Kwanan nan, zaku iya samun adadi mai yawa na kayan akan batun akan Intanet. nazarin zirga-zirga a kewayen hanyar sadarwa. A lokaci guda, saboda wasu dalilai kowa ya manta da shi gaba daya nazarin zirga-zirgar gida, wanda ba shi da mahimmanci. Wannan labarin yayi magana daidai wannan batu. Misali za mu tuna da tsohuwar Netflow (da madadinsa), duba lokuta masu ban sha'awa, yiwuwar rashin daidaituwa a cikin hanyar sadarwa kuma gano fa'idodin maganin lokacin da duk hanyar sadarwa tana aiki azaman firikwensin guda ɗaya. Kuma mafi mahimmanci, zaku iya gudanar da irin wannan bincike na zirga-zirgar gida gaba ɗaya kyauta, a cikin tsarin lasisin gwaji (45 kwanakin). Idan batun yana da ban sha'awa a gare ku, maraba zuwa cat. Idan kun kasance kasala don karantawa, to, duba gaba, zaku iya yin rajista , Inda za mu nuna kuma mu gaya muku komai (zaku iya koya game da horon samfurin mai zuwa a can).
Menene Flowmon Networks?
Da farko, Flowmon mai siyar da IT ne na Turai. Kamfanin Czech ne, yana da hedikwata a Brno (ba a tashe batun takunkumi ba). A cikin tsari na yanzu, kamfanin yana kan kasuwa tun 2007. A baya can, an san shi a ƙarƙashin alamar Invea-Tech. Don haka, a cikin duka, an kashe kusan shekaru 20 akan haɓaka samfuran da mafita.
Flowmon yana matsayin alamar A-aji. Haɓaka mafita mai ƙima don abokan ciniki na kasuwanci kuma an gane su a cikin akwatunan Gartner don Kula da Ayyukan Sadarwa da Bincike (NPMD). Bugu da ƙari, abin sha'awa, na duk kamfanonin da ke cikin rahoton, Flowmon shine kawai mai siyarwar da Gartner ya lura a matsayin mai samar da mafita don saka idanu na cibiyar sadarwa da kariya ta bayanai (Network Halayen Analysis). Ba ya fara wuri tukuna, amma saboda wannan bai tsaya kamar reshen Boeing ba.
Wadanne matsaloli samfurin ke magance?
A duniya, zamu iya bambance wuraren ayyukan da samfuran kamfanin suka warware:
- haɓaka kwanciyar hankali na hanyar sadarwa, da kuma albarkatun cibiyar sadarwa, ta hanyar rage lokacin raguwar su da rashin samuwa;
- inganta gaba ɗaya matakin aikin cibiyar sadarwa;
- kara ingancin ma'aikatan gudanarwa saboda:
- yin amfani da sabbin kayan aikin sa ido na cibiyar sadarwa na zamani dangane da bayanai game da kwararar IP;
- samar da cikakkun bayanai game da aiki da yanayin cibiyar sadarwa - masu amfani da aikace-aikacen da ke gudana akan hanyar sadarwa, bayanan da aka watsa, albarkatun hulɗa, ayyuka da nodes;
- amsa abubuwan da suka faru kafin su faru, kuma ba bayan masu amfani da abokan ciniki sun rasa sabis ba;
- rage lokaci da albarkatun da ake buƙata don gudanar da cibiyar sadarwa da kayan aikin IT;
- sauƙaƙe ayyukan gyara matsala.
- haɓaka matakin tsaro na hanyar sadarwa da albarkatun bayanai na masana'antar, ta hanyar amfani da fasahar sa hannu don gano ayyukan cibiyar sadarwa mara kyau da ƙeta, da kuma "Hare-hare na kwana-kwana";
- tabbatar da matakin SLA da ake buƙata don aikace-aikacen cibiyar sadarwa da bayanan bayanai.
Flowmon Networks Fayil ɗin Samfurin
Yanzu bari mu dubi kai tsaye a cikin fayil ɗin samfurin Flowmon Networks kuma mu gano ainihin abin da kamfani ke yi. Kamar yadda mutane da yawa suka rigaya sun yi hasashe daga sunan, babban ƙwararrun yana cikin hanyoyin magance kwararar zirga-zirgar ababen hawa, da ƙarin ƙarin samfura waɗanda ke faɗaɗa ainihin ayyukan.
A zahiri, ana iya kiran Flowmon kamfani na samfuri ɗaya, ko kuma, mafita ɗaya. Bari mu gano ko wannan yana da kyau ko mara kyau.
Jigon tsarin shine mai tarawa, wanda ke da alhakin tattara bayanai ta hanyar amfani da ka'idojin kwarara daban-daban, kamar su. NetFlow v5/v9, jFlow, sFlow, NetStream, IPFIX... Yana da matukar ma'ana cewa ga kamfani da ba shi da alaƙa da kowane masana'anta kayan aikin cibiyar sadarwa, yana da mahimmanci don ba da kasuwa samfurin duniya wanda ba a haɗa shi da kowane ma'auni ko yarjejeniya ba.
Mai tattarawa na Flowmon
Ana samun mai tarawa duka azaman uwar garken hardware kuma azaman injin kama-da-wane (VMware, Hyper-V, KVM). Ta hanyar, ana aiwatar da dandamali na kayan aiki akan sabobin DELL na musamman, wanda ke kawar da yawancin batutuwa ta atomatik tare da garanti da RMA. Abubuwan kayan masarufi kawai sune katunan kama zirga-zirgar FPGA wanda wani reshe na Flowmon ya haɓaka, wanda ke ba da damar saka idanu a cikin gudu har zuwa 100 Gbps.
Amma menene za a yi idan kayan aikin cibiyar sadarwa na yanzu ba su iya samar da kwararar inganci? Ko kuma nauyin kayan aiki ya yi yawa? Ba matsala:
Flowmon Prob
A wannan yanayin, Flowmon Networks yana ba da shawarar yin amfani da nasa binciken (Flowmon Probe), waɗanda aka haɗa zuwa cibiyar sadarwar ta tashar tashar SPAN na sauyawa ko amfani da masu rarraba TAP masu wucewa.
SPAN (tashar tashar madubi) da zaɓuɓɓukan aiwatar da TAP
A wannan yanayin, ɗanyen zirga-zirgar zirga-zirgar da ke isa Flowmon Probe an canza shi zuwa fadada IPFIX mai ɗauke da ƙari. 240 ma'auni tare da bayanai. Yayin da daidaitattun ka'idojin NetFlow da kayan aikin cibiyar sadarwa ke samarwa ya ƙunshi fiye da ma'auni 80. Wannan yana ba da damar ganin alamun yarjejeniya ba kawai a matakan 3 da 4 ba, har ma a matakin 7 bisa ga tsarin ISO OSI. Sakamakon haka, masu gudanar da hanyar sadarwa na iya sa ido kan ayyukan aikace-aikace da ka'idoji kamar su e-mail, HTTP, DNS, SMB...
A hankalce, tsarin ma'ana na tsarin yayi kama da haka:
Babban yanki na gaba dayan Flowmon Networks "halayen muhalli" shine Mai tarawa, wanda ke karɓar zirga-zirga daga kayan aikin cibiyar sadarwa ko nasa binciken (Bincike). Amma don mafita na Kasuwanci, samar da ayyuka kawai don sa ido kan zirga-zirgar hanyar sadarwa zai zama mai sauƙi. Matsalolin Open Source kuma na iya yin wannan, kodayake ba tare da irin wannan aikin ba. Darajar Flowmon ƙarin samfura ne waɗanda ke faɗaɗa ainihin ayyuka:
- koyaushe Tsaro Gane Anomaly - gano ayyukan cibiyar sadarwa mara kyau, gami da hare-hare na kwana-kwana, dangane da nazarin zirga-zirgar zirga-zirgar zirga-zirga da kuma bayanin martabar cibiyar sadarwa na yau da kullun;
- koyaushe Kulawa da Aikace-aikacen Aikace-aikace - saka idanu akan ayyukan aikace-aikacen cibiyar sadarwa ba tare da shigar da "wakilai" ba da kuma tasiri tsarin manufa;
- koyaushe Rikodin zirga-zirga - rikodin gutsuttsura na zirga-zirgar hanyar sadarwa bisa ga saitin ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙayyadaddun ƙa'idodin ADS, don ƙarin bincikar matsala da/ko binciken abubuwan tsaro na bayanai;
- koyaushe DDoS Kariya - Kariyar kewayon cibiyar sadarwa daga ƙididdigewar DoS/DDoS mai ƙarfi na hare-haren sabis, gami da harin kan aikace-aikacen (OSI L3/L4/L7).
A cikin wannan labarin, za mu dubi yadda duk abin ke aiki kai tsaye ta amfani da misalin 2 kayayyaki - Kula da Ayyukan Sadarwar Sadarwa da Bincike и Tsaro Gane Anomaly.
Bayanan farko:
- Lenovo RS 140 uwar garken tare da VMware 6.0 hypervisor;
- Hoton inji mai kama da Flowmon Collector wanda zaku iya ;
- biyu maɓallai masu goyan bayan ƙa'idodin kwarara.
Mataki 1. Sanya Flowmon Collector
Aiwatar da injin kama-da-wane akan VMware yana faruwa a daidaitaccen tsari daga samfurin OVF. Sakamakon haka, muna samun injin kama-da-wane da ke gudana CentOS kuma tare da shirye-shiryen amfani da software. Abubuwan buƙatun albarkatu na ɗan adam ne:
Abin da ya rage shi ne aiwatar da farawa ta asali ta amfani da umarnin sysconfig:
Muna saita IP akan tashar sarrafawa, DNS, lokaci, Sunan mai watsa shiri kuma yana iya haɗawa da haɗin yanar gizo na WEB.
Mataki 2. Shigar da lasisi
Ana samar da lasisin gwaji na wata ɗaya da rabi kuma ana zazzage shi tare da hoton injin kama-da-wane. Loaded via Cibiyar Kanfigareshan -> Lasisi. A sakamakon haka muna ganin:
Duk a shirye. Kuna iya fara aiki.
Mataki na 3. Saita mai karɓa akan mai tarawa
A wannan mataki, kuna buƙatar yanke shawarar yadda tsarin zai karɓi bayanai daga tushe. Kamar yadda muka fada a baya, wannan na iya zama ɗaya daga cikin ka'idojin gudana ko tashar SPAN akan maɓalli.
A cikin misalinmu, za mu yi amfani da liyafar bayanai ta amfani da ladabi NetFlow v9 da IPFIX. A wannan yanayin, mun ƙididdige adireshin IP na haɗin gwiwar Gudanarwa azaman manufa - 192.168.78.198. Ana amfani da hanyoyin sadarwa eth2 da eth3 (tare da nau'in dubawar dubawa) don karɓar kwafin zirga-zirgar “raw” daga tashar tashar SPAN ta sauya. Mun bar su su wuce, ba batun mu ba.
Na gaba, muna duba tashar mai tattarawa inda zirga-zirgar ya kamata ta tafi.
A cikin yanayinmu, mai tarawa yana sauraron zirga-zirga akan tashar jiragen ruwa UDP/2055.
Mataki 4. Haɓaka kayan aikin cibiyar sadarwa don fitarwar kwarara
Kafa NetFlow akan kayan aikin Cisco Systems ana iya kiransa aikin gama gari ga kowane mai gudanar da hanyar sadarwa. Misalin mu, za mu dauki wani abu da ba a saba gani ba. Misali, MikroTik RB2011UiAS-2HnD na'ura mai ba da hanya tsakanin hanyoyin sadarwa. Ee, abin ban mamaki, irin wannan tsarin kasafin kuɗi don ƙananan ofisoshin gida kuma yana goyan bayan ka'idojin NetFlow v5/v9 da IPFIX. A cikin saitunan, saita manufa (adireshin mai tarawa 192.168.78.198 da tashar jiragen ruwa 2055):
Kuma ƙara duk ma'auni da ke akwai don fitarwa:
A wannan lokacin muna iya cewa saitin asali ya cika. Muna duba ko zirga-zirga yana shiga tsarin.
Mataki na 5: Gwaji da Gudanar da Sabis na Ayyukan Sadarwar Yanar Gizo da Tsarin Bincike
Kuna iya bincika kasancewar zirga-zirga daga tushen a cikin sashin Cibiyar Kulawa ta Flowmon -> Sources:
Mun ga cewa bayanai suna shiga cikin tsarin. Wani lokaci bayan mai tarawa ya tara zirga-zirga, widget din zasu fara nuna bayanai:
An gina tsarin a kan ƙa'idar raguwa. Wato, mai amfani, lokacin da yake zaɓar guntun sha'awa akan zane ko jadawali, "ya faɗi" zuwa zurfin zurfin bayanan da yake buƙata:
Har zuwa bayani game da kowace hanyar sadarwa da haɗin kai:
Mataki 6. Module Tsaro Gane Anomaly
Ana iya kiran wannan ƙirar ƙila ɗaya daga cikin mafi ban sha'awa, godiya ga amfani da hanyoyin da ba sa hannu don gano abubuwan da ba su da kyau a cikin zirga-zirgar hanyar sadarwa da ayyukan cibiyar sadarwa mara kyau. Amma wannan ba kwatankwacin tsarin IDS/IPS bane. Yin aiki tare da tsarin yana farawa tare da "horarwa". Don yin wannan, mayen na musamman yana ƙayyadad da duk mahimman abubuwan haɗin yanar gizon da sabis ɗin, gami da:
- adiresoshin ƙofa, DNS, DHCP da sabar NTP,
- yin magana a cikin sassan mai amfani da uwar garken.
Bayan wannan, tsarin yana shiga cikin yanayin horo, wanda ya kasance a matsakaici daga makonni 2 zuwa wata 1. A wannan lokacin, tsarin yana haifar da zirga-zirga na asali wanda ke keɓance ga hanyar sadarwar mu. A taƙaice, tsarin yana koya:
- wanne hali ne na al'ada ga nodes na cibiyar sadarwa?
- Wadanne nau'ikan bayanai ne yawanci ana canjawa wuri kuma suna al'ada don hanyar sadarwa?
- Menene lokacin aiki na yau da kullun ga masu amfani?
- wadanne aikace-aikace ne ke gudana akan hanyar sadarwa?
- da dai sauransu..
Sakamakon haka, muna samun kayan aiki wanda ke gano duk wani abu mara kyau a cikin hanyar sadarwar mu da karkacewa daga halaye na yau da kullun. Ga wasu misalai guda biyu waɗanda tsarin ke ba ku damar ganowa:
- rarraba sabbin malware akan hanyar sadarwar da ba a gano ta sa hannun riga-kafi ba;
- gina DNS, ICMP ko wasu tunnels da watsa bayanai ta hanyar wucewa ta wuta;
- bayyanar sabuwar kwamfuta akan hanyar sadarwa tana nunawa azaman DHCP da/ko uwar garken DNS.
Bari mu ga yadda abin yake kai tsaye. Bayan an horar da tsarin ku kuma an gina tushen hanyar zirga-zirgar hanyar sadarwa, zai fara gano abubuwan da suka faru:
Babban shafi na tsarin tsarin lokaci ne da ke nuna abubuwan da suka faru. A cikin misalinmu, muna ganin ƙaƙƙarfan karu, kusan tsakanin sa'o'i 9 zuwa 16. Bari mu zaɓi shi kuma mu duba dalla-dalla.
Halin da ba a sani ba na maharin akan hanyar sadarwa yana bayyane a fili. Duk yana farawa da gaskiyar cewa mai watsa shiri tare da adireshin 192.168.3.225 ya fara binciken kwance na cibiyar sadarwa akan tashar jiragen ruwa 3389 (sabis na Microsoft RDP) kuma ya sami 14 m “masu rauni”:
и
Lamarin da aka yi rikodi mai zuwa - mai masaukin baki 192.168.3.225 ya fara wani hari na karfi da yaji don murkushe kalmomin shiga akan sabis na RDP (tashar jiragen ruwa 3389) a adiresoshin da aka gano a baya:
Sakamakon harin, an gano wata matsala ta SMTP akan ɗaya daga cikin rundunonin da aka yi kutse. A wasu kalmomi, SPAM ya fara:
Wannan misali bayyanannen nuni ne na iyawar tsarin da kuma tsarin Tsaron Gano Anomaly musamman. Yi hukunci da tasiri da kanku. Wannan yana ƙare bayanin aikin bayani.
ƙarshe
Bari mu taƙaita abubuwan da za mu iya ɗauka game da Flowmon:
- Flowmon shine mafita mai mahimmanci ga abokan cinikin kamfanoni;
- godiya ga dacewa da dacewa, ana samun tarin bayanai daga kowane tushe: kayan aiki na cibiyar sadarwa (Cisco, Juniper, HPE, Huawei ...) ko binciken ku (Flowmon Probe);
- Ƙaƙƙarfan haɓakawa na maganin yana ba ka damar fadada aikin tsarin ta hanyar ƙara sababbin kayayyaki, da kuma ƙara yawan aiki godiya ga tsarin sassaucin ra'ayi na lasisi;
- ta hanyar amfani da fasahar bincike-free sa hannu, tsarin yana ba ku damar gano hare-haren kwana-kwana ko da ba a sani ba ga riga-kafi da tsarin IDS/IPS;
- godiya ga cikakken "nuna gaskiya" dangane da shigarwa da kasancewar tsarin akan hanyar sadarwa - maganin ba zai shafi aikin sauran nodes da sassan kayan aikin ku na IT ba;
- Flowmon shine kawai mafita akan kasuwa wanda ke tallafawa sa ido kan zirga-zirga a cikin sauri zuwa 100 Gbps;
- Flowmon shine mafita ga cibiyoyin sadarwa na kowane sikelin;
- mafi kyawun farashin / aiki rabo tsakanin mafita iri ɗaya.
A cikin wannan bita, mun bincika ƙasa da 10% na jimlar aikin maganin. A cikin labarin na gaba za mu yi magana game da ragowar Flowmon Networks modules. Yin amfani da tsarin Kula da Ayyukan Aikace-aikacen azaman misali, za mu nuna yadda masu gudanar da aikace-aikacen kasuwanci za su iya tabbatar da samuwa a matakin SLA, da kuma gano matsalolin da wuri-wuri.
Har ila yau, muna so mu gayyace ku zuwa gidan yanar gizon mu (10.09.2019/XNUMX/XNUMX) wanda aka sadaukar don magance hanyoyin sadarwar Flowmon mai sayarwa. Don yin rijista, muna tambayar ku .
Shi ke nan a yanzu, na gode don sha'awar ku!
Masu amfani da rajista kawai za su iya shiga cikin binciken. don Allah.
Kuna amfani da Netflow don sa ido kan hanyar sadarwa?
-
A
-
A'a, amma na shirya
-
Babu
9 masu amfani sun kada kuri'a. Masu amfani 3 sun kaurace.
source: www.habr.com