ããã«ã¡ã¯ãååã§ãïŒ StealthWatch ãå°å
¥ããããã®æå°èŠä»¶ã決å®ããŸããã
1. StealthWatch ã®å°å ¥æ¹æ³
StealthWatch ã«ã觊ãããæ¹æ³ã¯ããã€ããããŸãã
ã¯ã©ãŠã â ç 究宀äœæ¥çšã®ã¯ã©ãŠã ãµãŒãã¹ã- ã¯ã©ãŠãããŒã¹:
Stealthwatch ã¯ã©ãŠãã®ç¡æãã©ã€ã¢ã« â ããã§ãããã€ã¹ããã® Netflow ãã¯ã©ãŠãã«æµãããã㧠StealthWatch ãœãããŠã§ã¢ã«ãã£ãŠåæãããŸãã - ãªã³ãã¬ãã¹ã® POV (
GVEãªã¯ãšã¹ã ) â ç§ãåŸã£ãæ¹æ³ã§ã¯ã4 æ¥éã©ã€ã»ã³ã¹ãçµã¿èŸŒãŸããä»®æ³ãã·ã³ã® 90 ã€ã® OVF ãã¡ã€ã«ãéä¿¡ãããäŒæ¥ãããã¯ãŒã¯äžã®å°çšãµãŒããŒã«ãããã€ã§ããŸãã
ããŠã³ããŒããããä»®æ³ãã·ã³ãè±å¯ã§ããã«ãããããããæå°éã®åäœæ§æã«ã¯ãStealthWatch 管çã³ã³ãœãŒã«ãš FlowCollector ã® 2 ã€ã ãã§ååã§ãã ãã ããNetflow ã FlowCollector ã«ãšã¯ã¹ããŒãã§ãããããã¯ãŒã¯ ããã€ã¹ããªãå Žåã¯ãFlowSensor ãå°å
¥ããããšãå¿
èŠã§ããããã¯ãFlowSensor ã䜿çšãããšãSPAN/RSPAN ãã¯ãããžãŒã䜿çšã㊠Netflow ãåéã§ããããã§ãã
åã«è¿°ã¹ãããã«ãStealthWatch ãå¿ èŠãšããã®ã¯ãã©ãã£ãã¯ã®ã³ããŒãããæ£ç¢ºã«ã¯ãã©ãã£ãã¯ã®ã³ããŒã®çµã蟌ã¿ã ãã§ãããããå®éã®ãããã¯ãŒã¯ã¯å®éšå°ãšããŠæ©èœããŸãã äžã®å³ã¯ç§ã®ãããã¯ãŒã¯ã瀺ããŠããŸããã»ãã¥ãªã㣠ã²ãŒããŠã§ã€äžã§ Netflow ãšã¯ã¹ããŒã¿ãŒãæ§æãããã®çµæãšã㊠Netflow ãã³ã¬ã¯ã¿ãŒã«éä¿¡ããŸãã
å°æ¥ã® VM ã«ã¢ã¯ã»ã¹ããã«ã¯ããã¡ã€ã¢ãŠã©ãŒã«ãããå Žåã¯ã次ã®ããŒããèš±å¯ããå¿
èŠããããŸãã
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514 l UDP 2055 l UDP 6343
ãããã®äžã«ã¯ãããç¥ããããµãŒãã¹ãããã°ãCisco ãµãŒãã¹çšã«äºçŽãããŠãããã®ããããŸãã
ç§ã®å ŽåãStelathWatch ã Check Point ãšåããããã¯ãŒã¯äžã«å±éããã ãã§ãæš©éã«ãŒã«ãæ§æããå¿
èŠã¯ãããŸããã§ããã
2. VMware vSphere ãäŸãšããŠäœ¿çšãã FlowCollector ã®ã€ã³ã¹ããŒã«
2.1. ãåç §ããã¯ãªãã¯ããŠãOVF file1 ãéžæããŸãã ãªãœãŒã¹ã®å¯çšæ§ã確èªããåŸãã¡ãã¥ãŒã® [衚瀺]ã[ã€ã³ãã³ããª] â [ãããã¯ãŒã¯] (Ctrl+Shift+N) ã«ç§»åããŸãã
2.2. [ãããã¯ãŒã¯] ã¿ãã®ä»®æ³ã¹ã€ããèšå®ã§ [æ°ããåæ£ããŒã ã°ã«ãŒã] ãéžæããŸãã
2.3. ååãèšå®ããStealthWatchPortGroup ã«ããŸããæ®ãã®èšå®ã¯ã¹ã¯ãªãŒã³ã·ã§ããã®ããã«è¡ã£ãŠãã次ãžããã¯ãªãã¯ããŸãã
2.4. [å®äº] ãã¿ã³ãã¯ãªãã¯ããŠããŒã ã°ã«ãŒãã®äœæãå®äºããŸãã
2.5. äœæããããŒãã°ã«ãŒããå³ã¯ãªãã¯ãã[èšå®ã®ç·šé]ãéžæããŠãããŒãã°ã«ãŒãã®èšå®ãç·šéããŸãããã [ã»ãã¥ãªãã£] ã¿ãã§ãå¿
ãããããã¹ãã£ã¹ ã¢ãŒãããæå¹ã«ããŠãã ãã (ãããã¹ãã£ã¹ ã¢ãŒã â åæãã â OK)ã
2.6. äŸãšããŠãGVE ãªã¯ãšã¹ãåŸã« Cisco ãšã³ãžãã¢ã«ãã£ãŠéä¿¡ãããããŠã³ããŒã ãªã³ã¯ã§ãã OVF FlowCollector ãã€ã³ããŒãããŠã¿ãŸãããã VM ããããã€ããäºå®ã®ãã¹ããå³ã¯ãªãã¯ãã[OVF ãã³ãã¬ãŒãã®ãããã€] ãéžæããŸãã å²ãåœãŠãããã¹ããŒã¹ã«é¢ããŠã¯ã50 GB ã§ãèµ·åãããŸãããæŠéç¶æ³ã§ã¯ 200 GB ãå²ãåœãŠãããšããå§ãããŸãã
2.7. OVF ãã¡ã€ã«ãååšãããã©ã«ããŒãéžæããŸãã
2.8. ã次ãžããã¯ãªãã¯ããŸãã
2.9. ãããã€å
ã®ååãšãµãŒããŒã瀺ããŸãã
2.10. ãã®çµæã次ã®ç»åã衚瀺ãããã®ã§ããå®äºããã¯ãªãã¯ããŸãã
2.11ã åãæé ã«åŸã£ãŠãStealthWatch 管çã³ã³ãœãŒã«ãå±éããŸãã
2.12. 次ã«ãFlowCollector ã SMC ãš Netflow ã®ãšã¯ã¹ããŒãå
ã®ããã€ã¹ã®äž¡æ¹ãèªèã§ããããã«ãã€ã³ã¿ãŒãã§ã€ã¹ã§å¿
èŠãªãããã¯ãŒã¯ãæå®ããå¿
èŠããããŸãã
3. StealthWatch管çã³ã³ãœãŒã«ã®åæå
3.1. ã€ã³ã¹ããŒã«ããã SMCVE ãã·ã³ã®ã³ã³ãœãŒã«ã«ç§»åãããšãããã©ã«ãã§ãã°ã€ã³ãšãã¹ã¯ãŒããå ¥åããå Žæã衚瀺ãããŸãã ã·ã¹ãã 管çè /lan1cope.
3.2. ã管çãé
ç®ã«ç§»åããIP ã¢ãã¬ã¹ãšãã®ä»ã®ãããã¯ãŒã¯ãã©ã¡ãŒã¿ãèšå®ãããããã®å€æŽã確èªããŸãã ããã€ã¹ãåèµ·åããŸãã
3.3. Web ã€ã³ã¿ãŒãã§ã€ã¹ã«ç§»åã (SMC ã§æå®ããã¢ãã¬ã¹ãžã® https çµç±)ãã³ã³ãœãŒã«ãåæåããŸã (ããã©ã«ãã®ãã°ã€ã³/ãã¹ã¯ãŒã)ã 管çè
/lan411cope.
PS: Google Chrome ã§éããªãå ŽåããããŸãããExplorer ãåžžã«åœ¹ã«ç«ã¡ãŸãã
3.4. ãã¹ã¯ãŒãã®å€æŽãDNSãNTPãµãŒããŒããã¡ã€ã³ãªã©ã®èšå®ã¯å¿
ãè¡ã£ãŠãã ããã èšå®ã¯çŽæçã«è¡ããŸãã
3.5. ãé©çšããã¿ã³ãã¯ãªãã¯ãããšãããã€ã¹ãå床åèµ·åããŸãã 5 ïœ 7 ååŸããã®ã¢ãã¬ã¹ã«å床æ¥ç¶ã§ããããã«ãªããŸãã StealthWatch 㯠Web ã€ã³ã¿ãŒãã§ã€ã¹çµç±ã§ç®¡çãããŸãã
4. FlowCollectorã®ã»ããã¢ãã
4.1. ã³ã¬ã¯ã¿ãŒãåæ§ã§ãã ãŸããCLI 㧠IP ã¢ãã¬ã¹ããã¹ã¯ããã¡ã€ã³ãæå®ããFC ãåèµ·åããŸãã ãã®åŸãæå®ããã¢ãã¬ã¹ã§ Web ã€ã³ã¿ãŒãã§ã€ã¹ã«æ¥ç¶ããåãåºæ¬ã»ããã¢ãããå®è¡ã§ããŸãã èšå®å 容ã䌌ãŠããããã詳现ãªã¹ã¯ãªãŒã³ã·ã§ããã¯çç¥ããŸãã è³æ Œ å ¥ã åã.
4.2. æåŸãã XNUMX çªç®ã®ãã€ã³ãã§ãSMC ã® IP ã¢ãã¬ã¹ãèšå®ããå¿
èŠããããŸãããã®å Žåãã³ã³ãœãŒã«ã«ããã€ã¹ã衚瀺ãããè³æ Œæ
å ±ãå
¥åããŠãã®èšå®ã確èªããå¿
èŠããããŸãã
4.3. åã«èšå®ãã StealthWatch ã®ãã¡ã€ã³ãšããŒããéžæããŸã 2055 â éåžžã® NetflowãsFlow ã䜿çšããŠããå ŽåãããŒã 6343.
5. Netflow ãšã¯ã¹ããŒã¿ãŒã®æ§æ
5.1. Netflow ãšã¯ã¹ããŒã¿ãèšå®ããã«ã¯ãããã䜿çšããããšã匷ããå§ãããŸãã
5.2. ç§ãã¡ã®å Žåãç¹°ãè¿ããŸãããCheck Point ã²ãŒããŠã§ã€ãã Netflow ããšã¯ã¹ããŒãããŠããŸãã Netflow ãšã¯ã¹ããŒã¿ã¯ãWeb ã€ã³ã¿ãŒãã§ã€ã¹ (Gaia Portal) ã®åãååã®ã¿ãã§èšå®ãããŸãã ãããè¡ãã«ã¯ããè¿œå ããã¯ãªãã¯ããNetflow ããŒãžã§ã³ãšå¿ èŠãªããŒããæå®ããŸãã
6. StealthWatchåäœã®åæ
6.1. SMC Web ã€ã³ã¿ãŒãã§ã€ã¹ã«ç§»åãã[ããã·ã¥ããŒã] > [ãããã¯ãŒã¯ ã»ãã¥ãªãã£] ã®æåã®ããŒãžã§ããã©ãã£ãã¯ãéå§ãããŠããããšãããããŸãã
6.2. äžéšã®èšå®ïŒãã¹ãã®ã°ã«ãŒããžã®åå²ãåã
ã®ã€ã³ã¿ãŒãã§ã€ã¹ãšãã®è² è·ã®ç£èŠãã³ã¬ã¯ã¿ãŒã®ç®¡çãªã©ïŒã¯ãStealthWatch Java ã¢ããªã±ãŒã·ã§ã³ã§ã®ã¿èŠã€ããããšãã§ããŸãã ãã¡ãããã·ã¹ã³ã¯ãã¹ãŠã®æ©èœããã©ãŠã¶ ããŒãžã§ã³ã«åŸã
ã«ç§»è¡ããŠããããã®ãããªãã¹ã¯ããã ã¯ã©ã€ã¢ã³ãã¯éããªãå»æ¢ãããäºå®ã§ãã
ã¢ããªã±ãŒã·ã§ã³ãã€ã³ã¹ããŒã«ããã«ã¯ããŸãã€ã³ã¹ããŒã«ããå¿
èŠããããŸã
ããŠã³ããŒãããã«ã¯ã管çã³ã³ãœãŒã«ã® Web ã€ã³ã¿ãŒãã§ãŒã¹ã®å³äžé ã«ããããã¹ã¯ããã ã¯ã©ã€ã¢ã³ãããã¿ã³ãã¯ãªãã¯ããå¿ èŠããããŸãã
ã¯ã©ã€ã¢ã³ãã匷å¶çã«ä¿åããŠã€ã³ã¹ããŒã«ãããšãJava ããããæªçšããå¯èœæ§ãé«ãããã¹ãã Java äŸå€ã«è¿œå ããå¿
èŠãããå ŽåããããŸãã
ãã®çµæãããªãæ確ãªã¯ã©ã€ã¢ã³ããæããã«ãªãããšã¯ã¹ããŒã¿ãã€ã³ã¿ãŒãã§ã€ã¹ãæ»æãããã³ãããã®ãããŒã®èªã¿èŸŒã¿ãç°¡åã«ç¢ºèªã§ããŸãã
7. StealthWatch ã®äžå 管ç
7.1. [Central Management] ã¿ãã«ã¯ãFlowCollectorãFlowSensorãUDP-DirectorãEndpoint Concetrator ãªã©ãå±éããã StealthWatch ã®äžéšã§ãããã¹ãŠã®ããã€ã¹ãå«ãŸããŠããŸãã ããã§ã¯ããããã¯ãŒã¯èšå®ãããã€ã¹ ãµãŒãã¹ãã©ã€ã»ã³ã¹ã管çããããã€ã¹ãæåã§ãªãã«ããããšãã§ããŸãã
å³äžé ã«ãããæ¯è»ããã¯ãªãã¯ãã[éäžç®¡ç] ãéžæãããšãããã«ã¢ã¯ã»ã¹ã§ããŸãã
7.2. FlowCollector 㧠[ã¢ãã©ã€ã¢ã³ã¹æ§æã®ç·šé] ã«ç§»åãããšãã¢ããªèªäœã«é¢é£ãã SSHãNTPãããã³ãã®ä»ã®ãããã¯ãŒã¯èšå®ã衚瀺ãããŸãã 次ã«ãå¿
èŠãªããã€ã¹ã®ãã¢ã¯ã·ã§ã³ãâãã¢ãã©ã€ã¢ã³ã¹æ§æã®ç·šéããéžæããŸãã
7.3. ã©ã€ã»ã³ã¹ç®¡çã¯ã[éäžç®¡ç] > [ã©ã€ã»ã³ã¹ã®ç®¡ç] ã¿ãã«ããããŸãã GVE ãªã¯ãšã¹ãã®å Žåã®è©Šçšã©ã€ã»ã³ã¹ã¯ã 90æ¥.
補åã®æºåã¯å®äºã§ãã 次ã®ããŒãã§ã¯ãStealthWatch ãã©ã®ããã«æ»æãèªèããã¬ããŒããçæã§ããããèŠãŠãããŸãã
åºæïŒ habr.com