Administration Book
106
Александър Милев Борислав Найденов Администриране на мрежи
-
Upload
liligerasimova48 -
Category
Documents
-
view
32 -
download
16
description
Book
Transcript of Administration Book
-
2
, , . , , .
.
5 . , 1, 2, 3, 4, 6, 7, 8 9 - . .
, . 2010 .
-
3
............................................................................................................................... 5 TCP/IP .............................................................................................. 7 1.1 TCP/IP ............................................................................................... 7 1.2 ................................................................................................. 11 1.3 .................................................................................. 18 1.3.1 TCP ................................................................... 19 1.3.2 UDP .................................................................. 43 ......................................................................... 48 2.1 ........................................................................................ 48 2.2 ..................................................................... 49 2.3 .................................................................................................. 62 ............................................................................. 79 3.1 ....................................................................... 79 3.2 .................................................................................... 87 3.3 .................................................... 93 ......................................................................................... 98 4.1 ................................................... 98 4.2 .................................................................. 117 4.3 ................................................................................... 124 4.4 ................................................................................ 136 4.5 ............................................................................................... 148 4.6 ................................................ 150 ......................................................................................... 158 5.1 .......................................................... 158 5.2 ............................................. 177 5.3 .......................................... 181 5.4 ............................................................................ 186 5.5 ................................................. 200 5.6. ... 206 ........................................................................................ 213 6.1 ..................................... 213
-
4
6.2 VPN ............................................................................................. 216 6.3 VPN .............................................................................................. 226 ............................................................................................... 232 7.1 ............................................................. 232 7.2 ........................................................................ 236 7.3 .............................................................................. 253 . ........................................... 274 8.1 .......................................... 274 8.2 ............................................................ 288 .................................................................... 300 9.1 SNMP ................................................................... 300 9.2 , . 312 ................................................................................................................ 327
-
5
,
. . .
, :
, , , ,
, .
(switches), (routers) (firewall) .
. : Scan Disk,
Defragment .
.
: Penetrating tests
. ,
.
.
, .
-
6
, TCP/IP.
, .
, .
, , .
, .
, , .
, Internet. (VPN), , . VPN .
, .
, . .
-
7
TCP/IP
TCP/IP (Transmission Control Protocol/Internet Protocol)
.
, . , , . , . () , - . .
, . , , . (, router). IP (IP ) , , , IP TCP/IP.
: ,
; , .
. ,
. , , IP . , .. , . IP . IP . , IP .
1.1 TCP/IP TCP/IP .
.1.1 TCP/IP.
:
-
8
, TCP/IP . , . TELNET, FTP, SMTP . ;
, . . TCP UDP (User datagram protocol). UDP . , UDP , . UDP , .
. - . IP (Internet protocol) - . . , . - . , , . . IP . - ICMP, ARP RARP.
. . , , , , . - -. TCP/IP , - . IEEE 802.2, ATM, FDDI .
- TCP/IP . TCP/IP .
: , .
TCP/IP : TELNET ; FTP (File Transfer Protocol)
;
-
9
SMTP (Simple Mail Transfer Protocol) .
. 1.1
, . TCP/IP - - . TCP UDP . , UDP . . - , - . , , UDP - .
TCP/IP . , TCP/IP / (.1.2) . , ( ) . , . . () .
-
10
. 1.2 -
, , TCP/IP .
, , ( ) . .
, ( IP ), . , . , , , . , .
( ) (). (routers), (bridges) (gateways).
(bridge) . bridge MAC (Media Access Control) - , LLC (Logical Link Control). bridge IP. , IP , , , bridge .
(router) . , , .
-
11
- . IP . - , IP.
(gateways) gateway / IP . gateway / - . . / , . Gateway IP . gateway, , . , (firewall). .
1.2 IPv4
INTERNET, IP- - INTRANET .
TPC/IP , .1.3:
. 1.3
IP (Internet Protocol) e , . IP , - - , . ().
-
12
ICMP (Internet Control Message Protocol) e . .
ARP (Address Resolution Protocol) e IP . IP ( ) () (-).
RARP (Reverse Address Resolution Protocol) e MAC . () (-) IP- ( ).
.1.6
IP , .
. 1.6
, , .. . :
(Transmission Control Protocol) e :
, ;
.
IP - . TCP .
-
13
, TCP, UDP (User Datagram Protocol). , .. , .
IMCP
ICMP (Internet Control Message Protocol) ICMP DATA- IP-
.
, :
Destination Unreachable ( IP ); Time to Live Exceeded ( ); Parameter Problem ( ); Redirect ( ); Echo ( IP ); Echo Reply ( IP ); Timestamp ( ); Timestamp Reply ( ) Information Request ( ); Information Reply ( ); Address Request ( ); Address Reply ( ).
.
ARP RARP
, , . , , .
ARP IP- MAC-. , , IEEE 802.3 Ethernet. IP , ARP-, MAC-. ARP , IP- , , broadcast MAC-. MAC- , . , IP
-
14
IP . , , - MAC-. , ARP- MAC- MAC- .
RARP (Reverse Address Resolution Protocol) ARP. , MAC- IP-. , broadcast IP-, IP .
1.3 ,
, .
, . .
, , . , , , , .
:
;
, , , , ;
, .
, .
, , , ,
-
15
( ). .
, (Point to Point), .
. , . , - .
- , .
.
TCP/IP - , TCP (Transport Control Protocol) UDP (User Datagram Protocol) .1.7.
. 1.7
1.3.1 TCP (Transport Control Protocol) () TCP/IP
5 : - (
) , , 8- , . , ;
-
-
16
. , () . , "", . , (authorization), . , , . . (. ), . , , , , ;
- . , . , , . , . 3 , , . , , . , , - . , , , push , , . , . , push TCP . , push , . , , ;
- , TCP/IP . , . ,
-
17
;
- - , TCP/IP , . -. , - , , . , , -. - , , . .
.1.8 TCP- .
. 1.8 TCP
, IP- , . 1.9.
HTT
P
SMT
P
FTP
TE
LN
ET
SNM
P
UD
TP
..
TCP UDP Internet IP v 4.0
. 1.9
-
18
TCP: World Wide Web HTTP (Hiper Text Transfer Protocol) ; (MAIL) SMTP (Simple
Massage Transport Protocol); FTP (File Transfer Protocol) .
. UDP: SNMP (Simple Network
Management Protocol) ; UDTP (User Define Transport Protocol)
.
. :
255 ; 256 1023 ; 1023 .
. 1.11
, , (Dest. port) , 23 TELNET . 1.11.
TCP () , . 1.12.
-
19
. 1.12 TCP
, .
TCP .1.14
. 1.14 ( )
TCP
, , , .
, - . , . , ,
-
20
. , . -, .
" " -. , ", - , .
, , , . , .
, , , - , ( , ). . TCP . -, -, TCP -, TCP . TCP , , .
TCP , . , , .
1.3.2 UDP (User Datagram Protocol) TCP/IP
, (). UDP , -, . .., , UDP - -, UDP , .
UDP I , , IP. To (acknowledge) , , , . UDP ,
-
21
. - , . UDP I . I , .
, UDP, , , , , . , . , , , . , UDP, , TCP/IP .
.1.15 UDP-
. 1.15 UDP
TCP . .
SOURCE PORT ( ) DESTINATION PORT ( ) 16- UDP , , . . , . , 0.
LENGTH () , . , 8, .
-
22
. 0 , . , UDP . , , IP . UDP , , .
UDP , 0. , UDP , I: 16- . , , "" : 0 1. 0, UDP .
UDP , UDP . UDP - , 16- . - , . - 0 , - , .
- UDP . , . UDP . , , UDP , UDP I . UDP IP , IP , UDP . , .
, - . , - . - - . . UDP, UDP , IP -, , UDP IP -. , UDP -,
-
23
, UDP -.
:
IP npe ;
UDP .
IP ; UDP .
: ? ,
. , ,
. . . " " . . " " " ".
. . , , .
" ?" , .
, , , .
/I , , . , - .
TCP
, . , .
, TCP . , ,
-
24
. , .
, TCP , . (, TCP ). , .
TCP . push.
TCP , , . , TCP
-
25
2.1
. . , . , ", .
. , ". , .
- , - - . ..
. :
?
, . . , , :
, ; , ; .
. - . , . .
: ,
; ; , ;
-
26
, ;
, , ;
, ; ,
. : , , ,
,
.
.
, ( ) .
, - , . ", , .
. .
(Distributed Denial of Service, DDoS) , , . . , , .
2.2 ,
. , .
-
27
, , . .
, , .
- - .
, . , , (VPNs), dial-in. , , , , .
.
, - . - - . . , , , .
, .
, - . , , - .
, .
:
(LAN). LAN
-
28
. , , .
. - ( , ), (, " ", ) . , ; .
:
; Denial of Service (DOS); IP ; ; .
. . . , ".
:: ( )
,
. , . , . , , . . 2.1 .
-
29
. 2.1
, -
: 1 - DNS , . 2 - ing, . 3 - , . .
Internet Control Message Protocol (ICMP) , ping , . ping; , IP , .
(IDS) , . - (ISP), , .
(
) , . , .
, , ( FDDI, 10BASE-T 100-Mbps Ethernet), .
-
30
2.2, Ethernet , Wireshark TCPDump, Ethernet .
. 2.2 Wireshark/TCPDump
/ Ethernet Wireshark. , Wireshark; , . , , , . , , , .. .
2.3 , .
.2.3 Ethernet
-
31
100BASE-T Ethernet . (Content Address Memory, CAM), . , , . , , .
. -
, . (Access Point, ) 150 . , , . . . , , . Service Set Identifier (SSID) IP , , , , .
802.11 , Wired Equivalent Protocol (WEP), . WEP , . - - Temporal Key Integrity Protocol (TKIP), Light Extensible Authentication Protocol (LEAP), Protected Extensible Authentication Protocol (PEAP) .. , . .
2.4 , . - , , , dial-in - - , , , , .
2.1 .
-
32
. 2.4
(IP , Spoofing) , .
IP () . , IP , . , , .
(replay) , - , . , . , - .
. . , .
, . , -. , , . , , , - .
-
33
, , . . , - .
, , - ". , , . .
(DoS) -
, . , .
DoS , - IP.
DDoS , DoS
. (DDoS), DoS . DDoS 2.5.
. 2.5 DDoS
DDoS , , . , . . ,
-
34
. , .
. DDoS , . - , - . - , . , , , , , .
2.3 .
. , .
. , . .
IP , ( TCP, ICMP, UDP, DNS, NNTP, HTTP, SMTP, FTP, NFS/NIS X Windows).
TCP/IP ,
. 2.6 .
. 2.6 TCP/IP
-
35
( -), - , .
TCP RFC 1948, . . , , .
- . (, ), , . (, ), .
TCP/IP TCP/IP
- . , , . , .
. - , .
SYN TCP , SYN
(/) - SYN/ACK ( ) . () SYN/ACK . TCP .
SYN/ACK, - , . , SYN/ACK.
TCP SYN - TCP SYN . - SYN/ACK . SYN/ACK , - . TCP SYN IP , TCP
-
36
( email, WWW ) .
UDP TCP, User Datagram Protocol (UDP) -
. UDP . , . UDP , , .
, UDP , UDP - , TCP . , UDP- .
ICMP Internet Control Message Protocol (ICMP) IP
. ICMP - , ping traceroute.
ICMP IP . RFC 791, IP
65 535 (216 - 1) ; ( 20 , IP ). , - (MTU), - , .
MTU ( 2.3). Ping of Death Ping of Death ,
ICMP echo (.. ping"). ICMP echo
ICMP , ping . , :
, ICMP echo 65 507 , . , .
Ping of Death ping - . TCP/IP IP .
-
37
email email . Email , email . Email ; email ( , ). Email , email, .
email , , :
. ,
W32.Sobig.F, 2003 . SMTP , . From Send To , .
-
. , , . " , , , , .
.
DoS . , , - . LAN.
, , , , ,
-
38
. , .
WEP 802.11 WEP
LAN (NIC). WEP RC-4 . , , IEEE 802.11b 40- , 128- . WEP , 40- , 128- , .
, , , .
, DoS. , .
- , . , , - .
-
39
, .
() . ( () () . . , . .
, .
- 3.1. , , , . "" , iptables.
Internet.
. 3.1
, . . " " (Access Control List, ACL). , .
-, , , , IP-
-
40
, "" ().
, -. 3.2 /.
.3.2
. , , , . , :
,
, -, - . ( , ).
,
.
-
41
, .
.
, , , - .
- : , . , , : 10 100 Mbps 1000 Mbps, 800 Mbps. .
, (, , ..), , ( , ..), , -.
, ,
. , ,
. ( )
. , , .
,
( 3.4). , . , IP- , , "" , ( ), "" .
:
Check Point.
-
42
TCP,
" " (SYN, SYN/ACK, ), , (FIN RST).
: IP- , IP- TCP .
. : , ( ) () . , TCP c , .
Stateful Inspection Check Point
. , Stateful Inspection - , - (.. ).
Stateful Inspection Check Point, ( PIX Cisco iptables Linux) .
. , , ( ), , (. 3.6).
. 3.6.
-
43
" ", , , , , .
(" ") " ".
, . " " ( , SOCKS) , , .
, ,
, , , , .
, - ( ), - . , - .
(.. ), . . - ( ) Linux FreeBSD
- , - - . - - , - , . - -, - .
, ,
, . ; ; , , ( chroot); . - (
-
44
), tripwire AIDE.
. - , .
, , , , , . wheel root (.. su root).
IP IP-
, . , ..
IP- . - (Denial of Service - DoS), , () . , .
iptables IP- : iptables -I INPUT 1 -i eth0 -s 192.168.0.0/16 -j DROP iptables -I INPUT 2 -i eth0 -s 10.0.0.0/8 -j DROP iptables -I INPUT 3 -i ethl -s ! 192.168.100.0/24 -j DROP iptables -I INPUT 4 -i eth2 -s ! 10.0.0.0/8 -j DROP
, iptables Linux 2.4, .
( , Dropping) "", .. .
( , Rejecting) TCP c RST, TCP, "Port Unreachable" ICMP, UDP.
, ,
. ,
. -
HTTP 80, TCP 80 . Code Red (), Code Red
-
45
.
. , .
, DNS, DNS- ( ), DNS-.
.
,
. ,
. , , TCP 80, , .
( ), , , ( , ).
, " " - - .
.
.
,
. .
-.
, , . .
-
46
4.1. ,
, . (network operating system NOS) , .
, . , . , NetWare NT Server, .
- . ( ) - , RAM - , , .
- (peer-to-peer) .
- , , . . , , , , .
4.1 , / .
-
47
/ , Access ( ), . , . , / .
/ . / , SQL Server Oracle, - , .
/ /
: . (distributed), ,
. 4.2 .
. 4.2
.
(data warehouse) ,
.
-
48
, PC- . , , (server farm).
. , Windows, no . , , (creating a share).
, NetWare, - .
Windows , File and Print Sharing . Windows 2003, server.
(share-level security) (peer-to-peer) , Windows. , , , . , , .
, , (.4.3)
. 4.3
Ivan
Ivo
Maria
Ana
Ivan, Maria
Ivan, Ivo
Ivo, Maria
Ana, Maria S4d2f5
1q2w3e
3q4w5e
5f6g7y
4
3
4 - S4d2f5
1
2 4 - S4d2f5 3 - 5f6g7y 1 - 1q2w3e
1- 1q2w3e
2 - 3q4w5e 3 - 5f6g7y
2 - 3q4w5e
-
49
(user-level security) - , . (user account), . ( ) . , . , (access control list), . , . , , , .
.
- . , , ( ). .
: , .
Windows XP Windows ,
. .
, , .
, .
, ,
. , . Local Users And Groups.
- , Active Directory,
-. Single Sign-On ( ) . - Active Directory Users and Computers.
-
50
logon- (, ).
:
, Windows,
. , , : Administrator Administrator ,
, , . . Active Directory Administrator . Administrator .
Guest Guest , . , , , . , , Windows.
HelpAssistant Windows , . , , HelpAssistant. , Terminal Services.
Support Support Help And Support. HelpServicesGroup Log On As Batch Job ( ). Support . Support_, , Support_388945aO.
, Windows .
. , . , .
, .
Active Directory , \, \
-
51
Windows XP : (local groups)
. Local Users And Groups.
(security groups) . Active Directory Users and Computers.
(distribution groups) . . Active Directory Users and Computers.
Local Users
And Groups. Control Panel. Administrative Tools Computer Management (.4.7).
.4.7
, , , .
Local Users And Groups :
.
, , . , SID .
-
52
,
, , . Windows , Windows NT Windows 2003, .
, , .
,
Windows, , Everyone, . , .
(share names), - - . , , salesdocs, Sales Documents; .
, .
4.2 (NOS)
. NOS , - ( , , ), .
, , :
Windows NT Windows 2000(2003,2008) NetWare UNIX/Linux
Windows NT 4.0 Microsoft , User Manager
for Domains, , . : Start, Programs, Administrative Tools, User Manager for Domains.
User Manager for Domains ; , ; ; ; . , .
-
53
. Windows NT 4.0 .
Administrator () Guest ().
Windows 2000 Windows 2000 -
Microsoft Management Console (), snap-in - , . snap-in , Active Directory Users and Computers. , Start, Programs, Administrative Tools, Active Directory Users and Computers .
Windows 2000, Windows NT 4.0, , , , (organizational units - OUs).
OU.
- , Windows NT 4.0.
Windows Windows .
: Windows Explorer net use
Windows Explorer Windows Explorer,
Windows Explorer. ,
Tools, Map Network Drive .
Explorer, , CD .
Windows Explorer, My Computer, , shortcut.
net use Windows
, (Universal Naming Convention - UNC).
: \ \ __\ ___
, :
-
54
net use __: \ \ __ \ ___
Windows Windows
. , ,
Printers and faxes, Control Panel, .
Sharing, Shared as .
, : Add Printer Wizard, net use .
Microsoft (wizards), .
, Printers and Faxes, , .
( ) " . (print spool).
UNIX Linux UNIX . (.., ,
) , , .
UNIX , Silicon Graphics Sun. UNIX (graphical user interface - GUI), X Window.
UNIX Linux (Network Information System - NIS),
Sun Microsystems, UNIX . NIS , , ( ), .
, UNIX, Windows, (case-sensitive); . MyDocs" mydocs." .
-
55
Web , Web , UNIX-, . Web WebSite.html", Website.html", file not found" ( ).
UNIX Linux,
adduser . root supervisor
. : ___: /# adduser
/etc/passwd. UNIX/Linux , ,
, (vi, Pico Emacs UNIX/Linux.)
. , , , , passwd. UNIX/Linux Windows.
4.3 (network
operating systems NOS) e . (directory service)
, .
, : , .
, . (). , () .
, , .
, , . () . . , .
- , . , , . , , , .4.8.
-
56
, ,
. (.., ) (.. ). , .
: . .
. ,
.
, . , .
. , , .
- PC Novell NDS
Microsoft Active Directory.
NDS 4, NetWare NDS - ,
. , , .
NDS . : (container objects) (leaf objects). , ; " - . . OU .
Microsoft Active Directory C Windows 2000 Server, Microsoft
, - , Novell NetWare 3 4. Active Directory . NDS
-
57
Novell , , Active Directory Microsoft , .
Active Directory Active Directory :
Active Directory Active Directory Shared System Volume .
, . Shared System Volume ( Sysvol) (group policy objects) Windows 2000 . , Windows 2000 , .
Active Directory DNS Active Directory DNS
DNS, . DNS Windows 2000 . DNS Active Directory, - DNS.
Windows 2000 Dynamic DNS (DDNS), DNS .
Active Directory Active Directory
(access control list - ACL), , . .
: -
, - ,
,
. Windows 2000
, . .
4.4
.
-
58
, Windows NT, Windows XP Linux, , . , .
,
, . :
. ,
. (
), .
, (wallpaper).
, , . . , . , , , .
,
. , , , . .
, . Windows NT Windows 2000 Server, , , . NetWare - .
, , , , , , .
-
59
, , , . - ". , , . .
. , . , , . -, .
, .
,
. ,
, , . , Windows 2000, . , .
, , . , , .
, , .
, , .
, .
, , .
, .
Active Directory.
.
-
60
, .
:
.
.
,
, (administrative templates). , , Windows .
Administrative Templates Group Policy. , , , . Computer Configuration User Configuration . , - Group Policy, Windows.
, , . HKEY_LOCAL_MACHINE, - HKEY__CURRENT_USER. - , - , , Administrative Templates Group Policy.
: Not Configured
. Enabled
. Disabled .
. 4.5
(). , , .
-
61
. . . (log ).
.
.. , .
- , . , . ( ) , .
, .
, , . MB (Mega Bytes) GB (Giga Bytes).
4.6. 4.6.1
. ,
.
, , , , , , , .
. , , .
-
62
- , .
, , , .
4.6.2
. ,
, .
.
:
()
4.6.3
, : , , . .
, .
.
, , .
. ( ):
- , , .
- , .
- ,
-
63
( ).
4.6.4
. .
, .
( ) {redundant array of independent (inexpensive) disks - RAID).
- : (RAID
level 1) - , . . . , . , .
Windows NT boot.ini.
(RAID level 1) - , , . , , , .
() (RAID level 3) - , . ( , , ). , .
() (RAID level 5) - , RAID 3, , ( ) , . . , .
RAID , . RAID - -, -
-
64
. , Windows NT Windows 2000 Server, RAID.
-
65
,
. , .
(authentication), (authorization) (access control) . , - , . , , , . , , .
( , , -, , ..}.
, ; . , .
, (, ) . (integrity) , ; (confidentiality) , .
5.1
, " . ( ) , . .
. .
-
66
" .
. 1, 2 .., " :
4-9-14-14-5-18 9-19 18-5-1-4-25 "
: Dinner is ready ( ) , ()
. -. - (key), ,
, . . , .
- , - . 40- 56- , 128- .
: / .
, , . , .
/
, - / (public/private key encryption), - , . . . , , .
, ; .
-
67
, , . .
/ . , , , , . ( ), . , , , .
.
,
. , , . , .
.
( ), (message digest). ", () , .
,
, {certificate authority). , . , , .
,
. . , . , , , . . , , . ,
-
68
, . () . , , .
- , (local control), , (trusted third party).
IP point-to-point -
. IP , (/) - , , , , . Link Control Protocol (LCP) Network Control Protocols (NCPs) . , , , .
(PDR) High-Level
Data Link Control (HDLC), ISO 3309-1979 ( I5O3309-1984/PDAD1).
LCP NCP . LCP , . , LCP :
1 2 3 4
point-to-point , LCP , . , . NCP , IP.
-
69
NCP . , . , dialup , . .
Password Authentication Protocol (PAP)
. .
, . .
. , . . ". .
PPP Challenge Handshake Authentication Protocol Challenge Handshake Authentication Protocol (CHAP), RFC
1994, . CHAP .
HAP . .
. , . , . , .
CHAP . . .
CHAP .
-
70
P Extensible Authentication Protocol PPP Extensible Authentication Protocol ()
, . . , .
; , . , , - , , . , .
- .
, -
. TACACS+, RADIUS, Kerberos, DCE FORTEZZA. TACACS+ RADIUS dial-in . Kerberos , , , , , , , .
5.2 , Telnet, FTP
HTTP, . end-to-end , . . , . . WWWeb - , : Secure HyperText Transport Protocol (SHTTP). Secure Multipurpose Internet Mail Extensions (S/I) MIME, - .
5.3
-
71
. , , . end-to-end , .
Secure Socket Layer/Transport Layer Security Secure Socket Layer (SSL)/Transport Layer Security (TLS)
, ( HTTP, Telnet, NNTP FTP) TCP/IP. , , , , .
SSL , - , , , , SSL TCP .
SSL . SSL , , , (handshake, alert, change cipher spec application).
SSL/TLS HTTP . SSL/TLS 5.2.
Secure Shell Secure Shell (SSH) (login)
. , X Window System . , . SSH SSH , ,
SOCKS Socket Security (SOCKS) e ,
. / TCP UDP .
5.4
IP TCP/IP.
-
72
, , . (, hop), IP . IETF, IP ; IPsec.
, / IP .
IP Security IP Security (IPsec) ,
IP .
IPsec includes , , , ( ), () . IP , - ( TCP, UDP, ICMP, BGP ..).
, IPsec ,
ESP, IP.
ESP , . IPsec ; , . , . - , .
: ,
; ( ) . IPv4, IP - ( TCP UDP).
, - , IPv4 , .
-
73
, . . . , " IP IPsec , " IP . " IP , ; " . " IP ; " .
IPsec /
. , .
- ( -) , SA , . , , . , IPsec , . . -, , . IPsec Internet Key Management Protocol (IKMP), Internet Key Exchange (IKE). IKE IPsec, .
5.5
. dialup (VPDN) dialup . , dialup .
-
74
:
Layer 2 Forwarding (L2F) Point-to-Point Tunneling Protocol (PPTP) Layer 2 Tunneling Protocol (L2TP)
Layer 2 Forwarding Layer 2 Forwarding (L2F) Cisco Systems. -
L2TP, , . L2F .. High-Level Data Link Control (HDLC), HDLC Serial Line Internet Protocol (SLIP) - - .
dialup , dialup . , IP, IPX AppleTalk dialup, SLIP/PPP .
oint-to-Point Tunneling Protocol Point-to-Point Tunneling Protocol () Microsoft
IETF, RFC 2637. / , IP , NAS.
NAS NAS : PSTN ISDN
LCP
IP , GRE PNS-PAC
. , PNS-PAC . , . , PNS. . , TCP, , , .
Layer 2 Tunneling Protocol L2F, , Cisco
Microsoft, , , Layer 2 Tunneling Protocol (L2TP). RFC 2661 L2TPv2. L2TP
-
75
, , L2TPv3, - - . L2TPv3 , L2TPv2.
L2TP : . ,
, .
, dialup CHAP, PAP, EAP ( V.120 ). TACACS+ RADIUS , , . , ISP.
, dialup . , ISP.
, dialup.
ISP ( ) ( ).
PPPoE over Ethernet (PPPoE) RFC 2516
. . ADSL , , .
: . Ethernet MAC . --, / . , . , , , Ethernet.
, . , ,
, . - , .
-
76
. () (, ). , , .
IPsec IP . - , IP , IP , . IPsec , TCP ( UDP). , ( QoS, TCP/UDP ), .
, . PKI . PKI - , .
-
77
.
7.1. 7.1.1 (Quality of Service, QoS)
, Frame Relay (FR), Asynchronous Transfer Mode (ATM), Ethernet 802.1 , SONET IP , .
QoS , () , . , . QoS , , WAN .
QoS . QoS , , .
QoS : - . ,
, , WAN . , FTP .
- - . , - .
- . QoS .
- . QoS , WAN , .
-
78
. , , .
- . QoS , .
// , . . , - , .
: - (Priority Queuing, PQ); - (Custom Queuing, CQ) - (Weighted Fair Queuing, WFQ) - (Class-Based
Weighted Fair Queuing, CBWFQ). ,
QoS , , . QoS , , , .
QoS , .7.2:
- (Best-effort service) QoS, - . FIFO (First In First Out) , .
(DiffServ), QoS - , - , - . , . QoS PQ (Priority Queuing), CQ (Custom Queuing), WFQ (Weighted Fair Queuing) WRED (Weighted Random Early Detection).
(Guaranteed service), QoS . (RSVP - Resource Reservation Protocol)
-
79
CBWFQ(Class-Based Weighted Fair Queuing).
,
. , - .
(ACL). PQ CQ. PQ CQ , . , QoS . CBWFQ . IP .
(CAR) , . , , ... - , , .
- (NBAR) -. URL HTTP . , .
QoS (Policy-Based Routing, PBR)
, . IP , - , QoS . , . , QoS .
, , , ACLs.
-
80
(Network Based Application Recognition, NBAR). NBAR , . , - . , NBAR . - , URL MIME HTTP . - , web-. . , NBAR , . , .
NBAR , . . NBAR , .
NBAR (Packet Description Language Module, PDLM), . Flash , RAM. .
, . . :
, (FIFO First-In, First-Out) (PQ Priority Queuing) (CQ Custom Queuing) (WFQ Weighted
Fair Queuing)
(CBWFQ Class-Based Weighted Fair Queuing).
. , , . , .
-
81
.
FIFO: - (.7.6), FIFO
, .
FIFO , .
: - FIFO
- . - FIFO
(delay) .
- , FIFO .
: FIFO
.
FIFO , . FIFO , - , FIFO.
FIFO UDP TCP . , TCP , UDP . TCP , FIFO , TCP FIFO.
PQ. .
- , .
, . PQ
-
82
(IP, IPX, AppleTalk), , , ..
PQ , , . , (.7.7). , - .
PQ , , , WAN , .
CQ - CQ (Custom Queuing) e
. , . CQ . , . , .
PQ, CQ .
WFQ:
, , , , .
WFQ , . , - , , - .
- , (. 7.9).
WFQ e . . , WFQ
-
83
, - E1 (2.048 Mb/s).
WFQ: . (CBWFQ)
, - . , CBWFQ. , , () CAR .
CBWFQ . , , . .
CBWFQ , - - .
CBWFQ . - , . , . , , .
, - (Low-Latency Queue, LLQ), . PQCBWFQ (Priority Queue Class-Based Weighted Fair Queuing).
LLQ . . .
CBWFQ IP RTP IP RTP (RTP Real Time Protocol).
.
, , . , . (Weighted Random Early Detection, WRED).
-
84
WRED: (Random Early Detection,
RED) . RED , . , . RED TCP IP .
WRED RED IP . - . - ,
RED WRED TCP ,
, . TCP , . RED.
, .
- RED :
, .
, .
- RED , . .
- RED : , . .
7.3 QoS 7.3.1 FIFO FIFO - ,
. , , , . FIFO FCFS First Come, First Served.
, , FIFO , (default). ,
-
85
. tc FIFO eth0. #tc qdisc add dev eth0 root pfifo linit 10
tc , . qdisc ( class filter, ); add ; dev eth0 , eth0; root , ( FIFO , ); pfifo , pfifo (packet-fifo); pfifo - limit 10, ( , ) 10 .
: #tc qdisc show dev eth0
: qdisc pfifo 8001: dev eth0 limit 10 p
tc , pfifo 8001: ( 8001:0) 10 . , - 32- 16- 16- . 0 .
pfifo , . tc 8001:0.
: #tc qdisc del dev eth0 root
-
86
.
8.1 ,
, -. - . , . , . , ( ), .
. , .
Linux syslog . syslog, , , . , , .
, - () . , .
, /etc/cron.daily/aaa_base_rotate_logs. T e ; /etc/logfiles, , , , ( ), .
/var , , - /var , .
, , . ,
-
87
, .
syslog syslog ( klogd),
. syslog , .
Unix Linux syslog . syslog , , , . , - .
, (- /etc/init.d/syslogd /etc/init.d/sysklogd Linux). klogd, Linux.
klogd . , syslogd.
klogd ; -. , klogd .
Syslog-ng TCP
stunnel, ssh . syslog UDP, " " stunnel ssh, syslog -, Syslog-ng.
Syslog-ng ("syslog ") syslog - , ( ) . Syslog-ng TCP UDP. Syslog-ng . ("") .
Syslog-ng , syslog, .
-
88
8.2 -,
, ( ). , , , . . , , , -, . , , ?
(, Intrusion Detection Systems, IDS).
(host-based IDS) .
(network IDS) , , , , ( , base line).
, , , Tripwite Open Source Snort.
:
. , , . , ( " ") , .
? ,
"" (.. , ) - , . - , - , "" .
-
89
, , .
. () ,
. :
, , .
.
- .
, .
, .
:
. - . ISS RealSecure Network Filght Recorder - ( ) .
, ( , ).
: , . , , , .
, , . - , - , .
, ( ). - .
-
90
, /bin/ls: , , ( ) ..
- . - . , , .
, , , ( " ", , . , !) , , . , .
, ! , , .
, , - . -, , .
, , , , - - .. .
:
( ), : , ( , ), , , . - - , .
. , "". , . ,
-
91
- .
, , , .
-
. , -:
, ( ).
, : , , .
, , , -, .
, " ", . : , , . , .
,
, -. , : ,
"" , , , , .
, : , "" , , . , ( ) .
, , (, ). .
-
92
Snort
. - , : , . , : , . - ( ) , , .
Snort. Snort .
, ( - " ") Snort tcpdump. Snort , ( ).
, Snort . Snort , .
, Snort 100% , (""), . Snort , - - . Snort e GIMP, Apache Nessus .
, Snort (" Snort").
, .
Snort - - , Snort, , Snort.
-
93
9.1 SNMP (Simple Network Management Protocol)
, , , (host) (, , , .)
, , , . :
(fault management); (performance management); (layer management); (security management) .
SNMP , , . SNMP TCP/IP
SNMP (manager process) , : (host), , ..
, , - MIB (Management Information Base)
SNMP UDP ASN.1.
.
SNMP , MIB.
ISO- CMIP (Common Management Information Protocol), .
9.1.2 (MIB) MIB ,
TCP/IP . : MIB-I MIB-II. MIB-I
-
94
RFC1156 .
(node) . (gateway), EGP. , .
, . , SMI , MIB .
9.1 MIB
System
7
Interfaces 23 AT 3 IP 38 ICMP
26
TCP
19
UDP
7
EGP 18 SNMP SNMP 30
System group:
sysDescr - (, HW, OS); sysObjectID - ; sysUpTime - ; sysContact - ; sysServices - ; Interfaces group: ifIndex - ; ifDescr - ; ifType - ; ifMtu - - : ifAdminisStatus - : ifLastChange -
: ifINErrors - , ; ifOutDiscards - ,
:
-
95
Address Translation Table group:
atTable - ; atEntry -
; atPhysAddress - , ; atNetAddress - ,
atPhysAddress;
IP group:
ipForwarding - IP ; ipInHdrErrors - ,
; ipInAddrErrors - ,
IP ; ipInUnknownProtos - ,
; ipReasmOKs - ;
ICMP group:
icmpInMsgs - ICMP ; icmpInDestUnreachs - ICMP
; icmpInTimeExds - ICMP ; icmpInSrcQuenchs - ICMP source
quench; icmpOutErrors - ICMP ,
ICMP;
TCP group:
tcpRtoAlgorithm - ;
tcpMaxConn - , ;
tcpActiveOpens - SYN-SENT CLOSED;
tcpInSegs - , ; tcpConnRemAddress - IP ; tcpInErrs - ,
; tcpOutRsts - reset-;
UDP group:
udpInDatagrams - UDP , ;
-
96
udpNoPorts - UDP , ;
udpInErrors - UDP , , ;
udpOutDatagrams - UDP , ;
EGP group:
egpInMsgs - EGP ; egpInErrors - EGP ; egpOutMsgs - EGP , ; egpNeighAddr - IP EGP- .
MIB, , . Ipv4.
9.1.3 (SNMP-Simple Network Managing Protocol)
SNMP SGMP , MIB , SIM.
RFC 1157 (Network Management Station - NMS), (Network management applications - NMA), (network elements - NE), , . (Management agent - MA) , . SNMP .
(authentication protocol) ,
, , , .
(privacy protocol) , SNMPv2 . , , :
; ; ; .
: -
MD5 (message digest). SNMPv2
-
97
128 ( digest), ;
- , ,
- , ;
- (privacy protocol), , . , , (Data Encryption Standard - DES). SNMPv2 .
SNMPv2
- .
(peer), SNMPv2 . .., , , SNMPv1. SNMPv2 , , - , ( )
SNMP , . 3 2. , SNMP . , 1 2, .
9.2 ,
,
. , .
. -
-
98
. - . , , LAN WAN . /IP .
,
. , .
, , () ; .. , , .
, ( ) , . , , . , . , . .
:
(botlenecks) (Baselines)
(bottleneck) ,
, , . , .
( , , ) , -.
, . -
-
99
, , , .
, . .
, :
.. , .
,
,
" . :
,
-
- . , .
- . .
. - ( ), .
, , () , .
,
. , Web , .
-
100
()
.
. (.. ), . () , ( ), .
.
, " .
Network Associates Sniffer ( Sniffer Pro). .
, . .
, :
Microsoft Performance Monitor Microsoft System Monitor Performance Monitor Windows NT 4.0 ( System Monitor
Windows 2000) , .
, . , .
Performance Monitor System Monitor (alerts), , .
, , :
:
-
101
. , , , (media) , .
Sniffer
, : Sniffer Pro LAN Sniffer Pro WAN Sniffer Pro High-Speed Gigabit Sniffer Pro Sniffer Distributed Analysis Suite Sniffer ,
, IP/IPX DLC . Sniffer Pro ,
. (hops).
Sniffer TCP/IP , ping, tracert, DNS lookup .
Sniffer ( ).
Sniffer Expert Analyzer, .
. -
, .
. .
, -, , , .
:
,
-
102
,
,
,
, Microsoft, Novell, IBM Hewlett Packard, - , . Network Monitoring Suite (NMS) Lanware, Simple Networking Management Protocol (SNMP) , , . ViewLAN NuLink SNMP .
,
, ( ), .
. , ,
, .
, , .
TCP/IP, . , , .
- . , .
.
, , (
-
103
), .
". , , .
. , .
, .
, .
- . - . , . , . ( ) , . .
, , .
TCP/IP , , , , :
ping pathping ping packet internetwork grooper. , ,
Echo Request, Internet Control Message Protocol (ICMP), . ICMP .
ping- . , ping , www.yahoo.com.
, , .
-
104
ping IP , . IP .
ping IP , , ping- , , .
, DHCP DNS , /I. , DHCP , DHCP DNS .
ping time , (Echo Request) (Echo Replay). ping- .
ping /IP .
ping 127.0.0.1. , , . pathping ping c tracert
, . pathping .
.
Tracert Windows Traceroute - Linux
TCP/IP
- . :
Netstat Nbtstat - /IP NetBIOS .
ARP ( " Linux UNIX) - Address Resolution Protocol (ARP).
ROUTE ( route" Linux UNIX) - , .
-
105
1. , . , ., , 1989. 2. . TCP/IP . ., , 1999. 3. , ., .. UNIX, .,
Paraflow, 1993. 4. . . ., , 2006. 5. , . , ., , 1998. 6. , . Linux, ., , 2000. 7. , ., .. , .,
, 2000. 8. . TCP/IP . ., , 2002. 9. . . ,
. ., , 2003. 10. . . ., , 2004. 11. , . , , , 1999. 12. , ., ., .
, , ,2001 13. Comer, D.E. Internetworking with TCP/IP, Vol.1. Principles, Protocols and
Architecture, Englewood, Prentice Hall, 1995. 14. Comer, D.E. Internetworking with /I, Vol.11. Design, Implementation
and Internals, Englewood, Prentice Hall, 1996. 15. International Organization for Standardization, Information Processing
Systems - Open Systems Interconnection - Connection Oriented Transport Protocol Specification, ISO 8073, 8824,8825, 9595,9596, ISO Publishing House, Switzerland.
16. CISCO Network Module Hardware Installation Guide, CISCO Systems, 2000.
17. Software Configuration Guide, CISCO Systems, 1999. 18. David, S.A. Inside Windows NT - 2nd edition, Microsoft Press, 1998. 19. Hunt, C. /IP Network Administration, Second Edition, December 1997 20. Garfinkel, S., G. Spafford. Practical UNIX and Internet Security, Second
Edition, O'Reilly, April 1996 21. Peek, J., T.O'Reilly, M. Loukides. UNIX Power Tools, August 1997 22. Liu, C, P.Albitz. DNS and BIND, O'Reilly, September 1998 23. International Technical Support Organization of IBM, /IP Tutorial and
Technical Overview Rep.GG24-3376-05, October 1998 24. CISCO Systems, Internetwork Design Guide, 2000. 25. CISCO Systems, Internetworking Technology Overview, 2000. 26. Troubleshooting and Configuring the Windows NT/95 Registry, Macmillan
Computer Publishing, 27. Deering, S.E., D.R.Cheriton. Multicast Routing in Datagram Internetworks
and Extenden LANs, ACM Transactions on Computer Systems, 8(2), 1990, pp.85-110.
28. Falk, G. The Structure and Function of network Protocols, in Computer
-
106
Communications, vol.1, Cheu, W(ed.), Englewood, Prentice Hall, 1983. 29. Rose, M. (ed.) Management Information Base for Network Management of
/I Based Internets, DDN network Information Center, SRI International, Ravenswood (USA).
30. Karn, P., C.Partridge. Improving Round-Trip Estimates in Reliable Transport Protocols, Proc. ACMSIGCOMM'87.
31. Martin, J. Computer Networks and Distributed Processing, Englewood, Prentice Hall, 1991.
32. Comer, D.E. Internetworking with , Vol.11. Design, Implementation and Internals, Englewood, Prentice Hall, 1996.
33. Comer, D.E., D.Stevens. Internetworking with TCP/IP, Vol.III. Client-Server Programming and Applications, Englewood, Prentice Hall, 1996
34. Comer, D.E. The InternetBook: Everything you need to know about computer networking and how the Internet works, Englewood, Prentice Hall, 1995
35. Comer, D.E., D.L.Stevens. Vol.III, Windows Sockets Version, Englewood, Prentice Hall, 1997.
36. Denning, Dorothy . Information Welfare and Security. Reading, MA: Addison-Wesley, 1999 r.
37. Kaufman, C, R. Perlman , . Speciner. Network Security: Private Communication in a Public World, . Upper Saddle River, NJ: Prentice Hall PTR, 2002 r.
38. McCarthy, Linda. Intranet Security: Stories from the Trenches. Palo Alto, CA: Sun Microsystems Press, 1998 r.
39. Pfleeger, Charles, et al. Security in Computing, . Upper Saddle River, NJ: Prentice Hall PTR, 2002 r.
40. Rescola, Eric. SSL and TLS: Designing and Building Secure Systems. Reading, MA: Addison-Wesley Professional, 2000 r.
41. Schneier, Bruce. Applied Cryptography, . New York, NY: John Wiley and Sons, 1996 r.
42. Stallings, William. Cryptography and Network Security, . Upper Saddle River, NJ: Prentice Hall, 2002 r.
43. Chapman, D. Brent ,Elizabeth D. Zwicky. Building Internet Firewalls, . Cambridge, MA: O'Reilly and Associates, 2000 r.
44. Chapman Jr., David W , Andy Fox. Cisco Secure PIXFirewalls. Indianapolis, IN: Cisco Press, 2001 r.
45. Cheswick, William , Steven Bellovin. Firewalls and Internet Security, . Reading, MA: Addison-Wesley, 2002 r.
46. Carter, Earl. Cisco Secure Intrusion Detection System. Indianapolis, IN: Cisco Press, 2001 r.
47. Northcutt, Steven , Judy Novak. Network Intrusion Detection: An Analyst's Handbook, . Indianapolis, IN: New Riders, 2002 r.
