Professional Documents
Culture Documents
Do An Thiet Ke Mang
Do An Thiet Ke Mang
Luc
Contents
Muc Luc................................................................................................................................................1
Contents................................................................................................................................................1
Thit b c sn Tr s chnh :........................................................................................................5
Chi nhnh 1 v chi nhnh 2 va c xy dng mi hon ton ....................................................5
M hinh mang toan nha chinh gm cac thit bi chinh c tp trung phong server va IT.
Ngoai ra am bao mc tin hiu gia cac thit bi co khoang cach hn 100m, ta dung cc
switch 24 v 48 port cac tng........................................................................................................8
Switch cc tng lu c port Uplink c tc 1000MB/s dng ni vi switch trung tm
m bo tc truyn d liu..........................................................................................................8
Router: H thng bao gm 2 router, 1 kt ni mng WAN va 1 Router kt ni ti 2 chi nhnh ...8
H thng cac may chu c t ti phng server c my lnh v h thng d phong UPS, may
chu Database cu hinh manh ap ng nhu cu x ly va ng b d liu t chi nhanh.
Database c bao v bng Server Backup.....................................................................................8
H thng Firewall: Firewall gate la s kt hp cua phn mm bao mt chuyn dung cua hang
checkpoint VPN-1 UTM chay trn phn cng chuyn dung crossbeam 6, IPS bo v vng
CSDL : database server, App server , DHCP server Web firewall bo v vng DMZ (cha
web v mail server) va h thng Scan virus chuyn dung cua hang Trend Micro t trc
Firewall gateway...............................................................................................................................8
Cac thit bi c lp t tp trung tai phong server nh chi nhanh chinh .....................................9
Router: 1 Router kt ni chi nhanh chinh va truy cp WAN...........................................................9
Firewall: Firewall gate cho toan b h thng...................................................................................9
Cac thit bi c lp t tp trung tai phong server nh chi nhanh chinh....................................10
Router: 1 Router kt ni chi nhanh chinh va truy cp WAN.........................................................10
Firewall: Firewall gate la s kt hp cua phn mm VPN-1 UTM cua hang checkpoint chay trn
phn cng chuyn dung crossbeam C6 h thng IPS cho Web, Mail Server.............................10
3. Quy hoch a ch IP cho h thng mng v thit b................................................................29
H thng Firewall gateway s kim sot lung d liu i qua bao gm: Truy cp t ngoi
Internet vo vng dch v trc tuyn, ngi dng mng LAN truy cp Internet qua ng
1
LeasedLine, ADSL hoc Wireless, ngi dng mng LAN truy cp vo vng Server ng dng
v c s d liu. Firewall s kim sot, xc thc v ngn chn nhng truy cp khng hp l,
nhng tn cng ca hacker t ngoi Internet hoc trc tip xut pht t bn trong mng vo cc
vng servers. ..................................................................................................................................50
Vi kinh nghim trin khai ca cng ty Misoft, kt hp vi s pht trin ca cng ngh, chng
ti xut h thng Firewall s l s kt hp gia Firewall VPN1- UTM ca hng Check Point
chy trn phn cng chuyn dng ca hng Crossbeam System. Check Point Firewall VPN1UTM hi cc yu t bo v mng bao gm cc tnh nng Firewall, AntiVirus, IPS v VPN
server ch trong mt sn phm. Check Point Firewall c ci trn mt cp thit b an ninh tch
hp chuyn dng ca hng Crossbeam System chy clustering ch HA (High availability)
m bo tnh sn sng cao v hiu nng hot ng ca ton mng. ............................................51
Vi mc quan trng nh trn, chng ti xut trin khai thit b phng chng xm nhp
Proventia Network IPS chuyn dng ca hng Internet Security Systems ISS. Thit b ny cho
php ngn chn trc cc cuc tn cng cha bit cng nh cc cuc tn cng bit nh DoS,
trojan, peer to peer download, backdoor, malicious http v file nh km e-mail m khng nh
hng n hot ng ca mng. c bit, thit b Proventia Network IPS c kh nng phn tch
v nhn dng cc giao thc c s dng trong VoIP nh SIP, MGCP, H.323, H.225, H.245,
Q.931, T.120 v SCCP xc nh cc cuc tn cng.................................................................52
Thit b ny s c t trc vng Server farm bo v cho c vng, kim sot ton b cc yu
cu truy cp d liu c mc Network v mc ng dng trn cc Server. C s d liu v cc
mu tn cng (attacking Signatures) s lun c h thng update t Internet Security Systems
X-Force theo thi gian thc, m bo ngn chn ti a cc tn cng c th xy ra hin nay.
Proventia Network IPS c tnh nng Fail-open v h tr cu hnh dng Active/Active,
Active/Passive do vy m bo tnh sn sng cao ca ton mng................................................52
Ngn chn tn cng ca Virus ti Gateway v trong cc vng mng...........................................53
Cc con ng m virus c th tn cng v bng pht vo mng ca cng ty chng khon tng
i a dng, xut pht t Internet, t ngi dng bn trong, bn ngoi mng v c bit qua
email. c mt h thng phng chng c hiu qu cao th cn phng v chng Virus va
Spyware ti c 4 lp mng: gateway, mailserver, server, PCs. H thng ny phi c qun l
tp trung, thng nht v lun lun c cp nht mu Virus va Spyware t nhng trung tm
phng chng Virus va Spyware ln trn th gii. Ngoi ra cn phi c mt chnh sch bo mt
chung v kt hp vi cc gii php bo mt khc phng chng Virus va Spyware hiu qu
hn..................................................................................................................................................53
Gii php tng th c chng ti xut da trn cng ngh v sn phm phng chng virus
ca hng Trend Micro. Cc sn phm bao gm:...........................................................................54
i vi ngn chn v phng chng AntiVirus ti Internet Gateway, chng ti s dng thit b
chuyn dng InterScan Gateway Appliance (ISGA) ca hng Trend Micro. y l thit b qut
virus, spyware, phishing ti Internet Gateway trn cc lung: SMTP, POP3, HTTP, FTP v c
2
I.
1.
C s h tng v yu cu ca cng
ty ABC
C s h tng:
Tr s chnh : Ta nh 3 lu vi din tch mt sn 2400m2(60x40) , t Qun
Thanh Kh
Chi nhnh 1: Gm mt ta nh 2 lu v 1 tng hm, vi din tch mt sn
600m2(30x20), t Qun Lin Chiu
o Chi nhnh 2: Ta nh 4 lu , din tch mt sn 4000m2 . t Qun Ng
Hnh Sn
o C s vt cht a co sn cua tr s chnh:
Hng sn xut
S lng
PC
PV-D5701
20
Mn hnh LCD
20
my in laser trng en
HP LaserJet P1102
SW 24 port l2
DataBase Server
Firewall ISA
H thng Voip
II.
1.1.
M hinh mang toan nha chinh gm cac thit bi chinh c tp trung phong
server va IT. Ngoai ra am bao mc tin hiu gia cac thit bi co khoang cach hn 100m,
ta dung cc switch 24 v 48 port cac tng.
Switch cc tng lu c port Uplink c tc 1000MB/s dng ni vi switch trung
tm m bo tc truyn d liu.
Chi nhnh 1:
Vi chi nhanh 1 kha nho nn ko co h thng Server ring, database se c truy cp t chi
nhanh chinh.
Chi nhnh 2 :
10
2.
Chung ti chon m hinh trn theo hng m rng cac dich vu cho tng lai, m
hinh trn sn sang ap ng cac nhu cu v thm cac thit bi nh PC, IP Phone,
Print mt cach d dang.
H thng web co th dung mua hang va thanh toan trc tip mt cach an toan.
H thng IPX ring bit co th d dang m rng cac dich vu video conferencing d
dang Vi ng line ring nn mang Lan trong cng ty c bao v khoi cac
cuc tn cng t PSTN
3.
3.1.
S vt l:
Toa nha chinh:
Tru s chinh din tich 2400 m2 - 132 nhn vin gm nhn vin cac phong Giam c
Pho Giam c
11
H2.4 S vt l Tr s chnh lu 1
Tr s chnh lu 1:
12
H2.5 S vt l Tr s chnh lu 2
o Toa nha chinh - Tng 2:
13
Nhn lp t: 2 PC 2 IP Phone
H2.6 S vt l Tr s chnh lu 3
15
3.2.
Chi nhnh 1:
16
17
CN1 - Tng 1:
B phn lp t: 16 PC 16 IP Phone 3 Print
18
CN1 - Tng 2:
19
Chi nhanh 2:
Chi nhnh 2 vi din tch 4000 M2, nhng din tch mt sn xy dng l 3000m2(60x50) .
Chi nhnh 2 c 229 ngi bao gm qun l nhn vin bo v - lao cng.
20
21
22
Lp t , bo tr: 20
23
Cn2 - Lu 3 :
24
25
CN2 - Lu 4 :
26
CN2 lu 4 gm : phng gim c chi nhnh , phng k ton, phng qun l nhn s,
phng server , th vin, hi trng .
CN2 lu 4 c 49 ngi c phn b :
Gim c : 1
Th k: 1
K ton : 15
Nhn S: 18
IT : 8
Qun th : 6
27
Phng gim c 1 PC
Phng Th k 1PC + 1 my in
Phng nhn s 16 PC + 2 my in
Phng k ton 15 PC + 2 my in
Phng IT 6 PC + 1 my in
S dng Access Point phng hp v phng th vin tin li cho vic s dng laptop
kt ni internet v ti nguyn trong khi hi hp , v 1 access point trong phng th vin
nhn vin s dng laptop vo gi gii lao.
ng kt ni t cc switch cc lu n swich trung tm u dng port uplink tc
1000 mb/s, trong khi t cc switch n cc PC l tc d 100MB/s nhm m bo tc
truyn d liu v gii quyt vn tt ngn khi nhiu lung d liu up ln cng 1
lc.
H thng core gm 1 sw L3 , y chn Cisco Switch WS-C3560G-24TS-S vi thong
s Catalyst 3560 24 10/100/1000T + 4 SFP + IPB Image (24 port ca Sw L3 ny u
t n tc 1000mb/s), bn ta dng 1 Sw na thit k theo m hnh phn cp
nhm d phng trng hp sw core gp s c .
29
Thit b
K hiu Cng
IP
Subnet mask
Router
ta nh
chnh
R1
S0/0
192.168.200.1
255.255.255.252
N/A
Kt ni vi
R2
R1
S0/1
192.168.200.5
255.255.255.252
N/A
Kt ni vi
30
R3
Router
CN1
Router
CN2
R1
F0/0
192.168.1.1
255.255.255.0
Kt ni ti
sw core
bn trong
mng
R2
S0/1
192.168.200.6
255.255.255.252
N/A
Kt ni vi
R1
R2
F0/0
192.168.10.1
255.255.255.0
N/A
Kt ni ti
sw core
bn trong
mng
R3
S0/1
192.168.200.2
255.255.255.252
N/A
Kt ni vi
R1
R3
F0/0
192.168.100.1
255.255.255.0
N/A
Kt ni ti
sw core
bn trong
mng
Tr s chnh :
IP Internet: 203.100.100.3 v 203.100.100.4
IP Web server: 203.100.100.1
IP Mail server: 203.100.100.2
31
Ta nh trung tm
STT VLAN
32
S thit b cn
cp a ch
MAX IP
Lp t
13
30
Thu ngn
30
192.168.1.32/27 192.168.1.63/27
Nhn s
14
K ton
14
Nghin cu
14
Server Farm
14
Giao hng
14
Tip Tn
14
Kho hng
14
10
Qut th
11
Qut vn tay
12
Gim c
13
Ph gim c
14
DMZ
15
AP HP
16
AP Gii tr
17
IT
18
Th k
19
Router 1
20
Router 2
20
IP Phone
64
254
Vit tt :
33
A : Vlan
B:Loi Thit B
C: Tn thit b
D: S lng
G: default gateway
STT A
Lp t
PC
PV-D5701
11
RJ45 192.168.1.2/27
192.168.1. 30/27
Lpt
My in
HP LaserJet
P1102
RJ45
Thu ngn
PC
PV-D5701
Thu ngn
My in
HP LaserJet
P1102
RJ45 192.168.1.34/27
192.168.1.33
192.168.1.62/27
RJ45
Nhn s
PC
PV-D5701
Nhn s
My in
HP LaserJet
P1102
K ton
PC
PV-D5701
K ton
My in
HP LaserJet
34
G
192.168.1.1
RJ45 192.168.1.66/28
192.168.1.65
192.168.1.78 /28
RJ45
RJ45 192.168.1.82/28
192.168.1.81
192.168.1.94 /28
RJ45
P1102
Nghincu PC
PV-D5701
10
Nghincu My in
HP LaserJet
P1102
RJ45 192.168.1.98/28
192.168.1.97
192.168.1.110/28
RJ45
11
RJ45 192.168.1.114/28
192.168.1.113
12
IBM System
1
X3500 M3 (7380 42A)
RJ45 192.168.1.115/28
192.168.1.113
13
IBM System 1
x3550M3 (7944 A2A)
RJ45 192.168.1.116/28
192.168.1.113
14
IBM System
1
X3500 M3 (7380 42A)
RJ45 192.168.1.117/28
192.168.1.113
15
Giaohng
PC
PV-D5701
16
TipTn
pc
PV-D5701
17
Khohng
PC
PV-D5701
18
Khohng
My in
HP LaserJet
P1102
19
Qutth
Qutth
20
21
Gimc
PC
PV-D7502
RJ45 192.168.1.194/28
192.168.1.193
22
Phgimc PC
PV-D7502
RJ45 192.168.1.202/28
192.168.1.201
35
LPV-VT6280
23
DMZ
RJ45 192.168.1.210/28
192.168.1.209
24
DMZ
RJ45 192.168.1.211/28
192.168.1.209
25
AP HP
26
AP Giitr
27
IT
PC
PV-D7502
28
IT
My in
HP LaserJet
P1102
29
Thk
GD+PGD
PC
PV-D5701
30
Thk
GD+PGD
My in
HP LaserJet
P1102
RJ45
31
Router 1
Router
CISCO2821
RJ45 192.168.1.249/30
192.168.1. 250 /30
32
Router 2
Router
CISCO2821
RJ45 192.168.1.253/30
192.168.1.254/30
33
IP Phone
IP Phone
Grandstream
GXE5028 VoIP
Phone System GXE-5028
64
RJ45 192.168.5.2/24
192.168.5.254 /24
192.168.5.1
STT
VLAN
S thit b
cn cp a
ch
IP Phone
63
126
192.168.10.0/25 192.168.10.127
K ha n v 12
thanh ton
30
192.168.10.128/27 192.168.10.159
Bo tr, lp t, 13
bo hnh
30
Tip th kinh
doanh
14
30
192.168.10.192/27 192.168.10.223
K ton ti
chnh
16
30
192.168.10.224/27 192.168.10.255
Nhn s
11
30
192.168.11.0/27 192.168.11.31
IT
14
192.168.11.32/27 192.168.11.47
Server Farm
14
192.168.11.48/28 192.168.11.63
192.168.11.64/28 192.168.11.71
10
My qut vn 1
tay
192.168.11.72/28 192.168.11. 79
11
My qut th
192.168.11.80/28 192.168.11.87
12
Gim c
192.168.11.88/28 192.168.11.95
13
Th k
192.168.11.96/28 192.168.11.103
14
Tip tn
15
Router
192.168.11.112/28 192.168.11.115
37
Bng thng tin chi tit chia IP cho tng loi thit b trn tng VLan c th :
STT
IP Phone
IP Phone
Grandstream GXE5028
VoIP Phone System GXE-5028
63
Khanvt PC /my in
hanhton
PV-D5701/
12
PV-D5701/
13
Tipthkinhdo PC /my in
anh
PV-D5701/
14
Ktontichn PC /my in
h
PV-D5701/
16
Nhns
PV-D5701/
11
RJ45 192.168.11.2/27
192.168.11.30
D-LINK DPR-1061
QunkhohngPC /my in
PV-D5701/
10 MyqutvntaMyqutvnta TimeWORKS y
y
Fingerprint Time
11 Myqutth Myqutth
PC /my in
HP LaserJet P1102
HP LaserJet P1102
HP LaserJet P1102
HP LaserJet P1102
HP LaserJet P1102
7
IT
PC /my in
PV-D5701/
HP LaserJet P1102
HP LaserJet P1102
38
LPV-VT6280
192.168.11.1
12 Gimc
PC
PV-D7502
13 Thk
PC /my in
PV-D5701/
HP LaserJet P1102
14 Tiptn
pc
PV-D5701
15 Router
Router
CISCO2821
RJ45 192.168.11.113/30
Chi nhnh 2:
STT
tn phng
S thit b
cn cp a
ch
S a ch IP ti Dy a ch IP
a c th d
dng
Lp t
30
62
192.168.100.0/26 192.168.100.63
Thu ngn
24
62
192.168.100.64/26 192.168.100.127
Bo tr
22
62
192.168.100.128/26 192.168.100.191
bo hnh
22
62
192.168.100.192/26 192.168.100.255
nhn s
20
30
192.168.101.0/27 192.168.101.31
k ton
17
30
192.168.101.32/27 192.168.101.63
giao hng
14
192.168.101.64/28 192.168.101.79
kho
14
192.168.101.80/28 192.168.101.95
tip tn
14
192.168.101.96/28 192.168.101.111
39
10
relex
14
192.168.101.112/28 192.168.101.127
11
IT
14
192.168.101.128/28 192.168.101.143
12
qut th
192.168.101.144/29 192.168.101.151
13
vn tay
192.168.101.152/29 192.168.101.159
14
hp
192.168.101.160/29 192.168.101.167
15
gim c
192.168.101.168/29 192.168.101.175
16
TK GD
192.168.101.176/29 192.168.101.183
17
PGD
192.168.101.184/29 192.168.101.191
18
TK PGD
192.168.101.192/29 192.168.101.199
19
server
192.168.101.200/29 192.168.101.207
20
router
192.168.101.208/30 192.168.101.211
21
IP Phone
51
254
192.168.500.0/24 192.168.500.255
PC /my in PV-D5701/
Lpt
30
24
RJ45 192.168.100.66/26
192.168.100.126
192.168.100.65
22
RJ45 192.168.100.130/26
192.168.100.190
192.168.100.129
22
RJ45 192.168.100.194/26
192.168.100.193
HP LaserJet
P1102
2
Botr
PC /my in PV-D5701/
HP LaserJet
P1102
bohnh
40
PC /my in PV-D5701/
HP LaserJet
P1102
5
nhns
PC /my in PV-D5701/
192.168.100.254
20
RJ45 192.168.101.2/27
192.168.101.30
192.168.101.1
17
RJ45 192.168.101.34/27
192.168.101.62
192.168.101.33
RJ45 192.168.101.66/28
192.168.101.78
192.168.101.65
RJ45 192.168.101.80/28
192.168.101.94
192.168.101.81
HP LaserJet
P1102
6
kton
PC /my in PV-D5701/
HP LaserJet
P1102
kho
PC /my in PV-D5701/
HP LaserJet
P1102
tiptn
PC
PV-D5701
RJ45 192.168.101.98/28
192.168.101.110
192.168.101.97
10
relex
AP/PC
LINKSYS
WRT160N/
RJ45 192.168.101.114/28
192.168.101.126
192.168.101.113
RJ45 192.168.101.130/28
192.168.101.142
192.168.101.129
PS/2
192.168.101.146/29
192.168.101.150
192.168.101.145
(1 -5)
PV-D5701
11
IT
PC /my in PV-D5701/
HP LaserJet
P1102
12
qutth
qutth
LPV-VT6280
13
vntay
vntay
TimeWORKS - 2
Fingerprint Time
RJ45 192.168.101.154/29
192.168.101.158
192.168.101.153
14
hp
AP/PC
LINKSYS
WRT160N/
RJ45 192.168.101.162/29
192.168.101.166
192.168.101.161
RJ45 192.168.101.170/29
192.168.101.169
(1 -1)
PV-D5701
15
gimc
41
PC
PV-D7502
192.168.101.174
16
TK GD
PC /my in PV-D5701/
RJ45 192.168.101.178/29
192.168.101.182
192.168.101.177
HP LaserJet
P1102
17
PGD
PC
PV-D7502
RJ45 192.168.101.186/29
192.168.101.185
18
TK PGD
PC /my in PV-D5701/
RJ45 192.168.101.194/29
192.168.101.198
192.168.101.193
HP LaserJet
P1102
19
server
RJ45 192.168.101.202/29
192.168.101.201
19
server
RJ45 192.168.101.203/29
192.168.101.201
20
router
router
RJ45 192.168.101.209/30
21
IP Phone IP Phone
CISCO2821
Grandstream
GXE5028 VoIP
Phone System GXE-5028
51 RJ45 192.168.500.2/24
192.168.500.254
42
192.168.500.1
43
H3.1 - Internet
Nhu cu lp t Internet
Ngay nay vi s bung n manh me cua Internet a lam cho nhu cu s dung Internet ngay cang
tng trong cng ng dn c noi chung c bit la trong cac cng ty noi ring. Cng vic hin ai
ngay cang lin quan mt thit n mang Internet : mail, web, hi nghi qua mang, lam vic t xa
Chinh vi vy vic lp t va s dung mang Internet trong mt cng ty la ht sc quan trong, no
khng nhng phuc vu cng vic hang ngay ma con thuc y s phat trin cua cng ty ngay cang
hin ai va chuyn nghip hn.
i vi mt cng ty ban hang ln v nhiu chi nhnh nh ABC vic kt ni internet rt quan
trng trong hot ng ca cng ty cng nh s pht trin v m rng sau ny.
a. La chon nha cung cp va goi cc
Nha cung cp : Viettel Telecom.
Cng ty ABC la mt cng ty chuyn v mua ban san phm in t ,chi nhanh chinh co s
lng nhn vin nhiu nht , hu ht mi nhn vin u co may tinh (co ni mang Internet) nn
44
chung em chon goi cc la FTTP Pro. Va, chung em s dung goi cc FTTP Office cho 2 chi
nhanh con lai.
b. . Mang WAN
MegaWAN l dch v kt ni mng my tnh ti nhiu im c nh khc nhau trn din rng
ca cc t chc, doanh nghip. y l mng ring o kt ni mng ring ni ht, lin tnh, quc t
truyn s liu, truyn d liu thng tin rt tin li v ng tin cy cho doanh nghip trong kinh
doanh.
MegaWan rt cn thit cho cc t chc, doanh nghip c nhiu chi nhnh, nhiu im giao dch
cn phi kt ni truyn d liu nh: Ngn hng, Bo him, Hng khng, Cty chng khon ...
MegaWan kt ni cc mng my tnh trong nc v quc t bng ng dy thu bao SHDSL
(cng ngh ng dy thu bao s i xng) hoc ADSL (cng ngh ng dy thu bao s bt
i xng) kt hp vi cng ngh MPLS/VPN.
MPLS l thut ng vit tt cho Multi-Protocol Label Switching (chuyn mch nhn a giao thc).
Nguyn tc c bn ca MPLS l thay i cc thit b lp 2 trong mng nh cc thit b chuyn
mch ATM thnh cc LSR (label-switching router-B nh tuyn c
huyn mch nhn). LSR c th c xem nh mt s kt hp gia h thng chuyn mch ATM
vi cc b nh tuyn truyn thng.
chung em la chon cng ty in toan va truyn s liu VDC la nha cung cp MegaWan. Nhng li
ich ma VDC mang lai khi lp t dich vu VPN/VNN (MPLS)
46
Chi ph u t hiu qu
Tn dng kh nng x l ca cc thit b trong mng core MPLS ca VDC. Gim cc chi ph
u t thit b t tin ti u khch hng.
Bo mt an ton
Khi c nhu cu thit lp thm chi nhnh hoc im giao dch, khch hng ch cn ng k
thm im kt ni vi VDC m khng cn bt c mt u t li g trn mng hin c.
Mi cu hnh kt ni u thc hin ti mng core MPLS ca VDC, thnh vin mng khng
cn bt k mt cu hnh no.
n gin ho qun tr IT
Vi qu trnh qun tr v thit lp VPN ti mng core MPLS ca VDC s gip n gin ho
ti a cng vic qun tr IT trong hot ng ca doanh nghip.
VPN MPLS cho php chuyn ti d liu ln vi tc Gbps qua h thng truyn dn cp
quang.
Khng ch l Data, VPN MPLS ti VDC c th trin khai y cc ng dng v thi gian
thc nh VoIP, Video Conferencing vi tr thp nht.
Phn d liu nhay cam khi khach hang thanh toan bng the ngn hang : co s h tr
bao mt ti u t ngn hang cung cp dich vu.
D liu truyn i khng lin tuc : chu yu la d liu hang hoa, co th truyn theo
thi gian biu a lp sn.
c.
Tinh ph bin
Co cung cp kt ni internet
2. H Thng Firewall:
49
H thng Firewall gateway s kim sot lung d liu i qua bao gm: Truy cp t ngoi
Internet vo vng dch v trc tuyn, ngi dng mng LAN truy cp Internet qua ng
LeasedLine, ADSL hoc Wireless, ngi dng mng LAN truy cp vo vng Server ng
dng v c s d liu. Firewall s kim sot, xc thc v ngn chn nhng truy cp khng hp
l, nhng tn cng ca hacker t ngoi Internet hoc trc tip xut pht t bn trong mng vo
cc vng servers.
50
Vi kinh nghim trin khai ca cng ty Misoft, kt hp vi s pht trin ca cng ngh, chng
ti xut h thng Firewall s l s kt hp gia Firewall VPN1- UTM ca hng Check
Point chy trn phn cng chuyn dng ca hng Crossbeam System. Check Point Firewall
VPN1-UTM hi cc yu t bo v mng bao gm cc tnh nng Firewall, AntiVirus, IPS v
VPN server ch trong mt sn phm. Check Point Firewall c ci trn mt cp thit b an
ninh tch hp chuyn dng ca hng Crossbeam System chy clustering ch HA (High
availability) m bo tnh sn sng cao v hiu nng hot ng ca ton mng.
(http://www.pcworld.com.vn/articles/quan-ly/tu-van/2007/04/1190428/an-toan-thong-tin-chocong-ty-chung-khoan/ tham khao ngay 20/04/2011)
Trong m hnh bo mt, vng my ch c s d liu v my ch ng dng l quan trng
nht trong hot ng trao i thng tin ca cng ty. Nu mt trong cc my ch ny b tn
cng hoc c s c, hot ng kinh doanh ca cc cng ty s b nh hng trc tip. Do vy
bn cnh h thng Firewall bo v h tng network ca cng ty, nht thit cn trang b b sung
h thng phng chng xm nhp (IPS) bo v ring cho vng cc Server ng dng ny.
Khc vi Network Firewall, h thng IPS s pht hin v ngn chn cc xm nhp tng ng
dng, can thip trc tip vo cc protocols, cc traffice m h thng Firewall khng pht hin
c. H thng IPS c t trong vng mng LAN, do vy h thng phi m bo c tc
x l khng lm nghn lung thng tin c trao i vi mt cao ti y.
51
Vi mc quan trng nh trn, chng ti xut trin khai thit b phng chng xm
nhp Proventia Network IPS chuyn dng ca hng Internet Security Systems ISS. Thit b
ny cho php ngn chn trc cc cuc tn cng cha bit cng nh cc cuc tn cng bit
nh DoS, trojan, peer to peer download, backdoor, malicious http v file nh km e-mail m
khng nh hng n hot ng ca mng. c bit, thit b Proventia Network IPS c kh
nng phn tch v nhn dng cc giao thc c s dng trong VoIP nh SIP, MGCP, H.323,
H.225, H.245, Q.931, T.120 v SCCP xc nh cc cuc tn cng.
Thit b ny s c t trc vng Server farm bo v cho c vng, kim sot ton b cc
yu cu truy cp d liu c mc Network v mc ng dng trn cc Server. C s d liu v
cc mu tn cng (attacking Signatures) s lun c h thng update t Internet Security
Systems X-Force theo thi gian thc, m bo ngn chn ti a cc tn cng c th xy ra hin
nay. Proventia Network IPS c tnh nng Fail-open v h tr cu hnh dng Active/Active,
Active/Passive do vy m bo tnh sn sng cao ca ton mng.
52
53
Gii php tng th c chng ti xut da trn cng ngh v sn phm phng chng
virus ca hng Trend Micro. Cc sn phm bao gm:
i vi ngn chn v phng chng AntiVirus ti Internet Gateway, chng ti s dng thit
b chuyn dng InterScan Gateway Appliance (ISGA) ca hng Trend Micro. y l thit b
qut virus, spyware, phishing ti Internet Gateway trn cc lung: SMTP, POP3, HTTP, FTP
v c bit m bo c tc ti im Gateway m hu ht cc traffice trao i thng tin
gia mng trong v mng ngoi u phi i qua.
54
Cc web site thng tin v cc sn phm bo mt c xut trong gii php tng th v
an ton thng tin cho cc cng ty chng khon:
Cc sn phm ca h thng Firewall/VPN
Check Point:
www.checkpoint.com
Crossbeam System
www.crossbeamsystems.com
Netcontinuum:
www.netcontiuum.com
55
Trend Micro:
www.trendmicro.com
3. H Thng d phong:
3.a. D phng trong ni b ta nh, chi nhnh
Xy dng h thng mng theo m hnh phn cp
56
57
58
Check Point VPN1-Edge khi thit lp VPN tunnel s s dng cc cng ngh m ho sau
thit lp knh kt ni qua Internet, dial-up v h tr xc thc ngi dng bng nhiu phng thc
nh Certificate, Token, Smartcard trc khi cho php kt ni. Ti cc my ca nhn vin s ci
phn mm thit lp kt ni VPN client ca Check Point.
4. H Thng VoIP:
60
Chi nhnh 1
61
Kt ni my Fax gia cc chi nhnh vi nhau thng qua h thng mng IP.
An ton bo mt.
Gi thnh hp l.
m bo tnh thm m.
6.
62
S dng thit b mi vi cng ngh tin thin ca hng Digital Person. H thng chm cng bng
du vn tay trn PC bao gm my c du vn tay kch c nh gn v chng trnh qun l thi
gian. Hai phn ny thay th chc nng my bm th hay cch ghi nhn gi ra-vo khc bt k l c
th mt cch hiu qu . Vi s lng 2 my / mi ta nh, m bo qut tt c nhn vin trong
vng 15 pht.
63
Chi nhnh1
64
65
Chi nhnh 2
H3.11 Chi ph cn 2
I.
i l Internet
v h kinh doanh c th
FTTH Office
Gi cc dnh cho
FTTH Pro
FTTH Pub
Ph lp t mi
2.000.000
2.000.000
2.000.000
Ph hng thng
2.000.000
6.000.000
2.000.000
II.
50 Mbps
34 Mbps
640 Kbps
1536 Kbps
640 Kbps
01 IP tnh min ph
01 IP tnh min ph
01 IP ng
04 IP tnh min ph
ti a
Bng thng quc t ti
thiu
IP WAN
IP tnh
III.
Min ph
(ng/TB/ln)
Chuyn i t tc cao
xung
tc
thp
200.000
(ng/TB/ln)
Khi phc li dch v
67
Min ph
(ng/TB/ln)
Chuyn dch khc a ch
1.500.000
(ng/TB/ln)
Chuyn dch cng a ch
500.000
(ng/TB/ln)
(p dng t ngy 15/5/2010)
Gi thit b
Media
Converter
M-R460
Link TL-R460
- 2910
- 2950
Gi bn (VND)
550.000
250.000
500.000
2.800.000
11.500.000
Tng chi ph :
Ta trung tm
68
90 007 $
Chi nhnh 1
48 694 $
Chi nhnh 2
73 699 $
Internet v megawan :
Tng Cng
1 000 $
213 400 $
V. Tng kt
Vi m hnh thit k mng ny, nhm p ng y cc yu cu ca cng ty
ABC . Hn na, kh nng m rng ca h thng l rt ln. Nhng im mu cht
ca ti c th hin :
im mnh :
D n thit k mng ny p ng y yu cu ca cng ty ABC . c th hin qua cc chi tit
sau :
Bo mt cao
69
Sn sng cao
Thit k theo s phn cp d thay i, m rng, nng cp, bo tr .
H thng web, mail server truy cp t cng ty v internet
H thng qut vn tay v th ngn hng
H thng Voip tit kim chi ph v m rng cao
Ton b h thng s dng Patch panel v Outlet to thm m cho h thng mng v ta
nh
70
Netfilter / iptables khng tch hp VPN m ch c nhng modules gip x l VPN qua
nhng giao thc thng thng to VPN (IPSEC AH/ESP, PPTP). Trong khi ,
Checkpoint c gii php VPN y v tch hp hon ton vi firewall; s dng nhiu
phng thc authentication khc nhau.
71
Li khuyn :
Tuy nhin, nu mun gim gi tin xung. Ta c th s dng h thng firewall ISA ca
Microsoft, gi thit b s gim ng k. V d: thit b Firewall check point VPN1- UTM
& Crossbeam Systems - C6 gi 5,250 USD (ly t
http://www.checkpoint.com/products/choice/platforms/crossbeamc6.html), cn 1 server
ISA ch tm 2000 USD .
72
http://www.ipphone-warehouse.com/Grandstream-GXE5028-IP-PBX-VoIP-Phone-Systemp/grandstream-gxe5028-ip-pbx.htm
[3] Check Point, www.checkpoint.com ,ngy 25/03/2011,
www.checkpoint.com
[4] Wikipedia 2011, vi.wikipedia.org, ngy 1 thng 4 nm 2011, http://vi.wikipedia.org/wiki/M
%E1%BA%A1ng_ri%C3%AAng_%E1%BA%A3o
[5] Sieuthivienthong, sieuthivienthong.com, , ngy 1 thng 4 nm 2011,
http://www.sieuthivienthong.com/SWITCHCISCO/254/category.html
[6] T mng, tumang.us, ngy 1 thng 4 nm 2011,
http://www.tumang.us/vn/Tu-rack-27U-sau-1000-p1421-Tu-mang-27U-sau-1000mm-Cualuoi-n465
[7] Qun tr my ch, quantrimaychu.com, ngy 25 thng 3 nm 2011
http://quantrimaychu.com/showthread.php?t=3577&s=f9c7aa8c3cc69061d93fc1c891cefc43
73