Administration Book

,
,

. ,
,
.

.
5 . , 1, 2, 3, 4, 6, 7, 8 9 - .
.
,
.
2010 .

............................................................................................................................... 5

TCP/IP .............................................................................................. 7
1.1 TCP/IP ............................................................................................... 7
1.2 ................................................................................................. 11
1.3 .................................................................................. 18
1.3.1 TCP ................................................................... 19
1.3.2 UDP .................................................................. 43

......................................................................... 48
2.1 ........................................................................................ 48
2.2 ..................................................................... 49
2.3 .................................................................................................. 62

............................................................................. 79
3.1 ....................................................................... 79
3.2 .................................................................................... 87
3.3 .................................................... 93

......................................................................................... 98
4.1 ................................................... 98
4.2 .................................................................. 117
4.3 ................................................................................... 124
4.4 ................................................................................ 136
4.5 ............................................................................................... 148
4.6 ................................................ 150

......................................................................................... 158
5.1 .......................................................... 158
5.2 ............................................. 177
5.3 .......................................... 181
5.4 ............................................................................ 186
5.5 ................................................. 200
5.6. ... 206

........................................................................................ 213
6.1 ..................................... 213
6.2 VPN ............................................................................................. 216

6.3 VPN .............................................................................................. 226

............................................................................................... 232
7.1 ............................................................. 232
7.2 ........................................................................ 236
7.3 .............................................................................. 253

. ........................................... 274
8.1 .......................................... 274
8.2 ............................................................ 288

.................................................................... 300
9.1 SNMP................................................................... 300
9.2 , . 312
................................................................................................................ 327

,
.
.
.
,
:

, ,
, ,
, .

(switches), (routers)
(firewall) .

.
: Scan Disk,
Defragment
.

.

: Penetrating tests

.
,
.

.

, .

, TCP/IP.
,
.
, .

, ,
.

, .
,
,
.
,
Internet.
(VPN), , .
VPN .

,
.

,
.
.

TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol)
.

,
.
,

, .
,
.
()
, -
.
.
,

.
, ,
.
(, router). IP (IP ) , ,
, IP
TCP/IP.
:
,
;
, .
.
,
. ,
, IP .
, .. ,
. IP
.
IP .
,
IP .
1.1 TCP/IP
TCP/IP .
.1.1 TCP/IP.

:

, TCP/IP .
,
. TELNET, FTP, SMTP .

;

, .
.
TCP UDP (User datagram
protocol). UDP
. ,
UDP ,
. UDP
, .

. -
. IP (Internet protocol) -
. .
,
.
- . ,
, .

.
IP . -
ICMP, ARP RARP.

.
. , ,
, ,
. - . TCP/IP
, - .
IEEE 802.2, ATM, FDDI .
- TCP/IP .

TCP/IP .
:
,
.
TCP/IP :
TELNET ;
FTP (File Transfer Protocol)
;
SMTP (Simple Mail Transfer Protocol)

.
. 1.1

, . TCP/IP
- -
. TCP UDP .
, UDP
.

. -
, . ,
, UDP
-
.
TCP/IP
. ,
TCP/IP
/ (.1.2) .
,
( ) .
,
.
.
() .
. 1.2 -
,
,
TCP/IP .
, ,
( )
.
.
,
( IP
), .
,
. ,
, ,

.
,
.

( )
().
(routers), (bridges)
(gateways).
(bridge)
. bridge
MAC (Media Access
Control) - ,
LLC (Logical Link Control). bridge
IP. , IP
, ,
, bridge .
(router)
.
, ,
.
10
-
.
IP .
- , IP.
(gateways) gateway
/ IP . gateway
/ -
.
.
/
, . Gateway
IP . gateway,
,
. ,
(firewall).

.
1.2
IPv4
INTERNET, IP-
- INTRANET .
TPC/IP ,
.1.3:
. 1.3
IP (Internet Protocol) e ,
. IP , - ,

.

().
11
ICMP (Internet Control Message Protocol) e

.
.
ARP (Address Resolution Protocol) e
IP . IP ( )
() (-).
RARP (Reverse Address Resolution Protocol) e
MAC .
() (-)
IP- ( ).

.1.6
IP ,
.
. 1.6

,
, .. .
:
(Transmission Control Protocol) e
:

,
;

.
IP
- . TCP
.
12
, TCP,
UDP (User Datagram
Protocol). , ..
,
.
IMCP

ICMP (Internet Control Message Protocol)
ICMP DATA- IP
.
,
:
Destination Unreachable ( IP );
Time to Live Exceeded ( );
Parameter Problem ( );
Redirect ( );
Echo ( IP );
Echo Reply ( IP );
Timestamp ( );
Timestamp Reply ( )
Information Request ( );
Information Reply ( );
Address Request ( );
Address Reply ( ).

.
ARP RARP

, ,
.
, ,
.
ARP

IP- MAC-.
,
, IEEE 802.3 Ethernet. IP ,
ARP-,
MAC-. ARP
, IP- ,
, broadcast MAC-.
MAC- , . , IP
13
IP . ,
,
- MAC-.
, ARP MAC-
MAC- .
RARP (Reverse Address Resolution Protocol)
ARP. ,
MAC- IP-.
, broadcast IP-,
IP .
1.3
,
,
.

,
.

.

, ,
.
,
, ,
, .
:

;

, , ,
,

;
, .

,
.
,
, ,

,
14
( ).

.
,
(Point to Point),
.

.
, .
, .
-
, .

.
TCP/IP - ,
TCP (Transport Control Protocol) UDP (User Datagram Protocol)
.1.7.
. 1.7
1.3.1 TCP (Transport Control Protocol)
() TCP/IP
5 :
- (
) ,
, 8- , .

,
;
-
15
. ,
()
. ,
"", .
,
(authorization),
. ,
,
.

. (.
),
. ,
,
, ,
;
-
.

, .
,
, .
,
. 3
,

, . ,
,
. ,
, -
. ,
, , push ,
, . ,

.
, push TCP .
, push
, . ,
,
;
- , TCP/IP
.

,
. ,
16

;
- - , TCP/IP
, .
-.
, - ,
, .

, ,
-. -
,
,
. .
.1.8 TCP- .
. 1.8 TCP
, IP- ,
. 1.9.
TCP
UDTP
SNMP
TELNET
FTP
SMTP
HTTP

..
UDP
Internet IP v 4.0
. 1.9
17

TCP:
World Wide Web HTTP (Hiper Text Transfer Protocol) ;
(MAIL) SMTP (Simple
Massage Transport Protocol);
FTP (File Transfer Protocol) .

. UDP:
SNMP (Simple Network
Management Protocol) ;
UDTP (User Define Transport Protocol)

.

.
:
255 ;
256 1023 ;
1023 .
. 1.11
,
, (Dest. port)
, 23
TELNET . 1.11.
TCP ()
, . 1.12.
18
. 1.12 TCP

,

.

TCP .1.14
. 1.14 ( )
TCP

, ,
, .
,
- .
,
.
, ,
19
.
,

. , .
" " -. ,
", -
,
.
, ,
, .
,
.

, , ,
- ,
( , ).
.
TCP
. -, , TCP -,
TCP . TCP
, ,
.
TCP ,
.
,
, .
1.3.2 UDP (User Datagram Protocol)
TCP/IP
,
(). UDP ,
-, .
.., , UDP -, UDP
,
.
UDP I
,

, IP. To (acknowledge)
, ,
,
. UDP ,
20
.
- , .
UDP I
. I
,
.
, UDP,
, ,
, , . ,

. ,
, ,
.
, UDP, ,
TCP/IP .
.1.15 UDP-
. 1.15 UDP
TCP
.
.

SOURCE PORT ( ) DESTINATION PORT (
) 16- UDP ,
,
. .
,
. , 0.
LENGTH ()
, . ,
8,
.
21
. 0
, .
, UDP

. , , IP
. UDP
,
, .
UDP ,
0. , UDP
, I:
16-
. , ,
""
: 0 1.
0, UDP .
UDP ,
UDP . UDP
- ,
16-
. -
,
. -
0 ,
- , .
- UDP
. ,
.
UDP . ,
, UDP
, UDP I .
UDP IP
, IP , UDP
. ,
.
, -
.
, .
- - .

. UDP,
UDP , IP -,
, UDP IP -.
, UDP -,
22
, UDP .

:
IP
npe ;
UDP
.
IP
; UDP .
: ?
,
.
, ,
.
.
.
" "
. .
" "
" ".
.
. , ,
.

"
?" ,
.
, ,
, .
/I ,
,
.
, -
.
TCP
,
. ,
.
, TCP
. ,
,
23
.
,
.
, TCP , .
(,
TCP
).

, .
TCP
.

push.
TCP
,
, . ,
TCP
24

2.1

.

.
, . ,
",
.
.

, ".
,
.
, - .
..

. :

?
, .

. ,
, :
, ;
, ;
.

.
- .
,
.
.
:
,
;
;
, ;
25
,
;
,
,
;
, ;

,
. :

, , ,

,
.

.

,
( ) .

, - ,
.
",
, .
.

.
(Distributed Denial
of Service, DDoS) ,
,
.

. ,
,
.
2.2
,
.
,
.
26
,
, .
.
,

,
.
-
- .
,
. ,
,
(VPNs), dial-in.
, , ,
, .

.

,
- .
-
- .
.
, ,
,
.
,
.
,
. ,

,
.

,
.
:

(LAN). LAN
27
. ,
, .
. -
( ,
), (, "
", )
. ,
;

.

:
;
Denial of Service (DOS);
IP ;
;
.

. .

. ,
".
::

( )

,
.
, .
, .
,
,
. . 2.1
.
28
. 2.1
, :
1 - DNS , .
2 - ing,
.
3 - ,
.
.
Internet Control Message Protocol (ICMP)
, ping ,
.
ping;
, IP ,
.
(IDS)
,
. -
(ISP),
, .

(
) , .
,

.
,
, ( FDDI, 10BASE-T 100-Mbps Ethernet),

.
29
2.2,
Ethernet ,
Wireshark TCPDump, Ethernet .
. 2.2 Wireshark/TCPDump

/
Ethernet Wireshark.
,
Wireshark; ,
. ,
, ,
.
, , , ..

.
2.3 ,
.
.2.3 Ethernet
30
100BASE-T Ethernet
.
(Content Address Memory, CAM),
. ,
,
. ,
,
.

. ,

. (Access Point, )
150 . ,
,
.

.

.
, ,
. Service Set
Identifier (SSID) IP , ,
, , .
802.11
, Wired
Equivalent Protocol (WEP),
. WEP
,
.
- -
Temporal Key Integrity Protocol (TKIP), Light Extensible Authentication Protocol
(LEAP), Protected Extensible Authentication Protocol (PEAP) ..
,
.
.
2.4 ,
. , , ,
dial-in -
, , ,
, .
2.1
.
31
. 2.4
(IP , Spoofing)
,
.
IP ()
. , IP
, .
,
,
.
(replay) ,
- ,
. ,
.

, -
.
.

.
,
.
,
.
, -.
, ,
.
,
, ,
- .
32

, , .
.

, -
.

,
,
- ".
,
,
. .
(DoS) , .
,
.
DoS , IP.
DDoS
, DoS
. (DDoS),
DoS .
DDoS 2.5.
. 2.5 DDoS
DDoS , ,
. ,
.
. ,
33
.
, .
.
DDoS ,

. - ,
-
. - ,
. ,
, ,
, ,
.
2.3
.
.

, .
.

, .

.
IP
,
( TCP, ICMP, UDP, DNS, NNTP, HTTP,
SMTP, FTP, NFS/NIS X Windows).
TCP/IP
,
. 2.6 .
. 2.6
TCP/IP
34
( ), - ,
.
TCP RFC 1948,
.
. , ,

.
-
.

(, ), ,
.
(,
),
.
TCP/IP
TCP/IP
- .
,
,
.
, .
. -
,
.
SYN
TCP , SYN
(/) - SYN/ACK
( ) .
() SYN/ACK .
TCP .
SYN/ACK,
- , .
,
SYN/ACK.
TCP SYN -
TCP SYN .
- SYN/ACK
. SYN/ACK
,

- .
TCP SYN IP
, TCP
35
( email, WWW )
.
UDP
TCP, User Datagram Protocol (UDP) . UDP
. ,
. UDP
, ,
.
, UDP
, UDP
- , TCP .

, UDP-
.
ICMP
Internet Control Message Protocol (ICMP) IP
. ICMP , ping traceroute.
ICMP IP .
RFC 791, IP
65 535 (216 - 1) ;
( 20 , IP ). ,
- (MTU),
- ,
.
MTU ( 2.3).
Ping of Death
Ping of Death ,
ICMP echo (.. ping").
ICMP echo
ICMP , ping .
,
:
, ICMP echo
65 507 , .
,
.
Ping of Death ping .
TCP/IP
IP .

36
email email
. Email ,
email . Email
; email
( ,
). Email ,
email,
.
email ,
,
:

.
,
W32.Sobig.F, 2003 .
SMTP ,
. From Send To ,
.

-
.
,
,
.
"
,
,
, ,

.

.
DoS
. ,
,
- .

LAN.
,
, ,
, ,
37
.
, .
WEP
802.11 WEP
LAN (NIC).
WEP RC-4
.
, , IEEE 802.11b
40- ,
128- .
WEP , 40 , 128- ,
.

,
, ,
.
,
DoS. ,

.
- ,
.
,
, - .
38

, .

() .
( ()
() .

. ,

.
.

, .
-
3.1. ,
, ,
. ""
, iptables.
Internet.
. 3.1

, . . " " (Access
Control List, ACL).
,
.
-, , ,
, IP-
39
,
"" ().
, -.
3.2 /.
.3.2
.
, ,
,
.
,
:

,

,
-,
- .

( ,
).

,
.
40
,
.

.
,
, ,
- .
-
:
, .
, ,
: 10 100 Mbps
1000 Mbps, 800 Mbps.

.

,
(, , ..), ,

( ,
..), , -.

, ,
.
, ,
.
( )

.
,
,
.

,
( 3.4).
,
. , IP- ,

, ""
, ( ),
"" .

:
Check Point.
41

TCP,
" " (SYN, SYN/ACK, ),
, (FIN
RST).
: IP- , IP-
TCP .

. :

,
( )
() .
, TCP c
,
.
Stateful Inspection
Check Point
.
, Stateful Inspection
- ,
- (..
).
Stateful Inspection Check Point,
( PIX Cisco iptables Linux)

.

. ,
, (
),

, (. 3.6).
. 3.6.
42
"
", ,
, ,

, .

(" ") "
".
,
. " " ( , SOCKS)
,
, .

, ,
, ,
, ,
.
,
- (
), -
. ,
- .

(.. ),
.

. -
( )
Linux FreeBSD
- ,
- -
.
- - ,
- ,
. - -,
- .

, ,
, .
;
;
, , ( chroot);

. - (
43
),
tripwire AIDE.

.
- , .
,
, ,
, , .
wheel root (..
su root).
IP
IP, .
, ..
IP- . -
(Denial of Service - DoS),
,
() .
,
.
iptables IP-
:
iptables -I INPUT 1 -i eth0 -s 192.168.0.0/16 -j DROP
iptables -I INPUT 2 -i eth0 -s 10.0.0.0/8 -j DROP
iptables -I INPUT 3 -i ethl -s ! 192.168.100.0/24 -j DROP
iptables -I INPUT 4 -i eth2 -s ! 10.0.0.0/8 -j DROP
, iptables Linux 2.4,
.
( , Dropping)
"", .. .
( , Rejecting)
TCP c RST,
TCP, "Port Unreachable" ICMP,
UDP.
,
,
.
,
.
-
HTTP 80, TCP 80
.
Code Red (), Code Red
44

.

.
, .
,
DNS, DNS- ( ),
DNS-.

.

,
.
,
. ,
, TCP 80,
,
.
( ), ,
,

( ,
).

, " "
- -
.

.

.
,
.
.
.
,
, .
.
45

4.1.
,
, .
(network operating system NOS)
,
.
,
.
,
.
, NetWare NT Server, .
-
. ( ) -
, RAM - ,
, .
- (peer-to-peer)
.
- ,
, .
.
, , , ,
.
4.1 , / .
46
/
, Access (
),
. ,
. ,
/ .
/ .
/ , SQL Server Oracle,
- ,
.
/
/
:
.
(distributed), ,
.
4.2 .
. 4.2

(data warehouse) ,
.
47
,
PC- .
, ,

(server farm).

. ,
Windows, no .
,
, (creating a share).
, NetWare,
- .
Windows ,
File and Print Sharing .
Windows 2003, server.
(share-level security)
(peer-to-peer) ,
Windows. ,
, ,
.
, ,
.
,
,
(.4.3)

Ivan, Maria
1- 1q2w3e
2 - 3q4w5e
1q2w3e
Ivan
1

Ivan, Ivo

Ivo, Maria
3q4w5e
Maria
2 - 3q4w5e
5f6g7y
3

Ana, Maria
3 - 5f6g7y
Ivo
S4d2f5
4
1 - 1q2w3e
3 - 5f6g7y
4 - S4d2f5
4 - S4d2f5
Ana
. 4.3
48
(user-level security) -
,
.
(user account), .
( ) .
,
. ,
(access control list),
. ,
. , , ,
.

.

-
.
, , (
).
.
: ,
.
Windows XP
Windows ,
.
.
, ,
.
,
.

, ,
.
,
.
Local Users And Groups.
-
, Active Directory,
-. Single Sign-On (
) . Active Directory Users and
Computers.
49
logon- (,
).
:

,
Windows,
.
, , :
Administrator
Administrator ,
, ,
.
. Active Directory Administrator
. Administrator
.
Guest Guest ,
.
,
, ,
. ,
, Windows.
HelpAssistant Windows
,
. ,
,
HelpAssistant. ,
Terminal Services.
Support Support Help And
Support. HelpServicesGroup Log On As
Batch Job ( ).
Support .
Support_<id>, <id> ,
Support_388945aO.

, Windows .

.
, .
,
.
,
.
Active
Directory ,
\, \
50
Windows XP :
(local groups)
.
Local Users And Groups.
(security groups)
.
Active Directory Users and Computers.
(distribution groups)
.
.
Active Directory Users and Computers.

Local Users
And Groups. Control Panel.
Administrative Tools Computer Management (.4.7).
.4.7
, ,
, .
Local Users And Groups
:

.
, ,
. ,
SID .
51

,
,
,
. Windows
, Windows NT Windows
2003, .
,
,
.

,
Windows, ,
Everyone, .

, .

(share names), - -
. , ,
salesdocs, Sales
Documents; .
, .
4.2
(NOS)
. NOS ,
-
( , ,
), .
, ,
:
Windows NT Windows 2000(2003,2008)
NetWare
UNIX/Linux
Windows NT 4.0
Microsoft , User Manager
for Domains,
, .
: Start,
Programs, Administrative Tools, User Manager for Domains.
User Manager for Domains
; ,
; ; ;
. ,
.
52
. Windows NT
4.0 .
Administrator
() Guest ().
Windows 2000
Windows 2000 Microsoft Management Console (), snap-in
- ,
.
snap-in , Active Directory Users and Computers.
, Start, Programs, Administrative Tools,
Active Directory Users and Computers .
Windows 2000, Windows NT 4.0,
, , ,
(organizational units - OUs).

OU.
- ,
Windows NT 4.0.
Windows
Windows .
:
Windows Explorer
net use
Windows Explorer
Windows Explorer,
Windows Explorer.
,
Tools, Map Network Drive
.

Explorer, , CD
.

Windows Explorer, My Computer,
, shortcut.
net use
Windows
, (Universal Naming
Convention - UNC).
:
\ \ __\ ___
,
:
53
net use __:

\ \ __ \ ___
Windows
Windows
.
, ,
Printers and faxes, Control Panel,
.
Sharing, Shared as
.
,
: Add
Printer Wizard, net use .
Microsoft (wizards),
.
,
Printers and Faxes,
, .
(
) " .
(print spool).
UNIX Linux
UNIX .
(.., ,
)
, ,
.
UNIX
, Silicon Graphics Sun. UNIX

(graphical user interface - GUI), X Window.
UNIX Linux
(Network Information System - NIS),
Sun Microsystems,
UNIX . NIS ,
, (
),
.
, UNIX, Windows,
(case-sensitive);
. MyDocs"
mydocs."
.
54
Web , Web , UNIX-,

. Web
WebSite.html", Website.html",
file not found" ( ).

UNIX Linux,
adduser .
root supervisor
. :
___: /# adduser

/etc/passwd.
UNIX/Linux , ,
, (vi, Pico Emacs
UNIX/Linux.)
. ,
, ,
, passwd.
UNIX/Linux Windows.
4.3
(network
operating systems NOS) e .
(directory service)
,
.
,
: , .
,
.
(). ,
() .
,
,
.
,
, .
() .
. ,
.
-
, . ,
, .
, ,
, .4.8.
55
, ,
.
(.., ) (..
).
, .

:
.
.

.
,

.
,
.
,
.
.
,
,
.

- PC Novell NDS
Microsoft Active Directory.
NDS
4, NetWare NDS - ,
.
, ,
.
NDS .
: (container
objects) (leaf objects). ,
;
" - .
. OU
.
Microsoft Active Directory
C Windows 2000 Server, Microsoft
, , Novell NetWare 3
4. Active Directory . NDS
56
Novell ,
, Active Directory Microsoft ,
.
Active Directory
Active Directory :
Active Directory
Active Directory
Shared System Volume
.
, . Shared System Volume (
Sysvol) (group policy
objects) Windows 2000 .
, Windows 2000
,
.
Active Directory DNS
Active Directory DNS
DNS, . DNS Windows 2000 .
DNS
Active Directory, -
DNS.
Windows 2000 Dynamic DNS (DDNS),
DNS .
Active Directory
Active Directory
(access control list - ACL), ,
.
.
:
-
,
- ,
,

.
Windows 2000
,
.
.
4.4

.

57
, Windows NT, Windows

XP Linux, ,
.
,
.
,

,
.
:
.
,
.
(
),
.
,
(wallpaper).
,
,
.
. ,
. , ,
,
.

,
.
,
, ,
.
.
,
. Windows NT
Windows 2000 Server, ,
, . NetWare
-
.
,
,
, ,
, ,
.
58
, ,
,
. -
". ,
, .
.

. ,
.
,
, . , .
,
.

,
.
,
, ,
. , Windows 2000,
. ,
.
,
, . ,
,
.
,
,
.
,
,
.
,
.
,
, .
,
.

Active Directory.

.
59
,
.
:

.

.

,
,
(administrative templates).
, ,
Windows .

Administrative Templates Group Policy.
,
, , . Computer
Configuration User Configuration .
, -
Group Policy,
Windows.
, ,
.
HKEY_LOCAL_MACHINE, - HKEY__CURRENT_USER.
- , , , Administrative Templates
Group Policy.
:
Not Configured

.
Enabled

.
Disabled .
.
4.5

(). ,
, .
60

.
.

.

(log ).

.

.. ,

.
- ,
.

,
.
( ) ,
.
,
.
,
, .
MB (Mega Bytes) GB (Giga
Bytes).
4.6.
4.6.1

.
,
.

, , ,
, , ,
, .

. ,
,
.
61

-
,
.
,

, , .
4.6.2

.
,
,
.

.

:

()
4.6.3

, :
, ,
.
.

, .
.

, ,

.

. (
):
-
, ,
.
- ,
.
- ,
62
(
).
4.6.4

.
.

,
.

( ) {redundant array of independent (inexpensive)
disks - RAID).
- :
(RAID
level 1) - ,
.
.
. ,
. ,
.
Windows NT
boot.ini.
(RAID level 1) -
, ,
.
,
, ,
.
() (RAID
level 3) -

,
. (
, ,
). ,
.
() (RAID level 5) , RAID 3,
, ( ) ,
.
. ,
.
RAID , .
RAID - -, -
63
. , Windows NT Windows 2000

Server, RAID.
64

,

.
,
.
(authentication),
(authorization) (access control)
. ,
- ,
. ,
,
, . ,
,
.

( , ,
-, , ..}.

, ;

.
,
.
,
(,
)
. (integrity)
,
; (confidentiality)
,
.
5.1

, " .
(
) ,
.
.
.
.
65
"
.

. 1, 2 ..,
" :
4-9-14-14-5-18
9-19 18-5-1-4-25
"
:
Dinner is ready ( )
, ()
.
-.
- (key), ,
, .
.
,
.
- , -
. 40- 56-
, 128-
.
:
/ .

, ,
.
,
.
/

, - / (public/private
key encryption), -
,
.
. .
, ,
.
,
;
.
66
, ,
.
.
/
.
, , ,
,
. (
), .
, ,
, .

.

,
.
, ,
. ,
.

.

( ),
(message digest). ",
() , .

,
,
{certificate authority). ,
.
,
, .

,
.

.
, . ,
, ,
. .
,
,
. ,
67
,
. ()

.
,
,
.
-
, (local control), ,

(trusted third party).

IP point-to-point . IP
, (/) - ,
, ,
,

.
Link Control Protocol (LCP) Network Control Protocols
(NCPs)
. ,
, ,
.

(PDR) High-Level
Data Link Control (HDLC), ISO 3309-1979 (
I5O3309-1984/PDAD1).
LCP NCP . LCP
,
.
, LCP :
1
2
3
4
point-to-point ,
LCP ,
.
,
.
NCP
, IP.
68
NCP .
,

.
,
dialup ,
.

.

Password Authentication Protocol (PAP)

.
.
,
.
.
.
, .
.
".
.
PPP Challenge Handshake Authentication Protocol
Challenge Handshake Authentication Protocol (CHAP), RFC
1994,
. CHAP

.
HAP
.
.

. ,
. ,

. ,
.
CHAP
.
.
.
CHAP

.
69
P Extensible Authentication Protocol

PPP Extensible Authentication Protocol ()
, .
.
, .

; ,

.
, , - ,
,
.

, .

-
.
,
.
TACACS+, RADIUS, Kerberos, DCE FORTEZZA.
TACACS+ RADIUS dial-in

. Kerberos ,
, ,
, , , ,
.
5.2
, Telnet, FTP
HTTP, .
end-to-end ,
.
.
, .
. WWWeb
- ,
: Secure
HyperText Transport Protocol (SHTTP). Secure Multipurpose Internet
Mail Extensions (S/I)
MIME, -
.
5.3
70

. ,

,
. end-to-end ,
.
Secure Socket Layer/Transport Layer Security
Secure Socket Layer (SSL)/Transport Layer Security (TLS)
,
( HTTP, Telnet, NNTP FTP) TCP/IP.
, ,
, , .
SSL , -
, , ,
, SSL TCP
.
SSL
. SSL ,
, ,
(handshake, alert, change cipher spec
application).
SSL/TLS HTTP .
SSL/TLS
5.2.
Secure Shell
Secure Shell (SSH) (login)
.
,
X Window System .
,
. SSH
SSH
,
,

SOCKS
Socket Security (SOCKS) e ,
.
/ TCP UDP
.
5.4

IP TCP/IP.
71
,
, .
(, hop), IP
.

IETF, IP
; IPsec.

, / IP
.
IP Security
IP Security (IPsec) ,
IP
.
IPsec includes
, ,
, ( ),
() .
IP ,
- ( TCP, UDP, ICMP, BGP ..).

, IPsec ,
ESP,
IP.
ESP ,
. IPsec
; ,

. ,
.
- ,
.
:

,
; (
) .
IPv4,
IP -
( TCP UDP).
, -
, IPv4
, .
72
,
.
.
.
, " IP IPsec ,
" IP .
" IP
,
;
" .
" IP
; "
.

IPsec /
. ,
.
- ( -)
,
SA ,
. ,
, . ,
IPsec
,
.

.
-, ,
. IPsec
Internet Key
Management Protocol (IKMP), Internet Key Exchange
(IKE). IKE IPsec,
.
5.5

. dialup (VPDN)
dialup .

,

dialup .
73

:
Layer 2 Forwarding (L2F)
Point-to-Point Tunneling Protocol (PPTP)
Layer 2 Tunneling Protocol (L2TP)
Layer 2 Forwarding
Layer 2 Forwarding (L2F) Cisco Systems. L2TP, ,
. L2F ..
High-Level Data Link Control (HDLC), HDLC Serial Line Internet
Protocol (SLIP) - - .

dialup , dialup
.
, IP, IPX AppleTalk
dialup, SLIP/PPP .
oint-to-Point Tunneling Protocol
Point-to-Point Tunneling Protocol () Microsoft

IETF, RFC 2637. / ,
IP ,
NAS.
NAS
NAS :
PSTN ISDN

LCP

IP , GRE
PNS-PAC
.
, PNS-PAC .
, .

, PNS.
. ,
TCP, ,
, .
Layer 2 Tunneling Protocol
L2F, , Cisco
Microsoft, , ,
Layer 2 Tunneling Protocol (L2TP).
RFC 2661 L2TPv2. L2TP
74
,
, L2TPv3, - . L2TPv3
,
L2TPv2.
L2TP :
. ,
,
.
, dialup CHAP, PAP, EAP
( V.120
). TACACS+ RADIUS ,
, .
, ISP.
,
dialup . ,
ISP.
,
dialup.
ISP ( )
( ).
PPPoE
over Ethernet (PPPoE) RFC 2516
.

.
ADSL ,
, .
: .
Ethernet MAC
.
--,
/ .
, .
, ,
,
Ethernet.

, .
, ,
,
. -
, .
75

.
()
(, ).
,
, .
IPsec
IP . -
,
IP ,
IP , . IPsec

, TCP
( UDP). ,

( QoS,
TCP/UDP ), .

, . PKI
. PKI
- ,

.
76
7.1.
7.1.1
(Quality of Service, QoS)

, Frame Relay (FR), Asynchronous
Transfer Mode (ATM), Ethernet 802.1 , SONET IP
, .
QoS
,
()
, .
,
. QoS
,
, WAN
.
QoS

.
QoS ,
,
.
QoS :
- . ,
, , WAN
. ,
FTP
.
- - .
,
-
.
- . QoS

.
- . QoS
, WAN
, .

77
.
,
, .
-
. QoS
,
.
// ,

. .

,
- ,
.
:
- (Priority Queuing, PQ);
- (Custom Queuing, CQ)
- (Weighted Fair Queuing, WFQ)
- (Class-Based
Weighted Fair Queuing, CBWFQ).
,
QoS ,
, .
QoS ,

, , .
QoS
, .7.2:
- (Best-effort service)
QoS, -
. FIFO (First In First Out) ,
.
(DiffServ), QoS
- , -
, -
. ,
.
QoS PQ (Priority Queuing), CQ (Custom Queuing), WFQ
(Weighted Fair Queuing) WRED (Weighted Random Early Detection).
(Guaranteed service),
QoS
.
(RSVP - Resource Reservation Protocol)
78
CBWFQ(Class-Based
Weighted Fair Queuing).
,
. , .

(ACL).
PQ CQ.
PQ CQ
,
. ,
QoS
. CBWFQ
.
IP .

(CAR)
,
. ,
,
...
-
, ,
.
- (NBAR)
-. URL HTTP
. ,
.
QoS
(Policy-Based Routing, PBR)
,
.
IP ,
- ,
QoS .

,
. ,
QoS .
,
,
,
ACLs.
79

(Network Based Application Recognition, NBAR). NBAR
,
.
, - .
, NBAR
. -
, URL MIME
HTTP . - ,
web-.

. , NBAR
, .
,

.
NBAR , .
. NBAR
,
.
NBAR (Packet
Description Language Module, PDLM),
.
Flash , RAM.

.

, .
.

:
, (FIFO First-In, First-Out)
(PQ Priority Queuing)
(CQ Custom Queuing)
(WFQ Weighted
Fair Queuing)

(CBWFQ Class-Based Weighted Fair Queuing).

. , ,
. ,
.
80

.
FIFO:
- (.7.6), FIFO

, .
FIFO ,
.
:
- FIFO
- .
- FIFO
(delay)
.
- , FIFO

.
:
FIFO

.
FIFO
,
. FIFO
,
- , FIFO.
FIFO UDP
TCP . , TCP
, UDP

. TCP
,
FIFO ,

TCP FIFO.
PQ.
.
- ,
.
,
. PQ
81
(IP, IPX, AppleTalk), , ,

..
PQ
, ,
. ,
(.7.7).
, -

.
PQ , ,
, WAN ,
.
CQ -
CQ (Custom Queuing) e

. ,

. CQ
.
,
.
,
.
PQ, CQ

.
WFQ:

,
, ,
,
.
WFQ ,
.
, - ,
, -
.
,
(. 7.9).
WFQ e
.
. , WFQ

82
,
- E1 (2.048 Mb/s).
WFQ: .
(CBWFQ)
, -
. ,
CBWFQ. ,
, ()
CAR .
CBWFQ
.
, ,
.
.
CBWFQ ,
- .
CBWFQ
. - ,
. ,
. ,
,
.
, -
(Low-Latency Queue, LLQ), .

PQCBWFQ (Priority Queue Class-Based
Weighted Fair Queuing).
LLQ
.
.
.
CBWFQ IP RTP IP RTP

(RTP Real Time Protocol).
.
,
, . ,

.
(Weighted Random Early Detection,
WRED).
83
WRED:
(Random Early Detection,
RED)
. RED
,
. ,
.
RED TCP IP .
WRED RED
IP .
- .
- ,

RED
WRED TCP ,
, .
TCP ,
. RED.
,
.
- RED
:
,
.
,
.
- RED
,
.
.
- RED
: ,
.
.
7.3 QoS
7.3.1 FIFO
FIFO - ,
. , ,
, . FIFO
FCFS First Come, First Served.
, , FIFO ,
(default). ,
84
.
tc FIFO eth0.
#tc qdisc add dev eth0 root pfifo linit 10
tc , . qdisc
( class
filter, ); add
; dev eth0 ,
eth0; root , (
FIFO ,
); pfifo , pfifo
(packet-fifo); pfifo - limit 10,
( , ) 10 .

:
#tc qdisc show dev eth0
:
qdisc pfifo 8001: dev eth0 limit 10 p
tc , pfifo 8001: (
8001:0) 10 .
, - 32-
16- 16- . 0
.
pfifo ,
. tc 8001:0.
:
#tc qdisc del dev eth0 root
85

.
8.1
,
, -. . ,

. ,
. , (
),
.

. ,

.
Linux syslog
. syslog,
,
, .

, ,
.
,
-
() . ,
.
,
/etc/cron.daily/aaa_base_rotate_logs. T e
; /etc/logfiles,
,
, ,
( ),
.
/var
, , -
/var
, .

, ,
.
,
86
,
.
syslog
syslog ( klogd),
. syslog
,
.
Unix Linux
syslog
. syslog
, ,
, .
,
- .
,
(-
/etc/init.d/syslogd /etc/init.d/sysklogd
Linux). klogd,
Linux.
klogd
.

, syslogd.
klogd
;
-. , klogd

.
Syslog-ng TCP
stunnel, ssh
.
syslog
UDP, " " stunnel ssh,
syslog -,
Syslog-ng.
Syslog-ng ("syslog ")
syslog -
, (
) .
Syslog-ng
TCP UDP. Syslog-ng .
("") .
Syslog-ng ,
syslog, .
87
8.2
-,
,
(

). ,
, ,
.
. ,
,
, -, .
, ,
?
(, Intrusion
Detection Systems, IDS).
(host-based IDS)

.
(network IDS)
, ,
,
, (
, base line).

, ,
, Tripwite Open Source
Snort.

:
. ,
, .
,
( "
") , .
?
,
"" (.. , ) -
, .
-
, -
,
"" .
88

, ,
.
.
() ,
.
:
, ,
.
.

-
.
,
.
,
.
:

. -
.
ISS RealSecure Network Filght Recorder
- ( )
.

,
(
, ).

:
, .
,
, ,
.

,
, .
- ,
-
, .
,
(
). - .
89
,
/bin/ls: ,
, ( ) ..
.
- .
,
,
.
,
, , (
" ",
,
. ,
!) ,
,
.
, .
, !
, ,
.
,
, -
. -,

,
.
, ,
, ,
- - ..
.
:

( ),
: , (
, ), ,
,
. - ,
.

. ,
"".
, .
,
90
-
.
,
, ,
.

-
.
, -:

,
( ).
, : , ,
.
, ,
,
-, .
, "
",
. :
,
,
. ,
.

,
, -.
, : ,
"" ,
, , ,
.
, :
,

"" ,
,
.
, ( ) .
, ,

(,
). .
91
Snort

. - , :

, . ,
:
, . -
( )
,
, .

Snort. Snort .
, ( -
" ") Snort tcpdump.
Snort ,
( ).
, Snort . Snort
,
.
, Snort 100%
, (""),
. Snort
, - -
. Snort e GIMP, Apache
Nessus .
, Snort
(" Snort").
,
.
Snort -
-
,
Snort,
, Snort.
92

9.1
SNMP (Simple Network Management Protocol)
, ,
,
(host)
(, , , .)

, , ,
.
:
(fault management);
(performance management);
(layer management);
(security management) .
SNMP ,

,
.
SNMP TCP/IP
SNMP
(manager process)

, :
(host), , ..
, ,

- MIB (Management
Information Base)
SNMP
UDP ASN.1.

.
SNMP ,

MIB.
ISO-
CMIP (Common Management Information Protocol),
.
9.1.2 (MIB)
MIB ,
TCP/IP . : MIB-I MIB-II. MIB-I
93
RFC1156
.
(node) .
(gateway), EGP.
, .

, . ,
SMI ,
MIB .
9.1 MIB
System
Interfaces
AT
IP
ICMP
TCP
UDP
EGP
SNMP

SNMP

7
23
3
38
26
19
7
18
30
System group:
sysDescr - (, HW, OS);

sysObjectID - ;
sysUpTime - ;
sysContact - ;
sysServices - ;
Interfaces group:
ifIndex - ;
ifDescr - ;
ifType - ;
ifMtu - - :
ifAdminisStatus - :
ifLastChange -
:
ifINErrors - , ;
ifOutDiscards - ,
:
94
Address Translation Table group:
atTable - ;
atEntry -
;
atPhysAddress - , ;
atNetAddress - ,
atPhysAddress;
IP group:
ipForwarding - IP ;
ipInHdrErrors - ,
;
ipInAddrErrors - ,
IP ;
ipInUnknownProtos - ,
;
ipReasmOKs - ;
ICMP group:
icmpInMsgs - ICMP ;
icmpInDestUnreachs - ICMP
;
icmpInTimeExds - ICMP ;
icmpInSrcQuenchs - ICMP source
quench;
icmpOutErrors - ICMP ,
ICMP;
TCP group:
tcpRtoAlgorithm -
;
tcpMaxConn - ,
;
tcpActiveOpens -
SYN-SENT CLOSED;
tcpInSegs - , ;
tcpConnRemAddress - IP ;
tcpInErrs - ,
;
tcpOutRsts - reset-;
UDP group:
udpInDatagrams - UDP , ;
95
udpNoPorts - UDP ,
;
udpInErrors - UDP ,
, ;
udpOutDatagrams - UDP ,
;
EGP group:
egpInMsgs - EGP ;
egpInErrors - EGP ;
egpOutMsgs - EGP , ;
egpNeighAddr - IP EGP- .
MIB, ,
.
Ipv4.
9.1.3 (SNMP-Simple
Network Managing Protocol)
SNMP
SGMP , MIB
, SIM.
RFC 1157 (Network
Management Station - NMS),
(Network management applications - NMA),
(network elements - NE),
, .
(Management agent - MA)
, . SNMP

.
(authentication protocol) ,
, ,
, .
(privacy protocol) ,
SNMPv2 .
, , :
;
;
;
.
:
-
MD5 (message digest). SNMPv2
96
128 ( digest),
;
-
, ,

-
, ;
-
(privacy protocol),
,
.
, ,
(Data Encryption
Standard - DES). SNMPv2
.
SNMPv2

- .

(peer), SNMPv2 . ..,
, , SNMPv1.

SNMPv2 ,
, - ,

( )
SNMP ,
.
3 2. ,
SNMP
. ,
1 2,
.
9.2 ,

,
.

,
.

. -
97
.

- .
, ,
LAN WAN .
/IP
.

,
. ,
.
,
, () ;
.. ,
,
.
, ( )
,
. ,
, .
,
.
,
.
.

:
(botlenecks)
(Baselines)

(bottleneck) ,
, ,
.
,
.

(
, , )
, -.
,
. -
98
, ,
, .
,
.

.

, :
.. , .

,

,
" .

:

,

-
-
.
,
.
-
.
.

. -
( ),
.

,
, ()
,
.

,
.
,
Web , .
99

()
.

. (.. ),
.
() ,
( ), .

.
,
" .
Network Associates Sniffer (
Sniffer Pro).
.

,
.
.

, :

Microsoft Performance Monitor Microsoft System Monitor
Performance Monitor Windows NT 4.0 ( System Monitor
Windows 2000)
, .
,
.
,
.
Performance Monitor System Monitor
(alerts),
,
.
,
, :

:

100

. ,
, ,
(media) ,
.

Sniffer
, :
Sniffer Pro LAN Sniffer Pro WAN
Sniffer Pro High-Speed
Gigabit Sniffer Pro
Sniffer Distributed Analysis Suite
Sniffer ,
, IP/IPX DLC .
Sniffer Pro ,
.

(hops).
Sniffer TCP/IP , ping, tracert,
DNS lookup .
Sniffer
(
).
Sniffer Expert Analyzer,
.

.
-
,
.

.
.
,
-, ,
,
.
:

101

,

,

,
, Microsoft, Novell, IBM Hewlett Packard,
- ,
. Network Monitoring
Suite (NMS) Lanware, Simple Networking Management Protocol
(SNMP) , ,
.
ViewLAN NuLink SNMP
.

,
,
( ),
.

.
, ,
,
.
, ,
.
TCP/IP,

. ,
,
.
-
.
, .

.
,
,
(
102
),
.

".
,
, .

. ,
.

,
.
,
.
- . .

,
.
,
. ( ) ,

.
.
,

,
.
TCP/IP ,
, ,
, :
ping pathping

ping packet internetwork grooper.
, ,
Echo Request, Internet Control Message Protocol
(ICMP), .
ICMP .
ping . ,
ping , www.yahoo.com.
, ,
.
103
ping IP ,
.
IP .
ping IP , ,
ping- , ,
.
, DHCP
DNS , /I. ,
DHCP , DHCP
DNS .
ping time ,
(Echo Request)
(Echo Replay). ping- .
ping /IP
.
ping 127.0.0.1.
, , .
pathping ping c tracert
, .
pathping
.

.

Tracert Windows
Traceroute - Linux
TCP/IP

-
.

:
Netstat Nbtstat - /IP NetBIOS
.
ARP ( " Linux UNIX) -
Address Resolution Protocol (ARP).
ROUTE ( route" Linux UNIX) -
, .
104

1. , . , ., , 1989.
2. . TCP/IP . ., , 1999.
3. , ., .. UNIX, .,
Paraflow, 1993.
4. . . ., , 2006.
5. , . , ., , 1998.
6. , . Linux, ., , 2000.
7. , ., .. , .,
, 2000.
8. . TCP/IP . ., , 2002.
9. . . ,
. ., , 2003.
10. . . ., , 2004.
11. , . , , , 1999.
12. , ., ., .
, , ,2001
13. Comer, D.E. Internetworking with TCP/IP, Vol.1. Principles, Protocols and
Architecture, Englewood, Prentice Hall, 1995.
14. Comer, D.E. Internetworking with /I, Vol.11. Design, Implementation
and Internals, Englewood, Prentice Hall, 1996.
15. International Organization for Standardization, Information Processing
Systems - Open Systems Interconnection - Connection Oriented Transport
Protocol Specification, ISO 8073, 8824,8825, 9595,9596, ISO Publishing
House, Switzerland.
16. CISCO Network Module Hardware Installation Guide, CISCO Systems,
2000.
17. Software Configuration Guide, CISCO Systems, 1999.
18. David, S.A. Inside Windows NT - 2nd edition, Microsoft Press, 1998.
19. Hunt, C. /IP Network Administration, Second Edition, December 1997
20. Garfinkel, S., G. Spafford. Practical UNIX and Internet Security, Second
Edition, O'Reilly, April 1996
21. Peek, J., T.O'Reilly, M. Loukides. UNIX Power Tools, August 1997
22. Liu, C, P.Albitz. DNS and BIND, O'Reilly, September 1998
23. International Technical Support Organization of IBM, /IP Tutorial and
Technical Overview Rep.GG24-3376-05, October 1998
24. CISCO Systems, Internetwork Design Guide, 2000.
25. CISCO Systems, Internetworking Technology Overview, 2000.
26. Troubleshooting and Configuring the Windows NT/95 Registry, Macmillan
Computer Publishing,
27. Deering, S.E., D.R.Cheriton. Multicast Routing in Datagram Internetworks
and Extenden LANs, ACM Transactions on Computer Systems, 8(2), 1990,
pp.85-110.
28. Falk, G. The Structure and Function of network Protocols, in Computer
105
Communications, vol.1, Cheu, W(ed.), Englewood, Prentice Hall, 1983.

29. Rose, M. (ed.) Management Information Base for Network Management of
/I Based Internets, DDN network Information Center, SRI International,
Ravenswood (USA).
30. Karn, P., C.Partridge. Improving Round-Trip Estimates in Reliable Transport
Protocols, Proc. ACMSIGCOMM'87.
31. Martin, J. Computer Networks and Distributed Processing, Englewood,
Prentice Hall, 1991.
32. Comer, D.E. Internetworking with , Vol.11. Design, Implementation
and Internals, Englewood, Prentice Hall, 1996.
33. Comer, D.E., D.Stevens. Internetworking with TCP/IP, Vol.III. Client-Server
Programming and Applications, Englewood, Prentice Hall, 1996
34. Comer, D.E. The InternetBook: Everything you need to know about computer
networking and how the Internet works, Englewood, Prentice Hall, 1995
35. Comer, D.E., D.L.Stevens. Vol.III, Windows Sockets Version, Englewood,
Prentice Hall, 1997.
36. Denning, Dorothy . Information Welfare and Security. Reading, MA:
Addison-Wesley, 1999 r.
37. Kaufman, C, R. Perlman , . Speciner. Network Security: Private
Communication in a Public World, . Upper Saddle River, NJ:
Prentice Hall PTR, 2002 r.
38. McCarthy, Linda. Intranet Security: Stories from the Trenches. Palo Alto,
CA: Sun Microsystems Press, 1998 r.
39. Pfleeger, Charles, et al. Security in Computing, . Upper Saddle
River, NJ: Prentice Hall PTR, 2002 r.
40. Rescola, Eric. SSL and TLS: Designing and Building Secure Systems.
Reading, MA: Addison-Wesley Professional, 2000 r.
41. Schneier, Bruce. Applied Cryptography, . New York, NY:
John Wiley and Sons, 1996 r.
42. Stallings, William. Cryptography and Network Security, .
Upper Saddle River, NJ: Prentice Hall, 2002 r.
43. Chapman, D. Brent ,Elizabeth D. Zwicky. Building Internet Firewalls,
. Cambridge, MA: O'Reilly and Associates, 2000 r.
44. Chapman Jr., David W , Andy Fox. Cisco Secure PIXFirewalls. Indianapolis,
IN: Cisco Press, 2001 r.
45. Cheswick, William , Steven Bellovin. Firewalls and Internet Security,
. Reading, MA: Addison-Wesley, 2002 r.
46. Carter, Earl. Cisco Secure Intrusion Detection System. Indianapolis, IN:
Cisco Press, 2001 r.
47. Northcutt, Steven , Judy Novak. Network Intrusion Detection: An Analyst's
Handbook, . Indianapolis, IN: New Riders, 2002 r.
106

Administration Book

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Administration Book

Uploaded by

Copyright:

Available Formats

,

6.2 VPN ............................................................................................. 216

SMTP (Simple Mail Transfer Protocol)

ICMP (Internet Control Message Protocol) e

net use __:

Web , Web , UNIX-,

, Windows NT, Windows

. , Windows NT Windows 2000

P Extensible Authentication Protocol

(IP, IPX, AppleTalk), , ,

sysDescr - (, HW, OS);

Address Translation Table group:

Communications, vol.1, Cheu, W(ed.), Englewood, Prentice Hall, 1983.

You might also like