi khng thnh cng c pht hin bi thut ton ti hp ca IP.

ipReasmTimeout: thi gian ti a (tnh bng giy) ch nhn cc phn mnh ang ch ti hp.

ipForwDatagram: s datagram c forwarding.

ipInDiscards: s lng cc gi IP nhn vo b loi b (trn b m).

ipInDeliver: : s lng cc gi IP nhn vo c chuyn ln cc lp trn.

ipOutRequests: s lng cc gi IP chuyn ra ngoi theo yu cu.

ipOutDiscards: s lng cc gi IP chuyn ra ngoi b loi b.

ipFragOKs: s lng ca cc gi IP m phn mnh thnh cng.

ipFragFails: s lng ca cc gi IP m b loi b bi v chng khng th b phn mnh.

ipAdEntReasmMaxSize: kch thc ln nht ca gi IP m c th ti hp li t cc phn mnh ca gi IP n nhn c ti interface ny.

c) TCP (1.3.6.1.2.1.6)

tcpMaxConn: s kt ni TCP ti a. tcpActiveOpens: s ln cc kt ni TCP to ra mt chuyn tip n trng thi SYN-SENT t trng thi CLOSE.

tcpPassiveOpens: s ln cc kt ni TCP to ra mt chuyn tip trc tip.

tcpAttempptFails: s ln th kt ni b li.

tcpEstabResets: s cc reset xut hin.

tcpCurrEstab: s kt ni c trng thi hin ti l ESTABLISHED hay CLOSE-WAIT.

tcpInSegs: tng s segment nhn.

tcpOutSegs: tng s segment gi.

tcpRetransSegs: tng s segment b truyn li.

tcpOutRsts: tng s segment c gi.

d) ICMP {1.3.6.1.2.5} : cha s liu thng k u vo v u ra cc gi ICMP giao thc thng ip iu khin Internet. Cung cp cc thng ip iu khin ni mng v thc hin nhiu vn hnh ICMP trong thc th b qun l. Gm 26 i tng v hng duy tr s liu thng k cho nhiu loi bn tin, phc v cho vic qun tr performance v d nh:

icmpInMsgs: tng s thng ip ICMP i vo

icmpInErrorss: s cc thng ip ICMP i vo c cha li

icmpInDestUnreachs: s thng ICMP khng c c ch n

icmpInTimeExcds: s cc thng ip ICMP vt qu thi gian

icmpInParmProbs: s thng ip ICMP thng s kh hiu i vo

icmpInSrcQuenchs: s thng ip ICMP Source Quench i vo

icmpInRedirects: s thng ip ICMP Redirect nhn

icmpOutMsgs: tng s thng ip ICMP m entity th nhn

icmpOutErrors: tng s ln th gi thng ip ICMP b li

icmpOutDestUnreachs: s thng ip ICMP gi bo cc ch khng c c

icmpOutTimeExcds: s thng ip ICMP gi bo vt qu thi gian

icmpOutParmProbs: s thng ip ICMP gi bo vn v tham s

icmpOutSrcQuenchs: s thng ip ICMP Soure Quench gi

e) UDP {1.3.6.1.2.1.7} cung cp thng tin lin quan n hot ng ca UDP, v UDP l kt ni v hng nn nhm ny nh hn nhiu so vi nhm TCP. N khng phi bin dch thng tin ca nhng n lc kt ni, thit lp, ti lp... Cc thng s cn quan tm khi qun tr:

udpInDatagrams: tng s gi UDP c phn pht n cc UDP user

udpNoPorts: tng s gi UDP nhn khng c ng dng port ch

udpInErrors: tng s goi UDP nhn nhng n khng th c pht i cho cc nguyn nhn ngoi tr vic thiu mt ng dng port ch

udpOutDatagrams: tng s gi UDP gi t entity ny.

15) Muc ich

S dung cng cu Network Performance Moniter trn PC 10.10.0.10 quan ly vic thay i CPU trn PC 10.10.0.30

16) Tin hanh khao sat

Trn DC: Cu hinh SNMP vi Community la Public

Trn Learning: Cai t Solarwinds

Hinh 4.1.S mng nhm tin hnh kho st

Khi ng chng trnh Network Performance Monitor giao din nh sau:

Hinh 4.2. Giao din Network Performance MonitorTa chon New cu hinh giam sat may WKS-PC co ip 10.10.0.30

Hinh 4.3. Tro ti IP cua may WKS-PC

Hinh 4.4. t community string trung vi comnunity string trn may DC

Hinh 4.5. Kt qua giam sat CPU cua WKS-PC

Kt qu gim st h thng mng ca chng ta: V d: tai cua CPU ln nht trong th sau ngay 29 la 23.39%

V. QUN TR FAULT

17) Mc tiu:

Tm hiu cc chc nng h tr qun tr li ca cng c SolarWind, c th l Network Performance Monitor .

18) Gii thiu:

Qun tr li l qu trnh ngn nga, pht hin,nh v ,c lp, sa li trong h thng mng.

Thc hin theo 2 c ch:

Reactive: khi no c li th ngi qun tr tm cch gii quyt.

Proactive: ngi qun tr phi ch ng trong vic d on li thng qua vic t ngng v gim st.

Cc bc qun tr li:

Xc nh i tng qun tr.

Pht hin vn da vo thng tin thu thp c qua :

Polling: my qun tr nhn thng s t my b qun tr gi v theo nh k.

Trapping: my qun tr t ra gi tr ngng ,my b qun tr nu vi phm ngng th gi thng bo v cho my qun tr.

nh v v c lp vn .

Tm cch gii quyt vn .

M hnh mng:

19) Qun tr li vi Network Performance Monitor

3.1. Cc thng s quan tm i vi qun tr li:

System (1): sysDescr (1), sysObjectID(2) ,sysContact (4) ,sysName (5) ,sysService(7) ->Cn thit khi cn bo hnh,sa cha thit b.

Interface(2) : ifSpeed (5), ifOperStatus (8), ifInUcastPkts(11), ifInNUcastPkts (12),ifInDiscards (13), IfInErrors(14), IfInUnknownProtos(15), IfOutUcastPkts(17) , IfOutNUcastPkts (18), IfOutDiscards(19), IfOutErrors (20).

Ip (4) : ipInReceives (3), ipInHdrErrs(4), ipInAddrErrors(5), ipInUnknownProtos (7), ipInDiscards (8),ipOutDiscards(11), ipOutNoRoutes(12),IpReasmReqds(14), ipReasmOKs (15),ipReasmFails (16),ipFragCreates (19).

Tcp(6): tcpMaxConn (4), tcpActiveOpens(5), tcpPassiveOpens (6), tcpAttemptFails(7),tcpCurrentEstab(9), tcpRetransSegs (12), tcpInErrs (14),icpOutRsts (15).

Udp(7): udpInDatagrams(1), udpNoPorts(2), udpInErrors(3)

Icmp(5) : icmpInMsgs (1), icmpInErrors (2), icmpDestUnreachs (3),

icmpInEchos (8).

3.2. Thc hin polling:

Ta vo Solarwinds Engineers Toolset -> Network Monitoring -> Network Performance Monitor.

S lc cch lm:Tai may bi quan tri (Learning): ta thit lp SNMP Service, vo tab Traps v Security chnh:

Chn New ->Nhp vo IP i tng qun tr->Next

Nhp vo community string tng ng thit lp ti my b qun tr:

Chn Finish.

Chon thit bi & cng mang giam satXt v d polling:

3.3. Thc hin Trapping:

S lc cch lm:

Ta to 1 Alert thc hin cnh bo khi b nh ca WKS-PC b chim dng qu 4000 bytes

Chn Alert -> Configure Alert.. Chon i tng tao canh bao la WKS-PC

Chn OK.

Xt v d trapping:

VI. QUN TR SERCURITY

20) Gii thiu v Security Managenment

Qun tr Security l mt chc nng qun tr rt quan trng trong h thng mng ca chng ta. H thng hot ng n nh vi hiu sut cao v tnh an ninh c m bo l iu lun c mong mun. Mt h thng mng khi c Configuration, th song song vi vic qun tr Performance, Fault, Accouting th chc nng qun tr Security cng c quan tm hng u.

Pht hin cc xm nhp tri php vo h thng, thc hin cc bin php chng xm nhp, v li khi pht hin mt l hng no . Thc hin cc bin php an ninh thng qua vic a ra cc Policy c th. Nhm m bo an ninh cho ti khon ngi dng (Users) cng nh ti nguyn ca h thng mng (Resources).

21) Qun tr bo mt trn cng c Solarwind v9.2

Trn Solarwind h tr kh nhiu cng c gip ch cho vic qun tr an ninh mng. Mt s cng c nh:

SNMP Brute Force Attack

SNMP Dictionay Attack

Port Scanner

Remote TCP Session Reset

Edit Dictionaries

Cisco Route Password Decryption

Sau y chng ta s kho st mt s cng c nh sau:

22) SNMP Brute Force Attack

Yu Cu : dng my 192.168.1.99 qut cc Community trn my 192.168.1.10Gii thiu: SNMP Brute Force Attack l cng c cho php xc nh chui community string SNMP l read-only hay read-write bng vic th tt c cc k t cng nh ch s c th. Cng c ny c th ty chnh c th ch th cc k t nht nh hay cc chui community c chiu di c nh. S dng cng c ny, bn cn chp nhn cc tha thun v ng ch chy cc ng dng ny trn mng thuc quyn qun tr ca bn. Tuy y l mt cng c tn cng, nhng cc nh qun tr cng dng tm kim khi phc li cc SNMP community string.

Cu hnh nh sau:

Trn DC: vo Administrator Tool\ Computer Management -> Chn Services -> chn SNMP services -> tab Security chng ta cu hnh 2 chui community nh sau:

Trn PC Learning: Khi ng ng dng SNMP Brute Force Attack -> chn Settings tab General: ty chn chiu di ca chui community string ( y chng ta chn chiu di la 3)

Tab Character Set: s scan chui community bng vic th tt c cc k t sV bt u thc hin scan, ng thi thc hin bt gi bng Wireshark

Kt qu thu c l 2 chui community: 312 va 810

Phn tch hot ng ca cng c trn da vo cc gi bt c

Nguyn tc hot ng l: PC Learning s lin tc gi ra cc gi tin Get-request km theo 1 k t sinh ra trong chui Custom Character Set m chng ta ci t. n khi chui k t get-request match vi chui k t community th PC DC s gi Get-Respont li cho PC Learning xc nhn ng community string. Trong gi tin sau, gi th 1109, PC Learning gi chui 312 v match vi chui community ca PC DC

V ngay lp tc, PC DC gi Respont xc nhn ng cho PC Learning gi 1110

Sau khi scan c chui community string th tip tc kim tra chui l Read-Only hay l Read-Write. Bng cch PC Learning gi 1 gi Set-Request km theo 1 gi tr sysContact. PC Learning gi gi SET coi th community string c kh nng Write hay khng. Sau yu cu ly thng tin sysContact.0 trn my PC DC xem vic SET c thnh cng khng. Nu khng th SET gi tr sysContact th community string l Read-Only. Ngc li, nu c th SET gi tr sysContact th community string l Read-Write

community string 810. PC Learning gi gi Set-Request vi nh sau:

Va nhn lai goi tin Respont nh sau:

D dng nhn thy vic Set sysContact (Test 123716) thnh cng. Suy ra 810 l community string Read-Write

Nhn xt Chng trnh hot ng kh n gin, tuy nhin cc gi SNMP do chng trnh gi i tm Community ca my ch c th b FireWall lc b v s lng cc gi gi ti nhiu (STATE FULL). Tuy nhin y l iu kh th trnh khi ca vic tm kim theo kiu t in.

Ngi qun tr mng cn phi bit iu ny ngay t u, tin hnh ngn vic qun l t xa t bt k my khc. Tuy nhin vic gi mo mt a ch l khng kh tin hnh xm nhp vo my.

23) Port Scanner:

Gii thiu: l cng c cho php discover t xa trng thi ca cc Port trn 1 a ch IP hay mt danh sch cc a ch IP. Qu trnh qut n gin c m t nh sau:

Tht ra th Port Scanner l mt cng c trong Solarwind nhng li khng h tr giao thc SNMP.

Nhn xt:

Cng c khng h tr giao thc SNMP nhng li rt cn thit cho cc nh qun tr. Cc nh qun tr d dng nhn bit c cc cng no c bt ln trong h thng mng ca mnh, cc cng no kh nghi, cng no c th hacker khai thc tn cng. Qua , c bin php ngn chn kp thi

Tuy nhin cng c ny ch cho php thu thp thng tin, ngi qun tr hon ton khng c php disable mt port no t xa, hay chuyn trng thi(t Up sang Down, ngc li) ca Port.

Ngoi ra, trong Solarwind cn h tr mt s cng c Security khc nh:

SNMP Dictionary Attack: ging nh SNMP Brute Force Attack cng dng thc hin vic d tm cc community string nhng theo phng php Dictionary. Tc l to mt th vin cha cc chui c th l community string, sao scan v i chiu 2 string, nu match th chui l community string. Vic scan c kt qu hay khng l ty thuc hon ton vo th vin bn to ra.

Remote TCP Session Reset: cho php qun tr vin hin th tt c cc session hot ng trn server u cui, router, dial server, hoc truy cp server v d dng reset bt k session no.

24) Tng kt

Security Management l chc nng qun tr v cng quan trng trong mt h thng mng. i hi nh qun tr cn gim sot cht ch hot ng ca h thng mng, phn tch cc hnh vi kh nghi, a ra cc chnh sch m bo an ninh tt.

HH Windows c tch hp sn mt s nhng tin ch h tr chc nng qun tr Security cho nh qun tr mng. Domain Controller l ng dng quan trng trong vic qun trj bo mt. i hi cc chnh sch policy ph hp cng nh s thc hin nghim tc ca cc user.

cng c Solarwind, cng c chuyn dng qun tr mng th c mt s tnh nng nng cao hn. Solarwinds mc ch chnh l qun tr 2 chc nng: performance, fault kh k cng. kha cnh Security, Solarwinds gip cho ngi qun tr thu thp thng tin Port trong t chc, cng nh vic phc hi community

i vi Security Management, th vic qun tr khng lin quan n nhiu thng s MIB, c th kho st mt s thng s Mib sau y:

sysContact: on text nhn dng lin lc i tng cho vic qun tr node , cng cc thng tin lin lc vi node

sysObjectID: nhn dng xc thc nh cung cp ca h thng mng trong 1 thc th. Gi tr nhn dng c phn b trong cy SMI (1.3.6.1.4.1). v d nu nh cung cp l Flintstones, Inc. s c gn cy 1.3.6.1.4.1.4242 v c th gn 1.3.6.1.4.1.4242.1.1 nhn dng Red Router

ipDefaultTTL: thi gian sng ca mt gi tin ip. Nu thi gian sng ln, nhng gi tin khng th n ch c, gi tin s b loop trong mng. v nu c nhiu gi tin b loop th h thng mng s hot ng tr tr. Hacker c th li dng im yu ny gi nhiu gi tin b loop lm cho h thng mng tc nghn

VII. QUN TR ACCOUNTING

25) Tp MIB c s dng cho qun tr Accounting :

System MIB trong RFC 3148 System description (.1.3.6.1.2.1.1.1.0): m ta h thng Snmp contact (.1.3.6.1.2.1.1.2.0): ID cua h thng Snmp contact (.1.3.6.1.2.1.1.3.0): Thi gian h thng a chay, tinh t thi im quan tri khi tao lai

Snmp contact (.1.3.6.1.2.1.1.4.0): thng tin lin h ca h thng sysName (.1.3.6.1.2.1.1.5.0): Tn h thng

System description (.1.3.6.1.2.1.1.6.0): Vi tri cua h thng sysServices (1.3.6.1.2.1.1.7) : Tp cc gi tr ch cc dch v m h thng ny c kh nng cung cp

sysORLastChange (1.3.6.1.2.1.1.8) : Gi tr ca sysUpTime ti thi im c s thay i gn y nht trong trng thi hay gi tr bt k th hin no ca sysORID

sysORTable (1.3.6.1.2.1.1.9):

sysOREntry (1.3.6.1.2.1.1.9.1): Mt mc khi nim mi trong sysORTable

sysORIndex (1.3.6.1.2.1.1.9.1.1) : Bin ph tr c s dng xc nh cc trng hp ca cc i tng hinh cy ct trong sysORTable

sysORID(1.3.6.1.2.1.1.9.1.2) : Mt xc nh thm quyn ca mt tuyn b kh nng i vi cc MIB module h tr bi cc thc th SNMPv2 ti din xut trong mt vai tr i l.

sysORDescr(1.3.6.1.2.1.1.9.1.3) : Mt on m t cc kh nng xc nh bi cc th hin tng ng ca sysORID

sysORUpTime(1.3.6.1.2.1.1.9.1.4) : Gi tr ca sysUpTime m lc hng nhn thc ny c th hin cui cng

26) Cng vic cn tin hnh:T my quan tri Learning (192.168.1.99) ly thng tin account hin co trn my DC (192.168.1.10)

Hinh 7.1 : m hinh mang khao sat

27) Tin hnh kho st:

Tin hnh: S dng IP Network Browser ca tool Solarwind bt u kho st

Hinh 7.2. Cu hinh IP Network Browser trn may Learning khao satNhp a ch 192.168.1.10 ca my WKS kho st. Thc hin Scan Device vi community l public. M chng trnh wireshark bt cc gi thng tin phn tch.

Hnh 7.3: Cc thng tin bt c t Wireshark khi Learning & DC trao i cac goi tin. 192.168.1.99 tin hnh ly thng tin t my 192.168.1.10

Nhn vo hnh 8.3, ta thy qu trnh ly thng tin din ra nh sau:

Ban u my 192.168.1.99 s tin hnh kim tra my 192.168.1.10 c tn ti hay khng th hin qua ICMP request v reply.

Sau o xut hin phng thc get cua giao thc SNMP,get-request c gi t Learning ti DC. DC nhn yu cu v x l vi kh nng tt nht c th. Nu mt thit b no ang bn ti nng, nh router, n khng c kh nng tr li yu cu nn n s hy li yu cu ny. Nu agent tp hp thng tin cn thit cho li yu cu, n gi li cho NMS mt get-response.

Dy s 1.3.6.1.2.1.1.2.0 l OID c ngha sau:

* Vi 1.3.6.1.2.1.1 l: Object Identifier ch ti ti nhm system trong MIB.

C th l :

1 : ISO c gn OID

1.3 : t chc xc nh tiu chun ISO

1.3.6 : US Department of Defense

1.3.6.1 : OID assignments from 1.3.6.1 - Internet

1.3.6.1.2 : Qun l IETF

1.3.6.1.2.1 : SNMP-MIBv2

1.3.6.1.2.1.1 : System-MIB

1.3.6.1.2.1.1.2 : Ch ti mt trng th 2 trong bng system l sysObjectID

1.3.6.1.2.1.1.2.0 :l chi s v hng trong bng system,cc hang c nh s t 1 tr i.

Vy muc tiu khi Learning gi goi tin get-request 1.3.6.1.2.1.1.2.0 ti DC chinh la ly gia tri ID cua h thng DC

Tng t goi tin get-request 1.3.6.1.2.1.1.5.0 la goi tin yu cu tn cua h thng.Tip o may Learning gi cac goi tin request 1.3.6.1.4.1.77.1.2.. y la nhng yu cu thng tin cha trong bang user cua may DC

Hinh 7.4. Cac goi tin yu cu thng tin user

kim tra li qu trnh trn ta vo IP Network Browser th c kt qu sau:

Hnh 7.5. Thng tin acc ca my DC khi kim tra qua IP Network Browser

So snh vi thng s ca my DC

Hnh 7.6 : Cc account trn my AgentNhn xt : ly acc trn my DC th IP Network Browser s dng community ca my v dng hm Get, Getnext ly ton b thng tin trong bng MIB ca my DC ri tr v cho LearningVIII. QUN TR CONFIGURATION

28) Gii thiu cng c:

DNS/Whois Resolver, DNS Analyse.

29) M hnh thc hin:

Tn mya ch IPH iu hnh

My thtLearning192.168.1.99Windows 2008 R2

My oDC192.168.1.10Windows 2008 R2

Cu hinh may DC lam DNS Server: May DC co tn min l DC.LoveU.vn

Phn gii xui: t hostname ra IP.

Phn gii ngc: t IP ra hostname.

Cu hnh my tht l DNS Client: chnh Preferred DNS Server ca my tht v IP ca my o.

a. Phn tch:

Dng dng lnh Command Prompt phn gii DNS Server:

T my tht vo Run\cmd nh nslookup nhn thy my Client (my tht) phn gii c DNS ca my DNS Server (my o).

Dung Wireshark bt goi tin:

Quan st thy vic phn gii DNS qua mng ch s dng giao thc DNS phn gii. Giao thc DNS c th dng mt trong hai c ch TCP v UDP nhng trong trng hp ny s dng UDP (port 53). Vic phn gii ch n gin l tm trong vng phn gii ngc ca DNS Server t hi p thng tin v cho Client. By gi ta dng tool ca Solarwinds phn tch xem c ch phn gii c g khc nhau.

b. Dng tool DNS\Who is Resolver phn gii DNS Server:

S dung Wireshark phn tch cc gi tin:

Nh vy, khi s dng DNS/Who is Resolver phn gii DNS th thy

trong cc giao thc s dng khng c giao thc no l SNMP m l cc giao thc: DNS, Netbios Name (WINS) v ICMP.

30) DNS Analyse.

Cng c DNS/Analyse: t ng tm kim v phn tch tn min, sau v li m hnh mng ca tn min va tm c. Lu : c nhiu dng lu khc nhau, ta c th chn ty .

Kt qua khi thc hin phn tich vi email h09cn12@googlegroups.com

Ti liu tham kho:Toolset Administrator GuideSNMP ton tp Dip Thanh Nguyn

www.alvestrand.noPC: 192.168.1.99

Name: Learning

OS: Window Server 2008

PC: 192.168.1.10

Name: DC

OS: Window Server 2008

PC: 10.10.0.10

Name: DC

OS: Windows Server 2008

Tn my: Khicon

PC: 10.10.0.30

Name: WKS-PC

OS: Windows 7

PC: 10.10.0.10

Name: DC

OS: Windows Server 2008

Tn my: Khicon

PC: 10.10.0.30

Name: WKS-PC

OS: Windows 7

PC: 192.168.1.99

Name: Learning

OS: Window Server 2008

PC: 192.168.1.10

Name: DC

OS: Window Server 2008

Community Strings: Public

Trang 5Ketnooi.com din n chia s kin thc, cng ngh