Upload
an-ninh-mang
View
29
Download
4
Embed Size (px)
Citation preview
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
1/75
FIS,2008 Network Security 1
Phn IIInfrastructure Security
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
2/75
FIS,2008 Network Security 2
Ni dung
1. Network security topologies
2. Firewall
3. IDS/IPS4. VPN
5. VLAN
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
3/75
FIS,2008 Network Security 3
Ni dung
6.NAT
7.Media security
8.Network security policies9.Lowlayer security baselines
Case study:
Thit lp h thng VPN v Firewall chomt doanh nghip
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
4/75
FIS,2008 Network Security 4
Network security topologies
`
`
`
`
`
ISP
Modem
Remote
AccessServer
Router
Server
Access
Point
PDALaptop
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
5/75
FIS,2008 Network Security 5
Network security topologies
`
`
ISPModem
Firewall
web
Server
Access
Point
PDALaptop
`
VLAN2
`
`
VLAN3
`
VLAN4
IDS/IPS
Server
file
Server
DMZ
Inside
Outside
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
6/75
FIS,2008 Network Security 6
Firewall
Chc nng: Chc nng chnh ca tnglal iukhin,kimsot truy nhp.
Kimsot dchv(service control)
Kimsot hng(direction control) Kimsot ngidng (user control)
Kimsot hnh vi (behaviour control)
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
7/75FIS,2008 Network Security 7
Firewall
Phn thnh cc vng (zones) Intranet (inside): trusted
Extranet (outside): un-trusted
DMZDe-Militerized Zone
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
8/75FIS,2008 Network Security 8
Firewall
http://upload.wikimedia.org/wikipedia/commons/thumb/6/6f/DMZ_network_diagram_1_firewall.svg/400px-DMZ_network_diagram_1_firewall.svg.png5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
9/75FIS,2008 Network Security 9
Firewall
Phn loi Software: Checkpoint, MS ISA,
Appliance: Cisco PIX, Juniper, Firebox,watchguard,
Cng ngh: s dng mt trong cc cng ngh Packet filtering
Proxy server Statesfull Filtering
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
10/75
FIS,2008 Network Security 10
Firewall Packet filtering:
Nguyn l hotng: Hotngchtchvigiao thcTCP/IP
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
11/75
FIS,2008 Network Security 11
Packet Filtering
Nguyn l- Kimtra ondliuquytnhxem cc on
d liu c tha mn cc lut ca b lc hay
khng.- B lc gi tin cho php (tha mn) hay t chi
(khng thamn) migi tin m n nhnc.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
12/75
FIS,2008 Network Security 12
Cc lut lc ny da trn thng tin no ?
Da trn cc trng trong phn u ca IP, TCP hay UDP
a ch IP xut pht (IP source address)
a ch IP ni nhn (IP destination address)
Giao thc s dng (TCP, UDP, ICMP) Cng ngun TCP/UDP
Cng ch TCP/UDP
Giao din packet n
Giao din packet i
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
13/75
FIS,2008 Network Security 13
Lut lc
Policy chadanh sch cc rules, nu thng tintrong gi tin trng vi rule, th rule cpdng xc nhgi tin c forward hay loideny.
Nu khng trng vi bt k rule no, th rulemcnhcp dng. Thngth c hai chnh sch cho lutmcnh:
mcnh= chuyntip hocmcnh= loib.
Lut c duyt t trn xung, mc u tingimdn.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
14/75
FIS,2008 Network Security 14
Lut lc gi tin
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
15/75
FIS,2008 Network Security 15
u im
Tcxl nhanh
Cc b lc gi tin thng trong sut ivingidng v cc ngdng.
Khnngngnchncc tncng tchidchvtt.
Dtrinkhai, ci tv botr.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
16/75
FIS,2008 Network Security 16
Nhc im
Khng kimsot cdliutlp4 trln Khnngara cc thng tin nhtk hnch
do tnglachkimtra mtslnggiihn
cc thng tin trong gi tin. Phn ln cc tng la loi ny khng h trtnh nngxc thcngidng.
Khng ngn chn c cc tn cng li dng
imyutrong giao thcTCP/IP. Yu cungiquntrc hiubitsu vcc
dchvInternet.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
17/75
FIS,2008 Network Security 17
Circuit Level Gateway
Hotngtnggiao vn
Gim st bttay TCP giagitin vo/ra xc nh phinlm vicc hplhay khng.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
18/75
FIS,2008 Network Security 18
Nguyn l hot ng
Khng cho php thchinktniendtoend. Thitlphai ktniTCP
Giacngv my bn trong. Giacngv my bn ngoi.
Khi hai ktnic thit lp,cngmcmchs thchinsao chp, chuyntipond liuTCP tktnibn trong sang ktnibn ngoi v ngclim khngcnkimtra nidung dliu.
Cngvng xc nhmtphin lm vichp lnucSYN, ACK v sequence number trong qu trnh bt taygiacc ktnil hpl.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
19/75
FIS,2008 Network Security 19
Qa trnh lm vic
My bn trong yu cumtdchv,cngchpnhnyu cu. Thay mtmy bn trong, cngmktninmy bn ngoi v
gim st chtchqu trnh bttay TCP. Qu trnh bttay lin quannvictrao igi tin chac(SYN hay ACK).
Cngxc thcmy bn trong v my bn ngoi l thnh phnmtphin lm vic,cngsao chp v chuyn tipd liugiahai ktni.
Cng duy tr mtbng thit lpktni,d liucphp i quanuthucmttrong cc phin lm vicc trong bng.
Khi phin lm vicktthc, cngmcmchxa bnghi ktnicaphin lm vic.
Bngktni: ID Session, Trngthi (handshake, etablished) ...
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
20/75
FIS,2008 Network Security 20
u im
Mcan ton cao hnso vilcgi tin.
C th trin khai vi lng lngiao thctng trn m khng cnhiuv thng tintigiao thc.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
21/75
FIS,2008 Network Security 21
Nhc im
Mt khi kt ni c thit lp, n c thcho php gicc m chitrong gi tin
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
22/75
FIS,2008 Network Security 22
Cng ng dng
Hotngtngngdng.
Thit k nhm tng cngchcnngkim sot cc loidch v, giao thc c chophp truy cp vo h thngmng.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
23/75
FIS,2008 Network Security 23
Nguyn l hot ng
Datrn cc dchvidin(Proxy service).
Proxy service l cc chng trnh c bit citrn gateway cho tngngdng.
Quy trnh kt ni s dng dch v thng quacngngdngdinra theo 5 bc.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
24/75
FIS,2008 Network Security 24
Nguyn l hot ng
Bc1:My trmgiyu cutimy chxa ncngngdng. Bc2:Cngngdng xc thcngidng. Nuxc thc thnh cng
chuynsang bc3, ngcliqu trnh ktthc.
Bc3:Cngngdngchuynyu cumy trmnmy chxa. Bc4:My chxa trlichuynncngngdng. Bc5:Cngngdngchuyntrlicamy chxa nmy trm.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
25/75
FIS,2008 Network Security 25
u im
Hon ton iu khin c tng dch v trnmng (quyt nh nhng my ch no c thtruy cpcbicc dchv).
Hon ton iukhincnhngdchv nocho php ( vngmtcaproxy cho dchvnoth dchvbkha).
Kim tra xc thcmnh,ghi li thng tin v
truy cphthng. Lut lc cho cngngdngd dng cu hnhv kimtra hnso vilcgi tin.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
26/75
FIS,2008 Network Security 26
u im
Hon ton iu khin c tng dch v trnmng (quyt nh nhng my ch no c thtruy cpcbicc dchv).
Hon ton iukhincnhngdchv nocho php ( vngmtcaproxy cho dchvnoth dchvbkha).
Kim tra xc thcmnh,ghi li thng tin v
truy cphthng. Lut lc cho cngngdngd dng cu hnhv kimtra hnso vilcgi tin.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
27/75
FIS,2008 Network Security 27
Nhc im
Tcchm,hiusutthpdo xl trn nhiutng.
Cc dchvhtrbhnch.
Khnngthay imrng(scalability) hnch.
Ci tv botr phctp.. Khnngtrong sutivingidng cuihnch
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
28/75
FIS,2008 Network Security 28
Stateful Multilayer Inspection Firewall
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
29/75
FIS,2008 Network Security 29
Stateful Multilayer Inspection Firewall
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
30/75
FIS,2008 Network Security 30
Statefull Multilayer Inspection Firewall
Ging tng la lc gi tin, hot ng tngmng,lcgi tin i/ndatrn tham s: achngun,achch,cngngun,cngch.
Gingcngmcmch, xc nh chnh xc gitin trong phin lm vic.
SIF btchccngmcngdng,SIF agitin ln tngngdngv kimtra xem nidungdliuph hpvicc luttrong chnh sch anninh cahthng.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
31/75
FIS,2008 Network Security 31
Firewall
Mt s loi firewall tt c th m bo cho mt h thng an ninh ?
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
32/75
FIS,2008 Network Security 32
IDS/IPS
`
`
ISPModem
Firewall
web
Server
Access
Point
PDALaptop
`
VLAN2
`
`
VLAN3
`
VLAN4
IDS/IPS
Server
file
Server
DMZ
Inside
Outside
X
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
33/75
FIS,2008 Network Security 33
IDS/IPS
IDS/IPS: pht hin/ngn chn tn cng IDS: Instrusion Detection System
IPS: Instrusion Prevention System Thng tch hp cng Firewall
Da trn du hiu, phi cp nht thng
xuyn
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
34/75
FIS,2008 Network Security 34
IDS/IPS
Ch hot ng Pht hin tch cc
Pht hin th ng
Pht hin tch cc: IDS phn ng li tn cng, ra lnh cho tng
la chn cc cng nghi vn
Vn : IDS cnh bo sai, cn cu hnh linlc gia IDS v thit b mng dng ngn chn
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
35/75
FIS,2008 Network Security 35
IDS/IPS
Pht hinthng Cc du hiu tn cng c ghi li,
nhngkhng chnngay
C th cu hnh cnh bo qun tr,ngnchnbngtay
Dng phn tch cc cnhbo
Vn: Thigian pngchm
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
36/75
FIS,2008 Network Security 36
IDS/IPS
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
37/75
FIS,2008 Network Security 37
IDS/IPS
Phn loi Network based: IDS/IPS dng cho ton
mng
Host based: IDS/IPS c nhn
Network based IDS
ThngdidngAppliance C thgim st ton bhthng
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
38/75
FIS,2008 Network Security 38
IDS/IPS
Network based IDS
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
39/75
FIS,2008 Network Security 39
IDS/IPS
Host based IDS Ci trn cc my quan trng pht
hin tn cng
Vn :
Khng c ci nhn tng quan v cc
cuc tn cng Ch monitor c my ci IDS
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
40/75
FIS,2008 Network Security 40
IDS/IPS
Host based IDS
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
41/75
FIS,2008 Network Security 41
VPN
`
`
ISPModem
Firewall
web
Server
Access
Point
PDALaptop
`
VLAN2
`
`
VLAN3
`
VLAN4
IDS/IPS
Server
file
Server
DMZ
Inside
Outside
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
42/75
FIS,2008 Network Security 42
VPN
VPNVirtual Private Network: Mng ringo Cho php thit lp knh kt ni an ton
(private) trn mi trng dng chung(virtual) Li ch:
m bo an ninh
Tit kim chi ph
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
43/75
FIS,2008 Network Security 43
V d: VPN-1 POWER CA CHECKPOINT
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
44/75
FIS,2008 Network Security 44
VPN
Thitb/phnmmhtrThngctch hpcng firewall
Nucnhiunngcao th tch ring Phn loiVPN
VPN site to site: nimngmng
VPN remote access: ni host mng
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
45/75
FIS,2008 Network Security 45
VPN site to site
INTERNET
VPNGateway
VPNGateway
HeadQuarters Branch
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
46/75
FIS,2008 Network Security 46
VPN remote access
INTERNET
VPNGateway/server
Head
Quarters Branch
Remote ueser
VPNclient
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
47/75
FIS,2008 Network Security 47
VPN
Cc giao thcdng trong VPN L2FLayer 2 Forwarding (Cisco) PPTP Point to Point Tunneling Protocol
(Microsoft) L2TPLayer 2 Tunneling Protocol (Microsoft+ Cisco)
IPSecIP Security
SSL/TLS Security Sockets Layer/TransportLayer Security
MPLSMulti-Protocol Label Switching
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
48/75
FIS,2008 Network Security 48
VLANVirtual LAN
`
`
ISP
Modem
Firewall
web
Server
Access
Point
PDALaptop
`
VLAN2
`
`
VLAN3
`
VLAN4
IDS/IPS
Server
file
Server
DMZ
Inside
Outside
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
49/75
FIS,2008 Network Security 49
VLANVirtual LAN
V d: Trin khai mng VLAN
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
50/75
FIS,2008 Network Security 50
VLANVirtual LAN
L k thut chia nh Broadcast domainthnh nhiuVirtual Broadcast domain.
Mi Virtual Broadcast domain s dng1Network hoc1 Subnetwork
Lm tngtnh uynchuyntrong victhitkhthng,Titkimchi ph.
Cho php nhm cc ngidng c cng
chcnng trong cng tchchotngtrong cng 1 Broadcast domain m khngphthucvo vtr al
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
51/75
FIS,2008 Network Security 51
VLANVirtual LAN
Nhng ngi s dng thuc cng VLan sdngcng 1 Network/Subnetwork v c thgiaotipvinhau ddng.
Ngi dng khc VLan mun giao tip kt nivinhau phinhnthitbLayer3(Router)
Thng tin v VLan (VLan Database) c th lantruyn t Switch ny sang Switch khc trong
cng h thng thng qua Kt ni Trunk v "intVLan1"
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
52/75
FIS,2008 Network Security 52
Trunk link
C bng thng t100mbps tr ln, l ktnim luthng tttccc VLan c thiqua .
Luthng cangidng thucVLan khicgi ln ngTrunk scnggi thng tin vVLan ID xc nh lu
thng thucVLan no
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
53/75
FIS,2008 Network Security 53
Cch ng gi:VLanID
802.1q(Thnggil dot1q): l chunnggiVLanID chung trn ttccc Switch.
NativeVLan: VLan m dliuthucvVLan
khi gi ln ng Trunk s khng ng giVLanID McnhNative VLan l VLan1
ISL(Inter Switch Link): l chunnggi VLanIDtrn Cisco Catalyst Switch m thi.
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
54/75
FIS,2008 Network Security 54
NATNetwork Address Translation
`
`
ISPModem
Firewall
webServer
AccessPoint
PDALaptop
`
VLAN2
`
`
VLAN3
`
VLAN4
IDS/IPS
mailServer
fileServer
DMZ
Inside
Outside
DA
10.0.0.10
IP Address outside
10.0.0.10 10.0.0.12
NAT Table
DA
10.0.0.12
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
55/75
FIS,2008 Network Security 55
NATNetwork Address Translation
achRing RFC 1918 dnh ring 3 diachIP sau:
1 achlpA: 10.0.0.0/8
16 a ch lp B: 172.16.0.0-172.31.255.255(172.16.0.0/12)
246 ach lpC: 192.168.0.0 192.168.255.255(192.168.0.0/16)
Nhng a ch trn c dng cho mngring, mngnib. cc gi dliuc achnh trn s khng c nh tuyn trnInternet
?
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
56/75
FIS,2008 Network Security 56
56
NAT?
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
57/75
FIS,2008 Network Security 57
57
NAT?
Inside local addressachcphn phicho cc host bn trong mngnib
Inside global addressL achIP hpphp ccung cpbiISP,achny idincho mthocnhiuachnibbn trong ivi thgiibnngoi.
Outside local addressL achring cahost nmbn ngoi mngnib Outside global address l achcng cnghpphp cahost nmngoi
mngnib
N l l i NAT?
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
58/75
Nguyn l lm vic ca NAT?
Static NATchuyn i mt a ch private IP thnhmt a ch public IP c th (one-to-one)
In static NAT, the computer with IP address 192.168.32.10 will alwaystranslate to 213.18.123.110
FIS,2008 Network Security 58
58
N l l i NAT?
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
59/75
Nguyn l lm vic ca NAT?
Dynamic NATchuyn i mt a ch private IP thnhmt a ch public IP thuc mt di a ch cho trc
In static NAT, the computer with IP address 192.168.32.10 will translate to thefirst available address in the range from 213.18.123.100 to 213.18.123.150
FIS,2008 Network Security 59
59
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
60/75
NAT Overload hoc PAT
L mt dng ca dynamic NAT nhng chuyn i nhiua ch private IP thnh mt a ch public IP (many-to-one) bng cch s dng nhiu port khc nhau
FIS,2008 Network Security 60
60
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
61/75
FIS,2008 Network Security 61
Media security
ngtruyn ngtrc
UTP/STP
Fiber wireless
Lu tr FDD
HDD
Tape CD/DVD
Flash disk
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
62/75
FIS,2008 Network Security 62
Media securityCp ng trc
Cng ngh cp luinht
Gm nhiu v bc
bao quanh mt ling
B tn cng kiu vtl
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
63/75
FIS,2008 Network Security 63
Media securityUTP/STP
Unshielded TwistedPair Loidy mngLAN ph
binnht
C thln tiGigabit
Bnhhngcanhiu
Shield Twisted Pair
Chngcnhiu S dng trong mi
trngcng nghip
thn
M di it Fib
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
64/75
FIS,2008 Network Security 64
Media security - Fiber
Li thy tinh vi vbcnhangoi
Ch c th b nghe
trm ti nhng chni
M di it Wifi
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
65/75
FIS,2008 Network Security 65
Media securityWifi
Gmcc imtruy cpAccess-point v wireless card Nguy ccao hnso vihthngc dy
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
66/75
FIS,2008 Network Security 66
Media security - wifi
Cc binphp Bbroadcast SSID (Service Set Identifier)
MAC Filtering
WEP (Wired Equivalent Privacy) WPA (Wi-fi Protected Access), WPA2
PKI (Public Key Infrastructure)
M di it ifi
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
67/75
FIS,2008 Network Security 67
Media security - wifi
M di i FDD
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
68/75
FIS,2008 Network Security 68
Media security - FDD
t dng
44MB
Dng khi ng/sali
M di it HDD
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
69/75
FIS,2008 Network Security 69
Media security - HDD
Thit b lu tr chnh Chun SCSI, IDE,
SATA
Gi ang gim D liu nn c m
ha
Nn s dng RAID
M di it T
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
70/75
FIS,2008 Network Security 70
Media security - Tape
csdnglutr
Tcchmhncng
R
Bn
M di it CD/DVD
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
71/75
FIS,2008 Network Security 71
Media securityCD/DVD
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
72/75
FIS,2008 Network Security 72
Media securityFlash disk
Nh gn Gi ngy cng r
Khng nn lu tr d
liu quan trng
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
73/75
FIS,2008 Network Security 73
Network security policies
`
`
ISP
Modem
Firewall
web
Server
Access
Point
PDALaptop
`
VLAN2
`
`
VLAN3
`
VLAN4
IDS/IPS
Server
file
Server
DMZ
Inside
Outside
Permit: Google
Deny: YIM
L l it b li
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
74/75
FIS,2008 Network Security 74
Lowlayer security baselines
C thitkngay tu Ti liuhthng
Thitlpv duy tr ti liu
Cpnhtkhi c sthay i
ngcc cng,dchvkhng cnthit
5/21/2018 BI GIA NG AN TON MA NG p 2 Infrastructure Security
75/75
Case study
Thit lp h thng Firewall v VPN chomt doanh nghip