æè¿ã§ã¯ããã®ãããã¯ã«é¢ããèšå€§ãªéã®è³æãã€ã³ã¿ãŒãããäžã§èŠã€ããããšãã§ããŸãã ãããã¯ãŒã¯å¢çã§ã®ãã©ãã£ãã¯åæã åæã«ãäœããã®çç±ã§èª°ããå®å
šã«å¿ããŠããŸãã ããŒã«ã«ãã©ãã£ãã¯åæããããåæ§ã«éèŠã§ãã ãã®èšäºã§ã¯ããŸãã«ãã®ãããã¯ã«ã€ããŠèª¬æããŸãã äŸãã°
ãããŒã¢ã³ãããã¯ãŒã¯ã¹ãšã¯äœã§ãã?
ãŸããFlowmon ã¯ãšãŒãããã® IT ãã³ããŒã§ãã å瀟ã¯ãã§ã³ã®äŒç€Ÿã§ãæ¬ç€Ÿã¯ãã«ãã«ããïŒå¶è£ã®åé¡ã¯æèµ·ãããŠããªãïŒã çŸåšã®åœ¢æ ã§ã¯ãå瀟㯠2007 幎ããåžå Žã«åå ¥ããŠããŸãã 以åã¯ãInvea-Tech ãã©ã³ãã§ç¥ãããŠããŸããã ã€ãŸãã補åãšãœãªã¥ãŒã·ã§ã³ã®éçºã«ã¯åèšã§ã»ãŒ 20 幎ãè²»ããããŸããã
Flowmonã¯AçŽãã©ã³ããšããŠäœçœ®ã¥ããããŠããŸãã äŒæ¥é¡§å®¢åãã®ãã¬ãã¢ã ãœãªã¥ãŒã·ã§ã³ãéçºããGartner ã® Network Performance Monitoring and Diagnostics (NPMD) ããã¯ã¹ã§è©äŸ¡ãããŠããŸãã ããã«ãèå³æ·±ãããšã«ãã¬ããŒãã«å«ãŸãããã¹ãŠã®äŒæ¥ã®äžã§ãFlowmon ã¯ããããã¯ãŒã¯ç£èŠãšæ å ±ä¿è· (ãããã¯ãŒã¯åäœåæ) ã®äž¡æ¹ã®ãœãªã¥ãŒã·ã§ã³ã®ã¡ãŒã«ãŒãšã㊠Gartner ã«ãã£ãŠæ³šç®ãããå¯äžã®ãã³ããŒã§ãã ãŸã XNUMXäœã«ã¯ãªã£ãŠããŸãããããã®ããã§ããŒã€ã³ã°ã®ç¿Œã®ããã«ã¯ç«ã¡ãŸããã
補åã¯ã©ã®ãããªåé¡ã解決ããŸãã?
äžççã«èŠãŠãåœç€Ÿã®è£œåã«ãã£ãŠè§£æ±ºããã次ã®ãããªäžé£ã®ã¿ã¹ã¯ãåºå¥ã§ããŸãã
- ããŠã³ã¿ã€ã ãå¯çšæ§ã®äœäžãæå°éã«æããããšã§ããããã¯ãŒã¯ãšãããã¯ãŒã¯ ãªãœãŒã¹ã®å®å®æ§ãé«ããŸãã
- ãããã¯ãŒã¯ããã©ãŒãã³ã¹ã®å šäœçãªã¬ãã«ãåäžãããŸãã
- 次ã®ãããªçç±ã«ããã管çã¹ã¿ããã®å¹çãåäžããŸãã
- IP ãããŒã«é¢ããæ å ±ã«åºã¥ããææ°ã®é©æ°çãªãããã¯ãŒã¯ç£èŠããŒã«ã䜿çšããŸãã
- ãããã¯ãŒã¯ã®æ©èœãšç¶æ ïŒãããã¯ãŒã¯äžã§å®è¡ãããŠãããŠãŒã¶ãŒãšã¢ããªã±ãŒã·ã§ã³ãéä¿¡ãããããŒã¿ãçžäºäœçšãããªãœãŒã¹ããµãŒãã¹ãããŒãïŒã«é¢ãã詳现ãªåæãæäŸããŸãã
- ãŠãŒã¶ãŒãã¯ã©ã€ã¢ã³ãããµãŒãã¹ã倱ã£ãåŸã§ã¯ãªããã€ã³ã·ãã³ããçºçããåã«å¯Ÿå¿ããã
- ãããã¯ãŒã¯ãš IT ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ç®¡çã«å¿ èŠãªæéãšãªãœãŒã¹ãåæžããŸãã
- ãã©ãã«ã·ã¥ãŒãã£ã³ã°ã¿ã¹ã¯ãç°¡çŽ åããŸãã
- ç°åžžã§æªæã®ãããããã¯ãŒã¯æŽ»åãããŒããã€æ»æããæ€åºããããã®éã·ã°ããã£æè¡ã®äœ¿çšãéããŠãäŒæ¥ã®ãããã¯ãŒã¯ãšæ å ±ãªãœãŒã¹ã®ã»ãã¥ãªãã£ã®ã¬ãã«ãåäžãããŸãã
- ãããã¯ãŒã¯ ã¢ããªã±ãŒã·ã§ã³ãšããŒã¿ããŒã¹ã«å¿ èŠãª SLA ã¬ãã«ã確ä¿ããŸãã
Flowmon ãããã¯ãŒã¯ã®è£œåããŒããã©ãªãª
ããã§ãFlowmon Networks ã®è£œåããŒããã©ãªãªãçŽæ¥èŠãŠãå瀟ãæ£ç¢ºã«äœãè¡ã£ãŠããã®ããèŠãŠã¿ãŸãããã ååãããã§ã«æšæž¬ããŠãã人ãå€ããšæããŸãããäž»ãªå°éåéã¯ã¹ããªãŒãã³ã° ãã㌠ãã©ãã£ãã¯ç£èŠã®ãœãªã¥ãŒã·ã§ã³ã«å ããåºæ¬æ©èœãæ¡åŒµããå€æ°ã®è¿œå ã¢ãžã¥ãŒã«ã§ãã
å®éãFlowmon 㯠XNUMX ã€ã®è£œåãããã㯠XNUMX ã€ã®ãœãªã¥ãŒã·ã§ã³ã®äŒç€ŸãšåŒã¶ããšãã§ããŸãã ãããè¯ãã®ãæªãã®ãèããŠã¿ãŸãããã
ã·ã¹ãã ã®äžæ žãšãªãã®ã¯ã³ã¬ã¯ã¿ãŒã§ããã次ã®ãããªããŸããŸãªãã㌠ãããã³ã«ã䜿çšããŠããŒã¿ãåéãã責任ããããŸãã NetFlow v5/v9ãjFlowãsFlowãNetStreamãIPFIX... ãããã¯ãŒã¯æ©åšã¡ãŒã«ãŒãšææºããŠããªãäŒæ¥ã«ãšã£ãŠãç¹å®ã®èŠæ Œããããã³ã«ã«çžãããªããŠãããŒãµã«ãªè£œåãåžå Žã«æäŸããããšãéèŠã§ããããšã¯éåžžã«è«ççã§ãã
ãããŒã¢ã³ã³ã¬ã¯ã¿ãŒ
ã³ã¬ã¯ã¿ãŒã¯ãããŒããŠã§ã¢ ãµãŒããŒãšããŠãä»®æ³ãã·ã³ (VMwareãHyper-VãKVM) ãšããŠã䜿çšã§ããŸãã ã¡ãªã¿ã«ãããŒããŠã§ã¢ ãã©ãããã©ãŒã ã¯ã«ã¹ã¿ãã€ãºããã DELL ãµãŒããŒã«å®è£ ãããŠãããä¿èšŒãš RMA ã«é¢ããåé¡ã®ã»ãšãã©ãèªåçã«æé€ãããŸãã å¯äžã®ç¬èªã®ããŒããŠã§ã¢ ã³ã³ããŒãã³ãã¯ãFlowmon ã®åäŒç€Ÿã«ãã£ãŠéçºããã FPGA ãã©ãã£ã㯠ãã£ãã㣠ã«ãŒãã§ãããæ倧 100 Gbps ã®é床ã§ã®ç£èŠãå¯èœã§ãã
ããããæ¢åã®ãããã¯ãŒã¯æ©åšãé«å質ã®ãããŒãçæã§ããªãå Žåã¯ã©ãããã°ããã§ãããã? ãããšãæ©åšã®è² è·ãé«ãããã®ã§ããããïŒ åé¡ãªãïŒ
ãããŒã¢ã³ã®åé¡
ãã®å ŽåãFlowmon Networks ã¯ãã¹ã€ããã® SPAN ããŒãçµç±ããŸãã¯ããã·ã TAP ã¹ããªãã¿ãŒã䜿çšããŠãããã¯ãŒã¯ã«æ¥ç¶ãããç¬èªã®ãããŒã (Flowmon ãããŒã) ã®äœ¿çšãææ¡ããŸãã
SPAN (ãã©ãŒããŒã) ããã³ TAP å®è£
ãªãã·ã§ã³
ãã®å ŽåãFlowmon ãããŒãã«å°çããçã®ãã©ãã£ãã¯ã¯ãããå€ãã®å 容ãå«ãæ¡åŒµããã IPFIX ã«å€æãããŸãã 240 ã®ã¡ããªã¯ã¹ãšæ å ±ã äžæ¹ããããã¯ãŒã¯æ©åšã«ãã£ãŠçæãããæšæº NetFlow ãããã³ã«ã«ã¯ 80 å以äžã®ã¡ããªã¯ã¹ãå«ãŸããŸãã ããã«ãããã¬ãã« 3 ãš 4 ã ãã§ãªããISO OSI ã¢ãã«ã«åŸã£ãã¬ãã« 7 ã§ããããã³ã«ã®å¯èŠæ§ãå¯èœã«ãªããŸãã ãã®çµæããããã¯ãŒã¯ç®¡çè ã¯ãé»åã¡ãŒã«ãHTTPãDNSãSMB ãªã©ã®ã¢ããªã±ãŒã·ã§ã³ããããã³ã«ã®æ©èœãç£èŠã§ããŸãã
æŠå¿µçã«ã¯ãã·ã¹ãã ã®è«çã¢ãŒããã¯ãã£ã¯æ¬¡ã®ããã«ãªããŸãã
Flowmon Networks ã®ããšã³ã·ã¹ãã ãå
šäœã®äžå¿ãšãªãã®ã¯ãæ¢åã®ãããã¯ãŒã¯æ©åšãŸãã¯ç¬èªã®ãããŒã (ãããŒã) ãããã©ãã£ãã¯ãåä¿¡ããã³ã¬ã¯ã¿ãŒã§ãã ãããããšã³ã¿ãŒãã©ã€ãº ãœãªã¥ãŒã·ã§ã³ã®å Žåããããã¯ãŒã¯ ãã©ãã£ãã¯ãç£èŠããããã ãã«æ©èœãæäŸããã®ã¯åçŽãããŸãã ãªãŒãã³ãœãŒã¹ ãœãªã¥ãŒã·ã§ã³ã§ãããã®ãããªããã©ãŒãã³ã¹ã¯åŸãããŸãããããããè¡ãããšãã§ããŸãã Flowmon ã®äŸ¡å€ã¯ãåºæ¬æ©èœãæ¡åŒµããè¿œå ã¢ãžã¥ãŒã«ã§ãã
- ã¢ãžã¥ãŒã« ç°åžžæ€åºã»ãã¥ãªã㣠â ãã©ãã£ãã¯ã®ãã¥ãŒãªã¹ãã£ãã¯åæãšå žåçãªãããã¯ãŒã¯ ãããã¡ã€ã«ã«åºã¥ããŠããŒããã€æ»æãå«ãç°åžžãªãããã¯ãŒã¯ ã¢ã¯ãã£ããã£ãç¹å®ããŸãã
- ã¢ãžã¥ãŒã« ã¢ããªã±ãŒã·ã§ã³ããã©ãŒãã³ã¹ã®ç£èŠ â ããšãŒãžã§ã³ãããã€ã³ã¹ããŒã«ããããã¿ãŒã²ãã ã·ã¹ãã ã«åœ±é¿ãäžãããããããšãªãããããã¯ãŒã¯ ã¢ããªã±ãŒã·ã§ã³ã®ããã©ãŒãã³ã¹ãç£èŠããŸãã
- ã¢ãžã¥ãŒã« ãã©ãã£ãã¯ã¬ã³ãŒã㌠â æ å ±ã»ãã¥ãªãã£ã€ã³ã·ãã³ãã®ãããªããã©ãã«ã·ã¥ãŒãã£ã³ã°ã調æ»ã®ããã«ãäžé£ã®äºåå®çŸ©ãããã«ãŒã«ã«åŸã£ãŠããŸã㯠ADS ã¢ãžã¥ãŒã«ããã®ããªã¬ãŒã«åŸã£ãŠããããã¯ãŒã¯ãã©ãã£ãã¯ã®ãã©ã°ã¡ã³ããèšé²ããŸãã
- ã¢ãžã¥ãŒã« DDoSã®ä¿è· â ã¢ããªã±ãŒã·ã§ã³ïŒOSI L3/L4/L7ïŒã«å¯Ÿããæ»æãå«ãã倧éã® DoS/DDoS ãµãŒãã¹æåŠæ»æãããããã¯ãŒã¯å¢çãä¿è·ããŸãã
ãã®èšäºã§ã¯ã2 ã€ã®ã¢ãžã¥ãŒã«ã®äŸã䜿çšããŠããã¹ãŠãã©ã€ãã§ã©ã®ããã«æ©èœããããèŠãŠãããŸãã ãããã¯ãŒã¯ ããã©ãŒãã³ã¹ã®ç£èŠãšèšºæ О ç°åžžæ€åºã»ãã¥ãªãã£.
èæ¯ïŒ
- VMware 140 ãã€ããŒãã€ã¶ãŒãæèŒãã Lenovo RS 6.0 ãµãŒããŒã
- Flowmon Collector ä»®æ³ãã·ã³ ã€ã¡ãŒãžãå©çšã§ãã
ããããããŠã³ããŒã ; - ãããŒãããã³ã«ããµããŒãããã¹ã€ããã®ãã¢ã
ã¹ããã 1. Flowmon ã³ã¬ã¯ã¿ãŒãã€ã³ã¹ããŒã«ãã
VMware ãžã®ä»®æ³ãã·ã³ã®ãããã€ã¯ãOVF ãã³ãã¬ãŒãããå®å šã«æšæºçãªæ¹æ³ã§è¡ãããŸãã ãã®çµæãCentOS ãå®è¡ããããã«äœ¿çšã§ãããœãããŠã§ã¢ãåããä»®æ³ãã·ã³ãåŸãããŸãã ãªãœãŒã¹èŠä»¶ã¯äººéçã§ã:
æ®ã£ãŠããã®ã¯ãã³ãã³ãã䜿çšããŠåºæ¬çãªåæåãå®è¡ããããšã ãã§ã ã·ã¹ãã æ§æ:
管çããŒãã«IPãDNSãæå»ããã¹ãåãèšå®ããWEBã€ã³ã¿ãŒãã§ãŒã¹ã«æ¥ç¶ã§ããŸãã
ã¹ããã 2. ã©ã€ã»ã³ã¹ã®ã€ã³ã¹ããŒã«
XNUMX ãæåã®è©Šçšã©ã€ã»ã³ã¹ãçæãããä»®æ³ãã·ã³ ã€ã¡ãŒãžãšãšãã«ããŠã³ããŒããããŸãã çµç±ã§ããŒã æ§æã»ã³ã¿ãŒ -> ã©ã€ã»ã³ã¹ã ãã®çµæã次ã®ããšãããããŸãã
ãã¹ãŠæºåãæŽããŸããã ä»äºãå§ããããšãã§ããŸãã
ã¹ããã 3. ã³ã¬ã¯ã¿äžã§åä¿¡æ©ãã»ããã¢ãããã
ãã®æ®µéã§ã¯ãã·ã¹ãã ããœãŒã¹ããããŒã¿ãåä¿¡ããæ¹æ³ã決å®ããå¿ èŠããããŸãã åã«è¿°ã¹ãããã«ãããã¯ãã㌠ãããã³ã«ã® XNUMX ã€ããŸãã¯ã¹ã€ããäžã® SPAN ããŒãã§ããå¯èœæ§ããããŸãã
ãã®äŸã§ã¯ããããã³ã«ã䜿çšããããŒã¿åä¿¡ã䜿çšããŸãã NetFlow v9 ããã³ IPFIXã ãã®å Žåã管çã€ã³ã¿ãŒãã§ã€ã¹ã® IP ã¢ãã¬ã¹ãã¿ãŒã²ãããšããŠæå®ããŸãã 192.168.78.198ã ã€ã³ã¿ãŒãã§ã€ã¹ eth2 ããã³ eth3 (ã¢ãã¿ãªã³ã° ã€ã³ã¿ãŒãã§ã€ã¹ ã¿ã€ã) ã¯ãã¹ã€ããã® SPAN ããŒããããçããã©ãã£ãã¯ã®ã³ããŒãåä¿¡ããããã«äœ¿çšãããŸãã ç§ãã¡ã®å Žåã§ã¯ãªãã圌ããééãããŸããã
次ã«ããã©ãã£ãã¯ãéä¿¡ãããã³ã¬ã¯ã¿ãŒ ããŒãã確èªããŸãã
ãã®äŸã§ã¯ãã³ã¬ã¯ã¿ãŒã¯ããŒã UDP/2055 ã§ãã©ãã£ãã¯ããªãã¹ã³ããŸãã
ã¹ããã 4. ãã㌠ãšã¯ã¹ããŒãçšã®ãããã¯ãŒã¯æ©åšã®æ§æ
Cisco Systems æ©åšã§ã® NetFlow ã®ã»ããã¢ããã¯ãããããããããã¯ãŒã¯ç®¡çè ã«ãšã£ãŠãŸã£ããäžè¬çãªã¿ã¹ã¯ãšèšããã§ãããã ããã§ã¯äŸãšããŠããã£ãšçãããã®ãåãäžããŸãã ããšãã°ãMikroTik RB2011UiAS-2HnD ã«ãŒã¿ãŒã§ãã ã¯ããå¥åŠãªããšã«ãå°èŠæš¡ãªãã£ã¹ãããŒã ãªãã£ã¹åãã®ãã®ãããªäœäºç®ãœãªã¥ãŒã·ã§ã³ã¯ãNetFlow v5/v9 ããã³ IPFIX ãããã³ã«ããµããŒãããŠããŸãã èšå®ã§ãã¿ãŒã²ãã (ã³ã¬ã¯ã¿ ã¢ãã¬ã¹ 192.168.78.198 ããã³ããŒã 2055) ãèšå®ããŸãã
ãããŠããšã¯ã¹ããŒãã«äœ¿çšã§ãããã¹ãŠã®ã¡ããªã¯ã¹ãè¿œå ããŸãã
ãã®æç¹ã§ãåºæ¬çãªã»ããã¢ããã¯å®äºãããšèšããŸãã ãã©ãã£ãã¯ãã·ã¹ãã ã«å
¥ã£ãŠãããã©ããã確èªããŸãã
ã¹ããã 5: ãããã¯ãŒã¯ ããã©ãŒãã³ã¹ç£èŠããã³èšºæã¢ãžã¥ãŒã«ã®ãã¹ããšæäœ
ã»ã¯ã·ã§ã³ã§ãœãŒã¹ããã®ãã©ãã£ãã¯ã®ååšã確èªã§ããŸãã Flowmon ç£èŠã»ã³ã¿ãŒ â> ãœãŒã¹:
ããŒã¿ãã·ã¹ãã ã«å
¥åãããŠããããšãããããŸãã ã³ã¬ã¯ã¿ãŒããã©ãã£ãã¯ãèç©ããŠãããã°ãããããšããŠã£ãžã§ããã«æ
å ±ã衚瀺ããå§ããŸãã
ãã®ã·ã¹ãã ã¯ããªã«ããŠã³ã®ååã«åºã¥ããŠæ§ç¯ãããŠããŸãã ã€ãŸãããŠãŒã¶ãŒã¯ãå³ãŸãã¯ã°ã©ãäžã§é¢å¿ã®ãããã©ã°ã¡ã³ããéžæãããšãå¿
èŠãªããŒã¿ã®æ·±ãã®ã¬ãã«ã«ãèœã¡ãŸããã
åãããã¯ãŒã¯æ¥ç¶ãšæ¥ç¶ã«é¢ããæ
å ±ãŸã§:
ã¹ããã6. ç°åžžæ€åºã»ãã¥ãªãã£ã¢ãžã¥ãŒã«
ãã®ã¢ãžã¥ãŒã«ã¯ããããã¯ãŒã¯ ãã©ãã£ãã¯ã®ç°åžžãæªæã®ãããããã¯ãŒã¯ ã¢ã¯ãã£ããã£ãæ€åºããããã®ã·ã°ããã£äžèŠã®æ¹æ³ã䜿çšããŠãããããããããæãèå³æ·±ãã¢ãžã¥ãŒã«ã® XNUMX ã€ãšèšããŸãã ãã ãããã㯠IDS/IPS ã·ã¹ãã ã®é¡äŒŒç©ã§ã¯ãããŸããã ã¢ãžã¥ãŒã«ã®æäœã¯ããã®ããã¬ãŒãã³ã°ãããå§ãŸããŸãã ãããè¡ãã«ã¯ãç¹å¥ãªãŠã£ã¶ãŒãã§æ¬¡ã®ãããªãããã¯ãŒã¯ã®ãã¹ãŠã®äž»èŠãªã³ã³ããŒãã³ããšãµãŒãã¹ãæå®ããŸãã
- ã²ãŒããŠã§ã€ ã¢ãã¬ã¹ãDNSãDHCPãããã³ NTP ãµãŒããŒã
- ãŠãŒã¶ãŒã»ã°ã¡ã³ããšãµãŒããŒã»ã°ã¡ã³ãã§ã®ã¢ãã¬ã¹æå®ã
ãã®åŸãã·ã¹ãã ã¯ãã¬ãŒãã³ã° ã¢ãŒãã«å ¥ããå¹³åã㊠2 é±éãã 1 ãæç¶ããŸãã ãã®éãã·ã¹ãã ã¯ãããã¯ãŒã¯ã«åºæã®ããŒã¹ã©ã€ã³ ãã©ãã£ãã¯ãçæããŸãã ç°¡åã«èšãã°ãã·ã¹ãã ã¯æ¬¡ã®ããšãåŠç¿ããŸãã
- ãããã¯ãŒã¯ããŒãã®å žåçãªåäœã¯äœã§ãã?
- éåžžã©ã®ãããã®ããŒã¿éã転éããããããã¯ãŒã¯ã«ãšã£ãŠã¯æ£åžžã§ãã?
- ãŠãŒã¶ãŒã®éåžžã®æäœæéã¯ã©ããããã§ãã?
- ãããã¯ãŒã¯äžã§ã©ã®ãããªã¢ããªã±ãŒã·ã§ã³ãå®è¡ãããŸãã?
- ãªã©ãªã©ã
ãã®çµæããããã¯ãŒã¯å ã®ç°åžžãå žåçãªåäœããã®éžè±ãç¹å®ããããŒã«ãåŸãããŸãã ã·ã¹ãã ã§æ€åºã§ããäŸãããã€ã瀺ããŸãã
- ãŠã€ã«ã¹å¯Ÿçã·ã°ããã£ã«ãã£ãŠæ€åºãããªãæ°ãããã«ãŠã§ã¢ããããã¯ãŒã¯äžã«é åžãããã
- DNSãICMPããŸãã¯ãã®ä»ã®ãã³ãã«ãæ§ç¯ãããã¡ã€ã¢ãŠã©ãŒã«ããã€ãã¹ããŠããŒã¿ãéä¿¡ããŸãã
- DHCP ãµãŒããŒã DNS ãµãŒããŒãè£ ã£ãæ°ããã³ã³ãã¥ãŒã¿ããããã¯ãŒã¯äžã«åºçŸããããšã
ã©ã€ãã§ã©ããªæãã«ãªãã®ãèŠãŠã¿ãŸãããã ã·ã¹ãã ããã¬ãŒãã³ã°ããããããã¯ãŒã¯ ãã©ãã£ãã¯ã®ããŒã¹ã©ã€ã³ãæ§ç¯ããããšãã€ã³ã·ãã³ãã®æ€åºãéå§ãããŸãã
ã¢ãžã¥ãŒã«ã®ã¡ã€ã³ ããŒãžã¯ãç¹å®ãããã€ã³ã·ãã³ãã衚瀺ããã¿ã€ã ã©ã€ã³ã§ãã ãã®äŸã§ã¯ãçŽ 9 ïœ 16 æéã®éã«æ確ãªã¹ãã€ã¯ãèŠãããŸãã ãããéžæããŠããã«è©³ããèŠãŠã¿ãŸãããã
ãããã¯ãŒã¯äžã§ã®æ»æè ã®ç°åžžãªåäœãã¯ã£ãããšããããŸãã ãã¹ãŠã¯ãã¢ãã¬ã¹ 192.168.3.225 ã®ãã¹ããããŒã 3389 (Microsoft RDP ãµãŒãã¹) ã§ãããã¯ãŒã¯ã®æ°Žå¹³ã¹ãã£ã³ãéå§ãã14 人ã®æœåšçãªã被害è ããçºèŠãããšããäºå®ããå§ãŸããŸãã
О
次ã®èšé²ãããã€ã³ã·ãã³ã - ãã¹ã 192.168.3.225 ã¯ã以åã«ç¹å®ãããã¢ãã¬ã¹ã«ãã RDP ãµãŒãã¹ (ããŒã 3389) ã§ãã¹ã¯ãŒãããã«ãŒã ãã©ãŒã¹æ»æãããã«ãŒã ãã©ãŒã¹æ»æãéå§ããŸãã
æ»æã®çµæããããã³ã°ããããã¹ãã® XNUMX ã€ã§ SMTP ç°åžžãæ€åºãããŸããã èšãæããã°ãSPAM ãå§ãŸã£ãŠããŸãã
ãã®äŸã¯ãã·ã¹ãã ãç¹ã«ç°åžžæ€åºã»ãã¥ãªã㣠ã¢ãžã¥ãŒã«ã®æ©èœãæ確ã«ç€ºããŠããŸãã æå¹æ§ã¯ãèªèº«ã§ãå€æãã ããã ããã§ããœãªã¥ãŒã·ã§ã³ã®æ©èœã®æŠèŠã¯çµããã§ãã
ãŸãšã
Flowmon ã«ã€ããŠã©ã®ãããªçµè«ãå°ãåºãããããŸãšããŠã¿ãŸãããã
- Flowmon ã¯æ³äººé¡§å®¢åãã®ãã¬ãã¢ã ãœãªã¥ãŒã·ã§ã³ã§ãã
- ãã®å€çšéæ§ãšäºææ§ã®ãããã§ããããã¯ãŒã¯æ©åš (CiscoãJuniperãHPEãHuawei...) ãŸãã¯ç¬èªã®ãããŒã (Flowmon Probe) ãªã©ããããããœãŒã¹ããããŒã¿åéãå¯èœã§ãã
- ãã®ãœãªã¥ãŒã·ã§ã³ã®æ¡åŒµæ§æ©èœã«ãããæ°ããã¢ãžã¥ãŒã«ãè¿œå ããŠã·ã¹ãã ã®æ©èœãæ¡åŒµã§ããã ãã§ãªããã©ã€ã»ã³ã¹ã«å¯Ÿããæè»ãªã¢ãããŒãã«ããçç£æ§ãåäžããŸãã
- ãã®ã·ã¹ãã ã§ã¯ãã·ã°ããã£ããªãŒã®åæãã¯ãããžãŒã䜿çšããããšã§ããŠã€ã«ã¹å¯Ÿçã·ã¹ãã ã IDS/IPS ã·ã¹ãã ãèªèããŠããªããŒããã€æ»æãæ€åºã§ããŸãã
- ãããã¯ãŒã¯äžã®ã·ã¹ãã ã®ã€ã³ã¹ããŒã«ãšååšã«é¢ããå®å šãªãééæ§ãã®ãããã§ããã®ãœãªã¥ãŒã·ã§ã³ã¯ IT ã€ã³ãã©ã¹ãã©ã¯ãã£ã®ä»ã®ããŒããã³ã³ããŒãã³ãã®åäœã«åœ±é¿ãäžããŸããã
- Flowmon ã¯ãæ倧 100 Gbps ã®é床ã§ã®ãã©ãã£ãã¯ç£èŠããµããŒãããåžå Žã§å¯äžã®ãœãªã¥ãŒã·ã§ã³ã§ãã
- Flowmon ã¯ãããããèŠæš¡ã®ãããã¯ãŒã¯ã«å¯Ÿå¿ãããœãªã¥ãŒã·ã§ã³ã§ãã
- åæ§ã®ãœãªã¥ãŒã·ã§ã³ã®äžã§æé«ã®äŸ¡æ Œ/æ©èœæ¯ãå®çŸããŸãã
ãã®ã¬ãã¥ãŒã§ã¯ããœãªã¥ãŒã·ã§ã³ã®å šæ©èœã® 10% æªæºãæ€æ»ããŸããã 次ã®èšäºã§ã¯ãæ®ãã® Flowmon Networks ã¢ãžã¥ãŒã«ã«ã€ããŠèª¬æããŸãã äŸãšããŠã¢ããªã±ãŒã·ã§ã³ ããã©ãŒãã³ã¹ç£èŠã¢ãžã¥ãŒã«ã䜿çšããŠãããžãã¹ ã¢ããªã±ãŒã·ã§ã³ç®¡çè ãç¹å®ã® SLA ã¬ãã«ã§ã®å¯çšæ§ã確ä¿ããã§ããã ãæ©ãåé¡ã蚺æããæ¹æ³ã瀺ããŸãã
ãŸãããã³ã㌠Flowmon Networks ã®ãœãªã¥ãŒã·ã§ã³ã«ç¹åãããŠã§ãã㌠(10.09.2019 幎 XNUMX æ XNUMX æ¥) ã«ããã²ãåå ãã ããã äºåç»é²ããé¡ãããããŸã
ä»åã¯ä»¥äžã§ãããèå³ããæã¡ããã ãããããšãããããŸãã
ç»é²ãŠãŒã¶ãŒã®ã¿ãã¢ã³ã±ãŒãã«åå ã§ããŸãã
ãããã¯ãŒã¯ç£èŠã« Netflow ã䜿çšããŠããŸãã?
-
ã¯ã
-
ããããã§ããã®ã€ããã§ã
-
ããŒ
9 人ã®ãŠãŒã¶ãŒãæ祚ããŸããã 3åã®ãŠãŒã¶ãŒãæ£æš©ããã
åºæïŒ habr.com