Check Point. Ndi chiyani, chomwe chimadyedwa ndi chiyani, kapena mwachidule za chinthu chachikulu

Moni, owerenga okondedwa a Habr! Ili ndiye bulogu yamakampani TS Solution. Ndife ophatikiza machitidwe ndipo timakhazikika pazachitetezo cha chitetezo cha IT (Onani Point, Fortinet) ndi makina osanthula deta (Zosakanizika). Tidzayambitsa blog yathu ndikuyambitsa mwachidule matekinoloje a Check Point.

Tinaganiza kwa nthawi yayitali ngati kunali koyenera kulemba nkhaniyi, chifukwa ... palibe chatsopano mmenemo chomwe sichinapezeke pa intaneti. Komabe, ngakhale pali zambiri zambiri, tikamagwira ntchito ndi makasitomala ndi anzathu, timamva mafunso omwewo nthawi zambiri. Chifukwa chake, adaganiza zolembera mtundu wina wakudziwitsa dziko laukadaulo wa Check Point ndikuwulula tanthauzo la kamangidwe ka mayankho awo. Ndipo zonsezi zili mkati mwa positi imodzi "yaing'ono", ulendo wofulumira, titero. Komanso, tidzayesetsa kuti tisalowe mu nkhondo zamalonda, chifukwa ... Sitife ogulitsa, timangogwirizanitsa dongosolo (ngakhale timakonda kwambiri Check Point) ndipo tidzangoyang'ana mfundo zazikulu popanda kuziyerekeza ndi opanga ena (monga Palo Alto, Cisco, Fortinet, etc.). Nkhaniyi idakhala yayitali, koma imayankha mafunso ambiri pamlingo wodziwika ndi Check Point. Ngati mukufuna, talandilidwa kwa mphaka...

UTM/NGFW

Mukayamba kukambirana za Check Point, malo oyamba oti muyambire ndi kufotokozera zomwe UTM ndi NGFW zili komanso momwe zimasiyana. Tidzachita izi mwachidule kwambiri kuti positiyo isakhale yayitali kwambiri (mwinamwake mtsogolomu tikambirana nkhaniyi mwatsatanetsatane)

UTM - Unified Threat Management

Mwachidule, tanthauzo la UTM ndikuphatikiza zida zingapo zachitetezo munjira imodzi. Iwo. chilichonse mubokosi limodzi kapena mtundu wina wa zonse kuphatikiza. Kodi “mankhwala ambiri” amatanthauza chiyani? Njira yodziwika kwambiri ndi: Firewall, IPS, Proxy (URL kusefa), kutsitsa Antivirus, Anti-Spam, VPN ndi zina zotero. Zonsezi zimaphatikizidwa mkati mwa njira imodzi ya UTM, yomwe imakhala yosavuta pokhudzana ndi kugwirizanitsa, kukonza, kuyang'anira ndi kuyang'anira, ndipo izi zimakhala ndi zotsatira zabwino pa chitetezo chonse cha intaneti. Pamene mayankho a UTM adawonekera koyamba, adangoganizira zamakampani ang'onoang'ono, chifukwa ... Ma UTM sakanatha kuthana ndi kuchuluka kwa magalimoto. Izi zinali pazifukwa ziwiri:

1. Packet processing njira. Mitundu yoyamba ya mayankho a UTM idasinthidwa motsatizana, "module" iliyonse. Chitsanzo: choyamba paketi imakonzedwa ndi firewall, kenako IPS, kenako imafufuzidwa ndi Anti-Virus, ndi zina zotero. Mwachilengedwe, makina oterowo adayambitsa kuchedwa kwambiri kwa magalimoto komanso kugwiritsa ntchito zida zamakina (purosesa, kukumbukira).
2. Zida zofooka. Monga tafotokozera pamwambapa, ma paketi otsatizana amawononga kwambiri chuma komanso zida zanthawi imeneyo (1995-2005) sizikanatha kuthana ndi kuchuluka kwa magalimoto.

Koma kupita patsogolo sikuyima. Kuyambira pamenepo, mphamvu ya hardware yawonjezeka kwambiri, ndipo kukonza paketi kwasintha (ziyenera kuvomereza kuti si onse ogulitsa) ndipo anayamba kulola kusanthula pafupifupi panthawi imodzi m'magawo angapo nthawi imodzi (ME, IPS, AntiVirus, etc.). Mayankho amakono a UTM amatha "kugaya" makumi komanso mazana a gigabits mumayendedwe ozama, zomwe zimapangitsa kuti zitheke kuzigwiritsa ntchito pagawo lamalonda akuluakulu kapena malo opangira deta.

Pansipa pali Gartner Magic Quadrant yotchuka ya mayankho a UTM mu Ogasiti 2016:

Sindingayankhe zambiri pa chithunzichi, ndimangonena kuti atsogoleri ali pamwamba kumanja.

NGFW - Next Generation Firewall

Dzina limalankhula lokha - m'badwo wotsatira wa firewall. Lingaliro ili lidawonekera mochedwa kwambiri kuposa UTM. Lingaliro lalikulu la NGFW ndikusanthula kwapaketi kozama (DPI) pogwiritsa ntchito IPS yomangidwa ndikuwongolera pamlingo wogwiritsa ntchito (Kuwongolera Ntchito). Pankhaniyi, IPS ndizomwe zimafunikira kuti muzindikire izi kapena pulogalamuyo mumtsinje wa paketi, womwe umakupatsani mwayi wololeza kapena kukana. Chitsanzo: Titha kulola Skype kugwira ntchito, koma kuletsa kusamutsa mafayilo. Titha kuletsa kugwiritsa ntchito Torrent kapena RDP. Mapulogalamu apaintaneti amathandizidwanso: Mutha kulola kulowa VK.com, koma kuletsa masewera, mauthenga kapena kuwonera makanema. Kwenikweni, mtundu wa NGFW umatengera kuchuluka kwa mapulogalamu omwe angazindikire. Ambiri amakhulupirira kuti kuwonekera kwa lingaliro la NGFW kunali njira yodziwika bwino yotsatsa motsutsana ndi zomwe kampani ya Palo Alto idayamba kukula mwachangu.

Gartner Magic Quadrant ya NGFW ya Meyi 2016:

UTM vs NGFW

Funso lodziwika kwambiri ndilakuti, chabwino ndi chiyani? Palibe yankho lotsimikizika apa ndipo silingakhale. Makamaka poganizira kuti pafupifupi mayankho onse amakono a UTM ali ndi magwiridwe antchito a NGFW ndipo ma NGFW ambiri amakhala ndi ntchito za UTM (Antivirus, VPN, Anti-Bot, etc.). Monga nthawi zonse, "mdierekezi ali mwatsatanetsatane," kotero choyamba muyenera kusankha zomwe mukufuna ndikusankha bajeti yanu. Kutengera zisankhozi, zosankha zingapo zitha kusankhidwa. Ndipo chirichonse chiyenera kuyesedwa momveka bwino, popanda kukhulupirira zipangizo zamalonda.

Ifenso, m'nkhani zingapo, tidzayesa kulankhula za Check Point, momwe mungayesere ndi zomwe, makamaka, mungayesere (pafupifupi ntchito zonse).

Magulu Atatu a Check Point

Mukamagwira ntchito ndi Check Point, mudzakumana ndi zigawo zitatu za mankhwalawa:

1. Chitetezo Chipata (SG) - chipata chachitetezo chokha, chomwe nthawi zambiri chimayikidwa pamaneti ozungulira ndikuchita ntchito zozimitsa moto, kutsitsa antivayirasi, antibot, IPS, ndi zina zambiri.
2. Seva Yoyang'anira Chitetezo (SMS) - seva yoyang'anira zipata. Pafupifupi zosintha zonse pachipata (SG) zimachitika pogwiritsa ntchito seva iyi. SMS imathanso kukhala ngati Log Server ndikuyikonza ndi njira yowunikira zochitika komanso kulumikizana - Smart Event (yofanana ndi SIEM ya Check Point), koma zambiri pambuyo pake. SMS imagwiritsidwa ntchito poyang'anira zipata zingapo (kuchuluka kwa zipata kumadalira mtundu wa SMS kapena layisensi), koma muyenera kuyigwiritsa ntchito ngakhale mutakhala ndi chipata chimodzi chokha. Tiyenera kuzindikira apa kuti Check Point inali imodzi mwa oyamba kugwiritsa ntchito kasamalidwe kameneka kameneka, komwe kwadziwika kuti ndi "golide" malinga ndi malipoti a Gartner kwa zaka zambiri zotsatizana. Palinso nthabwala: "Cisco akadakhala ndi kasamalidwe koyenera, ndiye kuti Check Point sikanawoneka."
3. Smart Console - kasitomala cholumikizira cholumikizira ku seva yoyang'anira (SMS). Amayikidwa pakompyuta ya woyang'anira. Zosintha zonse pa seva yoyang'anira zimapangidwa kudzera mu kontrakitala iyi, ndipo pambuyo pake mutha kugwiritsa ntchito zosintha pazipata zachitetezo (Install Policy).

   

Check Point Operating System

Ponena za kachitidwe ka Check Point, titha kukumbukira atatu nthawi imodzi: IPSO, SPLAT ndi GAIA.

1. IPSO - makina ogwiritsira ntchito a Ipsilon Networks, omwe anali a Nokia. Mu 2009, Check Point idagula bizinesi iyi. Osayambanso.
2. SPLAT - Kukula kwanu kwa Check Point, kutengera kernel ya RedHat. Osayambanso.
3. Gaia - makina ogwiritsira ntchito panopa kuchokera ku Check Point, omwe adawonekera chifukwa cha kuphatikizika kwa IPSO ndi SPLAT, kuphatikizapo zabwino zonse. Idawonekera mu 2012 ndipo ikupitilizabe kukula.

Ponena za Gaia, ziyenera kunenedwa kuti pakali pano mtundu wofala kwambiri ndi R77.30. Posachedwapa, mtundu wa R80 unawonekera, womwe umasiyana kwambiri ndi wam'mbuyomo (zonse za machitidwe ndi kulamulira). Tipereka positi yosiyana pamutu wakusiyana kwawo. Mfundo ina yofunika ndiyakuti pakadali pano mtundu wa R77.10 wokha uli ndi satifiketi ya FSTEC, ndipo mtundu wa R77.30 ukutsimikiziridwa.

Zosankha zophatikizira (Chongani Zida Zamagetsi, Makina Owoneka, OpenServer)

Palibe chodabwitsa apa, monga ogulitsa ambiri, Check Point ili ndi zosankha zingapo:

1. chipangizo chamagetsi - hardware ndi mapulogalamu chipangizo, i.e. "chidutswa chachitsulo" chake. Pali zitsanzo zambiri zomwe zimasiyana muzochita, magwiridwe antchito ndi kapangidwe (pali zosankha zama network amakampani).

   

2. Makina Opanda - Onani makina enieni omwe ali ndi Gaia OS. Hypervisors ESXi, Hyper-V, KVM amathandizidwa. Amaloledwa ndi kuchuluka kwa ma processor cores.
3. OpenServer - kukhazikitsa Gaia molunjika pa seva ngati njira yayikulu yogwiritsira ntchito (yotchedwa "Bare Metal"). Ndi zida zina zokha zomwe zimathandizidwa. Pali malingaliro a hardware awa omwe ayenera kutsatiridwa, apo ayi mavuto ndi madalaivala ndi zipangizo zamakono angabuke. thandizo likhoza kukana kukuthandizani.

Zosankha pakukhazikitsa (Zogawidwa kapena Zoyima)

Pamwamba pang'ono takambirana kale kuti chipata (SG) ndi seva yoyang'anira (SMS) ndi chiyani. Tsopano tiyeni tikambirane njira zimene angagwiritsire ntchito. Pali njira ziwiri zazikulu:

1. Zoyima (SG+SMS) - njira pamene chipata ndi seva yoyang'anira imayikidwa mkati mwa chipangizo chimodzi (kapena makina enieni).

   
   
   Njira iyi ndi yoyenera mukakhala ndi chipata chimodzi chokha chomwe chimadzaza ndi anthu ambiri. Njira iyi ndiyotsika mtengo kwambiri, chifukwa... palibe chifukwa chogula seva yoyang'anira (SMS). Komabe, ngati chipatacho chikulemedwa kwambiri, mutha kukhala ndi dongosolo lowongolera "lochedwa". Choncho, musanasankhe njira ya Standalone, ndi bwino kufunsa kapena kuyesa njira iyi.

2. Zagawidwa - seva yoyang'anira imayikidwa mosiyana ndi chipata.

   
   
   Njira yabwino potengera kumasuka komanso magwiridwe antchito. Amagwiritsidwa ntchito ngati kuli kofunikira kuyang'anira zipata zingapo nthawi imodzi, mwachitsanzo zapakati ndi nthambi. Pachifukwa ichi, muyenera kugula seva yoyang'anira (SMS), yomwe ingakhalenso ngati chipangizo kapena makina enieni.

Monga ndanenera pamwambapa, Check Point ili ndi makina ake a SIEM - Smart Event. Mutha kugwiritsa ntchito pokhapokha ngati Distributed installation.

Njira zogwirira ntchito (Mlatho, Woyenda)
Security Gateway (SG) imatha kugwira ntchito m'njira ziwiri zazikulu:

• Yoyendetsedwa - njira yofala kwambiri. Pachifukwa ichi, chipata chimagwiritsidwa ntchito ngati chipangizo cha L3 ndi njira zodutsamo zokha, i.e. Check Point ndiye chipata chosasinthika cha netiweki yotetezedwa.
• Bridge - transparent mode. Pankhaniyi, chipata chimayikidwa ngati "mlatho" wokhazikika ndikudutsa magalimoto pamtunda wachiwiri (OSI). Njirayi imagwiritsidwa ntchito nthawi zambiri ngati palibe mwayi (kapena chikhumbo) chosintha zomwe zilipo. Simuyenera kusintha ma network ndipo simuyenera kuganiza zosintha ma adilesi a IP.

Ndikufuna kuzindikira kuti mu Bridge mode pali zolephera zina zokhudzana ndi ntchito, kotero ife, monga ophatikiza, timalangiza makasitomala athu onse kuti agwiritse ntchito Routed mode, ndithudi, ngati n'kotheka.

Chongani Point Software Blades

Tatsala pang'ono kufika pamutu wofunikira kwambiri wa Check Point, womwe umadzutsa mafunso ambiri pakati pa makasitomala. Kodi "mapulogalamu" awa ndi chiyani? Mabala amatanthauza ntchito zina za Check Point.

Ntchitozi zitha kuyatsidwa kapena kuzimitsa malinga ndi zosowa zanu. Nthawi yomweyo, pali masamba omwe amayatsidwa pachipata (Network Security) komanso pa seva yoyang'anira. Zithunzi zili m'munsizi zikuwonetsa zitsanzo zazochitika zonsezi:

1) Kwa Network Security (ntchito ya gateway)

Tiyeni tifotokoze mwachidule, chifukwa ... tsamba lililonse liyenera ndi nkhani yakeyake.

• Firewall - ntchito zozimitsa moto;
• IPSec VPN - kumanga maukonde achinsinsi;
• Mobile Access - kupeza kutali ndi mafoni;
• IPS - njira yopewera kulowerera;
• Anti-Bot - chitetezo ku ma network a botnet;
• Antivirus - kutsitsa antivayirasi;
• AntiSpam & Email Security - chitetezo cha imelo yamakampani;
• Chidziwitso Chodziwika - kuphatikiza ndi ntchito ya Active Directory;
• Kuwunika - kuyang'anira pafupifupi magawo onse apakhomo (katundu, bandwidth, mawonekedwe a VPN, ndi zina)
• Ulamuliro wa Ntchito - firewall level application (NGFW magwiridwe antchito);
• Kusefa kwa Ulalo - Chitetezo cha pa intaneti (+ magwiridwe antchito a proxy);
• Kuteteza Kutaya Kwa data - chitetezo ku kutayikira kwa chidziwitso (DLP);
• Kuyesa Kwachiwopsezo - ukadaulo wa sandbox (SandBox);
• Kuwopseza M'zigawo - ukadaulo woyeretsa mafayilo;
• QoS - kuika patsogolo magalimoto.

M'nkhani zochepa chabe tiwona mwatsatanetsatane masamba a Threat Emulation and Threat Extraction, ndikutsimikiza kuti zikhala zosangalatsa.

2) Kwa Management (kuwongolera magwiridwe antchito a seva)

• Network Policy Management - centralized policy management;
• Endpoint Policy Management - kasamalidwe kapakati pa othandizira a Check Point (inde, Check Point imapanga mayankho osati pachitetezo chamaneti, komanso kuteteza malo ogwirira ntchito (ma PC) ndi mafoni);
• Kudula mitengo & Status - kusonkhanitsa pakati ndi kukonza zipika;
• Management Portal - kasamalidwe kachitetezo kuchokera kwa osatsegula;
• Kuyenda kwa ntchito - kuyang'anira kusintha kwa ndondomeko, kufufuza zosintha, ndi zina zotero;
• Kalozera Wogwiritsa - kuphatikiza ndi LDAP;
• Kupereka - automation ya kasamalidwe ka zipata;
• Smart Reporter - dongosolo lofotokozera;
• Smart Event - kusanthula ndi kugwirizanitsa zochitika (SIEM);
• Kutsatira - kumangoyang'ana zokonda ndikupanga malingaliro.

Sitidzalingalira mwatsatanetsatane nkhani zamalayisensi tsopano, kuti tisasokoneze nkhaniyo komanso kuti tisasokoneze owerenga. Mwachidziwikire tiyika izi mu positi ina.

Mapangidwe a masamba amakulolani kuti mugwiritse ntchito ntchito zomwe mukufunikira, zomwe zimakhudza bajeti ya yankho ndi ntchito yonse ya chipangizocho. Ndizomveka kuti mukamatsegula masamba ambiri, kuchuluka kwa magalimoto komwe mungayendetse "kumakhala kochepa". Ichi ndichifukwa chake tebulo lotsatirali likuphatikizidwa pamtundu uliwonse wa Check Point (tinatenga mawonekedwe a 5400 monga chitsanzo):

Monga mukuwonera, pali magulu awiri a mayeso apa: pamayendedwe opanga komanso pamayendedwe enieni - osakanikirana. Nthawi zambiri, Check Point imangokakamizidwa kufalitsa mayeso opangira, chifukwa... ogulitsa ena amagwiritsa ntchito mayesero otere monga zizindikiro, popanda kufufuza momwe mayankho awo amachitira pa magalimoto enieni (kapena amabisa dala deta yotere chifukwa cha chikhalidwe chawo chosakhutira).

Mu mtundu uliwonse wa mayeso, mutha kuwona zosankha zingapo:

1. kuyesa kokha kwa Firewall;
2. Kuyesa kwa Firewall + IPS;
3. Kuyesa kwa Firewall + IPS + NGFW (kuwongolera ntchito);
4. yesani Firewall+Application Control+URL Sefa+IPS+Antivirus+Anti-Bot+SandBlast (sandbox)

Yang'anani mosamala pazigawozi posankha yankho, kapena kukhudzana kukambilana.

Ndikuganiza kuti apa ndipamene tingatsirize nkhani yoyambira paukadaulo wa Check Point. Kenako, tiwona momwe mungayesere Check Point ndi momwe mungathanirane ndi ziwopsezo zamakono zachitetezo (ma virus, phishing, ransomware, zero-day).

PS Mfundo yofunika. Ngakhale kuti idachokera kumayiko ena (Israeli), yankho limatsimikiziridwa ku Russian Federation ndi maulamuliro, omwe amavomereza kukhalapo kwake m'mabungwe aboma (ndemanga ndi Denyemall).

Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. Lowani muakauntichonde.

Ndi zida ziti za UTM/NGFW zomwe mumagwiritsa ntchito?

• Onani Point

• Cisco Firepower

• Fortinet

• Palo Alto

• Sophos

• Dell SonicWALL

• Huawei

• WatchGuard

• mlombwa

• UserGate

• Woyang'anira magalimoto

• Mpira

• Ideco

• OpenSource yankho

• Zina

Ogwiritsa ntchito 134 adavota. Ogwiritsa 78 adakana.

Source: www.habr.com