🥇Netiweki yekutarisa uye kuona zvisingaite netiweki chiitiko uchishandisa Flowmon Networks mhinduro

Munguva pfupi yapfuura, iwe unogona kuwana huwandu hukuru hwezvinhu pane iyo musoro paInternet. kuongororwa kwetraffic pane network perimeter. Panguva imwecheteyo, nokuda kwechimwe chikonzero munhu wose akanganwa zvachose kuongororwa kwemigwagwa yemunharaunda, izvo zvisinganyanyi kukosha. Ichi chinyorwa chinotaura chaizvo nezvenyaya iyi. Semuyenzaniso Flowmon Networks isu ticharangarira yakanaka yekare Netflow (uye dzimwe nzira dzayo), tarisa nyaya dzinonakidza, zvinogoneka anomalies mune network uye nekuona zvakanakira mhinduro kana. network yese inoshanda se sensor imwe chete. Uye zvinonyanya kukosha, iwe unogona kuita ongororo yakadaro yetraffic yemuno zvachose pasina muripo, mukati meiyo yerezinesi reyedzo (45 mazuva) Kana musoro wacho uchinakidza kwauri, gamuchira kune katsi. Kana iwe uine usimbe kuverenga, saka, kutarisa mberi, unogona kunyoresa webinar iri kuuya, kwaticharatidza uye kukuudza zvese (iwe unogona zvakare kudzidza nezve iri kuuya chigadzirwa kudzidziswa ipapo).

Chii chinonzi Flowmon Networks?

Chekutanga pane zvese, Flowmon muEurope IT mutengesi. Iyo kambani ndeyeCzech, ine dzimbahwe muBrno (nyaya yezvirango haina kana kusimudzwa). Mune chimiro chayo chazvino, kambani yanga iri pamusika kubvira 2007. Pakutanga, yaizivikanwa pasi peiyo Invea-Tech brand. Saka, pamwe chete, anenge makore makumi maviri akashandiswa pakugadzira zvigadzirwa nemhinduro.

Flowmon yakaiswa seA-kirasi mhando. Inogadzira zvigadziriso zvekutanga zvevatengi vemabhizinesi uye inozivikanwa mumabhokisi eGartner eNetwork Performance Monitoring uye Diagnostics (NPMD). Uyezve, zvinonakidza, pamakambani ese ari mushumo, Flowmon ndiye ega mutengesi akacherechedzwa naGartner semugadziri wemhinduro kune ese ari maviri network yekutarisa uye kuchengetedza ruzivo (Network Behavior Analysis). Izvo hazvitore nzvimbo yekutanga, asi nekuda kweizvi hazvimire sebapiro reBoeing.

Ndeapi matambudziko anogadziriswa nechigadzirwa?

Pasi rose, tinogona kusiyanisa dziva rinotevera remabasa anogadziriswa nezvigadzirwa zvekambani:

kuwedzera kugadzikana kwetiweki, pamwe chete netiweki zviwanikwa, nekuderedza nguva yavo yekudzikira uye kusavapo;
kuvandudza huwandu hwese hwekuita network;
kuwedzera kugona kwevashandi vekutonga nekuda kwe:
- kushandisa yemazuva ano innovative network monitoring tools yakavakirwa paruzivo nezve IP inoyerera;
- kupa ruzivo rwakadzama nezvekushanda uye mamiriro etiweki - vashandisi uye zvikumbiro zvinomhanya panetiweki, data inotumirwa, zviwanikwa zvinodyidzana, masevhisi uye node;
- kupindura kune zviitiko zvisati zvaitika, uye kwete mushure mekunge vashandisi nevatengi varasikirwa nebasa;
- kuderedza nguva uye zviwanikwa zvinodiwa kutungamira network uye IT zvivakwa;
- kurerutsa mabasa ekugadzirisa matambudziko.
kuwedzera mwero wekuchengetedzeka kwetiweki uye ruzivo zviwanikwa zvebhizinesi, kuburikidza nekushandiswa kweasina-siginecha matekinoroji ekuona anomalous uye akashata network chiitiko, pamwe ne "zero-zuva kurwisa";
kuve nechokwadi chiyero chinodiwa cheSLA chetiweki application uye dhatabhesi.

Flowmon Networks Chigadzirwa Portfolio

Zvino ngatitarisei zvakananga kuFlowmon Networks chigadzirwa portfolio uye tizive kuti chii chaizvo chinoitwa nekambani. Sezvo vazhinji vakatofungidzira kubva pazita, iyo huru nyanzvi iri mumhinduro dzekuyerera kuyerera traffic yekutarisa, pamwe akati wandei mamodule anowedzera mashandiro ekutanga.

Muchokwadi, Flowmon inogona kunzi kambani yechigadzirwa chimwe, kana kuti, imwe mhinduro. Ngationei kuti izvi zvakanaka here kana zvakaipa.

Nheyo yehurongwa ndeye muunganidzi, uyo ane basa rekuunganidza data uchishandisa akasiyana siyana ekuyerera maprotocol, akadai NetFlow v5/v9, jFlow, sFlow, NetStream, IPFIX... Zvine musoro kuti kune kambani isingabatanidzi nechero network inogadzira michina, zvakakosha kupa musika chigadzirwa chepasirese chisina kusungirirwa kune chero chiyero chimwe kana protocol.

Flowmon Muunganidzi

Muunganidzi anowanikwa ese sevhavha yehardware uye semuchina chaiwo (VMware, Hyper-V, KVM). Nenzira, chikuva chehardware chinoshandiswa pamaseva eDELL akagadziridzwa, ayo anobvisa otomatiki mazhinji enyaya newaranti uye RMA. Izvo chete zvezvinhu zvemidziyo yemidziyo ndeyeFPGA traffic yekutora makadhi akagadzirwa nerubatsiro rweFlowmon, ayo anobvumira kutarisa nekumhanya kunosvika ku100 Gbps.

Asi chii chekuita kana iripo network network isingakwanise kuburitsa yemhando yepamusoro kuyerera? Kana kuti mutoro uri pamudziyo wakanyanya kukwira here? Hapana dambudziko:

Flowmon Prob

Muchiitiko ichi, Flowmon Networks inopa zano rekushandisa maprobes ayo (Flowmon Probe), ayo akabatana kunetiweki kuburikidza neSPAN port ye switch kana kushandisa passive TAP splitters.

SPAN (mirror port) uye TAP kuita sarudzo

Muchiitiko ichi, iyo mbishi traffic inosvika paFlowmon Probe inoshandurwa kuita yakawedzera IPFIX ine zvimwe. 240 metrics ine ruzivo. Nepo iyo yakajairwa NetFlow protocol inogadzirwa netiweki michina isina anopfuura makumi masere metrics. Izvi zvinobvumira kuoneka kweprotocol kwete chete pamazinga 80 ne3, asiwo padanho rechinomwe maererano neiyo ISO OSI modhi. Nekuda kweizvozvo, vatariri venetiweki vanogona kutarisa kushanda kwezvikumbiro uye mapuroteni akadai see-mail, HTTP, DNS, SMB...

Sezvineiwo, iyo inonzwisisika dhizaini yehurongwa inotaridzika seizvi:

Chikamu chepakati chese Flowmon Networks "ecosystem" ndiye Muunganidzi, anogashira traffic kubva kune iripo network michina kana ayo ayo probes (Probe). Asi kune Enterprise solution, kupa mashandiro chete ekutarisa network traffic zvingave nyore. Open Source mhinduro dzinogonawo kuita izvi, zvisinei kwete nekuita kwakadaro. Kukosha kweFlowmon mamwe mamodule anowedzera basa rekutanga:

module Anomaly Detection Security -kuzivikanwa kweanomalous network chiitiko, kusanganisira zero-zuva kurwiswa, zvichibva pane heuristic kuongororwa kwetraffic uye yakajairika network network;
module Kushanda Kwekuita Kuongorora -kutarisisa mashandiro etiweki application pasina kuisa "maagents" uye nekupesvedzera chinangwa chehurongwa;
module Traffic Recorder -kurekodha zvimedu zvetiweki traffic zvinoenderana neseti yemitemo yakafanotsanangurwa kana zvinoenderana neinokonzeresa kubva kuADS module, kuti uwedzere kugadzirisa uye / kana kuferefetwa kwezviitiko zvekuchengetedza ruzivo;
module DDoS Kudzivirira -Kudzivirirwa kwetiweki perimeter kubva kuvhoriyamu DoS/DDoS kurambwa kwekurwiswa kwesevhisi, kusanganisira kurwiswa kwekushandisa (OSI L3/L4/L7).

Muchikamu chino, tichatarisa kuti zvinhu zvose zvinoshanda sei kurarama tichishandisa muenzaniso we 2 modules - Network Performance Monitoring uye Diagnostics и Anomaly Detection Security.
Pakutanga data:

Lenovo RS 140 server ine VMware 6.0 hypervisor;
Flowmon Collector chaiyo muchina mufananidzo waunogona download pano;
maviri ekuchinja anotsigira kuyerera maprotocol.

Danho 1. Isa Flowmon Collector

Kuendeswa kwemuchina chaiwo paVMware kunoitika nenzira yakakwana kubva kuOVF template. Nekuda kweizvozvo, tinowana muchina chaiwo unomhanya CentOS uye neyakagadzirira-kushandisa-software. Resource zvinodiwa ndezvevanhu:

Chasara kuita basic yekutanga uchishandisa rairo sysconfig:

Isu tinogadzirisa IP pane manejimendi chiteshi, DNS, nguva, Hostname uye inogona kubatana neiyo WEB interface.

Nhanho 2. Kuiswa kwerezinesi

Rezinesi rekuyedza kwemwedzi mumwechete nehafu rinogadzirwa uye kudhawunirwa pamwe chete nemufananidzo wemashini chaiwo. Loaded via Configuration Center -> Rezinesi. Somugumisiro tinoona:

Zvese zvagadzirira. Unogona kutanga kushanda.

Nhanho 3. Kugadzirisa mutori pane muunganidzi

Panguva ino, iwe unofanirwa kusarudza kuti iyo system ichagamuchira sei data kubva kune masosi. Sezvatakambotaura, iyi inogona kunge iri imwe yemaprotocol ekuyerera kana chiteshi cheSPAN pane switch.

Mumuenzaniso wedu, tichashandisa kugamuchira data tichishandisa maprotocol NetFlow v9 uye IPFIX. Muchiitiko ichi, isu tinotsanangura iyo IP kero yeManagement interface sechinangwa - 192.168.78.198. Interfaces eth2 uye eth3 (ine Monitoring interface type) inoshandiswa kugamuchira kopi ye "mbishi" traffic kubva kuSPAN port ye switch. Tinovabvumira kuti vapedze, kwete nyaya yedu.
Tevere, tinotarisa chiteshi chemuunganidzi uko traffic inofanira kuenda.

Kwatiri, muunganidzi anoteerera traffic pachiteshi UDP/2055.

Danho 4. Kugadzirisa network zvishandiso zvekuyerera kunze

Kumisikidza NetFlow paCisco Systems zvishandiso zvinogona kunzi ibasa rakajairika kune chero network maneja. Semuenzaniso wedu, tichatora chimwe chinhu chisina kujairika. Semuenzaniso, iyo MikroTik RB2011UiAS-2HnD router. Ehe, zvisingaite, mhinduro yebhajeti yemahofisi madiki uye epamba inotsigirawo NetFlow v5/v9 uye IPFIX protocol. Muzvirongwa, isa chinangwa (kero yemuteresi 192.168.78.198 uye port 2055):

Uye wedzera ese metrics aripo ekutengesa kunze:

Panguva ino tinogona kutaura kuti kuseta kwekutanga kwapera. Isu tinotarisa kana traffic iri kupinda muhurongwa.

Nhanho 5: Kuedza uye Kushandisa Network Performance Monitoring uye Diagnostics Module

Iwe unogona kutarisa kuvepo kwetraffic kubva kune sosi muchikamu Flowmon Monitoring Center -> Zvinyorwa:

Isu tinoona kuti data iri kupinda muhurongwa. Imwe nguva mushure mekunge muunganidzi aunganidza traffic, majeti anotanga kuratidza ruzivo:

Iyo sisitimu yakavakirwa pane chibooreso pasi musimboti. Kureva kuti, mushandisi, pakusarudza chidimbu chekufarira padhiyagiramu kana girafu, "inowira" kusvika padanho rekudzika kwedata raanoda:

Pasi kune ruzivo nezve yega yega yekubatanidza network uye kubatana:

Nhanho 6. Anomaly Detection Security Module

Iyi module inogona kunzi pamwe imwe yeanonyanya kunakidza, nekuda kwekushandiswa kwenzira-yemahara nzira dzekuona anomalies mune network traffic uye yakaipa network chiitiko. Asi iyi haisi analogue yeIDS/IPS masisitimu. Kushanda nemodule kunotanga ne "kudzidziswa" kwayo. Kuti uite izvi, wizard yakakosha inotsanangura zvese zvakakosha zvikamu uye masevhisi etiweki, kusanganisira:

gedhi kero, DNS, DHCP uye NTP maseva,
kugadzirisa muvashandisi uye seva zvikamu.

Mushure meizvi, iyo system inoenda mukudzidzira mode, iyo inotora paavhareji kubva kumavhiki maviri kusvika kumwedzi mumwe. Munguva ino, sisitimu inogadzira yekutanga traffic yakanangana netiweki yedu. Zvichitaurwa zviri nyore, iyo system inodzidza:

Ndeupi hunhu hwakajairika kune network node?
Ndeapi mavhoriyamu e data anowanzo kutamiswa uye akajairwa kune network?
Ndeipi nguva yakajairika yekushandisa kune vashandisi?
ndeapi maapplication anoshanda pane network?
nezvimwe zvakawanda..

Nekuda kweizvozvo, tinowana chishandiso chinozivisa chero zvisizvo munetiweki yedu uye kutsauka kubva pane zvakajairika maitiro. Heano mimwe mienzaniso iyo sisitimu inobvumidza iwe kuti uone:

kugoverwa kweiyo malware nyowani panetiweki iyo isingaonekwe nemasaini antivirus;
kuvaka DNS, ICMP kana mamwe matani uye kuendesa data nekupfuura firewall;
kutaridzika kwekombuta nyowani pane network ichiita seDHCP uye/kana DNS server.

Ngatione kuti zvinoita sei live. Mushure mekunge sisitimu yako yadzidziswa uye kuvaka hwaro hwetiweki traffic, inotanga kuona zviitiko:

Peji huru yemodule inguva inoratidza zviitiko zvakaonekwa. Mumuenzaniso wedu, tinoona spike yakajeka, inenge pakati pe9 ne16 maawa. Ngatisarudze uye titarise zvakadzama.

Hunhu husina kunaka hweanorwisa pane network hunoonekwa zvakajeka. Izvo zvese zvinotanga nenyaya yekuti mugadziri ane kero 192.168.3.225 akatanga kutarisisa scan ye network pachiteshi 3389 (Microsoft RDP sevhisi) uye akawana gumi nemana "vakabatwa":

Chiitiko chinotevera chakarekodhwa - muenzi 192.168.3.225 anotanga kurwisa kwechisimba kumanikidza mapassword paRDP sevhisi (port 3389) pamakero ambozivikanwa:

Nekuda kwekurwiswa uku, SMTP inomaly inowonekwa pane imwe yevakabirwa mauto. Mune mamwe mazwi, SPAM yatanga:

Uyu muenzaniso chiratidzo chakajeka chekugona kweiyo system uye Anomaly Detection Security module kunyanya. Tongai kushanda kwako pachako. Izvi zvinopedzisa kuongorora kwekushanda kwemhinduro.

mhedziso

Ngatipei muchidimbu kuti ndedzipi mhedziso dzatinogona kutora nezve Flowmon:

Flowmon mhinduro yekutanga kune vatengi vemakambani;
nekuda kwekuita kwayo kwakasiyana-siyana uye kuenderana, kuunganidza data kunowanikwa kubva kune chero kupi: network zvishandiso (Cisco, Juniper, HPE, Huawei ...) kana yako pachako probes (Flowmon Probe);
Iyo scalability kugona kwemhinduro inokubvumira kuti uwedzere mashandiro ehurongwa nekuwedzera mamodule matsva, pamwe nekuwedzera chibereko nekuda kweinoshanduka nzira yekupa rezinesi;
kuburikidza nekushandiswa kwemasiginecha-yemahara ekuongorora matekinoroji, iyo sisitimu inobvumidza iwe kuona zero-zuva kurwiswa kunyangwe kusingazivikanwe kune antivirus uye IDS / IPS masisitimu;
kuvonga kupedzisa "kujeka" maererano nekuisa uye kuvapo kweiyo sisitimu panetiweki - mhinduro haina kukanganisa kushanda kwemamwe ma node uye zvikamu zveIT yako zvigadzirwa;
Flowmon ndiyo yega mhinduro pamusika inotsigira traffic yekutarisa nekumhanya kusvika ku100 Gbps;
Flowmon mhinduro kune network yechero chiyero;
iyo yakanakisa mutengo / basa reshiyo pakati pemhinduro dzakafanana.

Muongororo iyi, takaongorora isingasviki 10% yehuwandu hwekushanda kwemhinduro. Muchinyorwa chinotevera tichataura nezve asara Flowmon Networks modules. Tichishandisa iyo Application Performance Monitoring module semuenzaniso, isu ticharatidza maitiro ebhizinesi application administrators vanogona kuona kuwanikwa pane yakapihwa SLA level, pamwe nekuongorora matambudziko nekukurumidza sezvinobvira.

Zvakare, isu tinoda kukukoka iwe kune yedu webinar (10.09.2019/XNUMX/XNUMX) yakatsaurirwa kune mhinduro dzemutengesi Flowmon Networks. Kufanonyoresa, tinokukumbira nyoresa pano.
Ndizvo zvese izvozvi, maita basa nekufarira kwenyu!

Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. Nyorera mu, Munogamuchirwa.

Uri kushandisa Netflow yekutarisa network?

kuti
Aiwa, asi ndinoronga kudaro
kwete

9 vashandisi vakavhota. 3 vashandisi vakaramba.

Source: www.habr.com

Kutariswa kwenetiweki uye kucherechedzwa kweanomalous network chiitiko uchishandisa Flowmon Networks mhinduro