ProHoster > Blog > Utongi > Machengetero atinoita mutengi chaiwo desktops kubva kumavhairasi, spyware uye kurwiswa

Machengetero atinoita mutengi chaiwo desktops kubva kumavhairasi, spyware uye kurwiswa

Gore rino, makambani mazhinji akachimbidza kuita basa riri kure. Kune vamwe vatengi isu vakabatsira kuronga anopfuura zana mabasa ari kure pasvondo. Zvakanga zvakakosha kuita izvi kwete nekukurumidza, asiwo zvakachengeteka. VDI tekinoroji yauya kuzonunura: nerubatsiro rwayo, zviri nyore kugovera zvigadziro zvekuchengetedza kunzvimbo dzese dzebasa uye kudzivirira kubva mukudonha kwedata. 

Muchikamu chino ini ndichakuudza kuti yedu chaiyo desktop sevhisi yakavakirwa paCitrix VDI inoshanda sei kubva kune ruzivo rwekuchengetedza ruzivo. Ini ndichakuratidza zvatinoita kuchengetedza vatengi desktops kubva kunze kwekutyisidzira senge ransomware kana kurwiswa kwakanangwa. 

Machengetero atinoita mutengi chaiwo desktops kubva kumavhairasi, spyware uye kurwiswa

Ndeapi matambudziko atinogadzirisa? 

Isu takaona akati wandei tyisidziro dzekuchengetedza sevhisi. Kune rimwe divi, iyo chaiyo desktop inomhanyisa njodzi yekutapukirwa kubva pakombuta yemushandisi. Kune rimwe divi, kune njodzi yekubuda kubva kune chaiyo desktop kuenda munzvimbo yakavhurika yeInternet uye kurodha faira rine hutachiona. Kunyangwe izvi zvikaitika, hazvifanirwe kukanganisa zvese zvivakwa. Naizvozvo, pakugadzira sevhisi, takagadzirisa matambudziko akati wandei: 

  • Inodzivirira iyo yese VDI kumira kubva kutyisidzira kwekunze.
  • Kuparadzaniswa kwevatengi kubva kune mumwe nemumwe.
  • Kuchengetedza iwo chaiwo desktops ivo pachavo. 
  • Batanidza zvakachengeteka vashandisi kubva kune chero mudziyo.

Musimboti wedziviriro yaive FortiGate, chizvarwa chitsva firewall kubva kuFortinet. Iyo inocherekedza VDI booth traffic, inopa yakasarudzika masisitimu kune yega yega mutengi, uye inodzivirira kubva panjodzi kudivi remushandisi. Kugona kwayo kwakakwana kugadzirisa nyaya dzakawanda dzekuchengetedza ruzivo. 

Asi kana kambani iine zvakakosha zvekuchengetedza zvinodiwa, isu tinopa dzimwe sarudzo: 

  • Isu tinoronga kubatana kwakachengeteka kwekushanda kubva kumakomputa epamba.
  • Isu tinopa mukana wekuzvimiririra kuongorora kwekuchengetedza matanda.
  • Isu tinopa manejimendi ekudzivirira antivirus pane desktops.
  • Isu tinodzivirira kubva kune zero-zuva kusasimba. 
  • Isu tinogadzirisa kuvimbiswa kwe-multi-factor yekuwedzera dziviriro kubva kune zvisingabvumirwe kubatana.

Ini ndichakuudza zvakadzama kuti takagadzirisa sei matambudziko. 

Nzira yekudzivirira sei kumira uye kuve nechokwadi chekuchengetedzwa kwetiweki

Ngatiisei chikamu network network. Pakumira isu tinosimbisa yakavharwa manejimendi chikamu chekugadzirisa zvese zviwanikwa. Chikamu che manejimendi hachisvikike kubva kunze: kana paine kurwiswa kwemutengi, vanorwisa havazokwanisa kusvika ipapo. 

FortiGate ine basa rekudzivirira. Inosanganisa mabasa eantivirus, firewall, uye intrusion kudzivirira system (IPS). 

Kune yega yega mutengi isu tinogadzira yakasarudzika network segment yemadhisiki ematafura. Nechinangwa ichi, FortiGate ine virtual domain tekinoroji, kana VDOM. Iyo inokutendera iwe kupatsanura firewall kuita akati wandei chaiwo masangano uye kugovera yega yega mutengi VDOM yayo, inoita seyakaparadzana firewall. Isu zvakare tinogadzira yakaparadzana VDOM yechikamu che manejimendi.

Izvi zvinova dhayagiramu inotevera:
Machengetero atinoita mutengi chaiwo desktops kubva kumavhairasi, spyware uye kurwiswa

Iko hakuna network yekubatanidza pakati pevatengi: imwe neimwe inogara muVDOM yayo uye haina kufurira imwe. Pasina tekinoroji iyi, taizofanira kuparadzanisa vatengi nemirairo yefirewall, izvo zvine njodzi nekuda kwekukanganisa kwevanhu. Unogona kuenzanisa mitemo yakadaro negonhi rinofanira kugara rakavharwa. Munyaya yeVDOM, hatisiyi "masuo" zvachose. 

Mune imwe VDOM yakaparadzana, mutengi ane yake kero uye nzira. Naizvozvo, kuyambuka marara hakuite dambudziko kukambani. Mutengi anogona kugovera iyo inodiwa IP kero kune chaiwo desktops. Izvi zvakanakira makambani makuru ane yavo IP zvirongwa. 

Isu tinogadzirisa nyaya dzekubatanidza nemutengi wekambani network. Basa rakasiyana nderekubatanidza VDI nevatengi vezvivakwa. Kana kambani ikachengeta masisitimu emakambani munzvimbo yedu yedata, tinogona kungomhanyisa tambo yetiweki kubva kumidziyo yayo kuenda kune firewall. Asi kazhinji isu tiri kubata nesaiti iri kure - imwe nzvimbo yedata kana hofisi yemutengi. Muchiitiko ichi, isu tinofunga kuburikidza nekutsinhana kwakachengeteka nesaiti uye kuvaka saiti2site VPN uchishandisa IPsec VPN. 

Zvirongwa zvinogona kusiyana zvichienderana nekuoma kwezvivakwa. Mune dzimwe nzvimbo zvinokwana kubatanidza imwe hofisi network kuVDI - static routing yakakwana ipapo. Makambani makuru ane network dzakawanda dzinogara dzichichinja; pano mutengi anoda dynamic routing. Isu tinoshandisa maprotocol akasiyana: pakatove nezviitiko neOSPF (Open Shortest Path First), GRE tunnels (Generic Routing Encapsulation) uye BGP (Border Gateway Protocol). FortiGate inotsigira network protocol mumaVDOM akasiyana, pasina kukanganisa vamwe vatengi. 

Iwe unogona zvakare kuvaka GOST-VPN - encryption yakavakirwa pane cryptographic kuchengetedza zvinoreva inosimbiswa neFSB yeRussian Federation. Semuyenzaniso, kushandisa KS1 kirasi mhinduro munzvimbo chaiyo "S-Terra Virtual Gateway" kana PAK ViPNet, APKSH "Continent", "S-Terra".

Kugadzira Mapoka eBoka. Isu tinobvumirana nemutengi pane marongero eboka anoshandiswa paVDI. Pano mazano ekugadzirisa haana kusiyana nekugadzirisa mitemo muhofisi. Isu takamisa kubatanidzwa neActive Directory uye tinogovera manejimendi emamwe marongero eboka kune vatengi. Vatariri vemaroja vanogona kushandisa marongero kuchinhu cheComputer, kutonga iyo sangano muActive Directory, uye kugadzira vashandisi. 

PaFortiGate, kune yega yega mutengi VDOM tinonyora network yekuchengetedza mutemo, isa zvirambidzo zvekupinda uye kugadzirisa traffic yekuongorora. Isu tinoshandisa akati wandei FortiGate modules: 

  • IPS module inoongorora traffic kune malware uye inodzivirira kupindira;
  • iyo antivirus inodzivirira iyo desktops pachayo kubva kune malware uye spyware;
  • kusefa kwewebhu kunovharira kuwana zviwanikwa zvisingavimbike nemasaiti ane hutsinye kana zvisina kufanira zvemukati;
  • Zvigadziriso zvefirewall zvinogona kubvumira vashandisi kuwana iyo Internet chete kune mamwe masaiti. 

Dzimwe nguva mutengi anoda kuzvimiririra kutonga kuwana kwevashandi kune mawebhusaiti. Kazhinji kazhinji, mabhangi anouya nechikumbiro ichi: masevhisi ekuchengetedza anoda kuti kutonga kwekuwana kurambe kuri kudivi rekambani. Makambani akadaro pachawo anotarisisa traffic uye anogara achichinja kune marongero. Muchiitiko ichi, tinoshandura traffic yese kubva kuFortiGate yakananga kumutengi. Kuti tiite izvi, tinoshandisa yakagadziridzwa interface ine zvigadzirwa zvekambani. Mushure meizvi, mutengi pachake anogadzirisa mitemo yekuwana kune network yekambani neInternet. 

Tinotarisa zviitiko pastand. Pamwe chete neFortiGate tinoshandisa FortiAnalyzer, muunganidzi welogi kubva kuFortinet. Nerubatsiro rwayo, isu tinotarisa kune ese echiitiko matanda paVDI munzvimbo imwechete, tsvaga fungidziro zviito uye kuteedzera kuwirirana. 

Mumwe wevatengi vedu anoshandisa Fortinet zvigadzirwa muhofisi yavo. Nekuda kwayo, isu takagadzirisa kurodha kwerogi - saka mutengi akakwanisa kuongorora zvese zvekuchengetedza zviitiko zvemichina yehofisi uye chaiwo desktops.

Nzira yekudzivirira sei virtual desktops

Kubva pakutyisidzira kunozivikanwa. Kana mutengi achida kuzvimiririra kuchengetedza anti-virusi, isu tinoisa Kaspersky Chengetedzo kune chaiwo nharaunda. 

Iyi mhinduro inoshanda zvakanaka mugore. Isu tese takajaira chokwadi chekuti yekare Kaspersky antivirus imhinduro "inorema". Kusiyana neizvi, Kaspersky Chengetedzo yeVirtualization haina kurodha chaiwo michina. Yese mavhairasi dhatabhesi ari pane sevha, iyo inopa mutongo kune ese chaiwo mashini eiyo node. Chete mumiriri wemwenje anoiswa pane chaiyo desktop. Inotumira mafaira kune server kuti ionekwe. 

Ichi chivakwa panguva imwe chete chinopa chengetedzo yefaira, kuchengetedzwa kweInternet, uye kuchengetedzwa kwekurwisa pasina kukanganisa kuita kwemachina chaiwo. Muchiitiko ichi, mutengi anogona kuzvimiririra kuunza kunze kwekuchengetedza faira. Isu tinobatsira nekutanga kuseta kwemhinduro. Tichataura pamusoro pezvinhu zvayo mune imwe nyaya yakasiyana.

Kubva kutyisidzira kusingazivikanwe. Kuti tiite izvi, tinobatanidza FortiSandbox - "sandbox" kubva kuFortinet. Isu tinoishandisa sesefa kana iyo antivirus ikapotsa zero-zuva kutyisidzira. Mushure mekudhawunirodha faira, tinotanga kuitarisa neantivirus tozoitumira kubhokisi rejecha. FortiSandbox inotevedzera muchina chaiwo, inomhanyisa faira uye inocherekedza maitiro ayo: ndezvipi zvinhu zviri murejista zvinowanikwa, ingave inotumira zvikumbiro zvekunze, zvichingodaro. Kana faira richiita zvekufungira, iyo sandboxed virtual muchina inodzimwa uye iyo yakaipa faira haiperi pamushandisi VDI. 

Maitiro ekuseta yakachengeteka yekubatanidza kuVDI

Isu tinotarisa kutevedzera kwechigadzirwa nezvinodiwa zvekuchengetedza ruzivo. Kubva pakutanga kwebasa riri kure, vatengi vakatisvikira nezvikumbiro: kuve nechokwadi chekushanda kwakachengeteka kwevashandisi kubva kumakomputa avo. Chero nyanzvi yekuchengetedza ruzivo inoziva kuti kuchengetedza zvishandiso zvepamba kwakaoma: haugone kuisa antivirus inodiwa kana kushandisa marongero eboka, nekuti iyi isiri midziyo yehofisi. 

Nekumisikidza, VDI inova yakachengeteka "layer" pakati pechishandiso chako uye network yemakambani. Kuchengetedza VDI kubva pakurwiswa kubva kumushini wemushandisi, tinodzima clipboard uye tinorambidza USB kuendesa mberi. Asi izvi hazviiti kuti mudziyo wemushandisi wega uve wakachengeteka. 

Isu tinogadzirisa dambudziko tichishandisa FortiClient. Ichi chishandiso chekudzivirira chekupedzisira. Vashandisi vekambani vanoisa FortiClient pamakomputa avo epamba uye voishandisa kubatanidza kune chaiyo desktop. FortiClient inogadzirisa matambudziko matatu kamwechete: 

  • inova "hwindo rimwechete" rekuwana kune mushandisi;
  • inotarisa kana komputa yako yega ine antivirus uye ichangoburwa OS inogadziridza; 
  • inovaka mugero weVPN kuti uwane yakachengeteka. 

Mushandi anongowana mukana kana akapasa kuongororwa. Panguva imwecheteyo, iwo chaiwo desktops pachawo haasvikike kubva kuInternet, zvinoreva kuti anodzivirirwa zviri nani kubva pakurwiswa. 

Kana kambani ichida kubata endpoint dziviriro pachayo, isu tinopa FortiClient EMS (Endpoint Management Server). Mutengi anogona kugadzirisa desktop scanning uye intrusion kudzivirira, uye kugadzira chena runyorwa rwekero. 

Kuwedzera authentication factor. Nekusagadzikana, vashandisi vanotenderwa kuburikidza neCitrix netscaler. Pano, zvakare, tinogona kusimudzira chengetedzo tichishandisa multifactor authentication yakavakirwa paSafeNet zvigadzirwa. Ichi chinyorwa chakakodzera kutariswa kwakakosha; isu tichataurawo nezvazvo mune imwe nyaya. 

Takaunganidza ruzivo rwakadaro mukushanda nemhinduro dzakasiyana-siyana mugore rapfuura rebasa. Iyo VDI sevhisi inogadziriswa yakaparadzana kune mumwe nemumwe mutengi, saka isu takasarudza yakanyanya kuchinjika maturusi. Zvichida munguva yemberi iri pedyo tichawedzera chimwe chinhu uye kugovera ruzivo rwedu.

Musi waGumiguru 7 na17.00 vandinoshanda navo vachataura nezvematafura epawebhusaiti "VDI inodiwa here, kana kuronga basa riri kure?"
Bhalisa, kana iwe uchida kukurukura apo VDI teknolojia yakakodzera kambani uye kana zviri nani kushandisa dzimwe nzira.

Source: www.habr.com

Voeg