Сетевая безопасность на основе серверных продуктов Microsoft: Учебный курс

  • Published on
    08-Dec-2016

  • View
    218

  • Download
    4

Embed Size (px)

Transcript

1. . .

, , , , . , , . , . . -, , -, . . , , . , :1. ( , .. );2. ( , , ; , );3. ( );4. ( );5. ( , );6. ( , , , , ; , ). , , , . , , , -, , , , . , , , . . , . .

:

1. ;2. ;

3. ;

4. ;

5. ;6. .

:1. ( , );

2. ( , ; );

3. ( , , );

4. ( , , );

5. ( , , , , ).

30 . . :1. ( , );

2. , ( );

3. ( );

4. ( . , ). , ( ), ( ). . , . , . , .. .

, . , , .

, , , . , . , . 2. . , , . , , , . , , . (). , -, , .

Windows Server 2003 . (PKI). , . PKI - ( , , , VPN .). , PKI . : , . , . (), ; ; .

, , . WS2003 . . , ( ). , . , , . . , . . , . . , , .. , . : ( , ; ), ( , ), ( , ). , :

1. ;

2. , ;

3. (, -, ..).

, , . : ; , ; , ; , . : , , , IPSec EFS.

, , , : 1. , ( ; , ; );2. , , , ;3. , ( ) . .

, , , , - . (CRL). , , . , , , . , . .

. . , . , , , . , , , . . . , . , CRL .

. , , . . , .

, , . CRL. , CRL ( CRL). CRL. CRL . , . . , , , , CRL, . WS2003 , , 25% .

3. .

, . , . . Microsoft Internet Security and Acceleration Server 2004 (ISA Server). TCP/IP, . , , . , , .

ISA Server , , - . ISA Server . web-. . web- ISA Server , . , .. , . , . . , . ISA Server , . ISA Server, . ISA Server , . ISA Server, . , . ISA Server , , , . , , , . . ISA Server . , .. . , ISA Server . , .

ISA Server 2004 : Standard Edition Enterprise Edition. ISA Server Standard Edition Small Business Server Premium Edition. . ISA Server 2004 Enterprise Edition, 25 , (NLB), . 1 , 512 , . , ISA Server Windows Server 2003. ISA Server. . , . . ISA Server ISA Server. ISA Server . 4. ISA Server 2004. ISA Server 2004 , WS2003 . , , , ISA Server. . , , ISA Server. , ISA Server : ICS/ICF, NAT, SNMP, FTP, NNTP, IIS, WWW. , ISA Server , ISA Server . ISA Server , . ISA Server . ISA Server , .

. ISA Server , Active Directory. ISA Server , ISA Server (CSS). . ISA Server , ISA Server , . CSS ISA Server. CSS , WS2003 . , ISA Server, , ISA Server, WS2003, . ISA Server CSS ( WS2003), . CSS ISA Server. ADAM. ISA Server 2004. Windows ADAM. ldp.exe. CSS ISA Server. CSS- 389 2171 2172. , Windows. , . , , ISA Server. ISA Server 2004. , CSS-, , . ISA Server , , FPC (InstallNewManagementServer.ini CSS, InstallStandAloneServer.ini ISA Server CSS, InstallArrayAndServer.ini ISA Server , InstallJoinedServer.ini ISA Server , UninstallServer.ini ). , , , :

__ISASetup\setup.exe [/[x|r]] /v /q[b|n] FULLPATHANSWERFILE= \___\_\. : \r , \x , \v , , \q[b|n] (b , n ). PathToISASetup\setup.exe REINSTALL=ALL.

ISA Server , ; , ISA Server 2000. . , , . ISA Server . ISA Server , -, (, RADIUS). -, : CSS- , ISA Server , CSS ISA Server , ISA ( , ). . , . , ISA Server , , .

ISA Server , , ISA Server . : . ISA , .

: Enterprise Auditor ( ) Enterprise Administrator ( ISA Server).

: Monitoring Auditor ( ISA Server, ), Auditor ( , , Monitoring Auditor), Administrator ( ). 5. ISA Server 2004. ISA Server ISA Server: 1. ( ISA Server, );

2. Web- ( FTP, HTTP, HTTPS ISA Server);

3. SecureNAT ( ISA Server ).

ISA Server , . ISA Server , Web-. , SecureNAT. , .

ISA Server . , Windows, , ISA Server HTTP , Web-.

. SecureNAT TCP/IP ISA Server , ISA Server. , DHCP-, SecureNAT DHCP- 003 Router, ISA Server. SecureNAT . . SecureNAT . ISA Server. , . , SecureNAT DNS. - , DNS ISA Server. SecureNAT .

Web- , HTTP1. : HTTP, HTTPS, FTP, Gofer. . . Web- . proxy- , . ISA Server. ISA Server Web-, , -. Web- ISA Server Web- . , , SSL. (, Windows, RADIUS, ). , ( ).

Web- Microsoft Firewall ( , ISA Server , ISA Server, Ping). , Web- ISA Server . . : , . ISA Server, , . ISA Server . ISA Server -, . MSPCLNT. setup. . ISA Server . ISA Server , Web-. Web- . , ISA Server TCP UD 1745. , , ( ). , ( ). ISA Server common.ini. Web- management.ini. application.ini. locallat.txt. 6. ISA Server 2004. ISA Server , ISA Server. ISA Server , , , ISA Server, , ISA Server, . ISA Server. 60 . 2 .

. , - . ISA Server 56 . . : , , , / ISA Server. , , , , , . , , , .. . , , , . , () . , . . Microsoft Firewall, Web- SMTP Massage Screener. , SQL . ISA Server, . ISA Server Windows Server 2003, . . . ISA Server :Microsoft ISA Server Control ( , );Microsoft Firewall ( ISA Server, ISA Server Firewall Engine);Microsoft ISA Job Scheduler ( Web-);ISA Server Storage ( );Firewall Engine ( . , .);Microsoft Data Engine Service ( ISA Server);Network Load Balancing ( ISA Server);Remote Access Service ( VPN). ISA Server, , . ISA Server , . ( , , , IP- , ), , . ISA Server . . . . : ISA Server Cache ( , , -) , ISA Server Firewall Packet Engine ( , , ), ISA Server Firewall Service ( ), ISA Server Web Proxy ( Web-). :

1. ;

2. .

. . . : ?

7. .

ISA Server : , , . , , , , . , . . . , . . , , .

, . . : ( IP- ISA Server), ( IP-, ), ( IP-, ), VPN ( ). , . , , ISA Server , . , , IP-. , . .

Web- URL , IP- , ISA Server Web- .

. ISA Server , , : ( NAT , , ), ( ISA Server ), ( ; ). ISA Server. : , ; NAT, ; , , .

, : ; ; ; ; .

. . , , . , ISA Server, , , . ISA Server : 1. ;

2. ;

3. ;

4. ;

5. ;

6. .

, . :1. ;

2. ;

3. ;

4. IP- URL;

5. ;6. .

, .

, , ISA Server 2004 . .

, ISA Server , , Edge Firewall.

ISA Server , , , 3-Leg Perimeter. , ISA Server, Front Firewall Back Firewall. , - .

. IP-, , ( ). IP- ISA Server, . , . , . ISA Server. , , .

8. .

, (, , ) . . , , . . . , DNS-, DHCP-, WINS-, , . , . . , DNS-, VPN, . , , . , . (, , , ). RPC SMTP. . , TCP, UDP. , : DNS (53 TCP UDP), LDAP (3268 TCP, 389 TCP), NetBIOS (137 TCP UDP, 138 UDP, 139 TCP), RPC (135 TCP UDP), SNB (445 TCP UDP), WINS (42 TCP UDP, 1512 TCP UDP). , DNS, NetBIOS . , , . RPC. ( 64000 TCP). , . 135. . , , , VPN-, IPSec. , DNS HOSTS, DNS ( , DNS ).

, . : , . , , , . . DNS : footprinting ( ), redirection ( IP- ), DS ( DNS- , ), IP spoofing ( ), cache poisoning ( DNS- ). DNS- . DNS-, ( ). . DNS- DNS-. DNS- . ( -) DNS-, . , , DNS .

DNS- . . DNS . , DNS-. , DNS VPN- IPSec. DNS DNS-. DHCP DNS . VPN- . VPN- ISA Server. ISA Server VPN-, , , VPN (PPTP L2TP/IPSec). , .. , VPN- IP- ( ISA Server DHCP). . -, EAP-TLS MS-CHAPv2. ISA Server , RADIUS. , VPN. , . VPN, ISA Server. VPN L2TP/IPSec , PPTP. . . , .

, , . , , . . , , , (, , ). (, DNS DHCP-). . , Windows Server 2003 . , , . , . 9. . . . . . . , , VPN-. , IPSec. SSL.

IPSec . , GPO (, , ). IPSec , , , . , . IPSec :

1. ( ; , );

2. ( , , .);3. ( );4. ( , , -).

. , . IP-, Netsh. :

1. , , , ;

2. , , ;3. IPSec ( , ).

, : , , , , , , . IPSec. , . , . , . . IPSec . , Kerberos. , IPSec. Kerberos , , . , , . . IPSec AH ESP. , . . AH , ( , ). ESP , , , . :

1. , IPSec, ;

2. VPN L2TP, IPSec;

3. , , . DES 3DES. , . , AH ESP. . , . MD5 SHA1, , .

-, 1, 2 3. , , , . Windows Server 2003, - 3. 1 2.

IPSec :1. , ( , , );

2. IPSec;

3. ( );

4. ;

5. IPSec ( - );

6. ( ).

10. . , , , . , - , . , . : ; ; ; . , , , . -, , ( , Web-, . -, , ( , ). -, , , ( ).

:

1. ( WindowsNT 4.0; ; , );2. ( WS2003 . , , , );

3. ( , ; , . .);4. ( WindowsNT 4.0 . . , .);5. ( , . WS2003.). . , . : ; ( ); ( , ).

, , . -, SID. . , , . . . SID , . , - . , . . . : 1. ( . . TopLevelExclusion, .);2. ( . .);3. ( ).

. -, , -, DNS, . DNS , . -, , : RPC ( , HKLM\system\currentcontrolset\servicies\ntds\parameters TCP/IP Port); RPC NETLOGON ( HKLM\system\currentcontrolset\servicies\netlogon\parameters), 88 Kerberos, 135 Action Control List .

, : ;

WindowsNT 4.0 ;

WS2003 ; WS2003 ; WS2000 . , , , . . 11. . . LDAP, , , , . , . . , , : . . , , . . ,...

Recommended

View more >