Moni anzanu! Popeza tatsimikiza zofunikira zochepa pakuyika StealthWatch mkati , tikhoza kuyamba kutumiza katunduyo.
1. Njira zotumizira StealthWatch
Pali njira zingapo "zokhudza" StealthWatch:
- - ntchito yamtambo yantchito ya labotale;
- Cloud Based: - apa Netflow kuchokera ku chipangizo chanu idzalowa mumtambo ndipo idzawunikidwa pamenepo ndi pulogalamu ya StealthWatch;
- POV pa malo () - njira yomwe ndinatsatira, adzakutumizirani mafayilo a 4 OVF a makina enieni okhala ndi zilolezo zomangidwa kwa masiku 90, omwe angagwiritsidwe ntchito pa seva yodzipatulira pa intaneti yamakampani.
Ngakhale pali makina ambiri otsitsidwa, pamasinthidwe ocheperako 2 okha ndi okwanira: StealthWatch Management Console ndi FlowCollector. Komabe, ngati palibe chipangizo cha netiweki chomwe chingatumize Netflow ku FlowCollector, ndiye kuti m'pofunikanso kutumiza FlowSensor, chifukwa chomalizacho chimakulolani kusonkhanitsa Netflow pogwiritsa ntchito matekinoloje a SPAN/RSPAN.
Monga ndanenera kale, maukonde anu enieni amatha kukhala ngati benchi ya labotale, popeza StealthWatch imangofunika kopi, kapena, molondola, kufinya kwa magalimoto. Chithunzi chomwe chili pansipa chikuwonetsa maukonde anga, pomwe pachipata chachitetezo ndidzakonza Netflow Exporter ndipo, chifukwa chake, nditumiza Netflow kwa wokhometsa.
Kuti mupeze ma VM amtsogolo, madoko otsatirawa ayenera kuloledwa pa firewall yanu, ngati muli nawo:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514l 2055 UDP 6343 UDP
Zina mwazo ndi ntchito zodziwika bwino, zina zimasungidwa ntchito za Cisco.
Kwa ine, ndinangoyika StelathWatch pamanetiweki omwewo monga Check Point, ndipo sindinayenera kukonza malamulo aliwonse a chilolezo.
2. Kukhazikitsa FlowCollector ntchito VMware vSphere monga chitsanzo
2.1. Dinani Sakatulani ndikusankha OVF file1. Mukawona kupezeka kwazinthu, pitani ku menyu View, Inventory β Networking (Ctrl+Shift+N).
2.2. Pa Networking tabu, sankhani gulu la New Distributed port muzosintha zosintha.
2.3. Khazikitsani dzinalo, likhale StealthWatchPortGroup, zosintha zonse zitha kupangidwa monga momwe zilili pazithunzi ndikudina Next.
2.4. Timamaliza kupanga gulu la Port ndi batani la Finish.
2.5. Tiyeni tisinthe makonda a Port Group yopangidwa ndikudina kumanja pagulu la doko ndikusankha Sinthani Zikhazikiko. Mu tabu ya Chitetezo, onetsetsani kuti mwatsegula "njira yachiwerewere", Njira Yonyansa β Landirani β Chabwino.
2.6. Mwachitsanzo, tiyeni titenge OVF FlowCollector, ulalo wotsitsa womwe udatumizidwa ndi injiniya wa Cisco pambuyo pa pempho la GVE. Dinani kumanja pa wolandila yemwe mukufuna kuyika VM ndikusankha Deploy OVF Template. Ponena za malo omwe aperekedwa, "adzayamba" pa 50 GB, koma pazochitika zankhondo, tikulimbikitsidwa kugawa gigabytes 200.
2.7. Sankhani chikwatu chomwe fayilo ya OVF ili.
2.8. Dinani "Kenako".
2.9. Timawonetsa dzina ndi seva komwe timayiyika.
2.10. Zotsatira zake, timapeza chithunzi chotsatira ndikudina "Malizani".
2.11. Timatsata njira zomwezo poyika StealthWatch Management Console.
2.12. Tsopano muyenera kufotokoza ma netiweki ofunikira pamayendedwe kuti FlowCollector awone zonse za SMC ndi zida zomwe Netflow idzatumizidwa kunja.
3. Kuyambitsa StealthWatch Management Console
3.1. Mukapita ku cholumikizira cha makina oyika a SMCVE, mudzawona malo olowera ndi mawu achinsinsi, mwachisawawa sysadmin/lan1cope.
3.2. Timapita ku chinthu cha Management, ikani adilesi ya IP ndi magawo ena amtaneti, ndikutsimikizira kusintha kwawo. Chipangizocho chidzayambiranso.
3.3. Pitani ku mawonekedwe a intaneti (kudzera pa https ku adilesi yomwe mudatchula mu SMC) ndikuyambitsa cholumikizira, lolowera / mawu achinsinsi - admin/lan411cope.
P.S.: Zimachitika kuti Google Chrome sitsegula, Explorer imathandizira nthawi zonse.
3.4. Onetsetsani kuti mukusintha mapasiwedi, khazikitsani ma seva a DNS, NTP, domain, ndi zina zambiri. Zokonda ndi mwachilengedwe.
3.5. Pambuyo kuwonekera "Ikani" batani, chipangizo kuyambiransoko kachiwiri. Pambuyo pa mphindi 5-7 mutha kulumikizanso ku adilesi iyi; StealthWatch idzayendetsedwa kudzera pa intaneti.
4. Kukhazikitsa FlowCollector
4.1. Ndi chimodzimodzi ndi wosonkhanitsa. Choyamba, mu CLI timatchula adilesi ya IP, chigoba, domain, kenako FC iyambiranso. Kenako mutha kulumikizana ndi intaneti pa adilesi yomwe mwatchulidwa ndikukhazikitsanso chimodzimodzi. Chifukwa chakuti zoikamo n'zofanana, zowonetsera mwatsatanetsatane zasiyidwa. Zidziwitso kulowa momwemonso.
4.2. Pamapeto omaliza, muyenera kukhazikitsa adilesi ya IP ya SMC, pakadali pano console idzawona chipangizocho, muyenera kutsimikizira izi polemba zidziwitso zanu.
4.3. Sankhani dera la StealthWatch, lidakhazikitsidwa kale, ndi doko 2055 - Netflow wamba, ngati mukugwira ntchito ndi sFlow, doko 6343.
5. Kusintha kwa Netflow Exporter
5.1. Kuti musinthe Netflow exporter, ndikulimbikitsa kwambiri kutembenukira ku izi , nayi maupangiri akulu okonzekera Netflow otumiza kunja kwa zida zambiri: Cisco, Check Point, Fortinet.
5.2. Kwa ife, ndikubwereza, tikutumiza Netflow kuchokera pachipata cha Check Point. Netflow exporter imakonzedwa mu tabu ya dzina lomwelo pa intaneti (Gaia Portal). Kuti muchite izi, dinani "Add", tchulani mtundu wa Netflow ndi doko lofunikira.
6. Kusanthula ntchito ya StealthWatch
6.1. Kupita ku mawonekedwe a intaneti a SMC, patsamba loyamba la Dashboards> Network Security mutha kuwona kuti magalimoto ayamba!
6.2. Zokonda zina, mwachitsanzo, kugawa makamu m'magulu, kuyang'anira mawonekedwe amunthu payekha, katundu wawo, kuyang'anira osonkhanitsa, ndi zina zambiri, zitha kupezeka mu pulogalamu ya StealthWatch Java. Zachidziwikire, Cisco ikusamutsa magwiridwe antchito onse ku mtundu wa asakatuli pang'onopang'ono ndipo posachedwa tisiya kasitomala wotereyu.
Kuti muyike pulogalamuyo, muyenera kukhazikitsa kaye (Ndayika mtundu wa 8, ngakhale akuti umathandizidwa mpaka 10) kuchokera patsamba lovomerezeka la Oracle.
Pakona yakumanja kwa mawonekedwe a intaneti a kasamalidwe kothandizira, kuti mutsitse, muyenera dinani batani la "Desktop Client".
Mumasunga ndikuyika kasitomala mokakamiza, java angalumbirire, mungafunike kuwonjezera wolandila ku java kupatula.
Zotsatira zake, kasitomala wowoneka bwino amawululidwa, momwe ndizosavuta kuwona kutsitsa kwa otumiza kunja, ma interfaces, kuwukira ndi kutuluka kwawo.
7. StealthWatch Central Management
7.1. Tabu ya Central Management ili ndi zida zonse zomwe zili mbali ya StealthWatch yomwe yatumizidwa, monga: FlowCollector, FlowSensor, UDP-Director ndi Endpoint Concetrator. Kumeneko mungathe kukonza zochunira za netiweki ndi masevisi azipangizo, malayisensi, ndi kuzimitsa pamanja chipangizochi.
Mutha kupitako podina "zida" pakona yakumanja yakumanja ndikusankha Central Management.
7.2. Mukapita ku Sinthani Kukonzekera kwa Appliance mu FlowCollector, mudzawona SSH, NTP ndi zoikamo zina zokhudzana ndi pulogalamuyo. Kuti mupite, sankhani Zochita β Sinthani Kusintha kwa Chipangizo cha chipangizo chomwe mukufuna.
7.3. Kasamalidwe ka zilolezo zitha kupezekanso pagawo la Central Management> Sinthani Zilolezo. Zilolezo zoyeserera ngati pempho la GVE limaperekedwa Masiku 90.
Mankhwalawa ndi okonzeka kupita! Mu gawo lotsatira, tiwona momwe StealthWatch ingazindikire kuwukira ndikupanga malipoti.
Source: www.habr.com