dubawa. Menene shi, me ake ci da shi, ko a taƙaice game da babban abu

Sannu, ya ku masu karatun Habr! Wannan shafin yanar gizon kamfani ne TS Magani. Mu masu haɗa tsarin ne kuma galibi ƙware ne a cikin hanyoyin tsaro na kayan aikin IT (Duba Point, Sojoji) da tsarin nazarin bayanan na'ura (Splunk). Za mu fara blog ɗin mu tare da ɗan gajeren gabatarwa ga fasahar Check Point.

Mun daɗe muna tunanin ko yana da daraja rubuta wannan labarin, saboda ... babu wani sabon abu a cikinsa da ba a iya samunsa a Intanet. Duk da haka, duk da irin wannan yalwar bayanai, lokacin aiki tare da abokan ciniki da abokan tarayya, sau da yawa muna jin tambayoyi iri ɗaya. Saboda haka, an yanke shawarar rubuta wani nau'i na gabatarwa ga duniyar fasahar Check Point da bayyana ainihin gine-ginen hanyoyin magance su. Kuma duk wannan yana cikin tsarin “kananan” post ɗaya, balaguron gaggawa, don yin magana. Bugu da ƙari, za mu yi ƙoƙarin kada mu shiga yaƙe-yaƙe na tallace-tallace, saboda ... Mu ba dillalai bane, amma kawai mai haɗa tsarin tsarin (ko da yake muna son Check Point) kuma za mu kalli mahimman abubuwan kawai ba tare da kwatanta su da sauran masana'antun (kamar Palo Alto, Cisco, Fortinet, da sauransu). Labarin ya juya ya zama mai tsayi sosai, amma ya ƙunshi yawancin tambayoyin a matakin fahimtar da Check Point. Idan kuna sha'awar, to, maraba da zuwa cat...

UTM/NGFW

Lokacin fara tattaunawa game da Check Point, wurin farko da za a fara shine tare da bayanin menene UTM da NGFW da yadda suka bambanta. Za mu yi haka a takaice don kada sakon ya yi tsayi da yawa (watakila nan gaba za mu yi la'akari da wannan batu dalla-dalla).

UTM - Haɗin kai Gudanar da Barazana

A taƙaice, ainihin UTM shine ƙarfafa kayan aikin tsaro da yawa a cikin bayani ɗaya. Wadancan. duk abin da ke cikin akwati ɗaya ko wani nau'i na duk ya haɗa. Menene ma'anar "magungunan da yawa"? Zaɓin da aka fi sani shine: Firewall, IPS, Proxy (Tace URL), Antivirus mai yawo, Anti-Spam, VPN da sauransu. Duk wannan an haɗa shi a cikin bayani guda ɗaya na UTM, wanda ya fi sauƙi dangane da haɗin kai, daidaitawa, gudanarwa da kuma kulawa, kuma wannan yana da tasiri mai kyau a kan cikakken tsaro na cibiyar sadarwa. Lokacin da mafita na UTM ya fara bayyana, an yi la'akari da su kawai don ƙananan kamfanoni, saboda ... UTMs ba za su iya sarrafa ɗimbin cunkoso ba. Wannan ya faru ne saboda dalilai guda biyu:

1. Hanyar sarrafa fakiti. Sigar farko na mafita na UTM sun sarrafa fakiti bi-da-bi, kowane “module”. Misali: da farko fakitin ana sarrafa shi ta hanyar Firewall, sannan IPS, sannan Anti-Virus ana duba shi, da sauransu. A dabi'ance, irin wannan tsarin ya gabatar da jinkiri mai tsanani a cikin zirga-zirga da kuma cinye albarkatun tsarin sosai (mai sarrafawa, ƙwaƙwalwar ajiya).
2. Kayan aiki mara ƙarfi. Kamar yadda aka ambata a sama, sarrafa fakiti na jeri yana cinye albarkatu sosai kuma kayan aikin wancan lokacin (1995-2005) ba za su iya jure wa manyan zirga-zirga ba.

Amma ci gaban bai tsaya cak ba. Tun daga wannan lokacin, ƙarfin kayan aiki ya karu sosai, kuma sarrafa fakiti ya canza (dole ne a yarda cewa ba duk masu siyarwa bane ke da shi) kuma sun fara ba da izinin bincike kusan lokaci guda a cikin nau'ikan kayayyaki da yawa a lokaci ɗaya (ME, IPS, AntiVirus, da sauransu). Hanyoyin UTM na zamani na iya "narke" dubun har ma da ɗaruruwan gigabits a cikin yanayin bincike mai zurfi, wanda ya sa ya yiwu a yi amfani da su a cikin ɓangaren manyan kasuwancin ko ma cibiyoyin bayanai.

A ƙasa akwai sanannen Gartner Magic Quadrant don mafita na UTM don Agusta 2016:

Ba zan yi sharhi da yawa a kan wannan hoton ba, zan ce kawai shugabannin suna a kusurwar dama ta sama.

NGFW - Wutar Wuta ta Gaba

Sunan yana magana da kansa - Tacewar zaɓi na gaba na gaba. Wannan ra'ayi ya bayyana da yawa daga baya fiye da UTM. Babban ra'ayin NGFW shine zurfin bincike na fakiti (DPI) ta amfani da ginanniyar IPS da ikon samun dama a matakin aikace-aikacen (Ikon Aikace-aikacen). A wannan yanayin, IPS shine ainihin abin da ake buƙata don gano wannan ko waccan aikace-aikacen a cikin rafi na fakiti, wanda ke ba ku damar ba da izini ko hana shi. Misali: Za mu iya ƙyale Skype yayi aiki, amma hana canja wurin fayil. Za mu iya haramta amfani da Torrent ko RDP. Ana kuma tallafawa aikace-aikacen yanar gizo: Kuna iya ba da damar shiga VK.com, amma hana wasanni, saƙonni ko kallon bidiyo. Mahimmanci, ingancin NGFW ya dogara da adadin aikace-aikacen da zai iya ganowa. Mutane da yawa sun yi imanin cewa fitowar ra'ayi na NGFW wata dabara ce ta tallace-tallace ta yau da kullum game da abin da kamfanin Palo Alto ya fara ci gaba da sauri.

Gartner Magic Quadrant na NGFW na Mayu 2016:

UTM vs NGFW

Tambaya ta gama gari ita ce, wanne ya fi? Babu tabbataccen amsa anan kuma ba zai iya zama ba. Musamman la'akari da cewa kusan dukkanin hanyoyin UTM na zamani sun ƙunshi ayyukan NGFW kuma yawancin NGFWs sun ƙunshi ayyuka masu mahimmanci ga UTM (Antivirus, VPN, Anti-Bot, da dai sauransu). Kamar koyaushe, "shaidan yana cikin cikakkun bayanai," don haka da farko kuna buƙatar yanke shawarar abin da kuke buƙata musamman kuma ku yanke shawara akan kasafin ku. Dangane da waɗannan yanke shawara, ana iya zaɓar zaɓuɓɓuka da yawa. Kuma komai yana buƙatar gwadawa ba tare da shakka ba, ba tare da gaskata kayan talla ba.

Mu, bi da bi, a cikin da yawa articles, za mu yi kokarin magana game da Check Point, yadda za ka iya gwada shi da kuma abin da, bisa manufa, za ka iya gwada (kusan duk ayyuka).

Ƙungiyoyin Dubawa Uku

Lokacin aiki tare da Check Point, tabbas zaku haɗu da abubuwa uku na wannan samfur:

1. Ƙofar Tsaro (SG) - ƙofar tsaro kanta, wanda yawanci ana shigar da shi akan kewayen hanyar sadarwa kuma yana aiwatar da ayyukan tacewar zaɓi, riga-kafi mai gudana, antibot, IPS, da sauransu.
2. Sabar Gudanar da Tsaro (SMS) - uwar garken sarrafa ƙofa. Kusan duk saituna akan hanyar ƙofar (SG) ana yin su ta amfani da wannan uwar garken. SMS kuma na iya aiki azaman Sabar Log da sarrafa su tare da ginanniyar nazarin abubuwan da suka faru da tsarin daidaitawa - Smart Event (mai kama da SIEM don Check Point), amma ƙari akan wancan daga baya. Ana amfani da SMS don sarrafa ƙofofin da yawa (yawan ƙofofin ya dogara da ƙirar SMS ko lasisi), amma ana buƙatar amfani da shi koda kuwa ƙofa ɗaya ne kawai. Ya kamata a lura a nan cewa Check Point na ɗaya daga cikin na farko da suka yi amfani da irin wannan tsarin gudanarwa na tsakiya, wanda aka amince da shi a matsayin "ma'auni na zinariya" bisa ga rahotannin Gartner shekaru da yawa a jere. Akwai ma abin dariya: "Idan Cisco yana da tsarin gudanarwa na yau da kullun, to Check Point ba zai taɓa bayyana ba."
3. Smart Console - na'urar wasan bidiyo na abokin ciniki don haɗi zuwa uwar garken gudanarwa (SMS). Yawanci shigar akan kwamfutar mai gudanarwa. Duk canje-canje akan uwar garken gudanarwa ana yin su ta wannan na'ura wasan bidiyo, kuma bayan haka zaku iya amfani da saitunan zuwa hanyoyin tsaro (Manufar Shigarwa).

   

Duba Ma'auni Mai Aiki

Da yake magana game da tsarin aiki na Check Point, zamu iya tunawa guda uku a lokaci ɗaya: IPSO, SPLAT da GAIA.

1. IPS - tsarin aiki na Ipsilon Networks, wanda mallakar Nokia ne. A cikin 2009, Check Point ya sayi wannan kasuwancin. Babu cigaba.
2. SPLAT - Duba ci gaban Point na kansa, dangane da kernel na RedHat. Babu cigaba.
3. Gaia - tsarin aiki na yanzu daga Check Point, wanda ya bayyana sakamakon hadewar IPS da SPLAT, wanda ya haɗa dukkan mafi kyau. Ya bayyana a cikin 2012 kuma yana ci gaba da haɓakawa.

Da yake magana game da Gaia, ya kamata a ce cewa a halin yanzu mafi yawan sigar ita ce R77.30. Kwanan nan, nau'in R80 ya bayyana, wanda ya bambanta sosai da na baya (duka cikin sharuddan aiki da sarrafawa). Za mu keɓe wani rubutu na dabam ga batun bambancinsu. Wani muhimmin batu shi ne cewa a halin yanzu kawai nau'in R77.10 yana da takardar shaidar FSTEC, kuma nau'in R77.30 ana ba da shaida.

Zaɓuɓɓukan aiwatarwa (Check Point Appliance, Injin Virtual, OpenServer)

Babu wani abin mamaki a nan, kamar yawancin dillalai, Check Point yana da zaɓuɓɓukan samfur da yawa:

1. nema - hardware da software na'urar, watau. nasa "yankin ƙarfe". Akwai nau'i-nau'i da yawa waɗanda suka bambanta a cikin aiki, aiki da ƙira (akwai zaɓuɓɓuka don cibiyoyin sadarwar masana'antu).

   

2. Virtual Machine - Duba injin kama-da-wane tare da Gaia OS. Ana tallafawa Hypervisors ESXi, Hyper-V, KVM. An ba da izini ta adadin kayan aikin sarrafawa.
3. OpenServer - shigar da Gaia kai tsaye a kan uwar garke a matsayin babban tsarin aiki (abin da ake kira "Bare karfe"). Wasu kayan masarufi ne kawai ake tallafawa. Akwai shawarwari don wannan kayan aikin da dole ne a bi, in ba haka ba matsaloli tare da direbobi da kayan fasaha na iya tasowa. goyon baya na iya ƙi yi muku hidima.

Zaɓuɓɓukan aiwatarwa (Rabawa ko Tsaye)

A ɗan ƙarami mun riga mun tattauna menene ƙofa (SG) da sabar gudanarwa (SMS). Yanzu bari mu tattauna zaɓuɓɓukan aiwatar da su. Akwai manyan hanyoyi guda biyu:

1. Kadan (SG+SMS) - zaɓi lokacin da aka shigar da ƙofa da uwar garken gudanarwa a cikin na'ura ɗaya (ko injin kama-da-wane).

   
   
   Wannan zaɓin ya dace idan kana da ƙofa guda ɗaya kawai wacce aka ɗora da sauƙi tare da zirga-zirgar mai amfani. Wannan zabin shine mafi tattalin arziki, saboda ... babu buƙatar siyan sabar gudanarwa (SMS). Koyaya, idan ƙofar yana da nauyi sosai, zaku iya ƙarewa da tsarin sarrafa “hankali”. Sabili da haka, kafin zaɓar mafita na Standalone, yana da kyau a tuntuɓi ko ma gwada wannan zaɓi.

2. Rarraba - an shigar da uwar garken gudanarwa daban daga ƙofa.

   
   
   Mafi kyawun zaɓi dangane da dacewa da aiki. Ana amfani dashi lokacin da ya zama dole don sarrafa ƙofofin da yawa lokaci ɗaya, misali na tsakiya da na reshe. A wannan yanayin, kana buƙatar siyan uwar garken gudanarwa (SMS), wanda kuma zai iya kasancewa a cikin nau'i na kayan aiki ko na'ura mai mahimmanci.

Kamar yadda na fada a sama, Check Point yana da nasa tsarin SIEM - Smart Event. Kuna iya amfani da shi kawai idan akwai Rarraba shigarwa.

Hanyoyin aiki (Bridge, Roted)
Ƙofar Tsaro (SG) na iya aiki ta manyan hanyoyi guda biyu:

• Yankare - zaɓi na kowa. A wannan yanayin, ana amfani da ƙofar a matsayin na'urar L3 da kuma hanyoyin zirga-zirga ta kanta, watau. Duba Point shine tsohuwar ƙofa don cibiyar sadarwa mai kariya.
• Bridge - m yanayin. A wannan yanayin, an shigar da ƙofar a matsayin "gada" na yau da kullum kuma yana wucewa ta hanyar zirga-zirga a matakin na biyu (OSI). Ana amfani da wannan zaɓi galibi lokacin da babu yuwuwar (ko sha'awa) don canza abubuwan more rayuwa. A zahiri ba lallai ne ku canza yanayin cibiyar sadarwa ba kuma kada kuyi tunanin canza adireshin IP.

Ina so in lura cewa a cikin Yanayin Gadar akwai wasu iyakoki dangane da ayyuka, don haka mu, a matsayin mai haɗawa, ba da shawara ga duk abokan cinikinmu suyi amfani da yanayin Routed, ba shakka, idan zai yiwu.

Duba Point Software Blades

Mun kusan kai ga muhimmin batu na Check Point, wanda ke haifar da mafi yawan tambayoyi tsakanin abokan ciniki. Menene waɗannan "ruwan software"? Wuta tana nufin wasu ayyuka na Check Point.

Ana iya kunna ko kashe waɗannan ayyuka dangane da bukatun ku. A lokaci guda, akwai ruwan wukake waɗanda aka kunna keɓance akan ƙofar (Network Security) kuma akan uwar garken gudanarwa kawai. Hotunan da ke ƙasa suna nuna misalai na shari'o'i biyu:

1) Domin Tsaron Sadarwa (ayyukan ƙofa)

Mu bayyana shi a takaice, domin... kowane ruwa ya cancanci labarinsa.

• Firewall - aikin Tacewar zaɓi;
• IPSec VPN - gina hanyoyin sadarwa masu zaman kansu;
• Hannun Wayar hannu - damar nesa daga na'urorin hannu;
• IPS - tsarin rigakafin kutse;
• Anti-Bot - kariya daga hanyoyin sadarwar botnet;
• AntiVirus - riga-kafi mai yawo;
• AntiSpam & Tsaron Imel - kariya ga imel na kamfani;
• Fadakarwa na Identity - haɗin kai tare da sabis na Directory Active;
• Kulawa - saka idanu kusan duk sigogin ƙofa (nauyi, bandwidth, matsayin VPN, da sauransu)
• Ikon Aikace-aikacen - Tacewar wuta matakin matakin aikace-aikace (aikin NGFW);
• Tacewar URL - Tsaron gidan yanar gizo (+ayyukan wakili);
• Rigakafin asarar bayanai - kariya daga leken bayanai (DLP);
• Barazana Emulation - fasahar sandbox (SandBox);
• Haɓakar Barazana - fasahar tsabtace fayil;
• QoS - fifikon zirga-zirga.

A cikin 'yan labarai kawai za mu dauki cikakken bayani game da nuna nuna barazanar da ke barazanar, na tabbata hakan zai zama mai ban sha'awa.

2) Domin Gudanarwa (ayyukan sarrafa uwar garken)

• Gudanar da Manufofin hanyar sadarwa - sarrafa manufofin tsakiya;
• Gudanar da Manufofin Ƙarshen Ƙarshen - gudanarwa na wakilai na Check Point (eh, Check Point yana samar da mafita ba kawai don kariya ta hanyar sadarwa ba, har ma don kare wuraren aiki (PCs) da wayoyin hannu);
• Logging & Status - tarawa na tsakiya da sarrafa rajistan ayyukan;
• Portal Gudanarwa - sarrafa tsaro daga mai binciken;
• Gudun aiki - iko akan canje-canjen manufofin, duba canje-canje, da dai sauransu;
• Jagorar mai amfani - haɗin kai tare da LDAP;
• Bayarwa - sarrafa kansa na sarrafa ƙofa;
• Smart Reporter - tsarin rahoto;
• Smart Event - bincike da daidaita abubuwan da suka faru (SIEM);
• Yarda - yana bincika saituna ta atomatik kuma yana ba da shawarwari.

Ba za mu yi la'akari da batutuwan lasisi dalla-dalla ba a yanzu, don kada mu kumbura labarin kuma kada ku dame mai karatu. Wataƙila za mu buga wannan a wani rubutu na dabam.

Gine-gine na ruwan wukake yana ba ku damar amfani da ayyukan da kuke buƙata kawai, wanda ke shafar kasafin kuɗi na bayani da kuma aikin gaba ɗaya na na'urar. Yana da ma'ana cewa yawancin ruwan wukake da kuka kunna, ƙarancin zirga-zirgar zirga-zirgar da za ku iya "shiga ciki". Abin da ya sa aka makala teburin wasan kwaikwayon mai zuwa ga kowane samfurin Check Point (mun ɗauki halayen ƙirar 5400 a matsayin misali):

Kamar yadda kake gani, akwai nau'ikan gwaje-gwaje guda biyu a nan: akan zirga-zirgar roba da kan zirga-zirgar gaske - gauraye. Gabaɗaya magana, Check Point ana kawai tilastawa buga gwaje-gwajen roba, saboda... wasu dillalai suna amfani da irin waɗannan gwaje-gwaje a matsayin maƙasudi, ba tare da yin la'akari da aikin hanyoyin magance su akan zirga-zirgar ababen hawa ba (ko da gangan suna ɓoye irin waɗannan bayanan saboda yanayin rashin gamsuwa).

A kowane nau'in gwaji, zaku iya lura da zaɓuɓɓuka da yawa:

1. gwada kawai don Firewall;
2. Gwajin Firewall+IPS;
3. Firewall+IPS+NGFW (Mai sarrafa aikace-aikace);
4. gwada Firewall+Control Application+URL Filtering+IPS+Antivirus+Anti-Bot+SandBlast (akwatin sandbox)

Duba a hankali a waɗannan sigogi lokacin zabar maganin ku, ko tuntuɓar ku shawara.

Ina tsammanin anan ne zamu iya gama labarin gabatarwa akan fasahar Check Point. Na gaba, za mu duba yadda zaku iya gwada Check Point da yadda ake magance barazanar tsaro na bayanan zamani (viruses, phishing, ransomware, zero-day).

PS Wani muhimmin batu. Duk da asalinsa na waje (Isra'ila), an tabbatar da maganin a cikin Tarayyar Rasha ta hanyar hukumomin gudanarwa, wanda ke ba da izinin kasancewarsa a cikin cibiyoyin gwamnati kai tsaye. Denyemall).

Masu amfani da rajista kawai za su iya shiga cikin binciken. Shigadon Allah.

Wadanne kayan aikin UTM/NGFW kuke amfani da su?

• Duba Point

• Cisco Firepower

• Sojoji

• Palo Alto

• Sophos

• Dell SonicWALL

• Huawei

• WatchGuard

• Juniper

• UserGate

• Mai duba zirga-zirga

• Rubicon

• Ideco

• Maganin OpenSource

• Sauran

Masu amfani 134 sun kada kuri'a. Masu amfani 78 sun kaurace.

source: www.habr.com