Moni! Takulandirani ku phunziro lachisanu ndi chimodzi la maphunzirowa . pa tadziwa zoyambira zogwirira ntchito ndiukadaulo wa NAT , ndikutulutsanso wogwiritsa ntchito mayeso pa intaneti. Tsopano ndi nthawi yosamalira chitetezo cha wogwiritsa ntchito m'malo ake otseguka. Mu phunziro ili tiwona mbiri yachitetezo: Kusefa pa Webusayiti, Kuwongolera Ntchito, ndi kuyendera kwa HTTPS.
Kuti tiyambe ndi mbiri yachitetezo, tiyenera kumvetsetsa chinthu chimodzi: njira zoyendera.
Chokhazikika ndi Flow Based mode. Imayang'ana mafayilo akamadutsa FortiGate popanda kusungitsa. Paketi ikafika, imakonzedwa ndikutumizidwa, osadikirira kuti fayilo yonse kapena tsamba lawebusayiti lilandire. Imafunikira zinthu zochepa ndipo imapereka magwiridwe antchito abwino kuposa Proxy mode, koma nthawi yomweyo, sizinthu zonse zachitetezo zomwe zimapezeka mmenemo. Mwachitsanzo, Data Leak Prevention (DLP) itha kugwiritsidwa ntchito mu Proxy mode.
Proxy mode imagwira ntchito mosiyana. Imapanga maulumikizidwe awiri a TCP, imodzi pakati pa kasitomala ndi FortiGate, yachiwiri pakati pa FortiGate ndi seva. Izi zimathandiza kuti muchepetse kuchuluka kwa magalimoto, mwachitsanzo, kulandira fayilo yathunthu kapena tsamba lawebusayiti. Kusanthula mafayilo pazowopseza zosiyanasiyana kumayamba pokhapokha fayilo yonse itasungidwa. Izi zimakupatsani mwayi wogwiritsa ntchito zina zomwe sizipezeka mu Flow based mode. Monga mukuwonera, mawonekedwe awa akuwoneka kuti ndi osiyana ndi Flow Based - chitetezo chimagwira ntchito yayikulu pano, ndipo magwiridwe antchito amatenga mpando wakumbuyo.
Anthu nthawi zambiri amafunsa: ndi njira iti yomwe ili bwino? Koma palibe maphikidwe ambiri apa. Chilichonse nthawi zonse chimakhala payekha ndipo zimadalira zosowa zanu ndi zolinga zanu. Pambuyo pa maphunzirowa ndiyesera kusonyeza kusiyana pakati pa mbiri ya chitetezo mu Flow ndi Proxy modes. Izi zidzakuthandizani kufananiza magwiridwe antchito ndikusankha zomwe zili zabwino kwa inu.
Tiyeni tipite molunjika ku mbiri yachitetezo ndikuyang'ana kaye Zosefera pa Webusaiti. Zimathandizira kuyang'anira kapena kutsata mawebusayiti omwe amayendera. Ndikuganiza kuti palibe chifukwa chopitira mozama kufotokozera kufunika kwa mbiri yotereyi muzochitika zamakono. Tiyeni timvetse bwino momwe zimagwirira ntchito.
Kulumikizana kwa TCP kukakhazikitsidwa, wogwiritsa ntchito amagwiritsa ntchito pempho la GET kuti afunse zomwe zili patsamba linalake.
Ngati seva yapaintaneti iyankha bwino, imatumizanso zambiri za tsambalo. Apa ndipamene zosefera zapaintaneti zimayamba kusewera. Imatsimikizira zomwe zili mu yankho ili.Panthawi yotsimikizira, FortiGate imatumiza pempho lanthawi yeniyeni ku FortiGuard Distribution Network (FDN) kuti mudziwe gulu lawebusayiti yomwe yaperekedwa. Pambuyo pozindikira gulu latsamba linalake, fyuluta yapaintaneti, kutengera zoikamo, imachitapo kanthu.
Pali zochita zitatu zomwe zikupezeka mu Flow mode:
- Lolani - lolani kulowa patsamba
- Block - letsani kulowa patsamba
- Monitor - lolani mwayi wopezeka pa webusayiti ndikuyijambulitsa muzolemba
Mu Proxy mode, zochita zina ziwiri zimawonjezedwa:
- Chenjezo - perekani chenjezo kwa wogwiritsa ntchito kuti akuyesera kuyendera chinthu china ndikupatsa wogwiritsa ntchito kusankha - pitilizani kapena kusiya webusayiti.
- Tsimikizirani - Funsani zidziwitso za ogwiritsa - izi zimalola magulu ena kuti azitha kupeza mawebusayiti omwe alibe malire.
Pamalo mutha kuwona magulu onse ndi magawo ang'onoang'ono a fyuluta yapaintaneti, ndikupezanso kuti tsamba lawebusayiti liti. Ndipo kawirikawiri, iyi ndi tsamba labwino kwambiri kwa ogwiritsa ntchito mayankho a Fortinet, ndikukulangizani kuti mudziwe bwino mu nthawi yanu yaulere.
Pali zochepa zomwe tinganene za Application Control. Monga momwe dzinalo likusonyezera, limakupatsani mwayi wowongolera magwiridwe antchito. Ndipo amachita izi pogwiritsa ntchito machitidwe osiyanasiyana, otchedwa siginecha. Pogwiritsa ntchito siginecha izi, amatha kuzindikira ntchito inayake ndikuigwiritsa ntchito:
- Lolani - kulola
- Monitor - lolani ndikulemba izi
- Block - kuletsa
- Kukhala kwaokha - lembani chochitika muzopika ndikuletsa adilesi ya IP kwakanthawi
Mutha kuwonanso masiginecha omwe alipo pawebusayiti .
Tsopano tiyeni tiwone momwe HTTPS imayendera. Malinga ndi ziwerengero kumapeto kwa 2018, gawo la magalimoto a HTTPS lidaposa 70%. Ndiye kuti, popanda kugwiritsa ntchito kuyendera kwa HTTPS, titha kusanthula pafupifupi 30% ya magalimoto omwe amadutsa pa intaneti. Choyamba, tiyeni tiwone momwe HTTPS imagwirira ntchito mongoyerekeza.
Wothandizira amayambitsa pempho la TLS ku seva yapaintaneti ndipo amalandira yankho la TLS, komanso amawona satifiketi ya digito yomwe iyenera kudaliridwa kwa wogwiritsa ntchitoyo. Izi ndiye zochepa zomwe tiyenera kudziwa momwe HTTPS imagwirira ntchito; kwenikweni, momwe imagwirira ntchito ndizovuta kwambiri. Pambuyo pogwirana chanza bwino ndi TLS, kusamutsa deta yobisika kumayamba. Ndipo izi ndi zabwino. Palibe amene angapeze deta yomwe mumasinthanitsa ndi seva yapaintaneti.
Komabe, kwa oyang'anira chitetezo cha kampani iyi ndi mutu weniweni, chifukwa sangathe kuwona kuchuluka kwa magalimotowa ndikuwunika zomwe zili mkati mwake ndi antivayirasi, kapena njira yoletsa kulowerera, kapena machitidwe a DLP, kapena chilichonse. Izi zimasokonezanso mtundu wa matanthauzidwe a mapulogalamu ndi zida zapaintaneti zomwe zimagwiritsidwa ntchito pa netiweki - ndendende zomwe zikugwirizana ndi mutu wa phunziro lathu. Tekinoloje yowunikira HTTPS idapangidwa kuti ithetse vutoli. Chofunikira chake ndi chosavuta - kwenikweni, chipangizo chomwe chimayang'anira HTTPS chimakonzekera kuukira kwa Man In The Middle. Zikuwoneka ngati izi: FortiGate imasokoneza pempho la wogwiritsa ntchito, ikukonzekera kulumikizana kwa HTTPS nayo, kenako imatsegula gawo la HTTPS ndi zomwe wogwiritsa ntchito adapeza. Pamenepa, satifiketi yoperekedwa ndi FortiGate idzawoneka pakompyuta ya wogwiritsa ntchito. Iyenera kudaliridwa kuti msakatuli alole kulumikizana.
M'malo mwake, kuyang'ana kwa HTTPS ndichinthu chovuta kwambiri ndipo chili ndi malire ambiri, koma sitingaganizire izi m'maphunzirowa. Ndingowonjezera kuti kukhazikitsa kuyendera kwa HTTPS si nkhani ya mphindi; nthawi zambiri zimatenga mwezi umodzi. Ndikofunikira kusonkhanitsa zambiri zokhudzana ndi zofunikira, kupanga zosintha zoyenera, kusonkhanitsa mayankho kuchokera kwa ogwiritsa ntchito, ndikusintha zosintha.
Lingaliro loperekedwa, komanso gawo lothandizira, likufotokozedwa mu phunziro ili lavidiyo:
Mu phunziro lotsatira tiwona mbiri zina zachitetezo: antivayirasi ndi njira yopewera kulowerera. Kuti musaphonye, ββtsatirani zosintha pamayendedwe otsatirawa:
Source: www.habr.com