8/12/2019 BI GING TNG LA CHNG I
1/34
Phm Minh Thun Khoa An ton thng tin
8/12/2019 BI GING TNG LA CHNG I
2/34
Phm Minh Thun Khoa ATTT 1
8/12/2019 BI GING TNG LA CHNG I
3/34
Ti liu tham kho
Phm Minh Thun Khoa ATTT 2
8/12/2019 BI GING TNG LA CHNG I
4/34
Ti liu tham kho
Phm Minh Thun Khoa ATTT 3
8/12/2019 BI GING TNG LA CHNG I
5/34
Ti liu tham kho
Phm Minh Thun Khoa ATTT 4
8/12/2019 BI GING TNG LA CHNG I
6/34
Ti liu tham kho
Gio trnh Bc tng la
Tm hiu vtng la Firewall
Building Internet Firewall 2nd Edition
Firewalls 24Seven 2nd
EditionInternet Firewalls and Network Security 2nd Edition
Firewall Fundamentals (Cisco Press)
Linux Firewalls 3th Edition
Best Damn Firewall Period
www.google.com
Phm Minh Thun Khoa ATTT 5
8/12/2019 BI GING TNG LA CHNG I
7/34
Mc tiu v yu cu mn hc
Mc tiu Cung cp khi nim, nguyn l cbn vbc tng la. Gip hc vin nm vng cc cng ngh, m hnh kin trc,
xy dng cc chnh sch tng la t thit lp v bo trtng la.
Yu cu Nm vng kin thc mng my tnh c bit l m hnh
OSI v TCP/IP.
Phm Minh Thun Khoa ATTT 6
8/12/2019 BI GING TNG LA CHNG I
8/34
Ni dung mn hc
Tng quan vbc tng la
Cc cng nghtng la
Cc kin trc bo vca tng la
Xy dng chnh sch bo mt cho mt bctng la
Bo tr tng la
Cc sn phm tng la in hnh
Phm Minh Thun Khoa ATTT 7
8/12/2019 BI GING TNG LA CHNG I
9/34
Chng 1
Tng quan vBc tng la
Phm Minh Thun Khoa ATTT 8
8/12/2019 BI GING TNG LA CHNG I
10/34
Cc cu hi t ra:
Tng la l g?
Ti sao phi sdng tng la?
Phm Minh Thun Khoa ATTT 9
8/12/2019 BI GING TNG LA CHNG I
11/34
Tng quan vbc tng la
Khi nim tng la1
Lch spht trin tng la2
Chc nng tng la3
Cc hn chca tng la4
Cc sn phm tng la5
Phm Minh Thun Khoa ATTT 10
8/12/2019 BI GING TNG LA CHNG I
12/34
t vn
Hthng mng thng tin pht trin mnh m(nht lmng Internet) xut hin nhu cu m bo an tonthng tin
Slng vtn cng trn mng ngy cng tng,phng php ngy cng tinh vi, gy tn hi ln.
Sdng mt trong cc bin php phng chng huhiu l bc tng la
Phm Minh Thun Khoa ATTT 11
8/12/2019 BI GING TNG LA CHNG I
13/34
1. Khi nim tng la
Tng la (Firewall) l hthng ngn
cch mt svng v bo vchng trccc vng cn li Tng la l nhng thit bhoc cc h
thng kim sot traffic gia cc mngc mc an ton khc nhau.
Tng la l mt cchngn cch bo vmng tin cy (trustednetwork) khi cc mng khng tin cy (untrusted network).
=> Ch : Firewall khng gn lin vi vic bo vmng trc Internet
Tng la nhmt Barrier, trm kim sot cc im ni gia ccvng, lm nhim vkim tra v quyt nh traffic mng c c iqua hay khng.
Tng la c thl thit bphn cng hoc phn mm
Phm Minh Thun Khoa ATTT 12
8/12/2019 BI GING TNG LA CHNG I
14/34
2. Lch spht trin tng la
1980: Xut hin cng nghtng la
1988: Tng la lc gi tin xut hin, Jeff Mogul(DEC) cng b1988
1980 1990: Xut hin thhtng la th2:Circuit Level Firewall, Dave Presotto v HowardTrickey (AT&T Bell lab) nghin cu
1990 - 1991: Cng ng dng xut hin. Tng lathng mi u tin ca hng DEC (DigitalEquipment Corporations) pht hnh vi tn SEAL.
Phm Minh Thun Khoa ATTT 13
8/12/2019 BI GING TNG LA CHNG I
15/34
2. Lch spht trin tng la
1992: Bob Braden v Annette DeSchon (!H NamCalifornia) pht trin hthng lng la lc gi tinthhtht: Visas
1994: CheckPoint Software Technologies xy dngthnh phn mm s"n sng cho sdng: Firewall-1.
Phm Minh Thun Khoa ATTT 14
8/12/2019 BI GING TNG LA CHNG I
16/34
Cc thhtng la
Lc gi tin xut hin ln u tin vo nm 1988Cng vng xut hin trong giai on 1988 1990Cng ng dng xut hin vo nhng nm 1990 -
1991
Thanh tra trng thi xut hin vo nm 1994
Phm Minh Thun Khoa ATTT 15
8/12/2019 BI GING TNG LA CHNG I
17/34
3. Chc nng tng la
Chc nng chnh ca tng la l iu khin, kimsot truy nhp: Kim sot dch v(service control)
Kim sot hng (direction control)
Kim sot ngi dng (user control)
Kim sot hnh vi (behaviour control)
Phm Minh Thun Khoa ATTT 16
8/12/2019 BI GING TNG LA CHNG I
18/34
3. Chc nng tng la
Gip trin khai gim st cc skin an ninh mng.Cc hthng cnh bo, IDS & IPS c thtrin khaitrn hthng tng la
Gip trin khai mt vi chc nng trn nn tng la:NAT, thng k, logs ....
Sdng trong vic trin khai mng ring o
Phm Minh Thun Khoa ATTT 17
8/12/2019 BI GING TNG LA CHNG I
19/34
4. Cc hn chca tng la
Tng lakhng thchng li cc tn cng vngqua tng la
Tng lakhng thchng li cc nguy ce da tbn trong
Tng lakhng thbo vmng kh#i tt ccccuc tn cng c hi
Phm Minh Thun Khoa ATTT 18
8/12/2019 BI GING TNG LA CHNG I
20/34
5. Cc sn phm tng la
Checkpoint (CheckPoint Software Technologies)
Hng u vcng nghtng la, mng ring o
86 quc gia, 1900 i tc.
Ni ting vi cng nghStatefull Inspection
Sn ph$m: Firewall 1, UTM-1, ...
Phm Minh Thun Khoa ATTT 19
8/12/2019 BI GING TNG LA CHNG I
21/34
CheckPoint Software Technologies
Phm Minh Thun Khoa ATTT 20
8/12/2019 BI GING TNG LA CHNG I
22/34
5. Cc sn phm tng la
Cisco
PIX (Private Internet Exchange)
Hiu hnh ring
Thut ton bo mt ASA (Adaptive Security Alogrithm)
Tch hp mng ring o
Lc URL: WebSense v N2H2
Dphng l%i (High Availbility)
Phm Minh Thun Khoa ATTT 21
8/12/2019 BI GING TNG LA CHNG I
23/34
Cisco PIX
Phm Minh Thun Khoa ATTT 22
8/12/2019 BI GING TNG LA CHNG I
24/34
PIX Firewall
Phm Minh Thun Khoa ATTT 23
8/12/2019 BI GING TNG LA CHNG I
25/34
PIX Firewall
Phm Minh Thun Khoa ATTT 24
8/12/2019 BI GING TNG LA CHNG I
26/34
PIX Firewall
Phm Minh Thun Khoa ATTT 25
8/12/2019 BI GING TNG LA CHNG I
27/34
PIX Firewall
Phm Minh Thun Khoa ATTT 26
8/12/2019 BI GING TNG LA CHNG I
28/34
PIX Firewall
Phm Minh Thun Khoa ATTT 27
8/12/2019 BI GING TNG LA CHNG I
29/34
PIX Firewall
Phm Minh Thun Khoa ATTT 28
8/12/2019 BI GING TNG LA CHNG I
30/34
5. Cc sn phm tng la
NetScreen
Chip ASIC (Application Specific Integrated Circuit)
Tng tc tng la, vt tri vhiu nng
Sdng bvi xl RICS, SDRAN chy hiu hnhScreenOS
Phm Minh Thun Khoa ATTT 29
8/12/2019 BI GING TNG LA CHNG I
31/34
NetScreen
Phm Minh Thun Khoa ATTT 30
8/12/2019 BI GING TNG LA CHNG I
32/34
5. Cc sn phm tng la
Microsoft ISA (Internet Security Acceleration)
Gii php phn mm ng dng cho cc hthng mngdoanh nghip
Tch hp Firewall, VPN, Web proxy, caching...
Phm Minh Thun Khoa ATTT 31
8/12/2019 BI GING TNG LA CHNG I
33/34
Microsoft ISA
Phm Minh Thun Khoa ATTT 32
8/12/2019 BI GING TNG LA CHNG I
34/34