Takulandirani kuchikumbutso - phunziro la 10. Ndipo lero tikambirana za tsamba lina la Check Point - Chidziwitso Chodziwika. Poyambirira, pofotokoza NGFW, tidatsimikiza kuti iyenera kuwongolera mwayi wopezeka pamaakaunti, osati ma adilesi a IP. Izi zimachitika makamaka chifukwa cha kuchuluka kwa ogwiritsa ntchito komanso kufalikira kwa mtundu wa BYOD - bweretsani chipangizo chanu. Pakhoza kukhala anthu ambiri m'makampani omwe amalumikizana kudzera pa WiFi, amalandira IP yamphamvu, komanso kuchokera kumagulu osiyanasiyana amtaneti. Yesani kupanga mindandanda yofikira potengera manambala a IP apa. Apa simungathe kuchita popanda chizindikiritso cha ogwiritsa. Ndipo ndi tsamba la Identity Awareness lomwe lingatithandize pankhaniyi.
Koma choyamba, tiyeni tiwone chomwe chizindikiritso cha ogwiritsa ntchito nthawi zambiri chimagwiritsidwa ntchito?
- Kuletsa kugwiritsa ntchito netiweki ndi maakaunti a ogwiritsa ntchito osati ma adilesi a IP. Kufikira kumatha kuwongoleredwa kudzera pa intaneti komanso magawo ena aliwonse amtaneti, mwachitsanzo DMZ.
- Pezani kudzera pa VPN. Vomerezani kuti ndizosavuta kuti wogwiritsa ntchito agwiritse ntchito akaunti yake ya domain kuti avomereze, m'malo mwachinsinsi china chopangidwa.
- Kuti muzitha kuyang'anira Check Point, mumafunikanso akaunti yomwe ingakhale ndi maufulu osiyanasiyana.
- Ndipo gawo labwino kwambiri ndikupereka lipoti. Ndikwabwino kwambiri kuwona ogwiritsa ntchito m'malipoti osati ma adilesi awo a IP.
Nthawi yomweyo, Check Point imathandizira mitundu iwiri yamaakaunti:
- Ogwiritsa Ntchito M'deralo. Wogwiritsa amapangidwa mu database yapafupi ya seva yoyang'anira.
- Ogwiritsa Akunja. Microsoft Active Directory kapena seva ina iliyonse ya LDAP imatha kukhala ngati ogwiritsa ntchito akunja.
Lero tikambirana za kupeza maukonde. Kuwongolera mwayi wamaneti, pamaso pa Active Directory, otchedwa Ntchito Yopeza, yomwe imalola njira zitatu zogwiritsira ntchito:
- Network -ndi. netiweki yomwe wosuta akuyesera kulumikizako
- Ogwiritsa AD kapena Gulu Logwiritsa Ntchito - izi zimakokedwa mwachindunji kuchokera ku seva ya AD
- Machine - malo antchito.
Pankhaniyi, chizindikiritso cha ogwiritsa ntchito chikhoza kuchitidwa m'njira zingapo:
- Mafunso a AD. Check Point amawerenga zipika za seva za AD kwa ogwiritsa ntchito ovomerezeka ndi ma adilesi awo a IP. Makompyuta omwe ali mu AD adadziwika okha.
- Kutsimikizika Motengera Msakatuli. Kuzindikiritsa kudzera pa msakatuli wa wogwiritsa ntchito (Captive Portal kapena Transparent Kerberos). Nthawi zambiri amagwiritsidwa ntchito pazida zomwe sizili mu domain.
- Ma Seva a Terminal. Pachifukwa ichi, chizindikiritso chikuchitika pogwiritsa ntchito wothandizira wapadera (woikidwa pa seva yotsiriza).
Izi ndi zitatu zomwe zimakonda kwambiri, koma pali zina zitatu:
- Ma Identity Agents. Wothandizira wapadera amaikidwa pamakompyuta a ogwiritsa ntchito.
- Identity Collector. Chida chosiyana chomwe chimayikidwa pa Windows Server ndikusonkhanitsa zipika zotsimikizira m'malo mwachipata. M'malo mwake, njira yovomerezeka ya ogwiritsa ntchito ambiri.
- RADIUS Accounting. Chabwino, tikadakhala kuti popanda RADIUS yabwino yakale.
Mu phunziro ili ndikuwonetsa njira yachiwiri - Browser-based. Ndikuganiza kuti chiphunzitso ndi chokwanira, tiyeni tipitilize kuchita.
Vidiyo phunziro
Khalani tcheru kuti mumve zambiri ndikulumikizana nafe π
Source: www.habr.com