ProHoster > Блог > Kev tswj hwm > Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu peb

Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu peb

Kab lus no yog qhov thib tsib hauv koob "Yuav Ua Li Cas Tswj Koj Cov Khoom Siv Hauv Network." Cov ntsiab lus ntawm tag nrho cov ntawv hauv koob thiab cov txuas tuaj yeem pom no.

Qhov no yuav tau mob siab rau rau Tsev Kawm Ntawv Qib Siab (Office) & Cov chaw taws teeb nkag VPN ntu.

Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu peb

Chaw ua haujlwm network tsim yuav zoo li yooj yim.

Tseeb, peb muab L2 / L3 keyboards thiab txuas rau ib leeg. Tom ntej no, peb ua tiav cov kev teeb tsa yooj yim ntawm vilans thiab lub rooj vag qub, teeb tsa yooj yim routing, txuas WiFi controllers, cov ntsiab lus nkag, nruab thiab teeb tsa ASA rau cov chaw taws teeb nkag, peb zoo siab tias txhua yam ua haujlwm. Yeej, raws li kuv twb tau sau nyob rau hauv ib qho ntawm yav dhau los cov ntawv ntawm lub voj voog no, yuav luag txhua tus tub ntxhais kawm uas tau mus kawm (thiab kawm) ob semesters ntawm chav kawm xov tooj tuaj yeem tsim thiab teeb tsa lub chaw ua haujlwm network kom nws "ua haujlwm li cas."

Tab sis qhov ntau koj kawm, qhov yooj yim dua txoj hauj lwm no pib zoo li. Rau kuv tus kheej, lub ntsiab lus no, lub ntsiab lus ntawm lub chaw ua haujlwm network tsim, tsis zoo li yooj yim, thiab hauv kab lus no kuv yuav sim piav qhia vim li cas.

Nyob rau hauv luv luv, muaj ob peb yam tseem ceeb los xav txog. Feem ntau cov xwm txheej no muaj kev tsis sib haum xeeb thiab kev sib haum xeeb tsim nyog yuav tsum tau nrhiav.
Qhov kev tsis paub tseeb no yog qhov nyuaj tshaj plaws. Yog li, hais txog kev ruaj ntseg, peb muaj ib daim duab peb sab nrog peb vertices: kev ruaj ntseg, yooj yim rau cov neeg ua haujlwm, tus nqi ntawm kev daws.
Thiab txhua zaus koj yuav tsum nrhiav kev sib haum xeeb ntawm peb qhov no.

architecture

Raws li ib qho piv txwv ntawm kev tsim qauv rau ob ntu no, ib yam li hauv cov ntawv dhau los, kuv pom zoo Cisco SAFE qauv: Enterprise Campus, Enterprise Internet Edge.

Cov no yog cov ntaub ntawv qub qub. Kuv nthuav qhia lawv ntawm no vim tias cov tswv yim tseem ceeb thiab txoj hauv kev tsis tau hloov pauv, tab sis tib lub sijhawm kuv nyiam qhov kev nthuav qhia ntau dua li hauv cov ntaub ntawv tshiab.

Yog tias tsis txhawb koj siv Cisco cov kev daws teeb meem, kuv tseem xav tias nws muaj txiaj ntsig zoo los ua tib zoo kawm cov qauv no.

Kab lus no, raws li ib txwm, tsis nyob rau hauv ib txoj kev ua txuj ua tiav, tab sis yog ib qho ntxiv rau cov ntaub ntawv no.

Thaum kawg ntawm tsab xov xwm, peb yuav txheeb xyuas Cisco SAFE chaw ua haujlwm tsim raws li cov ntsiab lus tau teev tseg ntawm no.

Tej ntsiab cai

Kev tsim ntawm lub chaw ua haujlwm network yuav tsum, ntawm chav kawm, txaus siab rau cov kev cai dav dav uas tau tham txog no nyob rau hauv tshooj "Kev ntsuas rau kev ntsuas kev tsim qauv zoo". Dhau li ntawm tus nqi thiab kev nyab xeeb, uas peb npaj siab los tham hauv tsab xov xwm no, tseem muaj peb yam uas peb yuav tsum xav txog thaum tsim (lossis hloov pauv):

  • scalability
  • yooj yim siv (managability)
  • muaj

Ntau yam tau tham txog cov chaw zov me nyuam Qhov no kuj muaj tseeb rau lub chaw ua haujlwm.

Tab sis tseem, ntu chaw ua haujlwm muaj nws tus kheej tshwj xeeb, uas yog qhov tseem ceeb los ntawm kev saib xyuas kev nyab xeeb. Lub ntsiab lus ntawm qhov tshwj xeeb no yog qhov ntu no yog tsim los muab kev pabcuam network rau cov neeg ua haujlwm (nrog rau cov neeg koom tes thiab cov qhua) ntawm lub tuam txhab, thiab yog li ntawd, nyob rau theem siab tshaj plaws ntawm kev xav txog qhov teeb meem peb muaj ob txoj haujlwm:

  • tiv thaiv lub tuam txhab cov peev txheej los ntawm kev ua phem uas tuaj yeem los ntawm cov neeg ua haujlwm (cov qhua, cov neeg koom tes) thiab los ntawm software uas lawv siv. Qhov no kuj suav nrog kev tiv thaiv kev sib txuas tsis raug cai rau lub network.
  • tiv thaiv cov tshuab thiab cov neeg siv cov ntaub ntawv

Thiab qhov no tsuas yog ib sab ntawm qhov teeb meem (los yog theej, ib qho vertex ntawm daim duab peb sab). Ntawm qhov tod tes yog cov neeg siv yooj yim thiab tus nqi ntawm cov kev daws teeb meem siv.

Cia peb pib los ntawm saib dab tsi tus neeg siv xav tau los ntawm lub chaw ua haujlwm niaj hnub no.

Amenities

Nov yog qhov "network amenities" zoo li rau tus neeg siv chaw ua haujlwm hauv kuv lub tswv yim:

  • Mobility
  • Muaj peev xwm siv tag nrho cov cuab yeej paub thiab kev ua haujlwm
  • Yooj yim nkag mus rau tag nrho cov tuam txhab tsim nyog cov peev txheej
  • Muaj cov peev txheej hauv Internet, suav nrog ntau yam kev pabcuam huab
  • "Kev ua haujlwm ceev" ntawm lub network

Tag nrho cov no siv rau cov neeg ua haujlwm thiab cov qhua (lossis cov neeg koom tes), thiab nws yog txoj haujlwm ntawm lub tuam txhab engineers kom sib txawv nkag mus rau cov neeg siv sib txawv raws li kev tso cai.

Cia peb saib ntawm txhua qhov ntawm no hauv ib qho me ntsis ntxiv.

Mobility

Peb tab tom tham txog lub sijhawm ua haujlwm thiab siv tag nrho cov tuam txhab tsim nyog los ntawm txhua qhov chaw hauv ntiaj teb (qhov tseeb, qhov twg hauv Is Taws Nem muaj).

Qhov no siv tag nrho rau lub chaw ua haujlwm. Qhov no yog qhov yooj yim thaum koj muaj sijhawm los ua haujlwm txuas ntxiv los ntawm txhua qhov chaw hauv chaw ua haujlwm, piv txwv li, tau txais ntawv xa tuaj, sib txuas lus hauv tus neeg xa xov liaison, muaj rau kev hu xov tooj, ... Yog li, qhov no tso cai rau koj, ntawm ib sab, los daws qee qhov teeb meem "nyob" kev sib txuas lus (piv txwv li, koom nrog kev sib tw), thiab ntawm qhov tod tes, nyob hauv online ib txwm, khaws koj tus ntiv tes rau ntawm lub plawv thiab daws sai sai rau qee qhov haujlwm tseem ceeb tshaj plaws. Qhov no yooj yim heev thiab tiag tiag txhim kho kev sib txuas lus zoo.

Qhov no yog ua tiav los ntawm kev tsim WiFi network tsim nyog.

Lus Cim

Ntawm no cov lus nug feem ntau tshwm sim: nws puas txaus siv WiFi nkaus xwb? Qhov no puas txhais tau tias koj tuaj yeem tso tseg tsis siv Ethernet chaw nres nkoj hauv chaw ua haujlwm? Yog tias peb tab tom tham txog cov neeg siv xwb, thiab tsis yog hais txog cov servers, uas tseem tsim nyog txuas nrog lub chaw nres nkoj Ethernet, feem ntau cov lus teb yog: yog, koj tuaj yeem txwv koj tus kheej rau WiFi nkaus xwb. Tab sis muaj nuances.

Muaj cov pab pawg neeg siv tseem ceeb uas yuav tsum muaj kev sib cais. Cov no yog, ntawm chav kawm, cov thawj coj. Raws li txoj cai, kev sib txuas WiFi tsis tshua muaj kev ntseeg siab (raws li kev khiav tsheb poob) thiab qeeb dua li qhov chaw nres nkoj Ethernet. Qhov no tuaj yeem yog qhov tseem ceeb rau cov thawj coj. Tsis tas li ntawd, cov thawj coj hauv lub network, piv txwv li, tuaj yeem, hauv paus ntsiab lus, muaj lawv tus kheej Ethernet network rau kev sib txuas sab nraud.

Tej zaum yuav muaj lwm pab pawg/chaw haujlwm hauv koj lub tuam txhab uas cov xwm txheej no tseem ceeb heev.

Muaj lwm qhov tseem ceeb - xov tooj. Tej zaum yog vim li cas koj tsis xav siv Wireless VoIP thiab xav siv IP xov tooj nrog kev sib txuas Ethernet tsis tu ncua.

Feem ntau, cov tuam txhab uas kuv ua haujlwm feem ntau muaj ob qho tib si WiFi txuas thiab Ethernet chaw nres nkoj.

Kuv xav kom kev txav mus los tsis txwv rau lub chaw ua haujlwm nkaus xwb.

Txhawm rau kom muaj peev xwm ua haujlwm hauv tsev (lossis lwm qhov chaw uas siv Internet), siv VPN txuas. Nyob rau tib lub sijhawm, nws yog qhov xav tau tias cov neeg ua haujlwm tsis xav tias qhov sib txawv ntawm kev ua haujlwm hauv tsev thiab chaw ua haujlwm nyob deb, uas xav tias tib yam kev nkag mus. Peb yuav tham txog yuav ua li cas npaj qhov no me ntsis tom qab hauv tshooj "Unified centralized authentication thiab tso cai system."

Lus Cim

Feem ntau, koj yuav tsis muaj peev xwm muab cov kev pabcuam zoo ib yam rau kev ua haujlwm nyob deb uas koj muaj hauv chaw ua haujlwm. Cia peb xav tias koj tab tom siv Cisco ASA 5520 ua koj lub rooj vag VPN. cov ntawv xov xwm cov cuab yeej no muaj peev xwm ntawm "kev zom" tsuas yog 225 Mbit ntawm VPN tsheb. Qhov ntawd yog, ntawm chav kawm, hais txog bandwidth, kev sib txuas ntawm VPN yog qhov txawv ntawm kev ua haujlwm ntawm chaw ua haujlwm. Tsis tas li, yog tias, vim li cas, latency, poob, jitter (piv txwv li, koj xav siv chaw ua haujlwm IP xov tooj) rau koj cov kev pabcuam hauv network tseem ceeb, koj kuj yuav tsis tau txais qhov zoo ib yam li koj nyob hauv chaw ua haujlwm. Yog li ntawd, thaum tham txog kev txav mus los, peb yuav tsum paub txog tej yam kev txwv.

Yooj yim nkag mus rau txhua lub tuam txhab peev txheej

Txoj haujlwm no yuav tsum tau daws ua ke nrog rau lwm lub tuam tsev haujlwm.
Qhov xwm txheej zoo tshaj plaws yog thaum tus neeg siv tsuas yog xav tau kev lees paub ib zaug, thiab tom qab ntawd nws tau nkag mus rau tag nrho cov peev txheej tsim nyog.
Muab kev nkag tau yooj yim yam tsis muaj kev cuam tshuam kev ruaj ntseg tuaj yeem txhim kho kev tsim khoom thiab txo kev ntxhov siab ntawm koj cov npoj yaig.

Lus Cim 1

Kev nkag yooj yim tsis yog hais txog pes tsawg zaus koj yuav tsum nkag mus rau tus password. Yog tias, piv txwv li, raws li koj txoj cai tswjfwm kev nyab xeeb, txhawm rau txuas los ntawm chaw ua haujlwm mus rau lub chaw khaws ntaub ntawv, koj yuav tsum xub txuas mus rau lub rooj vag VPN, thiab tib lub sijhawm koj poob kev nkag mus rau chaw ua haujlwm, ces qhov no kuj tseem ceeb heev. , tsis yooj yim heev.

Lus Cim 2

Muaj cov kev pabcuam (piv txwv li, nkag mus rau cov khoom siv network) qhov twg peb feem ntau muaj peb tus kheej AAA servers thiab qhov no yog tus qauv thaum qhov no peb yuav tsum tau lees paub ntau zaus.

Muaj cov peev txheej hauv Internet

Internet tsis yog tsuas yog kev lom zem xwb, tab sis kuj yog ib qho kev pabcuam uas tuaj yeem pab tau zoo rau kev ua haujlwm. Tseem muaj tej yam puas siab puas ntsws. Ib tug neeg niaj hnub txuas nrog lwm tus neeg hauv Is Taws Nem los ntawm ntau cov xov xwm virtual, thiab hauv kuv lub tswv yim, tsis muaj dab tsi tsis ncaj ncees lawm yog tias nws tseem xav tias qhov kev sib txuas no txawm tias thaum ua haujlwm.

Los ntawm qhov kev xav ntawm nkim sij hawm, tsis muaj dab tsi tsis ncaj ncees lawm yog tias tus neeg ua haujlwm, piv txwv li, muaj Skype khiav thiab siv sijhawm 5 feeb sib txuas lus nrog tus neeg hlub yog tias tsim nyog.

Puas yog qhov no txhais tau tias Internet yuav tsum muaj nyob ib txwm muaj, qhov no puas txhais tau tias cov neeg ua haujlwm tuaj yeem nkag mus rau txhua qhov kev pabcuam thiab tsis tswj lawv txhua txoj hauv kev?

Tsis yog tsis txhais hais tias, tau kawg. Cov theem ntawm kev qhib hauv Internet tuaj yeem sib txawv rau cov tuam txhab sib txawv - los ntawm kev kaw kom tiav kom tiav qhib. Peb yuav sib tham txog txoj hauv kev los tswj kev khiav tsheb tom qab hauv ntu ntawm kev ntsuas kev nyab xeeb.

Muaj peev xwm siv tag nrho cov khoom siv paub

Nws yooj yim thaum, piv txwv li, koj muaj lub sijhawm los txuas ntxiv siv txhua txoj kev sib txuas lus uas koj tau siv los ua haujlwm. Tsis muaj teeb meem hauv kev siv qhov no. Rau qhov no koj xav tau WiFi thiab ib tug qhua wilan.

Nws kuj yog qhov zoo yog tias koj muaj sijhawm los siv lub operating system uas koj tau siv. Tab sis, hauv kuv qhov kev soj ntsuam, qhov no feem ntau tsuas yog tso cai rau cov thawj coj, cov thawj coj thiab cov tsim tawm.

Piv Txwv:

Koj tuaj yeem ua raws li txoj kev txwv, txwv tsis pub nkag mus rau tej thaj chaw deb, txwv tsis pub sib txuas ntawm cov khoom siv txawb, txwv txhua yam kom zoo li qub Ethernet kev sib txuas, txwv kev nkag mus rau Is Taws Nem, yuam kom tuav cov xov tooj ntawm tes thiab khoom siv ntawm qhov chaw kuaj xyuas ... thiab txoj hauv kev no ua tau raws li qee lub koom haum uas muaj kev ruaj ntseg ntau ntxiv, thiab tej zaum qee qhov no tej zaum yuav tsim nyog, tab sis ... koj yuav tsum pom zoo tias qhov no zoo li kev sim ua kom tsis txhob muaj kev vam meej hauv ib lub koom haum. Tau kawg, kuv xav muab cov sijhawm uas cov thev naus laus zis niaj hnub muab nrog rau qib txaus ntawm kev ruaj ntseg.

"Kev ua haujlwm ceev" ntawm lub network

Cov ntaub ntawv hloov ceev technically muaj ntau yam. Thiab qhov ceev ntawm koj qhov chaw nres nkoj txuas feem ntau tsis yog qhov tseem ceeb tshaj plaws. Kev ua haujlwm qeeb ntawm daim ntawv thov tsis yog ib txwm cuam tshuam nrog cov teeb meem hauv lub network, tab sis rau tam sim no peb tsuas yog txaus siab rau lub network. Qhov teeb meem feem ntau nrog lub network hauv zos "slowdown" yog cuam tshuam nrog pob ntawv poob. Qhov no feem ntau tshwm sim thaum muaj teeb meem hauv fwj lossis L1 (OSI). Tsis tshua muaj, nrog rau qee qhov qauv tsim (piv txwv li, thaum koj cov subnets muaj firewall raws li lub rooj vag qub thiab yog li tag nrho cov tsheb khiav mus los), kev ua haujlwm kho vajtse yuav tsis muaj.

Yog li ntawd, thaum xaiv cov cuab yeej siv thiab kev tsim vaj tsev, koj yuav tsum muaj kev sib raug zoo ntawm qhov kawg ntawm cov chaw nres nkoj, cov pob tw thiab cov khoom siv ua haujlwm.

Piv Txwv:

Cia peb xav tias koj siv cov keyboards nrog 1 gigabit ports raws li kev nkag mus rau txheej keyboards. Lawv txuas rau ib leeg ntawm Etherchannel 2 x 10 gigabits. Raws li lub rooj vag qub, koj siv lub firewall nrog cov chaw nres nkoj gigabit, txhawm rau txuas qhov twg rau L2 chaw ua haujlwm network koj siv 2 gigabit ports ua ke rau hauv Etherchannel.

Qhov no architecture yog heev yooj yim los ntawm ib tug functionality point of view, vim hais tias ... Tag nrho cov tsheb khiav mus los ntawm firewall, thiab koj tuaj yeem yooj yim tswj hwm txoj cai nkag, thiab siv cov txheej txheem nyuaj los tswj kev khiav tsheb thiab tiv thaiv kev tawm tsam (saib hauv qab), tab sis los ntawm kev nkag mus thiab kev ua tau zoo ntawm qhov kev tsim qauv no, tau kawg, muaj teeb meem tshwm sim. Yog li, piv txwv li, 2 tus tswv rub tawm cov ntaub ntawv (nrog rau qhov chaw nres nkoj ceev ntawm 1 gigabit) tuaj yeem thauj khoom tag nrho 2 gigabit kev sib txuas rau firewall, thiab yog li ua rau kev pabcuam kev puas tsuaj rau tag nrho cov chaw ua haujlwm.

Peb tau saib ntawm ib qho vertex ntawm daim duab peb sab, tam sim no cia saib seb peb tuaj yeem ua kom muaj kev ruaj ntseg.

Txhais tau tias tiv thaiv

Yog li, ntawm chav kawm, feem ntau peb lub siab nyiam (lossis theej, lub siab xav ntawm peb txoj kev tswj hwm) yog kom ua tiav qhov tsis yooj yim sua, uas yog, muab qhov yooj yim tshaj plaws nrog kev ruaj ntseg siab tshaj plaws thiab tus nqi qis kawg nkaus.

Cia peb saib seb peb yuav tsum muaj kev tiv thaiv li cas.

Rau qhov chaw ua haujlwm, kuv xav qhia cov hauv qab no:

  • zero trust mus kom ze rau tsim
  • qib siab ntawm kev tiv thaiv
  • network visibility
  • unified centralized authentication thiab tso cai system
  • tus tswv tsev kuaj xyuas

Tom ntej no, peb yuav nyob rau hauv me ntsis ntxiv nthuav dav ntawm txhua yam ntawm no.

Xoom Ntseeg

Lub ntiaj teb IT hloov pauv sai heev. Tsuas yog 10 xyoo dhau los, qhov tshwm sim ntawm cov thev naus laus zis tshiab thiab cov khoom lag luam tau ua rau muaj kev hloov kho loj ntawm cov tswv yim kev ruaj ntseg. Kaum xyoo dhau los, los ntawm kev saib xyuas kev nyab xeeb, peb tau faib lub network rau hauv kev ntseeg siab, dmz thiab thaj chaw tsis ntseeg, thiab siv lub npe hu ua "kev tiv thaiv ib puag ncig", uas muaj 2 kab kev tiv thaiv: tsis ntseeg -> dmz thiab dmz -> ntseeg. Tsis tas li, kev tiv thaiv feem ntau txwv rau kev nkag mus rau cov npe raws li L3 / L4 (OSI) headers (IP, TCP / UDP ports, TCP chij). Txhua yam cuam tshuam rau qib siab dua, suav nrog L7, tau tso rau OS thiab cov khoom lag luam ruaj ntseg tau teeb tsa rau ntawm tus tswv kawg.

Tam sim no qhov xwm txheej tau hloov pauv ntau. Lub tswv yim niaj hnub tsis ntseeg los ntawm qhov tseeb tias nws tsis tuaj yeem xav txog cov tshuab sab hauv, uas yog, cov neeg nyob hauv ib puag ncig, raws li kev ntseeg siab, thiab lub tswv yim ntawm ib puag ncig nws tus kheej tau dhau los ua qhov muag tsis pom.
Ntxiv nrog rau kev sib txuas hauv internet peb kuj muaj

  • tej thaj chaw deb nkag VPN cov neeg siv
  • Ntau yam khoom siv ntawm tus kheej, nqa laptops, txuas nrog chaw ua haujlwm WiFi
  • lwm lub chaw haujlwm (chaw haujlwm).
  • kev koom ua ke nrog huab infrastructure

Zero Trust txoj hauv kev zoo li cas hauv kev xyaum?

Qhov zoo tshaj plaws, tsuas yog cov tsheb uas yuav tsum tau tso cai yuav tsum tau tso cai thiab, yog tias peb tab tom tham txog qhov zoo tshaj plaws, kev tswj hwm yuav tsum tsis yog nyob rau theem L3 / L4 nkaus xwb, tab sis nyob rau theem kev thov.

Yog tias, piv txwv li, koj muaj peev xwm dhau tag nrho cov tsheb khiav los ntawm firewall, ces koj tuaj yeem sim kom ze rau qhov zoo tagnrho. Tab sis txoj hauv kev no tuaj yeem txo qis tag nrho bandwidth ntawm koj lub network, thiab dhau li ntawd, lim los ntawm daim ntawv thov tsis tas yuav ua haujlwm zoo.

Thaum tswj kev khiav tsheb ntawm lub router lossis L3 hloov (siv tus qauv ACLs), koj ntsib lwm yam teeb meem:

  • Qhov no tsuas yog L3/L4 filtering xwb. Tsis muaj dab tsi txwv tus neeg tawm tsam los ntawm kev siv cov chaw nres nkoj tso cai (xws li TCP 80) rau lawv daim ntawv thov (tsis yog http)
  • complex ACL tswj (ib qho nyuaj rau parse ACLs)
  • Qhov no tsis yog lub xeev firewall, txhais tau tias koj yuav tsum tau tso cai rau kev rov qab los
  • nrog cov keyboards koj feem ntau zoo nkauj nruj txwv los ntawm qhov loj ntawm TCAM, uas tuaj yeem ua teeb meem sai sai yog tias koj coj qhov "tsuas yog tso cai rau qhov koj xav tau" mus kom ze

Lus Cim

Hais txog kev rov qab tsheb, peb yuav tsum nco ntsoov tias peb muaj lub sijhawm hauv qab no (Cisco)

tso cai tcp txhua yam tsim

Tab sis koj yuav tsum nkag siab tias kab no sib npaug rau ob kab:
tso cai tcp tej ack
tso cai tcp txhua yam rst

Qhov no txhais tau hais tias txawm tias tsis muaj TCP thawj ntu nrog SYN chij (uas yog, TCP kev sib tham tsis tau pib tsim), ACL no yuav tso cai rau pob ntawv nrog tus chij ACK, uas tus neeg tawm tsam tuaj yeem siv los hloov cov ntaub ntawv.

Ntawd yog, kab no tsis muaj txoj hauv kev hloov koj lub router lossis L3 hloov mus rau hauv lub xeev firewall.

Kev tiv thaiv qib siab

В Tshooj Hauv seem ntawm cov chaw khaws ntaub ntawv, peb xav txog cov kev tiv thaiv hauv qab no.

  • stateful firewalling (default)
  • ddos/dos tiv thaiv
  • daim ntawv thov firewalling
  • Kev tiv thaiv kev hem thawj (antivirus, anti-spyware, thiab qhov tsis zoo)
  • URL lim
  • data filtering (cov ntsiab lus filtering)
  • thaiv cov ntaub ntawv (cov ntaub ntawv hom thaiv)

Hauv qhov chaw ua haujlwm, qhov xwm txheej zoo sib xws, tab sis qhov tseem ceeb yog qhov txawv me ntsis. Chaw ua hauj lwm muaj (muaj) feem ntau tsis yog ib qho tseem ceeb raws li nyob rau hauv cov ntaub ntawv ntawm ib tug chaw zov me nyuam, thaum lub sij hawm muaj feem xyuam rau "sab hauv" siab phem tsheb yog txiav txim siab ntau dua.
Yog li ntawd, cov kev tiv thaiv hauv qab no rau ntu no dhau los ua qhov tseem ceeb:

  • daim ntawv thov firewalling
  • Kev tiv thaiv kev hem thawj (tiv thaiv kab mob, tiv thaiv spyware, thiab qhov tsis zoo)
  • URL lim
  • data filtering (cov ntsiab lus filtering)
  • thaiv cov ntaub ntawv (cov ntaub ntawv hom thaiv)

Txawm hais tias tag nrho cov kev tiv thaiv no, nrog rau kev zam ntawm daim ntawv thov firewalling, tau ib txwm ua thiab txuas ntxiv mus daws qhov kawg hosts (piv txwv li, los ntawm kev txhim kho cov kev tiv thaiv kab mob) thiab siv cov npe, NGFWs niaj hnub kuj muab cov kev pabcuam no.

Cov neeg muag khoom siv kev ruaj ntseg siv zog los tsim kev tiv thaiv kev tiv thaiv, yog li nrog rau kev tiv thaiv hauv zos, lawv muaj ntau yam huab technologies thiab cov neeg siv software rau cov tswv (qhov kawg tiv thaiv / EPP). Yog li, piv txwv li, los ntawm 2018 Gartner Khawv koob Quadrant Peb pom tias Palo Alto thiab Cisco muaj lawv tus kheej EPPs (PA: Traps, Cisco: AMP), tab sis nyob deb ntawm cov thawj coj.

Ua kom cov kev tiv thaiv no (feem ntau yog los ntawm kev yuav daim ntawv tso cai) ntawm koj lub firewall tsis tas yuav tsum tau (koj tuaj yeem mus rau txoj kev ib txwm muaj), tab sis nws muab qee cov txiaj ntsig:

  • Nyob rau hauv cov ntaub ntawv no, muaj ib tug point ntawm daim ntawv thov ntawm kev tiv thaiv txoj kev, uas txhim kho visibility (saib lub ntsiab lus tom ntej).
  • Yog tias muaj cov cuab yeej tsis muaj kev tiv thaiv ntawm koj lub network, ces nws tseem poob rau hauv "lub kaus" ntawm kev tiv thaiv firewall
  • Los ntawm kev siv firewall tiv thaiv ua ke nrog kev tiv thaiv kawg ntawm tus tswv tsev, peb ua rau kom muaj feem cuam tshuam txog kev ua phem. Piv txwv li, siv kev tiv thaiv kev hem thawj ntawm cov tswv hauv zos thiab ntawm lub firewall ua rau muaj kev cuam tshuam ntawm kev tshawb pom (muab, tau kawg, tias cov kev daws teeb meem no yog raws li cov khoom siv sib txawv)

Lus Cim

Yog hais tias, piv txwv li, koj siv Kaspersky raws li ib tug antivirus ob qho tib si ntawm lub firewall thiab nyob rau hauv lub kawg hosts, ces qhov no, ntawm chav kawm, yuav tsis zoo heev ua rau kom koj muaj feem yuav tiv thaiv tau tus kab mob nyob rau hauv koj lub network.

Network pom kev

Lub tswv yim tseem ceeb yog qhov yooj yim - "saib" dab tsi tshwm sim ntawm koj lub network, ob qho tib si hauv lub sijhawm thiab cov ntaub ntawv keeb kwm.

Kuv yuav faib qhov "lub zeem muag" no ua ob pawg:

Group ib: yam koj saib xyuas qhov system feem ntau muab rau koj.

  • khoom siv thauj khoom
  • loading channels
  • kev siv nco
  • kev siv disk
  • hloov lub rooj routing
  • link xwm txheej
  • muaj cov khoom siv (los yog tus tswv)
  • ...

Pawg ob: cov ntaub ntawv ntsig txog kev nyab xeeb.

  • ntau hom kev txheeb cais (piv txwv li, los ntawm daim ntawv thov, los ntawm URL tsheb, hom ntaub ntawv twg raug rub tawm, cov ntaub ntawv neeg siv)
  • dab tsi tau thaiv los ntawm kev ruaj ntseg cov cai thiab vim li cas, uas yog
    • txwv tsis pub thov
    • txwv tsis pub raws li ip/protocol/port/flags/zones
    • kev tiv thaiv kev hem thawj
    • url lim
    • cov ntaub ntawv lim
    • thaiv cov ntaub ntawv
    • ...
  • Cov txheeb cais ntawm DOS/DDOS tawm tsam
  • ua tsis tiav kev txheeb xyuas thiab kev tso cai sim
  • txheeb cais rau tag nrho cov saum toj no kev ruaj ntseg txoj cai ua txhaum cai xwm txheej
  • ...

Hauv tshooj no ntawm kev ruaj ntseg, peb xav txog qhov thib ob.

Qee cov firewalls niaj hnub no (los ntawm kuv qhov kev paub Palo Alto) muab qhov pom tau zoo. Tab sis, tau kawg, cov tsheb uas koj xav tau yuav tsum mus dhau ntawm qhov firewall (qhov twg koj muaj peev xwm los thaiv tsheb) lossis tsom mus rau firewall (tsuas yog siv rau kev saib xyuas thiab tshuaj xyuas), thiab koj yuav tsum muaj ntawv tso cai los pab txhua tus. cov kev pabcuam no.

Muaj, ntawm chav kawm, ib txoj kev, los yog txoj kev ib txwm, piv txwv li,

  • Kev txheeb cais tuaj yeem sau los ntawm netflow thiab tom qab ntawd siv cov khoom siv tshwj xeeb rau kev txheeb xyuas cov ntaub ntawv thiab cov ntaub ntawv pom
  • Kev tiv thaiv kev hem thawj - tshwj xeeb cov kev pab cuam (anti-virus, anti-spyware, firewall) ntawm tus tswv tsev kawg
  • URL lim, lim cov ntaub ntawv, thaiv cov ntaub ntawv - ntawm npe
  • nws tseem tuaj yeem txheeb xyuas tcpdump siv e.g. hnia

Koj tuaj yeem ua ke ob txoj hauv kev no, ua tiav cov yam ntxwv uas ploj lawm lossis theej lawv los ua kom muaj feem cuam tshuam txog kev tawm tsam.

Koj yuav tsum xaiv txoj hauv kev twg?
Nws nyob ntawm qhov tsim nyog thiab nyiam ntawm koj pab neeg.
Ob leeg muaj thiab muaj pros thiab cons.

Unified centralized authentication thiab tso cai system

Thaum tsim tau zoo, kev txav mus los uas peb tau tham hauv tsab xov xwm no xav tias koj muaj kev nkag tau zoo ib yam txawm tias koj ua haujlwm hauv chaw ua haujlwm lossis los ntawm tsev, los ntawm tshav dav hlau, los ntawm lub khw kas fes lossis lwm qhov chaw (nrog rau cov kev txwv peb tau tham saum toj no). Nws yuav zoo li, qhov teeb meem yog dab tsi?
Yuav kom nkag siab zoo dua qhov nyuaj ntawm txoj haujlwm no, cia peb saib tus qauv tsim.

Piv Txwv:

  • Koj tau faib tag nrho cov neeg ua haujlwm ua pab pawg. Koj tau txiav txim siab muab kev nkag los ntawm pab pawg
  • Hauv qhov chaw ua haujlwm, koj tswj kev nkag mus rau ntawm qhov chaw ua haujlwm firewall
  • Koj tswj kev khiav tsheb los ntawm qhov chaw ua haujlwm mus rau cov ntaub ntawv chaw ntawm cov ntaub ntawv chaw firewall
  • Koj siv Cisco ASA ua lub rooj vag VPN thiab tswj kev nkag mus rau hauv koj lub network los ntawm cov neeg siv khoom nyob deb, koj siv hauv zos (ntawm ASA) ACLs

Tam sim no, cia peb hais tias koj tau hais kom ntxiv kev nkag mus rau qee tus neeg ua haujlwm. Hauv qhov no, koj raug hais kom ntxiv kev nkag rau nws nkaus xwb thiab tsis muaj lwm tus los ntawm nws pawg.

Rau qhov no peb yuav tsum tsim ib pab pawg sib cais rau cov neeg ua haujlwm no, uas yog

  • tsim ib lub pas dej IP cais ntawm ASA rau cov neeg ua haujlwm no
  • ntxiv ACL tshiab ntawm ASA thiab khi rau tus neeg siv khoom nyob deb
  • tsim cov cai tshiab kev ruaj ntseg ntawm chaw ua hauj lwm thiab cov ntaub ntawv chaw firewalls

Nws yog qhov zoo yog tias qhov xwm txheej no tsis tshua muaj. Tab sis hauv kuv qhov kev coj ua muaj qhov xwm txheej thaum cov neeg ua haujlwm tau koom nrog ntau txoj haujlwm, thiab cov txheej txheem no rau qee qhov hloov pauv ntau zaus, thiab tsis yog 1-2 tus neeg, tab sis ntau ntau. Tau kawg, ib yam dab tsi yuav tsum tau hloov ntawm no.

Qhov no tau daws raws li hauv qab no.

Peb txiav txim siab tias LDAP tsuas yog qhov tseeb uas txiav txim siab txhua tus neeg ua haujlwm nkag mus tau. Peb tsim txhua yam pab pawg uas txhais cov txheej txheem nkag, thiab peb muab txhua tus neeg siv rau ib lossis ntau pawg.

Yog li, piv txwv li, xav tias muaj pawg

  • qhua (Internet access)
  • Kev nkag mus tau yooj yim (kev nkag mus rau cov peev txheej sib koom: xa ntawv, kev paub paub, ...)
  • accounting
  • qhov project 1
  • qhov project 2
  • data base administrator
  • linux tus thawj tswj hwm
  • ...

Thiab yog tias ib tus neeg ua haujlwm tau koom nrog hauv qhov project 1 thiab project 2, thiab nws xav tau kev nkag mus rau kev tsim nyog los ua haujlwm hauv cov haujlwm no, tus neeg ua haujlwm no tau raug xa mus rau pawg hauv qab no:

  • qhua
  • kev nkag mus
  • qhov project 1
  • qhov project 2

Tam sim no peb tuaj yeem hloov cov ntaub ntawv no mus rau hauv cov khoom siv network li cas?

Cisco ASA Dynamic Access Policy (DAP) (saib www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html) kev daws teeb meem tsuas yog rau txoj haujlwm no.

Luv luv txog peb qhov kev siv, thaum lub sij hawm kev txheeb xyuas / kev tso cai, ASA tau txais los ntawm LDAP ib pawg ntawm cov neeg siv thiab "sau" los ntawm ntau lub zos ACLs (txhua qhov sib raug rau ib pab pawg) ACL dynamic nrog txhua qhov tsim nyog nkag. , uas yog tag nrho raws li peb lub siab xav.

Tab sis qhov no tsuas yog rau kev sib txuas VPN. Txhawm rau ua kom qhov xwm txheej zoo ib yam rau ob tus neeg ua haujlwm txuas nrog ntawm VPN thiab cov neeg hauv chaw ua haujlwm, cov kauj ruam hauv qab no tau ua.

Thaum txuas los ntawm chaw ua haujlwm, cov neeg siv siv 802.1x raws tu qauv tau xaus rau hauv ib tus qhua LAN (rau cov qhua) lossis ib qho LAN sib koom (rau cov neeg ua haujlwm hauv tuam txhab). Tsis tas li ntawd, kom tau txais kev nkag tau tshwj xeeb (piv txwv li, rau cov haujlwm hauv cov chaw khaws ntaub ntawv), cov neeg ua haujlwm yuav tsum txuas ntawm VPN.

Txhawm rau txuas los ntawm chaw ua haujlwm thiab hauv tsev, cov pab pawg sib txawv tau siv rau ntawm ASA. Qhov no yog qhov tsim nyog kom cov neeg sib txuas los ntawm chaw ua haujlwm, kev khiav mus rau kev sib koom ua haujlwm (siv los ntawm txhua tus neeg ua haujlwm, xws li xa ntawv, cov ntaub ntawv servers, daim pib, dns, ...) tsis mus dhau ASA, tab sis los ntawm lub network hauv zos. . Yog li, peb tsis thauj cov ASA nrog cov tsheb tsis tsim nyog, suav nrog kev siv tsheb loj.

Yog li, qhov teeb meem raug daws.
Peb tau txais

  • tib txheej kev nkag mus rau ob qho tib si kev sib txuas los ntawm chaw ua haujlwm thiab cov chaw taws teeb sib txuas
  • tsis muaj kev pabcuam degradation thaum ua haujlwm los ntawm chaw ua haujlwm cuam tshuam nrog kev sib kis ntawm kev siv tsheb ntau dhau los ntawm ASA

Yuav ua li cas lwm yam zoo ntawm txoj kev no?
Hauv kev tswj hwm kev nkag. Kev nkag tuaj yeem hloov tau yooj yim hauv ib qho chaw.
Piv txwv li, yog tias tus neeg ua haujlwm tawm hauv lub tuam txhab, ces koj tsuas yog tshem nws tawm ntawm LDAP, thiab nws cia li poob tag nrho.

Tus tswv tsev kuaj xyuas

Nrog rau qhov muaj peev xwm ntawm kev sib txuas ntawm cov chaw taws teeb, peb khiav txoj kev pheej hmoo ntawm kev tso cai tsis yog ib tus neeg ua haujlwm hauv lub tuam txhab nkaus xwb, tab sis kuj tseem muaj cov software phem uas yuav muaj nyob hauv nws lub computer (piv txwv li, hauv tsev), thiab ntxiv rau, los ntawm cov software no peb. tej zaum yuav muab kev nkag mus rau peb lub network rau tus neeg tawm tsam siv tus tswv tsev no ua tus tso npe.

Nws ua rau kev txiav txim siab rau tus tswv tsev nyob deb nroog los siv tib yam kev xav tau kev nyab xeeb raws li tus tswv tsev hauv chaw ua haujlwm.

Qhov no kuj xav tias "yog" version ntawm OS, anti-virus, anti-spyware, thiab firewall software thiab hloov tshiab. Feem ntau, lub peev xwm no muaj nyob rau ntawm lub rooj vag VPN (rau ASA pom, piv txwv li, no).

Nws kuj yog ib qho zoo siv tib yam kev tsom xam thiab thaiv cov txheej txheem (saib "Kev tiv thaiv qib siab") uas koj txoj cai ruaj ntseg siv rau hauv chaw ua haujlwm tsheb.

Nws tsim nyog xav tias koj lub chaw ua haujlwm network tsis txwv rau lub tsev ua haujlwm thiab cov tswv hauv nws.

Piv Txwv:

Cov txheej txheem zoo yog muab txhua tus neeg ua haujlwm uas xav tau kev nkag mus rau thaj chaw deb nrog lub laptop zoo, yooj yim thiab xav kom lawv ua haujlwm, ob qho tib si hauv chaw ua haujlwm thiab hauv tsev, tsuas yog los ntawm nws.

Nws tsis tsuas yog txhim kho kev ruaj ntseg ntawm koj lub network, tab sis nws kuj yog qhov yooj yim heev thiab feem ntau pom zoo los ntawm cov neeg ua haujlwm (yog tias nws yog lub laptop zoo tiag tiag, siv tau zoo).

Hais txog kev nkag siab ntawm kev faib ua feem thiab sib npaug

Yeej, qhov no yog kev sib tham txog qhov thib peb vertex ntawm peb daim duab peb sab - txog tus nqi.
Cia peb saib ib qho piv txwv hypothetical.

Piv Txwv:

Koj muaj chaw ua haujlwm rau 200 tus neeg. Koj txiav txim siab ua kom nws yooj yim thiab nyab xeeb li sai tau.

Yog li ntawd, koj txiav txim siab hla tag nrho cov tsheb khiav los ntawm firewall thiab yog li rau tag nrho cov chaw ua hauj lwm subnets lub firewall yog lub default gateway. Ntxiv rau qhov kev ruaj ntseg software ntsia ntawm txhua tus tswv tsev kawg (anti-virus, anti-spyware, thiab firewall software), koj kuj tau txiav txim siab siv txhua txoj hauv kev tiv thaiv ntawm firewall.

Txhawm rau kom muaj kev sib txuas siab ceev (tag nrho rau kev yooj yim), koj xaiv cov keyboards nrog 10 Gigabit nkag chaw nres nkoj raws li kev nkag mus, thiab kev ua haujlwm siab NGFW firewalls li firewalls, piv txwv li, Palo Alto 7K series (nrog 40 Gigabit ports), ib txwm muaj nrog txhua daim ntawv tso cai. suav nrog thiab, ib txwm muaj, ib khub Muaj Muaj.

Tsis tas li, tau kawg, ua haujlwm nrog cov cuab yeej siv no peb xav tau tsawg kawg ob peb tus kws tshaj lij kev ruaj ntseg uas tsim nyog.

Tom ntej no, koj txiav txim siab muab txhua tus neeg ua haujlwm rau lub laptop zoo.

Tag nrho, txog 10 lab daus las rau kev siv, ntau pua txhiab nyiaj (Kuv xav tias ze rau ib lab) rau kev txhawb nqa txhua xyoo thiab cov nyiaj hli rau cov kws ua haujlwm.

Chaw ua haujlwm, 200 tus neeg ...
Yooj yim? kuv xav tias yog lawm.

Koj tuaj nrog lub tswv yim no rau koj tus thawj coj ...
Tej zaum muaj ntau lub tuam txhab nyob hauv lub ntiaj teb uas qhov no yog qhov kev lees paub thiab kev daws teeb meem. Yog tias koj yog ib tus neeg ua haujlwm ntawm lub tuam txhab no, kuv zoo siab, tab sis feem ntau ntawm cov xwm txheej, kuv paub tseeb tias koj txoj kev paub yuav tsis muaj txiaj ntsig los ntawm kev tswj hwm.

Qhov piv txwv no puas yog exaggerated? Tshooj tom ntej yuav teb lo lus nug no.

Yog tias hauv koj lub network koj tsis pom ib qho ntawm cov saum toj no, ces qhov no yog cov qauv.
Rau txhua qhov tshwj xeeb, koj yuav tsum nrhiav koj tus kheej tsim nyog kev sib haum xeeb ntawm kev yooj yim, nqi thiab kev nyab xeeb. Feem ntau koj tsis xav tau NGFW hauv koj qhov chaw ua haujlwm, thiab L7 kev tiv thaiv ntawm phab ntsa tsis tas yuav tsum muaj. Nws yog txaus los muab cov theem zoo ntawm kev pom thiab kev ceeb toom, thiab qhov no tuaj yeem ua tiav siv cov khoom siv qhib, piv txwv li. Yog lawm, koj qhov kev tawm tsam rau qhov kev tawm tsam yuav tsis yog tam sim ntawd, tab sis qhov tseem ceeb tshaj plaws yog tias koj yuav pom nws, thiab nrog cov txheej txheem tsim nyog nyob rau hauv qhov chaw hauv koj lub tuam tsev, koj yuav muaj peev xwm ua kom tsis muaj zog sai.

Thiab cia kuv ceeb toom rau koj tias, raws li lub tswv yim ntawm cov kab lus no, koj tsis tau tsim lub network, koj tsuas yog sim txhim kho qhov koj tau txais.

SAFE tsom xam ntawm chaw ua haujlwm architecture

Ua tib zoo saib rau qhov square liab uas kuv tau faib ib qho chaw ntawm daim duab los ntawm SAFE Secure Campus Architecture Guideuas kuv xav tham ntawm no.

Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu peb

Qhov no yog ib qho ntawm cov chaw tseem ceeb ntawm architecture thiab yog ib qho tseem ceeb tshaj plaws tsis paub tseeb.

Lus Cim

Kuv yeej tsis tau teeb tsa lossis ua haujlwm nrog FirePower (los ntawm Cisco's firewall kab - tsuas yog ASA), yog li kuv yuav kho nws zoo li lwm qhov firewall, zoo li Juniper SRX lossis Palo Alto, piv txwv tias nws muaj peev xwm tib yam.

Ntawm cov qauv tsim ib txwm, kuv pom tsuas yog 4 txoj hauv kev siv lub firewall nrog qhov kev sib txuas no:

  • Lub rooj vag qub rau txhua lub subnet yog qhov hloov pauv, thaum lub firewall nyob rau hauv hom pob tshab (uas yog, tag nrho cov tsheb mus los ntawm nws, tab sis nws tsis tsim L3 hop)
  • lub rooj vag qub rau txhua lub subnet yog firewall sub-interfaces (lossis SVI interfaces), qhov hloov pauv ua lub luag haujlwm ntawm L2
  • VRFs sib txawv yog siv rau ntawm qhov hloov, thiab kev khiav tsheb ntawm VRFs mus los ntawm qhov hluav taws kub, kev tsheb khiav hauv ib VRF yog tswj los ntawm ACL ntawm qhov hloov
  • tag nrho cov tsheb yog mirrored rau firewall rau kev tsom xam thiab saib xyuas; tsheb tsis mus los ntawm nws

Lus Cim 1

Kev sib xyaw ntawm cov kev xaiv no yog ua tau, tab sis rau kev yooj yim peb yuav tsis xav txog lawv.

Nco tseg 2

Kuj tseem muaj peev xwm siv PBR (kev pabcuam saw hlau), tab sis tam sim no qhov no, txawm hais tias qhov kev daws teeb meem zoo nkauj hauv kuv lub tswv yim, yog qhov txawv, yog li kuv tsis xav txog nws ntawm no.

Los ntawm cov lus piav qhia ntawm cov dej ntws hauv cov ntaub ntawv, peb pom tias cov tsheb tseem mus dhau ntawm lub firewall, uas yog, raws li Cisco tsim, qhov kev xaiv thib plaub raug tshem tawm.

Cia peb saib thawj ob qho kev xaiv ua ntej.
Nrog rau cov kev xaiv no, tag nrho cov tsheb khiav mus los ntawm firewall.

Tam sim no cia saib cov ntawv xov xwm, saib Cisco GPL thiab peb pom tias yog tias peb xav kom tag nrho cov bandwidth rau peb lub chaw ua haujlwm tsawg kawg yog nyob ib ncig ntawm 10 - 20 gigabits, ces peb yuav tsum yuav 4K version.

Lus Cim

Thaum kuv tham txog tag nrho cov bandwidth, kuv txhais tau tias kev khiav ntawm subnets (thiab tsis nyob hauv ib lub vilana).

Los ntawm GPL peb pom tias rau HA Bundle nrog Threat Defense, tus nqi nyob ntawm tus qauv (4110 - 4150) txawv ntawm ~ 0,5 - 2,5 lab las.

Ntawd yog, peb tus qauv tsim pib zoo li qhov piv txwv yav dhau los.

Puas yog qhov no txhais tau tias qhov kev tsim no tsis raug?
Tsis yog, tsis tau txhais hais tias nws. Cisco muab kev tiv thaiv zoo tshaj plaws rau koj raws li cov khoom lag luam nws muaj. Tab sis qhov ntawd tsis tau txhais hais tias nws yog ib qho yuav tsum ua rau koj.

Hauv txoj ntsiab cai, qhov no yog ib lo lus nug uas tshwm sim thaum tsim lub chaw ua haujlwm lossis chaw zov me nyuam, thiab nws tsuas yog txhais tau tias yuav tsum tau nrhiav kev sib haum xeeb.

Piv txwv li, tsis txhob cia tag nrho cov tsheb khiav mus los ntawm lub firewall, qhov twg qhov kev xaiv 3 zoo li zoo nkauj rau kuv, los yog (saib tshooj dhau los) tej zaum koj tsis xav tau Kev Tiv Thaiv Kev Nyab Xeeb lossis tsis xav tau lub firewall ntawm qhov ntawd. ntu network, thiab koj tsuas yog yuav tsum txwv koj tus kheej rau kev saib xyuas tsis tu ncua siv them nyiaj (tsis kim) lossis qhib qhov kev daws teeb meem, lossis koj xav tau lub firewall, tab sis los ntawm lwm tus neeg muag khoom.

Feem ntau ib txwm muaj qhov tsis paub tseeb no thiab tsis muaj lus teb meej txog qhov kev txiav txim siab twg yog qhov zoo tshaj rau koj.
Qhov no yog qhov nyuaj thiab kev zoo nkauj ntawm txoj haujlwm no.

Tau qhov twg los: www.hab.com

Ntxiv ib saib