Nyob zoo! Zoo siab txais tos rau zaj lus qhia thib rau ntawm chav kawm Cov. Nyob rau peb tau paub txog cov hauv paus ntawm kev ua haujlwm nrog NAT thev naus laus zis ntawm , thiab tseem tso tawm peb cov neeg siv sim mus rau hauv Internet. Tam sim no nws yog lub sijhawm los saib xyuas tus neeg siv kev nyab xeeb hauv nws qhov chaw qhib. Hauv zaj lus qhia no peb yuav saib cov kev ruaj ntseg hauv qab no: Web Filtering, Application Control, thiab HTTPS tshuaj xyuas.
Txhawm rau pib nrog kev ruaj ntseg profiles, peb yuav tsum nkag siab ib qho ntxiv: kev tshuaj xyuas hom.
Lub neej ntawd yog Flow Based hom. Nws tshawb xyuas cov ntaub ntawv thaum lawv dhau los ntawm FortiGate yam tsis muaj buffering. Thaum lub pob ntawv tuaj txog, nws tau ua tiav thiab xa mus, tsis tas tos kom tag nrho cov ntaub ntawv lossis nplooj ntawv web yuav tsum tau txais. Nws xav tau cov peev txheej tsawg dua thiab muab kev ua tau zoo dua li Proxy hom, tab sis tib lub sijhawm, tsis yog txhua qhov kev nyab xeeb muaj nyob hauv nws. Piv txwv li, Data Leak Prevention (DLP) tsuas yog siv tau hauv Proxy hom.
Proxy hom ua haujlwm txawv. Nws tsim ob qhov kev sib txuas TCP, ib qho ntawm cov neeg siv khoom thiab FortiGate, qhov thib ob ntawm FortiGate thiab server. Qhov no tso cai rau nws kom tsis txhob muaj tsheb khiav, piv txwv li tau txais cov ntaub ntawv tiav lossis nplooj ntawv web. Kev txheeb xyuas cov ntaub ntawv rau ntau yam kev hem thawj pib tsuas yog tom qab tag nrho cov ntaub ntawv tau raug buffered. Qhov no tso cai rau koj siv cov yam ntxwv ntxiv uas tsis muaj nyob hauv Flow raws hom. Raws li koj tuaj yeem pom, hom no zoo li yog qhov sib txawv ntawm Flow Based - kev ruaj ntseg ua lub luag haujlwm tseem ceeb ntawm no, thiab kev ua tau zoo siv lub rooj zaum rov qab.
Cov neeg feem ntau nug: hom twg zoo dua? Tab sis tsis muaj daim ntawv qhia dav dav ntawm no. Txhua yam yog ib txwm yog tus kheej thiab nyob ntawm koj cov kev xav tau thiab cov hom phiaj. Tom qab hauv chav kawm kuv yuav sim qhia qhov sib txawv ntawm kev ruaj ntseg profiles hauv Flow thiab Proxy hom. Qhov no yuav pab koj sib piv cov kev ua haujlwm thiab txiav txim siab qhov twg yog qhov zoo tshaj rau koj.
Cia peb txav mus ncaj qha rau kev ruaj ntseg profiles thiab ua ntej saib Web Filtering. Nws pab saib xyuas lossis taug qab cov vev xaib twg cov neeg siv mus ntsib. Kuv xav tias tsis muaj qhov yuav tsum tau nkag mus tob rau hauv kev piav qhia qhov xav tau ntawm qhov profile hauv qhov tseeb tam sim no. Cia peb nkag siab tias nws ua haujlwm li cas.
Thaum TCP kev sib txuas tau tsim, tus neeg siv siv GET thov los thov cov ntsiab lus ntawm lub vev xaib tshwj xeeb.
Yog tias lub vev xaib server teb zoo, nws xa cov ntaub ntawv hais txog lub vev xaib rov qab. Qhov no yog qhov web lim los ua si. Nws txheeb xyuas cov ntsiab lus ntawm cov lus teb no. Thaum lub sijhawm ua pov thawj, FortiGate xa daim ntawv thov tiag tiag mus rau FortiGuard Distribution Network (FDN) txhawm rau txiav txim siab qeb ntawm lub vev xaib muab. Tom qab txiav txim siab qeb ntawm ib lub vev xaib tshwj xeeb, lub vev xaib lim, nyob ntawm qhov chaw, ua haujlwm tshwj xeeb.
Muaj peb yam ua muaj nyob rau hauv Flow mode:
- Tso cai - tso cai nkag mus rau lub vev xaib
- Thaiv - thaiv kev nkag mus rau lub vev xaib
- Saib xyuas - tso cai rau nkag mus rau lub vev xaib thiab sau nws hauv cov cav
Hauv Proxy hom, ob qho kev ua ntxiv tau ntxiv:
- Ceeb Toom - muab cov lus ceeb toom rau tus neeg siv tias nws tab tom sim mus ntsib qee qhov kev pabcuam thiab muab tus neeg siv xaiv - txuas ntxiv lossis tawm hauv lub vev xaib
- Authenticate - Thov cov neeg siv cov ntaub ntawv pov thawj - qhov no tso cai rau qee pawg nkag mus rau cov vev xaib txwv.
Rau ntawm qhov chaw koj tuaj yeem saib tag nrho cov qeb thiab cov npe ntawm lub vev xaib lim, thiab tseem paub tias qeb twg lub vev xaib tshwj xeeb yog nyob rau. Thiab feem ntau, qhov no yog qhov chaw zoo nkauj rau cov neeg siv cov kev daws teeb meem Fortinet, Kuv qhia koj kom paub nws zoo dua hauv koj lub sijhawm dawb.
Muaj tsawg heev uas tuaj yeem hais txog Daim Ntawv Thov Kev Tswj. Raws li lub npe qhia, nws tso cai rau koj los tswj cov haujlwm ntawm cov ntawv thov. Thiab nws ua qhov no siv cov qauv ntawm ntau daim ntawv thov, thiaj li hu ua kos npe. Siv cov kos npe no, nws tuaj yeem txheeb xyuas ib daim ntawv thov tshwj xeeb thiab siv qhov tshwj xeeb rau nws:
- Tso - tso cai
- Saib xyuas - tso cai thiab teev qhov no
- Thaiv - txwv
- Quarantine - sau ib qho xwm txheej hauv cov cav thiab thaiv qhov chaw nyob IP rau ib lub sijhawm
Koj tuaj yeem saib cov npe kos npe uas twb muaj lawm hauv lub vev xaib .
Tam sim no cia saib ntawm HTTPS tshuaj xyuas mechanism. Raws li kev txheeb cais ntawm qhov kawg ntawm 2018, qhov sib faib ntawm HTTPS tsheb khiav ntau dua 70%. Ntawd yog, tsis tas siv HTTPS tshuaj xyuas, peb yuav tuaj yeem txheeb xyuas tsuas yog li 30% ntawm cov tsheb khiav los ntawm lub network. Ua ntej, cia saib seb HTTPS ua haujlwm li cas hauv qhov kwv yees ntxhib.
Tus neeg siv khoom pib thov TLS rau lub vev xaib server thiab tau txais TLS cov lus teb, thiab tseem pom daim ntawv pov thawj digital uas yuav tsum tau ntseeg rau tus neeg siv no. Qhov no yog qhov tsawg kawg nkaus uas peb yuav tsum paub txog yuav ua li cas HTTPS ua haujlwm; qhov tseeb, txoj kev nws ua haujlwm yog qhov nyuaj dua. Tom qab ua tiav TLS tuav tes, encrypted cov ntaub ntawv hloov chaw pib. Thiab qhov no yog qhov zoo. Tsis muaj leej twg tuaj yeem nkag mus rau cov ntaub ntawv koj pauv nrog lub vev xaib server.
Txawm li cas los xij, rau cov tub ceev xwm kev ruaj ntseg ntawm lub tuam txhab qhov no yog qhov mob taub hau tiag tiag, vim lawv tsis tuaj yeem pom cov tsheb khiav no thiab xyuas nws cov ntsiab lus nrog antivirus, lossis kev tiv thaiv kev nkag mus, lossis DLP systems, lossis txhua yam. Qhov no tseem cuam tshuam rau qhov zoo ntawm lub ntsiab lus ntawm cov ntawv thov thiab cov kev pabcuam hauv lub vev xaib siv hauv lub network - raws nraim li cas cuam tshuam rau peb cov ntsiab lus. HTTPS tshuaj xyuas tshuab yog tsim los daws qhov teeb meem no. Nws cov ntsiab lus yog qhov yooj yim heev - qhov tseeb, ib lub cuab yeej ua haujlwm HTTPS tshuaj xyuas teeb tsa Tus Txiv Neej Hauv Nruab Nrab. Nws zoo li qhov no: FortiGate cuam tshuam tus neeg siv qhov kev thov, teeb tsa HTTPS kev sib txuas nrog nws, thiab tom qab ntawd qhib HTTPS kev sib ntsib nrog cov peev txheej uas tus neeg siv nkag mus. Hauv qhov no, daim ntawv pov thawj muab los ntawm FortiGate yuav pom ntawm tus neeg siv lub computer. Nws yuav tsum tau ntseeg siab rau qhov browser tso cai rau kev sib txuas.
Qhov tseeb, HTTPS tshuaj xyuas yog ib qho nyuaj heev thiab muaj ntau yam kev txwv, tab sis peb yuav tsis xav txog qhov no hauv chav kawm no. Kuv tsuas yog ntxiv tias kev siv HTTPS tshuaj xyuas tsis yog qhov teeb meem ntawm feeb; nws feem ntau yuav siv li ib hlis. Nws yog ib qho tsim nyog los sau cov ntaub ntawv hais txog qhov tsim nyog tshwj xeeb, ua qhov tsim nyog, sau cov lus tawm tswv yim los ntawm cov neeg siv, thiab kho qhov chaw.
Cov kev xav tau muab, nrog rau qhov ua tau zoo, tau nthuav tawm hauv zaj lus qhia video no:
Nyob rau hauv zaj lus qhia tom ntej peb yuav saib lwm yam kev ruaj ntseg profiles: antivirus thiab intrusion tiv thaiv system. Txhawm rau kom tsis txhob nco nws, ua raws cov kev hloov tshiab ntawm cov channel hauv qab no:
Tau qhov twg los: www.hab.com