æ°äžä»£ã® SMB Check Point (1500 ã·ãªãŒãº) ã«é¢ããäžé£ã®èšäºãå®äºããææãæ¥ãŸããã ãããçæ§ã«ãšã£ãŠææ矩ãªçµéšã§ãã£ãããšãé¡ã£ãŠãããŸããä»åŸã TS Solution ããã°ããèªã¿ããã ããã°å¹žãã§ãã æåŸã®èšäºã®ãããã¯ã¯ããŸãåºãåãäžããããŠããŸããããåæ§ã«éèŠãª SMB ããã©ãŒãã³ã¹ ãã¥ãŒãã³ã°ã§ãã ãã®äžã§ãNGFW ã®ããŒããŠã§ã¢ãšãœãããŠã§ã¢ã®æ§æãªãã·ã§ã³ã«ã€ããŠèª¬æããå©çšå¯èœãªã³ãã³ããšå¯Ÿè©±æ¹æ³ã«ã€ããŠèª¬æããŸãã
äžå°äŒæ¥åãã® NGFW ã«é¢ããã·ãªãŒãºã®ãã¹ãŠã®èšäº:
çŸåšãSMB ãœãªã¥ãŒã·ã§ã³ã®ããã©ãŒãã³ã¹ ãã¥ãŒãã³ã°ã«é¢ããæ
å ±æºã¯ããŸãå€ããããŸããã
ããŒããŠã§ã¢
Check Point SMB ãã¡ã㪠ã¢ãŒããã¯ãã£ã«è§Šããåã«ããã€ã§ãããŒãããŒã«ãŠãŒãã£ãªãã£ã䜿çšããããäŸé Œã§ããŸãã ã¢ãã©ã€ã¢ã³ã¹ãµã€ãžã³ã°ããŒã«ãæå®ãããç¹æ§ (ã¹ã«ãŒããããäºæ³ããããŠãŒã¶ãŒæ°ãªã©) ã«å¿ããŠæé©ãªãœãªã¥ãŒã·ã§ã³ãéžæããŸãã
NGFW ããŒããŠã§ã¢ãæäœããéã®éèŠãªæ³šæäºé
-
SMB ãã¡ããªã® NGFW ãœãªã¥ãŒã·ã§ã³ã«ã¯ãã·ã¹ãã ã³ã³ããŒãã³ã (CPUãRAMãHDD) ãããŒããŠã§ã¢ ã¢ããã°ã¬ãŒãããæ©èœããããŸãããã¢ãã«ã«ãã£ãŠã¯ãSD ã«ãŒãããµããŒããããŠããããããã£ã¹ã¯å®¹éãæ¡åŒµã§ããŸãããå€§å¹ ã«ã¯æ¡åŒµã§ããŸããã
-
ãããã¯ãŒã¯ ã€ã³ã¿ãŒãã§ã€ã¹ã®åäœã«ã¯å¶åŸ¡ãå¿ èŠã§ãã Gaia 80.20 Embedded ã«ã¯å€ãã®ç£èŠããŒã«ã¯ãããŸãããããšãã¹ããŒã ã¢ãŒããä»ã㊠CLI ã§ããç¥ãããã³ãã³ãããã€ã§ã䜿çšã§ããŸãã
ïŒ ç§fconfig
äžç·ä»ãã®è¡ã«æ³šç®ããŠãã ãããããã«ãããã€ã³ã¿ãŒãã§ã€ã¹äžã®ãšã©ãŒã®æ°ãèŠç©ããããšãã§ããŸãã NGFW ã®åæå®è£ æããã³éçšäžã«å®æçã«ãããã®ãã©ã¡ãŒã¿ã確èªããããšã匷ããå§ãããŸãã
-
æ¬æ Œçãªã¬ã€ã¢ã«ã¯æ¬¡ã®ã³ãã³ãããããŸãã
>蚺æã衚瀺
ãããå©çšãããšãããŒããŠã§ã¢ã®æž©åºŠã«é¢ããæ å ±ãååŸã§ããŸãã æ®å¿µãªããããã®ãªãã·ã§ã³ã¯ 80.20 Embedded ã§ã¯äœ¿çšã§ããŸãããæãäžè¬ç㪠SNMP ãã©ããã瀺ããŸãã
åå
説æ
ã€ã³ã¿ãŒãã§ãŒã¹ãåæãããŸãã
ã€ã³ã¿ãŒãã§ãŒã¹ã®ç¡å¹å
VLAN ãåé€ãããŸãã
VLAN ã®åé€
ã¡ã¢ãªäœ¿çšçãé«ã
RAM 䜿çšçãé«ã
ãã£ã¹ã¯ç©ºã容éãå°ãªã
HDDã®ç©ºã容éã足ããªã
CPU 䜿çšçãé«ã
CPU 䜿çšçãé«ã
é«ãCPUå²ã蟌ã¿ç
é«ãå²ã蟌ã¿ç
é«ãæ¥ç¶ç
æ°ããæ¥ç¶ã®æµå ¥ãå€ã
é«ãåææ¥ç¶æ°
ãã€ã¬ãã«ãªç«¶äºåã®ããã»ãã·ã§ã³
é«ããã¡ã€ã¢ãŠã©ãŒã« ã¹ã«ãŒããã
é«ã¹ã«ãŒãããã®ãã¡ã€ã¢ãŠã©ãŒã«
é«ãåãå ¥ããã±ããã¬ãŒã
é«ããã±ããåä¿¡ç
ã¯ã©ã¹ã¿ãŒã¡ã³ããŒã®ç¶æ ãå€æŽãããŸãã
ã¯ã©ã¹ã¿ãŒç¶æ ã®å€æŽ
ãã°ãµãŒããŒãšã®æ¥ç¶ãšã©ãŒ
ãã°ãµãŒããŒãšã®æ¥ç¶ã倱ãããŸãã
-
ã²ãŒããŠã§ã€ã®åäœã«ã¯ RAM ã®ç£èŠãå¿ èŠã§ãã Gaia (Linux 颚㮠OS) ãåäœããã«ã¯ãããã¯æ¬¡ã®ãšããã§ãã
éåžžã®ç¶æ³ RAM ã®æ¶è²»éã䜿çšéã® 70 ïœ 80% ã«éãããšããSMB ãœãªã¥ãŒã·ã§ã³ã®ã¢ãŒããã¯ãã£ã§ã¯ãå€ã Check Point ã¢ãã«ãšã¯ç°ãªããSWAP ã¡ã¢ãªã®äœ¿çšãæäŸãããŠããŸããã ãã ããLinux ã·ã¹ãã ãã¡ã€ã«ã§ã¯æ¬¡ã®ããšãããããŸããã ããã¯ãSWAP ãã©ã¡ãŒã¿ãŒãå€æŽããçè«çãªå¯èœæ§ã瀺ããŸãã
ãœãããŠã§ã¢éš
èšäºå
¬éæ
Gaia OS ã®äœ¿çš
-
SecureXL ãã³ãã¬ãŒããåç §ãã
#fwaccelstat
-
ã³ã¢ããšã«ããŒãã衚瀺ãã
# fw ctl multik stat
-
ã»ãã·ã§ã³ (æ¥ç¶) ã®æ°ã衚瀺ããŸãã
# fw ctl pstat
-
*ã¯ã©ã¹ã¿ãŒã®ã¹ããŒã¿ã¹ã衚瀺ãã
#cphaprob çµ±èš
-
ã¯ã©ã·ã㯠Linux TOP ã³ãã³ã
ãã®ã³ã°
ãã§ã«ãåç¥ã®ãšãããNGFW ãã°ãæäœããã«ã¯ (ã¹ãã¬ãŒãžãåŠç)ãããŒã«ã«ãäžå€®ãã¯ã©ãŠãã® XNUMX ã€ã®æ¹æ³ããããŸãã æåŸã® XNUMX ã€ã®ãªãã·ã§ã³ã¯ããšã³ãã£ã㣠(Management Server) ã®ååšãæ瀺ããŸãã
èããããNGFWå¶åŸ¡ã¹ããŒã
æã䟡å€ã®ãããã° ãã¡ã€ã«
-
ã·ã¹ãã ã¡ãã»ãŒãž (å®å šãª Gaia ãããæ å ±ãå°ãªã)
# tail -f /var/log/messages2
-
ãã¬ãŒãã®åäœæã®ãšã©ãŒ ã¡ãã»ãŒãž (åé¡ã®ãã©ãã«ã·ã¥ãŒãã£ã³ã°ãè¡ãå Žåã«éåžžã«åœ¹ç«ã€ãã¡ã€ã«)
# tail -f /var/log/log/sfwd.elg
-
ã·ã¹ãã ã«ãŒãã« ã¬ãã«ã§ãããã¡ããã®ã¡ãã»ãŒãžã衚瀺ããŸãã
#dmesg
ãã¬ãŒãæ§æ
ãã®ã»ã¯ã·ã§ã³ã«ã¯ãNGFW ãã§ã㯠ãã€ã³ããèšå®ããããã®å®å šãªæé ã¯å«ãŸããŠããŸãããçµéšã«åºã¥ããŠéžæãããæšå¥šäºé ã®ã¿ãå«ãŸããŠããŸãã
ã¢ããªã±ãŒã·ã§ã³å¶åŸ¡ / URL ãã£ã«ã¿ãªã³ã°
-
ã«ãŒã«ã§ã¯ãANYãANY (ãœãŒã¹ãå®å ) æ¡ä»¶ãé¿ããããšããå§ãããŸãã
-
ã«ã¹ã¿ã URL ãªãœãŒã¹ãæå®ããå Žåã¯ã次ã®ãããªæ£èŠè¡šçŸã䜿çšãããšããå¹æçã§ãã (^|..)checkpoint.com
-
ã«ãŒã«ã®ãã°èšé²ãããã㯠ããŒãž (UserCheck) ã®è¡šç€ºãé床ã«äœ¿çšããªãã§ãã ããã
-
ãã¯ãããžãŒãæ£ããæ©èœããããšã確èªãã ãã»ãã¥ã¢XLãã ã»ãšãã©ã®ãã©ãã£ãã¯ã¯ééããã¯ãã§ã å é/äžãã¹ã ãŸããæããã䜿çšãããã«ãŒã« (ãã£ãŒã«ã) ã§ã«ãŒã«ããã£ã«ã¿ãŒããããšãå¿ããªãã§ãã ããã ããã ).
HTTPS æ€æ»
ãŠãŒã¶ãŒ ãã©ãã£ãã¯ã® 70 ïœ 80% ã HTTPS æ¥ç¶ããã®ãã®ã§ããããšã¯åšç¥ã®äºå®ã§ãããããã¯ã²ãŒããŠã§ã€ ããã»ããµã®ãªãœãŒã¹ãå¿ èŠãšããããšãæå³ããŸãã ããã«ãHTTPS-Inspection 㯠IPSããŠã€ã«ã¹å¯Ÿçãã¢ã³ããããã®äœæ¥ã«åå ããŠããŸãã
ããŒãžã§ã³ 80.40 ããã¯ã
-
ã¢ãã¬ã¹ãšãããã¯ãŒã¯ã®ã°ã«ãŒã (å®å ) ããã€ãã¹ããŸãã
-
URL ã®ã°ã«ãŒãããã€ãã¹ããŸãã
-
ç¹æš©ã¢ã¯ã»ã¹ã«ããå éš IP ããã³ãããã¯ãŒã¯ããã€ãã¹ããŸã (ãœãŒã¹)ã
-
å¿ èŠãªãããã¯ãŒã¯ããŠãŒã¶ãŒãæ€æ»ãã
-
ä»ã®äººã¯ãã€ãã¹ããŠãã ããã
* HTTPS ãŸã㯠HTTPS ãããã· ãµãŒãã¹ãæåã§éžæãã[Any] ã®ãŸãŸã«ããããšããå§ãããŸãã æ€æ»ã«ãŒã«ã«åŸã£ãŠã€ãã³ãããã°ã«èšé²ããŸãã
IPS
䜿çšããã眲åãå€ãããå ŽåãIPS ãã¬ãŒã㯠NGFW ã«ããªã·ãŒãã€ã³ã¹ããŒã«ã§ããªãå¯èœæ§ããããŸãã ã«ãããš
åé¡ã解決ãŸãã¯é²æ¢ããã«ã¯ã次ã®æé ã«åŸããŸãã
-
ãæé©å SMBããšããæé©åããããããã¡ã€ã« (ãŸãã¯éžæããå¥ã®ãããã¡ã€ã«) ãè€è£œããŸãã
-
ãããã¡ã€ã«ãç·šéãããIPSãâãPre R80.Settingsãã»ã¯ã·ã§ã³ã«ç§»åããŠãããµãŒããŒä¿è·ãããªãã«ããŸãã
-
ãèªèº«ã®è£éã§ã2010 幎ããå€ã CVE ãç¡å¹ã«ããããšãã§ããŸãããããã®è匱æ§ã¯å°èŠæš¡ãªãã£ã¹ã§ã¯ãŸãã«èŠã€ããå¯èœæ§ããããŸãããããã©ãŒãã³ã¹ã«åœ±é¿ããŸãã ãããã®äžéšãç¡å¹ã«ããã«ã¯ã[ãããã¡ã€ã«]â[IPS]â[è¿œå ã®ã¢ã¯ãã£ãå]â[éã¢ã¯ãã£ãåããä¿è·]ãªã¹ãã«ç§»åããŸãã
代ããã«ãçµè«ã®
SMB ãã¡ããªã®æ°äžä»£ NGFW (1500) ã«é¢ããäžé£ã®èšäºã®äžç°ãšããŠããœãªã¥ãŒã·ã§ã³ã®äž»ãªæ©èœã匷調ããç¹å®ã®äŸã䜿çšããŠéèŠãªã»ãã¥ãªã㣠ã³ã³ããŒãã³ãã®æ§æãå®èšŒããããšããŸããã ååã«é¢ããã質åã¯ã³ã¡ã³ãã«ãŠãåãããããŸãã ãæž èŽããããšãããããŸããã
åºæïŒ habr.com