Kugamuchirwa kumhemberero - 10th chidzidzo. Uye nhasi tichataura nezveimwe Check Point blade - Identity Awareness. Pakutanga, pakutsanangura NGFW, takaona kuti inofanira kunge ichikwanisa kudzora kuwanikwa kwakavakirwa pamaakaundi, kwete IP kero. Izvi zvinonyanya kukonzerwa nekuwedzera kwekufamba kwevashandisi uye kupararira kwakapararira kweiyo BYOD modhi - hunza chako chishandiso. Panogona kunge paine vanhu vazhinji mukambani vanobatana neWiFi, vanogamuchira ine simba IP, uye kunyangwe kubva kune akasiyana network zvikamu. Edza kugadzira zvinyorwa zvekusvika zvichibva panhamba dzeIP pano. Pano haugone kuita pasina zita remushandisi. Uye ndiyo Identity Awareness blade ichatibatsira panyaya iyi.
Asi chekutanga, ngationei kuti chiziviso chemushandisi chinonyanya kushandiswa?
- Kurambidza kupinda netiweki nemaakaundi emushandisi kwete nemakero eIP. Kupinda kunogona kudzorwa zvese zviri zviviri kuInternet uye kune chero mamwe masegneti etiweki, semuenzaniso DMZ.
- Svika kuburikidza neVPN. Bvumirana kuti zviri nyore kuti mushandisi ashandise domain account yake kune mvumo, pane imwe password yakagadzirwa.
- Kuti utore Check Point, iwe zvakare unoda account inogona kunge iine kodzero dzakasiyana.
- Uye chikamu chakanakisa ndechekushuma. Zvakanyanya kunaka kuona vashandisi chaivo mumishumo kwete yavo IP kero.
Panguva imwecheteyo, Check Point inotsigira marudzi maviri emaakaundi:
- Local Users. Mushandisi anogadzirwa mudura renzvimbo ye server manejimendi.
- External Users. Iyo yekunze mushandisi base inogona kuve yeMicrosoft Active Directory kana chero imwe LDAP server.
Nhasi tichataura nezve network access. Kudzora kuwana network, pamberi pe Active Directory, iyo inonzi Access Role, iyo inobvumira matatu mushandisi sarudzo:
- Network - i.e. network iyo mushandisi ari kuyedza kubatana nayo
- AD Mushandisi kana Boka reMushandisi - iyi data inodhonzwa zvakananga kubva kuAD server
- Machine - nzvimbo yebasa.
Muchiitiko ichi, kuzivikanwa kwemushandisi kunogona kuitwa nenzira dzinoverengeka:
- AD Mubvunzo. Check Point inoverenga iyo AD server matanda evashandisi vane chokwadi uye yavo IP kero. Makomputa ari muAD domain anoonekwa otomatiki.
- Browser-Yakavakirwa Authentication. Kuzivikanwa kuburikidza nebrowser yemushandisi (Captive Portal kana Transparent Kerberos). Kazhinji kazhinji inoshandiswa kune zvishandiso zvisiri mudura.
- Terminal Servers. Muchiitiko ichi, kuzivikanwa kunoitwa uchishandisa yakakosha terminal agent (yakaiswa pane terminal server).
Aya ndiwo matatu anonyanya kusarudzwa, asi pane mamwe matatu:
- Identity Agents. A special agent inoiswa pamakomputa evashandisi.
- Identity Collector. Chimwe chinhu chakasiyana chakaiswa paWindows Server uye chinounganidza matanda echokwadi panzvimbo yegedhi. Muchokwadi, inosungirwa sarudzo yehuwandu hukuru hwevashandisi.
- RADIUS Accounting. Zvakanaka, taizovepi pasina iyo yakanaka yekare RADIUS.
Muchidzidzo ichi ini ndicharatidza yechipiri sarudzo - Browser-Yakavakirwa. Ndinofunga dzidziso yakakwana, ngatienderere mberi tichidzidzira.
Vhidhiyo chidzidzo
Ramba wakatarisa zvimwe uye ubatane nesu π
Source: www.habr.com