{"id":18313,"date":"2022-11-21T11:45:10","date_gmt":"2022-11-21T04:45:10","guid":{"rendered":"https:\/\/www.hostify.vn\/blog\/?p=18313"},"modified":"2022-11-21T11:45:10","modified_gmt":"2022-11-21T04:45:10","slug":"ipsec-la-gi","status":"publish","type":"post","link":"https:\/\/www.hostify.vn\/blog\/ipsec-la-gi\/","title":{"rendered":"IPSec l\u00e0 g\u00ec? C\u00f4ng d\u1ee5ng v\u00e0 quy tr\u00ecnh v\u1eadn h\u00e0nh c\u1ee7a IPSec"},"content":{"rendered":"

\"IPSec<\/h3>\n

IPsec l\u00e0 g\u00ec, v\u00e0 VPN IPsec ho\u1ea1t \u0111\u1ed9ng ra sao?<\/strong><\/h3>\n

IPsec l\u00e0 g\u00ec?<\/strong><\/h4>\n

IPsec l\u00e0 m\u1ed9t nh\u00f3m c\u00e1c giao th\u1ee9c \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng c\u00f9ng nhau \u0111\u1ec3 thi\u1ebft l\u1eadp c\u00e1c k\u1ebft n\u1ed1i m\u00e3 h\u00f3a gi\u1eefa c\u00e1c thi\u1ebft b\u1ecb. N\u00f3 gi\u00fap \u0111\u1ea3m b\u1ea3o an to\u00e0n cho d\u1eef li\u1ec7u khi g\u1eedi qua c\u00e1c m\u1ea1ng c\u00f4ng c\u1ed9ng. IPsec th\u01b0\u1eddng \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 thi\u1ebft l\u1eadp VPN, v\u00e0 n\u00f3 ho\u1ea1t \u0111\u1ed9ng b\u1eb1ng c\u00e1ch m\u00e3 h\u00f3a c\u00e1c g\u00f3i IP, c\u00f9ng v\u1edbi x\u00e1c th\u1ef1c ngu\u1ed3n n\u01a1i c\u00e1c g\u00f3i xu\u1ea5t ph\u00e1t.<\/p>\n

Trong thu\u1eadt ng\u1eef “IPsec”, “IP” l\u00e0 vi\u1ebft t\u1eaft c\u1ee7a “Internet Protocol” (giao th\u1ee9c internet) v\u00e0 “sec” l\u00e0 vi\u1ebft t\u1eaft c\u1ee7a “secure” (b\u1ea3o m\u1eadt). Internet Protocol l\u00e0 giao th\u1ee9c \u0111\u1ecbnh tuy\u1ebfn ch\u00ednh \u0111\u01b0\u1ee3c d\u00f9ng tr\u00ean internet; n\u00f3 ch\u1ec9 \u0111\u1ecbnh n\u01a1i d\u1eef li\u1ec7u s\u1ebd \u0111\u1ebfn b\u1eb1ng c\u00e1c \u0111\u1ecba ch\u1ec9 IP. IPsec b\u1ea3o m\u1eadt b\u1edfi n\u00f3 th\u00eam m\u00e3 h\u00f3a v\u00e0 x\u00e1c th\u1ef1c v\u00e0o quy tr\u00ecnh n\u00e0y.<\/p>\n

*M\u00e3 h\u00f3a l\u00e0 quy tr\u00ecnh che gi\u1ea5u th\u00f4ng tin b\u1eb1ng c\u00e1ch d\u00f9ng thu\u1eadt to\u00e1n bi\u1ebfn \u0111\u1ed5i d\u1eef li\u1ec7u \u0111\u1ec3 khi\u1ebfn n\u00f3 tr\u00f4ng nh\u01b0 ng\u1eabu nhi\u00ean. N\u00f3i \u0111\u01a1n gi\u1ea3n th\u00ec m\u00e3 h\u00f3a l\u00e0 s\u1eed d\u1ee5ng m\u1ed9t “m\u00e3 b\u00ed m\u1eadt” m\u00e0 ch\u1ec9 c\u00e1c b\u00ean \u0111\u01b0\u1ee3c \u1ee7y quy\u1ec1n m\u1edbi c\u00f3 th\u1ec3 di\u1ec5n d\u1ecbch \u0111\u01b0\u1ee3c.<\/em><\/p>\n

VPN l\u00e0 g\u00ec? VPN IPsec l\u00e0 g\u00ec?<\/strong><\/h4>\n

M\u1ea1ng ri\u00eang \u1ea3o (VPN) l\u00e0 m\u1ed9t k\u1ebft n\u1ed1i \u0111\u01b0\u1ee3c m\u00e3 ho\u00e1 gi\u1eefa hai ho\u1eb7c nhi\u1ec1u m\u00e1y t\u00ednh. C\u00e1c k\u1ebft n\u1ed1i VPN di\u1ec5n ra tr\u00ean m\u1ea1ng c\u00f4ng c\u1ed9ng, nh\u01b0ng d\u1eef li\u1ec7u trao \u0111\u1ed5i qua VPN v\u1eabn \u0111\u1ea3m b\u1ea3o \u0111\u01b0\u1ee3c t\u00ednh ri\u00eang t\u01b0 b\u1edfi \u0111\u00e3 \u0111\u01b0\u1ee3c m\u00e3 ho\u00e1.<\/p>\n

VPN cho ph\u00e9p truy c\u1eadp v\u00e0 trao \u0111\u1ed5i d\u1eef li\u1ec7u m\u1eadt m\u1ed9t c\u00e1ch an to\u00e0n th\u00f4ng qua h\u1ea1 t\u1ea7ng m\u1ea1ng chung, nh\u01b0 internet c\u00f4ng c\u1ed9ng. V\u00ed d\u1ee5, khi nh\u00e2n vi\u00ean c\u00f4ng ty l\u00e0m vi\u1ec7c t\u1eeb xa thay v\u00ec ng\u1ed3i \u1edf v\u0103n ph\u00f2ng, h\u1ecd th\u01b0\u1eddng s\u1eed d\u1ee5ng VPN \u0111\u1ec3 truy c\u1eadp v\u00e0o c\u00e1c t\u1eadp tin v\u00e0 \u1ee9ng d\u1ee5ng c\u1ee7a c\u00f4ng ty.<\/p>\n

Nhi\u1ec1u VPN s\u1eed d\u1ee5ng b\u1ed9 giao th\u1ee9c IPsec \u0111\u1ec3 thi\u1ebft l\u1eadp v\u00e0 duy tr\u00ec c\u00e1c k\u1ebft n\u1ed1i m\u00e3 ho\u00e1 \u0111\u00f3. Tuy nhi\u00ean, kh\u00f4ng ph\u1ea3i m\u1ecdi VPN \u0111\u1ec1u s\u1eed d\u1ee5ng IPsec. M\u1ed9t giao th\u1ee9c kh\u00e1c cho VPN l\u00e0 SSL\/TLS, v\u1ed1n ho\u1ea1t \u0111\u1ed9ng tr\u00ean m\u1ed9t l\u1edbp kh\u00e1c trong m\u00f4 h\u00ecnh OSI. (M\u00f4 h\u00ecnh OSI l\u00e0 m\u1ed9t m\u00f4 h\u00ecnh tham chi\u1ebfu gi\u1ea3i th\u00edch v\u1ec1 c\u00e1ch truy\u1ec1n d\u1eef li\u1ec7u c\u1ee7a m\u00e1y t\u00ednh)<\/p>\n

Ng\u01b0\u1eddi d\u00f9ng k\u1ebft n\u1ed1i \u0111\u1ebfn m\u1ed9t VPN IPsec b\u1eb1ng c\u00e1ch n\u00e0o?<\/strong><\/h4>\n

Ng\u01b0\u1eddi d\u00f9ng c\u00f3 th\u1ec3 truy c\u1eadp VPN IPsec b\u1eb1ng c\u00e1ch \u0111\u0103ng nh\u1eadp v\u00e0o m\u1ed9t \u1ee9ng d\u1ee5ng VPN, hay \u201c\u1ee9ng d\u1ee5ng kh\u00e1ch\u201d. \u0110\u1ec3 l\u00e0m \u0111\u01b0\u1ee3c \u0111i\u1ec1u \u0111\u00f3, ng\u01b0\u1eddi d\u00f9ng c\u1ea7n ph\u1ea3i c\u00e0i \u0111\u1eb7t \u1ee9ng d\u1ee5ng \u0111\u00f3 l\u00ean thi\u1ebft b\u1ecb.<\/p>\n

\u0110\u0103ng nh\u1eadp v\u00e0o VPN th\u01b0\u1eddng ph\u1ea3i d\u00f9ng m\u1eadt kh\u1ea9u. D\u00f9 d\u1eef li\u1ec7u g\u1eedi qua VPN \u0111\u00e3 \u0111\u01b0\u1ee3c m\u00e3 ho\u00e1, n\u1ebfu m\u1eadt kh\u1ea9u ng\u01b0\u1eddi d\u00f9ng b\u1ecb l\u1ed9, k\u1ebb t\u1ea5n c\u00f4ng c\u00f3 th\u1ec3 \u0111\u0103ng nh\u1eadp v\u00e0o VPN v\u00e0 \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u m\u00e3 ho\u00e1 n\u00e0y. S\u1eed d\u1ee5ng ph\u01b0\u01a1ng th\u1ee9c x\u00e1c th\u1ef1c hai b\u01b0\u1edbc (2FA) c\u00f3 th\u1ec3 gi\u00fap t\u0103ng c\u01b0\u1eddng b\u1ea3o m\u1eadt cho VPN IPsec, b\u1edfi l\u00fac n\u00e0y, ch\u1ec9 \u0111\u00e1nh c\u1eafp \u0111\u01b0\u1ee3c m\u1eadt kh\u1ea9u l\u00e0 ch\u01b0a \u0111\u1ee7 \u0111\u1ec3 k\u1ebb t\u1ea5n c\u00f4ng truy c\u1eadp v\u00e0o VPN c\u1ee7a ng\u01b0\u1eddi d\u00f9ng.<\/p>\n

IPsec ho\u1ea1t \u0111\u1ed9ng ra sao?<\/strong><\/h3>\n

K\u1ebft n\u1ed1i IPsec bao g\u1ed3m c\u00e1c b\u01b0\u1edbc sau:<\/p>\n

Trao \u0111\u1ed5i kho\u00e1: <\/strong>kho\u00e1 l\u00e0 y\u1ebfu t\u1ed1 c\u1ea7n thi\u1ebft \u0111\u1ec3 m\u00e3 ho\u00e1 d\u1eef li\u1ec7u; kho\u00e1 l\u00e0 m\u1ed9t chu\u1ed7i c\u00e1c k\u00fd t\u1ef1 ng\u1eabu nhi\u00ean, c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c d\u00f9ng \u0111\u1ec3 \u201ckho\u00e1\u201d (m\u00e3 ho\u00e1) v\u00e0 \u201cm\u1edf kho\u00e1\u201d (gi\u1ea3i m\u00e3) c\u00e1c tin nh\u1eafn. IPsec s\u1ebd trao \u0111\u1ed5i kho\u00e1 gi\u1eefa c\u00e1c thi\u1ebft b\u1ecb k\u1ebft n\u1ed1i v\u00e0o VPN, \u0111\u1ec3 m\u1ed7i thi\u1ebft b\u1ecb c\u00f3 th\u1ec3 gi\u1ea3i m\u00e3 \u0111\u01b0\u1ee3c tin nh\u1eafn tr\u00ean thi\u1ebft b\u1ecb kh\u00e1c.<\/p>\n

Packet header v\u00e0 trailer: <\/strong>m\u1ecdi d\u1eef li\u1ec7u g\u1eedi qua m\u1ea1ng s\u1ebd \u0111\u01b0\u1ee3c t\u00e1ch nh\u1ecf th\u00e0nh c\u00e1c g\u00f3i (packet). Packet v\u1eeba ch\u1ee9a \u201cpayload\u201d, hay d\u1eef li\u1ec7u th\u1ef1c s\u1ef1 \u0111ang \u0111\u01b0\u1ee3c g\u1eedi \u0111i, v\u00e0 header, hay th\u00f4ng tin v\u1ec1 d\u1eef li\u1ec7u \u0111\u00f3 \u0111\u1ec3 c\u00e1c m\u00e1y t\u00ednh nh\u1eadn \u0111\u01b0\u1ee3c packet bi\u1ebft ph\u1ea3i l\u00e0m g\u00ec v\u1edbi ch\u00fang. IPsec th\u00eam nhi\u1ec1u header v\u00e0o c\u00e1c g\u00f3i d\u1eef li\u1ec7u, trong c\u00e1c header \u0111\u00f3 ch\u1ee9a th\u00f4ng tin x\u00e1c th\u1ef1c v\u00e0 m\u00e3 ho\u00e1. IPsec c\u00f2n th\u00eam c\u00e1c trailer (b\u1ed9 d\u00f2 v\u1ebft), th\u1ee9 \u0111i sau payload c\u1ee7a m\u1ed7i g\u00f3i thay v\u00ec \u0111i tr\u01b0\u1edbc.<\/p>\n

X\u00e1c th\u1ef1c: <\/strong>IPsec cung c\u1ea5p gi\u1ea3i ph\u00e1p x\u00e1c th\u1ef1c cho m\u1ed7i g\u00f3i, gi\u1ed1ng nh\u01b0 tem x\u00e1c th\u1ef1c tr\u00ean m\u1ed9t m\u00f3n \u0111\u1ed3 s\u01b0u t\u1ea7m v\u1eady. Vi\u1ec7c n\u00e0y nh\u1eb1m \u0111\u1ea3m b\u1ea3o c\u00e1c g\u00f3i \u0111\u1ebfn t\u1eeb m\u1ed9t ngu\u1ed3n \u0111\u00e1ng tin c\u1eady ch\u1ee9 kh\u00f4ng ph\u1ea3i t\u1eeb k\u1ebb t\u1ea5n c\u00f4ng.<\/p>\n

M\u00e3 ho\u00e1: <\/strong>IPsec m\u00e3 ho\u00e1 c\u00e1c payload trong t\u1eebng g\u00f3i v\u00e0 IP header c\u1ee7a g\u00f3i (tr\u1eeb khi b\u1ea1n d\u00f9ng ch\u1ebf \u0111\u1ed9 transport thay v\u00ec tunnel). Nh\u1edd \u0111\u00f3 d\u1eef li\u1ec7u g\u1eedi qua IPsec lu\u00f4n b\u1ea3o m\u1eadt v\u00e0 ri\u00eang t\u01b0.<\/p>\n

Truy\u1ec1n t\u1ea3i: <\/strong>c\u00e1c g\u00f3i IPsec \u0111\u00e3 m\u00e3 ho\u00e1 \u0111i qua m\u1ed9t ho\u1eb7c nhi\u1ec1u m\u1ea1ng \u0111\u1ebfn \u0111\u00edch nh\u1edd m\u1ed9t giao th\u1ee9c truy\u1ec1n t\u1ea3i. \u1ede giai \u0111o\u1ea1n n\u00e0y, l\u01b0u l\u01b0\u1ee3ng d\u1eef li\u1ec7u IPsec kh\u00e1c v\u1edbi l\u01b0u l\u01b0\u1ee3ng d\u1eef li\u1ec7u IP th\u00f4ng th\u01b0\u1eddng \u1edf ch\u1ed7 n\u00f3 th\u01b0\u1eddng s\u1eed d\u1ee5ng UDP l\u00e0m giao th\u1ee9c truy\u1ec3n nh\u1eadn, thay v\u00ec TCP. TCP, Transmission Control Protocol (Giao th\u1ee9c \u0111i\u1ec1u khi\u1ec3n truy\u1ec1n nh\u1eadn), thi\u1ebft l\u1eadp c\u00e1c k\u1ebft n\u1ed1i chuy\u00ean bi\u1ec7t gi\u1eefa c\u00e1c thi\u1ebft b\u1ecb v\u00e0 \u0111\u1ea3m b\u1ea3o m\u1ecdi g\u00f3i \u0111\u1ebfn \u0111\u01b0\u1ee3c n\u01a1i c\u1ea7n \u0111\u1ebfn. UDP, User Datagram Protocol (Giao th\u1ee9c g\u00f3i d\u1eef li\u1ec7u ng\u01b0\u1eddi d\u00f9ng) kh\u00f4ng thi\u1ebft l\u1eadp c\u00e1c k\u1ebft n\u1ed1i chuy\u00ean bi\u1ec7t \u0111\u00f3. IPsec s\u1eed d\u1ee5ng UDP b\u1edfi n\u00f3 cho ph\u00e9p c\u00e1c g\u00f3i IPsec \u0111i qua t\u01b0\u1eddng l\u1eeda.<\/p>\n

Gi\u1ea3i m\u00e3: <\/strong>v\u00e0o cu\u1ed1i quy tr\u00ecnh giao ti\u1ebfp, c\u00e1c g\u00f3i s\u1ebd \u0111\u01b0\u1ee3c gi\u1ea3i m\u00e3, v\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng (nh\u01b0 tr\u00ecnh duy\u1ec7t) c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng \u0111\u01b0\u1ee3c d\u1eef li\u1ec7u \u0111\u00e3 nh\u1eadn.<\/p>\n

\"IPSec<\/p>\n

C\u00e1c giao th\u1ee9c n\u00e0o \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng trong IPsec?<\/strong><\/h3>\n

Trong m\u00f4i tr\u01b0\u1eddng m\u1ea1ng, m\u1ed9t giao th\u1ee9c l\u00e0 m\u1ed9t c\u00e1ch \u0111\u1ecbnh d\u1ea1ng d\u1eef li\u1ec7u c\u1ee5 th\u1ec3 \u0111\u1ec3 b\u1ea5t k\u1ef3 m\u00e1y t\u00ednh n\u00e0o k\u1ebft n\u1ed1i v\u00e0o m\u1ea1ng c\u0169ng c\u00f3 th\u1ec3 di\u1ec5n d\u1ecbch d\u1eef li\u1ec7u. IPsec kh\u00f4ng ph\u1ea3i m\u1ed9t giao th\u1ee9c m\u00e0 l\u00e0 m\u1ed9t b\u1ed9 c\u00e1c giao th\u1ee9c. C\u00e1c giao th\u1ee9c d\u01b0\u1edbi \u0111\u00e2y g\u00f3p ph\u1ea7n t\u1ea1o n\u00ean IPsec:<\/p>\n