4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Takulandirani ku nkhani yachinayi muzotsatira za Check Point SandBlast Agent Management Platform solution. M'nkhani zam'mbuyomu (Choyamba, chachiwiri, lachitatu) tinalongosola mwatsatanetsatane mawonekedwe ndi mphamvu za web management console, ndipo tinayang'ananso ndondomeko ya Kupewa Zoopsa ndikuyiyesa kuti tithane ndi zoopsa zosiyanasiyana. Nkhaniyi ikuperekedwa ku gawo lachiwiri la chitetezo - ndondomeko ya Chitetezo cha Data, yomwe ili ndi udindo woteteza deta yosungidwa pamakina ogwiritsira ntchito. Komanso m'nkhaniyi tiwona magawo a Deployment and Global Policy Settings.

Mfundo Yoteteza Data

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Ndondomeko ya Chitetezo cha Deta imakulolani kuti muchepetse mwayi wopeza deta yosungidwa pa workstation kwa ogwiritsa ntchito ovomerezeka pogwiritsa ntchito Full Disk Encryption ndi Boot Protection. Zosankha zotsatirazi zosungira ma disk encryption zikuthandizidwa pakadali pano: Windows β€” Chongani Kubisa kwa Point kapena Kubisa kwa BitLocker, kwa macOS β€” File Vault. Tiyeni tiwone bwino mawonekedwe ndi makonda a njira iliyonse.

Chongani Point Encryption

Check Point Encryption ndi njira yosinthira disk mu mfundo ya Chitetezo cha Data ndipo imapereka kubisa kwamafayilo onse (akanthawi, kachitidwe, akutali) kumbuyo osakhudza magwiridwe antchito a makina ogwiritsa ntchito. Pambuyo pa kubisa, disk imakhala yosafikirika kwa ogwiritsa ntchito osaloledwa.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Chikhazikitso chachikulu cha Check Point Encryption ndi "Yambitsani Pre-boot", zomwe zimapangitsa kuti kufunikira kwa ogwiritsa ntchito kutsimikizidwe asanayambike. Njirayi ikulimbikitsidwa kuti igwiritsidwe ntchito, chifukwa imalepheretsa mwayi wogwiritsa ntchito zida zolambalalitsa zotsimikizira pamlingo wa opaleshoni. Ndikothekanso kukhazikitsa magawo osakhalitsa a ntchito ya Pre-boot:

  • Lolani kulowa mu OS pakadutsa kwakanthawi - kulepheretsa ntchito ya Pre-boot ndikusintha kuti itsimikizidwe mu opareshoni;

  • Lolani kuti mudutse (Wake On LAN - WOL) - kuletsa ntchito yoyambira pa kompyuta yolumikizidwa ndi seva yoyang'anira kudzera pa Ethernet;

  • Lolani malemba olambalala - imakulolani kuti mukonzekere kudutsa kwa Pre-boot ntchito, kusonyeza nthawi ndi tsiku lomwe script inayamba kuthamanga ndi magawo a mapeto a Pre-boot bypass;

  • Lolani LAN kudutsa - zimitsani ntchito yoyambira pomwe mukulumikizana ndi netiweki yakomweko.

Zomwe zili pamwambazi zomwe zili pamwambazi za Pre-boot sizikulimbikitsidwa pokhapokha pali chifukwa chodziwikiratu (mwachitsanzo, kukonza kapena kuthetsa mavuto), ndipo njira yabwino yothetsera chitetezo ndikuthandizira Pre-boot popanda kufotokoza malamulo odutsa osakhalitsa. Ngati kuli kofunikira kuti mulambalale Pre-boot, tikulimbikitsidwa kuti muyike nthawi yocheperako pamagawo osakhalitsa kuti musachepetse chitetezo kwa nthawi yayitali.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Komanso, mukamagwiritsa ntchito Check Point Encryption, n'zotheka kukonza zoikamo zapamwamba za mfundo za Chitetezo cha Deta, mwachitsanzo, kusintha kosavuta kwa magawo a encryption, kukonza mbali zosiyanasiyana za ntchito ya Pre-boot ndi kutsimikizira Windows.

BitLocker Encryption

BitLocker ndi gawo la makina ogwiritsira ntchito. Windows ndipo imakulolani kubisa ma hard drive ndi media zochotseka. Check Point BitLocker Management ndi gawo la mautumikiwa Windows, imagwira ntchito yokha ndi kasitomala wa SandBlast Agent ndipo imagwiritsa ntchito API kuti iyang'anire ukadaulo wa BitLocker.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Mukasankha BitLocker Encryption ngati njira yosungitsira pagalimoto mu mfundo ya Chitetezo cha Data, mutha kukonza zotsatirazi:

  • Kubisa Koyamba β€” makonda oyamba a encryption amakulolani kubisa diski yonse (Encrypt diski yonse), yomwe ikulimbikitsidwa pamakina omwe ali ndi deta ya ogwiritsa ntchito yomwe ilipo (mafayilo, zikalata, ndi zina zotero), kapena kubisa deta yokha (Encrypt malo ogwiritsidwa ntchito a disk okha), yomwe ikulimbikitsidwa pamakina atsopano. Windows;

  • Amayendetsa ku encrypt - Kusankhidwa kwa ma disks / magawo a encryption, kumakupatsani mwayi wobisa ma drive onse (Ma drive onse) kapena magawo okhawo omwe ali ndi opaleshoni (OS drive yokha);

  • Kusintha kwachinsinsi β€” kusankha njira yobisa, njira yomwe ikulangizidwa ndi Windows Poyambira, muthanso kusankha XTS-AES-128 kapena XTS-AES-256.

Fayilo ya Vault

File Vault ndi chida chodziwika bwino cha Apple chobisa ndipo chimawonetsetsa kuti ogwiritsa ntchito ovomerezeka okha ndi omwe amatha kugwiritsa ntchito makompyuta. Ndi File Vault yoyikidwa, wogwiritsa ntchito ayenera kuyika mawu achinsinsi kuti ayambe dongosolo ndikupeza mafayilo osungidwa. Kugwiritsa ntchito File Vault ndiyo njira yokhayo yowonetsetsera kutetezedwa kwa data yosungidwa mu mfundo ya Chitetezo cha Data kwa ogwiritsa ntchito makina a MacOS.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Kwa File Vault, makonda a "Yambitsani kupezeka kwa ogwiritsa ntchito okha" akupezeka, omwe amafunikira chilolezo cha ogwiritsa ntchito isanayambe kubisa kwa disk. Ngati izi zayatsidwa, ndizotheka kufotokoza chiwerengero cha ogwiritsa ntchito omwe ayenera kulowa mumsasa wa SandBlast Agent asanagwiritse ntchito mawonekedwe a Pre-boot, kapena tchulani chiwerengero cha masiku omwe mawonekedwe a Pre-boot adzakhazikitsidwa okha kwa onse ovomerezeka. ngati panthawiyi munthu mmodzi walowa mudongosolo.

Kuchira kwa data

Ngati muli ndi mavuto booting wanu dongosolo, mungagwiritse ntchito zosiyanasiyana deta kuchira njira. Woyang'anira atha kuyambitsa ndondomeko yobwezeretsa deta yosungidwa kuchokera ku Computer Management β†’ Full Dick Encryption Actions gawo. Ngati mugwiritsa ntchito Check Point Encryption, mutha kutsitsa disk yomwe idasungidwa kale ndikupeza mafayilo onse osungidwa. Pambuyo pa njirayi, muyenera kuyambitsanso ndondomeko yachinsinsi ya disk kuti ndondomeko ya Chitetezo cha Data igwire ntchito.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Mukasankha BitLocker ngati njira yosungira disk kuti mubwezeretse deta, muyenera kuyika ID ya Recovery Key pakompyuta yavuto kuti mupange Key Recovery, yomwe iyenera kulowetsedwa ndi wogwiritsa ntchito kuti apeze disk yosungidwa.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Kwa ogwiritsa ntchito a MacOS omwe amagwiritsa ntchito File Vault kuti ateteze zidziwitso zosungidwa, njira yobwezeretsa imaphatikizapo woyang'anira kupanga Chinsinsi Chobwezeretsa kutengera Nambala ya Seri yamakina ovuta ndikulowetsa fungulo ili, ndikutsata ndikukhazikitsanso mawu achinsinsi.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Deployment Policy

Kuyambira kumasulidwa nkhani yachiwiri, yomwe inakambirana za mawonekedwe a web management console, Check Point inatha kusintha zina mu gawo la Deployment - tsopano ili ndi kachigawo kakang'ono. Kutumiza Mapulogalamu, momwe kasinthidwe (zothandizira / zolepheretsa) zimapangidwira othandizira omwe adayikidwa kale, ndi kachigawo kakang'ono Phukusi Lotumiza kunja, momwe mungapangire mapaketi okhala ndi masamba oyikiratu kuti muyikenso pamakina ogwiritsa ntchito, mwachitsanzo, pogwiritsa ntchito mfundo za gulu la Active Directory. Tiyeni tiwone gawo la Software Deployment, lomwe limaphatikizapo masamba onse a SandBlast Agent.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Ndiroleni ndikukumbutseni kuti ndondomeko ya Deployment yokhazikika imangophatikiza masamba omwe ali mugulu la Threat Prevention. Poganizira mfundo yomwe idakambidwa kale ya Chitetezo cha Data, tsopano mutha kuloleza gululi kuti liyike ndikugwira ntchito pamakina a kasitomala ndi SandBlast Agent. Ndizomveka kuphatikiza ntchito ya Remote Access VPN, yomwe idzalola wogwiritsa ntchito kugwirizanitsa, mwachitsanzo, ku intaneti yamagulu a bungwe, komanso gulu la Access and Compliance, lomwe limaphatikizapo ntchito za Firewall & Application Control ndikuyang'ana makina ogwiritsira ntchito. kuti zitsatire ndondomeko ya Compliance.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Phukusi Lotumiza kunja
4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Gawo la Export Packages ndi losavuta kugwiritsa ntchito: kuti mupange phukusi lokonzekera, muyenera kufotokoza dzina lake, sankhani makina ogwiritsira ntchito (a Windows (Onaninso kuya kwa bit) ndi mtundu wa wothandizira, kenako sankhani mfundo zachitetezo zomwe zili mu phukusi. Muthanso kusankha gulu la pa intaneti lomwe lidzaphatikizapo makompyuta omwe ali ndi phukusi lomwe layikidwa, ndikusankha VPN Site yokhala ndi adilesi yolumikizira yodziwikiratu komanso magawo otsimikizira (Masamba a VPN amakonzedwa mu Export Packages β†’ Manage VPN Sites). Njira yomalizayi ndi yabwino kwambiri, chifukwa imachotsa kuthekera kwa cholakwika cha wogwiritsa ntchito pokonza magawo olumikizirana a VPN.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Zokonda pa Global Policy

Mu Global Policy Settings, imodzi mwazofunikira kwambiri imakonzedwa - mawu achinsinsi ochotsera SandBlast Agent kuchokera pamakina ogwiritsira ntchito. Wothandizirayo atayikidwa, wogwiritsa ntchito sangathe kuchotsa popanda kulowa mawu achinsinsi, omwe mwachisawawa ndi "chinsinsi"(popanda mawu). Komabe, mawu achinsinsiwa ndi osavuta kupeza m'malo otseguka, ndipo mukamagwiritsa ntchito yankho la SandBlast Agent, tikulimbikitsidwa kuti musinthe mawu achinsinsi kuti muchotse wothandizirayo. Mu Management Platform, yokhala ndi mawu achinsinsi, ndondomeko ikhoza kukhazikitsidwa nthawi za 5, kotero kusintha mawu achinsinsi kuti muchotse nkosapeweka.
Kuphatikiza apo, Global Policy Settings imakonza magawo a data omwe angatumizedwe ku Check Point kuti awunike ndikuwongolera magwiridwe antchito a ThreatCloud.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Kuchokera ku Zikhazikiko za Global Policy mutha kusinthanso magawo ena achinsinsi a disk encryption, zomwe ndi zofunika zachinsinsi: zovuta, nthawi yogwiritsa ntchito, kuthekera kogwiritsa ntchito mawu achinsinsi omwe kale anali ovomerezeka, ndi zina zambiri. Mugawoli, mutha kukweza zithunzi zanu m'malo mwazomwe zili mu Pre-boot kapena OneCheck.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Kukhazikitsa ndondomeko

Podziwa luso la ndondomeko ya Chitetezo cha Data ndikukonzekera zoikidwiratu zoyenera mu gawo la Deployment, mukhoza kuyamba kukhazikitsa ndondomeko yatsopano yomwe imaphatikizapo kubisa kwa disk pogwiritsa ntchito Check Point Encryption ndi masamba ena a SandBlast Agent. Pambuyo poika ndondomeko mu Management Platform, kasitomala adzalandira uthenga wowapempha kuti akhazikitse ndondomeko yatsopanoyi tsopano kapena akonzenso kukhazikitsa nthawi ina (masiku apamwamba a 2).

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Pambuyo potsitsa ndi kukhazikitsa ndondomeko yatsopano, SandBlast Agent idzalimbikitsa wogwiritsa ntchito kuyambitsanso kompyuta kuti athe kuteteza Full Disk Encryption.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Pambuyo poyambiranso, wogwiritsa ntchito adzafunika kuyika zikalata zake mu zenera lotsimikizira la Check Point Endpoint Security. Zenera ili lidzawonekera nthawi iliyonse makina ogwiritsira ntchito asanayambe (Pre-boot). N'zotheka kusankha njira ya Single Sign-On (SSO) kuti mugwiritse ntchito zikalatazo zokha potsimikizira. Windows.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Ngati kutsimikizika kukuyenda bwino, wogwiritsa ntchitoyo amapeza mwayi wogwiritsa ntchito makina ake, ndipo kuseri kwa ma disk encryption process imayamba. Opaleshoniyi siyimakhudza magwiridwe antchito a makina mwanjira iliyonse, ngakhale imatha kukhala kwa nthawi yayitali (malingana ndi kuchuluka kwa malo a disk). Ntchito ya encryption ikatha, titha kutsimikizira kuti masamba onse ali ndi mphamvu ndikugwira ntchito, galimotoyo imasungidwa, ndipo makina a wogwiritsa ntchito ndi otetezeka.

4. Yang'anani Point SandBlast Agent Management Platform. Mfundo Yoteteza Data. Zokonda pa Deployment and Global Policy

Pomaliza

Tiyeni tifotokoze mwachidule: m'nkhaniyi tidawona kuthekera kwa SandBlast Agent kuteteza zidziwitso zosungidwa pamakina a ogwiritsa ntchito pogwiritsa ntchito kubisa kwa disk mu mfundo ya Chitetezo cha Data, tidaphunzira zoikamo zogawira mfundo ndi othandizira kudzera mu gawo la Deployment ndikuyika ndondomeko yatsopano ndi disk. malamulo encryption ndi masamba owonjezera pa makina wosuta. M'nkhani yotsatirayi, tiwona mwatsatanetsatane momwe mungadulire mitengo ndi kupereka malipoti mu Management Platform ndi kasitomala wa SandBlast Agent.

Zosankha zazikulu pa Check Point kuchokera ku TS Solution. Kuti musaphonye zofalitsa zotsatirazi pamutu wa SandBlast Agent Management Platform, tsatirani zosintha pamasamba athu ochezera (uthengawo, Facebook, VK, TS Solution Blog, Yandex.Zen).

Source: www.habr.com

Gulani kuchititsa kodalirika kwamasamba okhala ndi chitetezo cha DDoS, ma seva a VPS VDS Gulani malo odalirika osungira mawebusayiti okhala ndi chitetezo cha DDoS, ma seva a VPS VDS | ProHoster