Nyob zoo cov npoj yaig! Tau txiav txim siab yam tsawg kawg nkaus rau kev xa tawm StealthWatch hauv , peb tuaj yeem pib xa cov khoom.
1. Cov txheej txheem rau kev xa tawm StealthWatch
Muaj ntau txoj hauv kev los "kov" StealthWatch:
- - huab kev pabcuam rau kev ua haujlwm hauv chav kuaj;
- Huab Based: - ntawm no Netflow los ntawm koj lub cuab yeej yuav ntws mus rau hauv huab thiab yuav raug tshuaj xyuas los ntawm StealthWatch software;
- On-premise POV () - txoj kev kuv ua raws, lawv yuav xa koj 4 OVF cov ntaub ntawv ntawm lub tshuab virtual nrog cov ntawv tso cai ua haujlwm rau 90 hnub, uas tuaj yeem xa mus rau ntawm tus neeg rau zaub mov mob siab rau ntawm lub tuam txhab network.
Txawm hais tias muaj ntau ntawm rub tawm cov tshuab virtual, rau kev teeb tsa ua haujlwm tsawg kawg nkaus xwb 2 txaus: StealthWatch Management Console thiab FlowCollector. Txawm li cas los xij, yog tias tsis muaj cov khoom siv network uas tuaj yeem xa tawm Netflow mus rau FlowCollector, ces nws tseem yuav tsum tau siv FlowSensor, txij li tom kawg tso cai rau koj los sau Netflow siv SPAN / RSPAN thev naus laus zis.
Raws li kuv tau hais ua ntej lawm, koj lub network tiag tiag tuaj yeem ua raws li lub rooj zaum hauv chav kuaj, txij li StealthWatch tsuas yog xav tau daim ntawv theej, lossis, ntau dua, yog qhov nyem ntawm daim ntawv luam. Daim duab hauv qab no qhia kuv lub network, qhov twg ntawm lub qhov rooj ruaj ntseg kuv yuav teeb tsa Netflow Exporter thiab, yog li ntawd, yuav xa Netflow mus rau tus sau.
Txhawm rau nkag mus rau VMs yav tom ntej, cov chaw nres nkoj hauv qab no yuav tsum tso cai rau ntawm koj lub firewall, yog tias koj muaj:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514 l UDP 2055 l UDP 6343
Qee tus ntawm lawv yog cov kev pabcuam uas paub zoo, qee qhov yog tshwj tseg rau Cisco cov kev pabcuam.
Hauv kuv qhov xwm txheej, kuv tsuas yog xa mus rau StelathWatch ntawm tib lub network li Check Point, thiab tsis tas yuav teeb tsa cov cai tso cai.
2. Txhim kho FlowCollector siv VMware vSphere ua piv txwv
2.1. Nyem Xauj thiab xaiv OVF file1. Tom qab kuaj xyuas qhov muaj peev txheej, mus rau cov ntawv qhia zaub mov Saib, Cov Khoom Muag β Networking (Ctrl + Ua haujlwm + N).
2.2. Hauv Networking tab, xaiv New Distributed port group hauv virtual switch settings.
2.3. Teem lub npe, cia nws ua StealthWatchPortGroup, tus so ntawm cov chaw tuaj yeem ua tau raws li hauv lub screenshot thiab nyem Next.
2.4. Peb ua kom tiav cov creation ntawm Port Group nrog lub Finish khawm.
2.5. Cia peb hloov kho cov chaw ntawm Pawg Tsim Chaw Nres los ntawm txoj cai-nias ntawm pawg chaw nres nkoj thiab xaiv Hloov Chaw. Hauv kev ruaj ntseg tab, nco ntsoov qhib "hom promiscuous", Hom Promiscuous β Txais β OK.
2.6. Ua piv txwv, cia peb import OVF FlowCollector, qhov txuas rub tawm uas tau xa los ntawm Cisco engineer tom qab GVE thov. Txoj cai-nias rau ntawm tus tswv tsev uas koj npaj yuav xa VM thiab xaiv Deploy OVF Template. Hais txog qhov chaw faib, nws yuav "pib" ntawm 50 GB, tab sis rau kev sib ntaus sib tua nws raug pom zoo kom faib 200 gigabytes.
2.7. Xaiv lub nplaub tshev uas cov ntaub ntawv OVF nyob.
2.8. Nyem "Tom ntej".
2.9. Peb qhia lub npe thiab server qhov twg peb xa nws.
2.10. Yog li ntawd, peb tau txais daim duab hauv qab no thiab nyem "Finish".
2.11. Peb ua raws tib cov kauj ruam kom xa mus rau StealthWatch Management Console.
2.12. Tam sim no koj yuav tsum tau qhia kom meej cov kev sib txuas tsim nyog hauv cov kev sib tshuam kom FlowCollector pom ob qho tib si SMC thiab cov khoom siv los ntawm Netflow yuav raug xa tawm.
3. Initializing StealthWatch Management Console
3.1. Los ntawm kev mus rau lub console ntawm lub tshuab SMCVE ntsia, koj yuav pom qhov chaw nkag rau koj tus ID nkag mus thiab lo lus zais, los ntawm lub neej ntawd sysadmin/lan1cope.
3.2. Peb mus rau Cov Khoom Tswj Xyuas, teeb tsa tus IP chaw nyob thiab lwm yam tsis sib xws, tom qab ntawd lees paub lawv cov kev hloov pauv. Tus ntaus ntawv yuav reboot.
3.3. Mus rau lub vev xaib interface (ntawm https mus rau qhov chaw nyob uas koj tau teev tseg hauv SMC) thiab pib lub console, nkag mus / tus password - admin/lan411cope.
PS: Nws tshwm sim tias nws tsis qhib hauv Google Chrome, Explorer yuav ib txwm pab tawm.
3.4. Nco ntsoov hloov tus password, teeb tsa DNS, NTP servers, sau npe, thiab lwm yam. Cov kev teeb tsa yog intuitive.
3.5. Tom qab txhaj rau "Thov" khawm, lub cuab yeej yuav rov pib dua. Tom qab 5-7 feeb koj tuaj yeem txuas ntxiv mus rau qhov chaw nyob no; StealthWatch yuav raug tswj los ntawm lub vev xaib interface.
4. Kev teeb tsa FlowCollector
4.1. Nws zoo ib yam nrog tus sau. Ua ntej, hauv CLI peb qhia tus IP chaw nyob, daim npog qhov ncauj, sau npe, ces FC reboots. Tom qab ntawd koj tuaj yeem txuas mus rau lub vev xaib interface ntawm qhov chaw nyob uas tau teev tseg thiab ua tiav tib qhov kev teeb tsa yooj yim. Vim lub fact tias cov chaw zoo sib xws, cov ncauj lus kom ntxaws screenshots raug rho tawm. Cov ntaub ntawv pov thawj nkag mus tib yam.
4.2. Thaum lub sijhawm kawg, koj yuav tsum teeb tsa tus IP chaw nyob ntawm SMC, qhov no lub console yuav pom lub cuab yeej, koj yuav tsum paub meej tias qhov teeb tsa no los ntawm kev nkag mus rau koj daim ntawv pov thawj.
4.3. Xaiv lub npe rau StealthWatch, nws tau teem ua ntej, thiab qhov chaw nres nkoj 2055 - Netflow tsis tu ncua, yog tias koj ua haujlwm nrog sFlow, chaw nres nkoj 6343.
5. Netflow Exporter teeb tsa
5.1. Txhawm rau teeb tsa Netflow exporter, Kuv xav kom tig mus rau qhov no , ntawm no yog cov lus qhia tseem ceeb rau kev teeb tsa Netflow exporter rau ntau yam khoom siv: Cisco, Check Point, Fortinet.
5.2. Hauv peb cov ntaub ntawv, kuv rov hais dua, peb tab tom xa tawm Netflow los ntawm Lub Rooj Sib Tham Check Point. Netflow exporter tau teeb tsa hauv ib lub tab ntawm tib lub npe hauv lub vev xaib interface (Gaia Portal). Txhawm rau ua qhov no, nyem "Ntxiv", qhia meej Netflow version thiab qhov chaw nres nkoj xav tau.
6. Kev soj ntsuam ntawm StealthWatch ua haujlwm
6.1. Mus rau SMC lub vev xaib interface, ntawm thawj nplooj ntawv ntawm Dashboards> Network Security koj tuaj yeem pom tias cov tsheb khiav tau pib!
6.2. Qee qhov chaw, piv txwv li, faib cov tswv rau hauv pab pawg, saib xyuas ib tus neeg cuam tshuam, lawv cov khoom thauj, tswj cov neeg sau khoom, thiab ntau dua, tsuas yog tuaj yeem pom hauv StealthWatch Java daim ntawv thov. Tau kawg, Cisco maj mam hloov tag nrho cov haujlwm ua haujlwm rau qhov browser version thiab sai sai no peb yuav tso tseg cov neeg siv khoom zoo li no.
Txhawm rau nruab daim ntawv thov, koj yuav tsum xub nruab (Kuv tau nruab version 8, txawm hais tias nws tau hais tias nws txhawb nqa txog 10) los ntawm lub vev xaib official Oracle.
Nyob rau sab xis saum toj ntawm lub vev xaib interface ntawm kev tswj hwm console, txhawm rau rub tawm, koj yuav tsum nyem lub pob "Desktop Client".
Koj txuag thiab txhim kho tus neeg siv khoom yuam kev, java feem ntau yuav cog lus rau nws, koj yuav xav tau ntxiv tus tswv tsev rau java kev zam.
Raws li qhov tshwm sim, tus neeg siv khoom meej meej tau tshwm sim, uas nws yooj yim pom kev thauj khoom ntawm exporters, interfaces, tawm tsam thiab lawv cov ntws.
7. StealthWatch Central Management
7.1. Central Management tab muaj tag nrho cov khoom siv uas yog ib feem ntawm kev siv StealthWatch, xws li: FlowCollector, FlowSensor, UDP-Director thiab Endpoint Concetrator. Nyob ntawd koj tuaj yeem tswj hwm kev teeb tsa network thiab cov kev pab cuam, ntawv tso cai, thiab kaw lub cuab yeej manually.
Koj tuaj yeem mus rau nws los ntawm nyem rau ntawm "iav" nyob rau sab xis sab xis thiab xaiv Central Management.
7.2. Los ntawm kev mus rau Kho Kho Khoom Siv Teeb Meem hauv FlowCollector, koj yuav pom SSH, NTP thiab lwm qhov chaw network cuam tshuam nrog lub app nws tus kheej. Txhawm rau mus, xaiv Kev Ua β Hloov Kho Khoom Siv Hluav Taws Xob rau lub cuab yeej xav tau.
7.3. Kev tswj daim ntawv tso cai kuj tuaj yeem pom nyob rau hauv Central Management > Tswj Daim Ntawv Tso Cai tab. Daim ntawv tso cai sim nyob rau hauv rooj plaub ntawm GVE thov raug muab rau 90 hnub.
Cov khoom yog npaj mus! Hauv ntu tom ntej, peb yuav saib yuav ua li cas StealthWatch tuaj yeem paub txog kev tawm tsam thiab tsim cov ntawv ceeb toom.
Tau qhov twg los: www.hab.com