1"
BỘ#GIÁO#DC#VÀ#ĐÀO#TẠO#
TRƯNG#ĐI#HC#CÔNG#NGHỆ#TPHCM#
*****#
"
ĐỒ"ÁN"CHUYÊN"NGÀNH"
"
#ĐỀ"TÀI"
Tìm#hiu#và#so#sánh#các#kỹ#thut#mã#hóa#
trong#kết#ni#VPN#
#
Ngành":"CÔNG#NGHỆ#THÔNG#TIN"
Chuyên"ngành":"MẠNG#MÁY#TÍNH"
"
"
Ging"viên"hưng"dn:"THY"NGUYN"QUANG"ANH"
Sinh"viên"thc"hin":" "
Họ"và"tên"
MSSV"
Lớp"
Nguyn"Đăng"Quang"
1311061016"
13DTHM02"
Lý"Tiến"Tân"
1311061094"
13DTHM02"
"
"
TP.HCM"-"Tháng"11,"năm"2016"
2"
"
MỤC#LỤC#
"
CHƯƠNG"I":"TNG"QUAN"VỀ"VPN"........................................................................"5"
1.1"Tìm"hiu"về"Mạng"riêng"o"(VPN)"............................................................"5"
1.1.1"Đnh"nghĩa"..................................................................................................."5"
1.1.2"Chc"năng"ca"VPN"................................................................................."6"
1.1.3"Li"ích"ca"VPN"........................................................................................."7"
1.1.4."Các"yêu"cu"cơ"bn"đi"vi"mt"gii"pháp"VPN".........................."8"
1.1.5"Đưng"hm"và"mã"hóa"..........................................................................."9"
1.2"Mô"hình"VPN"thông"dng"..........................................................................."10"
1.2.1"Các"VPN"truy"cp"(Remote"Access"VPNs)"...................................."10"
1.2.2"Các"VPN"ni"bộ"(Intranet"VPNs):"....................................................."12"
1.2.3"Các"VPN"mở"rộng"(Extranet"VPNs):"..............................................."14"
CHƯƠNG"II."BO"MT"THÔNG"TIN"..................................................................."17"
2.1"Tìm"hiu"về"bảo"mật"....................................................................................."17"
2.2"Các"hình"thc"tn"công"................................................................................"18"
2.3"Các"hình"thc"tn"công"trong"mng"riêng"o"(VPN)"......................."20"
2.3"Mt"số"gii"pháp"bo"mật"..........................................................................."22"
2.3.1"Về"hệ"thng"thiết"kế".............................................................................."22"
2.3.2"Về"hệ"thng"phát"hin"tn"công"........................................................"22"
2.4"Công"nghệ"bảo"mt"trong"VPN"................................................................."23"
CHƯƠNG"III":"CÁC"THUT"TOÁN"MÃ"HÓA"TRONG"VPN".........................."24"
3.1"Các"thut"toán"&"công"nghệ"mã"hóa"......................................................"24"
3.1.1"RSA"..............................................................................................................."24"
3.1.2"AES"..............................................................................................................."25"
3.1.3"SHA"..............................................................................................................."26"
3.1.4"Hạ"tầng"PKI"..............................................................................................."27"
3.1.5"Tưng"lửa".................................................................................................."28"
3.1.6"Giy"chứng"nhn"đin"tử"(digital"certificate):"............................"28"
3"
CHƯƠNG"IV":"CÁC"GIAO"THC"MÃ"HÓA"TRONG"VPN".............................."30"
4.1.PPTP"...................................................................................................................."30"
4.1.1"Gii"thiu"về"PPTP"................................................................................."30"
4.1.2"Nguyên"tc"hot"đng"ca"PPTP"......................................................"30"
4.1.3"Nguyên"tc"kết"ni"ca"PPTP"............................................................"32"
4.1.4"Nguyên"lý"đóng"gói"dữ"liu"đưng"hm"PPTP"..........................."32"
4.1.5"Nguyên"tc"thc"hiện"............................................................................"34"
4.1.6"Trin"khai"VPN"dự"trên"PPTP"..........................................................."34"
4.1.7"Ưu"đim"ca"PPTP"................................................................................."36"
4.2."L2TP"..................................................................................................................."37"
4.2.1."Gii"thiu"về"L2TP"................................................................................"37"
4.2.2"Dữ"liu"đưng"hm"L2TP"..................................................................."38"
4.2.3"Chế"độ"đưng"hm"L2TP"...................................................................."40"
4.2.4"Nhng"thun"li"và"bt"li"ca"L2TP"............................................."44"
4.3"IPSec"...................................................................................................................."44"
4.3.1"Gii"thiu"về"IPSec"................................................................................."44"
4.3.2"Liên"kết"an"toàn"......................................................................................"50"
4.3.3."Quá"trình"hot"đng"ca"IPSec"........................................................"52"
4.3.4."Nhng"hn"chế"của"IPSec"..................................................................."54"
4.4"SSTP"....................................................................................................................."55"
4.4.1."Gii"thiu"về"SSTP"................................................................................."55"
4.4.2"Lý"do"sử"dụng"SSTP"trong"VPN"........................................................"56"
4.4.3"Cách"hot"đng"ca"SSTP"...................................................................."57"
4.5"IKEv2"..................................................................................................................."57"
4.6"SSL/TLS"............................................................................................................."58"
4.6.1"Giao"thc"SSL"..........................................................................................."58"
4.6.2"Giao"thc"TLS"..........................................................................................."59"
4.7."So"sánh"các"giao"thc"mã"hóa"trong"VPN"..........................................."59"
CHƯƠNG"V":"TÌM"HIU"GIAO"THC"OPENVPN"..........................................."60"
5.1"Lịch"sử"của"OpenVPN"..................................................................................."60"
5.2"OpenVPN"là"gì?"..............................................................................................."61"
4"
5.3"Ưu"đim"ca"OpenVPN"................................................................................"62"
5.4"Các"mô"hình"bo"mt"OpenVPN"..............................................................."64"
5.5"Các"kênh"dữ"liu"OpenVPN"........................................................................"64"
5.6"Ping"và"giao"thc"OCC".................................................................................."65"
5.7"Kênh"điu"khiển"............................................................................................."65"
CHƯƠNG"VI":"TRIN"KHAI"DCH"VỤ"OPENVPN"..........................................."67"
6.1."Trên"Windows"..............................................................................................."67"
6.2."Trên"Linux"......................................................................................................."71"
TÀI"LIU"THAM"KHẢO"............................................................................................"74"
" "
5"
CHƯƠNG#I#:#TỔNG#QUAN#VỀ#VPN#
1.1#Tìm#hiu#về#Mạng#riêng#o#(VPN)#
!1.1.1!Định!nghĩa!
Mạng" riêng"o"hay"còn" đưc" biết"đến" vi" t" viết"tt" VPN," đây"
không"phi"là"mt"khái"nim"mi"trong"công"nghệ"mạng."VPN"có"thể"
đưc"định"nghĩa"như"là"một!dch!vụ!mng!o!đưc!trin!khai!trên!
cơ!sở!hạ!tầng!ca!hệ!thng!mng!công!cng!vi!mc!đích!tiết!kim!
chi!phí!cho!các!kết!ni!điểm-điểm."Mt"cuc"đin"thoi"gia"hai"cá"
nhân"là"ví"dụ"đơn"gin"nht"mô"tả"một"kết"ni"riêng"o"trên"mng"đin"
thoi"công"cng."Hai"đc"đim"quan"trng"ca"công"nghệ"VPN"là"“riêng”"
"“ảo”tương"ng"vi"hai"thut"ngữ"tiếng"anh"(Virtual"and"Private)."
VPN"có"thể"xut"hin"ti"bt"cứ"lớp"nào"trong"mô"hình"OSI,"VPN"là"sự"
cải"tiến"cơ"sở"hạ"tầng"mng"WAN,"làm"thay"đi"và"làm"tăng"thêm"tích"
cht"ca"mng"cc"bộ"cho"mng"WAN."
"
"
"
"
"
"
"
"
"
"
"
"
"
"
"
Hình%1.1.1.1%:%Sơ%đồ%kết%nối%từ%cơ%sở%U%với%cơ%sở%A%ca%trưn%HUTECH%thông%qua%
công%nghệ%VPN%