Вы находитесь на странице: 1из 215

. ..

.. , .. , ..

2008



. ..

.. , .. , ..

2008

681.391.825
.. , .. , ..
// . : -
. . . -, 2008 . 212
ISDN


.

, ,
,
, ,

- .

230100 .


.
,


...................................................................................................................................8
1. ....................................9
1.1. ...............................................9
1.2. .
.......................................................................................................................10
1.3. .......................14
1.4. ................................................................................................16
1.5. .........................................18
1.6.
- .....................................................................................................20
1.7. ..........................................................................................23
2. ......................................................................................24
. ....................................24
...........................................................26
...................................................................................28
, ......................................................................32
.................34
2.6. ..........................................................................................40
3. ....................................................................42
3.1. .............42
3.2. .................44
3.3. ..........................................................................................47
............................................................................................................48
4.1. ...............................................................................................48
4.2. .......................................................................................50
4.3. ........................................................................................................51
4.4. ..........................................................................................52
.....................................................................53
5.1. ...............................................53
5.2. ..........................................................56
5.2.1. ................................................................................57
5.2.2. ...................................................................63
5.2.3. ....................................................................65
5.3. ..............................................................................................68
5.4. .................................................70
5.4.1. DES ().......................................................................71
5.4.2. .......................................78
5.5. ..................................................................................91
5.5.1.
.................................................................................................................................91
5.5.2. ..................................................................................95
5.5.3. RSA...................................................................................96
5.6. ........................................................................................100
. - ................................102
6.1. ...................................................102
6.2. - .......................................104
6.3. PKI....................................................................108
6.4. ........................................................................................117
.
..............................................................................................119
4

7.1. ...................................................119
7.2. Windows NT UNIX...........................124
7.3. ..............................................................................127
7.4. ................................................................................................128
7.5. ......................131
7.6. ........................................................................................137
8. .....................................................................138
8.1. INTERNET....................................138
8.2. .
..........................................................................................................141
8.3. . ..................................................144
8.4. (VPN).............................................................................149
8.5. Windows NT. Active Directory............................153
8.6. . ....155
8.7. ........................................................................................157
9. HASP...............158
9.1 HASP 4............................................................................158
9.2 HASP HL.........................................................................170
9.3. ........................................................................................175
10. ......................................................................................176
...............................................................................................183
11. - ................................................................184
11.1. .......................................................................................................186
11.2. ......................................................188
11.3. ...........................................................................189
11.4. ,
...................................................................................................................................191
11.5. ...............................................199
11.6.
................................................................................................................202
11.7. ......................................................................................204
12. ...............205
12.1. 272 ......................................................................................................207
12.2. 273 .....................................................................................................208
12.3. 274 ......................................................................................................209
12.4. 146. .............................................209
12.5. 147. ..............................210
12.6. ......................................................................................210
.........................................................................................................................212


,
, ,
,

.
.
.

.
.




-
/















-
DES Data Encryption Standard,
DoS- - Denied of Service
HASP
MLS- - Multilevel Security
PKI (Public Key Infrastructure) -
VPN



.
,
, ,
,
.


. ,
, ,

, ,
,
.
,

.

.
Internet,
.

.
8

,
()
,
, , ,
.

.

.

1.

1.1.

()

[].

.
,
, , .

(. 1.1).
,

(, , ..).
, ,
(, ..).
9

PROGRAM.COM,
.
PROGRAM.COM FILE.TXT,
.

. 1.1.

,
.

()

. ,
,
.
.
1.2. .


: , .

()
.
( 1.2).
10

. 1.2.

, ,
..

()

,
.

( , , ).
.
, ,
( ,
, ).

.
, , , .

11


.

[]:
1. ;
2. ;
3.

).

, .
,
.
, ,
,
.
, ,
Internet ,
()
(promiscuous mode).

,
,
.

,
. ,
, DoS- (Denied of Service
).
(),
12

(
).
,
.

, ,
,
..

:

..


, .

, ,

.

.

[].
1. .

,
. ,

(),
.
13

: , ,
, ,
.
2. -

.
3. -

.
4.

,
, , .
:
, , ,
,
.

10.
1.3.

[].
1. .
2. .
3. .
4. .
5. .
6. .
7. .

14


, ,
,
.

() ,


,
,
.
.
, ,
.
,

, , ,
..).

,

.
.
,
. ,

. ,

15

.
, ,
.

.
, ,
,
.

.

,

.
.

,
.

1.4.
,
.

, .
,
.
, , .
,
,
16

(, ..). ,

.
,

, , .
C,
: ,
[], ,
[].
, ,
,

,
( )
.

[].


.
,
.
1.1.
.

. ,
, .
, (
): < < <
.

17


.

,
.
,

, , ,
.

MLS (Multilevel Security).

1.5.

:
();
-;
-;

;
-.

, , , ,

.

.

,

18

, ,
, .

272, 273, 274 [, ]
( 13).

,
.
( ,
..),
.
-
; ;
;
, ,
.
- []:
;

( ,
, ..);

( ,
,
; ,
..);
;

19

(,

..);

;
, ,

, ,

..).
,
- ,

(,
, , - ..).
-
,

:
;
;
;
;
, ;

1.6.
-
, -
:
20

;
;
;
;
, ;
.
,
- ,
,
( 3),
.

, (, ,
..). ,
, ,
.

,
( 2),

,
.

, ,

.
,
,
( 5).
21


M C.
,
K,

K.

(
).

(.

1.3).


() OK,
.

( 4).

. 1.3.

( 6). , -
.
-
.
22

, ,
,

, ,
. 7.

, , ,
,
, .
.
,
, ,
, ,
.

.
,
, -
.

1.

1.7.

?
2.

. ,


, .
3.

?
4.

?
.
23

5.

.
6.

.
7.

8.

.
9.

.
10.

.
11.

, .
12.

?
13.

?
14. ?
15.

,
.

2.
.
() ,

,
(
) [].
24


, .

,
.

.
. 2.1.

MMS


--

Take-Grant

Low-Water-Mark

RBAC

. 2.1.


, . ,

.


.
25


()
, .
, ,

.

, ,
,
.
,
, ,
.

(S

Si

, O j , Tk ), i =1, N , j =1, M , k =1, K

Tk T

Oj

S i S

- ,

O j O

- ,

(, , , ..) [].

M N M

, ,
.
2.1.
/

_1

. 2.1. .
_2
CD-RW

26

_1

, 2.1, _1
_2.
.
-- (HRU) []


.

, .

Q=(S,O,M), S
, O , M=M[s,o]
. T.

.
op .

enter t into (s,o) t (s,o);

delete t from (s,o) t (s,o);

create subject s s;

create object o o;

destroy subject s s;

destroy object o o;

HRU

t1 in M[s1,o1] and
t2 in M[s2,o2] and

tm in M[sm,om]
27


op1
op2

opn
Q0.
Q0 t, , Q0
t,
, t ,
. HRU ,
s t o,
Q0.
2 .
2.1.
(, ), ,
Q0
t.
2.2.
Q0 t .
,
, create,
, destroy delete.


,
.

,
:
28

1. () A,

A={

(),

(), (), (),


()}.
j O

2.

Oj


xO j A ,

() .
S i S

3.

x S A ,
i


,
4.

Si

Si

x S ,
i

x Si xO j

xO j

Si

Oj
Oj


,
.
, ,
,

,
.
2.1
4
S={Administrator, User1, User2, Guest} 5 O={FILE1.DAT,
FILE2.TXT,

FILE3.TXT,

CD-ROM,

29

FDD}.

A={NONCONFIDENTIAL, CONFIDENTIAL,
SECRET, TOP SECRET}.

:
FDD NONCONFIDENTIAL.
CD-ROM CONFIDENTIAL.
FILE1.DAT SECRET.
FILE2.TXT SECRET.
FILE3.TXT TOP SECRET.
:
Administrator TOP SECRET.
User1 SECRET.
User2 CONFIDENTIAL.
Guest NONCONFIDENTIAL.
, :
Administrator ;
User1 FDD, CD-ROM,
FILE1.DAT, FILE2.DAT;
User2 FDD, CD-ROM;
Guest FDD.
, , Guest,
User1,
FILE1.DAT, User1 FDD,
.
- ()

S i S

j O

Oj

Si

30

1. NRU ( ).

Si

x S
i

Oj

x O , x S xO .
J

rea d
Si
O j x S i x OJ

(. 2.2)

2. NWD ( ).

Oj

Si

x S

x O

, x S x O .
i

write
Si
O j x S i x OJ

(. 2.2).

. 2.2. -

NWD ,
,
, .
2.2.
, 2.1.

:
1. Administrator
, FILE3.TXT;
2. User1 FDD, CDROM, FILE1.DAT, FILE2.DAT FILE1.DAT,
FILE2.TXT, FILE3.TXT;

31

3. User2 CD-ROM,
FDD FILE1.DAT, FILE2.TXT, FILE3.TXT, CDROM;
4. Guest FDD
.
,
( ,
RBAC) ,
,
, ,

[].

. ,

.
, ,

.
,

, ,
.

,
,
, ,
.

32

: -,
, , , -,


, ,

.

:
U .
R .
P , ,
, .
S .

(. 2.3):
PA P R

.
UA U R

.

:
user : S U

- s

,
.
roles : S { R}

- s

R,
.

33

permission s : S P

- s

,
, .
:
, ,
s, , p
,

p permission s (s ) .

. 2.3. ,

NIST 359 Role Based Access Control []



.

,
,
,

34


- [].
,
A
,
.
A , , :
A={ , , ,
}.
:
,

,
(,
),

- .
, , ,
.

,
,
.

, ,
. ,
,
,
.

35

:
,
.
.
.

S i S

j O

Si

Oj

:
1. NRD ( ).

Oj

Si

x S
i

x O

, x S x O .
i

read
Si
O j x S i x OJ .

2. NWU ( ).

Si

Oj

x S
i

x O , x S x O .
J

write
Si
O j x S i x OJ .

. 2.4.

. 2.4.


.
2.3
(, ..)
,

36

.

: A={ , ,
, }.

. ,



.

.
,
.
,
.
,
,
.

.
,
, .
, .
-.
- (),


,
37

D. D
,
(CDI) (UDI),
D = CDI UDI, CDI UDI =
,
().

(, ..). ,
, ,
..

.
1.
IVP, CDI.
IVP
CDI
UDI.

.
2. CDI
CDI.

38


CDI, CDI
CDI.
3. CDI.
, , ,
CDI.
CDI.
4.
CDI.


CDI - -.
CDI.

5.

.
,
, CDI
.
CDI.

. ,

, .
.
6. UDI CDI.
UDI
CDI.
7.
CDI,

39

,
CDI.
,
CDI.
8. ,
.
,
.
9.
(,
).
, , , ,
.
,
-
.
,

, .

2.6.
1.

2.

?
3.

?
4.

5.

-? ?
40

6.

--? ,
?
7.

?
8.

.
9.

?
10.

-.

,
?
11.

?
12. .
13.

?
14.

-?
15.

.
16.

.
17.

-.

41

3.
3.1.

() ,
.

.

,
, .
,

( )
.
, ,
(), iButton (Touch Memory),

proximity,

..

.
,

,
.
.

42

.
,
, , , - .. ,
, .
,

.

(/).


, /
, .
, /

.

,
, , .

:
.
/

.
/

43

3.2.

/

. ,
, ,
.
-
.
.

). ,


.
1. .
2. .

3. .
4. ,
.
5.

( ); , .
6. .

, , ,
, , (
), .

44

, ,
.


[].
1.

( , brute-forcing) .
2.

.
3.

.
4.

,
off-line
.
5.


.
6.

.
7.

.
8.

,
.
9.


.

[].
45

A ( ,
). ,

, A=26.
L .
S = AL

- L,

A. S .
V .
T .
, P
.
P=

V *T V *T
=
S
AL

:
. A

L,

P, V,
T.
.
V,T,P S*


V * T
S* =
P

(3.1)

- , .

S* A L,
(3.2).
(3.2)

S* S = AL

S, (3.2),
( V T)
P.
46

(3.1) (3.2),
.
3.1
P=10-6, T=7 = 1 , V=10 /
= 10*60*24*7=100800 .
,

100800 *1
S* =
= 1008 *10 8 .
6

10

S * A L , , A L,
A=26, L=8 ( 8 ),
A=36, L=6 ( 6 ,
).
3.3.
1. ?

?
2.

.
3. ?
4.
?
5.

.
6.

.
7. ?
8.

?
9.

47

A,L,V,T?


, ,
,
.
.
.
4.1.
m . m
m 0,1,2,,m-1.
a b m,
a-b m, , , ,
a b m, . b
a m.
a b m,

a b ( mod m ) .

4.1
17 12 5,
17 12 ( mod 5) ,

17 2 7 ( mod

5) .

, a
m, 0 m-1.
, a>0
r {0,1,..., m 1} .

0 (m-1)

m.
:
, .
m

.
:
1. : a a ( mod m ), a .
2. : a b ( mod m ) b a ( mod m ) .
48

3. : a b ( mod m ), b c ( mod m ) a c ( mod m ) .


4.

a b ( mod m ) ,

k a k b ( mod m ) .

5. k a k b ( mod m ) , ( k , m ) =1 ,
a b ( mod m ) .

6. a b ( mod m ) , c d ( mod m ) , a c b d ( mod m ) .


n
n
7. a b ( mod m ) , n 0 , a b ( mod m ) .

8. a + b c ( mod m ) , a c b ( mod m ) .
9.

a b ( mod m ) ,

a k m b ( mod m ) .

,
m, ,
,
m.
m,

. ,

.
m k
, 2k .
,
.
a x m,
a x mod m

, x - .
4.2
, ,

a 8 mod m .

49

.
.

(( a
2

mod 11

((

mod 11

mod 11 mod 11 = 5 2 mod 11

mod m mod m mod m

2
916 mod 11 =
9 mod 11

(( 4

a x mod m ,

mod 11
mod 11 =

mod 11 = ( 3 mod 11) mod 11 = 9 mod 11


2

x ,

. x
x .
4.3
x=25(10)=11001(2), 25=24+23+20.

a 25 mod m = a 2

+ 23 + 2 4

) (

mod m = a a 8 a 16 mod m = a (( a 2 ) 2 ) 2 ((( a 2 ) 2 ) 2 ) 2 mod m =

(((( a 2 a ) 2 ) 2 ) 2 a ) mod m .


,

.

4.2.
n>1 ,
1 n, n
.
4.4 2,3,7 . 4,6,8 ,
2.
:
1. p1 p2 p1 p 2 , p1 p2.
2. p , n , n p

n p 1.

50

3.

m n p , m p n

p.
4. a1 ... a k

p , a i ,

p .
:
4.1. n>1 ,

: n = p1 ... p k ,
1

p1 p 2 ... p k .

n.
n
n.
,
n.
,
p q, , n = p q .
,
n , ,
, -, .
a b,
(a,b) (a,b), ,
a b. (a,b)=1, a b
.

4.3.

[].

51

( n )

- 2 n.

.
n
: ( n ) ln n [].

( n )

- n.

n n = p1 ... p k .
1

( n ) = ( 1 + 1) ... ( k + 1) .
(n)

( n) =

n,

p k +1 1
p11 +1 1
... k
p1 1
pk 1

( n )

- , n

n,
( n ) = p1 1 1 ( p1 1) ... p k k 1 ( p k 1)

4.5
n=720

( n ) , (n) , ( n ) .

720 - 720 = 2 4 3 2 5 .
( 720 ) = ( 4 + 1) ( 2 + 1) (1 + 1) = 30
( 720 ) =

2 5 1 33 1 5 2 1

= 31 13 6 = 2418
2 1 3 1 5 1

( 720 ) = 2 3 ( 2 1) 31 ( 3 1) 5 0 ( 5 1) = 8 3 2 4 = 192

4.4.
1. .
2. , 5 7.
3. ?
4. .
5. .

.
6. n.
7. n.
52

(4.1)

8. : 200, 143, 89.


9. a b.

10. 10 4, 20
21, 3 90.
11. ?

.
12. ( 200 ) , (200 ) , ( 200 ) .


5.1.

(), ,
.


.

, ,
.
,

.
. ,

. K -

(),

53

M ,
. ,
,
() .
,
,
, ,
.
[].
,
.
1.
.
2.
( ). ,
M C.
K
.


.
3.



.
,
, brute-forcing.
4.
.

54



.
,

.
, .
, ,
.
1.
.
2.
,
. , ,
, ,
.
3.
.

.
4.
M,
(
).
5.
.
6. ,
, .
7. ,
.
55

5.2.
(
)

K,

. ,

.

. 5.1.

. 5.1.



.

[,].
1. .
2. .
3. .

56

5.2.1.

() ,

.
.
.


.
.


,
( 50 . .).


, K.
.
:
=P+K (mod M),
(5.1)
P ,
, K ( ), M
( M=32)

,
.
5.1
K=3
5.1.
=P+3 (mod 32)

(5.2)

. 5.1. . K=3
57

(5.2)
.
,
(5.1),
=P-K (mod M),

(5.3)



:
C = a P + K ( mod M ) ,

0 a, K < M

- ,

(5.4)

( a, M ) =1 .

(5.4)
, a M .

(5.5)
P = a -1 ( C K ) ( mod M )

(5.5)

5.2.
M=26, a=3, K=6, (3,26) = 1.
(
).
58

A
P 0
C 6

B
1

C
2

D
3

E
4

F
5

G
6

H I G K
7 8 9 1

L
1

M N
1 1

O
1

P
1

Q
1

R
1

S
18

0
1

1
1

2
1

3
1

4
2

5
2

6
2

7
5

T
P 1

U
2

V
2

W X
2 2

Y
2

Z
2

9
C 1

0
1

1
1

2
2

4
0

5
3

3
2

1 4 7

4 7 0 3
HOME

BWQS.

1508
[].

.
, .
.

,
.
,
.
48.
5.3
.
5.2.
. 5.2.

59

.

.
, ,
,
.

.
.


.

,
, ..
,
. . ,

.

.
.


.
.
, .
60

, ,

, , .
5.4.

, =193431.

1 9 3 4 3 1 1 9 3 4 3

,


1 1 9 3


3 1 1 9

1,
.

.

,
0
9, .
,
, ,
. ,
. 0
M-1, M .

i=Pi+Ki (mod M),
(5.6)
Pi - , Ki
, i .


Pi=Ci -Ki (mod M)
61

5.6.

31:

-0, -1, -2, ... , -31.




M=2 [].
,
.
.
2
(5.7).
(5.7)
Y=PK
2
.
. 5.2.

. 5.2.

ARJ. (5.7)
:
Y=P(K+VALUE),
VALUE .
62

(5.8)

5.7.

.
ASCII : =193, =203,
A=192, =205, =202. 193, 203, 192,
205, 202 11000001 11001011 11000000 11001101
11001010.
ASCII : =206, =213.
206, 213 11001110 11010101.

2 .

1
0

1
0

0
0

0
0

1
1

1
1

1
1

0
1

1
0

1
0

0
0

1
1

0
1

1
1

0
1

1
0

1
0

1
0

0
0

0
0

1
1

1
1

1
1

0
0

1
0

1
0

0
0

1
1

0
1

1
0

0
0

1
0

1
0

1
0

0
0

0
0

1
0

1
1

1
0

0
0

G-

. n n
K1, K2,..., Kn. T
K1, K2
... Kn. Kn
.

5.2.2.

,

63

.
.
,
,

.

, .
n
1 n,
.
. Ki
,
Ki .
5.8.

=3142.

1
4
2

3
1
4
2
3
1
4
2

, Ki.

[].
,
,
, .
. ,
. 5.3.

4-0-2-3-1-5-7-6,

( ).
64

4-6-2-0-1-5-7-3

. 5.3.
0

5.9.


, . 5.3.
0

6
7

5.2.3.


[].
,
,
.
.
5.4.

65

. 5.4.


()
,
.


.
.

64

.

(5.9)
- i- , T - i-

(i )
T ( i ) =
T(i ) , i = 1, N

(i )

- i- ,

(i )

(i )

, N .

:
(i )
T( i ) =
T( i ) , i = 1, N

.
.

,
.
.

.
.
66

, ,
, ..
,
.
.

.

,

.
A0 - . i
i i-1
:
1. i-1 ,

Ai21 .

2. i

Ai21 .

5.10
A0=1204,

A02 =1449616.

A1=4496, A12 =20214016, A2=2140

.
,
, , .


Y1,Y2,...,Yi-1,Yi,...,
Yi=(a*Yi-1+b) mod m,

67

(5.10)

Yi i- () ; Yi-1
; a,b,m ; m ; a ; b
; Y0 .
m 2n, .
b m, a
.

.
,

5.3.

C ,
.

.
.
,
.


, .
,
.

) ,
.
,
.
68

(,

).

,
, - ,
, , .
69


. , ,
, ,
2
.
ARJ,
.

5.4.

[].

,
.

.

,
,
.
.
,
,
.

.

70

5.4.1. DES ()

, DES (Data Encryption Standard),



[]. IBM ,

.
DES .

64 64- ,
56 . DES
.
DES .
5.5.

. 5.5. DES

64- T.
T IP.
5.3.

71

. 5.3. (IP)

5
8
6
0
6
2
6
4
5
7
5
9
6
1
6
3

5
0
5
2
5
4
5
6
4
9
5
1
5
3
5
5

4
2
4
4
4
6
4
8
4
1
4
3
4
5
4
7

3
4
3
6
3
8
4
0
3
3
3
5
3
7
3
9

2
6
2
8
3
0
3
2
2
5
2
7
2
9
3
1

1
8
2
0
2
2
2
4
1
7
1
9
2
1
2
3

1
0
1
2
1
4
1
6
9

1
1
1
3
1
5

4
6
8
1

5
7

, 58 T 1, 50
2 ..
,
T0 2 : L0 32 , R0
32 .
, 16
. Ti , i ,
Ti=LiRi, i- :
Li=Ri, Ri=Li-1 f(Ri-1,Ki), i=1,2,...,16,
f .

IP-1 (. 5.4).
. 5.4. (IP-1)

4
0
3
9
3
8

8
7
6

4
8
4
7
4
6

1
6
1
5
1
4

5
6
5
5
5
4
72

2
4
2
3
2
2

6
4
6
3
6
2

32
31
30

3
7
3
6
3
5
3
4
3
3

5
4
3
2
1

4
5
4
4
4
3
4
2
4
1

1
3
1
2
1
1
1
0
9

5
3
5
2
5
1
5
0
4
9

2
1
2
0
1
9
1
8
1
7

6
1
6
0
5
9
5
8
5
7

29
28
27
26
25

f(Ri-1,Ki) .
5.6.
f :
, 32- 48 ;
S1,...,S8, 6- 4-;
P, 32-

.
E 5.5 .
Ri-1
Ki 6-
B1,B2,...,B8.
- S1,S2,...,S8, 4- .

73

. 5.6. f
. 5.5. .

3
2
4
8

5
9

6 7 8 9
1 1 1 13
0 1 2
1 1 1 1 1 17
2 3 4 5 6
1 1 1 1 2 21
6 7 8 9 0
2 2 2 2 2 25
0 1 2 3 4
2 2 2 2 2 29
4 5 6 7 8
2 2 3 3 3 1
8 9 0 1 2
Sj .
Sj 6- B1=b1b2b3b4b5b6,
b1b2 ,
74

b2b3b4b5 Sj,
(. 5.6). 6-
B1B2,...,B8
S1,S2,...,S8.
. 5.6. S1,...,S8

14
0
4
15

4
15
1
12

13
7
14
8

1
4
8
2

2
14
13
4

15
2
6
9

15
3
0
13

1
13
14
8

8
4
7
10

14
7
11
1

6
15
10
3

11
2
4
15

10
13
13
1

0
7
6
10

9
0
4
13

14
9
9
0

6
3
8
6

3
4
15
9

7
13
10
3

13
8
5
15

14
11
9
0

3
5
0
6

0
6
12
10

6
15
11
1

2
14
4
11

12
11
2
8

4
2
1
12

1
12
11
7

7
4
10
1

10
7
13
14

12
10
9
4

1
15
14
3

10
4
15
2

15
2
5
12

9
7
2
9

2
12
8
5

4
13
1
6

11
0
4
11

2
11
11
13

14
7
13
8

15
4
12
1

0
9
3
4

1 (S[1])
11 8
3
10 6
13 1
10 6
12
2
11 15 12 9
1
7
5
11 3
2 (S[2])
3
4
9
7 2
8
14 12 0 1
13 1
5
8 12
4
2
11 6 7
3 (S[3])
15 5
1
13 12
6
10 2
8
5
3
0
11 1
2
8
7
4
15 14
4 (S[4])
9
10 1
2 8
0
3
4
7 2
7
13 15 1 3
13 8
9
4 5
5 (S[5])
11 6
8
5
3
13 1
5
0
15
7
8
15 9
12
2
13 6
15 0
6 (S[6])
6
8
0
13 3
9
5
6
1
13
12 3
7
0
4
15 10 11 14 1
7 (S[7])
8
13 3
12 9
1
10 14 3
5
7
14 10 15 6
10 7
9
5
0
75

12
11
7
14

5
9
3
10

9
5
10
0

0
3
5
6

7
8
0
13

14
10
6
12

12
6
9
0

0
9
3
5

5
11
2
14

10
5
15
9

7
14
12
3

11
12
5
11

4
11
10
5

2
15
14
2

8
1
7
12

5
12
14
11

11
1
5
12

12
10
2
7

4
14
8
2

15
9
4
14

15
10
5
9

13
3
6
10

0
9
3
4

14
8
0
5

9
6
14
3

4
14
10
7

14
0
1
6

7
11
13
0

5
3
11
8

11
8
6
13

7
12
8
15

5
2
0
14

10
15
5
2

6
8
9
3

1
6
2
12

13
1
7
2

2
15
11
1

8
13
4
14

4
8
1
7

6
10
9
4

8 (S[8])
15 11 1
10 9
3
3
7
4
12 5
6
12 14 2
0
6
10
10 8
13 15 12 9

14
11
13
0

5
0
15
3

0
14
3
5

12
9
5
6

7
2
8
11

S1(B1) S2(B2)... S8(B8) 32 ,


P (
5.7.)
. 5.7. P

16
29
1
5
2
32
19
22

7
12
15
18
8
27
13
11

20
28
23
31
24
3
30
4

21
17
26
10
14
9
6
25

, . 5.6
Ki. Ki
K. K 64 8 ,
8,16,24,32,40,48,56,64.
G
(. 5.8). 7x8
,
.

76

. 5.8. G

5
7
1

4
9
5
8
10 2

4
1
5
0
5
9
3

3
3
4
2
5
1
19 1
6
1
0
63 5 4 3
5 7 9
7 6 5 4
2 4 6
14 6 6 5
1 3
21 1 5 2
3
8

2 1 9
5 7
3 2 18
4 6
4 3 27
3 5
5 4 36
2 4
3 2 15
1 3
3 3 22
8 0
4 3 29
5 7
2 1 4
0 2

2 C0 D0. ,

Ci,Di,

i=1,2,...,16.

Ci Di 1 2
.
.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

112222221 2 2 2 2 2 2 1

Ki, ,
CiDi H,
5.9.
. 5.9. H

1
4
3
2
3
1
6
4

1
7
2
8
1
9
7
5

1
1
1
5
1
2
2
7
3

2
4
6
4
2
0
3
77

2
1
2
6
1
3
4

10
8
2
55

1 2 1 7 7
3 4 5 4 3 48
0 0 1 5 3
4 4 3 5 3 53
4 9 9 6 4
4 4 5 3 2 32
6 2 0 6 9
64
. -
. .

, .
- (ifer Block Chaining, CBC).
- (Output
Feedback mode, OFB) (Cifer Feedback
mode, CFB) ,
.
DES- 256 = 7*1016 .
,
1 . ,
3,5 .
DES
, ,
AES.

5.4.2.

. 28147-89,
1989 [].
,

, ,

78

.
, .
,
, ,
,
.
:
;
;
;
.
2814789
. ,

. ,
.
, .
,
,
.
, , .
32- ( 256 ).
: K

={K i }0 i 7 .

16, 4- ,
0 15. ,
,
16 0 15 .
H:

79

i 7
H ={H i , j }0
0 j 15 ,0 H i , j 15

: 8 16 / 4 / =
512 64 .

, 64- .
32- ,
.
5.7.

0.

:
N 64- ,

(N1) (N2)
32- . N=(N1,N2).
X 32- ;

1. .
232 .
2. . 32- ,
, 4-
: S=(S0,S1,S2,S3,S4,S5,S6,S7).
,
: Si Si-
( ) i- (.. i- ,
). ,
,
, ,
4- .

80

0
(N, X)

S = ( N 1 + X ) mod 232
m = 0..7
2

Sm = H m ,Sm

S = 11 ( S )
4

S = S N2
5

N 2 = N1 , N 1 = S
6
(N)

. 5.7. 28147-89

3. 11
.
11
11 .
4. : , 3,
2 .
5. :
,
.
6.
.

81

28147-89 ,
. ,

.
.

.
- ,
n-X, n
, X, , ()
() .

.
1.

32-:

K0,K1,K2,K3,K4,K5,K6,K7,K0,K1,K2,K3,K4,K5,K6,K7,K0,K1,K2,K3,K4,K5,K6,K7,K7,
K6,K5,K4,K3,K2,K1,K0.
2.

32-:

K0,K1,K2,K3,K4,K5,K6,K7,K7,K6,K5,K4,K3,K2,K1,K0,K7,6,K5,K4,K3,K2,K1,K0,K7,
K6,K5,K4,K3,K2,K1,K0.
3.

16-:

K0,K1,K2,K3,K4,K5,K6,K7,K0,K1,K2,K3,K4,K5,K6,K7.
,

:
32-(32-(T))=T,
T 64- , X(T)
X T.
, 28147-89, ,

. :
82

, 32-
32-. ,

,
.
,
,
28147-89
.
,
,
16 ,
.
:
,
.
:
T,T ;
TiO , Ti

i- 64-

: T

= (T1 , T2 ,..., Tn ) ,

T =(T1 , T2 ,..., Tn
)

, 1 i n,
:

| Ti |=| Ti |= 64 1 i <n , 1 | Tn |=| Tn | 64 ;

n 64- ;
X 64-
X;
28147-89.

32-
, 32-

83

. , 64-
.

,
64 : |T|=|T|=64n,
.
:
1)

,
.

,
,
.
2)

64 ,

,
64 .

,

64 , 64- .
,
, :
32 , 64 .
, 8-
,
. ,

, , ,

84

. 28147-89
.

, ,
64
. 28147-89

()
()

() .
2.
; -,
, ,
. -,
64 ,
,
.
:

()

64-

32-,
, .
,

. ,
,
i+1=f( i), i , f

. ,
0.
85

, S,

28147-89

. 2814789 ,

32-:

0=32-(S).

, ,
, ..
.
, :
i=32-( i)=32-(fi( 0))=32-(fi(32-(S)))= i(S,K),

i i- , K .

. ,
-
.
,
, ,

.
,

,
.

. 5.8.

86

0
(T() , S)
1
S=323(S)
i = 1..n
2
S0=(S0+C1)mod 232
S1=(S1+C21)
mod (232 1) +1
3

Ti

()

= Ti () 32 ( S )

(T())

. 5.8. ()

0.

:
T() ()
, (),
64 ;
S , 64- ,
;
1. ,
, ,
, ;
2. ,
. (S1) (S0)
;
3. . 64- ,
, 32,
()
() .

87

4. ()
.
, 28147-89
. ,
:

,
264;
, ,
, ;
,

.
,
, :
64-

~
i = (i0 , 1i ), | 0i |=| 1i |= 32 , i0+1 = f (i0 ), 1i +1 = f (1i )

, ,
.

:
i0+1 =(i0 +C1 ) mod 2 32

, C1=101010116;

1i +1 =(1i +C 2 1) mod ( 2 32 1) + 1 ,

C2=101010416;

, , 16-
.

232, 2321,
232 (2321).



88

32-
,

.

.


,
,
,
.
P ,

,
.
28147-89
. 5.9. ,
, 32 .
,
2P
. 32
232 0.23109.

89

(T)

S=0

i = 1..n
2

S = 16 ( S Ti )
3

=(s0,s1,...,sr-1)

()

.5.9.


.
,
0 1. ,
,

. ,
. ,
,
, .

,
, , ,
, , 28147-89.

.

0 1
,
.
90


-4, 28147-89,

, .
. 5.10 -4/PCI.

. 5.10. -4

,
, .
,
.

.

5.5.
5.5.1.


, .

[].



( ).
91


,
,
.
.
, .

,
.

,
, .

. ,


, -
,
. ,
.
.

.

() ().

,

92

.
.

.

.

. 5.11.

B.
, . (, )
,

B.

, .

. 5.11.

B, ,
.
,
, B .
, ,
, .

93

5.11
.
:
1. A (,).
2. B (B,B).
3. A B .
B,
B B A.
4. B
B, B A
A.
5. ,
B, , B ,
A, B.
,

,
. A
,
A,
.
(. 5.12).

94

. 5.12.

,
PKI ().
. . ,
[]:
1. (, )
.
2. , ,
.
3. , ,
.
4.
.
,
.
5. , ,
,
.

5.5.2.


.
X Y .

f : X Y

, x X

y = f (x) ,

x=f

( y) ,

y Y

.
, f
,
95

Y X ,
.
,
.

P Q
(N=P*Q) . ,
, P Q N (
, P Q ),
N. N 2664 P Q,
.
.

A x
M ( 0 A, x < M ),

y = A x (mod M )

.
x ,A,M ,
,

x = log A y ),

A x (mod M ) = y

(
).
.


, ,
( ,
).

5.5.3. RSA

RSA 1978 ., . ,
. .
96


.
[,].
RSA , ,
0
N-1, N .
,
B.
A RSA,
.

1. P Q.
P Q
.
2.

( N ) = ( P 1) (Q 1) ,

N = P Q .

(4.1)

( N ) - .

3. ,
:
1<A< ( N ) , (, ( N ) )=1
(5.11)
4. A
,
1 (mod ( N ) )
(5.12)

=-1 (mod (P-1) (Q-1))


A ,
, P Q, ( N ) .
,
, P Q.
N,
.
RSA
97

, M, B

N. (5.13).
C = M K A (mod N )

(5.13)
, M
, , N
N ( N 2 512 ).

, C.

N. ,
(5.14).
= K A (mod N )

(5.14)

,
C (mod N ) = ( M OK A ) CK A (mod N ) = M OK A CK A (mod N )

, ,
(x,N)=1,

x ( N ) 1 (mod N ) .

5.12, 1 (mod ( N ) ), =k ( N ) +1.


,
M OK A CK A = M k ( N ) M (mod N ) = M (mod N )

, , C CK (mod N ) = M (mod N ) .
A

, (,)
: 1) ; 2) P Q.
,
( N ) ,
(5.12).
RSA N.

RSA P,Q,N
200-300 .
98

5.11
DAC RSA.
P Q.

1. P = 5 Q = 13
2.
3.

N = P Q = 5 13 = 65

( N ) = (65 ) = (5 1) (13 1) = 4 12 = 48

4. ,
1 < OK A

< 48 , ( ,48 ) =1 .

= 5.

5. ,
=29. ,

CK A OK A = CK A 5 1 (mod 48) .

29 5 =145 1 (mod 48 ) .

6. B (N=65, =5)
B
1.
0 63. 1, B 2, 3, D 4
.. DAC
413, M1=4, M2=1, M3=3.
2. 5.13:
C1 = M 1OK A (mod N ) = 4 5 (mod 65) = 1024 (mod 65) = 49 ,
C 2 = 15 (mod 65) = 1 ,
C 3 = 3 5 (mod 65 ) = 243 (mod 65 ) = 48 .

3. B A C1, C2, C3=49, 1, 48.


A
1. 5.14:
M 1 = C1CK A (mod N ) = 49 29 (mod 65) = 4 ,
M 2 = 129 (mod 65) = 1 ,
M 3 = 48 29 (mod 65 ) = 3 .

, M1=4=D, M2=1=A,
M3=3=C. DAC.
99

5.6.
1. ?
2. .
3. ?
4.

.
5. ,
?
6. .
7.

.
8. .
9. .
10.

?
.
11. , .
12.

?
13.

. .
14. ,
? ?
15. ?
16.

.
17. ?
18. .

19. ?
100

20.

.
21.

?
22. .
23. DES.
?
24. DES?

25. DES.
26.

28147-89.
27. 28147-89?
28.

?
29. ?
30.

.
31.

, ?
32.

.
33.
.
34. .
35. .
36.

RSA.
37.

RSA.
38. RSA.
101

. -

6.1.

, .

, (
)
.
: ,
..

.

, ()
.
,
,

.
,
100% .

, ,
, .

102

,
100% .
, ,
,
(). ,
,
: , , ,
..
, ,
.

.
6.1.
.
6.2. ,
.
,
, , , -
,
, .
,
,

.
,

[].
1. . ,
.
103

2.

B,

A.
3. . ,
B, . ,

, .
4. . B
, A. ,
.
5. . ,
B.
,
, ,
,
. ,
, ,
,
. ,
,
.

, .
- .

6.2. -
- ()
, ,

.

104

()

, .
.
1.

, .
2. .
3. ,

, ,
.

.

, , (,),
: 1. ( ); 2.
( ).

,
(. 6.1). M , E .

. 6.1.

105


.
H ,
M, H(M) (
), ,
. H(M)
M.

M - H(M).
- M
.
,
M1 M2
.
,
M, , , , ..
MD4, MD5,
SHA.
-
, .
. 6.2.

106

. 6.2.

,
.

1. H
.
2. H

.
3. .

1.
.
2. ,
,

3. , ,
H, .
4.
H

,
.

107


.
.
,
,
.
,

,
.
RSA, -,
DSA. 34.10-94 [].
6.3. PKI
22 2002
- () ,

.
.

,

, ,
.
, ,

.
,
. , ,

)
108

PKI

, ,
.

[].
1. ,
, .
2. ,
, ,
.
3.
.
PKI .
.
1.


.
-
.
2.

(-)
.
3.


.
, PKI

, .
,

[].
109


.
, , , ..

, .
.

.
PKI ,

,
. PKI

.
PKI [5].
1. .
2. .
3. .
4. .
5. .
() -
,
. ,

. ,
. ,

, .
:
1. ;
110

2. ( ) ;
3.
.
PKI.
,
,
, .
PKI,
, .

LDAP
.

.
PKI, :
.
, ,
..
PKI :
1. ,

, .
2. ,

,
, ,
.
3.

, ,

, , ,
.
PKI.

111

PKI

,
(. 6.3).

. 6.3. PKI

1,2,3 ,
.

.
,

PKI

-
,
.
PKI
: ,
, VPN ..
PKI . 6.4.

112

PKI
, X.509.
X.509.V3
RFC

3280

Certificate

&

CRL

Profile.

,
, .
X.509.V3 6.1.

. 6.4. PKI
. 6.1. X.509.V3

1
2
3
4
5
6
7
8
9
10


( 3)

,

,
( / )
,



,

.
113

11

, ,
. , ,
.
, , ,
..
PKI

,
, .
,
,
.
PKI ,
, .

PKI

, ,

PKI,

.
, PKI,
RFC 2527 Certificate Policy and Certification Practices Framework.
,
PKI,
.

,
/
.
114


.
,
, ,

,
,
.

, RFC 2527 .
, PKI
, . 6.5.
PKI

PKI

- .
,
, :
1. Entrust/PKI Entrust Technologies.
2. Baltimore UniCERT Baltimore Technologies LTD.

3. BT TrustWise Onsite VeriSign Inc.


4. IBM Trust Authority.
5. RSA Keon Certification Authority RSA Security Inc.
6. VCERT PKI .

7. .

,
, .

115

. 6.5. PKI


.
:
1. , Windows 200

Server.
2. , Windows 2000

Server Microsoft SQL


2000, Microsoft IIS 5.0, CRYPTO API 2.0.
116

3. , Windows 2000

Professional Microsoft Management Console

, .
4.

web-,

. Windows 95 .
,
TLS .
5. .
. 6.6.

. 6.6.

1.

6.4.

117

2.
?
?
3. ,


.
4. ?
5.

.
6. ?
7. ,
.
8. ?

?
9. .
10. .
11. .
12. ?
13. .

?
14. PKI.

15. ?
16. PKI.
17.

118

.

7.1.


.
, i-

IDi

i-ro

,
, Ki -
, .
(IDi, Ki) ,
,
.
(

.
,
.

.
1.
, , .
Windows NT, 2000,
XP

.
UNIX
.

119

,
. ,
, NT,
,
, . ,

. ,
.
2. .

,
.
. , ,
,

,
. ,


, , SoftIce,

(,
).
,
, , ,

. ,
, .

, [].
120

1. -
. -
7.1.
. 7.1.

1
ID1
E1
2
ID2
E2

N
IDN
EN
Ei=F(IDi,Ki), F . , Ei

IDi Ki.
,
Ki .
NTLM Windows NT
MD4.
1
1. ID.
2. ID IDi,
, -
, ( IDi = ID)
, i, .
3.

Y=F(IDi, K).
4. i Y.

,
.

( , 1967 , ).

1.
121

2. -,
7.2.
. 7.2.


1
2

ID1, S1
E1
ID2, S2
E2

IDN,SN
EN
i=F(Si, ), Si - ,

i; F ,
Ei Si.
2
1. ID.
2. ID IDi,
, -
, ( IDi=ID)
, i, .
3. IDi
Si.
4.

. Y=F(Si, K).
5. Ei Y.
,

.
,
, Ei
. Ei=F(IDi,Ki), ,
Ei=F(Ki), .

UNIX.
122


F,
.
K,
E, ,
E Ei.
,
F.
7.1
Microsoft Excel ,
1. Excel - ,
,
. 16 .
.
, . , Excel test,
zzyw.
, .
1 2,
,
.

).

,
( ),
.
. i. ,
j. ,
,
. i j- Ej
Ei ( Sj Si).
123

, IDj ,
j. .
,

, .
7.2
Microsoft Word ,
Microsoft Excel ,
1. ,
,
.
- , -,
.
Word Excel.

7.2. Windows NT UNIX


,
Windows NT
, NT,
SAM (Security Accounts Manager)
Winnt\System32\Config\ [].
,
.
(, , ..) .
, .
Windows NT,
SAM, ,
,
.
124

Microsoft
SAM [,].
SAM
LANMAN,

Windows 9x, NTLM,
.
LANMAN
. 7.1.

. 7.1. LANMAN

1.
, , .
2. 14- .
14 , ; ,
.
3. 14 7
, .

125

4.

DES

64-

(4B, 47, 53, 21, 40, 23, 24, 25).


8 .
5. 8- LANMAN
(16 ).
LANMAN
DES .
8- ,
,
.
LANMAN ,
. .
1.
, .
.
2. , ,

.
,
( 52).
, 26.
, 7 ,
LANMAN 2614
, 2*267, LANMAN
. ,
,
5214 , 2*267.
.
NTLM
126

NTLM ,
LANMAN. . 7.2.
NTLM
. .
MD4.

MD4
NTLM
. 7.2. NTLM

, Windows,
SAM LANMAN NTLM (
, 14). , NTLM
SAM ,
,

LANMAN

, ,
NTLM .

7.3.
,
,
. ,

.
,
,
.

127

,
, (-),
().

.
,
.
-.
,
.
, ,
, ,
(-, e-Token ..).
- (
). , ,
1015 ,
(, 1 ).

7.4.

.
.

, :
1. ;
2.
;
3. ;

128

,
[].
1.
.
2. .


,
, ,
.

Kerberos.

.



,
,
.
,
-. ,
, , .

129


:
1.
;
2.
-.
.
.
-

(1976 .).
[].
A B .
.
1. A B N,
g, 1 g N , 1
N-1,

{g , g

,..., g N 1 =1}

N-1. N g .
2. A B
A CKB ( , N,
).
3. A B OKB
:
OK A = g CK A (mod N ); OK B = g CK B (mod N )

4. A B
.
5. A B K :
A: K = ( OKB ) CK = ( g CK
A

B: K = ( OKA ) CK = ( g CK
B

130

)
)

CK A

= g CKB CKA (mod N )

CKB

= g CKA CKB (mod N )

K
(-) .
7.3

N=47

g=23.

A B =12, =33. ,
= g CK A (mod 47) = 2312 (mod 47) = 27
B = g CKB (mod 47) = 2333 (mod 47) = 33

K = ( OK B ) CK = 3312 (mod 47) = 25 .


A

. ,
,
, .
.

SKIP .
.

7.5.

.

( , -)
, , ,
. ,
-,
.
- , A
B ,
(, ).
131

B ,
.
,
. A,

B,

.
,
.
, ,
, .
.
CHAP (Challenge Handshaking Authentication Protocol)
,

()

() (,
).
,
[].
CHAP . 7.3
, N

, MD5(,N)
. 7.3. CHAP

1.
, ,
N.
2.
, N
MD5, MD5(K,N).
132

3. ,
MD5(K,N).
4. , N,
MD5(K,N)
.
.
N

. ,
N, ,

K.

MD5, , N MD5(K,N),
K.
S/KEY
S/KEY

,

K.

, [].
K , ,
. K
M S1,...,SM :
S 1 = MD 4( K ) ,

S 2 = MD 4( S 1 ) = MD 4( MD 4( K )) = MD 4 2 ( K ) ,

...
S M = MD 4( S M 1 ) = MD 4 M ( K )

SM

Si

S M 1 ,...,

S1 ,


133

S i 1 ,

,
MD4,
.

.
,
( M )
K,
,

SM

, , ,

,
. ,
N
,
MD4.
S/KEY
.
1. M ,

N,

.
2. M
:
S 1 = MD 4( K , N ) ,

S 2 = MD 4( S1 , N ) = MD 4( MD 4( K , N )) = MD 4 2 ( K , N ) ,

...
S M = MD 4( S M 1 , N ) = MD 4 M ( K , N )

3.
t,

St .

,
.

134

4.
S t 1

...

S1 .

5. (

S 1 ),


( N).
- OC Windows

- OC Windows
,
, .
LANMAN [].
. 7.4.
(1)
(2)

(3)

(4)
. 7.4. - OC Windows

1.
.
2. .
3.
.
4. 24-
:

1. , ,

LANMAN.

16- .

135

2. 16- 3 56 .
56 (. 7.5).
F7 03 60 B3 34 CD 62 E5 17 94 A3 9B 8D 56 0A 25

F7 03 60 B3 34 CD 62

E5 17 94 A3 9B 8D 56

0A 25 00 00 00 00 00

. 7.5. LANMAN

3. 8- 3

2 LANMAN) DES.
24- ,
(. 7.6).
F7 03 60 B3 34 CD 62

E5 17 94 A3 9B 8D 56

8-

95 B6 2A D8
9C 38 21 67

0A 25 00 00 00 00 00

DES

4B 82 A7 D3 85 BE 04 17 D9 F3 43 E8 62 B8 7A 36 D7 13 5A F8 E4 9A B5 36

. 7.6.

5.

, ,

,
.

136

,
Kerberos.
7.6.
1.
.
2.


.
3. .

4. LANMAN.
.
5. NTLM.
6. -?

7. ?
8. -.
9.

?
10. -

?
11.

CHAP. ?
12.

137

S/KEY.

8.
8.1. INTERNET

INTERNET

INTRANET

,

.

,

, ,
, WEB ..

INTERNET,
( ,
..).
, , ,

INTRANET INTERNET,

,
INTERNET INTRANET .
, ,
. Internet

, [].
INTERNET

, INTERNET.
INTERNET
138

,
, .
INTERNET INTRANET
[]:
1.

()

;
2.


;
3.

, ,
.., (,
, IIS);
4.

;
5.

,
;
(sniffing), ,
, ;
6.


(DoS Denied of Service);
,
INTERNET;
7.

(, spoofing);
8.

,
139

;
.

,
,
,
, .

INTERNET

[]:
1.

INTERNET

;
2. TCP/IP;
3. ;
4. ,

, INTERNET ( , WEB, .);


(
http://icat.nist.gov);
5. INTERNET,

,
proxy-, .;
6.

INTERNET;
7. INTERNET ,

;
8. ;
9. .
140

,
,
, INTERNET,
.

8.2. .

,
, ,
. ,
() [].

, .

()
,
, ,
.

(promiscuous mode).

( ,
) ,
.
(, POP3, FTP .)
.
(,
, FTP )
.
141


:
1.

;
, ,
;
2. ,
;
3.

(S/KEY, CHAP ..);





.

. ,
,
IP ,
IP , .

.
,
, .

,
(, WEB-)
.

142


.
7.
(DoS)

, . ,
,
,
, ,
. SYN-Flooding, Ping of Death
.

,

,
,
, .

DoS

(DDoS),

() ,

. 2003 SCO Group.

, ,
, .
, ,
.
143

,

, , ,
.
,
, ,
, ,
() .
.

8.3. .
, ,

,
.
,
.
(, firewall) ,

,
[].
,
.
.

INTERNET (. 10.1),
,

. ,
144

, , ,
.
, ,
, .
,
. ,
POP3 SMTP
,

, .

. 10.1.
INTERNET

,
,
:
1. , ;
2. , .

,
.
145

[,]:
1. ( );
2. ;
3. .
( )

, TCP IP
. ,
:
IP ;
IP ;

;


, , , FTP (21),
TELNET (23) ..

10.1.
. 10.1

TCP
*
129.1.2.3
>1023
21

TCP
123.6.49.234
123.1.2.9
>1023
119


.

, IP ,
IP .

146

.
,
.
,
.
(NAT),
.
IP-
IP-, .
IP- .

.


,
, TELNET, FTP, HTTP .. ,
FTP put.
,
,
.
,

, , ,
, .

.
,

147

INTERNET, , . 10.1,
.
, . 10.2,
, ,
.

INTERNET

. 10.2.

. 10.3

(DMZ).

DMZ

INTERNET,
. DMZ
WEB, FTP SMTP, DNS .

. 10.3.
148

8.4. (VPN)

, ,
.

,
,

, , .
, ,

.
,
,
INTERNET. ,
, []:
1. .
2. .
3.

.
4. , .
5. .

(Virtual Private Network),
.
(VPN)

149

,
.

( VPN).
,
,
.
. 11.4

. 10.4.

[].
1.

.
.

. ,
.
2.

.
150

,
,

.
3. INTERNET.

,
INTERNET.

OSI , .
VPN,
PPTP, L2F, L2TP. IPSec,
SKIP. SSL, SOCKS.
OSI, ,
.


OSI.
SKIP
SKIP (Simple Key management for Internet Protocol)

IP- OSI.
SKIP


.
KAB
-.
KAB
A B. ,

151

Kp.
:
1.

IP

Kp

SKIP .
2. Kp KAB

SKIP .
3. SKIP- IP.
4.

IP-


Kp ( )
SKIP-.

KAB, Kp,
. , KAB
,

.
,
,
,
.
,
SKIP, VPN
+. ,
VPN -JET, F-Secure VPN+
F-Secure Corporation, Check Point VPN-1/Firewall-1 .

152

8.5. Windows NT. Active


Directory
,
,

. Windows NT
Microsoft
.
Windows NT ,
,
SAM,
.

.

,
.
Windows NT

Windows NT.
. Windows NT
, . Windows NT
Microsoft
.
,

.
Windows NT
153

, Microsoft Windows 2000


Active Directory.
Active Directory (AD) -, ,

,

[].
Active Directory :
1. .
2. .
3. .
4. .
5. .
AD
(, , ,
..).
.
.
.
, . Active Directory
.
()
.
.

. ,
(Group).
AD - (. 10.5),
.
AD Kerberos,
154

- (),
.

. 10.5. AD

8.6. .

7

.
, ,
, ,
.

,
. , ,
, .
,

, (. 11.6).

155

. 10.6.

.
,

.


.

TACACS (Terminal Access Controller Access
Control System) RADIUS (Remote Authentication Dial-In User Service) [].

156

, TACACS RADIUS,

,
.

, Novell Directory Services
(NDS), Active Directory (AD).

8.7.
1.

INTERNET INTRANET. .
2. INTERNET.
3.

.
4. .
?
5. .

, .
6. .

?
7.

.
8. VPN.
9. Windows NT

Active Directory.

157

9.
HASP
9.1 HASP 4
, ,
, , ,
..

,
.

,
.
,
.
HASP.
HASP Aladdin

.
HASP 9.1.

. 9.1. HASP
HASP
(ASIC Application Specific Integrated Circuit),
.
HASP.
HASP ,
158

,
.
:
, ,
..
HASP :
1. HASP4 Standard.
2. MemoHASP.
3. TimeHASP.
4. NetHASP.
HASP4 Standard

HASP.
ASIC
f(x), 32-
32- .

:
HASP Standard;

, f(x)
x, ;

..

HASP

(,
IXGGR, RAOMG).
,
.

159

HASP
.
14$.
MemoHASP
MemoHASP HASP
Standard. HASP4 Standard
(EEPROM),

.
32- ID,
.

.
HASP4 M1 112 EEPROM,
16 , 20$.
HASP4 M4 496 EEPROM,
112 , 29$.
, HASP Standard,
MemoHASP , , :
1.

MemoHASP

..
2.

,
, (
).
3.

, .

, .
160

TimeHASP
MemoHASP,

(

).



,
..
33$.
NetHASP
MemoHASP

,
, (),
.
, .
IPX/SPX, NetBIOS, NetBEUI, TCP/IP.
HASP4 Net,
5, 10, 20, 50, 100
. 112

).

. ,
HASP4 Net-5 112 ,
(,
).
NetHASP .

HASP4

Net

-,

.

- .
161

NetHASP, ,
NetHASP NetHASP.

NetHASP

250

, ,
NetHASP.
,
,
(NetHASP LOGIN),
(NetHASP LOGOUT).
:

HASP4 Net , ;


.
,


.
,
, LOGIN.
,
. ,
(LOGOUT).
,

, .
NetHASP 37,5$ 260$.
HASP
HASP (. . 9.2):

162

. 9.2. HASP

HASP .

HASP.
HASP
. 16 . HASP.
. ,
HASP. ,
HASP.
9.1
HASP HASP, .
. 9.1. HASP

,
,
.


.
,
HASP
,
HASP.


ID
.

HASP,

163


HASP4 Standard,
MemoHASP,
TimeHASP,
NetHASP

MemoHASP,
TimeHASP,
NetHASP
HASP4 Standard,
MemoHASP,
TimeHASP,
NetHASP


MEMO

TIME MEMO



.

,

,
TimeHASP

,
.

HASP


MemoHASP,
TimeHASP,
NetHASP

TimeHASP

TimeHASP

HASP.
1. HASP API ( API ).
2. (HASP Envelope).

. Aladdin
HASP . API
.
HASP
. API

.

.
, , ,
.

, .
HASP (FAS)

164

(Full Authorization System)


HASP
HASP, ,
.
:
1. (MemoHASP, NetHASP).

-
.
2. (TimeHASP).

.
3. ,

(NetHASP).
FAS,
.
1. , ,

.
2. , HASP ,
.
3.

HASP.
MemoHASP,
.
.
, ,
.
TimeHASP,
, .
HASP API
API HASP ( NetHASP)
hasp(),
165

Hasp(Service, SeedCode, LptNum, Pass1, Pass2, Par1, Par2, Par3, Par4)


NetHASP
Hasp(Service, SeedCode, ProgNum, Pass1, Pass2, Par1, Par2, Par3, Par4)

Service ( ).
LptNum , HASP
( 0, , 1 LPT1, 2 LPT2, 3 LPT3,
201-255 HASP USB).
SeedCode , f(x).
Pass, Pass2 HASP.
, HASP.
Par1, Par2, Par3, Par4 ,
HASP .
(RUS)
(Remote Update System RUS)
,
HASP

HASP,
.
RUS , ,
,
.
.
RUS 2 :
1. RUS.
2. .
RUS
.

166

HASP


.
HASP
.
1.

, ,
.
2.
.
3. RUS

.
4.

HASP.
.
.
(PCS)
(Pattern Code Security PCS)
,

HASP.

HASP API. PCS
.

hasp(), .
hasp()
. hasp()
, , , -

167

. PCS
hasp().
25 . ,
hasp(), ,
.
,
. , hasp()
, .
hasp()
, .
,
. ,
.
PCS:
1. HASP.
2. hasp() ,
.
3.

). hasp() ,
, - .
4. hasp().
HASP
HASP
. , HASP
, .
HASP ,

.
:
;
168

.
,
,
, ,

. , ,
.
,
, ( API).
,
, .

HASP
.
1.
API. .
2. hasp() PCS.


.
, .
3. .

HASP.
,
.

,
. ,
.
4.

. ,

169

, ,
, .
5. hasp(),

, ,
.
, .
, ,
,
, .
HASP.
1.

HASP.
.
HASP not FOUND, ,
. ,
, .
.
2.

HASP-

, HASP,
,
.
, . ,
HASP ,
.
9.2 HASP HL
.
,
.

, .
170

,
.
. ,

.
.
,
, 29 .
(. 9.3)?

. 9.3.
HASP HL -
HASP HL -
Software Digital Rights Management (
).
HASP HL
,

171

,

.
HASP HL :



HASP HL (USB-)
(, API)
, .
.
HASP HL . HASP HL
-
, ,
,
.
,
,
.
, , ,
, .

, .
HASP HL .
HASP HL
HASP HL
.
172

,
,

.
, ,
,
.

, , .
HASP HL.
(RSA/1024),
.
HASP HL
HASP HL :

HASP HL Envelope
.

HASP HL API , ,
,

.
HASP HL Envelope

HASP

HL

Envelope.

(.exe .dll), ,

HASP

HL

.

. HASP
HL Envelope -

173

. ,
(. . 9.4).

. 9.4. HASP HL Envelope


API
HASP API .
, API (
HASP) ,
.dll. API,
HASP .
API :


( ,
).

.
.
.
HASP HL API
(, ++, #, Java, Delphi, VB . .)
HASP HL.
,
HASP HL API
HASP HL ToolBox.
C ToolBox
HASP HL , ,
.
174

HASP HL ToolBox
: , ++, #, VisualBasic.
HASP HL Net.
HASP HL
Net. HASP HL Net,
,
(. 9.5):

. 9.5.
HASP HL Net
Windows, Linux Mac.

.

9.3.

175

1.

HASP

(,
50 )?
2.

HASP

HL

?
3.

HASP

1 ?
4.

HASP HL.

5.

HASP

?
6.

HASP

?
7.

HASP HL.

10.
1992 (
)
,
.
1. .
.
2. .
3. .
.
.
4. .
. .
5. ,

.
176

, .


:
, (),
, ().
,
,
, ,
, .
()
,

.
,

.
, .
,
, , ,
.
.

: -
, ,
, .

,
.
,

177

. ,
, ,

:
(,

, ,
);

(,
, );
, (

,
, " ");

,
(,
,
).

:

, -
;
-
;
-
;

,
;
178

(,
, );

, ,
,
;

, ,

.

,
, ,
, , .

, .
, ..
.
.

- () ,
.

, ..
.
,

,
179

,
.

.2. 7
. - ,
.
10.1.
. 10.1.

()

:
-

-
180

,

,
.

, .

.
.
, ,
,

- () ().
,
,
.
- 2 () 2
().
,

, .
- 1 (), 1, 1,
1 1 ().
10.2
.
. 10.2.
181

I.
A. ,

:

, ,
, ,

, , ,
,

B.

II.
A.

/
/ ( )

()

/
(, )

,
,


, ,
, ,
, ,
, , , ,



B.

+
+

C. (, )

+
+




D.

III.
A.

182

1
+

B. ,

(
)

C.

()

IV.

A.

B.

C.

D.
E.

()

F.


1. ,
.
2.

?
3. ?
4.

.
5.

,
.
6. .

183

7.

11. -

.
11.1

. 11.1.


[20,
21]:
- ,
,
, :
- (
);
- ;
- ;
- .

[, 20].
184

1. ():
;
;
;
;
;
;
.
2. "":
;
( );
;
;
220 ;
;
.
4. :

(
.);
,

;
;
;
;
-;

185

4. , , :
;
;
;
;
.
5. .
6. .
7. :
;
.


, .

11.1.
,

. 11.2.

. 11.2.

186


. ,
, ,
, .
, ..
,

),

.
(
20 - 30 ), -
.
,
, , .
.

. :

, .
.

- : , ,
..
, SIPE-PS []. ,
25
-.
50 ,
. CCS
-.

187

10 ,
, 100 .

ICOM R7100.


.

.
11.2.
, ,

,

.
.

.
.

,
.

188

.
, , .
,
, .
,
. . 11.3
.

. 11.3.


, ,

,
,
.
,
,

, - .
.
.

11.3.

, , ,
. .

189


, .

, ,

, ..
.
, , , ..
:
.

.
.
,
-
. , ,
, , , .

, ,
.
11.4.
, ,
,

.
, ,
.

190

. 11.4.

,
.
, .. ,

..

.


.
.

11.4. ,


.
, .

191

,
.

[]:

;
.
:
,
;
-

,
( ) ;
;
, , ,
;

, ,
.

.

11.5 [].

192

. 11.5.

.
. . 11.6.
D006 ST-007.

,
, Sony CFM-145.

D006

ST-007

. 11.6. D006 ST-007

-
193

. , ,
,
, ,
. . 11.7

AR-5000A.

AR-5000A

. 12.7.
AR-5000A

.
,
, .

,
, .
. 11.8 [].

194

. 11.8.


,
. ,
,
,

. . 11.9.
-400,
:
, .

. 11.9. -400



. . 11.10.
-2,

, ,
.
, .

195

. 11.10. -2



. :
,

, ,
.

- .
,

. ,
-
,
2- 3- .

/ .
,
, ,
.

. . 11.11
NR-900EM.
196

. 11.11. NR-900EM

()
, , ,
.

, ,
,
. . 11.12
.

. 11.12.


.
. 11.13 [].

197

. 11.13.


,
.
.
, .

. . 11.14.

-.

. 11.14. -.

,
, -
.
(, ),
,
. . 11.15
.

. 11.15.
198

11.5.
,
,
. ,
,
( )
( ).

[].
1. , :

2. :

(, ),

3. , .

( )
, .

,
,
.
199

. . 11.15
.

. 11.15.


,
.

. (

),
)

-
, . . 11.16.
2.

. 11.16. -2



, .
, .

200

,
,
.

, ,

;
,

.
(
).

.
,
.

,
( ).

.

.


.
. 11.17.
-2.

201

. 11.17. -2

11.6.


()
.
1. ,
, ,
.
2.
, ,
.
- .

(
), .
, - .
. 11.18 [].

202

. 11.18.

,
,
. ,
,
, .
,

,
( )
.

(,

, ). ,

, ,
,
.

) ( ).
203

. 11.19.
-3.

. 11.19. -3

1.

11.7.

.
2.

?
3.

.
4.

.
5.

?
6.

.
7.

?
8.

9.

?
10. .
11.

?
12.

204

12.


.
[22],

. ,
,
.

.
, ,
, ,
.

,

, [22]:

, . ,
.

[22]:
- , ,

, ,

205


.
, .

.

. .
,
(, )
.

,
.
,
,

.
-
.

, .

206

,

. ,
.
,
: ,
,.., , ,

, , : -

, .
,
. 272, 273, 274.
.
12.1. 272
.

272

.
1.
, , (), ,
, ,
, , ,
-

,
,
.
2. ,

, , ,

207

-

,
,
,
.

12.2. 273
. 273 ,

1.

,
, , ,
, ,

,-


.
2. , ,
- .
, ,
, ,
(, ..)
.
,
.

208

12.3. 274
. 274 ,

1. ,
, , ,
,

, ,
-
,

, .
12.4. 146.
1.
, ,
,
-


,

, .
2. ,
,
-

,
,
.
209

12.5. 147.
1. ,
,
,
,
, ,
-

,

, .
2. ,
,
-


,
,
.

,

.
.

12.6.
1. ,
, ?
2. .

210

3.

211


1.

.. , .. .

. .: , 2000.
..

2.

..

..

..

. . .:
, 2000.
3.

.. , .. .

. .: , 1996.
4.

. . . .: BF,

1996.
5.

. . . .

.: , 1997.
6.

.. .

. .: -, 2001.
7.

.. , .. , .. . . .:

, 2000.
8.

. . . .:, 2003.

9.

American National Standard for Information Technology Role Based

Access Control // NIST 359. 2003.


10.

28147-89.

. .
11.

34.10-94. .

. .
12.

.. , .. . PKI. .:

, 2004.
13.

.. , .. , .. .

. .: ,1999.

212

14.

.. , .. . -

.
. .: , 1999.
15.

.. , .. . -

. . , . . ..
, 2003.
16.

.. , .. , .. .

. .: -, 2002.
17.

.. , .. .

. :, 1991.
18.

.. , .. , .. . -

.
. .: , 2000.
19.

.. , .. , .. .

. , , 1996.
20.

..

. .: -89, 1998.
21.

..,

..

. : - . .
. -, 2004. 282.
22.

..

. .: , 2001.
23.

.. . . .: 2002.

24. . . . .: 2000.
25. .. . : .
, 2002.
26.

..

. . : - ,
2001.
213

... .

27.

. .: -, 2002.
28.

.. , .. , .. , .. , ..

. . :
, 1997.
29.

.. , .. , .. , .. , ..,

.. , .. , .. .
. .: , 1996.
30.

. , .. . :

// , . 67, 3, 1979.
31.

C.. , .. .

. ..: , 2004.
32. . . . .:
, 1993.
33.

/ . .. , : - ,
1993.
34.

.. , .. , .. , .. , ..

, .. .
/ . .. .:
, 1994.
35.

.. , .. . . INTERNET,

. .: , 2000.
36.

. , . , . .

. -, 2000.
37.

. , , 2001.

214




020678 09.12.97
6084 1/16. . .
. .

...

.-..

..-.

420111, , . ,10
215

Оценить