1. CheckFlow - kuwunika mwachangu komanso kwaulere kwa kuchuluka kwa magalimoto mkati mwa netiweki pogwiritsa ntchito Flowmon

Takulandirani ku maphunziro athu ang'onoang'ono otsatirawa. Nthawi ino tikambirana za ntchito yathu yatsopano - CheckFlow. Ndi chiyani? M'malo mwake, ili ndi dzina chabe lazamalonda lowunikira kwaulere pamayendedwe amtaneti (zamkati ndi kunja). Kuwunika komweko kumachitika pogwiritsa ntchito chida chodabwitsa ngati Flowmon, yomwe mwamtheradi kampani iliyonse ingagwiritse ntchito, kwaulere, kwa masiku 30. Koma, ndikukutsimikizirani kuti pambuyo pa maola oyambirira oyesedwa, mudzayamba kulandira zambiri zamtengo wapatali za intaneti yanu. Komanso, chidziwitso ichi adzakhala ofunika monga kwa oyang'anira maukonde, ndi kwa alonda. Chabwino, tiyeni tikambirane za chidziwitso ichi ndi phindu lake (Pamapeto pa nkhaniyi, mwachizolowezi, pali phunziro la kanema).

Apa, tiyeni tipatuke pang'ono. Ndikutsimikiza kuti anthu ambiri tsopano akuganiza kuti: "Kodi izi zikusiyana bwanji ndi Chongani Point Security CheckUP? Olembetsa athu mwina amadziwa kuti izi ndi chiyani (tinachita khama kwambiri pa izi) :) Osathamangira kutsimikizira, pamene phunziro likupita zonse zidzafika.

Zomwe woyang'anira netiweki angayang'ane pogwiritsa ntchito kafukufukuyu:

• Network traffic analytics - momwe mayendedwe amanyamulidwa, ndi ma protocol ati omwe amagwiritsidwa ntchito, omwe ma seva kapena ogwiritsa ntchito amadya kuchuluka kwa magalimoto.
• Kuchedwa kwa maukonde ndi kutayika - nthawi yanthawi yoyankhira ntchito zanu, kupezeka kwa zotayika pamayendedwe anu onse (kutha kupeza cholepheretsa).
• Kusanthula kwamayendedwe a ogwiritsa ntchito - kusanthula kwathunthu kwa kuchuluka kwa ogwiritsa ntchito. Kuchuluka kwa magalimoto, ntchito zomwe zimagwiritsidwa ntchito, zovuta pogwira ntchito ndi makampani.
• Kuwunika momwe ntchito ikuyendera - Kuzindikira zomwe zimayambitsa zovuta pakugwiritsa ntchito ntchito zamakampani (kuchedwa kwa ma netiweki, nthawi yoyankha ntchito, nkhokwe, kugwiritsa ntchito).
• Kuwunika kwa SLA - imadzizindikira yokha ndikuwonetsa kuchedwa ndi kutayika kwakukulu mukamagwiritsa ntchito mapulogalamu anu apaintaneti potengera kuchuluka kwa anthu.
• Sakani zolakwika za netiweki - DNS/DHCP spoofing, malupu, ma seva abodza a DHCP, magalimoto owopsa a DNS/SMTP ndi zina zambiri.
• Mavuto ndi kasinthidwe - Kuzindikira kwa ogwiritsa ntchito osaloledwa kapena ma seva, zomwe zingasonyeze masinthidwe olakwika a ma switch kapena ma firewall.
• Lipoti lathunthu - lipoti latsatanetsatane la momwe zida zanu za IT zimakhalira, zomwe zimakupatsani mwayi wokonzekera ntchito kapena kugula zida zowonjezera.

Zomwe katswiri wodziwa chitetezo angayang'ane:

• Viral ntchito - imazindikira kuchuluka kwa ma virus mkati mwamaneti, kuphatikiza pulogalamu yaumbanda yosadziwika (0-day) kutengera kusanthula kwamakhalidwe.
• Kugawa kwa ransomware - Kutha kuzindikira ransomware, ngakhale itafalikira pakati pa makompyuta oyandikana nawo osasiya gawo lake.
• Zochita Zachilendo - kuchuluka kwa anthu ogwiritsa ntchito, ma seva, mapulogalamu, ICMP/DNS tunneling. Kuzindikira ziwopsezo zenizeni kapena zomwe zingatheke.
• Kuukira kwa maukonde - kuyang'ana padoko, kuwukira kwankhanza, DoS, DDoS, kutsekereza magalimoto (MITM).
• Kutaya kwa data yamakampani - kuzindikira kutsitsa kwachilendo (kapena kukweza) kwa data yamakampani kuchokera kumaseva afayilo akampani.
• Zida zosaloledwa - kuzindikira kwa zida zosavomerezeka zolumikizidwa ndi netiweki yamakampani (kudziwitsa wopanga ndi makina ogwiritsira ntchito).
• Mapulogalamu osafunika - kugwiritsa ntchito mapulogalamu oletsedwa pa intaneti (Bittorent, TeamViewer, VPN, Anonymizers, etc.).
• Cryptominers ndi Botnets - kuyang'ana maukonde a zida zomwe zili ndi kachilombo zolumikizana ndi ma seva odziwika a C&C.

Lipoti

Kutengera ndi zotsatira zowunikira, mudzatha kuwona zowerengera zonse pa Flowmon dashboards kapena malipoti a PDF. M'munsimu muli zitsanzo.

General traffic analytics

Dashboard mwamakonda

Zochita Zachilendo

Zida zodziwika

Chiwembu choyezera

Nkhani #1 - ofesi imodzi

Chofunikira ndichakuti mutha kusanthula zonse zakunja ndi zamkati zomwe sizimawunikidwa ndi zida zoteteza ma network (NGFW, IPS, DPI, etc.).

Nkhani #2 - maofesi angapo

Kanema phunziro

Chidule

CheckFlow audit ndi mwayi wabwino kwambiri kwa oyang'anira IT/IS:

1. Dziwani zovuta zomwe zikuchitika komanso zomwe zingachitike muukadaulo wanu wa IT;
2. Dziwani zovuta zokhudzana ndi chitetezo chazidziwitso komanso magwiridwe antchito achitetezo omwe alipo;
3. Dziwani vuto lalikulu pakugwiritsa ntchito ntchito zamabizinesi (gawo la network, gawo la seva, mapulogalamu) ndi omwe ali ndi udindo wowathetsa;
4. Kuchepetsa kwambiri nthawi yothetsa mavuto muzinthu za IT;
5. Sonyezani kufunikira kokulitsa mayendedwe, kuchuluka kwa seva kapena kugula kwina kwa zida zodzitetezera.

Ndikupangiranso kuwerenga nkhani yathu yapitayi - 9 zovuta zapaintaneti zomwe zimatha kudziwika pogwiritsa ntchito kusanthula kwa NetFlow (pogwiritsa ntchito Flowmon mwachitsanzo).
Ngati muli ndi chidwi ndi mutuwu, khalani maso (uthengawo, Facebook, VK, TS Solution Blog, Yandex.Zen).

Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. Lowani muakauntichonde.

Kodi mumagwiritsa ntchito zowunikira za NetFlow/sFlow/jFlow/IPFIX?

• 55,6%Yes5

• 11,1%Ayi, koma ndikukonzekera kugwiritsa ntchito1

• 33,3%No3

Ogwiritsa 9 adavota. Wogwiritsa m'modzi adasala.

Source: www.habr.com