ããã«ã¡ã¯ãã¿ããªïŒ ãã®ç¶ãã§
ãã®èšäºã§ã¯ãSophos XG Firewall æ©èœã®æåã®éšåã§ãããç£èŠãšåæãã«ã€ããŠèª¬æããŸãã å®å
šãªã¬ãã¥ãŒã¯äžé£ã®èšäºãšããŠå
¬éãããäºå®ã§ãã Sophos XG Firewall Web ã€ã³ã¿ãŒãã§ãŒã¹ãšã©ã€ã»ã³ã¹è¡šã«åºã¥ããŠäœæ¥ãé²ããŸãã
ã»ãã¥ãªã㣠ã³ã³ãããŒã« ã»ã³ã¿ãŒ
ããã§ããã©ãŠã¶ãèµ·åã㊠NGFW ã® Web ã€ã³ã¿ãŒãã§ã€ã¹ãéããšã管çããã«ã«å ¥ãããã«ãŠãŒã¶ãŒåãšãã¹ã¯ãŒããå ¥åããããæ±ããããã³ããã衚瀺ãããŸãã
åæã¢ã¯ãã£ããŒã·ã§ã³æã«èšå®ãããã°ã€ã³åãšãã¹ã¯ãŒããå
¥åããã³ã³ãããŒã« ã»ã³ã¿ãŒã«ã¢ã¯ã»ã¹ããŸãã 圌ã¯ãããªæãã§ã
ãããã®ãŠã£ãžã§ããã¯ã»ãŒãã¹ãŠã¯ãªãã¯å¯èœã§ãã äºä»¶ã«å·»ã蟌ãŸãããã®è©³çŽ°ãèŠãããšãã§ããŸãã
åãããã¯ãèŠãŠã¿ãŸãããããŸã System ãããã¯ããå§ããŸãã
ãããã¯ã·ã¹ãã
ãã®ãããã¯ã¯ãã·ã³ã®ç¶æ ããªã¢ã«ã¿ã€ã ã§è¡šç€ºããŸãã ããããã®ã¢ã€ã³ã³ãã¯ãªãã¯ãããšãã·ã¹ãã ã®ã¹ããŒã¿ã¹ã«é¢ãã詳现æ å ±ãèšèŒãããããŒãžã«ç§»åããŸãã
ã·ã¹ãã ã«åé¡ãããå Žåããã®ãŠã£ãžã§ããã¯ãããéç¥ããæ
å ±ããŒãžã§ãã®çç±ã確èªã§ããŸãã
ã¿ããã¯ãªãã¯ãããšããã¡ã€ã¢ãŠã©ãŒã«ã®ããŸããŸãªåŽé¢ã«é¢ãã詳现æ
å ±ãååŸã§ããŸãã
ãã©ãã£ãã¯ã€ã³ãµã€ããããã¯
ãã®ã»ã¯ã·ã§ã³ã§ã¯ãçŸåšãããã¯ãŒã¯ã§äœãèµ·ãã£ãŠããã®ãããããŠéå» 24 æéã«äœãèµ·ãã£ãã®ããææ¡ã§ããŸãã ãã©ãã£ãã¯ããããã¯ãŒã¯æ»æ (IPS ã¢ãžã¥ãŒã«ã«ããããªã¬ãŒ)ãããã³ãããã¯ãããã¢ããªã±ãŒã·ã§ã³å¥ã®äžäœ 5 ã€ã® Web ã«ããŽãªãšã¢ããªã±ãŒã·ã§ã³ã
ãŸããã¯ã©ãŠã ã¢ããªã±ãŒã·ã§ã³ ã»ã¯ã·ã§ã³ãåå¥ã«åŒ·èª¿ãã䟡å€ããããŸãã ããã«ã¯ãã¯ã©ãŠã ãµãŒãã¹ã䜿çšããããŒã«ã« ãããã¯ãŒã¯äžã®ã¢ããªã±ãŒã·ã§ã³ã®ååšã衚瀺ãããŸãã åä¿¡ãã©ãã£ãã¯ãšéä¿¡ãã©ãã£ãã¯ã®åèšæ°ã ãã®ãŠã£ãžã§ãããã¯ãªãã¯ãããšãã¯ã©ãŠã ã¢ããªã±ãŒã·ã§ã³ã«é¢ããæ å ±ããŒãžã衚瀺ããããããã¯ãŒã¯äžã«ã©ã®ãããªã¯ã©ãŠã ã¢ããªã±ãŒã·ã§ã³ããããã誰ããããã䜿çšããŠããããããã³ãã©ãã£ãã¯æ å ±ã詳现ã«ç¢ºèªã§ããŸãã
ãŠãŒã¶ãŒãšããã€ã¹ã®ã€ã³ãµã€ã ãããã¯
ãã®ãããã¯ã«ã¯ãŠãŒã¶ãŒã«é¢ããæ
å ±ã衚瀺ãããŸãã äžçªäžã®è¡ã«ã¯ãææãããŠãŒã¶ãŒã®ã³ã³ãã¥ãŒã¿ã«é¢ããæ
å ±ã衚瀺ããããœãã©ã¹ã®ãŠã€ã«ã¹å¯ŸçãœãããŠã§ã¢ããæ
å ±ãåéãããããã Sophos XG Firewall ã«éä¿¡ãããŸãã ãã®æ
å ±ã«åºã¥ããŠããã¡ã€ã¢ãŠã©ãŒã«ã¯ææãããšããŠãŒã¶ãŒã®ã³ã³ãã¥ãŒã¿ãããŒã«ã« ãããã¯ãŒã¯ãŸã㯠L2 ã¬ãã«ã®ãããã¯ãŒã¯ ã»ã°ã¡ã³ãããåæãããã®ã³ã³ãã¥ãŒã¿ãšã®ãã¹ãŠã®éä¿¡ããããã¯ããŸãã Security Heartbeat ã«é¢ãã詳现æ
å ±ã¯æ¬¡ã®ãšããã§ãã
äžéšã® XNUMX ã€ã®ãŠã£ãžã§ããã«æ³šç®ãã䟡å€ããããŸãã ãããã¯ãATP (Advanced Threat Protection) ãš UTQ (User Threat Quotient) ã§ãã
ATP ã¢ãžã¥ãŒã«ã¯ããããããã ãããã¯ãŒã¯ã®å¶åŸ¡ãµãŒããŒã§ãã C&C ãšã®æ¥ç¶ããããã¯ããŸãã ããŒã«ã« ãããã¯ãŒã¯äžã®ããã€ã¹ããããããã ãããã¯ãŒã¯å ã«ããå Žåããã®ã¢ãžã¥ãŒã«ã¯ãããå ±åããã³ã³ãããŒã« ãµãŒããŒãžã®æ¥ç¶ãèš±å¯ããŸããã ãããªæãã§ã
UTQ ã¢ãžã¥ãŒã«ã¯ãåãŠãŒã¶ãŒã«ã»ãã¥ãªã㣠ã€ã³ããã¯ã¹ãå²ãåœãŠãŸãã ãŠãŒã¶ãŒãçŠæ¢ããããµã€ãã«ã¢ã¯ã»ã¹ããããçŠæ¢ãããã¢ããªã±ãŒã·ã§ã³ãå®è¡ããããšããã»ã©ãè©äŸ¡ã¯é«ããªããŸãã ãã®ããŒã¿ã«åºã¥ããŠãæçµçã«ã³ã³ãã¥ãŒã¿ããã«ãŠã§ã¢ã«ææãããšããäºå®ãåŸ
ããã«ããã®ãããªãŠãŒã¶ãŒã«äºåã«ãã¬ãŒãã³ã°ãæäŸããããšãã§ããŸãã ãããªæãã§ã
次ã¯ãã¢ã¯ãã£ããªãã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ãšããã ã¬ããŒãã«é¢ããäžè¬æ
å ±ã®ã»ã¯ã·ã§ã³ã§ããPDF 圢åŒã§ããã«ããŠã³ããŒãã§ããŸãã
ã¡ãã¥ãŒã®æ¬¡ã®ã»ã¯ã·ã§ã³ã«é²ã¿ãŸããã - çŸåšã®æŽ»å
çŸåšã®æŽ»å
[ã©ã€ã ãŠãŒã¶ãŒ] ã¿ãããã¬ãã¥ãŒãå§ããŸãããã ãã®ããŒãžã§ã¯ãçŸåš Sophos XG Firewall ã«æ¥ç¶ããŠãããŠãŒã¶ãŒãèªèšŒæ¹æ³ããã·ã³ã® IP ã¢ãã¬ã¹ãæ¥ç¶æéããã©ãã£ãã¯éã確èªã§ããŸãã
ã©ã€ãæ¥ç¶
ãã®ã¿ãã«ã¯ãã¢ã¯ãã£ããªã»ãã·ã§ã³ããªã¢ã«ã¿ã€ã ã§è¡šç€ºãããŸãã ãã®ããŒãã«ã¯ãã¢ããªã±ãŒã·ã§ã³ããŠãŒã¶ãŒãã¯ã©ã€ã¢ã³ã ãã·ã³ã® IP ã¢ãã¬ã¹ã«ãã£ãŠãã£ã«ã¿ãªã³ã°ã§ããŸãã
IPsecæ¥ç¶
ãã®ã¿ãã«ã¯ãã¢ã¯ãã£ã㪠IPsec VPN æ¥ç¶ã«é¢ããæ
å ±ã衚瀺ãããŸã
ããªã¢ãŒããŠãŒã¶ãŒãã¿ã
[ãªã¢ãŒã ãŠãŒã¶ãŒ] ã¿ãã«ã¯ãSSL VPN çµç±ã§æ¥ç¶ãããªã¢ãŒã ãŠãŒã¶ãŒã«é¢ããæ å ±ãå«ãŸããŠããŸã
ãŸãããã®ã¿ãã§ã¯ããŠãŒã¶ãŒããšã®ãã©ãã£ãã¯ããªã¢ã«ã¿ã€ã ã§è¡šç€ºããä»»æã®ãŠãŒã¶ãŒã匷å¶çã«åæããããšãã§ããŸãã
ãã®è£œåã®ã¬ããŒã ã·ã¹ãã ã¯éåžžã«ããªã¥ãŒã ããããå¥ã®èšäºãå¿ èŠãªããã[ã¬ããŒã] ã¿ãã¯ã¹ãããããŸãããã
蚺ææ³
ããŸããŸãªåé¡çºèŠãŠãŒãã£ãªãã£ãå«ãããŒãžãããã«éããŸãã ãããã«ã¯ãPingãTracerouteãååæ€çŽ¢ãã«ãŒãæ€çŽ¢ãå«ãŸããŸãã
次ã¯ããªã¢ã«ã¿ã€ã ã§ã®ããŒããŠã§ã¢ãšããŒãã®ããŒãã®ã·ã¹ãã ã°ã©ããå«ãã¿ãã§ãã
ã·ã¹ãã ã°ã©ã
次ã«ãWebãªãœãŒã¹ã®ã«ããŽãªã確èªã§ããã¿ã
URLã«ããŽãªæ€çŽ¢
次ã®ã¿ã [ãã±ãã ãã£ããã£] ã¯ãåºæ¬çã« Web ã«çµã¿èŸŒãŸãã tcpdump ã€ã³ã¿ãŒãã§ã€ã¹ã§ãã ãã£ã«ã¿ãŒãæžãããšãã§ããŸã
ãã±ãããã£ããã£
泚ç®ãã¹ãèå³æ·±ãç¹ã¯ãããã±ãŒãžãããŒãã«ã«å€æãããæ
å ±ãå«ãè¿œå ã®åãç¡å¹ãŸãã¯æå¹ã«ã§ããããšã§ãã ãã®æ©èœã¯ããããã¯ãŒã¯ã®åé¡ãèŠã€ããå Žåãªã©ã«éåžžã«äŸ¿å©ã§ããå®éã®ãã©ãã£ãã¯ã«ã©ã®ãã£ã«ã¿ãªã³ã° ã«ãŒã«ãé©çšãããŠããããããã«ç解ã§ããŸãã
[æ¥ç¶ãªã¹ã] ã¿ãã§ã¯ããã¹ãŠã®æ¢åã®æ¥ç¶ãšãã®æ å ±ããªã¢ã«ã¿ã€ã ã§è¡šç€ºã§ããŸãã
æ¥ç¶ãªã¹ã
ãŸãšã
ããã§ã¬ãã¥ãŒã®æåã®éšåã¯çµäºã§ãã å©çšå¯èœãªæ©èœã®ããäžéšã®ã¿ã調æ»ããã»ãã¥ãªã㣠ã¢ãžã¥ãŒã«ã«ã¯ãŸã£ãã觊ããŠããŸããã 次ã®èšäºã§ã¯ãçµã¿èŸŒã¿ã®ã¬ããŒãæ©èœãšãã¡ã€ã¢ãŠã©ãŒã« ã«ãŒã«ããã®çš®é¡ãšç®çãåæããŸãã
ãæéãããã ãããããšãããããŸãã
XG Firewall ã®åçšããŒãžã§ã³ã«ã€ããŠã質åãããå Žåã¯ãåŒç€ŸãŸã§ãåãåãããã ããã
åºæïŒ habr.com