ProHoster > Blog > Utongi > 10. Cheka Pokutangira R80.20. Identity Awareness

10. Cheka Pokutangira R80.20. Identity Awareness

10. Cheka Pokutangira R80.20. Identity Awareness

Kugamuchirwa kumhemberero - 10th chidzidzo. Uye nhasi tichataura nezveimwe Check Point blade - Identity Awareness. Pakutanga, pakutsanangura NGFW, takaona kuti inofanirwa kuve nekwaniso yekutonga kuwanikwa kunoenderana neakaundi, kwete IP kero. Izvi zvinonyanya kukonzerwa nekuwedzera kwekufamba kwevashandisi uye kushandiswa kwakapararira kweiyo BYOD modhi - hunza chako chishandiso. Kambani inogona kunge iine vanhu vazhinji vanobatana neWiFi, vanogamuchira ine simba IP, uye kunyangwe kubva kune akasiyana network zvikamu. Edza kugadzira mazita ekuwana kubva pamakero eIP pano. Pano haugone kuita pasina zita remushandisi. Uye Identity Awareness blade ichatibatsira neizvi.

Asi chekutanga, ngationei kuti chiziviso chemushandisi chinonyanya kushandiswa?

  1. Kurambidza kupinda netiweki nemaakaundi emushandisi, kwete nekero dzeIP. Kupinda kunogona kudzorwa zvese kuInternet uye kune chero mamwe masegneti etiweki, akadai seDMZ.
  2. Kupinda kuburikidza VPNBvumiranai kuti zviri nyore kuti mushandisi ashandise account yake yedomain kuti abvumidzwe pane kushandisa imwe password yakagadzirwa.
  3. Kuti utore Check Point, iwe zvakare unoda account inogona kuve nekodzero dzakasiyana.
  4. Uye chikamu chinonyanya kufadza ndecheKurekodha. Zvakanyanya kunaka kuona vashandisi chaivo mumishumo, uye kwete yavo IP kero.

Check Point inotsigira marudzi maviri emaakaundi:

  • Local Users. Mushandisi anogadzirwa mudura renzvimbo ye server manejimendi.
  • External UsersMicrosoft Active Directory kana chero imwe sevha yeLDAP inogona kuita senge rekunze mushandisi dhatabhesi.

Nhasi tichataura nezve network access. Kugadzirisa kuwanikwa kwetiweki, pamberi peActive Directory, iyo inonzi chinhu (mabviro kana kwainoenda) inoshandiswa. Access Role, iyo inokutendera iwe kushandisa matatu mushandisi paramita:

  1. Network - kureva network iyo mushandisi ari kuyedza kubatana nayo
  2. AD Mushandisi kana Boka reMushandisi -iyi data inodhonzwa zvakananga kubva kune AD server
  3. Machine - workstation.

Muchiitiko ichi, kuzivikanwa kwemushandisi kunogona kuitwa nenzira dzinoverengeka:

  • AD Mubvunzo. Check Point inoverenga AD server matanda evashandisi vane chokwadi uye yavo IP kero. Makomputa ari muAD domain anoonekwa otomatiki.
  • Browser-Yakavakirwa Authentication. Kuzivikanwa kuburikidza nebrowser yemushandisi (Captive Portal kana Transparent Kerberos). Kazhinji kazhinji inoshandiswa kune zvishandiso zvisiri mudura.
  • Terminal ServersMuchiitiko ichi, kuzivikanwa kunoitwa uchishandisa yakakosha terminal agent (yakaiswa pane terminal server).

Aya ndiwo matatu anonyanya kusarudzwa, asi pane mamwe matatu:

  • Identity AgentsA special agent inoiswa pamakomputa evashandisi.
  • Identity Collector. Chimwe chinhu chakasiyana chakaiswa paWindows Server uye chinounganidza matanda echokwadi panzvimbo yegedhi. Muchokwadi, inosungirwa sarudzo yehuwandu hukuru hwevashandisi.
  • RADIUS AccountingZvakanaka, taizovepi pasina yakanaka yekare RADIUS.

Muchidzidzo ichi ini ndicharatidza yechipiri sarudzo - Browser-Yakavakirwa. Ndinofunga kuti dzidziso yakakwana, ngatienderere mberi tichidzidzira.

Vhidhiyo chidzidzo

Tamba vhidhiyo

Ramba wakatarisa zvimwe uye ubatane nesu YouTube mugero 🙂

Source: www.habr.com

Voeg