ããªãã®äŒç€Ÿããæ³åŸã«åŸã£ãŠä¿è·ãããå人ããŒã¿ããã®ä»ã®æ©å¯æ
å ±ããããã¯ãŒã¯çµç±ã§éåä¿¡ããå ŽåãGOST æå·åã䜿çšããå¿
èŠããããŸãã ä»æ¥ã¯ã顧客㮠XNUMX ã€ã§ S-Terra æå·åã²ãŒããŠã§ã€ (CS) ã«åºã¥ããŠãã®ãããªæå·åãã©ã®ããã«å®è£
ãããã«ã€ããŠèª¬æããŸãã ãã®è©±ã¯ãæ
å ±ã»ãã¥ãªãã£ã®å°é家ã ãã§ãªãããšã³ãžãã¢ããã¶ã€ããŒã建ç¯å®¶ã«ãšã£ãŠãèå³æ·±ããã®ãšãªãã§ãããã ãã®æçš¿ã§ã¯ãæè¡çãªæ§æã®åŸ®åŠãªéãã«ã¯æ·±ãç«ã¡å
¥ããŸãããåºæ¬çãªã»ããã¢ããã®éèŠãªãã€ã³ãã«ã€ããŠèª¬æããŸãã S-Terra ã®ããŒã¹ãšãªã Linux ããŒã¢ã³ã®ã»ããã¢ããã«é¢ããèšå€§ãªéã®ããã¥ã¡ã³ãã¯ãã€ã³ã¿ãŒãããäžã§ç¡æã§å
¥æã§ããŸãã ç¬èªã® S-Terra ãœãããŠã§ã¢ãæ§æããããã®ããã¥ã¡ã³ããã次ã®å Žæã§å
¬éãããŠããŸãã
ãããžã§ã¯ãã«ã€ããŠäžèš
ã客æ§ã®ãããã¯ãŒã¯ ããããžã¯å žåçãªãã®ã§ãã»ã³ã¿ãŒãšãã©ã³ãã®éã¯ãã« ã¡ãã·ã¥ã§ããã ãã¹ãŠã®ãµã€ãéã®æ å ±äº€æãã£ãã«ã®æå·åãå°å ¥ããå¿ èŠãããããã®ãã¡ 8 åãããŸããã
éåžžããã®ãããªãããžã§ã¯ãã§ã¯ãã¹ãŠãéçã§ãããµã€ãã®ããŒã«ã« ãšãªã¢ ãããã¯ãŒã¯ãžã®éçã«ãŒãã¯ã¯ãªãã ã²ãŒããŠã§ã€ (KSH) ã«èšå®ãããæå·åçšã® IP ã¢ãã¬ã¹ (ACL) ã®ãªã¹ããèŠå®ãããŠããŸãã ãã ãããã®å Žåããµã€ãã«ã¯éäžç®¡çããªããããŒã«ã« ãããã¯ãŒã¯å ã§ããããããšãçºçããå¯èœæ§ããããŸãããããã¯ãŒã¯ã¯ããããæ¹æ³ã§è¿œå ãåé€ãå€æŽãããå¯èœæ§ããããŸãã ãµã€ãã§ããŒã«ã« ãããã¯ãŒã¯ ã¢ãã¬ã¹ãå€æŽãããšãã« KS äžã§ã«ãŒãã£ã³ã°ãš ACL ãåæ§æããããšãåé¿ããããã«ãGRE ãã³ããªã³ã°ãš OSPF åçã«ãŒãã£ã³ã°ã䜿çšããããšã決å®ãããŸãããããã«ã¯ããµã€ãã®ãã¹ãŠã® KS ãšã»ãšãã©ã®ãããã¯ãŒã¯ ã³ã¢ ã«ãŒã¿ãŒãå«ãŸããŸã (äžéšã®ãµã€ãã§ã¯ãã€ã³ãã©ã¹ãã©ã¯ãã£ç®¡çè ã䜿çšã奜ã)ã³ã¢ ã«ãŒã¿äžã® KSh ãžã® SNAT)ã
GRE ãã³ããªã³ã°ã«ããã次㮠XNUMX ã€ã®åé¡ã解決ãããŸããã
1. KSh ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã® IP ã¢ãã¬ã¹ãæå·åããããã« ACL ã§äœ¿çšããŸããä»ã®ãµã€ãã«éä¿¡ããããã¹ãŠã®ãã©ãã£ãã¯ãã«ãã»ã«åãããŸãã
2. KS éã® ptp ãã³ãã«ãç·šæããŸããããã«ãããåçã«ãŒãã£ã³ã°ãæ§æã§ããããã«ãªããŸã (ãã®äŸã§ã¯ããããã€ã㌠MPLS L3VPN ããµã€ãéã§ç·šæãããŠããŸã)ã
ã¯ã©ã€ã¢ã³ãã¯ããµãŒãã¹ãšããŠã®æå·åã®å®è£
ã泚æããŸããã ããããªããšãæå·åã²ãŒããŠã§ã€ãä¿å®ããããäœããã®çµç¹ã«å§èšãããããã ãã§ãªããæå·å蚌ææžã®ã©ã€ããµã€ã¯ã«ãç¬èªã«ç£èŠããé©æã«æŽæ°ããæ°ãã蚌ææžãã€ã³ã¹ããŒã«ããå¿
èŠããããŸãã
ãããŠãå®éã®ã¡ã¢ - äœãã©ã®ããã«èšå®ããã
CII 件åãžã®ã¡ã¢: æå·åã²ãŒããŠã§ã€ã®ã»ããã¢ãã
åºæ¬çãªãããã¯ãŒã¯èšå®
ãŸããæ°ãã KSh ãèµ·åãã管çã³ã³ãœãŒã«ã«ã¢ã¯ã»ã¹ããŸãã ãŸããçµã¿èŸŒã¿ç®¡çè ã®ãã¹ã¯ãŒããå€æŽããå¿ èŠããããŸã - ã³ãã³ã ãŠãŒã¶ãŒã®ãã¹ã¯ãŒããå€æŽãã 管çè ã 次ã«ãåæåæé ïŒã³ãã³ãïŒãå®è¡ããå¿ èŠããããŸãã åæåããŸã) ãã®éã«ã©ã€ã»ã³ã¹ ããŒã¿ãå ¥åãããä¹±æ°çºçåš (RNG) ãåæåãããŸãã
泚æïŒ S-Terra KSh ã®åæåæã«ãSecurity Gateway ã®ã€ã³ã¿ãŒãã§ãŒã¹ããã±ãããééãããªãã»ãã¥ãªã㣠ããªã·ãŒãèšå®ãããŸãã ç¬èªã®ããªã·ãŒãäœæãããã次ã®ã³ãã³ãã䜿çšããå¿
èŠããããŸãã csconf_mgr ãå®è¡ããŠã¢ã¯ãã£ãåããŸã ããªã€ã³ã¹ããŒã«ãããå¯å®¹ããªã·ãŒãã¢ã¯ãã£ãã«ããŸãã
次ã«ãå€éšã€ã³ã¿ãŒãã§ã€ã¹ãšå
éšã€ã³ã¿ãŒãã§ã€ã¹ã®ã¢ãã¬ã¹æå®ãšãããã©ã«ã ã«ãŒããæ§æããå¿
èŠããããŸãã KSh ãããã¯ãŒã¯æ§æãšæå·åèšå®ã¯ãCisco ã®ãããªã³ã³ãœãŒã«ã䜿çšããŠæäœããããšããå§ãããŸãã ãã®ã³ã³ãœãŒã«ã¯ãCisco IOS ã³ãã³ããšåæ§ã®ã³ãã³ããå
¥åããããã®ãã®ã§ãã Cisco ã®ãããªã³ã³ãœãŒã«ã䜿çšããŠçæãããèšå®ã¯ãOS ããŒã¢ã³ãåäœããé©åãªèšå®ãã¡ã€ã«ã«å€æãããŸãã 次ã®ã³ãã³ãã䜿çšããŠã管çã³ã³ãœãŒã«ãã Cisco ã®ãããªã³ã³ãœãŒã«ã«ç§»åã§ããŸãã configure.
çµã¿èŸŒã¿ãŠãŒã¶ãŒ cscons ã®ãã¹ã¯ãŒããå€æŽãã以äžãæå¹ã«ããŸãã
>æå¹ã«ãã
ãã¹ã¯ãŒã: csp(ããªã»ãã)
#configureterminal
#username csconsprivilege 15 secret 0 #enable secret 0 åºæ¬çãªãããã¯ãŒã¯æ§æãã»ããã¢ããããŸãã
#ã€ã³ã¿ãŒãã§ã€ã¹ã®ã¬ãããã€ãŒãµããã0/0
#IPã¢ãã¬ã¹ 10.111.21.3 255.255.255.0
#ã·ã£ããããŠã³ãªã
#ã€ã³ã¿ãŒãã§ã€ã¹ã®ã¬ãããã€ãŒãµããã0/1
#IPã¢ãã¬ã¹ 192.168.2.5 255.255.255.252
#ã·ã£ããããŠã³ãªã
#ip ã«ãŒã 0.0.0.0 0.0.0.0 10.111.21.254
GRE
Cisco ã®ãããªã³ã³ãœãŒã«ãçµäºãã次ã®ã³ãã³ãã䜿çšã㊠debian ã·ã§ã«ã«ç§»åããŸãã ãã ãŠãŒã¶ãŒã«ç¬èªã®ãã¹ã¯ãŒããèšå®ãã ã«ãŒã ããŒã passwd.
å KSh ã§ã¯ããµã€ãããšã«å¥åã®ãã³ãã«ãæ§æãããŸãã ãã³ãã«ã€ã³ã¿ãŒãã§ã€ã¹ã¯ãã¡ã€ã«ã§èšå®ãããŸã / etc / network / interfacesã iproute2 ããªã€ã³ã¹ããŒã« ã»ããã«å«ãŸãã IP ãã³ãã« ãŠãŒãã£ãªãã£ã¯ãã€ã³ã¿ãŒãã§ã€ã¹èªäœã®äœæãæ
åœããŸãã ã€ã³ã¿ãŒãã§ãŒã¹äœæã³ãã³ãã¯pre-upãªãã·ã§ã³ã«èšè¿°ãããŸãã
äžè¬çãªãã³ãã« ã€ã³ã¿ãŒãã§ã€ã¹ã®èšå®äŸ:
ãªãŒããµã€ã1
iface site1 inet éç
ã¢ãã¬ã¹192.168.1.4
ããã255.255.255.254
ãã¬ã¢ãã IP ãã³ãã«è¿œå site1 ã¢ãŒã gre ããŒã«ã« 10.111.21.3 ãªã¢ãŒã 10.111.22.3 ã㌠hfLYEg^vCh6p
泚æïŒ ãã³ãã«ã€ã³ã¿ãŒãã§ãŒã¹ã®èšå®ã¯ã»ã¯ã·ã§ã³ã®å€åŽã«é 眮ããå¿ èŠãããããšã«æ³šæããŠãã ããã
###netifcfg-begin###
*****
###netifcfg-end###
ããããªããšãCisco ã®ãããªã³ã³ãœãŒã«ãéããŠç©çã€ã³ã¿ãŒãã§ã€ã¹ã®ãããã¯ãŒã¯èšå®ãå€æŽãããšãã«ããããã®èšå®ãäžæžããããŸãã
åçã«ãŒãã£ã³ã°
S-Terra ã§ã¯ãåçã«ãŒãã£ã³ã°ã¯ Quagga ãœãããŠã§ã¢ ããã±ãŒãžã䜿çšããŠå®è£
ãããŸãã OSPFãæ§æããã«ã¯ãããŒã¢ã³ãæå¹ã«ããŠæ§æããå¿
èŠããããŸã ã·ããŠã О ospfdã zebra ããŒã¢ã³ã¯ãã«ãŒãã£ã³ã° ããŒã¢ã³ãš OS ã®éã®å¯Ÿè©±ãæ
åœããŸãã ospfd ããŒã¢ã³ã¯ãååã瀺ãããã«ãOSPF ãããã³ã«ã®å®è£
ãæ
åœããŸãã
OSPF ã¯ãããŒã¢ã³ ã³ã³ãœãŒã«ãéããŠããŸãã¯æ§æãã¡ã€ã«ãéããŠçŽæ¥æ§æãããŸãã /etc/quagga/ospfd.confã åçã«ãŒãã£ã³ã°ã«åå ããŠãããã¹ãŠã®ç©çã€ã³ã¿ãŒãã§ã€ã¹ãšãã³ãã« ã€ã³ã¿ãŒãã§ã€ã¹ããã¡ã€ã«ã«è¿œå ãããã¢ããã¿ã€ãºãããŠã¢ããŠã³ã¹ãåä¿¡ãããããã¯ãŒã¯ã宣èšãããŸãã
è¿œå ããæ§æäŸ ospfd.conf:
ã€ã³ã¿ãŒãã§ã€ã¹ eth0
!
ã€ã³ã¿ãŒãã§ã€ã¹ eth1
!
ã€ã³ã¿ãŒãã§ãŒã¹ãµã€ã1
!
ã€ã³ã¿ãŒãã§ãŒã¹ãµã€ã2
ã«ãŒã¿ãŒospf
ospf ã«ãŒã¿ãŒ ID 192.168.2.21
ãããã¯ãŒã¯ 192.168.1.4/31 ãšãªã¢ 0.0.0.0
ãããã¯ãŒã¯ 192.168.1.16/31 ãšãªã¢ 0.0.0.0
ãããã¯ãŒã¯ 192.168.2.4/30 ãšãªã¢ 0.0.0.0
ãã®å Žåãã¢ãã¬ã¹ 192.168.1.x/31 ã¯ãµã€ãéã®ãã³ãã« PTP ãããã¯ãŒã¯çšã«äºçŽãããã¢ãã¬ã¹ 192.168.2.x/30 㯠KSh ãšã³ã¢ ã«ãŒã¿ãŒéã®äžç¶ãããã¯ãŒã¯çšã«äºçŽãããŸãã
泚æïŒ å€§èŠæš¡ãªã€ã³ã¹ããŒã«ã§ã«ãŒãã£ã³ã° ããŒãã«ãåæžããã«ã¯ã次ã®æ§æã䜿çšããŠãã©ã³ãžãã ãããã¯ãŒã¯èªäœã®ã¢ããŠã³ã¹ã¡ã³ãããã£ã«ã¿ãªã³ã°ã§ããŸãã åé åžãæ¥ç¶ãããŠããŸãã ãŸã㯠æ¥ç¶ãããã«ãŒãããããåé åžããŸã.
ããŒã¢ã³ãæ§æããåŸãããŒã¢ã³ã®èµ·åã¹ããŒã¿ã¹ã次ã®ããã«å€æŽããå¿ èŠããããŸãã /etc/quagga/ããŒã¢ã³ã ãªãã·ã§ã³ã§ ã·ããŠã О ospfd ãã¯ããã«å€æŽã¯ãããŸããã quagga ããŒã¢ã³ãèµ·åããKSh ãã³ãã³ãã§èµ·åãããšãã«èªåèµ·åããããã«èšå®ããŸãã update-rc.d quagga-enable.
GRE ãã³ãã«ãš OSPF ãæ£ããèšå®ãããŠããå Žåãä»ã®ãµã€ãã®ãããã¯ãŒã¯å ã®ã«ãŒãã KSh ããã³ã³ã¢ ã«ãŒã¿ãŒã«è¡šç€ºããããããããŒã«ã« ãããã¯ãŒã¯éã®ãããã¯ãŒã¯æ¥ç¶ã確ç«ãããŸãã
éä¿¡ãã©ãã£ãã¯ãæå·åããŸã
ãã§ã«è¿°ã¹ãããã«ããµã€ãéãæå·åããå Žåãéåžžããã©ãã£ãã¯ãæå·åãã IP ã¢ãã¬ã¹ã®ç¯å² (ACL) ãæå®ããŸããéä¿¡å ã¢ãã¬ã¹ãšå®å ã¢ãã¬ã¹ããããã®ç¯å²ã«è©²åœããå Žåããããã®éã®ãã©ãã£ãã¯ã¯æå·åãããŸãã ãã ãããã®ãããžã§ã¯ãã®æ§é ã¯åçã§ãããã¢ãã¬ã¹ã¯å€æŽãããå¯èœæ§ããããŸãã ãã§ã« GRE ãã³ããªã³ã°ãèšå®ããŠããããããã©ãã£ãã¯æå·åã®éä¿¡å ããã³å®å ã¢ãã¬ã¹ãšããŠå€éš KSh ã¢ãã¬ã¹ãæå®ã§ããŸããçµå±ã®ãšãããGRE ãããã³ã«ã«ãã£ãŠãã§ã«ã«ãã»ã«åããããã©ãã£ãã¯ãæå·åãããŸãã èšãæããã°ããããµã€ãã®ããŒã«ã« ãããã¯ãŒã¯ãã KSh ã«å ¥ããã¹ãŠã®ãã®ã¯ãä»ã®ãµã€ãã«ãã£ãŠçºè¡šããããããã¯ãŒã¯ã®æ¹åã§æå·åãããŸãã ãŸããåãµã€ãå ã§ã¯ãã§ã«ãªãã€ã¬ã¯ããå®è¡ã§ããŸãã ãããã£ãŠãããŒã«ã« ãããã¯ãŒã¯ã«å€æŽããã£ãå Žåã管çè ã¯èªåã®ãããã¯ãŒã¯ãã KSh ã«éä¿¡ãããã¢ããŠã³ã¹ãå€æŽããã ãã§ååã§ãããä»ã®ãµã€ãã§ããã®ã¢ããŠã³ã¹ãå©çšã§ããããã«ãªããŸãã
S-Terra KSh ã®æå·å㯠IPSec ãããã³ã«ã䜿çšããŠå®è¡ãããŸãã GOST R 34.12-2015 ã«æºæ ãã Grasshopper ã¢ã«ãŽãªãºã ã䜿çšããŠãããå€ãããŒãžã§ã³ãšã®äºææ§ã®ããã« GOST 28147-89 ã䜿çšã§ããŸãã æè¡çã«ã¯ãèªèšŒã¯äºåå ±æã㌠(PSK) ãšèšŒææžã®äž¡æ¹ã§å®è¡ã§ããŸãã ããã«ãããããããç£æ¥äžã®éçšã§ã¯ãGOST R 34.10-2012 ã«åŸã£ãŠçºè¡ããã蚌ææžã䜿çšããå¿ èŠããããŸãã
蚌ææžãã³ã³ãããCRL ã®æäœã¯ããŠãŒãã£ãªãã£ã䜿çšããŠå®è¡ãããŸãã 蚌ææžãããŒãžã£ãŒã ãŸããã³ãã³ã㧠cert_mgr äœæ ç§å¯ã㌠ã³ã³ãããŒãšèšŒææžèŠæ±ãçæããå¿ èŠãããããããã¯èšŒææžç®¡çã»ã³ã¿ãŒã«éä¿¡ãããŸãã 蚌ææžãåä¿¡ããããCA ã«ãŒã蚌ææžããã³ CRL (䜿çšãããŠããå Žå) ãšãšãã«ã次ã®ã³ãã³ãã䜿çšããŠã€ã³ããŒãããå¿ èŠããããŸãã cert_mgr ã€ã³ããŒãã 次ã®ã³ãã³ãã䜿çšããŠããã¹ãŠã®èšŒææžãš CRL ãã€ã³ã¹ããŒã«ãããŠããããšã確èªã§ããŸãã cert_mgr ã·ã§ãŒ.
蚌ææžãæ£åžžã«ã€ã³ã¹ããŒã«ãããããCisco ã®ãããªã³ã³ãœãŒã«ã«ç§»åã㊠IPSec ãèšå®ããŸãã
äœæãããã»ãã¥ã¢ ãã£ãã«ã®å¿
èŠãªã¢ã«ãŽãªãºã ãšãã©ã¡ãŒã¿ãæå®ãã IKE ããªã·ãŒãäœæããŸããããã¯ãããŽã·ãšãŒã·ã§ã³ã®ããã«ããŒãããŒã«æäŸãããŸãã
#crypto isakmp ããªã·ãŒ 1000
#encr gost341215k
#ããã·ã¥ gost341112-512-tc26
#èªèšŒãµã€ã³
#ã°ã«ãŒãvko2
#ç涯3600
ãã®ããªã·ãŒã¯ãIPSec ã®æåã®ãã§ãŒãºãæ§ç¯ãããšãã«é©çšãããŸãã 第 XNUMX ãã§ãŒãºãæ£åžžã«å®äºããçµæãSA (ã»ãã¥ãªã㣠ã¢ãœã·ãšãŒã·ã§ã³) ãèšç«ãããŸããã
次ã«ãæå·åçšã®éä¿¡å
IP ã¢ãã¬ã¹ãšå®å
IP ã¢ãã¬ã¹ïŒACLïŒã®ãªã¹ããå®çŸ©ãããã©ã³ã¹ãã©ãŒã ã»ããã圢æããæå·ãããïŒã¯ãªãã ãããïŒãäœæããŠãããã KSh ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ãã€ã³ãããå¿
èŠããããŸãã
ACL ãèšå®ããŸãã
#ip ã¢ã¯ã»ã¹ãªã¹ãæ¡åŒµãµã€ã 1
#permit gre ãã¹ã 10.111.21.3 ãã¹ã 10.111.22.3
äžé£ã®å€æ (æåã®ãã§ãŒãºãšåæ§ã«ãæš¡å£æ¿å ¥çæã¢ãŒãã䜿çšããŠãGrasshopperãæå·åã¢ã«ãŽãªãºã ã䜿çšããŸã):
#crypto ipsec ãã©ã³ã¹ãã©ãŒã ã»ãã GOST esp-gost341215k-mac
æå·ããããäœæããACLããã©ã³ã¹ãã©ãŒã ã»ãããããã³ã㢠ã¢ãã¬ã¹ãæå®ããŸãã
#crypto ããã ã¡ã€ã³ 100 ipsec-isakmp
#ã¢ãã¬ã¹ãµã€ã1ã«äžèŽ
#set å€æã»ãã GOST
#ãã¢10.111.22.3ãèšå®ããŸã
ã¯ãªãããããã KSh ã®å€éšã€ã³ã¿ãŒãã§ã€ã¹ã«ãã€ã³ãããŸãã
#ã€ã³ã¿ãŒãã§ã€ã¹ã®ã¬ãããã€ãŒãµããã0/0
#IPã¢ãã¬ã¹ 10.111.21.3 255.255.255.0
#ã¯ãªãããããã¡ã€ã³
ä»ã®ãµã€ããšã®ãã£ãã«ãæå·åããã«ã¯ãACL ãšã¯ãªãã ããããäœæããACL åãIP ã¢ãã¬ã¹ãããã³ã¯ãªãã ãããçªå·ãå€æŽããæé ãç¹°ãè¿ãå¿ èŠããããŸãã
泚æïŒ CRL ã«ãã蚌ææžæ€èšŒã䜿çšãããªãå Žåã¯ããããæ瀺çã«æå®ããå¿ èŠããããŸãã
#crypto pki ãã©ã¹ããã€ã³ã s-terra_technological_trustpoint
#倱å¹ãã§ãã¯ãªã
ããã§èšå®ã¯å®äºãããšèããããŸãã Cisco ã®ãããªã³ã³ãœãŒã« ã³ãã³ãã®åºåå æå·å isakmp sa ã衚瀺 О æå·å IPsec SA ã衚瀺 æ§ç¯ããã IPSec ã®ç¬¬ XNUMX ãã§ãŒãºãšç¬¬ XNUMX ãã§ãŒãºãåæ ãããå¿ èŠããããŸãã ã³ãã³ãã䜿çšããŠåãæ å ±ãååŸã§ããŸãã sa_mgr ã·ã§ãŒdebian ã·ã§ã«ããå®è¡ãããŸãã ã³ãã³ãåºåå cert_mgr ã·ã§ãŒ ãªã¢ãŒã ãµã€ãã®èšŒææžã衚瀺ãããã¯ãã§ãã ãã®ãããªèšŒææžã®ã¹ããŒã¿ã¹ã¯æ¬¡ã®ããã«ãªããŸãã ãªã¢ãŒãã ãã³ãã«ãæ§ç¯ãããŠããªãå Žåã¯ããã¡ã€ã«ã«ä¿åãããŠãã VPN ãµãŒãã¹ ãã°ã調ã¹ãå¿ èŠããããŸãã /var/log/cspvpngate.logã ãã° ãã¡ã€ã«ã®å®å šãªãªã¹ããšãã®å 容ã®èª¬æã¯ãããã¥ã¡ã³ãã§åç §ã§ããŸãã
ã·ã¹ãã ã®ãå¥å šæ§ããç£èŠããŸã
S-Terra KSh ã¯ãç£èŠã«æšæºã® snmpd ããŒã¢ã³ã䜿çšããŸãã äžè¬ç㪠Linux ãã©ã¡ãŒã¿ã«å ããŠãS-Terra ã¯ããã«äœ¿çšã§ãããCISCO-IPSEC-FLOW-MONITOR-MIB ã«åŸã£ãŠ IPSec ãã³ãã«ã§ã®ããŒã¿ã®çºè¡ããµããŒãããŸããããã¯ãIPSec ãã³ãã«ã®ã¹ããŒã¿ã¹ãç£èŠããããã«äœ¿çšãããŸãã ãŸããã¹ã¯ãªããã®å®è¡çµæãå€ãšããŠè¿ãã«ã¹ã¿ã OID ã®æ©èœããµããŒãããŸãã ãã®æ©èœã«ããã蚌ææžã®æå¹æéã远跡ã§ããŸãã æžãããã¹ã¯ãªãããã³ãã³ãåºåã解æãã cert_mgr ã·ã§ãŒ ããŒã«ã«èšŒææžãšã«ãŒã蚌ææžã®æå¹æéãåãããŸã§ã®æ¥æ°ãè¿ããŸãã 倧éã®KShãæäžããå Žåã«ã¯ããã®æè¡ã¯äžå¯æ¬ ã§ãã
ãã®ãããªæå·åã®cimusãšã¯äœã§ãã
äžèšã®ãã¹ãŠã®æ©èœã¯ãKSh S-Terra ã«ãã£ãŠãã®ãŸãŸãµããŒããããŠããŸãã ã€ãŸããæå·åã²ãŒããŠã§ã€ã®èªèšŒãæ å ±ã·ã¹ãã å šäœã®èªèšŒã«åœ±é¿ãäžããå¯èœæ§ã®ããè¿œå ã®ã¢ãžã¥ãŒã«ãã€ã³ã¹ããŒã«ããå¿ èŠã¯ãããŸããã§ããã ãµã€ãéã®ãã£ãã«ã¯ãã€ã³ã¿ãŒãããçµç±ã§ãæ§ããŸããã
å éšã€ã³ãã©ã¹ãã©ã¯ãã£ãå€æŽããå Žåãæå·åã²ãŒããŠã§ã€ãåæ§æããå¿ èŠããªããšããäºå®ã«ããã ã·ã¹ãã ã¯ãµãŒãã¹ãšããŠæ©èœããŸãããã¯é¡§å®¢ã«ãšã£ãŠéåžžã«äŸ¿å©ã§ãã顧客ã¯ãµãŒãã¹ (ã¯ã©ã€ã¢ã³ããšãµãŒããŒ) ãä»»æã®ã¢ãã¬ã¹ã«é 眮ã§ãããã¹ãŠã®å€æŽãæå·åè£ çœ®éã§åçã«è»¢éãããŸãã
ãã¡ããããªãŒããŒããã ã³ã¹ã (ãªãŒããŒããã) ãç ç²ã«ããŠæå·åãè¡ããšãããŒã¿è»¢éé床ã«åœ±é¿ããŸããããã£ãã« ã¹ã«ãŒãããã¯æ倧 5 ïœ 10% äœäžããå¯èœæ§ããããã»ãã®ãããã§ãã åæã«ããã®æè¡ã¯ãã¹ããããŠãããããªãäžå®å®ã§åž¯åå¹ ãçãè¡æãã£ãã«ã§ãè¯å¥œãªçµæã瀺ãããŠããŸãã
ã€ãŽãŒã«ã»ãŽã£ããããæ°ããã¹ãã¬ã³ã ã»ãœãŒã©ãŒç€Ÿç¬¬äºç®¡çéšéã®ãšã³ãžãã¢
åºæïŒ habr.com