ProHoster > Blog > Utongi > 4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Tikugashirei kuchinyorwa chechina munhevedzano nezve Check Point SandBlast Agent Management Platform mhinduro. Muzvinyorwa zvakapfuura (kutanga, chechipiri, chechitatu) isu takatsanangura zvakadzama maratidziro uye kugona kwewebhu manejimendi console, uye zvakare takaongorora iyo Threat Prevention policy uye tikaiedza kurwisa kutyisidzira kwakasiyana. Ichi chinyorwa chakazvipira kune chechipiri chekuchengetedza chikamu - iyo Data Dziviriro mutemo, iyo ine basa rekuchengetedza data rakachengetwa pamushini wemushandisi. Zvakare muchinyorwa chino tichatarisa kuDeployment uye Global Policy Settings zvikamu.

Data Dziviriro Policy

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Iyo Dhata Dziviriro mutemo inobvumidza iwe kugadzirisa kuwana kune data rakachengetwa pamushini webasa kune vashandisi vane mvumo chete, uchishandisa iyo Yakazara Disk Encryption uye Boot Dziviriro mabasa. Parizvino, sarudzo dzinotevera dzekumisikidza disk encryption dzinotsigirwa: yeWindows - Tarisa Point Encryption kana BitLocker Encryption, yeMacOS - File Vault. Ngatitarisei zvakanyanya kugona uye marongero esarudzo yega yega.

Tarisa Point Encryption

Tarisa Point Encryption ndiyo yakajairwa dhisiki encryption nzira muData Dziviriro mutemo uye inopa encryption yeese system mafaera (yenguva pfupi, system, kure) kumashure pasina kukanganisa mashandiro emushandisi. Mushure mekuvhara, dhisiki inova isingasvikike kune vashandisi vasina kubvumidzwa.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Iyo huru yekumisikidza yeCheck Point Encryption ndeye "Gonesa Pre-boot", iyo inogonesa chinodiwa chevashandisi kuti chive chechokwadi bhutsu yekushanda isati yatanga. Iyi sarudzo inokurudzirwa kuti ishandiswe, sezvo ichidzivirira mukana wekushandisa authentication bypass zvishandiso padanho rekushandisa system. Izvo zvakare zvinogoneka kugadzirisa kwenguva pfupi bypass paramita yePre-boot basa:

  • Bvumira OS kupinda mushure mekufamba kwenguva - kudzima iyo Pre-boot basa uye kushandura kune huchokwadi mune inoshanda sisitimu;

  • Bvumira pre-boot bypass (Wake On LAN - WOL) - kudzima iyo pre-boot basa pamakomputa akabatana kune manejimendi server kuburikidza neEthernet;

  • Bvumira bypass script - inokubvumira kuti ugadzirise kudarika kwePre-boot basa, zvichiratidza nguva uye zuva iro script yakatanga kushanda uye zvigadziro zvekuguma kwePre-boot bypass;

  • Bvumira LAN kupfuura -dzima iyo pre-boot basa kana uchibatanidza kune network yemuno.

Izvo zviri pamusoro apa zvenguva pfupi nzira dzekupfuura dzePre-boot hazvikurudzirwe kunze kwekunge paine chikonzero chiri pachena (somuenzaniso, kugadzirisa kana kugadzirisa dambudziko), uye mhinduro yakanakisa kubva kune yekuchengetedza nzvimbo yekuona ndeyekugonesa Pre-boot pasina kutsanangura yenguva yekupfuura mitemo. Kana zvichidikanwa kuti upfuure Pre-boot, zvinokurudzirwa kuseta iyo shoma inodiwa nguva yakatarwa mune yechinguvana bypass paramita kuitira kuti usaderedze mwero wekudzivirira kwenguva yakareba.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Zvakare, kana uchishandisa Check Point Encryption, zvinokwanisika kugadzirisa advanced Data Protection policy settings, semuenzaniso, more flexibly configure encryption settings, gadzirisa zvakasiyana-siyana zvePre-boot basa uye Windows authentication.

BitLocker Encryption

BitLocker chikamu cheWindows inoshanda sisitimu uye inokutendera kuti uvhare madhiraivha akaomarara uye inobviswa midhiya. Tarisa Point BitLocker Management chikamu cheWindows Services chinotanga neSandBlast Agent mutengi uye inoshandisa API kubata BitLocker tekinoroji.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Paunosarudza BitLocker Encryption senzira yekuvharidzira dhiraivha muData Dziviriro mutemo, unogona kugadzirisa anotevera marongero:

  • Yekutanga Encryption - ekutanga encryption marongero anotendera iwe kuti encrypt iyo yese drive (Encrypt yese drive), iyo inokurudzirwa kune michina ine iripo data data remushandisi (mafaira, zvinyorwa, nezvimwewo), kana encrypt chete iyo data (Encrypt yakashandiswa disk space chete), inova inokurudzirwa kune itsva Windows kumisikidzwa;

  • Inodhiraivha encrypt - Kusarudzwa kwemadhisiki / zvikamu zve encryption, inobvumidza iwe kunyora ese madhiraivha (Yese madhiraivha) kana chete kupatsanurwa neiyo inoshanda sisitimu (OS drive chete);

  • Encryption algorithm -Kusarudzwa kweiyo encryption algorithm, iyo inokurudzirwa sarudzo ndeye Windows Default, zvinogoneka zvakare kutsanangura XTS-AES-128 kana XTS-AES-256.

File Vault

File Vault ndiyo yakajairwa encryption chishandiso cheApple uye inova nechokwadi chekuti vashandisi vane mvumo chete vanogona kuwana data remushandisi pakombuta. NeFaira Vault yakaiswa, mushandisi anofanira kuisa password kuti atange sisitimu uye kuwana maficha akavharidzirwa. Kushandisa File Vault ndiyo chete nzira yekuona kuchengetedzwa kwedata rakachengetwa muData Dziviriro mutemo kune vashandisi veMacOS inoshanda system.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

YeFaira Vault, iyo "Gonesa otomatiki mushandisi kutora" kuseta inowanikwa, iyo inoda mvumo yemushandisi isati yatanga dhisiki encryption process. Kana iyi ficha ikagoneswa, zvinokwanisika kudoma nhamba yevashandisi vanofanirwa kupinda pamberi peSandBlast Agent yaisa iyo Pre-boot chimiro, kana kutsanangura huwandu hwemazuva mushure meiyo iyo Pre-boot ficha ichaitwa otomatiki kune vese vashandisi vane mvumo. kana panguva ino mushandisi mumwe chete akapinda muhurongwa.

Data kupora

Kana uine matambudziko booting system yako, unogona kushandisa akasiyana nzira dzekudzoreredza data. Mutungamiri anogona kutanga maitiro ekudzoreredza akavharidzirwa data kubva kuComputer Management → Full Dick Encryption Actions chikamu. Kana iwe ukashandisa Check Point Encryption, unogona decrypt yakambovharirwa dhisiki uye kuwana mukana kune ese akachengetwa mafaera. Mushure mekuita uku, iwe unofanirwa kutangazve dhisiki encryption process kuti iyo Data Dziviriro mutemo ushande.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Paunosarudza BitLocker sedhisiki encryption nzira yekudzoreredza data, iwe unofanirwa kuisa iyo Recovery Kiyi ID yedambudziko komputa kuti ugadzire Kiyi yekudzoreredza, iyo inofanirwa kuiswa nemushandisi kuti uwane iyo yakavharidzirwa dhisiki.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Kune vashandisi veMacOS vanoshandisa File Vault kuchengetedza ruzivo rwakachengetwa, maitiro ekudzoreredza anosanganisira maneja kuburitsa kiyi yekudzoreredza zvichibva paSerial Nhamba yemuchina wedambudziko uye nekupinda iyi kiyi, ichiteverwa nekugadzirisa zvakare password.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Deployment Policy

Kubva pakusunungurwa chinyorwa chechipiri, iyo yakakurukura nezve interface yewebhu manejimendi console, Check Point yakakwanisa kuita shanduko kuDeployment chikamu - ikozvino ine chidimbu. Software Deployment, umo iyo gadziriso (inogonesa / yekudzima mablades) inogadzirirwa kune yatoiswa vamiririri, uye chikamu chidiki. Export Package, maunogona kugadzira mapakeji ane pre-yakaiswa blades kuti uwedzere kuisirwa pamakina evashandisi, semuenzaniso, uchishandisa Active Directory boka marongero. Ngatitarisei chikamu cheSoftware Deployment, icho chinosanganisira ese SandBlast Agent blades.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Rega ndikuyeuchidze kuti iyo yakajairwa Deployment policy inongosanganisira blades muThreat Prevention chikamu. Tichifunga nezve yakambokurukurwa Dziviriro yeData mutemo, unogona ikozvino kugonesa chikamu ichi kuti chigadzike uye kushanda pamushini wemutengi une SandBlast Agent. Zvine musoro kusanganisa iyo Remote Access VPN basa, iro rinozobvumira mushandisi kubatana, semuenzaniso, kune network yekambani network, pamwe neAccess and Compliance chikamu, iyo inosanganisira iyo Firewall & Application Control mabasa uye kutarisa mushandisi muchina. kuitira kutevedzera mutemo weCompliance.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Export Package
4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Iyo Export Packages chikamu chiri nyore kwazvo kushandisa: kugadzira dhizaini yekumisikidza, iwe unofanirwa kudoma zita rayo, sarudza iyo inoshanda sisitimu (yeWindows, taurawo hushoma) uye mumiririri vhezheni, wobva wasarudza mitemo yekuchengetedza ichavakwa mukati. pasuru. Uyezve, iwe unogona kutsanangura boka chairo rinozosanganisira makomputa ane pasuru yakaiswa, uye zvakare sarudza VPN Saiti ine preset yekubatanidza kero uye yekusimbisa paramita (VPN Sites inogadziriswa muExport Packages → Manage VPN Sites chikamu). Iyo yekupedzisira poindi inonyanya nyore, sezvo inobvisa mukana wekukanganisa kwemushandisi paunenge uchigadzira VPN yekubatanidza marongero.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Global Policy Settings

MuGlobal Policy Settings, imwe yeanonyanya kukosha paramita inogadziriswa - password yekubvisa SandBlast Agent kubva kumushini wemushandisi. Kana mumiririri angoiswa, mushandisi haakwanise kuibvisa asina kuisa password, iyo nekusarudzika ndeye "chakavanzika"(pasina makotesheni). Nekudaro, iyi password yakajairika iri nyore kuwana munzvimbo dzakavhurika, uye kana uchishandisa SandBlast Agent mhinduro, zvinokurudzirwa kushandura password yakajairika kubvisa mumiriri. MuManagement Platform, ine password yakajairwa, iyo mutemo unogona kungoiswa kashanu, saka kushandura password kuti uibvise hazvidzivisike.
Uye zvakare, Global Policy Settings inogadzirisa data paramita inogona kutumirwa kuCheck Point kuti iongorore nekuvandudza mashandiro eiyo ThreatCloud sevhisi.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Kubva kuGlobal Policy Settings iwe unogona zvakare kugadzirisa mamwe dhisiki encryption policy paramita, kureva password zvinodiwa: kuoma, nguva yekushandiswa, kugona kushandisa yaimboshanda password, nezvimwe. Muchikamu chino, unogona kurodha yako mifananidzo panzvimbo peyakajairwa yePre-boot kana OneCheck.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Kuseta iyo Policy

Sezvo wazvijaira iwe nekwaniso yeData Dziviriro mutemo uye nekugadzirisa zvirongwa zvakakodzera muDeployment chikamu, unogona kutanga kuisa mutemo mutsva unosanganisira dhisiki encryption uchishandisa Check Point Encryption uye mamwe ese eSandBlast Agent blades. Mushure mekuisa mutemo muManagement Platform, mutengi anogashira meseji ichivakumbira kuti vaise iyo nyowani vhezheni yepolicy izvozvi kana kurongazve kuisirwa kune imwe nguva (yakanyanya 2 mazuva).

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Mushure mekudhawunirodha nekuisa iyo nyowani policy, SandBlast Agent ichaita kuti mushandisi atangezve komputa kuti agonese Full Disk Encryption dziviriro.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Mushure mekugadzirisazve, mushandisi achada kuisa zvinyorwa zvake muCheck Point Endpoint Security yekusimbisa hwindo - iyi hwindo ichaonekwa nguva dzese isati yatanga sisitimu yekushandisa (Pre-boot). Zvinogoneka kusarudza iyo Single Sign-On (SSO) sarudzo yekushandisa otomatiki zvitupa zvehuchokwadi muWindows.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

Kana chokwadi chikabudirira, mushandisi anowana mukana kune yake sisitimu, uye kuseri kwezviitiko iyo disk encryption process inotanga. Kushanda uku hakukanganisi kushanda kwemuchina nenzira ipi zvayo, kunyange zvazvo inogona kugara kwenguva yakareba (zvichienderana nehuwandu hwe disk space). Kana iyo encryption yapera, tinogona kuona kuti ese mablades akabatidzwa uye anoshanda, drive inovharirwa, uye muchina wemushandisi wakachengeteka.

4. Tarisa Point SandBlast Agent Management Platform. Data Dziviriro Policy. Deployment uye Global Policy Settings

mhedziso

Ngatipfupikisai: muchinyorwa chino takatarisa kugona kweSandBlast Agent kuchengetedza ruzivo rwakachengetwa pamushini wemushandisi uchishandisa dhisiki encryption muData Dziviriro mutemo, takadzidza marongero ekuparadzira marongero uye vamiririri kuburikidza neDeployment chikamu uye akaisa mutemo mutsva ne diski. encryption mitemo uye mamwe mablades pamushini wemushandisi. Muchinyorwa chinotevera munhevedzano, isu ticha tarisa zvakadzama nezve kutema matanda uye kushuma kugona mu Management Platform uye SandBlast Agent mutengi.

Yakakura kusarudzwa kwezvinhu paCheck Point kubva kuTS Solution. Kuti urege kupotsa zvinyorwa zvinotevera pamusoro weSandBlast Agent Management Platform, tevera zvigadziriso pasocial network (teregiramu, Facebook, VK, TS Solution Blog, Yandex Zen).

Source: www.habr.com