Gaisuwa! Barka da zuwa darasi na shida na kwas . A mun ƙware tushen aiki tare da fasahar NAT akan , da kuma saki mai amfani da gwajin mu akan Intanet. Yanzu lokaci ya yi da za a kula da amincin mai amfani a cikin buɗaɗɗunsa. A cikin wannan darasi za mu dubi bayanan tsaro kamar haka: Tacewar Yanar Gizo, Sarrafa aikace-aikace, da kuma duba HTTPS.
Don farawa da bayanan martaba, muna buƙatar ƙarin fahimtar abu ɗaya: hanyoyin dubawa.
Tsohuwar shine yanayin Tushen Tafiya. Yana bincika fayiloli yayin da suke wucewa ta cikin FortiGate ba tare da ɓoyewa ba. Da zarar fakitin ya zo, ana sarrafa shi kuma a tura shi, ba tare da jiran cikakken fayil ɗin ko shafin yanar gizon ba. Yana buƙatar ƙarancin albarkatu kuma yana ba da kyakkyawan aiki fiye da yanayin wakili, amma a lokaci guda, ba duk ayyukan Tsaro ke samuwa a ciki ba. Misali, Rigakafin Leak Data (DLP) ana iya amfani dashi a yanayin wakili kawai.
Yanayin wakili yana aiki daban. Yana ƙirƙirar haɗin TCP guda biyu, ɗaya tsakanin abokin ciniki da FortiGate, na biyu tsakanin FortiGate da uwar garken. Wannan yana ba shi damar adana zirga-zirga, watau karɓar cikakken fayil ko shafin yanar gizo. Ana duba fayilolin don barazanar daban-daban yana farawa ne kawai bayan an adana dukkan fayil ɗin. Wannan yana ba ku damar amfani da ƙarin fasalulluka waɗanda babu su a yanayin tushen kwarara. Kamar yadda kuke gani, wannan yanayin da alama ya zama akasin Flow Based - tsaro yana taka muhimmiyar rawa a nan, kuma aikin yana ɗaukar wurin zama na baya.
Sau da yawa mutane suna tambaya: wane yanayi ya fi kyau? Amma babu cikakken girke-girke a nan. Komai koyaushe mutum ne kuma ya dogara da buƙatun ku da burin ku. Daga baya a cikin kwas ɗin zan yi ƙoƙarin nuna bambance-bambance tsakanin bayanan tsaro a cikin hanyoyin Flow da Proxy. Wannan zai taimaka maka kwatanta ayyukan da yanke shawarar wanda ya fi dacewa a gare ku.
Bari mu matsa kai tsaye zuwa bayanan martaba kuma mu fara duba Tacewar Yanar Gizo. Yana taimakawa wajen saka idanu ko bin diddigin gidajen yanar gizon masu amfani da ke ziyarta. Ina tsammanin babu buƙatar zurfafa zurfin bayanin buƙatar irin wannan bayanin a cikin abubuwan da ke faruwa a yanzu. Bari mu fi fahimtar yadda yake aiki.
Da zarar an kafa haɗin TCP, mai amfani yana amfani da buƙatar GET don neman abun ciki na takamaiman gidan yanar gizon.
Idan uwar garken gidan yanar gizon ya amsa da kyau, yana aika bayanai game da gidan yanar gizon baya. Anan ne matatar gidan yanar gizo ke shiga cikin wasa. Yana tabbatar da abubuwan da ke cikin wannan martanin Lokacin tabbatarwa, FortiGate yana aika buƙatu na ainihi zuwa Cibiyar Rarrabawar FortiGuard (FDN) don tantance nau'in gidan yanar gizon da aka bayar. Bayan kayyade nau'in gidan yanar gizo na musamman, tacewar gidan yanar gizo, dangane da saitunan, yana aiwatar da takamaiman aiki.
Akwai ayyuka guda uku da ake samu a yanayin Flow:
- Izinin - ba da damar shiga gidan yanar gizon
- Toshe - toshe damar shiga gidan yanar gizon
- Saka idanu - ba da damar shiga gidan yanar gizon kuma yi rikodin shi a cikin rajistan ayyukan
A cikin yanayin wakili, ana ƙara ƙarin ayyuka biyu:
- Gargaɗi - ba mai amfani da gargaɗin cewa yana ƙoƙarin ziyartar wata hanya kuma ya ba mai amfani zaɓi - ci gaba ko barin gidan yanar gizon.
- Tabbatar - Nemi bayanan shaidar mai amfani - wannan yana ba wa wasu ƙungiyoyi damar samun damar ƙuntataccen rukunan yanar gizo.
A shafin za ka iya duba duk rukunoni da ƙananan rukunoni na matatar gidan yanar gizo, da kuma gano wane nau'in gidan yanar gizo na musamman yake. Kuma gabaɗaya, wannan kyakkyawan rukunin yanar gizo ne mai amfani ga masu amfani da mafita na Fortinet, Ina ba ku shawarar ku san shi sosai a cikin lokacinku na kyauta.
Akwai kadan abin da za a iya faɗi game da Control Application. Kamar yadda sunan ya nuna, yana ba ku damar sarrafa ayyukan aikace-aikacen. Kuma yana yin haka ta amfani da alamu daga aikace-aikace daban-daban, waɗanda ake kira sa hannu. Yin amfani da waɗannan sa hannun, zai iya gano takamaiman aikace-aikacen kuma ya yi amfani da takamaiman aiki akansa:
- Izin - yarda
- Saka idanu - ba da izini kuma shiga wannan
- Toshe - haramta
- Keɓewa - yin rikodin taron a cikin rajistan ayyukan kuma toshe adireshin IP na wani ɗan lokaci
Hakanan zaka iya duba sa hannun da ke akwai akan gidan yanar gizon .
Yanzu bari mu kalli tsarin binciken HTTPS. Dangane da ƙididdiga a ƙarshen 2018, rabon zirga-zirgar HTTPS ya wuce 70%. Wato, ba tare da yin amfani da binciken HTTPS ba, za mu iya tantance kusan kashi 30% na zirga-zirgar da ke wucewa ta hanyar sadarwar. Da farko, bari mu kalli yadda HTTPS ke aiki a cikin ƙima.
Abokin ciniki ya fara buƙatar TLS zuwa sabar gidan yanar gizon kuma ya karɓi amsawar TLS, kuma yana ganin takaddun shaida na dijital wanda dole ne a amince da wannan mai amfani. Wannan shine mafi ƙarancin abin da muke buƙatar sani game da yadda HTTPS ke aiki; a zahiri, yadda yake aiki ya fi rikitarwa. Bayan musafaha TLS mai nasara, rufaffen bayanai ya fara. Kuma wannan yana da kyau. Babu wanda zai iya samun dama ga bayanan da kuke musayar tare da sabar gidan yanar gizo.
Duk da haka, ga jami'an tsaro na kamfani wannan babban ciwon kai ne, tun da ba za su iya ganin wannan zirga-zirga ba kuma su duba abubuwan da ke ciki ko dai tare da riga-kafi, ko tsarin rigakafin kutse, ko tsarin DLP, ko wani abu. Wannan kuma yana yin mummunar tasiri ga ingancin ma'anar aikace-aikace da albarkatun yanar gizon da aka yi amfani da su a cikin hanyar sadarwa - daidai abin da ya shafi batun darasin mu. An tsara fasahar binciken HTTPS don magance wannan matsalar. Asalinsa mai sauqi ne - a zahiri, na'urar da ke gudanar da binciken HTTPS ta shirya wani harin Mutum A Tsakiyar Tsakiya. Yana kama da wani abu kamar haka: FortiGate yana katse buƙatar mai amfani, yana tsara haɗin HTTPS tare da shi, sannan ya buɗe zaman HTTPS tare da albarkatun mai amfani. A wannan yanayin, takardar shaidar da FortiGate ta bayar za ta kasance a bayyane akan kwamfutar mai amfani. Dole ne a amince da mai bincike don ba da damar haɗin kai.
A zahiri, binciken HTTPS abu ne mai rikitarwa kuma yana da iyakoki da yawa, amma ba za mu yi la'akari da wannan a cikin wannan karatun ba. Zan ƙara kawai cewa aiwatar da binciken HTTPS ba batun mintuna bane; yawanci yana ɗaukar kusan wata ɗaya. Wajibi ne a tattara bayanai game da keɓancewar da ake buƙata, yin saitunan da suka dace, tattara ra'ayi daga masu amfani, da daidaita saitunan.
An gabatar da ka'idar da aka bayar, da kuma sashin aiki, a cikin wannan darasi na bidiyo:
A darasi na gaba za mu duba wasu bayanan tsaro: riga-kafi da tsarin rigakafin kutse. Domin kar a rasa shi, bi sabuntawa akan tashoshi masu zuwa:
source: www.habr.com