Pulogalamu ya ProHoster > Blog > Ulamuliro > Onani Point Gaia R80.40. Chatsopano ndi chiyani?

Onani Point Gaia R80.40. Chatsopano ndi chiyani?

Onani Point Gaia R80.40. Chatsopano ndi chiyani?

Kutulutsidwa kotsatira kwa makina ogwiritsira ntchito akuyandikira Gaya R80.40. Masabata angapo apitawo Pulogalamu ya Early Access inayamba, komwe mungathe kuyesa kuyesa kugawa. Monga mwachizolowezi, timafalitsa zambiri za zatsopano, ndikuwunikiranso mfundo zomwe zili zosangalatsa kwambiri m'malingaliro athu. Kuyang'ana m'tsogolo, ndinganene kuti zatsopanozi ndi zofunikadi. Chifukwa chake, ndikofunikira kukonzekera njira yosinthira koyambirira. Poyamba ife tiri nazo kale adasindikiza nkhani momwe mungachitire izi (kuti mumve zambiri, chonde pitani kulumikizana nanu). Tiyeni tifike kumutu...

Chatsopano ndi chiyani

Tiyeni tiwone zatsopano zomwe zalengezedwa pano. Zambiri zotengedwa patsamba Onani Mates (gulu la Check Point) Ndi chilolezo chanu, sindimasulira mawuwa, mwamwayi omvera a Habr amalola. M'malo mwake, ndisiya ndemanga zanga pamutu wotsatira.

1. Chitetezo cha IoT. Zatsopano zokhudzana ndi intaneti ya Zinthu

  • Sonkhanitsani zida za IoT ndi momwe magalimoto amayendera kuchokera kumainjini odziwika a IoT (pakadali pano amathandizira Medigate, CyberMDX, Cynerio, Claroty, Indegy, SAM ndi Armis).
  • Konzani Gulu Latsopano Lodzipereka la IoT pakuwongolera mfundo.
  • Konzani ndikuwongolera malamulo achitetezo omwe amatengera zida za IoT.

2.TLS Kuyang'anaHTTP/2:

  • HTTP/2 ndikusintha kwa protocol ya HTTP. Kusinthaku kumapereka kusintha kwachangu, kuchita bwino komanso chitetezo komanso zotsatira zokhala ndi chidziwitso cha ogwiritsa ntchito.
  • Check Point's Security Gateway tsopano imathandizira HTTP/2 ndipo imapindula ndi liwiro labwino komanso magwiridwe antchito pomwe ikupeza chitetezo chokwanira, ndi masamba onse a Threat Prevention and Access Control, komanso chitetezo chatsopano cha protocol ya HTTP/2.
  • Thandizo ndi la magalimoto omveka bwino komanso obisika a SSL ndipo amaphatikizidwa kwathunthu ndi HTTPS/TLS
  • Kuwunika luso.

TLS Inspection Layer. Zatsopano zokhudzana ndi kuyendera kwa HTTPS:

  • Ndondomeko Yatsopano mu SmartConsole yoperekedwa ku TLS Inspection.
  • Magawo osiyanasiyana a TLS Inspection atha kugwiritsidwa ntchito pamapaketi osiyanasiyana.
  • Kugawana gawo la TLS Inspection pamagulu angapo a mfundo.
  • API ya machitidwe a TLS.

3. Kupewa Ziwopsezo

  • Kupititsa patsogolo bwino kwa njira zopewera Zowopsa komanso zosintha.
  • Zosintha zokha ku Threat Extraction Engine.
  • Zinthu Zamphamvu, Domain ndi Zosinthidwa Tsopano zitha kugwiritsidwa ntchito m'malamulo Oletsa Kuwopseza ndi Kuwunika kwa TLS. Zinthu zosinthidwa ndi zinthu zapaintaneti zomwe zimayimira ntchito yakunja kapena mndandanda wodziwika bwino wa ma adilesi a IP, mwachitsanzo - Office365 / Google / Azure / AWS IP ma adilesi ndi zinthu za Geo.
  • Anti-Virus tsopano imagwiritsa ntchito ziwopsezo za SHA-1 ndi SHA-256 kutsekereza mafayilo potengera ma hashi awo. Lowetsani zizindikiro zatsopano kuchokera ku SmartConsole Threat Indicators view kapena Custom Intelligence Feed CLI.
  • Anti-Virus ndi SandBlast Threat Emulation tsopano imathandizira kuyang'anira kuchuluka kwa maimelo kudzera pa protocol ya POP3, komanso kuyang'anira bwino kuchuluka kwa ma imelo pa protocol ya IMAP.
  • Anti-Virus ndi SandBlast Threat Emulation tsopano gwiritsani ntchito mawonekedwe oyendera a SSH omwe angoyambitsidwa kumene kuti muyang'ane mafayilo omwe amasamutsidwa pama protocol a SCP ndi SFTP.
  • Anti-Virus ndi SandBlast Threat Emulation tsopano akupereka chithandizo chowongolera pakuwunika kwa SMBv3 (3.0, 3.0.2, 3.1.1), komwe kumaphatikizanso kuyang'anira maulumikizidwe amakanema ambiri. Check Point ndiye wogulitsa yekhayo yemwe angathandizire kuyang'anira kusamutsa mafayilo kudzera mumayendedwe angapo (chinthu chomwe chimakhala chokhazikika m'malo onse a Windows). Izi zimathandiza makasitomala kukhala otetezeka pamene akugwira ntchito ndi gawo lowonjezera.

4. Chidziwitso Chodziwika

  • Thandizo lophatikizana ndi Captive Portal ndi SAML 2.0 ndi Opereka Identity wachitatu.
  • Thandizo la Identity Broker pakugawana kowopsa komanso pang'onopang'ono kwa zidziwitso pakati pa ma PDP, komanso kugawana magawo osiyanasiyana.
  • Zowonjezera kwa Terminal Servers Agent kuti muwonjezere bwino komanso kuti mugwirizane.

5. IPsec VPN

  • Konzani madera osiyanasiyana a VPN encryption pa Security Gateway yomwe ndi membala wamagulu angapo a VPN. Izi zimapereka:
  • Zachinsinsi - Maukonde amkati samawululidwa pazokambirana za protocol za IKE.
  • Chitetezo chotsogola ndi kukula - Fotokozani maukonde omwe amapezeka mdera la VPN.
  • Kulumikizana kwabwino - Matanthauzidwe osavuta a VPN otengera njira (omwe amalangizidwa mukamagwira ntchito ndi chinsinsi cha VPN chopanda kanthu).
  • Pangani ndikugwira ntchito mosasinthasintha ndi malo a Large Scale VPN (LSV) mothandizidwa ndi mbiri ya LSV.

6. Kusefa kwa URL

  • Kupititsa patsogolo scalability ndi kupirira.
  • Zowonjezereka zothetsera mavuto.

7.NAT

  • Njira yowonjezera yogawira madoko a NAT - pa Zipata Zachitetezo zokhala ndi zochitika 6 kapena kupitilira apo za CoreXL Firewall, nthawi zonse zimagwiritsa ntchito dziwe lomwelo la madoko a NAT, omwe amakulitsa kugwiritsidwa ntchito kwa doko ndikugwiritsanso ntchito.
  • Kuyang'anira kagwiritsidwe ntchito ka madoko a NAT mu CPView komanso ndi SNMP.

8. Voice over IP (VoIP)Zochitika zingapo za CoreXL Firewall zimagwiritsa ntchito protocol ya SIP kuti ipititse patsogolo magwiridwe antchito.

9. VPN yakutaliGwiritsani ntchito satifiketi yamakina kuti musiyanitse katundu wamakampani ndi omwe si akampani komanso kukhazikitsa mfundo zokakamiza kugwiritsa ntchito katundu wakampani kokha. Kukakamiza kungakhale pre-logon (kutsimikizira chipangizo kokha) kapena post-logon (chipangizo ndi wosuta kutsimikizira).

10. Mobile Access Portal AgentKupititsa patsogolo Chitetezo cha Endpoint Pakufunidwa mkati mwa Mobile Access Portal Agent kuti athandizire asakatuli onse akuluakulu. Kuti mudziwe zambiri, onani sk113410.

11.CoreXL ndi Multi-Queue

  • Kuthandizira kugawika kwa ma CoreXL SNDs ndi zochitika za Firewall zomwe sizifunikira kuyambiranso kwa Security Gateway.
  • Zomwe zachitika m'bokosilo - Security Gateway imangosintha kuchuluka kwa ma CoreXL SND ndi zochitika za Firewall ndi kasinthidwe ka Multi-Queue kutengera kuchuluka kwa magalimoto.

12. Kusonkhanitsa

  • Thandizo la Cluster Control Protocol mu Unicast mode lomwe limathetsa kufunikira kwa CCP

Njira zowulutsira kapena Multicast:

  • Kubisa kwa Cluster Control Protocol tsopano kwayatsidwa mwachisawawa.
  • New ClusterXL mode -Active/Active, yomwe imathandizira Mamembala a Cluster m'malo osiyanasiyana omwe ali pamagulu osiyanasiyana ndipo ali ndi ma adilesi osiyanasiyana a IP.
  • Kuthandizira Mamembala a ClusterXL Cluster omwe amayendetsa mapulogalamu osiyanasiyana.
  • Anathetsa kufunikira kwa kasinthidwe ka MAC Magic pomwe masango angapo alumikizidwa ku subnet yomweyo.

13. VSX

  • Kuthandizira kukweza kwa VSX ndi CPUSE ku Gaia Portal.
  • Kuthandizira kwa Active Up mode mu VSLS.
  • Kuthandizira malipoti a ziwerengero a CPView pa Virtual System iliyonse

14. Zero TouchNjira yosavuta yokhazikitsira Pulagi & Play pakuyika chida - kuchotsa kufunikira kwa ukatswiri waukadaulo ndikulumikizana ndi chipangizochi kuti chisinthidwe koyambirira.

15. Gaia REST APIGaia REST API imapereka njira yatsopano yowerengera ndi kutumiza zambiri ku maseva omwe amayendetsa Gaia Operating System. Onani sk143612.

16. Njira Zapamwamba

  • Zowonjezera kwa OSPF ndi BGP zimalola kukonzanso ndikuyambitsanso OSPF yoyandikana nayo pachiwonetsero chilichonse cha CoreXL Firewall popanda kufunikira koyambitsanso daemon yoyendetsedwa.
  • Kupititsa patsogolo kutsitsimula kwa njira kuti muwongolere kusasinthasintha kwamayendedwe a BGP.

17. Mphamvu zatsopano za kernel

  • Kusintha kwa Linux kernel
  • Dongosolo latsopano logawa (gpt):
  • Imathandizira ma drive opitilira 2TB amthupi / zomveka
  • Makina othamanga (xfs)
  • Kuthandizira kusungirako kwakukulu kwadongosolo (mpaka 48TB yoyesedwa)
  • Kusintha kwa magwiridwe antchito a I/O
  • Mizere Yambiri:
  • Thandizo lathunthu la Gaia Clish pamalamulo a Multi-Queue
  • Kukonzekera kokhazikika kwa "on by default".
  • SMB v2/3 phiri lothandizira mu tsamba la Mobile Access
  • Thandizo lowonjezera la NFSv4 (kasitomala) (NFS v4.2 ndiye mtundu wa NFS womwe umagwiritsidwa ntchito)
  • Kuthandizira kwa zida zatsopano zamakina owongolera, kuyang'anira ndi kukonza dongosolo

18. CloudGuard Controller

  • Zowonjezera machitidwe olumikizirana ndi ma Data Center akunja.
  • Kuphatikiza ndi VMware NSX-T.
  • Thandizo la malamulo owonjezera a API kuti apange ndikusintha zinthu za Data Center Server.

19. Multi-Domain Server

  • Bwezerani ndi kubwezeretsanso Domain Management Server pa Multi-Domain Server.
  • Samutsirani Domain Management Server pa Multi-Domain Server kupita ku Multi-Domain Security Management.
  • Samutsirani Seva Yoyang'anira Chitetezo kuti mukhale Domain Management Server pa Multi-Domain Server.
  • Samutsirani Domain Management Server kuti mukhale Seva Yoyang'anira Chitetezo.
  • Bwezeretsani Domain pa Multi-Domain Server, kapena Seva Yoyang'anira Chitetezo kuti iwunikenso m'mbuyomu kuti musinthe.

20. SmartTasks ndi API

  • Njira Yatsopano Yotsimikizira API yomwe imagwiritsa ntchito Key API yodzipangira yokha.
  • New Management API ikulamula kupanga zinthu zamagulu.
  • Central Deployment of Jumbo Hotfix Accumulator and Hotfixes kuchokera ku SmartConsole kapena ndi API amalola kukhazikitsa kapena kukweza angapo Security Gateways ndi Clusters mofanana.
  • SmartTasks - Konzani zolembera zokha kapena zopempha za HTTPS zoyambitsidwa ndi ntchito za oyang'anira, monga kusindikiza gawo kapena kukhazikitsa mfundo.

21. KutumizaCentral Deployment of Jumbo Hotfix Accumulator and Hotfixes kuchokera ku SmartConsole kapena ndi API amalola kukhazikitsa kapena kukweza angapo Security Gateways ndi Clusters mofanana.

22. SmartEventGawani malingaliro a SmartView ndi malipoti ndi oyang'anira ena.

23.Log ExporterTumizani zipika zosefedwa molingana ndi makonda am'munda.

24. Endpoint Security

  • Kuthandizira kubisa kwa BitLocker kwa Full Disk Encryption.
  • Kuthandizira ziphaso zakunja za Certificate Authority kwa kasitomala wa Endpoint Security
  • kutsimikizika ndi kuyankhulana ndi Endpoint Security Management Server.
  • Kuthandizira kukula kwamphamvu kwa phukusi la Endpoint Security Client kutengera zomwe zasankhidwa
  • zinthu zotumizidwa.
  • Policy tsopano ikhoza kuwongolera kuchuluka kwa zidziwitso kwa ogwiritsa ntchito.
  • Kuthandizira kwa Persistent VDI chilengedwe mu Endpoint Policy Management.

Zomwe timakonda kwambiri (kutengera ntchito zamakasitomala)

Monga mukuonera, pali zambiri zatsopano. Koma kwa ife, ngati chophatikiza dongosolo, pali mfundo zingapo zosangalatsa kwambiri (zomwe zimakondweretsanso makasitomala athu). Top 10 yathu:

  1. Pomaliza, chithandizo chonse cha zida za IoT chawonekera. Ndizovuta kale kupeza kampani yomwe ilibe zida zotere.
  2. Kuyang'ana kwa TLS tsopano kwayikidwa mugawo lina (Layer). Ndizosavuta kuposa pano (pa 80.30). Palibenso kuyendetsa Dashboard yakale ya Legasy. Komanso, tsopano mutha kugwiritsa ntchito Zinthu Zosinthika mu mfundo zoyendera za HTTPS, monga Office365, Google, Azure, AWS, ndi zina. Izi ndizothandiza kwambiri mukafuna kukhazikitsa zosiyana. Komabe, palibe chithandizo cha tls 1.3. Zikuwoneka kuti "adzagwira" ndi hotfix yotsatira.
  3. Kusintha kwakukulu kwa Anti-Virus ndi SandBlast. Tsopano mutha kuyang'ana ma protocol monga SCP, SFTP ndi SMBv3 (mwa njira, palibe amene angayang'anenso ma protocol awa ambiri).
  4. Pali zosintha zambiri pa Site-to-Site VPN. Tsopano mutha kukonza madera angapo a VPN pachipata chomwe chili m'magulu angapo a VPN. Ndizosavuta komanso zotetezeka kwambiri. Kuphatikiza apo, Check Point pomaliza idakumbukira Route Based VPN ndikuwongolera pang'ono kukhazikika kwake / kugwirizanitsa.
  5. Chinthu chodziwika kwambiri kwa ogwiritsa ntchito akutali chawonekera. Tsopano mutha kutsimikizira osati wogwiritsa ntchito, komanso chipangizo chomwe amalumikiza. Mwachitsanzo, tikufuna kulola kulumikizana kwa VPN kokha kuchokera kuzipangizo zamakampani. Izi zachitika, ndithudi, mothandizidwa ndi ziphaso. Ndikothekanso kuyika (SMB v2/3) magawo amafayilo kwa ogwiritsa ntchito akutali ndi kasitomala wa VPN.
  6. Pali zosintha zambiri pakugwira ntchito kwa cluster. Koma mwina chimodzi mwazosangalatsa kwambiri ndi kuthekera kogwiritsa ntchito tsango pomwe zipata zimakhala ndi mitundu yosiyanasiyana ya Gaia. Izi ndizothandiza pokonzekera zosintha.
  7. Kupititsa patsogolo luso la Zero Touch. Chinthu chothandiza kwa iwo omwe nthawi zambiri amaika zipata "zazing'ono" (mwachitsanzo, ma ATM).
  8. Pazipika, kusungirako mpaka 48TB tsopano kwathandizidwa.
  9. Mutha kugawana ma dashboard anu a SmartEvent ndi oyang'anira ena.
  10. Log Exporter tsopano imakupatsani mwayi kuti musefe mauthenga otumizidwa pogwiritsa ntchito magawo ofunikira. Iwo. Zolemba zofunikira zokha ndi zochitika zomwe zidzatumizidwa kumakina anu a SIEM

Sintha

Mwina ambiri akuganiza kale zosintha. Palibe chifukwa chothamangira. Poyamba, mtundu 80.40 uyenera kupita ku General Availability. Koma ngakhale pambuyo pake, simuyenera kusintha nthawi yomweyo. Ndi bwino kudikirira osachepera woyamba hotfix.
Mwina ambiri β€œakukhala” pa matembenuzidwe akale. Ndikhoza kunena kuti pang'onopang'ono ndizotheka kale (ndipo ngakhale kofunika) kusinthira ku 80.30. Iyi ndi dongosolo lokhazikika komanso lotsimikiziridwa!

Mukhozanso kulembetsa kumasamba athu agulu (uthengawo, Facebook, VK, TS Solution Blog), komwe mungatsatire kuwonekera kwa zinthu zatsopano pa Check Point ndi zinthu zina zachitetezo.

Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. Lowani muakauntichonde.

Kodi mukugwiritsa ntchito mtundu wanji wa Gaia?

  • R77.10

  • R77.30

  • R80.10

  • R80.20

  • R80.30

  • Zina

Ogwiritsa 13 adavota. Ogwiritsa ntchito 6 adakana.

Source: www.habr.com

Kuwonjezera ndemanga