ĐẠI HỌC QUỐC GIA HÀ NỘI
TRƯỜNG ĐẠI HỌC CÔNG NGHỆ
NGUYỄN ĐÌNH NGHĨA
CÔNG NGHỆ MẠNG RIÊNG ẢO SSL VPN VÀ
ỨNG DỤNG TRONG XÂY DỰNG
HỆ THỐNG TRUYỀN TỆP
Chuyên ngành: Công nghệ thông tin
Mã số : 1.01.10
LUẬN VĂN THẠC SỸ
NGƯỜI HƯỚNG DẪN KHOA HỌC:
PGS.TS. NGUYỄN VĂN TAM
Hà Nội - 2006
1
1
. 4
. 5
.8
10
.10
12
12
16
16
18
18
19
19
19
19
.20
- Firewall20
121
1.3.7 VPN Gateway 21
21
.21
22
29
29
. 32
32
33
34
34
SSL 34
35
36
36
2
37
38
38
40
40
53
56
2.3.4
63
ec VPN 64
66
67
7
69
3.4 Nguy69
69
a . 71
72
n.73
74
3.4.6 C thut to s d trong h th74
75
LFTPRecord75
75
79
80
80
81
. 81
. 82
.82
.83
3.8.1 C 83
3.8.2 C 84
3
3.8.3 C .85
87
.88
Ph l E
Ph l F
4
AH
Authentication Header
CHAP
Challenge Handshake Authentication Protocol
CA
Certification Authority
DES
Data Encryption Standard
FEP
Front-End-Processor
ESP
Encapsulating Security Payload
GRE
Generic Routing Encapsulation
HDLC
High-Level Data Link Control
IETF
Internet Engineering Task Force
IPSec
Internet Protocol Security
IPSec VPN
L2F
Layer 2 Forwarding
L2TP
Layer 2 Tunneling Protocol
LCP
Link Control Protocol
LDAP
Lightweight Directory Access Protocol
MAC
Message Authentication Code
Message Digest
MPLS
Multi Protocol Label Switching
MPPE
Microsoft Point to Point Encryption
NAS
Network Access Server
NAT
Network Address Translation
NCP
Network Control Protocol
PAP
Password Authentication Protocol
PIN
Personal Identification Number
PoP
Point of Presence
PKC
Public Key Cryptography
PPP
Point to Point Protocol
PPTP
Point to Point Tunneling Protocol
RAS
Remote Access Server
Rivest's Cipher or Ron's Code
SKC
Secret Key Cryptography
SSL
Secure Socket Layer
SSL VPN
SP
Service Provider
TLS
Transport Layer Security
VPN
Virtual Private Network
5
VPN.11
12
13
13
13
15
.7
17
18
19
22
23
24
24
25
25
26
26
27
27
35
36
37
37
39
41
2.7
trong SSL43
46
47
49
50
51
52
52
.53
.53
6
B 54
54
19
55
56
56
56
.58
.59
nh 2.27
60
60
61
61
2.31
62
62
63
.68
69
70
H 3.4
S qu tr xc th m ch t72
73
3.6
74
75
76
76
77
77
78
78
79
79
nh 3.18
81
81
82
7
83
84
84
85
8
Tr
,
hoàn thiện về công nghiệp.
u
Công nghệ mạng riêng ảo SSL VPN và ứng dụng trong xây
dựng hệ thống truyền tệp
h th th t.
,
,
9
ba
s d trong h th bao g thut
to m ho kho x
10
1
1.
g
(Optical Carrier-3, 155
, .
hi Internet
VPN
VPN
. 1.1
([19], [20], [21], [22]).
.
11
Provider network (P- Network):
Internet
1.1
Customer network (C- Network):
Customer site: - Network,
Provider (P) device:
Provider edge (PE) device trong
Customer edge (CE) device: trong
Virtual circuit (VC):
1.2
12
CE Router
CE Router
CE Router
CE Router
PE Router
PE Router
PE Router
P Router P Router
VPN A
VPN B
VPN C
VPN D
Customer Edge
Router
Provider
Edge Router
Provider Router
1.2
1.
rlay VPNch
--
2. -to-
[21]).
:
khai
qua
X.25,
. T
- .
,
n
-
-
13
- ,
l
--
Triển khai tại tầng 1:
SDN, DS0, T1, E1, SONET
.
ISDN DS0, T1, E1 SONET, SDH
PPP
HDLC
IP
1.3 1
Triển khai tại tầng 2:
X.25,
Frame Relay, hay ATM;
X.25 Frame Relay ATM
IP
Hinh 1.4 2
Triển khai tại tầng 3: IP
-
g - GRE IP (IP Sec),
. GRE nhanh, an
,
.
Generic Routing
Encapsulation (GRE)
IP security (IPSec)
IP
1.5 3
IP
14
,
an
IPSec. K
da trn
IPSec c
khung tin unicast i
VPN k (Peer-to-Peer VPN)
u VPN p ch
router PE
ng tin router CE
.
MPLS VPN
MPLS.
trong .
.
1.6 ([24]).
).
(Label Switching Router)::
-):
.
15
-
.
Edge Label
Switch Router
Label Switch
Router
Customer
Network
Customer
Network
Customer
Network
Customer
Network
1.6
(Label): t(Label Stack).
, da
.
ching Path): l
(Virtual
Channel - VC) tron, ATM, Frame Relay
l
.
K
).
16
. C
.
1.2.2
3
Trusted VPN)
Secure VPNSecure VPN Trusted VPN
Hybrid VPN.
Trusted VPN
Qua Trusted VPN
Trusted VPN
PLS.
)
,
Trusted VPN
Secure VPN
Secure VPN
. Trong Secure VPN
heo
nh IPSec,
L2TP, SSL
1.2.3 Ph
-Access) ---to-site).
17
xa hay (Virtual
private dial-up network -
, y
xa ,
ISP
-
.
.
`
`
Internet
ISP
1.7 Remote Access VPN
VPN Site-to-Site:
VPN Site-to- S
N,
ite-to-S
frame relay. VPN site-to-
VPN Site-to-Set. VPN
VPN site-to-si ([20], [21], [22]).
18
`
`
Internet
1.8 Site-to-Site VPN
`
`
VPN firewall-based)
- -to-site,
VPN firewall -
-based
1.2.4 OSI
-
OSI. ;
. C
.
-
OSI. IPSec
IPS L2TP.
-
1.2.5
-
,
19
-
,
VPN Site 1
CE
PE
VPN Site 2
PE
CE
P
Provider Network
1.9
1.
1.NAS
,
h
ng
1.
T
1.
.
n
20
1.
C
1.- Firewall
t
;
k
21
ch: h
1.
1.3.7 VPN Gateway
1. VPN
1.
v
,
Mcho i qua
. D
.
V
khi i qua ([19], [20]).
Do , ctrong m VPN th
1.10 .
22
`
`
Payload
Payload
Payload
1.10
1.4.2
M
lm
1.4.2.1 Giao thức đường hầm PPTP
-PPP,
PPTP
-to-LAN.
giad
NCP
-
23
-protocol VPN)
khai d trn
Do o, c
l
PPTNAS (
-FEP hay
, m
M VPN thi l
.
`
`
Internet
PPTP
1.11
PPP
`
RAS (PNS)
PPTP
PPP
PPP
ISPc
h
,
v
. H 1.12 m t phin PPTP vi m kh PPP
c c t PPTP.
24
`
`
Internet
PPTP
1.12
`
ISP
PPTP
PPP
Internet
:
.
thng tin k n
,
([19], [20]).
PPTP
-
H 1.13 m t cc thao tc PPTP.
`
Internet
ty
1.13
`
`
FEP
Server
PPTP
ISP
Remote PC
PPP
IP, IPX, NetBeui
DATA
GRE
PPP
PPP
IP, IPX, NetBeui
DATA
IP, IPX, NetBeui
DATA
Encrypted
GRE
Private IP
Address
Public IP
Address
PP t