Vyatta Core – Giải Pháp UTM Mã Nguồn Mở    !"#$%# &'()&*(+#$,- &'()&.*)#$/01 &'()&*+&2!345 &'()&6)*#$7 Mục lục Danh sách hình vẽ Danh sách bảng 2 1 GIỚI THIỆU 89:;1<#=>--##-?#@1A1B?-?C 1>#D1E101F-GD1H=1AHI-1J?KLM?N9O1O 1NHK>1<?PQ/;H?@8>@MRL@,--11 ?NP>1AHI1:1-9AS1014RTR3RU1R1V WR9:LXV?Y9RQZ [\L#1J=NI[-9A?=?9O1O1:11A-#RF N1#L1]?K1014D1E^9=1014?KI[ D19A?=?Q#19_H;[?KLM?N1 L9> -?K,H=H:-RHD1L-HM1:11>#F-GQ3_ O1:1I[9A 101<`@1ab1J:,1RD11:1K9A?=?_1^9LM %?`1<21@caR2b1dMe>ef?19_Q %HJH=--#J??@gP?;-P-#=Vyatta Core – giải pháp UTM mã nguồn mở11,91:1_4H[#I-?Y?N1J;#I1 1:1I[9A101# O#1:19A?=?B?N?51=Q 3#`-?KLH=-?NH^1XV# 8 8%a?K9V 9MhSiX,EIbH^11]H;1]11,91:1_4R [1O ?NQJ-9?jk?l1<3#em 1>#3#9:- -H^11KHk1n9:;Q#--?$9_Re_11Uo 3#`1JHA#H<p10141AIH;H:9011:11AH N1< L9" • `:1_41B%7`R@1S #?1aRmRqbRR @cTR1Si@ 3R11R  ??RQZ • `:1_4V1C^rRRTRsR# ae 1RTScR%6R1@R3bRQZ /^1IeIH;1N#,et=9A10X'r1u-e41j FeIM%i16&9@vRBp1w1J;H^1MH;1N#1:1 =J32R`XxRxRy32W?11,91:1 [1O?N -?Y11:1?:#-?>\HL:H:??V#R3#81@8?N@8 ?=? z9n^9=#1A--11O;QJ--1J;l- 81UM11:1 L9F-G-#11:1E101aB ?N1J9_1<3#bQ 3 4 2 TỔNG QUAN VỀ VYATTA 3#HN?K@8lHI-1>L9?NW1:11 1,91:19:9?N-?Y 89A?=?eI^9L1Y O1:1 I1<JR=?:#1<H{-1:1?>PHL:H:??V#W?H:90 1:11AH N=NA`Q7--NAY|RJ-H:??V#1< 1:1e:1- L9FGHIe59IH^1eIM-Ll 3#10?1e4-@01?N?-3#1J;?NQ 9:91<3#-?K81UMH;#I11:1I[9A10HK1}#= 1<1:1j`@1R~9Q %HV#-@@:pLH=-3#em-9A?=?`@1m q6@:3#em-`@1m 2.1 Các sản phẩm chính • Về phần mềm /V#H=-1:19B?NR1J9_RHA#H<1:11014e:1- 98[9A101L1;e-YH^1@8C^F1_j 3#Q 3#em"H^11-HD1:1=9A10X'r1uQ 3#em321@"H^11-HD1:1=J`X xR32RxR 7y32Q • Về phần cứng 3#7 991"-1:1I[9A10HjH^1MR1J_B_1 1-1-HD@•9A?=?3#emQ • Dành cho cộng đồng 5 3#`"-9?jk?lR--?$9_1<3#em - 11KHk1:1-9:;-\ nRE1011J1A10R;e -,e>YH^11:1 [1O1#L9F3#Q 2.2 Các chức năng chính của Vyatta Network OS • Kết nối mạng N{1<LM3#-?K1B1IH[#I901N9RC^HA#H<1:101 H[#IHK=.-raqRmRbQ-1w C^1?N e> V#1u'&)Q66R1:1I9-1:11 v1JM1HK6&9@Q • Tường lửa \€1<3#EKe4e;? #L11J.-rQ`:1 _411,9k?•@ S?@ TR)TQ • Lọc nội dung và phòng chống xâm nhập 7LM3#11,9??K?01HKL1:11<HK11:1?MH UKU1>?-1B1I9w1MXV?Y9Ia1JJ [1O3#ihbQ • Bảo vệ các kết nối từ xa IY9 1:1eIM 3 -a@€ O 1b pD1=L M3#D1,etI[1JC^13-Q/k\1w11,9e 4#1Y9?NFX-1\ n\_4i@ m93Q • Quản lý lưu lượng =1B1Ise:11J;H^1:9 O11:1^H-a b-H a bH;X:1H[- :@8  11:1^-1:10 O} U#HwGHK$,9Q • Độ sẵn sàng cao 3#11,9e4 89wa  1#b-_@•@-1a#b 11:1?NM}U>}1:11u=1B1IHkK-1#;HE 8 9wacb • Tương thích và hỗ trợ IPv6 `:19:9H[#I-?Y 89A?=?1<3#L1J@8B _1M-C^HA#H<01rQ • Quản trị và chứng thực 7LM3#1J;H^1}|>} L wL}K1} [?NRD1 LD1>}LM}|-@€ O? 11@@1<3#Q,11:19-?L1H=H^1H?-@€ O1:1 9B011081}7)R%hD1``‚Q • Giám sát và lập báo cáo: 6 `:1>=PNNHK1<LM3#H=H^1Y-11,9 HA#H<-1J;H^1 {W1:11>1OS019EI2RTR #@@eRQZ 7P62>P10141<3#em %HV#-1I1:110141<3#em9rQ* 7 q)%@:11I10141<3#emrQ* 2.3 Các giải pháp triển khai /;;e9:91<3#1J;1U?KJ?9:9@" 8 Vyaa Soluons Vyaa Soluons Private & Public Cloud Private & Public Cloud Vyaa for The Cloud Vyaa for The Cloud Vyaa for the Amazon Cloud Vyaa for the Amazon Cloud Virtual Datacenter Virtual Datacenter Vyaa for Virtualizaon Vyaa for Virtualizaon Vyaa for Riverbed RSP Vyaa for Riverbed RSP Physical Network Edge Physical Network Edge Vyaa Appliances Vyaa Appliances Vyaa Network OS Vyaa Network OS 7P)`:19:9;e3# L1I=1:1J?9:91d-1:1-L=1:1?>P; e?!RX?e?lH[1]@" 9"SSQ#Q1?S@@ `:19AI91<:1:-#@gY9-L10 O9:93#` -?K?>P;e1:1#1A1O;-AM81Il1:1  L9Q`:111-HD-1,P1:1-9A1014H=H^181L ?>\JQ 9 3 TẢI VÀ CÀI ĐẶT VYATTA CORE A-#@g?>1:1n#1U;e-1:111-HD??KLM3# `Q 3.1 Yêu cầu phần cứng tối thiểu 2KH=1A|-L9A?=?3#H^1IeI1]H;1N#1:19A10 X'r1uQ%Y#?-1:1=e:12R2R`R`RZH=e> H^1C^Qn#K1-1:1-9A1014?-LM3#@gH?:1 ?-1J1:1#1A=9A10a`hR2RI[pbe:1Q%HV#- 1] !1BH;1U1,P9A109n^9F#1AIeIQ q*ƒ1A9A10M;H;1-HD3#` 3.2 Các tùy chọn triển khai 7LM3#C^1:1n#1U;e,HK@" • Chạy từ LiveCD"3#1J;NHK81I9FH„`%aH^1FT m1J;elHK1<3#bRLMH^1N9-1N##K 2?-e>-?X:K pL##HELH=-L1J?:# _Q-RN?Ki`%1d-1}#IHAH;1-3# I[pE10Q • Cài đặt trên thiết bị lưu trữ dài lâu: @eelHKF?Ki`%R3#1J ;H^11-E7%%R%Rhq-1:1NI[p -Va9@@ 1be:1zQ • Cài đặt trong môi trường ảo hóa hoặc đám mây (cloud)"3#11,91:1 991-LM3#H^11-HD-M@• -1= 1 0 [...]... server set firewall name private-to-server description "Private to Server” set firewall name private-to-server rule 1 action accept set firewall name private-to-server rule 1 state established enable set firewall name private-to-server rule 1 state related enable set firewall name private-to-server rule 10 action accept set firewall name private-to-server rule 10 destination port 80,443 set firewall. .. destination port 80,443 set firewall name private-to-server rule 10 protocol tcp set firewall name private-to-server rule 20 action accept set firewall name private-to-server rule 20 destination port 22 set firewall name private-to-server rule 20 protocol tcp set firewall name private-to-server rule 20 destination address 192.168.204.1 set firewall name private-to-server rule 20 source address 192.168.244.100... serverfarm from public firewall name public-to-server set zone-policy zone private from public firewall name to-private set zone-policy zone private from serverfarm firewall name to-private set zone-policy zone public from private firewall name-to-public set zone-policy zone public from serverfarm firewall name to-public commit Kiểm tra lại các cấu hình trên bằng hai lệnh show firewall show zone-policy 3 2 5.2.5... những website có từ khóa “sex” trong url Thực hành 32 Lọc url chỉ định và từ khóa set service webproxy facebook.com url-filtering squidguard rule 20 local-block-url set service webproxy url-filtering squidguard rule 20 local-block-keyword “sex” Khi user truy cập bị cấm trên các trang web chỉ định, bạn có chuyển tiếp user đến một trang web khác 3 4 Thực hành 33 Chuyển tiếp user set service webproxy url-filtering... Zone" set firewall name to-public rule 1 action accept set firewall name to-public rule 1 state established enable set firewall name to-public rule 1 state related enable set firewall name to-public rule 10 action accept set firewall name to-public rule 10 destination port 80,443 set firewall name to-public rule 10 protocol tcp set firewall name to-public rule 20 action accept set firewall name to-public... show show service webproxy 5.3 Giải pháp VPN Vyatta cho phép bạn thiết lập VPN với các hình thức: • • • 5.3.1 Sử dụng IPSec để kết nối Site-to-Site Truy cập từ xa qua giao thức PPTP, L2TP, IPSec Site-to-Site và truy cập từ xa qua thông giao thức OpenVPN và IPSec IPsec Site‐to‐Site VPN 1.1.1.9 Mô hình Hình 15 – Mô hình triển khai VPN Site-to-Site Trong ví dụ này bạn triển khai mô hình mạng như trên Đảm... Enables IPsec VPN on eth1 on WEST vyatta@ WEST# set vpn ipsec ipsec‐interfaces interface eth1 vyatta@ WEST# show vpn ipsec ipsec‐interfaces interface eth1 2 Cấu hình IKE-Group trên WEST vyatta@ WEST# set vpn ipsec ike‐group IKE‐1W proposal 1 vyatta@ WEST# set vpn ipsec ike‐group IKE‐1W proposal 1 encryption aes256 vyatta@ WEST# set vpn ipsec ike‐group IKE‐1W proposal 1 hash sha1 vyatta@ WEST# set vpn ipsec... Users address 192.168.80.0/24 set service webproxy url-filtering squidguard rule 10 source group SecAdmin set service webproxy url-filtering squidguard rule 20 source group Users set service webproxy url-filtering squidguard rule 20 block-category spyware set service filehosting webproxy url-filtering squidguard rule 20 block-category commit Ngoài việc lọc theo danh mục, bạn có thể lọc theo url chỉ định... công DOS hoặc brute force Thực hành 26 Rule giới hạn kết nối set firewall name public-to-server rule 5 action drop set firewall name public-to-server rule 5 protocol tcp set firewall name public-to-server rule 5 destination port 80,443 set firewall name public-to-server rule 5 recent count 20 set firewall name public-to-server rule 5 recent time 5 commit 3 1 Rule cuối cùng, bạn cần cho phép client từ... name public-to-server rule 10 action accept set firewall name public-to-server rule 10 destination port 80,443 set firewall name public-to-server rule 10 protocol tcp set firewall name public-to-server rule 10 destination address 192.168.204.1 commit Một ý tưởng tốt khi giới hạn kết nối của client vào server, để phòng bị tấn công DOS hoặc brute force Thực hành 26 Rule giới hạn kết nối set firewall name . O1:1I[9A 101<`@1ab1J:,1RD11:1K9A?=?_1^9LM %?`1<21@caR2b1dMe>ef?19_Q %HJH= -  -# J??@gP?; - P -# = Vyatta Core – giải pháp UTM mã nguồn mở 11,91:1_4H[#I - ?Y?N1J;#I1 1:1I[9A101#. Vyatta Core – Giải Pháp UTM Mã Nguồn Mở    !"#$%# &'()&*(+#$, -  &'()&.*)#$/01 &'()&*+&2!345 &'()&6)*#$7 Mục. @? I1U 1- e;?@ bQ 2 i-?1:1 ! ?- PH; - ,}:P 1- HDa|1:1 11U9Vn 1- 3#R?Yeu1 - eR[_ 1- hqbQ 3