THC HNH QUN TRI MNG

(PCWorldVN) Vi ngh qun tr mng, kinh nghim l trn ht, k n mi

l bng cp. PCW gii thiu n bn 9 bi thc hnh c thit k cho 3 cp , t
c bn cho n nng cao.
V c bn, cc chng ch hun luyn CNTT nh Network+ hay CCNA chnh l
tm v thng hnh bn bt u chui ngy tm kim mt chn qun tr mng, nhng
kinh nghim mi l tt c.
Khi i mt vi vn no , nu cha c kinh nghim th hn l bn kh lng
lt vo "mt xanh" ca nh tuyn dng, nht l trong nhng nm u bc vo ngnh
qun tr h thng.
Cu hi t ra y chnh l bn c tng phi cu hnh hoc vc ph mt h thng
mng no cha? Thm ch, nu tng lm nh qun tr hay k thut vin mng th cng
kh lng no m bn c th chm ht c n mi kha cnh trong lnh vc ny.
Lot 9 bi thc hnh c phn b cho 3 cp c bn, trung cp v cao cp c
cp bn di s hng n cc ch mng khc nhau, t c bn n nng cao.
Vi bi thc hnh ch mt vi pht l xong, nhng c mt s bi s khin bn mt
ht thi gian ca ngy ngh cui tun. C th bn cng cn u t mt cht v trang thit
b phn cng, m c th l thit b mng nhng vn c nhng cch khng cn n chng.
Phn 1 - Trnh c bn
Bi thc hnh 1: Cu hnh TCP/IP
Mt trong nhng nhim v c bn nht ca nh qun tr mng l cu hnh thit lp
TCP/IP. Nu mt mng khng s dng giao thc cp pht ng DHCP (Dynamic Host
Configuration Protocol), ngha l t ng qun l a ch IP khi my khch kt ni th bn
phi t thit lp IP tnh v a ch DNS cho mi my khch. C th h thng yu cu bn
t thng tin IP tnh khi bt u bc thit lp v cu hnh router hoc cc thnh phn
khc trn mng.
 t IP tnh, bn phi bit a ch IP ca router v di a ch IP bn c th
t cho my khch. Bn c th tm c d kin ny trong Settings ca my tnh no kt
ni thnh cng vo mng.
Bn s cn n a ch IP, a ch Subnet Mask, a ch IP ca router (cng nh
Default Gateway) v a ch my ch DNS (Domain Name System).

C
a s
Netw
ork
Conn
ectio
n
 Detai
ls
cho
bn
bit
c
thng
tin v
a
ch
IP,
Subn
et
Mask
,
Defa
ult
Gate
way
v
my
ch
DNS.
- Trong Windows: Network Connections qua Control Panel, hoc
Network and Sharing Center. Tip theo, m kt ni ang hot ng v nhn vo
nt Details.
- Trong Mac OS X: Trong System Preferences, nhn vo biu tng Network, sau
chn kt ni ang hot ng, nh AirPort (wireless) hay Ethernet (wired).
 Vi kt ni c dy, bn s thy thng tin ngay trn mn hnh u tin; cn
vi kt ni khng dy, nhn thm vo nt Advanced v tm di tab TCP/IP v
DNS.
Bn hy vit nhng con s ny vo giy hoc copy chng vo mt tp tin
vn bn no , ri ng ca s li.
xem di a ch IP cho mng, bn c th nhp a ch IP v a ch Subnet
Mask vo mt ng dng tnh subnet tn l Subnet Calculator. V d, nhp vo IP
192.168.1.1 v Subnet Mask 255.255.255.0 s cho bn kt qu di a ch t
192.168.1.1 n 192.168.1.254.

S
ubnet
Calc
ulato
 r cho
bn
bit
IP
no
l
hp
l.
n y, bn bit c di a ch IP ri, nhng cn nh l mi thit b phi c
mt a ch IP duy nht. Cch tt nht kim tra a ch IP l ng nhp vo router,
nhng bn cng c th on c hoc n gin l chn mt a ch ngu nhin no
trong di. Nu a ch c thit b no s dng th Windows hoc OS X s cnh
bo l c xung t v a ch IP v bn c th chn mt a ch khc. Mt khi thit lp
thnh cng a ch IP th bn ghi a ch xung hoc lu li trong file vn bn. y l
cch tt nht ghi nhn li mi a ch IP tnh cng vi s seri ca my tnh s dng a
ch IP .
By gi, chng ta cng thit lp mt a ch IP tnh:
- Trong Windows: M ca s Network Connection Status, nhn vo nt
Properties v m thit lp TCP/IPv4 (Internet Protocol Version 4). Chn "Use the
following IP address" v g vo thit lp: mt a ch IP phi nm trong di IP cho php,
cng vi Subnet Mask, Default Gateway v my ch DNS trong ca s Network
Connection Details.
- Trong Mac OS X: m ca s Network v nhn vo nt Advanced. Trong tab
TCP/IP, nhn vo nt s xung k bn Configure IPv4, chn Manually v g vo a ch
IP hp l trong di, cng vi Subnet Mask v a ch router m bn copy trc .
Sang tab DNS v g vo a ch my ch DNS.
 B
n g
vo
thit
lp
IP
th
cng.
Nhn OK hon tt.
Bi thc hnh 2: Phn tch Wi-Fi
L qun tr mng, bn s mun thit lp, tinh chnh v duy tr mng khng dy
trn mng. Mt trong nhng cng c c bn nht m bn cn c l mt cng c phn tch
Wi-Fi (Wi-Fi stumbler). Nhng cng c ny c th qut sng v lit k nhng thng tin
c bn v cc mng khng dy, gm router v Access Point (AP) gn , trong c m
mng SSID (service set identifier), cn gi l tn mng khng dy; a ch MAC ca
router/AP; knh; mc tn hiu; v trng thi bo mt.
Bn c th s dng mt cng c d Wi-Fi kim tra sng mng ti nh. V d
bn c th kim tra hng xm ang dng Wi-Fi trn knh no bn c th chuyn sang
knh khc cho gim nhiu. Bn cng cn m bo ch bo mt ca router thp nht
l WPA hoc WPA2.

N
etSur
veyor
cho
bn
bit
chi
tit
v
cc
mng
Wi-
 Fi
xung
quan
h
bng
ch
cng
nh
bng
biu
.
Windows c cng c Vistumbler v NetSurveyor; Mac OS X c KisMac;
hay Kismet cho c hai h iu hnh trn, cng c Linux. C 4 cng c trn u min ph,
cho php bn xem thng tin dng vn bn hoc dng biu v knh v mc tn hiu
sng Wi-Fi.
Cn nu bn s dng in thoi thng minh hay my tnh bng nn Android, bn
c th s dng Wifi Analyzer hay Meraki WiFi Stumbler, c hai u min ph.
 W
iFi
Anal
yzer
trnh
by
 knh
Wi-
Fi
dng
biu
rt
trc
quan.

Bi thc hnh 3: Cu hnh router khng dy v AP

c thm kinh nghim thit lp v cu hnh khng dy, bn nn tp vi router
khng dy ti nh. Hoc tt hn, bn nn tip xc vi mt AP no c sn xut cho
doanh nghip. Tt nht l bn mn ca ai trong b phn CNTT trong cng ty mnh,
hoc th xem trn th trng c loi router hay AP no dnh cho doanh nghip gi r
khng, nh AP ca Ubiquiti Networks c gi kh mm (khong 70 USD trn eBay).
truy cp c vo giao din cu hnh router khng dy, bn g vo a ch IP
trn trnh duyt. Hy tham kho li Bi thc hnh 1, a ch IP ca router ging nh a
ch Default Gateway m Windows lit k trong ca s Details v kt ni khng dy.
Truy cp giao din cu hnh AP kh khc nhau. Nu c mt b iu khin khng
dy th s c mt giao din chung bn c th cu hnh cho mi AP. Cn h thng no
khng c b iu khin khng dy ny th bn phi truy cp tng AP mt thng qua a
ch IP ca n.
Mt khi bn truy cp c vo giao din cu hnh router hoc AP, hy xem mi
thit lp v c hiu chng. Hy xem kch hot tnh nng tch khng dy (hoc layer 2)
nu thit b h tr v xem n chn ngi dng-ngi dng nh th no. Bn cng c th
thay i a ch IP ca router/AP trong thit lp LAN, tt DHCP v gn a ch IP c th
cho tng thit b/my tnh. Bn cng xem a ch DNS tnh (nh OpenDNS) trong thit
lp WAN; thit lp Quality of Service (QoS) u tin lung d liu. Khi bn thng
tho cc thng s y, hy thit lp mc bo mt cao nht cho h thng mng l WPA2.
 G
n
a
ch
IP v
a
ch
DNS
cho
route
r.
Trong trng hp bn khng th kim c mt AP mc doanh nghip, hy xem
qua cc cng c gi lp giao din hoc demo ca mt s hng sn xut, nh Cisco chng
hn.
Sau khi thun thc mi k nng c cp trong 3 bi thc hnh cp c bn,
bn hy chun b sn sng bc vo giai on "kh nhai" hn vi nhiu thao tc i hi
kin thc nn tng tt.
Phn 2 - Trnh trung cp
Bi thc hnh 4: Ci DD-WRT trn router khng dy
"vc" nhiu hn mng khng dy, bn c th ci firmware ngun m cho cc
router khng dy DD-WRT. Firmware ny c nhiu tnh nng tin tin ch c cho cp
doanh nghip, v c th ty bin rt tt. Nhng trc khi ti v cp nht firmware, bn
cn kim tra trn danh sch router tng thch vi firmware ny.
V d, n h tr mng LAN o v nhiu SSID nn bn ct th chia mt mng ra
thnh nhiu mng o. N cng h tr mt my khch v my ch VPN truy cp t xa,
hoc thm ch kt ni trc tip site-to-site. Hn na, n cho bn ty bin tng la, chy
script khi chy v tt, h tr nhiu gii php hotspot khc nhau.

D
D-
WRT
c
nhiu
tnh
nng
mi
tin
tin
cho
bn
"vc"
.
Bi thc hnh 5: Phn tch mng v lung d liu trn mng
 L nh qun tr h thng, bn s cn phi x l nhng vn lin quan n vic
theo di cc gi d liu ang truyn trn mng. Mc d cc cng c phn tch giao thc
mng c th tn rt nhiu tin ca,Wireshark l mt chn la min ph, ngun m, lm
vic trn mi h iu hnh. N c nhiu tnh nng v h tr theo di thi gian thc v c
phn tch offline cho hng trm giao thc mng khc nhau, gii m cho nhiu loi m ha
v c cc b lc mnh, c kh nng c/ghi thng qua nhiu nh dng tp tin (file) bt
c trn mng.

W
iresh
ark
bt
cc
gi
pack
et
trn
mng
.
Mt khi bn ci xong Wireshark, hy th bt gi d liu v xem n c g trong .
Ni cch khc, bn hy do lng vng trn web hoc nh v nhng chia s trn mng
xem lung d liu trn mng lun chuyn nh th no. Hy nh l bn c th ngng qu
trnh bt gi d liu theo di k hn mt im no . Mc d Wireshark c th bt
mi lung d liu lun chuyn qua mng, c th bn ch thy c lung d liu vo/ra
ca mt my khch m thi nu ch bt packet "hn hp" khng c h iu hnh
m bn ang dng hoc card mng (adapter mng) ca bn h tr. Thng tin chi tit, bn
c th tham kho ti trang web ca Wireshark.
Lu : thm ch khi cch bt gi packet thng chy ch chy th ng,
ngha l khng can thip hay gy nhiu mng nhng vi ngi xem vic theo di kiu
ny l vi phm chnh sch ring t v c nhn. Vy nn bn cn lu l ch nn p dng
cho mng c nhn ti nh, hoc yu cu quyn ca nh qun tr h thng hoc CTO cng
ty trc khi thc hin.
Ngoi ra, cn vi cng c phn tch mng min ph khc m c th bn mun th
qua. V d EffeTech HTTP Sniffer c th tp hp cc gi HTTP v hin th chng trn
mt trang web c th trnh by r rng bng th cho bn theo di d hn, thay v
phi nhn vo c ng packet d liu th. Hoc nhPassword Sniffer ch "nghe" mt
khu trn mng v lit k chng ra, cho ta thy c rng mt khu bng ch s l rt
khng an ton. V phn tch d liu di ng thng qua in thoi hay my tnh bng
nn Android, c nhng cng c min ph nh Shark for Root.
Bi thc hnh 6: Th vi b gi lp mng
Mc d kh c th s dng trc tip mng doanh nghip thc tp th chng ta
c thm cch khc, l s dng cc b gi lp o ha vic thit lp v cu hnh
mng. Chng l nhng cng c v gi chun b cho nhng k thi CNTT, trong c
cc chng ch ca Cisco v Juniper. Mt khi bn to c mt h thng mng o vi cc
thnh phn v my khch y , bn c th cu hnh v qun tr chng bng nhng thit
lp v lnh gi lp. Thm ch bn c th chy cc cng c phn tch mng nh Wireshark
vi vi b gi lp xem lung d liu mng i u v u.
Di y l vi b gi lp bn nn xem qua:
- GNS3 Graphical Network Simulator l chn la min ph, ngun m. N yu
cu bn chy h iu hnh tng ng, nh Cisco IOS hoc Junos OS ca Juniper, v bn
cn ng k.
 G
NS3
Grap
hical
Netw
ork
Simu
lator
h
tr
Cisco
IOS/I
PS/PI
X/AS
A v
Junip
er
JunO
S.
 - Netkit l mt chn la min ph, ngun m khc. N khng i hi nhng chc
nng chuyn bit gn vi nh sn xut no v n kh hn ch v thnh phn mng. ng
mng l Netkit khng c nhng i hi kht khe v h iu hnh nh GNS3.
- Boson NetSim Network Simulator l b gi lp tnh ph, gi 99 USD; mc ch
chnh ca n l cho bn hc v IOS ca Cisco. N c bn demo min ph nhng chc
nng rt hn ch.
Ngoi ra, cng c mt s trang web nh SharonTools v Open Network
Laboratory cho bn truy cp t xa n cc thnh phn mng v gi lp nn web bn
thc hnh cc lnh. Bn cng nn th qua cc b gi lp min ph ca Cisco.

Qua 6 bi thc hnh phn 1 v phn 2 ca bi vit, bn gn nh hiu r cch

thit lp v vn hnh mt h thng mng ni b. Vi phn cui cng ny, hy cng
PC World Vietnam nghin cu lm th no tng cng kh nng bo mt cho ton b
h thng vi nhng cng c, tin ch sn c.

Ngoi ra, bi vit s hng dn bn cc bc v nguyn tc c bn trin khai

Windows Server cho mng ti nh hay doanh nghip.

Phn 3 - Trnh cao cp

Bi thc hnh 7: T tn cng h thng

Bn c th c nhiu v bo mt mng, nhng cch tt nht l hc cch nh gi

mc bo mt ca h thng mng bng nhng th nghim tn cng chnh h thng
mng ca mnh.

Di y l vi cch tn cng m bn c th th:

- B kho Wi-Fi. M ho WEP l cch d xm nhp nht bng Aircrack-ng. B

kho Wi-Fi Protected Setup (WPS) vi s PIN bng Reaver-WPS cng c th truy cp
c vo mt router khng dy.
 - Tn cng ti khon trc tuyn thng qua Wi-Fi s dng tin ch b sung trn
Firefox l Firesheephoc ng dng Android DroidSheep.

- Bt gi d liu v b kho thng tin ng nhp trn mng 802.11X s

dng FreeRadius-WPE.

Khi hc, bn s tm thy c nhng hng dn cch lm th no ca tng cng

c. Mt cng c ph bin khc tch hp hng trm cng c c sn l a CD BackTrack,
nhng hin d n ny ngng hot ng.

Tuy vy, Kali Linux l cng c tng t, hin ang rt ni, c th ci thng vo
my tnh hoc my o, hoc chy trn USB, CD.

Nu mun tm cch test h thng mng ca mnh, bn c th tham kho thm

ti Ethical Hacker.

Bi thc hnh 8: Thit lp my ch bo mt RADIUS

nh, bn thng m ha router khng dy ca mnh bng ch Personal hoc

Pre-shared Key (PSK) cho bo mt WPA hoc WPA2 gip mng khng dy khng b
k khc dm ng. Ch Personal l cch n gin nht m ho Wi-Fi: thit lp mt
mt khu trn router v n gin l nhp mt khu ny vo thit b v my tnh kt ni.

Tuy nhin, vi doanh nghip, ch Enterprise ca WPA hoc WPA2 c cc

chuyn gia bo mt khuyn khch dng hn, v kt hp vi xc thc 802.11x.

Thay v dng mt khu Wi-Fi, mi ngi dng s nhn c mt thng tin ng

nhp ring; m ha ny bo v chng li vic trm d liu gia ngi dng vi nhau.
Hn na, bn c th thay i hoc xa mt ti khon no bo v mng khi mt
nhn vin khng lm vic na hoc thit b no b tht lc hoc mt cp.
 s dng ch cho doanh nghip, bn phi c mt my ch RADIUS (Remote
Authentication Dial-In User Service) ring x l ng nhp 802.11x ca ngi dng.
L nh qun tr h thng, bn s phi cu hnh v chnh cho my khch vi xc thc
802.11x v gip duy tr my ch RADIUS. thc tp, hy xem thit lp my ch cho
bn nh v s dng bo mt Wi-Fi mc doanh nghip nh.

Nu bn ang chy h thng mng nn Windows, Network Policy Server (NPS)

hoc Internet Authentication Service (IAS) c th ly lm my ch RADIUS. Cn khng,
bn c vi chn la min ph. Nu bn rnh Linux, hy xem qua phn mm ngun
m FreeRADIUS. Vi ty chn d dng hn, c giao din GUI v min ph
nh TekRADIUS, hoc cng c dng th 30 ngy ClearBox.

Khi ci xong my ch RADIUS, bn to cc ti khon ngi dng v nhp vo

mt m (shared secrets) cho AP. Sau , cu hnh router khng dy hoc AP vi
WPA/WPA2-Enterprise: g vo a ch IP v cng ca my ch RADIUS, ri n shared
secret m bn t trn my ch RADIUS. Sau , bn c th kt ni thit b bng cch
g vo thng tin ng nhp m bn quy nh trn my ch RADIUS.

Bi thc hnh 9: Ci t Windows Server v thit lp tn min

Nh qun tr cng cn qun l cc h thng mng nn Windows chy

vi Windows Server. c thm kinh nghim, bn th chy mt bn Windows Server
ti nh.

Mc d mua mt phin bn h iu hnh my ch khng h r nhng bn c vi

chn la min ph. Microsoft cho bn dng th min ph 180 ngy bn ISO ti v ci
trn mt my ch vt l, cng o (VHD) cho my ch o v truy cp c n mt
my o cha cu hnh trn m my Azure. Hn na, Microsoft cng a ra Virtual
Labs, c nhng hng dn cho bn trong mi trng o ha, bn c th th qua.
 Mt khi bn truy cp c vo mt my ch, hy khm ph n v thc tp. C l
bn nn th cu hnh Active Directory v th vi Group Policies, thit lp Exchange v
cu hnh mt my khch Outlook, hoc thit lp NPS cho xc thc 802.11x.

Ngun :Computerworld