ProHoster > Блог > Gudanarwa > 10. Duba wurin Farawa R80.20. Fadakarwa na Identity

10. Duba wurin Farawa R80.20. Fadakarwa na Identity

10. Duba wurin Farawa R80.20. Fadakarwa na Identity

Barka da zuwa ranar tunawa - darasi na 10. Kuma a yau za mu magana game da wani Check Point ruwa - Fadakarwa na Identity. A farkon farkon, lokacin da aka kwatanta NGFW, mun ƙaddara cewa dole ne ya iya daidaita damar shiga bisa asusu, ba adiresoshin IP ba. Wannan shi ne da farko saboda karuwar motsi na masu amfani da kuma yaduwar samfurin BYOD - kawo na'urar ku. Wataƙila akwai mutane da yawa a cikin kamfani waɗanda ke haɗa ta hanyar WiFi, karɓar IP mai ƙarfi, har ma daga sassan cibiyar sadarwa daban-daban. Gwada ƙirƙirar lissafin shiga bisa lambobin IP anan. Anan ba za ku iya yin ba tare da tantance mai amfani ba. Kuma ita ce fa’idar wayar da kan jama’a za ta taimaka mana kan wannan lamarin.

Amma da farko, bari mu gano menene gano mai amfani da aka fi amfani dashi?

  1. Don ƙuntata hanyar sadarwa ta asusun mai amfani maimakon ta adiresoshin IP. Ana iya daidaita damar shiga cikin sauƙi zuwa Intanet da zuwa kowane ɓangaren cibiyar sadarwa, misali DMZ.
  2. Samun dama ta hanyar VPN. Yarda cewa ya fi dacewa ga mai amfani don amfani da asusun yankinsa don izini, maimakon wani kalmar sirri da aka ƙirƙira.
  3. Don sarrafa Check Point, kuna buƙatar asusun da maiyuwa yana da haƙƙoƙi daban-daban.
  4. Kuma mafi kyawun sashi shine rahoto. Yana da kyau a ga takamaiman masu amfani a cikin rahotanni maimakon adiresoshin IP ɗin su.

A lokaci guda, Check Point yana goyan bayan nau'ikan asusu guda biyu:

  • Masu Amfani Na Cikin Gida. An ƙirƙiri mai amfani a cikin bayanan gida na uwar garken gudanarwa.
  • Masu Amfani Na Waje. Tushen mai amfani na waje na iya zama Microsoft Active Directory ko kowane uwar garken LDAP.

A yau za mu yi magana game da shiga hanyar sadarwa. Don sarrafa damar hanyar sadarwa, a gaban Active Directory, abin da ake kira Matsayin shiga, wanda ke ba da damar zaɓuɓɓukan mai amfani guda uku:

  1. Network - i.e. hanyar sadarwar da mai amfani ke ƙoƙarin haɗi zuwa
  2. AD mai amfani ko Ƙungiya mai amfani - Ana cire wannan bayanan kai tsaye daga uwar garken AD
  3. Na'ura - tashar aiki.

A wannan yanayin, ana iya aiwatar da tantance mai amfani ta hanyoyi da yawa:

  • Tambayar AD. Duba Point yana karanta rajistar uwar garken AD don ingantattun masu amfani da adiresoshin IP ɗin su. Kwamfutocin da ke cikin yankin AD ana gano su ta atomatik.
  • Tabbaci-Tsarin Mai Rarrabawa. Ganewa ta hanyar burauzar mai amfani (Portive Portal ko Transparent Kerberos). Yawancin lokaci ana amfani da su don na'urorin da ba su cikin yanki.
  • Tashar Sabar. A wannan yanayin, ana aiwatar da ganowa ta amfani da wakili na musamman (wanda aka shigar akan sabar tasha).

Waɗannan su ne mafi yawan zaɓuka guda uku, amma akwai ƙarin guda uku:

  • Wakilan Identity. Ana shigar da wakili na musamman akan kwamfutocin masu amfani.
  • Mai Tattara Shaida. Wani keɓaɓɓen kayan aiki wanda aka shigar akan Windows Server kuma yana tattara rajistan ayyukan tantancewa maimakon ƙofa. A zahiri, zaɓi na tilas don yawan masu amfani.
  • RADIUS Accounting. To, a ina za mu kasance ba tare da tsohuwar RADIUS ba.

A cikin wannan koyawa zan nuna zaɓi na biyu - Browser-Based. Ina ganin ka'idar ta isa, mu ci gaba don yin aiki.

Darasi na Bidiyo

Ku kasance tare da mu domin jin karin bayani YouTube channel 🙂

source: www.habr.com

Add a comment