Защита информации в глобальной сети
.
.
.
.
.
.
3.1. Solstice Firewall-1.
3.1.1. .
3.1.2. Solstice Firewall-1.
3.1.3. .
3.1.4. Firewall-1.
3.1.5. .
3.1.6. FTP.
3.1.7. UDP,
.
. .
WWW .
3.2.1. IP.
3.2.2. .
Intranet.
3.3.1. .
3.3.2. .
3.3.3. .
3.3.4. .
3.3.5. Web.
3.3.6. .
3.3.7. .
3.4. PGP.
3.5. Blowfish.
3.6. Kerberos.
(VPN).
.
.
.
.
VPN.
.
.
Internet - , .
Internet 15 150
. 7-10%. Internet
, ,
, .
,
.
,
, .
Internet, -
, ,
.
, ,
, ,
Internet.
.
Internet ,
,
. Internet
,
, , ..
(
)
,
, .
Internet
,
.
Internet ,
.
,
. ,
Internet
.
- Internet.
20
.
. ,
,
,
.
Internet ,
. 1-2
.
, ,
, .
, -
, .. ""
(80-90% ).
, .
-
. Internet ,
, .
,
10 . .
. ,
Internet,
.
.
, Internet
.
,
,
.
. .
. , , - .
.
, ,
, , ""
.
, ,
, .
,
, ,
.
, ,
.
.
.
, ,
. ,
. Internet
.
.
Internet.
1. .
Internet
Internet. , ,
TCP/IP
(, , , ..),
, , ,
,
Internet
.
, ,
, ,
Internet - ,
, - ,
.
Internet,
? -,
(TCP/IP),
Windows 95, Internet (
IP-, )
.
Internet
,
, ,
intranet, (fire-wall) Internet,
.
TCP/IP Internet
.
,
, 10Base-T
(10 /)
Web- .
Internet :
-, Internet
(
) ,
World Wide Web.
-, ,
IP- Ethernet,
MAC-.
-,
(MAC-),
, 48-
64 .
Internet.
,
, ,
. , Internet
. , - ,
, ,
,
. ,
, ,
, ,
.
:
, ,
.
. , ,
,
, ,
.
, ,
, ,
. ,
, , .
: .
, , , , ,
, .
: -, ,
( -),
. -,
: , . .
,
, (
, ).
, .
, a priori.
2.
(
)
. , ,
,
.
,
,
. .
,
,
, POS-,
,
,
.
:
,
(PIN-,
, ,
),
. .
-
.
,
. , ,
, .
, .
1992 .
.
,
,
, Home Banking
( 㗓-).
,
.
. ,
, ,
.
, :
Internet .
. ,
, :
, ,
IP- Internet?
, Internet,
. , ,
, ,
. ,
, Internet, ,
. 1995 .
Citicorp 40 ! ( , ,
- Internet ,
Citicorp.)
. Internet,
, ,
,
.
,
: Internet ,
, -.
, .
. ,
,
,
.
,
.
,
.
,
.
( ,
), . ,
.
,
-
, DOS
. DOS
. ,
,
( ,
), .
, ,
,
, . .
.
: - , .
,
, . Internet
, , ,
,
,
, .
:
1. .
.
.
,
(,
, ,
. .),
,
.
2.
.
-.
.
3. .
- , Internet
. CERT
Coordination Center 1995 2421 -
. ,
Computer Security Institute (CSI) 500
, 1991
48.9 %, , , 66
. .
- -
(firewalls).
,
30%
.
3.1 Solstice FireWall-1 .
.
,
.
(firewalls),
.
, , .
Solstice FireWall-1 c
,
Internet-.
Solstice FireWall-1,
.
3.1.1.
.
.
. (firewall) -
,
.
FireWall.
,
,
.
,
, ,
: .
, ,
. ,
, ,
, ,
.
.
,
.
Internet.
,
.
Internet,
.
, ,
()
.
-,
, ,
.
-,
.
-,
. , firewall ,
, ,
.
.
,
.
. ,
, ,
.
. Firewall
. ,
, ,
, , , ,
,
.
.
3.1.2. SOLSTICE FIREWALL-1.
,
, Solstice
FireWall-1 Sun Microsystems.
.
,
.
Solstice FireWall-1 ,
.
FireWall-1
. .
,
,
.
3.1.2.1
Solstice FireWall-1 .
FireWall-1 :
, .
,
, .
,
. ,
40 , FireWall-1.
,
:
,
.
.
-
-
.
: Cisco IOS 9.x, 10.x, BayNetworks (Wellfleet) OS
v.8.
,
, , ,
,
. , ,
, ,
.
3.1.3. .
c c
FireWall-1.
.3.1.3..1
FireWall.
1. , ,
.
2. .
,
, , . , ,
FireWall-1.
3. ,
.
,
.
4.
, , , ,
,
.
5. , ,
.
:
1. , ,
,
, UNIX-.
2. ,
.
3. Internet .
.
FireWall-1.
FireWall-1 .
, FireWall-1 ,
,
, .
,
- FireWall-1.
FireWall-1 ,
,
,
UNIX.
3.1.4. FIREWALL-1 .
. 5 FireWall-1.
. 3.1.4.1
FireWall-1.
,
,
. .
, , ,
(),
( )
( ).
() ,
FireWall-1.
3.1.5. .
,
, .
. ,
, World Wide Web, FTP .
, ,
Internet .
Internet.
,
, ,
.
, .
FireWall-1.
, , ,
FireWall-1.
3.1.6. FTP.
Solstice FireWall-1
FTP telnet
.
, FireWall-1 FTP telnet UNIX
, ,
. ,
FTP telnet (
),
, .
:
Unix-;
S/Key ;
SecurID .
3.1.7. UDP-,
.
UDP-, TCP/IP,
.
. ,
,
, .
FireWall-1
UDP , .
,
UDP- (: ),
FireWall-1.
,
, .
, ,
RPC, FTP .
, ,
FireWall-1 ,
.
Solstice FireWall-1
.
,
Internet.
3.1.8. . .
Solstice FireWall-1
- ,
- . ,
.
,
. ,
, .
FireWall-1 .
Solstice FireWall-1
.
,
.
Sun Microsystems
Solstice FireWall-1. Internet-,
,
Ethernet 10 /, 10%
SPARCstation 5,85
486DX2-50 Solaris/x86.
Solstice FireWall-1 -
,
.
Solstice FireWall-1
TCP/IP.
Solstice FireWall-1
.
Solstice
FireWall-1 .
3.2. WWW .
:
IP ;
.
, ..
Internet,
.
.
3.2.1. IP .
,
IP , :
123.456.78.9
123.456.79.
(
) IP 123.456.78.9
123.456.79.
3.2.2. .
,
,
.
: ,
, .
WWW Internet .
3.2.2.1
.
.
:
.3.2.2.2
.
,
, - :
.3.2.2.3
.
3.3 Intranet.
Intranet
,
,
.
Intranet- -,
Web-. Web-
,
; , ,
,
.
, ,
, Intranet.
.
- .
:
(, , ..);
( ,
);
( , );
- ( ).
3.3.1. .
,
.
:
;
;
;
;
;
;
;
;
.
.
, , , .
,
.
,
.
.
,
.
, ,
.
,
, ,
, .
, ,
, .
,
.
,
. ,
.
, .
- ,
- ,
, - .
, ,
,
.
,
,
, (
).
.
.
.
Web-,
, . ,
( ) Web,
,
.
- -
. /
- ,
.
,
, , , ,
.
- .
, Intranet-,
:
,
.
, -
(, ).
,
,
;
() .
, Intranet- ,
, ,
. ,
.
3.3.1. .
Intranet- -
. ,
:
, ,
;
, Intranet.
Intranet . ,
. Intranet
Web-, ,
Web-
(, ) HTML-.
,
( ,
..). , Intranet
,
.
,
. Intranet
, .
/ .
, , Intranet ,
. ,
. -
.
, , Intranet
, (,
) , , .
Intranet-,
. Intranet- ,
-
( ) -
Web-. ,
, ,
.
3.3.3. .
- ,
,
Intranet.
- ,
.
, , ,
.
- , ,
, ,
.
. , ,
,
( ,
). ,
( / ,
, ..).
,
,
.
,
, .
- ,
() (
)
.
,
, ,
,
. ,
.
3.3.3.1
.
,
( )
. ,
.
,
TCP/IP.
.
, TCP/IP
SPX/IPX, Novell NetWare.
, .
, ,
, , , . , ,
,
.
. , ,
,
( ) .
3.3.3.2
,
,
.
, ,
ISO/OSI.
,
- , ,
. ,
( 2), ( 3),
( 4) ( 7).
,
.
/ ,
,
, , , .
,
,
. ,
ISO/OSI, ,
, ,
.
, ,
. ,
, ,
.
.
. ,
,
( Web-),
.
- .
. ,
.
,
,
.
, .
,
() .
.
, (),
, .
, ,
,
. ,
,
,
.
,
.
3.3.3.4
.
,
, .
. ,
. Web-
, ,
. ,
.
Web- ,
(, )
, .
,
.
3.3.4. .
,
,
( ), , .
, ,
, ( ).
.
-
.
Web- ,
(Common Gateway Interface - CGI).
CGI-
HTML-.
,
CGI-. ,
.
,
Web-.
Intranet,
,
Web- - ,
.. ,
- Intranet.
,
, .. ,
,
.
:
( );
( );
(
).
3.3.5. WEB-.
Web-.
, ,
-
- .
Web-
(URL - Uniform (Universal) Resource Locator).
- HTML-, CGI-
..
, IP- /
. ,
, .
Web-
() .
HTML-,
CGI- ..
Web-
.
, , Web-,
,
. , ,
. , ,
, -
.
,
, .
index.HTML , HTML- .
CGI- .
,
() ( ).
3.3.6. .
,
,
. .
,
, .
,
-. ,
.
,
.
3.3.7. .
. -
,
,
,
, , .
.
- , , ,
, ,
.
- ,
. Intranet
. ,
, , ,
.
Intranet-
Web-.
.
,
.
Intranet
, ,
/. -
Intranet.
,
-
. ,
.
3.4. PGP.
.
. - (o
), ,
.
PGP (Pretty Good Privacy, Philip
Zimmermann),
. ,
,
, .
Internet PGP
(Pretty Good Privacy), 1991 .
PGP ,
, ,
.
UNIX, DOS, Macintosh VAX. PGP
Internet 75-
. , PGP 2.6.6
MIT.
PGP .
: .
, .
, .
,
PGP-;
.
, ;
.
PGP , , ,
.
PGP plug-ins
, Eudora, Netscape Outlook.
Plug-ins PGP
, ,
. (tray),
(floating toolbox) (right-click
menu) PGP .
.
,
PGP- .
, ,
.
,
. ,
.
.
PGP
Mac. Smart Binary
Mac Windows ( ).
PGP ,
Nuts & Bolts, Helix Software. ,
PGP . Network Associates Helix
. PGP for Personal Privacy
, Nuts & Bolts. Pretty Good
Privacy .
PGP
pgp kg
.
Pgp kx [a] _ (,
)
, - .
Pgp ka _ࠠ -
.
Pgp e _ /蠠 ,
(
).
Pgp es _ /蠠
.
Pgp s _ࠠ .
( , ;
PGP).
Pgp sa _ࠠ
ASCII-. ( ,
PGP ).
Pgp _렠
.
Pgp _ _ .
3.5. Blowfish.
Blowfish 97 .
Blowfish, 1993
Bruce Schneier. Blowfish ,
32 448 .
Blowfish , , ,
, .
Blowfish,
.
Blowfish - .
, ,
. , DES
32- ,
Pentium PowerPC.
Blowfish - 64- .
2 :
. , 448-,
4168 .
16- Feistel.
- ,
. - XOR 32- .
- 4
.
: Blowfish .
.
1. P- 18 32- :
P1, P2,..., P18.
2. 32- S- 256 :
S1,0, S1,1,..., S1,255;
S2,0, S2,1,..,, S2,255;
S3,0, S3,1,..., S3,255;
S4,0, S4,1,..,, S4,255.
: Blowfish - Feistel, 16 .
Blowfish, ,
,
.
, 521 , .
, .
MINI-BLOWFISH
Blowfish
. . Blowfish-32
32 , 16 (
S- 16 ). Blowfish-16 16-,
8- ( S- 4 ).
, .. S
P- . 64-
32- , . Blowfish
128-, .
-Blowfish ,
.
Feistel, Blowfish, ,
.
,
, .
, ,
,
, "". -
,
. Blowfish
.
" ". 522
, , 29
.
. ,
16 8 .
. ,
, 8
192 .
.
, .
S-
.
:
.
, ,
.
Blowfish -
,
,
.
Blowfish , .
.
Blowfish - .
.
. , ,
,
,
32000- .
.
(.BFA),
Blowfish Advanced.
Windows 95/NT,
Blowfish. EncLib 5/5
Blowfish CDC ECB.
3.6.KERBEROS.
.
.
.
Kerberos. , 80- ,
,
.
.
,
, .
, ,
, , ,
.
,
.
,
. ,
. , , ,
.
, ,
, .
, ( Security Dinamics)
.
SecureID ( ),
UNIX-.
,
SecureID.
,
. Kerberos
(- ), Athena,
,
,
. Kerberos
,
,
,
.
/Kerberos/.
Kerberos /
, (
), Kerberos- ( ),
- ( ) .Kerberos-,
, :
(authentication server) (ticket granting
server). , Kerberos,
, , ,
. Kerberos
(realm) ,
Kerberos-
Kerberos.
, Kerberos
. Kerberos
. (Kerberos-),
, Kerberos.
, ,
, .
,
, ,
,
.
.
, Kerberos
. , ,
, .. .
( Kerberos,
)
(ticket-granting ticket),
.
, ,
.
(session key),
.
,
Kerberos-,
.
.
Kerberos,
.
( ) ,
, ,
. :
,
, ,
, .
,
.
,
.
(authenticator),
,
.
, ,
,
, , ,
. .
,
, ,
.
,
. ,
,
.
(
) .
, ,
,
. ( )
,
. ,
, ,
.
, , ,
,
, .
,
.
,
, ,
,
.
.
,
- .
.
, .
. ,
-
. ,
,
, -.
, ,
,
.
(
). ,
,
,
,
.
,
Kerberos .
, ,
.
Kerberos (Kerberos Administration Server).
, ,
(,
).
Kerberos.
, Kerberos
Kerberos. ,
Kerberos,
, Kerberos,
. Kerberos-
, , ,
.
Kerberos (
)
. ,
, Kerberos,
Kerberos
. , ,
Kerberos
, Kerberos
.
(,
, , )
,
Kerberos.
. , , ,
Kerberos
Kerberos.
Kerberos.
Kerberos ,
Kerberos. , Kerberos-,
Digital Equipment ,
-, ,
Kerberos. ,
, Kerberos
.
Kerberos-5.
Kerberos ,
. ,
Kerberos,
, RFC
1510. Kerberos ,
.
,
,
.
Kerberos-,
. ,
, .
Kerberos DES
(Data Encryption Standard ),
,
, DES.
.
Kerberos . ,
TELEBIT,
,
Kerberos NetBlazer.
UNIX , NetBlazer
telnet rlogin
. ,
, ,
NetBlazer,
. Kerberos
. , , ,
Kerberos ,
(, ,
- ),
. , Kerberos
.
,
. Kerberos
,
Kerberos
( ).
,
.
Kerberos ,
, ..
.
Netscape,
,
Kerberos.
Kerberos.
. Purdue ( )
COAST (Computer Operations, Audit and Security Technology),
. , PCERT
(Purdue Computer Emergency Response Team)
. PCERT, ,
FIRST (Forum of Incident Response
Team).
( 16 1996
.), . . ,
,
,
.
4. .
,
.
.
.
,
.
, -
. ,
,
.
, 95 %
(
). 70 %.
, .
,
,
.
. / ,
.
.
,
,
.
,
- .
,
, :
, , , ,
.
,
()
. ,
, ,
.
(Virtual Private Networks - VPN)
,
(Network
Service Provider - NSP) Internet- (ISP),
. Infonetics Research ,
VPN 100 % 2001 .,
12 . . , 92 %
Internet- 60 % ISP
VPN 1998 .
,
VPN, , ()
, ,
()
(Public Switched Telephone Network - PSTN).
,
, (,
Frame Relay ATM).
,
,
.
.
,
, .
, 1999 . 80 %
, ,
(,
, ,
, ,
).
,
, Internet
IP- , , ,
.
on-line , , ,
,
.
, , ,
,
,
,
.
Internet,
. ,
.
,
,
anytime anywhere Internet
, . VPN
,
(Internet, Frame Relay, ATM).
,
.
, .
4.1. .
, VPN
Frame Relay ATM,
IP-,
IP. , ,
,
.
Frame Relay Access Device (FRAD)
Frame Relay ATM.
()
. , VPN
Internet. ,
IP.
VPN Internet ,
.
,
IP, ,
Internet. ,
. :
(IPX, NetBEUI, AppleTalk
) IP ;
IP IP;
IP ;
IP;
.
, , ,
.
IP-
, IP-.
,
192.168.0.0 - 192.168.255.255,
65536 .
,
IP-
. ,
IP- -
.
.
, ,
Internet.
:
(Dynamic Host Configuration Protocol - DHCP)
(Network Adress Translation - NAT),
. DHCP ,
, NAT
IP- , Internet.
Internet
IP. IP IP-
. ,
, IP.
IP
( ) Internet.
IP
IP,
-.
.
, ,
.
.
Internet VPN.
:
;
;
();
.
.
.
. ,
,
VPN ,
-.
Internet , IP ,
IP.
VPN
IP PPP (Point-to-Point Protocol)
IP. , PPP
-, , .
IP IP
,
.
IP, . PPP
2 OSI,
2 (L2 Tunneling Protocol
L2TP).
Point-to-Point Tunneling Protocol, 3Com
Microsoft, Windows
95 Windows NT .
,
.
4.2. .
Internet VPN. IT
Internet
.
Internet
, VPN, PSTN.
, л,
. :
Protection - (firewall);
Proof - ()
( );
Privacy -
.
л ,
VPN.
. ,
л .
VPN
,
.
VPN.
. ,
.
,
- .
.
,
.
Microsoft Point-to-Point Encryption (MPPE) PPP
, .
40- Windows 95 Windows NT (
128- ).
PPP.
Secure IP (IPSec) ,
Internet (Internet
Engineering Task Force - IETF). :
Authentication Header (AH) Encapsulating Security Payload (ESP).
AH ,
,
, .
, IP .
ESP, , (Tunnel Mode),
(Transport Mode).
, .
RADIUS
(Remote Authentication Dial-In User Service),
,
() ().
.
. Ascend, CheckPoint Cisco.
4.3. .
:
, .
-,
(Quality
of Service - QoS).
VPN,
.
4.4. .
, , ,
, . ,
VPN ,
.
, .. -
,
WAN.
VPN ,
,
, ,
.
,
,
.
4.5. VPN.
: ,
.
,
, VPN.
VPN, ..
, ,
, .
VPN ,
IP-, IPX- NetBEUI.
,
,
VPN WAN/LAN.
,
,
- .
,
.
(, -) .
VPN ?
, ,
30 80 %.
;
;
, PSTN,
.
, , VPN
,
.
.
Internet: .
Internet ,
,
TCP/IP.
.
,
, . IP
security option TCP/IP,
.
(firewalls),
. , ,
(VPN,
virtual private network, intranet).
Internet
TCP/IP-.
, 90-, Internet
,
.
.
, , : ,
, , ,
.
,
, .
? , ,
.
Internet .
Internet. ,
PGP (Pritty good privacy).
, PGP ,
, . , ,
on-line PGP . ,
PGP . PGP
, , ,
.
Internet, ,
, :
,
, ,
, ,
, ,
.
, .
,
.
,
.
- ,
Internet ,
.
.
.
, .
FireWall-1 CheckPoint
Software Technologies, Sun
. FireWall-1
Internet, FTP.
, ,
,
. , ,
, .
FireWall-1 ,
. ,
.
-
.
-
,
""
. ,
, ,
.
.