🥇Network saib xyuas thiab tshawb pom ntawm kev ua haujlwm tsis zoo hauv lub network siv Flowmon Networks kev daws teeb meem

Tsis ntev los no, koj tuaj yeem pom ntau cov ntaub ntawv ntawm cov ncauj lus hauv Internet. kev txheeb xyuas tsheb khiav ntawm lub network perimeter. Nyob rau tib lub sijhawm, rau qee qhov laj thawj txhua tus tsis nco qab lawm kev txheeb xyuas tsheb hauv zos, uas tsis muaj tsawg tseem ceeb. Kab lus no hais meej txog lub ntsiab lus no. Piv txwv li Flowmon Networks peb yuav nco ntsoov qhov zoo qub Netflow (thiab nws lwm txoj hauv kev), saib cov xwm txheej nthuav dav, muaj peev xwm tsis txaus ntseeg hauv lub network thiab nrhiav pom qhov zoo ntawm kev daws teeb meem thaum tag nrho lub network ua haujlwm raws li ib qho sensor. Thiab qhov tseem ceeb tshaj plaws, koj tuaj yeem ua qhov kev soj ntsuam ntawm cov tsheb khiav hauv zos tsis pub dawb, nyob rau hauv lub moj khaum ntawm daim ntawv tso cai sim (45 hnub). Yog hais tias lub ntsiab lus nthuav rau koj, txais tos rau miv. Yog tias koj tub nkees heev nyeem, tom qab ntawd, saib ua ntej, koj tuaj yeem sau npe rau yav tom ntej webinar, qhov twg peb yuav qhia thiab qhia rau koj txhua yam (koj tuaj yeem kawm txog kev cob qhia cov khoom tom ntej muaj).

Flowmon Networks yog dab tsi?

Ua ntej tshaj plaws, Flowmon yog European IT neeg muag khoom. Lub tuam txhab yog Czech, nrog lub hauv paus hauv paus hauv Brno (qhov teeb meem ntawm kev rau txim tsis txawm tsa). Hauv nws daim ntawv tam sim no, lub tuam txhab tau ua lag luam txij li xyoo 2007. Yav dhau los, nws tau paub raws li Invea-Tech hom. Yog li, tag nrho, yuav luag 20 xyoo tau siv los tsim cov khoom lag luam thiab kev daws teeb meem.

Flowmon yog positioned raws li A-class hom. Tsim cov kev daws teeb meem zoo rau cov neeg siv khoom lag luam thiab tau lees paub hauv Gartner thawv rau Network Performance Monitoring thiab Diagnostics (NPMD). Ntxiv mus, nthuav, ntawm txhua lub tuam txhab hauv tsab ntawv ceeb toom, Flowmon yog tib tus neeg muag khoom sau tseg los ntawm Gartner ua cov chaw tsim khoom lag luam rau kev saib xyuas network thiab kev tiv thaiv cov ntaub ntawv (Network Behavior Analysis). Nws tseem tsis tau ua thawj zaug, tab sis vim qhov no nws tsis sawv zoo li Boeing tis.

Cov khoom daws teeb meem dab tsi?

Thoob plaws ntiaj teb, peb tuaj yeem paub qhov txawv ntawm cov dej num hauv qab no daws los ntawm lub tuam txhab cov khoom:

nce kev ruaj ntseg ntawm lub network, nrog rau cov peev txheej hauv network, los ntawm kev txo qis lawv lub sijhawm poob thiab tsis muaj nyob;
nce qib tag nrho ntawm kev ua haujlwm hauv network;
nce kev ua tau zoo ntawm cov neeg ua haujlwm tswj hwm vim:
- siv cov cuab yeej tshiab tshiab hauv network saib xyuas raws li cov ntaub ntawv hais txog IP ntws;
- muab cov ncauj lus kom ntxaws txog kev ua haujlwm thiab lub xeev ntawm lub network - cov neeg siv thiab cov ntawv thov khiav hauv lub network, cov ntaub ntawv xa mus, kev sib cuam tshuam cov peev txheej, cov kev pabcuam thiab cov nodes;
- teb rau cov xwm txheej ua ntej lawv tshwm sim, thiab tsis yog tom qab cov neeg siv thiab cov neeg siv khoom poob kev pabcuam;
- txo lub sij hawm thiab cov peev txheej uas yuav tsum tau ua los tswj lub network thiab IT infrastructure;
- simplifying cov kev daws teeb meem.
nce qib ntawm kev ruaj ntseg ntawm lub network thiab cov ntaub ntawv peev txheej ntawm lub tuam txhab, los ntawm kev siv cov cuab yeej tsis kos npe rau kev kuaj xyuas kev ua haujlwm tsis zoo thiab ua phem rau lub network, nrog rau "xoom-hnub tawm tsam";
kom ntseeg tau tias yuav tsum muaj qib SLA rau kev siv network thiab databases.

Flowmon Networks Product Portfolio

Tam sim no cia saib ncaj qha ntawm Flowmon Networks cov khoom lag luam thiab nrhiav seb lub tuam txhab ua dab tsi. Raws li ntau tus twb tau twv los ntawm lub npe, qhov tshwj xeeb tseem ceeb yog nyob rau hauv cov kev daws teeb meem rau streaming flow traffic monitoring, ntxiv rau ib tug xov tooj ntawm ntxiv modules uas nthuav cov functionality.

Qhov tseeb, Flowmon tuaj yeem raug hu ua lub tuam txhab ntawm ib yam khoom, lossis theej, ib qho kev daws teeb meem. Cia peb saib seb qhov no yog qhov zoo lossis qhov phem.

Lub hauv paus tseem ceeb ntawm lub system yog tus sau, uas yog lub luag haujlwm rau kev sau cov ntaub ntawv siv ntau yam kev khiav dej num, xws li NetFlow v5/v9, jFlow, sFlow, NetStream, IPFIX... Nws yog ib qho laj thawj heev uas rau lub tuam txhab tsis koom nrog cov chaw tsim khoom siv network, nws yog ib qho tseem ceeb kom muab lub khw muag khoom thoob ntiaj teb uas tsis tau khi rau ib qho qauv lossis raws tu qauv.

Flowmon Collector

Cov khoom sau muaj nyob rau hauv ob qho tib si raws li hardware server thiab ua lub tshuab virtual (VMware, Hyper-V, KVM). Los ntawm txoj kev, kho vajtse platform yog siv rau customized DELL servers, uas cia li tshem tawm feem ntau ntawm cov teeb meem nrog warranty thiab RMA. Cov khoom siv kho vajtse nkaus xwb yog FPGA tsheb ntes cov npav tsim los ntawm lub chaw muag khoom ntawm Flowmon, uas tso cai rau kev saib xyuas ntawm qhov nrawm txog li 100 Gbps.

Tab sis yuav ua li cas yog tias cov cuab yeej siv network uas twb muaj lawm tsis tuaj yeem tsim kom muaj cov dej ntws zoo? Los yog qhov load ntawm cov khoom siv siab dhau lawm? Tsis muaj teeb meem:

Flowmon Prob

Nyob rau hauv cov ntaub ntawv no, Flowmon Networks muab los siv nws tus kheej probes (Flowmon sojntsuam), uas txuas nrog lub network ntawm SPAN chaw nres nkoj ntawm qhov hloov lossis siv passive TAP splitters.

SPAN (daim iav chaw nres nkoj) thiab TAP kev xaiv siv

Nyob rau hauv rooj plaub no, cov tsheb thauj mus los ntawm Flowmon Probe tau hloov mus rau hauv IPFIX nthuav dav uas muaj ntau dua. 240 metrics nrog cov ntaub ntawv. Thaum tus txheej txheem NetFlow raws tu qauv tsim los ntawm cov khoom siv network tsis muaj ntau tshaj 80 metrics. Qhov no tso cai rau kev pom pom tsis tau tsuas yog nyob rau theem 3 thiab 4, tab sis kuj nyob rau theem 7 raws li ISO OSI qauv. Yog li ntawd, cov thawj coj hauv lub network tuaj yeem saib xyuas kev ua haujlwm ntawm cov ntawv thov thiab cov txheej txheem xws li e-mail, HTTP, DNS, SMB ...

Conceptually, lub logic architecture ntawm lub system zoo li no:

Lub hauv paus ntawm tag nrho Flowmon Networks "ecosystem" yog Tus Sau, uas tau txais kev khiav tsheb los ntawm cov khoom siv network uas twb muaj lawm lossis nws tus kheej qhov kev sojntsuam (Probe). Tab sis rau kev daws teeb meem Enterprise, muab kev ua haujlwm nkaus xwb rau kev saib xyuas kev sib txuas hauv network yuav yooj yim dhau. Open Source cov kev daws teeb meem kuj tuaj yeem ua qhov no, txawm hais tias tsis muaj qhov ua tau zoo li no. Tus nqi ntawm Flowmon yog cov qauv ntxiv uas nthuav dav cov haujlwm yooj yim:

tus qauv Anomaly Detection Security - kev txheeb xyuas cov kev ua haujlwm tsis zoo hauv lub network, suav nrog kev tawm tsam xoom-hnub, raws li kev txheeb xyuas heuristic ntawm kev khiav tsheb thiab ib qho kev sib txuas hauv network;
tus qauv Daim Ntawv Thov Kev Saib Xyuas - saib xyuas kev ua haujlwm ntawm kev siv network yam tsis tau txhim kho "tus neeg sawv cev" thiab cuam tshuam rau lub hom phiaj;
tus qauv Traffic Recorder - sau cov kab ke ntawm kev sib txuas hauv network raws li cov cai tau teev tseg ua ntej lossis raws li qhov tshwm sim los ntawm ADS module, rau kev daws teeb meem ntxiv thiab / lossis kev tshawb xyuas cov ntaub ntawv kev nyab xeeb;
tus qauv DDoS Kev Tiv Thaiv - kev tiv thaiv ntawm lub network perimeter los ntawm volumetric DoS / DDoS tsis kam lees kev pabcuam kev tawm tsam, suav nrog kev tawm tsam ntawm daim ntawv thov (OSI L3 / L4 / L7).

Hauv tsab xov xwm no, peb yuav saib yuav ua li cas txhua yam ua haujlwm nyob nrog tus piv txwv ntawm 2 modules - Network Performance Monitoring thiab Diagnostics и Anomaly Detection Security.
Cov ntaub ntawv pib:

Lenovo RS 140 server nrog VMware 6.0 hypervisor;
Flowmon Collector virtual tshuab duab uas koj tuaj yeem ua tau download tau ntawm no;
ib khub ntawm cov keyboards txhawb kev khiav dej num.

Kauj ruam 1. Nruab Flowmon Collector

Kev xa tawm ntawm lub tshuab virtual ntawm VMware tshwm sim hauv tus qauv tag nrho los ntawm OVF template. Raws li qhov tshwm sim, peb tau txais lub tshuab virtual khiav CentOS thiab nrog cov software npaj siv. Cov kev xav tau kev pab yog tib neeg:

Txhua yam uas tseem tshuav yog ua qhov pib pib siv cov lus txib sysconfig ua:

Peb teeb tsa IP ntawm qhov chaw nres nkoj tswj, DNS, sijhawm, Hostname thiab tuaj yeem txuas rau WEB interface.

Kauj ruam 2. Daim ntawv tso cai installation

Daim ntawv tso cai sim rau ib thiab ib nrab lub hlis yog tsim thiab rub tawm nrog rau lub tshuab virtual. Loaded ntawm Configuration Center -> Daim ntawv tso cai. Yog li ntawd peb pom:

Txhua yam yog npaj txhij. Koj tuaj yeem pib ua haujlwm.

Kauj Ruam 3. Teem lub receiver ntawm lub collector

Nyob rau theem no, koj yuav tsum txiav txim siab seb lub kaw lus yuav tau txais cov ntaub ntawv los ntawm qhov chaw. Raws li peb tau hais ua ntej, qhov no tuaj yeem yog ib qho ntawm cov txheej txheem ntws los yog SPAN chaw nres nkoj ntawm qhov hloov.

Hauv peb qhov piv txwv, peb yuav siv kev txais cov ntaub ntawv siv cov txheej txheem NetFlow v9 thiab IPFIX. Hauv qhov no, peb qhia tus IP chaw nyob ntawm Kev Tswj Xyuas interface raws li lub hom phiaj - 192.168.78.198. Interfaces eth2 thiab eth3 (nrog rau kev saib xyuas interface hom) yog siv los txais ib daim qauv ntawm "raws" tsheb los ntawm SPAN chaw nres nkoj ntawm qhov hloov. Peb cia lawv dhau, tsis yog peb qhov teeb meem.
Tom ntej no, peb xyuas qhov chaw nres nkoj collector qhov twg cov tsheb yuav tsum mus.

Hauv peb qhov xwm txheej, tus neeg sau tau mloog cov tsheb khiav ntawm chaw nres nkoj UDP/2055.

Kauj ruam 4. Configuring network khoom rau ntws export

Kev teeb tsa NetFlow ntawm Cisco Systems cov cuab yeej tuaj yeem raug hu ua txoj haujlwm ua tiav rau txhua tus thawj coj hauv network. Piv txwv li, peb yuav coj tej yam txawv txawv. Piv txwv li, lub router MikroTik RB2011UiAS-2HnD. Yog lawm, oddly txaus, xws li kev daws teeb meem nyiaj txiag rau cov chaw ua haujlwm me thiab hauv tsev kuj txhawb nqa NetFlow v5/v9 thiab IPFIX raws tu qauv. Hauv kev teeb tsa, teeb lub hom phiaj (chaw sau chaw nyob 192.168.78.198 thiab chaw nres nkoj 2055):

Thiab ntxiv tag nrho cov metrics muaj rau export:

Ntawm no peb tuaj yeem hais tias qhov kev teeb tsa yooj yim tiav. Peb xyuas seb cov tsheb khiav nkag mus rau hauv qhov system.

Kauj Ruam 5: Kev Ntsuam Xyuas thiab Kev Ua Haujlwm Kev Ua Haujlwm Saib Xyuas Network thiab Diagnostics Module

Koj tuaj yeem tshawb xyuas qhov muaj tsheb khiav los ntawm qhov chaw hauv ntu Flowmon Monitoring Center -> Qhov Chaw:

Peb pom tias cov ntaub ntawv nkag mus rau hauv qhov system. Qee lub sij hawm tom qab tus neeg sau tau sau cov tsheb khiav, cov widgets yuav pib tso tawm cov ntaub ntawv:

Lub kaw lus yog tsim los ntawm kev xyaum ua haujlwm. Ntawd yog, tus neeg siv, thaum xaiv ib feem ntawm kev txaus siab ntawm daim duab lossis daim duab, "poob" rau qib ntawm qhov tob ntawm cov ntaub ntawv uas nws xav tau:

Nkag mus rau cov ntaub ntawv hais txog txhua qhov kev sib txuas hauv network thiab kev sib txuas:

Kauj Ruam 6. Kev Tshawb Nrhiav Kev Ruaj Ntseg Tsis Zoo

Cov qauv no tuaj yeem raug hu ua kab tias yog ib qho ntawm cov kev nthuav dav tshaj plaws, ua tsaug rau kev siv kos npe-dawb txoj hauv kev txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau txhawm rau ua rau muaj kev phom Tab sis qhov no tsis yog ib qho analogue ntawm IDS / IPS systems. Ua hauj lwm nrog lub module pib nrog nws "kev cob qhia". Txhawm rau ua qhov no, tus wizard tshwj xeeb qhia tag nrho cov khoom tseem ceeb thiab cov kev pabcuam ntawm lub network, suav nrog:

Chaw nyob qhov rooj, DNS, DHCP thiab NTP servers,
nyob rau hauv cov neeg siv thiab server ntu.

Tom qab no, lub kaw lus nkag mus rau hauv kev cob qhia hom, uas kav ntev li ntawm 2 lub lis piam mus rau 1 lub hlis. Lub sijhawm no, lub kaw lus tsim cov tsheb khiav hauv qab uas tshwj xeeb rau peb lub network. Yooj yim muab, qhov system kawm:

tus cwj pwm zoo li cas rau cov nodes network?
Dab tsi ntim ntawm cov ntaub ntawv feem ntau raug xa mus thiab yog ib txwm muaj rau lub network?
Lub sijhawm ua haujlwm zoo li cas rau cov neeg siv?
Cov ntawv thov twg khiav hauv lub network?
thiab ntau ntxiv..

Yog li ntawd, peb tau txais ib qho cuab yeej uas txheeb xyuas qhov tsis zoo hauv peb lub network thiab sib txawv ntawm tus cwj pwm zoo. Nov yog ob peb yam piv txwv uas lub kaw lus tso cai rau koj txheeb xyuas:

kev faib tawm ntawm malware tshiab ntawm lub network uas tsis pom los ntawm kev kos npe antivirus;
tsim DNS, ICMP lossis lwm qhov tunnels thiab xa cov ntaub ntawv hla lub firewall;
qhov tshwm sim ntawm lub khoos phis tawj tshiab ntawm lub network uas yog DHCP thiab / lossis DNS server.

Cia saib seb nws zoo li nyob li cas. Tom qab koj lub kaw lus tau raug cob qhia thiab tsim lub hauv paus ntawm kev sib txuas hauv network, nws pib txheeb xyuas qhov xwm txheej:

Nplooj ntawv tseem ceeb ntawm lub module yog lub sij hawm uas qhia txog qhov xwm txheej. Hauv peb qhov piv txwv, peb pom qhov pom tseeb, kwv yees li ntawm 9 txog 16 teev. Cia peb xaiv nws thiab saib kom meej ntxiv.

Tus cwj pwm tsis zoo ntawm tus neeg tawm tsam ntawm lub network tau pom meej meej. Nws tag nrho pib nrog qhov tseeb tias tus tswv tsev nrog qhov chaw nyob 192.168.3.225 pib kab rov tav scan ntawm lub network ntawm chaw nres nkoj 3389 (Microsoft RDP kev pabcuam) thiab pom 14 qhov muaj peev xwm "cov neeg raug tsim txom":

Cov xwm txheej hauv qab no tau sau tseg - tus tswv tsev 192.168.3.225 pib muaj kev tawm tsam brute quab yuam cov passwords ntawm RDP kev pabcuam (chaw nres nkoj 3389) ntawm qhov chaw nyob yav dhau los:

Raws li qhov tshwm sim ntawm qhov kev tawm tsam, ib qho SMTP anomaly raug kuaj pom ntawm ib qho ntawm hacked hosts. Hauv lwm lo lus, SPAM tau pib:

Qhov piv txwv no yog ib qho kev qhia meej txog kev muaj peev xwm ntawm lub kaw lus thiab qhov Kev Tshawb Nrhiav Kev Ruaj Ntseg Tsis Txaus Siab tshwj xeeb. Txiav txim qhov ua tau zoo rau koj tus kheej. Qhov no xaus qhov kev pom zoo ntawm kev daws teeb meem.

xaus

Cia peb sau cov lus xaus uas peb tuaj yeem kos txog Flowmon:

Flowmon yog qhov kev daws teeb meem zoo rau cov neeg siv khoom lag luam;
ua tsaug rau nws txoj kev ua tau zoo thiab kev sib raug zoo, cov ntaub ntawv sau tau muaj los ntawm txhua qhov chaw: cov khoom siv hauv network (Cisco, Juniper, HPE, Huawei ...) lossis koj tus kheej cov kev sojntsuam (Flowmon Probe);
Lub peev xwm scalability ntawm cov kev daws teeb meem tso cai rau koj los nthuav cov kev ua haujlwm ntawm lub kaw lus los ntawm kev ntxiv cov qauv tshiab, nrog rau kev ua kom muaj txiaj ntsig zoo ua tsaug rau txoj hauv kev yooj yim rau kev tso cai;
los ntawm kev siv kos npe-dawb tshuaj ntsuam thev naus laus zis, lub kaw lus tso cai rau koj los txheeb xyuas xoom-hnub tawm tsam txawm tias tsis paub txog antiviruses thiab IDS / IPS systems;
ua tsaug rau ua kom tiav "pob tshab" nyob rau hauv cov nqe lus ntawm kev teeb tsa thiab muaj cov kab ke hauv lub network - kev daws teeb meem tsis cuam tshuam rau kev ua haujlwm ntawm lwm cov nodes thiab cov khoom ntawm koj IT infrastructure;
Flowmon yog tib txoj kev daws teeb meem ntawm kev ua lag luam uas txhawb kev saib xyuas kev tsheb khiav ceev ntawm 100 Gbps;
Flowmon yog ib qho kev daws teeb meem rau cov tes hauj lwm ntawm txhua qhov teev;
tus nqi zoo tshaj plaws / kev ua haujlwm piv nrog cov kev daws teeb meem zoo sib xws.

Hauv kev tshuaj xyuas no, peb tau tshuaj xyuas tsawg dua 10% ntawm tag nrho cov kev ua haujlwm ntawm kev daws teeb meem. Hauv tsab xov xwm tom ntej no peb yuav tham txog qhov seem ntawm Flowmon Networks modules. Siv cov Application Performance Monitoring module ua piv txwv, peb yuav qhia seb cov neeg ua haujlwm daim ntawv thov kev lag luam tuaj yeem ua kom muaj nyob ntawm qib SLA, nrog rau kuaj xyuas cov teeb meem sai li sai tau.

Tsis tas li, peb xav caw koj los ntawm peb lub vev xaib (10.09.2019/XNUMX/XNUMX) mob siab rau cov kev daws teeb meem ntawm cov neeg muag khoom Flowmon Networks. Txhawm rau sau npe ua ntej, peb nug koj sau npe ntawm no.
Qhov ntawd yog tag nrho rau tam sim no, ua tsaug rau koj qhov kev txaus siab!

Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. Kos npe rau hauvthov.

Puas yog koj siv Netflow rau kev saib xyuas network?

Yog
Tsis yog, tab sis kuv npaj yuav
Tsis

9 cov neeg siv pov npav. 3 cov neeg siv tau txwv.

Tau qhov twg los: www.hab.com

Kev saib xyuas network thiab nrhiav pom cov haujlwm tsis zoo hauv lub network siv Flowmon Networks daws teeb meem