Posachedwapa, mutha kupeza zinthu zambiri pamutuwu pa intaneti. kusanthula kwamayendedwe pama network ozungulira. Pa nthawi yomweyo, pazifukwa zina aliyense anaiwala kwathunthu za kusanthula kwamayendedwe amderali, zomwe zili zofunikanso. Nkhaniyi ikufotokoza ndendende nkhaniyi. Mwachitsanzo tidzakumbukira zabwino zakale za Netflow (ndi zina zake), yang'anani milandu yosangalatsa, zovuta zomwe zingatheke pa intaneti ndikupeza ubwino wa yankho pamene network yonse imagwira ntchito ngati sensa imodzi. Ndipo chofunikira kwambiri, mutha kusanthula zotere zamayendedwe amderalo kwaulere, mkati mwa chiphaso choyeserera (Masiku 45). Ngati mutuwo ndi wosangalatsa kwa inu, mwalandilidwa paka. Ngati ndinu waulesi kwambiri kuti muwerenge, ndiye, kuyang'ana kutsogolo, mukhoza kulembetsa , komwe tidzakuwonetsani ndikukuuzani zonse (mungathenso kuphunzira za maphunziro omwe akubwera kumeneko).
Kodi Flowmon Networks ndi chiyani?
Choyamba, Flowmon ndi wogulitsa ku Europe IT. Kampaniyi ndi yaku Czech, yomwe ili ndi likulu ku Brno (nkhani ya zilango siyinatchulidwe nkomwe). Mu mawonekedwe ake aposachedwa, kampaniyo yakhala ikugulitsidwa kuyambira 2007. M'mbuyomu, zidadziwika pansi pa mtundu wa Invea-Tech. Chifukwa chake, pafupifupi zaka 20 zidagwiritsidwa ntchito popanga zinthu ndi mayankho.
Flowmon imayikidwa ngati mtundu wa A-class. Imapanga mayankho apamwamba kwa makasitomala abizinesi ndipo imadziwika m'mabokosi a Gartner a Network Performance Monitoring and Diagnostics (NPMD). Komanso, chochititsa chidwi, mwa makampani onse omwe ali mu lipotili, Flowmon ndi wogulitsa yekhayo amene Gartner amaona kuti ndi wokonza njira zothetsera kuwunikira komanso kuteteza chidziwitso (Network Behavior Analysis). Sizitenga malo oyamba, koma chifukwa cha izi sizimayima ngati mapiko a Boeing.
Kodi mankhwala amathetsa mavuto otani?
Padziko lonse lapansi, titha kusiyanitsa ntchito zotsatirazi zomwe zimathetsedwa ndi zinthu zamakampani:
- kuonjezera kukhazikika kwa maukonde, komanso chuma cha pa intaneti, mwa kuchepetsa nthawi yawo yopuma komanso kusapezeka;
- kuonjezera mlingo wonse wa machitidwe a intaneti;
- kuonjezera luso la ogwira ntchito chifukwa cha:
- kugwiritsa ntchito zida zamakono zowunikira maukonde potengera zambiri zamayendedwe a IP;
- kupereka ma analytics mwatsatanetsatane za magwiridwe antchito ndi momwe maukonde - ogwiritsa ntchito ndi ntchito zomwe zikuyenda pamaneti, ma data opatsirana, zothandizirana, mautumiki ndi ma node;
- kuyankha pazochitika zisanachitike, osati pambuyo pa ogwiritsa ntchito ndi makasitomala kutaya ntchito;
- kuchepetsa nthawi ndi zinthu zofunika kuti azitha kuyendetsa maukonde ndi zida za IT;
- kuchepetsa ntchito zothetsa mavuto.
- kukulitsa chitetezo cha maukonde ndi zidziwitso zamabizinesi, pogwiritsa ntchito matekinoloje osasayina kuti azindikire zochitika zapaintaneti zoyipa komanso zoyipa, komanso "kuukira kwamasiku a zero";
- kuwonetsetsa mulingo wofunikira wa SLA pazogwiritsa ntchito ma network ndi ma database.
Flowmon Networks Product Portfolio
Tsopano tiyeni tiwone mwachindunji pagulu lazamalonda la Flowmon Networks ndikuwona zomwe kampaniyo imachita. Monga ambiri adzinenera kale kuchokera ku dzinali, kukhazikika kwakukulu kuli munjira zothetsera kuwunika kwamayendedwe amayendedwe, kuphatikiza ma module angapo omwe amakulitsa magwiridwe antchito.
M'malo mwake, Flowmon imatha kutchedwa kampani ya chinthu chimodzi, kapena m'malo mwake, yankho limodzi. Tiyeni tiwone ngati izi ndi zabwino kapena zoyipa.
Pakatikati pa dongosololi ndi wosonkhanitsa, yemwe ali ndi udindo wosonkhanitsa deta pogwiritsa ntchito njira zosiyanasiyana zothamanga, monga NetFlow v5/v9, jFlow, sFlow, NetStream, IPFIX... Ndizomveka kuti kwa kampani yosagwirizana ndi makina opanga zida zapaintaneti, ndikofunikira kuti apatse msika chinthu chapadziko lonse lapansi chomwe sichimangiriridwa ndi muyezo uliwonse kapena protocol.
Wosonkhanitsa Flowmon
Wosonkhanitsa akupezeka monga seva ya hardware komanso ngati makina enieni (VMware, Hyper-V, KVM). Mwa njira, nsanja ya hardware imayikidwa pa ma seva a DELL, omwe amathetsa nkhani zambiri ndi chitsimikizo ndi RMA. Zida zokhazo zomwe zili ndi ma hardware ndi makhadi ojambulidwa a FPGA opangidwa ndi othandizira a Flowmon, omwe amalola kuwunika mwachangu mpaka 100 Gbps.
Koma choti muchite ngati zida zomwe zilipo kale sizitha kupanga kuyenda kwapamwamba? Kapena kodi katundu pazidazo ndi wapamwamba kwambiri? Palibe vuto:
Pulogalamu ya Flowmon
Pachifukwa ichi, Flowmon Networks ikupereka kugwiritsa ntchito ma probe ake (Flowmon Probe), omwe amalumikizidwa ndi netiweki kudzera pa doko la SPAN la switch kapena kugwiritsa ntchito zogawa za TAP.
SPAN (galasi la galasi) ndi zosankha za TAP
Pamenepa, kuchuluka kwa magalimoto obwera ku Flowmon Probe kumasinthidwa kukhala IPFIX yokulirapo yokhala ndi zambiri. 240 ma metric okhala ndi chidziwitso. Pomwe protocol ya NetFlow yopangidwa ndi zida zama network ilibe ma metrics opitilira 80. Izi zimalola kuwonekera kwa protocol osati pamilingo 3 ndi 4, komanso pamlingo wa 7 malinga ndi mtundu wa ISO OSI. Zotsatira zake, oyang'anira maukonde amatha kuyang'anira magwiridwe antchito ndi ma protocol monga imelo, HTTP, DNS, SMB ...
Mwachidziwitso, kamangidwe koyenera kachitidwe kakuwoneka motere:
Pakatikati pa Flowmon Networks yonse "ecosystem" ndi Wosonkhanitsa, yemwe amalandira magalimoto kuchokera ku zipangizo zamakono zomwe zilipo kale kapena zofufuza zake (Probe). Koma yankho la Enterprise, kupereka magwiridwe antchito pakuwunika kuchuluka kwa ma network kumakhala kosavuta. Mayankho a Open Source amathanso kuchita izi, ngakhale osachita izi. Mtengo wa Flowmon ndi ma module owonjezera omwe amakulitsa magwiridwe antchito:
- gawo Chitetezo cha Anomaly Detection - Kuzindikiritsa zochitika zapaintaneti zosasangalatsa, kuphatikiza kuukira kwamasiku a ziro, kutengera kusanthula kwamayendedwe ndi mbiri yapaintaneti;
- gawo Ntchito Magwiridwe Monitoring - kuyang'anira momwe ma intaneti amagwirira ntchito popanda kukhazikitsa "othandizira" ndikuwongolera machitidwe omwe mukufuna;
- gawo Chojambulira Magalimoto - kujambula zidutswa za kuchuluka kwa magalimoto pamaneti malinga ndi malamulo omwe adafotokozedweratu kapena motengera choyambitsa kuchokera ku gawo la ADS, kuti muthetse mavuto ndi/kapena kufufuza zochitika zachitetezo chazidziwitso;
- gawo DDoS Chitetezo - Kutetezedwa kwa ma netiweki ozungulira pakukana kwa volumetric DoS/DDoS pakuwukira ntchito, kuphatikiza kuukira kwa mapulogalamu (OSI L3/L4/L7).
Munkhaniyi, tiwona momwe chilichonse chimagwirira ntchito pogwiritsa ntchito ma module a 2 - Network Performance Monitoring ndi Diagnostics ΠΈ Chitetezo cha Anomaly Detection.
Zoyambira:
- Seva ya Lenovo RS 140 yokhala ndi VMware 6.0 hypervisor;
- Chithunzi cha makina a Flowmon Collector chomwe mungathe ;
- masiwichi othandizira ma protocol oyenda.
Gawo 1. Ikani Flowmon Collector
Kutumiza kwa makina enieni pa VMware kumachitika mwanjira yokhazikika kuchokera pa template ya OVF. Zotsatira zake, timapeza makina enieni omwe akuyendetsa CentOS komanso mapulogalamu okonzeka kugwiritsa ntchito. Zofunikira zothandizira ndi zaumunthu:
Zomwe zatsala ndikuyambitsa zoyambira pogwiritsa ntchito lamulo sysconfig:
Timakonza IP pa doko loyang'anira, DNS, nthawi, Hostname ndipo titha kulumikizana ndi mawonekedwe a WEB.
Gawo 2. Kukhazikitsa kwa chilolezo
Chilolezo choyesa kwa mwezi umodzi ndi theka chimapangidwa ndikutsitsidwa pamodzi ndi chithunzi cha makina. Zokwezedwa kudzera Configuration Center -> License. Chifukwa chake tikuwona:
Zonse zakonzeka. Mutha kuyamba kugwira ntchito.
Khwerero 3. Kukhazikitsa wolandila pa osonkhanitsa
Panthawiyi, muyenera kusankha momwe dongosololi lidzalandirire deta kuchokera kumagwero. Monga tanena kale, iyi ikhoza kukhala imodzi mwama protocol kapena doko la SPAN pa switch.
Mu chitsanzo chathu, tidzagwiritsa ntchito kulandira deta pogwiritsa ntchito ma protocol NetFlow v9 ndi IPFIX. Pankhaniyi, timatchula adilesi ya IP ya mawonekedwe a Management ngati chandamale - 192.168.78.198. Mawonekedwe a eth2 ndi eth3 (ndi mtundu wa mawonekedwe a Monitoring) amagwiritsidwa ntchito kulandira kopi ya magalimoto "yaiwisi" kuchokera padoko la SPAN la switch. Timawalola kuti adutse, osati mlandu wathu.
Kenaka, timayang'ana doko la osonkhanitsa kumene magalimoto ayenera kupita.
Kwa ife, wokhometsayo amamvetsera magalimoto pa doko la UDP/2055.
Khwerero 4. Kukonzekera zida zapaintaneti zotumizira kunja
Kukhazikitsa NetFlow pa zida za Cisco Systems mwina zitha kutchedwa ntchito wamba kwa woyang'anira maukonde aliyense. Kwa chitsanzo chathu, titenga zina zachilendo. Mwachitsanzo, rauta ya MikroTik RB2011UiAS-2HnD. Inde, modabwitsa, njira yothetsera bajeti yotereyi yamaofesi ang'onoang'ono ndi akunyumba imathandiziranso ma protocol a NetFlow v5/v9 ndi IPFIX. Muzokonda, ikani chandamale (adilesi ya osonkhanitsa 192.168.78.198 ndi port 2055):
Ndipo onjezani ma metric onse omwe alipo kuti atumizidwe:
Panthawiyi tikhoza kunena kuti kukhazikitsidwa koyambirira kwatha. Timayang'ana ngati magalimoto akulowa mudongosolo.
Khwerero 5: Kuyesa ndi Kugwiritsa Ntchito Network Performance Monitoring and Diagnostics Module
Mukhoza kuyang'ana kukhalapo kwa magalimoto kuchokera ku gwero mu gawoli Flowmon Monitoring Center -> Zochokera:
Tikuwona kuti deta ikulowa mudongosolo. Patapita kanthawi wosonkhanitsayo atapeza kuchuluka kwa magalimoto, ma widget ayamba kuwonetsa zambiri:
Dongosolo limamangidwa pa kubowola pansi mfundo. Ndiko kuti, wogwiritsa ntchito, posankha chidutswa cha chidwi pa chithunzi kapena graph, "amagwera" pamlingo wakuya wa deta yomwe amafunikira:
Pansi pazambiri zamalumikizidwe ndi intaneti iliyonse:
Gawo 6. Anomaly Detection Security Module
Gawoli limatha kutchedwa kuti ndi imodzi mwazosangalatsa kwambiri, chifukwa chogwiritsa ntchito njira zopanda siginecha zodziwira zolakwika pamayendedwe amtaneti komanso machitidwe oyipa pa intaneti. Koma izi sizofanana ndi machitidwe a IDS/IPS. Kugwira ntchito ndi gawoli kumayamba ndi "maphunziro" ake. Kuti muchite izi, wizard yapadera imatchula zigawo zonse zazikulu ndi ntchito za intaneti, kuphatikizapo:
- ma adilesi a zipata, DNS, DHCP ndi maseva a NTP,
- kuyankha mu magawo a ogwiritsa ntchito ndi seva.
Pambuyo pake, dongosololi limapita ku maphunziro, omwe amatha pafupifupi masabata awiri mpaka mwezi umodzi. Panthawiyi, dongosololi limapanga magalimoto oyambira omwe ali enieni pa intaneti yathu. Mwachidule, ndondomeko imaphunzira:
- ndi khalidwe lanji la ma network node?
- Ndi ma data anji omwe nthawi zambiri amasamutsidwa ndipo ndi abwino pa netiweki?
- Kodi nthawi yogwiritsira ntchito kwa ogwiritsa ntchito ndi yotani?
- ndi mapulogalamu otani omwe amayendera pa netiweki?
- ndi zina zambiri..
Zotsatira zake, timapeza chida chomwe chimazindikiritsa zolakwika zilizonse pamanetiweki athu komanso zopatuka kumayendedwe omwe timakhala nawo. Nazi zitsanzo zingapo zomwe dongosolo limakupatsani mwayi kuti muwone:
- kugawa kwa pulogalamu yaumbanda yatsopano pamaneti yomwe siidziwika ndi siginecha ya antivayirasi;
- kumanga DNS, ICMP kapena ngalande zina ndikutumiza deta modutsa chowotcha moto;
- mawonekedwe a kompyuta yatsopano pa netiweki ikuwoneka ngati seva ya DHCP ndi/kapena DNS.
Tiyeni tiwone momwe zimawonekera live. Dongosolo lanu litaphunzitsidwa ndikumanga malo oyambira pamaneti, limayamba kuzindikira zochitika:
Tsamba lalikulu la gawoli ndi nthawi yowonetsera zochitika zomwe zadziwika. Mu chitsanzo chathu, tikuwona kukwera bwino, pafupifupi pakati pa maola 9 ndi 16. Tiyeni tisankhe ndikuyang'ana mwatsatanetsatane.
Khalidwe losadabwitsa la wowukira pa intaneti likuwonekera bwino. Zonse zimayamba ndi mfundo yakuti wolandirayo yemwe ali ndi adilesi 192.168.3.225 anayamba jambulani yopingasa ya netiweki pa doko 3389 (utumiki wa Microsoft RDP) ndipo anapeza 14 "ozunzidwa":
ΠΈ
Chochitika chojambulidwa chotsatirachi - wolandira 192.168.3.225 akuyamba kuwukira mwamphamvu mawu achinsinsi pa ntchito ya RDP (doko 3389) pama adilesi omwe adadziwika kale:
Chifukwa cha chiwembuchi, SMTP anomaly imadziwika pa imodzi mwa omwe adabedwa. Mwanjira ina, SPAM yayamba:
Chitsanzochi ndi chisonyezero chomveka cha mphamvu za dongosololi ndi gawo la Anomaly Detection Security makamaka. Weruzani kuchitapo kanthu kwa inu nokha. Izi zimamaliza chithunzithunzi cha ntchito ya yankho.
Pomaliza
Tiyeni tifotokoze mwachidule zomwe titha kunena za Flowmon:
- Flowmon ndi yankho lapamwamba kwa makasitomala amakampani;
- chifukwa cha kusinthasintha kwake komanso kuyanjana, kusonkhanitsa deta kumapezeka kuchokera kulikonse: zida zapaintaneti (Cisco, Juniper, HPE, Huawei ...) kapena ma probe anu (Flowmon Probe);
- Kuthekera kwa scalability kwa yankho kumakupatsani mwayi wokulitsa magwiridwe antchito powonjezera ma module atsopano, komanso kukulitsa zokolola chifukwa cha njira yosinthika yoperekera chilolezo;
- pogwiritsa ntchito matekinoloje osanthula opanda siginecha, makinawa amakulolani kuti muwone kuukira kwamasiku a zero ngakhale osadziwika ndi ma antivayirasi ndi machitidwe a IDS/IPS;
- chifukwa cha "transparency" yokwanira pakukhazikitsa ndi kukhalapo kwa dongosolo pamaneti - yankho silimakhudza magwiridwe antchito a mfundo zina ndi zigawo za zomangamanga zanu za IT;
- Flowmon ndiyo njira yokhayo pamsika yomwe imathandizira kuyang'anira magalimoto pa liwiro la 100 Gbps;
- Flowmon ndi yankho lamanetiweki amtundu uliwonse;
- mtengo wabwino kwambiri / magwiridwe antchito pakati pa mayankho ofanana.
Mu ndemanga iyi, tapenda zosakwana 10% za ntchito yonse ya yankho. M'nkhani yotsatira tidzakambirana za ma module otsala a Flowmon Networks. Pogwiritsa ntchito gawo la Application Performance Monitoring mwachitsanzo, tiwonetsa momwe oyang'anira ntchito zamabizinesi angatsimikizire kupezeka pamlingo woperekedwa wa SLA, komanso kuzindikira mavuto mwachangu momwe tingathere.
Komanso, tikufuna kukuitanani ku webinar yathu (10.09.2019/XNUMX/XNUMX) yoperekedwa ku mayankho a ogulitsa Flowmon Networks. Kuti mulembetsetu, tikukupemphani .
Ndizo zonse pakadali pano, zikomo chifukwa cha chidwi chanu!
Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. chonde.
Kodi mukugwiritsa ntchito Netflow pakuwunikira maukonde?
-
kuti
-
Ayi, koma ndikukonzekera
-
No
Ogwiritsa ntchito 9 adavota. Ogwiritsa 3 adakana.
Source: www.habr.com