Documente Academic
Documente Profesional
Documente Cultură
astzi
Exerciiu avansat
Linux
Prezentare Linux
Folosirea de comenzi
Reea
Securitate
Management Reea
Construcie de reea
Server
de stabilit
Set de proceduri pentru a permite calculatoarelor s se conecteze ntre ele i s fac schimb de informaii
strat de TCP/IP stack Aplicaie Exemplu de TCP/IP protocol stack HTTP/H SMTP TTPS POP3 FTP SNMP etc.
Se divizeaz datele transmise n date mai mici care se numesc pachete Se adaug adrese pachetelor (Adresa de IP(IP Address)) Se pot comunica pachetele ntre reele fizice diferite(Direcionare(Routare))
Pentru a comunica ntre calculatoare, adresa este organizat de
1. IP Address 2. Subnet mask(masc subreelei) 3. Default Gateway(poart prestabilit)
IP Address este adresa alocat pe plac de reea(nu pe calculator) Subnet mask definete reeaua careia calculatoarele i aparin Default Gateway este adresa de destinaie careia mai nti pachetele i sunt trimise, cnd adresa de destinaie final nu aparine reelei careia i aparine adresa de expediie
n protocolul de TCP, se comunic prin port-uri. port specific servicii(programare sau daemon)
Trebuie s pregteasc aparat pentru reea. Aparate principale sunt precum urmeaz. (pentru intranet)
1. Hub i Switching Hub 2. Router(pentru a accede internet) 3. cable
Recapiturale de securitate
Remediu mpotriva amenintrilor interceptare electric (electric interception) falsificare (falsification) joac (impersonation) sustragere virus folosire abuziv
Criptarea datelor(folosind SSH(Secure Shell)i SSL Face backup regulat. Seteaz alte drepturi asupra fiierelor i directoarelor fa de cele corecte. Utilizator gestioneaz ID i Password serios. Instaleaz soft antivirus care scaneaz la accesarea acestora Face controlul accesului folosind id, password, numele calculatorului i adresa de IP.(tcpwrapper etc.) Nu lansa programe inutile. Face actualizarea securitii(security update) reglate Face filtrarea pachetelor(pachet filtering) tot timpul. (ipfilter)
7
ifconfig
Confirmarea setrilor ifconfig -a Setarea pe plac de reea ifconfig [numele device] [adresa de IP] netmask [subnet mask] Pornirea i oprirea placii de reea ifconfig [numele device] up ifconfig [numele device] down
*ifconfig are multe opiuni, referii man
8
traceroute [adresa de IP sau numele calculatorului] Aceasta comand confirm fluxul de pachete(adic routare)
Ce este nslookup/dig?
nslookup [adresa de IP sau numele calculatorului] dig [adresa de IP sau numele calculatorului] Aceasta comand confirm dac se poate cuta adresa de IP plecnd de la nume sau numele plecnd de la adresa de IP
Design de reea
ntrebare 1 Desenai linii care reprezint cablu pentru ca orice calculator s conecteze la internet
hub router DNS/Mail Server Reea exterioar
calculator
Legend plac de reea cablu legaturi directe calculator calculator cablu legaturi inversate
10
Design de reea
Rspuns 1
hub DNS/Mail Server Reea exterioar router
calculator
Legend plac de reea cablu legaturi directe calculator calculator cablu legaturi inversate
11
Design de reea
ntrebare 2: Scriei adresa de IP, Subnet mask, Default gateway, DNS. Dar eu pre-definesc placa de reea din reeaua
exterioar n avans. Iar despre default gateway, specificai serverul DNS din reea interioar. Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP Sub DG DNS IP Sub DG 1.2.3.1 DNS IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps IP Sub DG DNS IP Sub DG DNS router
calculator
calculator
12
Design de reea
Rspuns 2(Exemplu).
Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP 192.168.2.20 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20
router
IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps
calculator
calculator
13
Design de reea
ntrebare 3: Dispunei softuri precum urmeaz pentru securitate: Firewall, Antivirus, SSL, tcpwrapper
Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP 192.168.2.20 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 IP 192.168.2.10 Sub 255.255.255.0 DG 1.2.3.1 DNS 192.168.2.20 IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps IP 192.168.2.102 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 IP 192.168.2.103 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20 router
calculator
calculator
14
Design de reea
Rspuns 3:
Reea interioar 192.168.2.0/24 100Mbps DNS/Mail Server hub IP 192.168.2.20 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20
router
firewall Anti-virus
IP 1.2.3.4 Sub 255.255.255.0 DG 1.2.3.1 DNS 1.2.3.2 Reea exterioar 1.2.3.0/24 10Mbps
calculator
tcpwrapper firewall(ipfilter ) Anti-virus SSL firewall IP 192.168.2.102 Sub 255.255.255.0 Anti-virus DG 192.168.2.10 DNS 192.168.2.20 IP 192.168.2.103 Sub 255.255.255.0 DG 192.168.2.10 DNS 192.168.2.20
firewall Anti-virus
calculator
calculator
15
ipconfig
Confirmarea setrilor
root@0[knoppix]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0D:60:F0:33:EC inet addr:172.16.0.165 Bcast:172.16.0.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:153 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:18580 (18.1 KiB) TX bytes:1026 (1.0 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 b) TX bytes:600 (600.0 b)
root@0[knoppix]# ifconfig eth0 up root@0[knoppix]# ifconfig -a eth0 Link encap:Ethernet HWaddr 00:0D:60:F0:33:EC inet addr:172.16.0.165 Bcast:172.16.0.255 Mask:255.255.0.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:289 errors:0 dropped:0 overruns:0 frame:0 TX packets:7 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:33586 (32.7 KiB) TX bytes:1362 (1.3 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:12 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:600 (600.0 b) TX bytes:600 (600.0 b)
ping
traceroute
Confirmarea routri
root@0[knoppix]# traceroute www.yahoo.com traceroute: Warning: www.yahoo.com has multiple addresses; using 216.109.118.67 traceroute to www.yahoo.akadns.net (216.109.118.67), 30 hops max, 38 byte packets 1 172.16.0.135 (172.16.0.135) 0.165 ms 0.188 ms 0.121 ms 2 r-thor-cr0-fe2-vl700-0.botosani.rdsnet.ro (80.96.86.65) 1.019 ms 0.894 ms 0.829 ms 3 r-botosani-bb1-e0-0.botosani.rdsnet.ro (81.196.145.253) 1.886 ms 1.316 ms 1.788 ms 4 br01.frankfurt.rdsnet.ro (193.231.252.33) 36.241 ms 35.706 ms 35.044 ms 5 br01.frankfurt.rdsnet.ro (193.231.252.33) 35.995 ms 35.363 ms 34.866 ms 6 ge-5-1-0.100.ar2.FRA3.gblx.net (64.210.28.93) 124.931 ms 69.703 ms 70.292 ms 7 so2-1-0-2488M.ar1.DCA3.gblx.net (67.17.67.57) 143.549 ms 125.619 ms 124.714 ms 8 yahoo-2.ar1.DCA3.gblx.net (208.51.74.182) 125.194 ms yahoo-1.ar1.DCA3.gblx.net (208.50.13.210) 125.674 ms yahoo-2.ar1.DCA3.gblx.net (208.51.74.182) 150.928 ms 9 ge-1-0-0-p110.msr2.dcn.yahoo.com (216.115.108.45) 123.257 ms ge-0-0-0-p100.msr1.dcn.yahoo.com (216.115.108.1) 123.065 ms ge-1-0-0-p111.msr2.dcn.yahoo.com (216.115.108.47) 123.166 ms 10 ge3-1.bas1-m.dcn.yahoo.com (216.109.120.149) 128.270 ms ge7-2.bas2-m.dcn.yahoo.com (216.109.120.197) 123.251 ms ge3-1.bas2-m.dcn.yahoo.com (216.109.120.146) 125.701 ms 11 p4.www.dcn.yahoo.com (216.109.118.67) 146.936 ms 137.989 ms 123.683 ms
nslookup i dig
root@0[knoppix]# dig www.yahoo.com ; <<>> DiG 9.3.1 <<>> www.yahoo.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10277 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 9, ADDITIONAL: 9 ;; QUESTION SECTION: ;www.yahoo.com. ;; ANSWER SECTION: www.yahoo.com. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. www.yahoo.akadns.net. ;; AUTHORITY SECTION: akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. akadns.net. ;; ADDITIONAL SECTION: asia4.akadns.net. asia9.akadns.net. eur4.akadns.net. eur8.akadns.net. usw5.akadns.net. za.akadns.org. zb.akadns.org. zc.akadns.org. zd.akadns.org. ;; Query time: 5 msec 260 20 20 20 20 20 20 20 20 161811 161811 161811 161811 161811 161811 161811 161811 161811 8213 161811 161811 8213 161811 3421 3421 3421 3421 IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN IN A CNAME A A A A A A A A NS NS NS NS NS NS NS NS NS A A A A A A A A A www.yahoo.akadns.net. 216.109.117.110 216.109.118.71 216.109.118.74 216.109.118.79 216.109.117.205 216.109.117.106 216.109.118.69 216.109.118.75 asia4.akadns.net. asia9.akadns.net. eur4.akadns.net. eur8.akadns.net. usw5.akadns.net. za.akadns.org. zb.akadns.org. zc.akadns.org. zd.akadns.org. 61.213.147.96 220.73.220.4 195.219.3.169 62.4.69.96 63.241.73.200 81.52.250.134 206.132.100.105 69.45.78.3 65.203.234.28
;; SERVER: 194.105.8.1#53(194.105.8.1) ;; WHEN: Wed May 31 14:54:34 2006 ;; MSG SIZE rcvd: 512
root@0[knoppix]# dig 216.109.118.74 ; <<>> DiG 9.3.1 <<>> 216.109.118.74 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59908 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;216.109.118.74. IN A
;; AUTHORITY SECTION: . 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2006053001 1800 900 604800 86400 ;; ;; ;; ;; Query time: 138 msec SERVER: 194.105.8.1#53(194.105.8.1) WHEN: Wed May 31 14:55:26 2006 MSG SIZE rcvd: 107