🥇1. CheckFlow -Kurumidza uye yemahara yakazara kuongororwa kwemukati network traffic uchishandisa Flowmon

Tikugashirei kune yedu inotevera mini kosi. Panguva ino tichataura nezve sevhisi yedu nyowani - CheckFlow. Chii? Muchokwadi, iri rinongori zita rekushambadzira rekuongororwa kwemahara kwetiweki traffic (zvemukati nekunze). Iyo odhiyo pachayo inoitwa uchishandisa chishandiso chakanakisa se Flowmon, iyo zvachose chero kambani inogona kushandisa, yemahara, kwemazuva makumi matatu. Asi, ndinokuvimbisa kuti mushure memaawa ekutanga ekuedzwa, iwe uchatanga kugamuchira ruzivo rwakakosha nezvetiweki yako. Uyezve, ruzivo urwu ruchave rwakakosha se kune network administrator, uye zvema security guard. Zvakanaka, ngatikurukurei kuti ruzivo urwu chii uye kukosha kwaro (Pakupera kwechinyorwa, semazuva ese, pane vhidhiyo yekudzidzisa).

Pano, ngatiite kamukira zvishoma. Ndine chokwadi chekuti vanhu vazhinji vava kufunga kuti: "Izvi zvakasiyana sei kubva Tarisa Point Chengetedzo CheckUP? Vanyori vedu vangangoziva kuti chii ichi (takashandisa simba rakawanda pane izvi) :) Usamhanye kusvika kumhedziso, sezvo chidzidzo chinofambira mberi zvese zvichawira munzvimbo.

Zvinogona kutariswa nenetiweki maneja uchishandisa iyi ongororo:

Network traffic analytics - kuti zviteshi zvinotakurwa sei, ndeapi maprotocol anoshandiswa, ayo maseva kana vashandisi vanodya huwandu hukuru hwetraffic.
Network kunonoka uye kurasikirwa -avhareji yekupindura nguva yemasevhisi ako, kuvapo kwekurasikirwa pamatanho ako ese (kugona kuwana bhodhoro).
Mushandisi traffic analytics - kuongororwa kwakazara kwevashandisi traffic. Traffic mavhoriyamu, maapplication anoshandiswa, matambudziko mukushanda nemasevhisi emakambani.
Kuongororwa kwekuita kwechishandiso - kuratidza chikonzero chematambudziko mukushanda kwemakambani ekunyorera (kunonoka kwenetiweki, nguva yekupindura yebasa, dhatabhesi, maapplication).
SLA monitoring -inoona otomatiki uye inoshuma kunonoka uye kurasikirwa kwakakosha paunenge uchishandisa yako yeruzhinji mawebhu application zvichienderana netraffic chaiyo.
Tsvaga network anomalies - DNS/DHCP spoofing, zvishwe, nhema DHCP maseva, anomalous DNS/SMTP traffic uye zvimwe zvakawanda.
Matambudziko nemagadzirirwo -kuonekwa kwevashandisi zvisiri pamutemo kana sevha traffic, izvo zvinogona kuratidza zvisizvo zvigadziriso zvekuchinja kana firewall.
Comprehensive report - Chirevo chakadzama nezve mamiriro eiyo IT zvivakwa, zvichikubvumidza iwe kuronga basa kana kutenga mimwe michina.

Izvo nyanzvi yekuchengetedza ruzivo inogona kutarisa:

Viral chiitiko - inoona hutachiona hwehutachiona mukati metiweki, kusanganisira isingazivikanwe malware (0-zuva) zvichienderana nekuongorora maitiro.
Kuparadzirwa kweransomware - kugona kuona ransomware, kunyangwe ikapararira pakati pemakomputa akavakidzana pasina kusiya chikamu chayo.
Abnormal Activity - traffic isina kujairika yevashandisi, maseva, maapplication, ICMP/DNS tunneling. Kuziva tyisidziro dzechokwadi kana dzinogona kuitika.
Network kurwisa - port scanning, brute-force kurwisa, DoS, DDoS, traffic interception (MITM).
Corporate data leak -kuonekwa kwekurodha pasi (kana kurodha) yedata yekambani kubva kumaseva efaira rekambani.
Zvishandiso zvisina mvumo -kuonekwa kwezvishandiso zvisiri pamutemo zvakabatana netiweki yekambani (inotaridza mugadziri uye sisitimu yekushandisa).
Zvikumbiro zvisingadiwe -Kushandiswa kwezvishandiso zvinorambidzwa mukati metiweki (Bittorent, TeamViewer, VPN, Anonymizers, nezvimwewo).
Cryptominers uye Botnets -Kutarisa network yemidziyo ine hutachiona inobatanidza kune anozivikanwa C&C maseva.

Reporting

Zvichienderana nemhedzisiro yekuongorora, iwe unozogona kuona ese analytics paFlowmon dashboards kana muPDF mishumo. Pazasi pane mimwe mienzaniso.

General traffic analytics

Custom dashboard

Abnormal Activity

Zvishandiso zvakaonekwa

Typical test scheme

Muenzaniso #1 - hofisi imwe

Chinhu chakakosha ndechekuti iwe unokwanisa kuongorora zvese zvekunze uye zvemukati traffic izvo zvisina kuongororwa netiweki perimeter yekudzivirira zvishandiso (NGFW, IPS, DPI, nezvimwewo).

Muenzaniso #2 - mahofisi akawanda

Vhidhiyo chidzidzo

Summary

CheckFlow odhita mukana wakanaka kune IT/IS mamaneja:

Ziva zvazvino uye zvinogoneka matambudziko mune yako IT zvivakwa;
Tsvaga matambudziko nekuchengetedzwa kwemashoko uye kushanda kwemaitiro ekuchengetedza aripo;
Ziva dambudziko rakakosha mukushanda kwebhizinesi zvikumbiro (network chikamu, server chikamu, software) uye avo vane basa rekurigadzirisa;
Zvinonyanya kuderedza nguva yekugadzirisa matambudziko muIT infrastructure;
Rongedzera kukosha kwekuwedzera machaneli, sevha huwandu kana kumwe kutenga kwemidziyo yekudzivirira.

Ndinokurudzirawo kuverenga chinyorwa chedu chakapfuura - 9 yakajairika network matambudziko anogona kuonekwa uchishandisa NetFlow ongororo (uchishandisa Flowmon semuenzaniso).
Kana uchifarira dingindira iri, gara wakatarisa (teregiramu, Facebook, VK, TS Solution Blog, Yandex.Zen).

Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. Nyorera mu, Munogamuchirwa.

Iwe unoshandisa NetFlow/sFlow/jFlow/IPFIX analyzers?

55,6%Hongu5
11,1%Kwete, asi ndinoronga kushandisa1
33,3%No3

9 vashandisi vakavhota. 1 mushandisi haana.

Source: www.habr.com

1. CheckFlow - inokurumidza uye yemahara yakazara ongororo yemukati network traffic uchishandisa Flowmon