ProHoster > Блог > Kev tswj hwm > Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu ob

Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu ob

Kab lus no yog qhov thib plaub hauv koob "Yuav Ua Li Cas Tswj Koj Cov Txheej Txheem Network." Cov ntsiab lus ntawm tag nrho cov ntawv hauv koob thiab cov txuas tuaj yeem pom no.

В thawj ntu Hauv tshooj no, peb tau saib qee yam ntawm kev ruaj ntseg network hauv ntu Data Center. Qhov no yuav tau mob siab rau qhov "Internet Access" ntu.

Yuav ua li cas tswj koj lub network infrastructure. Tshooj peb. Kev ruaj ntseg network. Ntu ob

Internet

Lub ntsiab lus ntawm kev ruaj ntseg yog undoubtedly ib qho ntawm cov ntsiab lus nyuaj tshaj plaws nyob rau hauv lub ntiaj teb no ntawm cov ntaub ntawv network. Ib yam li yav dhau los, tsis tau thov qhov tob thiab ua tiav, Kuv yuav xav txog qhov no yooj yim heev, tab sis, hauv kuv lub tswv yim, cov lus nug tseem ceeb, cov lus teb rau qhov twg, kuv vam tias, yuav pab txhim kho qib kev ruaj ntseg ntawm koj lub network.

Thaum kuaj xyuas ntu no, ua tib zoo saib xyuas cov hauv qab no:

  • tsim
  • Kev teeb tsa BGP
  • DOS/DDOS tiv thaiv
  • kev lim dej ntawm lub firewall

tsim

Raws li ib qho piv txwv ntawm kev tsim ntawm ntu no rau kev lag luam network, kuv xav pom zoo kev ua thawj coj los ntawm Cisco hauv SAFE qauv.

Tau kawg, tej zaum qhov kev daws teeb meem ntawm lwm tus neeg muag khoom yuav zoo li ntxim nyiam rau koj (saib. Gartner Quadrant 2018), tab sis tsis tau txhawb kom koj ua raws li tus qauv tsim kom ntxaws, kuv tseem pom tias nws muaj txiaj ntsig kom nkag siab cov ntsiab lus thiab cov tswv yim tom qab nws.

Lus Cim

Hauv SAFE, ntu "Kev nkag mus rau thaj chaw deb" yog ib feem ntawm "Internet Access" ntu. Tab sis nyob rau hauv cov kab lus no peb yuav xav txog nws cais.

Cov txheej txheem txheej txheem ntawm cov khoom siv hauv ntu no rau kev lag luam network yog

  • ciam teb routers
  • firewalls

Lus Cim 1

Hauv cov kab lus no, thaum kuv tham txog firewalls, kuv txhais tau tias NGFW.

Lus Cim 2

Kuv tshem tawm kev txiav txim siab ntawm ntau yam L2 / L1 lossis overlay L2 dhau L3 cov kev daws teeb meem tsim nyog los xyuas kom meej L1 / L2 txuas thiab txwv kuv tus kheej rau cov teeb meem ntawm qib L3 thiab siab dua. Ib feem, L1/L2 teeb meem tau tham hauv tshooj “Kev ntxuav thiab cov ntaub ntawv".

Yog tias koj tsis pom lub firewall hauv ntu no, koj yuav tsum tsis txhob maj mus rau qhov xaus.

Cia peb ua tib yam li hauv yav dhau losCia peb pib nrog cov lus nug: nws puas tsim nyog siv firewall hauv ntu no hauv koj rooj plaub?

Kuv tuaj yeem hais tias qhov no zoo li yog qhov chaw ncaj ncees tshaj plaws los siv firewalls thiab siv txoj hauv kev lim cov algorithms. IN qhov 1 Peb tau hais txog 4 yam uas tuaj yeem cuam tshuam nrog kev siv firewalls hauv cov ntaub ntawv chaw ntu ntu. Tab sis ntawm no lawv tsis yog li ntawd tseem ceeb.

1 piv txwv. Ncua

Raws li kev txhawj xeeb hauv Is Taws Nem, tsis muaj lub ntsiab lus hais txog kev ncua ntawm txawm tias txog 1 millisecond. Yog li ntawd, qhov ncua sij hawm hauv ntu no tsis tuaj yeem yog qhov txwv tsis pub siv lub firewall.

2 piv txwv. Tsim tau

Qee qhov xwm txheej no tseem yuav tseem ceeb. Yog li ntawd, tej zaum koj yuav tau tso cai rau ib co tsheb khiav (piv txwv li, tsheb thauj mus los ntawm load balancers) bypass lub firewall.

3 piv txwv. Kev ntseeg tau

Qhov tseem ceeb no tseem yuav tsum tau coj mus rau hauv tus account, tab sis tseem, muab qhov tsis muaj kev ntseeg siab ntawm Internet nws tus kheej, nws qhov tseem ceeb rau ntu no tsis yog qhov tseem ceeb rau cov ntaub ntawv chaw.

Yog li, cia peb xav tias koj qhov kev pabcuam nyob rau saum http / https (nrog rau ntu luv). Hauv qhov no, koj tuaj yeem siv ob lub thawv ywj pheej (tsis muaj HA) thiab yog tias muaj teeb meem routing nrog ib qho ntawm lawv, hloov tag nrho cov tsheb mus rau qhov thib ob.

Lossis koj tuaj yeem siv firewalls hauv hom pob tshab thiab, yog tias lawv ua tsis tiav, tso cai rau kev khiav tsheb hla lub firewall thaum daws qhov teeb meem.

Yog li ntawd, feem ntau yuav cia li nqi tej zaum yuav yog qhov tseem ceeb uas yuav yuam kom koj tso tseg kev siv firewalls hauv ntu no.

Tseem ceeb!

Muaj kev ntxias kom muab cov phab ntsa no nrog cov ntaub ntawv chaw firewall (siv ib lub firewall rau cov ntu no). Txoj kev daws yog, hauv paus ntsiab lus, ua tau, tab sis koj yuav tsum nkag siab tias vim li cas Ib qho Internet Access firewall yog qhov ua ntej ntawm koj qhov kev tiv thaiv thiab "ua rau" yam tsawg kawg ntawm qee qhov kev ua phem, ces, ntawm chav kawm, koj yuav tsum tau coj mus rau hauv tus account qhov kev pheej hmoo siab uas qhov firewall no yuav raug kaw. Ntawd yog, los ntawm kev siv cov khoom siv tib yam hauv ob ntu no, koj yuav txo tau qhov muaj ntawm koj cov ntaub ntawv chaw ntu ntu.

Raws li ib txwm muaj, koj yuav tsum nkag siab tias nyob ntawm qhov kev pabcuam uas lub tuam txhab muab, tus tsim ntawm ntu no yuav txawv heev. Raws li ib txwm muaj, koj tuaj yeem xaiv ntau txoj hauv kev nyob ntawm koj qhov kev xav tau.

Piv Txwv:

Yog tias koj yog tus muab cov ntsiab lus, nrog CDN network (saib, piv txwv li, series ntawm cov khoom), ces tej zaum koj yuav tsis xav tsim infrastructure thoob plaws kaum ob los yog ntau pua lub ntsiab lus ntawm lub xub ntiag siv cov khoom siv cais rau kev taug kev thiab lim tsheb. Nws yuav kim, thiab nws tsuas yog tsis tsim nyog.

Rau BGP koj tsis tas yuav muaj cov routers tshwj xeeb, koj tuaj yeem siv cov cuab yeej qhib xws li Quag. Yog li tej zaum txhua yam koj xav tau yog server lossis ntau lub servers, hloov pauv thiab BGP.

Hauv qhov no, koj lub server lossis ntau lub servers tuaj yeem ua lub luag haujlwm tsis yog CDN server, tab sis kuj yog router. Tau kawg, tseem muaj ntau cov ntsiab lus (xws li yuav ua li cas txhawm rau txhawm rau), tab sis nws yog qhov ua tau, thiab nws yog ib txoj hauv kev uas peb tau ua tiav rau ib qho ntawm peb cov neeg koom tes.

Koj tuaj yeem muaj ntau lub chaw zov me nyuam nrog kev tiv thaiv tag nrho (firewalls, DDOS kev pab tiv thaiv muab los ntawm koj cov neeg muab kev pabcuam hauv Is Taws Nem) thiab ntau ntau lossis ntau pua ntawm cov ntsiab lus "simplified" uas muaj tsuas yog L2 keyboards thiab servers.

Tab sis li cas txog kev tiv thaiv hauv qhov no?

Cia peb saib, piv txwv li, tsis ntev los no nrov DNS Amplification DDOS nres. Nws qhov kev phom sij yog nyob rau hauv qhov tseeb tias ntau cov tsheb khiav tawm, uas tsuas yog "clogs" 100% ntawm tag nrho koj cov uplinks.

Peb muaj dab tsi nyob rau hauv cov ntaub ntawv ntawm peb tsim.

  • Yog tias koj siv AnyCast, ces cov tsheb khiav tawm ntawm koj qhov chaw nyob. Yog tias koj qhov bandwidth tag nrho yog terabits, qhov no hauv nws tus kheej tiag tiag (txawm li cas los xij, tsis ntev los no tau muaj ntau qhov kev tawm tsam nrog kev ua phem rau ntawm qhov kev txiav txim ntawm terabits) tiv thaiv koj los ntawm "dhau mus" uplinks
  • Yog hais tias, txawm li cas los xij, qee qhov uplinks ua clogged, ces koj tsuas yog tshem tawm qhov chaw no los ntawm kev pabcuam (tsis txhob tshaj tawm cov lus ua ntej)
  • koj tseem tuaj yeem nce kev sib koom ntawm kev xa mus los ntawm koj qhov "tag nrho" (thiab, raws li, tiv thaiv) cov chaw khaws ntaub ntawv, yog li tshem tawm ib feem tseem ceeb ntawm kev ua phem rau kev ua phem los ntawm cov ntsiab lus tsis muaj kev tiv thaiv.

Thiab ib daim ntawv me me ntxiv rau qhov piv txwv no. Yog tias koj xa cov tsheb khiav txaus los ntawm IXs, qhov no kuj txo koj qhov kev pheej hmoo rau kev tawm tsam

Kev teeb tsa BGP

Muaj ob lub ntsiab lus ntawm no.

  • Kev sib txuas
  • Kev teeb tsa BGP

Peb twb tau tham me ntsis txog kev sib txuas hauv qhov 1. Lub ntsiab lus yog los xyuas kom meej tias kev khiav mus rau koj cov neeg siv khoom ua raws li txoj hauv kev zoo. Txawm hais tias optimality tsis yog ib txwm hais txog latency, tsis tshua muaj latency feem ntau yog lub ntsiab qhia ntawm optimality. Rau qee lub tuam txhab qhov no tseem ceeb dua, rau lwm tus nws yog tsawg. Txhua yam nyob ntawm qhov kev pabcuam koj muab.

Piv txwv li 1

Yog tias koj yog ib qho kev sib pauv, thiab lub sijhawm ncua sij hawm tsawg dua milliseconds yog qhov tseem ceeb rau koj cov neeg siv khoom, yog li ntawd, tsis tuaj yeem tham txog txhua yam hauv Is Taws Nem.

Piv txwv li 2

Yog tias koj yog ib lub tuam txhab kev ua si thiab kaum tawm milliseconds tseem ceeb rau koj, ces, tau kawg, kev sib txuas yog qhov tseem ceeb rau koj.

Piv txwv li 3

Koj kuj yuav tsum nkag siab tias, vim yog cov khoom ntawm TCP raws tu qauv, cov ntaub ntawv hloov pauv hauv ib qho kev sib tham TCP kuj nyob ntawm RTT (Round Trip Time). CDN tes hauj lwm tseem tab tom tsim los daws qhov teeb meem no los ntawm kev txav cov ntsiab lus faib servers ze rau cov neeg siv khoom ntawm cov ntsiab lus no.

Txoj kev kawm ntawm kev sib txuas yog ib lub ntsiab lus nthuav dav hauv nws tus kheej txoj cai, tsim nyog ntawm nws tus kheej tsab xov xwm lossis cov ntawv xov xwm, thiab yuav tsum muaj kev nkag siab zoo ntawm Internet "ua haujlwm."

Cov peev txheej muaj txiaj ntsig:

ripe.net ua
bgp.he.net

Piv Txwv:

Kuv mam li muab ib qho piv txwv me me xwb.

Cia peb xav tias koj cov ntaub ntawv chaw nyob hauv Moscow, thiab koj muaj ib qho uplink - Rostelecom (AS12389). Hauv qhov no (ib leeg nyob ib leeg) koj tsis xav tau BGP, thiab koj feem ntau yuav siv lub pas dej ua ke los ntawm Rostelecom ua chaw nyob pej xeem.

Cia peb xav tias koj muab ib qho kev pabcuam, thiab koj muaj cov neeg siv khoom txaus los ntawm Ukraine, thiab lawv yws txog kev ncua ntev. Thaum koj tshawb fawb, koj pom tias tus IP chaw nyob ntawm qee tus ntawm lawv nyob hauv 37.52.0.0/21 daim phiaj.

Los ntawm kev khiav traceroute, koj pom tias cov tsheb khiav mus los ntawm AS1299 (Telia), thiab los ntawm kev khiav ping, koj tau txais qhov nruab nrab RTT ntawm 70 - 80 milliseconds. Koj tuaj yeem pom qhov no ntawm saib iav Rostelecom.

Siv whois utility (ntawm ripe.net lossis lub chaw siv hluav taws xob hauv zos), koj tuaj yeem txiav txim siab tau yooj yim tias thaiv 37.52.0.0/21 belongs rau AS6849 (Ukrtelecom).

Tom ntej no, mus rau bgp.he.net koj pom tias AS6849 tsis muaj kev sib raug zoo nrog AS12389 (lawv tsis yog cov neeg siv khoom lossis kev sib txuas rau ib leeg, lossis lawv tsis muaj kev sib raug zoo). Tab sis yog koj saib lis cov phooj ywg rau AS6849, koj yuav pom, piv txwv li, AS29226 (Mastertel) thiab AS31133 (Megafon).

Thaum koj pom cov iav saib ntawm cov chaw zov me nyuam, koj tuaj yeem sib piv txoj kev thiab RTT. Piv txwv li, rau Mastertel RTT yuav yog li 30 milliseconds.

Yog li, yog tias qhov sib txawv ntawm 80 thiab 30 milliseconds yog qhov tseem ceeb rau koj qhov kev pabcuam, tej zaum koj yuav tsum xav txog kev sib txuas, tau txais koj tus lej AS, koj qhov chaw nyob ntawm RIPE thiab txuas ntxiv uplinks thiab / lossis tsim cov ntsiab lus muaj nyob ntawm IXs.

Thaum koj siv BGP, koj tsis tsuas yog muaj lub sijhawm los txhim kho kev sib txuas, tab sis koj kuj tseem tswj hwm koj qhov kev sib txuas hauv Is Taws Nem.

Cov ntaub ntawv no muaj cov lus pom zoo rau kev teeb tsa BGP. Txawm hais tias qhov tseeb tias cov lus pom zoo no tau tsim los ntawm "kev coj ua zoo tshaj" ntawm cov neeg muab kev pabcuam, tseem (yog tias koj qhov BGP teeb tsa tsis yog qhov yooj yim) lawv yog qhov tseem ceeb thiab qhov tseeb yuav tsum yog ib feem ntawm hardening uas peb tau tham hauv thawj ntu.

DOS/DDOS tiv thaiv

Tam sim no DOS / DDOS tawm tsam tau dhau los ua qhov tseeb txhua hnub rau ntau lub tuam txhab. Qhov tseeb, koj raug tawm tsam ntau zaus hauv ib daim ntawv lossis lwm qhov. Qhov tseeb tias koj tseem tsis tau pom qhov no tsuas yog txhais tau hais tias lub hom phiaj kev tawm tsam tseem tsis tau teeb tsa tawm tsam koj, thiab kev tiv thaiv kev ntsuas uas koj siv, txawm tias tej zaum tsis paub nws (ntau yam kev tiv thaiv hauv kev ua haujlwm), txaus rau xyuas kom meej tias degradation ntawm cov kev pab cuam muab txo qis rau koj thiab koj cov neeg siv khoom.

Muaj cov kev pabcuam hauv Is Taws Nem uas, raws li cov cuab yeej siv cav, kos duab kos duab zoo nkauj hauv lub sijhawm.

nws yog koj tuaj yeem nrhiav kev txuas rau lawv.

Kuv nyiam daim ntawv los ntawm CheckPoint.

Kev tiv thaiv tiv thaiv DDOS/DOS feem ntau yog txheej txheej. Txhawm rau nkag siab tias yog vim li cas, koj yuav tsum nkag siab tias hom kev tawm tsam DOS / DDOS muaj dab tsi (saib, piv txwv li, no los yog no)

Ntawd yog, peb muaj peb hom kev tawm tsam:

  • volumetric tawm tsam
  • raws tu qauv tawm tsam
  • thov kev tawm tsam

Yog tias koj tuaj yeem tiv thaiv koj tus kheej los ntawm ob hom kev tawm tsam kawg siv, piv txwv li, firewalls, tom qab ntawd koj tsis tuaj yeem tiv thaiv koj tus kheej los ntawm kev tawm tsam tsom rau "dhau" koj cov uplinks (tau kawg, yog tias koj lub peev xwm tag nrho ntawm Internet tsis suav hauv terabits, los yog zoo dua, nyob rau hauv kaum terabit).

Yog li ntawd, thawj kab ntawm kev tiv thaiv yog kev tiv thaiv "volumetric" tawm tsam, thiab koj tus kws kho mob lossis cov kws kho mob yuav tsum muab qhov kev tiv thaiv no rau koj. Yog tias koj tseem tsis tau paub txog qhov no, ces koj tsuas yog muaj hmoo rau tam sim no.

Piv Txwv:

Cia peb hais tias koj muaj ob peb qhov uplinks, tab sis tsuas yog ib tus kws kho mob tuaj yeem muab kev tiv thaiv rau koj. Tab sis yog tias tag nrho cov tsheb khiav mus los ntawm ib tus neeg muab kev pabcuam, ces yuav ua li cas txog kev sib txuas uas peb tau tham me ntsis ua ntej?

Nyob rau hauv cov ntaub ntawv no, koj yuav tau ib feem txi kev txuas thaum lub sij hawm tawm tsam. Tab sis

  • qhov no tsuas yog rau lub sijhawm ntawm kev tawm tsam. Thaum muaj kev tawm tsam, koj tuaj yeem kho tus kheej lossis rov kho BGP kom cov tsheb khiav tsuas yog los ntawm tus kws kho mob uas muab koj lub "umbrella". Tom qab qhov kev tawm tsam dhau lawm, koj tuaj yeem rov qab mus rau nws lub xeev dhau los
  • Nws tsis yog tsim nyog los hloov tag nrho cov tsheb. Yog tias, piv txwv li, koj pom tias tsis muaj kev tawm tsam los ntawm qee qhov uplinks lossis peerings (lossis kev khiav tsheb tsis tseem ceeb), koj tuaj yeem txuas ntxiv tshaj tawm cov npe ua ntej nrog cov cwj pwm sib tw ntawm cov neeg nyob ze BGP.

Koj tuaj yeem muab kev tiv thaiv los ntawm "kev tawm tsam" thiab "kev thov tawm tsam" rau koj cov neeg koom tes.
no no koj tuaj yeem nyeem qhov kev kawm zoo (txhais lus). Muaj tseeb, tsab xov xwm no muaj ob xyoos, tab sis nws yuav muab koj lub tswv yim ntawm txoj hauv kev uas koj tuaj yeem tiv thaiv koj tus kheej los ntawm DDOS tawm tsam.

Hauv txoj cai, koj tuaj yeem txwv koj tus kheej rau qhov no, ua tiav koj qhov kev tiv thaiv. Muaj qhov zoo rau qhov kev txiav txim siab no, tab sis kuj tseem muaj qhov tsis zoo. Qhov tseeb yog tias peb tuaj yeem tham (dua, nyob ntawm seb koj lub tuam txhab ua dab tsi) txog kev ciaj sia ntawm kev lag luam. Thiab tso siab rau tej yam no rau peb tog...

Yog li ntawd, cia peb saib yuav ua li cas npaj cov kab thib ob thiab thib peb ntawm kev tiv thaiv (raws li kev ntxiv rau kev tiv thaiv los ntawm tus kws kho mob).

Yog li, kab thib ob ntawm kev tiv thaiv yog lim thiab txwv kev tsheb khiav (tub ceev xwm) ntawm qhov nkag mus rau koj lub network.

Piv txwv li 1

Cia peb xav tias koj tau npog koj tus kheej nrog lub kaus tiv thaiv DDOS nrog kev pab los ntawm ib tus kws kho mob. Cia peb xav tias tus neeg muab kev pabcuam no siv Arbor los lim cov tsheb thiab cov lim dej ntawm ntug ntawm nws lub network.

Lub bandwidth uas Arbor tuaj yeem "txheej txheem" ​​yog qhov txwv, thiab tus neeg muab kev pabcuam, ntawm chav kawm, tsis tuaj yeem dhau mus tas li ntawm txhua tus neeg koom tes uas xaj cov kev pabcuam no los ntawm cov khoom siv lim dej. Yog li ntawd, nyob rau hauv ib txwm muaj xwm txheej, kev khiav tsheb tsis raug lim.

Cia peb xav tias muaj SYN dej nyab tawm tsam. Txawm hais tias koj xaj ib qho kev pabcuam uas tau hloov tsheb mus rau kev lim dej thaum muaj kev tawm tsam, qhov no tsis tshwm sim tam sim ntawd. Rau ib feeb lossis ntau dua koj nyob rau hauv kev tawm tsam. Thiab qhov no tuaj yeem ua rau koj cov cuab yeej tsis ua haujlwm lossis kev ua haujlwm tsis zoo. Nyob rau hauv cov ntaub ntawv no, txwv kev tsheb khiav ntawm ntug routing, txawm hais tias nws yuav ua rau lub fact tias qee lub sij hawm TCP yuav tsis raug tsim nyob rau lub sij hawm no, yuav cawm koj infrastructure los ntawm cov teeb meem loj.

Piv txwv li 2

Ib qho txawv txav ntau ntawm SYN pob ntawv yuav tsis tsuas yog tshwm sim los ntawm SYN dej nyab. Cia peb xav tias koj muab cov kev pabcuam uas koj tuaj yeem ua ib txhij muaj txog 100 txhiab TCP kev sib txuas (rau ib lub chaw pabcuam).

Cia peb hais tias vim yog qhov teeb meem luv luv nrog ib qho ntawm koj cov chaw muab kev pabcuam tseem ceeb, ib nrab ntawm koj cov kev sib tham raug ncaws tawm. Yog tias koj daim ntawv thov raug tsim los ntawm txoj kev uas, tsis xav ob zaug, nws tam sim ntawd (lossis tom qab qee lub sijhawm luv uas zoo ib yam rau txhua qhov kev sib tham) sim rov tsim qhov kev sib txuas, ces koj yuav tau txais tsawg kawg 50 txhiab SYN pob ntawv kwv yees li. ib txhij.

Yog hais tias, piv txwv li, koj yuav tsum khiav ssl / tls tuav tes nyob rau sab saum toj ntawm cov kev sib tham no, uas cuam tshuam nrog kev sib pauv daim ntawv pov thawj, tom qab ntawd los ntawm qhov pom ntawm kev txo cov peev txheej rau koj cov khoom sib npaug, qhov no yuav muaj zog "DDOS" ntau dua li qhov yooj yim. SYN dej nyab. Nws yuav zoo li tias cov neeg sib npaug yuav tsum daws cov xwm txheej zoo li no, tab sis... hmoov tsis zoo, peb tau ntsib teeb meem zoo li no.

Thiab, tau kawg, tus tub ceev xwm ntawm ntug router yuav txuag koj cov khoom siv hauv qhov no thiab.

Qib thib peb ntawm kev tiv thaiv DDOS / DOS yog koj qhov chaw firewall.

Ntawm no koj tuaj yeem nres ob qho kev tawm tsam ntawm hom thib ob thiab thib peb. Feem ntau, txhua yam uas ncav cuag lub firewall tuaj yeem lim tau ntawm no.

Ntsis

Sim muab lub firewall ua haujlwm me me li sai tau, lim tawm ntau npaum li qhov ua tau ntawm thawj ob kab ntawm kev tiv thaiv. Thiab yog vim li cas.

Puas yog nws puas tau tshwm sim rau koj tias los ntawm lub sijhawm, thaum tsim cov tsheb khiav mus kuaj, piv txwv li, yuav ua li cas tiv thaiv kev khiav hauj lwm ntawm koj cov servers yog rau DDOS tawm tsam, koj "tua" koj lub firewall, thauj nws mus rau 100 feem pua, nrog kev khiav ntawm ib txwm siv. ? Yog tsis yog, tej zaum nws tsuas yog vim koj tsis tau sim?

Feem ntau, lub foob pob hluav taws, raws li kuv tau hais, yog ib qho nyuaj, thiab nws ua haujlwm zoo nrog cov kev paub tsis zoo thiab cov kev daws teeb meem, tab sis yog tias koj xa ib yam dab tsi txawv txawv, tsuas yog qee cov khib nyiab lossis pob ntawv nrog cov headers tsis raug, ces koj nrog qee yam, tsis nrog. xws li qhov tshwm sim me me (raws li kuv qhov kev paub), koj tuaj yeem stupefy txawm tias cov khoom siv sab saum toj kawg nkaus. Yog li ntawd, nyob rau theem 2, siv ACLs tsis tu ncua (ntawm qib L3 / L4), tsuas yog tso cai rau kev khiav mus rau hauv koj lub network uas yuav tsum nkag mus rau ntawd.

Lim cov tsheb khiav ntawm lub firewall

Cia peb txuas ntxiv kev sib tham txog lub firewall. Koj yuav tsum nkag siab tias DOS / DDOS tawm tsam tsuas yog ib hom kev tawm tsam cyber xwb.

Ntxiv rau DOS / DDOS kev tiv thaiv, peb tuaj yeem muaj qee yam zoo li cov npe hauv qab no:

  • daim ntawv thov firewalling
  • Kev tiv thaiv kev hem thawj (antivirus, anti-spyware, thiab qhov tsis zoo)
  • URL lim
  • data filtering (cov ntsiab lus filtering)
  • thaiv cov ntaub ntawv (cov ntaub ntawv hom thaiv)

Nws yog nyob ntawm koj txiav txim siab seb koj xav tau dab tsi los ntawm daim ntawv teev npe no.

Kom txuas ntxiv

Tau qhov twg los: www.hab.com

Ntxiv ib saib