Mhoro vaunoshanda navo! Taona izvo zvidiki zvinodiwa pakuisa StealthWatch mukati , tinogona kutanga kutumira chigadzirwa.
1. Nzira dzekutumira StealthWatch
Pane nzira dzinoverengeka dze "kubata" iyo StealthWatch:
- - cloud service yebasa re laboratori;
- Cloud Based: - pano Netflow kubva pachishandiso chako inoyerera ichipinda mugore uye ichaongororwa ipapo neStealthWatch software;
- Pamusoro-nzvimbo POV () - iyo nzira yandakatevera, ivo vachakutumira 4 OVF mafaera emakina chaiwo ane akavakirwa-mukati marezinesi kwemazuva makumi mapfumbamwe, ayo anogona kuiswa pane yakatsaurirwa sevha pane network yekambani.
Kunyangwe kuwanda kwemakina akadhawunirodha chaiwo, kune mashoma ekushanda gadziriso chete maviri anokwana: StealthWatch Management Console uye FlowCollector. Nekudaro, kana pasina network network inogona kutumira kunze Netflow kuFlowCollector, saka zvakare inofanirwa kuendesa FlowSensor, sezvo iyo yekupedzisira ichikubvumidza kuunganidza Netflow uchishandisa SPAN/RSPAN matekinoroji.
Sezvandambotaura, network yako chaiyo inogona kuita sebhenji rerabhoritari, sezvo StealthWatch ichingoda kopi, kana, zvakanyanya, kudzvanya kwekopi yetraffic. Mufananidzo uri pazasi unoratidza network yangu, apo pasuwo rekuchengetedza ini ndichagadzirisa iyo Netflow Exporter uye, semhedzisiro, inotumira Netflow kumuunganidzi.
Kuti uwane maVM emangwana, madoko anotevera anofanirwa kubvumidzwa pane yako firewall, kana uine imwe:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514 2055 UDP 6343 UDP XNUMX l UDP XNUMX XNUMX UDP XNUMX UDP
Mamwe acho masevhisi anozivikanwa, mamwe akachengeterwa Cisco masevhisi.
Mune yangu, ini ndakangoisa StelathWatch pane imwecheteyo network seCheck Point, uye ndaisafanira kugadzirisa chero mitemo yemvumo.
2. Kuisa FlowCollector uchishandisa VMware vSphere semuenzaniso
2.1. Dzvanya Bhurawuza uye sarudza OVF file1. Mushure mekutarisa kuwanikwa kwezvinhu, enda kumenyu Tarisa, Inventory β Networking (Ctrl+Shift+N).
2.2. MuNetiweki tebhu, sarudza New Distributed port group mune virtual switch settings.
2.3. Seta zita, ngarive StealthWatchPortGroup, mamwe ese magadzirirwo anogona kuitwa sezviri pascreenshot uye tinya Next.
2.4. Isu tinopedzisa kusikwa kwePort Group nebhatani rekupedzisa.
2.5. Ngatigadzirise marongero eiyo yakagadzirwa Port Group nekudzvanya-kurudyi pane boka rechiteshi uye kusarudza Rongedza Settings. MuChengetedzo tebhu, ita shuwa yekugonesa "unzenza modhi", Promiscuous Mode β Gamuchira β OK.
2.6. Semuenzaniso, ngatitorei kunze OVF FlowCollector, iyo yekurodha link iyo yakatumirwa neinjiniya weCisco mushure mekukumbira kweGVE. Tinya-kurudyi pane mugadziri waunoronga kuendesa iyo VM uye sarudza Deploy OVF Template. Nezve nzvimbo yakagoverwa, "ichatanga" pa50 GB, asi nokuda kwemamiriro ekurwisana inokurudzirwa kugovera 200 gigabytes.
2.7. Sarudza iyo folda iyo OVF faira iripo.
2.8. Dzvanya "Next".
2.9. Isu tinoratidza zita uye server kwatinoiisa.
2.10. Somugumisiro, tinowana mufananidzo unotevera uye tinya "Pedzisa".
2.11. Isu tinotevedzera nhanho dzakafanana kuendesa StealthWatch Management Console.
2.12. Iye zvino iwe unofanirwa kutsanangura ma network anodiwa munzvimbo dzekupindirana kuitira kuti FlowCollector ione zvese SMC nemidziyo iyo Netflow ichaendeswa kunze kwenyika.
3. Kutanga StealthWatch Management Console
3.1. Nekuenda kune iyo console yemuchina wakaiswa SMCVE, iwe uchaona nzvimbo yekupinda yako yekupinda uye password, nekusarudzika sysadmin/lan1cope.
3.2. Isu tinoenda kune Management chinhu, isa iyo IP kero uye mamwe ma network paramita, wobva wasimbisa shanduko yavo. Chigadzirwa chacho chichatangazve.
3.3. Enda kuwebhu interface (kuburikidza ne https kune kero yawakatsanangura mu SMC) uye tanga iyo console, default login/password - admin/lan411cope.
PS: zvinoitika kuti haina kuvhurika muGoogle Chrome, Explorer inogara ichibatsira.
3.4. Iva nechokwadi chekushandura mapassword, kuseta DNS, NTP maseva, domain, nezvimwe. Zvirongwa zviri intuitive.
3.5. Mushure mekudzvanya bhatani re "Shandisa", mudziyo unozotanga zvakare. Mushure me5-7 maminetsi unogona kubatana zvakare kune ino kero; StealthWatch ichagadziriswa kuburikidza newebhu interface.
4. Kuisa FlowCollector
4.1. Ndizvo zvakafanana nomuunganidzi. Kutanga, muCLI tinotsanangura IP kero, mask, domain, ipapo FC inotangazve. Iwe unogona ipapo kubatana newebhu interface pane yakatsanangurwa kero uye woita imwecheteyo yekutanga kuseta. Nekuda kwekuti marongero akafanana, akadzama skrini anosiiwa. Zvinyorwa kupinda zvimwe chete.
4.2. Pane pekupedzisira, unofanirwa kuseta IP kero yeSMC, mune iyi koni ichaona mudziyo, iwe uchafanirwa kusimbisa iyi kurongeka nekuisa zvitupa zvako.
4.3. Sarudza iyo domain yeStealthWatch, yakaiswa kare, uye chiteshi 2055 - yenguva dzose Netflow, kana uri kushanda ne sFlow, chiteshi 6343.
5. Netflow Exporter kugadzirisa
5.1. Kugadzirisa mutengesi weNetflow, ini ndinokurudzira zvikuru kutendeukira kune izvi , heano madhairekitori makuru ekugadzirisa iyo Netflow mutengesi kune akawanda madivayiri: Cisco, Tarisa Point, Fortinet.
5.2. Kwatiri, ndinodzokorora, tiri kuendesa kunze Netflow kubva kuCheck Point gedhi. Netflow exporter inogadziriswa mune iyo tebhu yezita rimwe chete muwebhu interface (Gaia Portal). Kuti uite izvi, tinya "Wedzera", tsanangura iyo Netflow vhezheni uye chiteshi chinodiwa.
6. Kuongorora kweStealthWatch kushanda
6.1. Kuenda kune SMC web interface, pane yekutanga peji yeDashboards> Network Security unogona kuona kuti traffic yatanga!
6.2. Mamwe marongero, semuenzaniso, kupatsanura mauto mumapoka, kutarisa nzvimbo dzemunhu, mutoro wavo, maneja vateresi, uye nezvimwe, zvinongowanikwa muStealthWatch Java application. Ehe, Cisco iri kuendesa zvishoma nezvishoma mashandiro ese kune browser vhezheni uye isu tichakurumidza kusiya akadaro desktop mutengi.
Kuisa application, unofanira kutanga waisa (Ndakaisa vhezheni 8, kunyangwe zvichinzi inotsigirwa kusvika gumi) kubva kune yepamutemo Oracle webhusaiti.
Mukona yepamusoro yekurudyi yewebhu interface ye manejimendi console, kuti utore, unofanirwa kudzvanya bhatani re "Desktop Client".
Iwe unochengetedza uye nekuisa mutengi zvekumanikidza, java ingangove ichipika pazviri, ungangoda kuwedzera muenzi kune java kunze.
Nekuda kweizvozvo, mutengi akajeka anoratidzwa, umo zviri nyore kuona kurodha kwevanotengesa kunze, mainterface, kurwisa uye kuyerera kwavo.
7. StealthWatch Central Management
7.1. Iyo Central Management tebhu ine zvese zvishandiso zviri chikamu cheyakaiswa StealthWatch, senge: FlowCollector, FlowSensor, UDP-Director uye Endpoint Concetrator. Ikoko iwe unogona kugadzirisa zvigadziriso zvenetiweki uye masevhisi emidziyo, marezinesi, uye kudzima chishandiso nemaoko.
Unogona kuenda kwairi nekudzvanya pa "giya" mukona yekurudyi uye kusarudza Central Management.
7.2. Nekuenda kuGadzirisa Appliance Configuration muFlowCollector, uchaona SSH, NTP uye mamwe marongero etiweki ane chekuita neapp yacho pachayo. Kuti uende, sarudza Zviito β Rongedza Magadzirirwo eAppliance yechishandiso chinodiwa.
7.3. Rezinesi manejimendi inogona kuwanikwa zvakare muCentral Management> Tonga Marezenisi tebhu. Marezinesi ekuyedzwa kana ari chikumbiro cheGVE anopihwa 90 mazuva.
Chigadzirwa chakagadzirira kuenda! Muchikamu chinotevera, tichatarisa kuti StealthWatch inogona sei kuziva kurwiswa uye kugadzira mishumo.
Source: www.habr.com