Pulogalamu ya ProHoster > Blog > Ulamuliro > Momwe timatetezera ma desktops amakasitomala ku ma virus, mapulogalamu aukazitape ndi kuwukira

Momwe timatetezera ma desktops amakasitomala ku ma virus, mapulogalamu aukazitape ndi kuwukira

Chaka chino, makampani ambiri adasinthira mwachangu ntchito zakutali. Kwa makasitomala ena ife anathandiza konzekerani ntchito zopitilira zana limodzi pa sabata. Zinali zofunikira kuchita izi osati mofulumira, komanso mosamala. Ukadaulo wa VDI wabwera kudzapulumutsa: ndi chithandizo chake, ndikosavuta kugawa mfundo zachitetezo kumalo onse ogwira ntchito ndikuteteza kutayikira kwa data. 

M'nkhaniyi ndikuuzani momwe ntchito yathu yapakompyuta yozikidwa pa Citrix VDI imagwirira ntchito pachitetezo chazidziwitso. Ndikuwonetsani zomwe timachita kuteteza ma desktops a kasitomala ku ziwopsezo zakunja monga ransomware kapena kuwukira komwe mukufuna. 

Momwe timatetezera ma desktops amakasitomala ku ma virus, mapulogalamu aukazitape ndi kuwukira

Ndi mavuto ati achitetezo omwe timathetsa? 

Tazindikira ziwopsezo zingapo zazikulu zachitetezo pantchitoyi. Kumbali imodzi, kompyuta yodziwika bwino imakhala pachiwopsezo chotenga kachilomboka kuchokera pakompyuta ya wogwiritsa ntchito. Kumbali inayi, pali ngozi yotuluka kuchokera pakompyuta kupita kumalo otseguka a intaneti ndikutsitsa fayilo yomwe ili ndi kachilombo. Ngakhale izi zitachitika, siziyenera kukhudza zida zonse. Choncho, popanga utumiki, tinathetsa mavuto angapo: 

  • Imateteza mawonekedwe onse a VDI ku ziwopsezo zakunja.
  • Kudzipatula kwa makasitomala kwa wina ndi mzake.
  • Kuteteza ma desktops enieni okha. 
  • Lumikizani motetezeka ogwiritsa ntchito pachida chilichonse.

Pakatikati pachitetezocho chinali FortiGate, chowotcha moto cham'badwo watsopano kuchokera ku Fortinet. Imayang'anira kuchuluka kwa magalimoto a VDI, imapereka maziko akutali kwa kasitomala aliyense, ndikuteteza ku chiwopsezo cha ogwiritsa ntchito. Mphamvu zake ndi zokwanira kuthetsa nkhani zambiri zachitetezo. 

Koma ngati kampani ili ndi zofunikira zapadera zachitetezo, timapereka zosankha zina: 

  • Timakonza kulumikizana kotetezeka kuti tigwire ntchito kuchokera pamakompyuta apanyumba.
  • Timapereka mwayi wofufuza zodziyimira pawokha pamalogi achitetezo.
  • Timapereka kasamalidwe ka chitetezo cha antivayirasi pa desktop.
  • Timateteza ku zovuta zamasiku a ziro. 
  • Timakonza kutsimikizika kwazinthu zambiri kuti titetezedwe kumalumikizidwe osaloleka.

Ndikuuzani mwatsatanetsatane momwe tinathetsera mavutowo. 

Momwe mungatetezere maimidwe ndikuwonetsetsa chitetezo cha intaneti

Tiyeni tigawane gawo la netiweki. Poyimilira tikuwonetsa gawo lotsekedwa loyang'anira zothandizira zonse. Gawo loyang'anira silikupezeka kuchokera kunja: pakachitika chiwembu kwa kasitomala, owukira sangathe kufika pamenepo. 

FortiGate imayang'anira chitetezo. Zimaphatikiza ntchito za antivayirasi, firewall, and intrusion prevention system (IPS). 

Kwa kasitomala aliyense timapanga gawo lakutali la ma desktops. Pachifukwa ichi, FortiGate ili ndi ukadaulo waukadaulo, kapena VDOM. Zimakupatsani mwayi wogawa zozimitsa moto m'magulu angapo ndikugawa kasitomala aliyense VDOM yake, yomwe imakhala ngati chowotchera moto. Timapanganso VDOM yosiyana ya gawo loyang'anira.

Izi zimakhala ndi chithunzi chotsatira:
Momwe timatetezera ma desktops amakasitomala ku ma virus, mapulogalamu aukazitape ndi kuwukira

Palibe kulumikizana kwa netiweki pakati pa makasitomala: aliyense amakhala mu VDOM yake ndipo samakhudza mnzake. Popanda ukadaulo uwu, tikadayenera kulekanitsa makasitomala ndi malamulo oteteza moto, omwe ndi owopsa chifukwa cha zolakwika zamunthu. Malamulo oterowo mungawayerekezere ndi chitseko chimene chiyenera kutsekedwa nthaΕ΅i zonse. Pankhani ya VDOM, sitisiya "zitseko" konse. 

Mu VDOM yosiyana, kasitomala ali ndi maadiresi ake ndi njira zake. Chifukwa chake, kudutsa magawo sikukhala vuto kwa kampaniyo. Makasitomala amatha kupatsa ma adilesi ofunikira a IP kuma desktops enieni. Izi ndizothandiza makampani akuluakulu omwe ali ndi mapulani awo a IP. 

Timathetsa zovuta zolumikizana ndi netiweki yamakasitomala. Ntchito ina ndikugwirizanitsa VDI ndi zomangamanga za kasitomala. Ngati kampani imasunga machitidwe amakampani mu data center yathu, titha kungoyendetsa chingwe cha netiweki kuchokera ku zida zake kupita ku firewall. Koma nthawi zambiri tikuchita ndi malo akutali - malo ena a data kapena ofesi ya kasitomala. Pankhaniyi, timaganiza kudzera kusinthanitsa kotetezeka ndi tsambalo ndikumanga site2site VPN pogwiritsa ntchito IPsec VPN. 

Mapulani amatha kusiyanasiyana kutengera zovuta za zomangamanga. M'malo ena ndikokwanira kulumikiza ofesi imodzi ku VDI - mayendedwe okhazikika ndi okwanira pamenepo. Makampani akuluakulu ali ndi maukonde ambiri omwe akusintha nthawi zonse; apa kasitomala amafunikira njira zosinthira. Timagwiritsa ntchito ma protocol osiyanasiyana: pakhala pali milandu ndi OSPF (Open Shortest Path First), tunnels za GRE (Generic Routing Encapsulation) ndi BGP (Border Gateway Protocol). FortiGate imathandizira ma protocol a network muma VDOM osiyana, osakhudza makasitomala ena. 

Mukhozanso kumanga GOST-VPN - kubisa kutengera chitetezo cha cryptographic chomwe chimatsimikiziridwa ndi FSB ya Russian Federation. Mwachitsanzo, kugwiritsa ntchito mayankho a kalasi ya KS1 m'malo opezeka "S-Terra Virtual Gateway" kapena PAK ViPNet, APKSH "Continent", "S-Terra".

Kukhazikitsa Ndondomeko Zamagulu. Timavomerezana ndi kasitomala pa ndondomeko zamagulu zomwe zimagwiritsidwa ntchito pa VDI. Apa mfundo zokhazikitsa sizili zosiyana ndi kukhazikitsa ndondomeko muofesi. Tidakhazikitsa kuphatikiza ndi Active Directory ndikupereka kasamalidwe ka mfundo zamagulu kwa makasitomala. Oyang'anira nyumba amatha kugwiritsa ntchito mfundo pa chinthu cha Computer, kuyang'anira gawo la bungwe mu Active Directory, ndikupanga ogwiritsa ntchito. 

Pa FortiGate, kwa kasitomala aliyense VDOM timalemba ndondomeko ya chitetezo cha intaneti, ikani zoletsa zolowera ndikukonzekera kuyang'anira magalimoto. Timagwiritsa ntchito ma module angapo a FortiGate: 

  • IPS module imayang'ana kuchuluka kwa anthu omwe ali ndi pulogalamu yaumbanda ndikuletsa kulowerera;
  • antivayirasi imateteza ma desktops okha ku pulogalamu yaumbanda ndi mapulogalamu aukazitape;
  • kusefa kwapaintaneti kumatchinga kupeza zinthu zosadalirika ndi masamba omwe ali ndi zoyipa kapena zosayenera;
  • Zokonda paziwombankhanga zitha kulola ogwiritsa ntchito kugwiritsa ntchito intaneti patsamba lina lokha. 

Nthawi zina kasitomala amafuna kuyang'anira pawokha mwayi wogwira ntchito pamasamba. Nthawi zambiri, mabanki amabwera ndi pempho ili: ntchito zachitetezo zimafuna kuti kuwongolera kukhale kumbali ya kampaniyo. Makampani oterowo amawunika momwe magalimoto amayendera ndipo nthawi zonse amasintha ndondomeko. Pankhaniyi, timatembenuza magalimoto onse kuchokera ku FortiGate kupita kwa kasitomala. Kuti tichite izi, timagwiritsa ntchito mawonekedwe okonzedwa ndi maziko a kampani. Pambuyo pake, kasitomalayo amakonza malamulo oti azitha kulumikizana ndi intaneti yamakampani ndi intaneti. 

Timayang'ana zochitika pa stand. Pamodzi ndi FortiGate timagwiritsa ntchito FortiAnalyzer, wokhometsa zipika kuchokera ku Fortinet. Ndi chithandizo chake, timayang'ana zolemba zonse pa VDI pamalo amodzi, kupeza zokayikitsa ndikutsata zolumikizana. 

M'modzi mwamakasitomala athu amagwiritsa ntchito zinthu za Fortinet muofesi yawo. Kwa izo, tidakonza kuyika kwa chipika - kotero kasitomala adatha kusanthula zochitika zonse zachitetezo pamakina akuofesi ndi ma desktops enieni.

Momwe mungatetezere ma desktops enieni

Kuchokera kuopseza kodziwika. Ngati kasitomala akufuna kudziyimira pawokha chitetezo chotsutsana ndi ma virus, timayikanso Kaspersky Security pamawonekedwe enieni. 

Njira iyi imagwira ntchito bwino mumtambo. Tonse tidazolowera kuti antivayirasi ya Kaspersky yapamwamba ndi yankho "lolemera". Mosiyana ndi izi, Kaspersky Security for Virtualization samanyamula makina enieni. Ma database onse a virus ali pa seva, yomwe imapereka zigamulo pamakina onse a node. Ndi chothandizira chowunikira chokha chomwe chimayikidwa pa desktop. Imatumiza mafayilo ku seva kuti atsimikizire. 

Zomangamangazi nthawi imodzi zimapereka chitetezo cha mafayilo, chitetezo cha intaneti, ndi chitetezo chachitetezo popanda kusokoneza magwiridwe antchito a makina enieni. Pankhaniyi, kasitomala akhoza kudziyimira pawokha zopatula pachitetezo cha fayilo. Timathandizira pakukhazikitsa koyambira kwa yankho. Tidzakambirana za mawonekedwe ake m'nkhani ina.

Kuchokera kuopseza kosadziwika. Kuti tichite izi, timagwirizanitsa FortiSandbox - "mchenga" wochokera ku Fortinet. Timagwiritsa ntchito ngati fyuluta ngati antivayirasi iphonya chiwopsezo cha tsiku la ziro. Titatsitsa fayiloyo, timayiyesa kaye ndi antivayirasi ndikuyitumiza ku sandbox. FortiSandbox amatsanzira makina enieni, amayendetsa fayilo ndikuwona machitidwe ake: ndi zinthu ziti zomwe zili mu registry zomwe zimapezeka, kaya zimatumiza zopempha zakunja, ndi zina zotero. Ngati fayilo ikuchita zokayikitsa, makina a sandboxed amachotsedwa ndipo fayilo yoyipayo sithera pa VDI yogwiritsa ntchito. 

Momwe mungakhazikitsire kulumikizana kotetezeka ku VDI

Timawona kuti chipangizochi chikutsatiridwa ndi zofunikira zachitetezo chazidziwitso. Chiyambireni ntchito yakutali, makasitomala atifikira ndi zopempha: kuonetsetsa kuti ogwiritsa ntchito akuyenda bwino pamakompyuta awo. Katswiri aliyense wachitetezo azidziwitso amadziwa kuti kuteteza zida zapakhomo ndizovuta: simungathe kukhazikitsa ma antivayirasi ofunikira kapena kugwiritsa ntchito mfundo zamagulu, chifukwa izi si zida zamaofesi. 

Mwachikhazikitso, VDI imakhala "wosanjikiza" wotetezeka pakati pa chipangizo chanu ndi netiweki yamakampani. Kuteteza VDI ku makina ogwiritsa ntchito, timayimitsa bolodi ndikuletsa kutumiza kwa USB. Koma izi sizimapangitsa kuti chipangizo cha wosuta chitetezeke. 

Timathetsa vutoli pogwiritsa ntchito FortiClient. Ichi ndi chida chachitetezo chomaliza. Ogwiritsa ntchito kampaniyo amayika FortiClient pamakompyuta awo akunyumba ndikuigwiritsa ntchito kuti alumikizane ndi desktop. FortiClient imathetsa mavuto atatu nthawi imodzi: 

  • imakhala "zenera limodzi" lofikira kwa wogwiritsa ntchito;
  • imayang'ana ngati kompyuta yanu ili ndi antivayirasi ndi zosintha zaposachedwa za OS; 
  • imamanga ngalande ya VPN kuti mufike bwino. 

Wogwira ntchito amangopeza mwayi ngati apereka chitsimikiziro. Nthawi yomweyo, ma desktops enieniwo sapezeka pa intaneti, zomwe zikutanthauza kuti amatetezedwa bwino kuukira. 

Ngati kampani ikufuna kuyang'anira chitetezo chokha, timapereka FortiClient EMS (Endpoint Management Server). Makasitomala amatha kukonza kusanthula kwapakompyuta ndi kupewa kulowerera, ndikupanga mndandanda woyera wamaadiresi. 

Kuwonjezera zinthu zotsimikizira. Mwachikhazikitso, ogwiritsa ntchito amatsimikiziridwa kudzera mu Citrix netscaler. Apanso, titha kupititsa patsogolo chitetezo pogwiritsa ntchito kutsimikizika kwazinthu zambiri kutengera zinthu za SafeNet. Mutuwu uyenera kusamaliridwa mwapadera; tidzakambirananso za izi m'nkhani ina. 

Tapeza zokumana nazo zotere pogwira ntchito ndi mayankho osiyanasiyana chaka chatha chantchito. Ntchito ya VDI imakonzedwa padera kwa kasitomala aliyense, kotero tinasankha zida zosinthika kwambiri. Mwina posachedwapa tidzawonjezera zina ndi kugawana zomwe takumana nazo.

Pa Okutobala 7 nthawi ya 17.00 anzanga adzalankhula za ma desktops apa intaneti "Kodi VDI ndiyofunikira, kapena kukonza ntchito zakutali?"
Lembetsani, ngati mukufuna kukambirana pamene teknoloji ya VDI ili yoyenera ku kampani komanso pamene kuli bwino kugwiritsa ntchito njira zina.

Source: www.habr.com

Kuwonjezera ndemanga