Lumela basebetsi-'moho! Ha u se u entse qeto ea litlhokahalo tse tlase tsa ho kenya StealthWatch ho , re ka qala ho tsamaisa sehlahisoa.
1. Mekhoa ea ho tsamaisa StealthWatch
Ho na le mekhoa e mengata ea ho "tšoara" StealthWatch:
- - tšebeletso ea leru bakeng sa mosebetsi oa laboratori;
- Cloud Based: - mona Netflow e tsoang sesebelisoa sa hau e tla phalla ka har'a leru 'me e tla hlahlojoa moo ke software ea StealthWatch;
- POV e sebakeng sa heno () - mokhoa oo ke o latetseng, ba tla u romella lifaele tsa 4 tsa OVF tsa mechine ea sebele e nang le li-license tse hahiloeng ka matsatsi a 90, tse ka sebelisoang ho seva se inehetseng ho marang-rang a khoebo.
Leha ho na le mochini o mongata o jarollotsoeng, bakeng sa tlhophiso e fokolang ea ts'ebetso ke tse 2 feela tse lekaneng: StealthWatch Management Console le FlowCollector. Leha ho le joalo, haeba ho se na sesebelisoa sa marang-rang se ka romelang Netflow ho FlowCollector, joale ho boetse hoa hlokahala hore u sebelise FlowSensor, kaha ea morao-rao e u lumella ho bokella Netflow ho sebelisa theknoloji ea SPAN / RSPAN.
Joalokaha ke boletse pejana, marang-rang a hau a 'nete a ka sebetsa joalo ka benche ea laboratori, kaha StealthWatch e hloka kopi feela, kapa, ka nepo, ho petetsa kopi ea sephethephethe. Setšoantšo se ka tlase se bontša marang-rang a ka, moo hekeng ea ts'ireletso ke tla lokisa Netflow Exporter 'me, ka lebaka leo, ke tla romela Netflow ho 'mokelli.
Ho fihlella li-VM tsa nako e tlang, likou tse latelang li lokela ho lumelloa ho firewall ea hau, haeba u na le eona:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514 UDP 2055 UDP 6343 UDP XNUMX
Tse ling tsa tsona ke litšebeletso tse tsebahalang, tse ling li boloketsoe litšebeletso tsa Cisco.
Tabeng ea ka, ke ile ka sebelisa StelathWatch marang-rang a tšoanang le Check Point, 'me ha kea tlameha ho hlophisa melao leha e le efe ea tumello.
2. Ho kenya FlowCollector ho sebelisa VMware vSphere e le mohlala
2.1. Tobetsa Browse ebe u khetha OVF file1. Ka mor'a ho hlahloba boteng ba lisebelisoa, e-ea ho menu View, Inventory → Networking (Ctrl+Shift+N).
2.2. Ka har'a tab ea Networking, khetha sehlopha sa New Distributed port ho li-setting tsa switjha tsa virtual.
2.3. Beha lebitso, e ke e be StealthWatchPortGroup, litlhophiso tse ling kaofela li ka etsoa joalo ka skrineng ebe o tobetsa E latelang.
2.4. Re phethela ho theha Sehlopha sa Port ka konopo ea Finish.
2.5. Ha re fetole litlhophiso tsa Sehlopha sa Port se entsoeng ka ho tobetsa ka ho le letona sehlopheng sa boema-kepe le ho khetha Edita Settings. Ka har'a tab ea Tšireletso, etsa bonnete ba hore u lumella "mokhoa oa boitšoaro bo hlephileng", Mokhoa oa Boitšoaro → Amohela → OK.
2.6. E le mohlala, a re ke re tlise OVF FlowCollector, sehokelo sa ho jarolla se rometsoeng ke moenjiniere oa Cisco ka mor'a kopo ea GVE. Tobetsa ka ho le letona ho moamoheli eo u rerang ho kenya VM ho eona ebe u khetha Deploy OVF Template. Mabapi le sebaka se fanoeng, e tla "qala" ho 50 GB, empa bakeng sa maemo a ntoa ho kgothaletswa ho aba 200 gigabytes.
2.7. Khetha foldara moo faele ea OVF e leng teng.
2.8. Tobetsa "E latelang".
2.9. Re bontša lebitso le seva moo re e romelang teng.
2.10. Ka lebaka leo, re fumana setšoantšo se latelang ebe o tobetsa "Qetella".
2.11. Re latela mehato e ts'oanang ho kenya StealthWatch Management Console.
2.12. Joale o hloka ho hlakisa marang-rang a hlokahalang ho li-interfaces e le hore FlowCollector e bone SMC le lisebelisoa tseo Netflow e tla romelloa ho tsona.
3. Ho qala StealthWatch Management Console
3.1. Ka ho ea komporong ea mochini o kentsoeng oa SMCVE, u tla bona sebaka sa ho kenya lebitso la hau la ho kena le password, ka boiketsetso sysadmin/lan1cope.
3.2. Re ea nthong ea Tsamaiso, beha aterese ea IP le mekhahlelo e meng ea marang-rang, ebe u netefatsa liphetoho tsa bona. Sesebelisoa se tla qala hape.
3.3. Eya ho sehokelo sa webo (ka https ho aterese eo u e boletseng ho SMC) 'me u qale khokahano, ho kena ka mokhoa oa kamehla / password - admin/lan411cope.
PS: ho etsahala hore ha e bulehe ho Google Chrome, Explorer e tla lula e thusa.
3.4. Etsa bonnete ba hore u fetola li-passwords, beha li-server tsa DNS, NTP, domain, joalo-joalo. Litlhophiso li bonolo.
3.5. Kamora ho tobetsa konopo ea "Etsa kopo", sesebelisoa se tla qala hape. Kamora metsotso e 5-7 o ka hokela hape atereseng ena; StealthWatch e tla laoloa ka sehokelo sa webo.
4. Ho theha FlowCollector
4.1. Hoa tšoana le ka 'mokelli. Ntlha ea pele, ho CLI re totobatsa aterese ea IP, mask, domain, ebe FC e qala hape. Joale o ka hokela ho sehokelo sa webo atereseng e boletsoeng ebe o etsa setup sa mantlha se tšoanang. Ka lebaka la hore litlhophiso li tšoana, li-screenshots tse qaqileng ha li lumelloe. Lintlha tsa bopaki ho kena e tšoanang.
4.2. Sebakeng sa penultimate, o hloka ho beha aterese ea IP ea SMC, tabeng ena console e tla bona sesebelisoa, o tla tlameha ho netefatsa boemo bona ka ho kenya lintlha tsa hau.
4.3. Khetha domain name bakeng sa StealthWatch, e ne e behiloe pejana, le boema-kepe 2055 - Netflow e tloaelehileng, haeba u sebetsa le sFlow, port 6343.
5. Tokiso ea Netflow Exporter
5.1. Ho hlophisa morekisi oa Netflow, ke khothaletsa haholo ho fetohela ho sena , mona ke litataiso tsa mantlha tsa ho hlophisa morekisi oa Netflow bakeng sa lisebelisoa tse ngata: Cisco, Check Point, Fortinet.
5.2. Tabeng ea rona, kea pheta, re romella Netflow ho tloha hekeng ea Check Point. Netflow exporter e hlophisitsoe ka har'a tabo ea lebitso le le leng sebakeng sa marang-rang (Gaia Portal). Ho etsa sena, tobetsa "Eketsa", hlalosa mofuta oa Netflow le koung e hlokahalang.
6. Tlhahlobo ea ts'ebetso ea StealthWatch
6.1. Ho ea ho SMC web interface, leqepheng la pele la Dashboards> Network Security u ka bona hore sephethephethe se qalile!
6.2. Litlhophiso tse ling, mohlala, ho arola baamoheli ka lihlopha, ho beha leihlo likhokahano tsa batho ka bomong, mojaro oa bona, balaoli ba babokelli, le tse ling, li ka fumaneha feela ho sesebelisoa sa StealthWatch Java. Ehlile, Cisco e ntse e fetisetsa lits'ebetso tsohle butle-butle ho mofuta oa sebatli mme haufinyane re tla lahla moreki ea joalo oa komporo.
Ho kenya kopo, o tlameha ho qala ka ho kenya (Ke kentse mofuta oa 8, leha ho boleloa hore e tšehetsoa ho fihla ho 10) ho tsoa webosaeteng ea semmuso ea Oracle.
K'honeng e kaholimo ho le letona la sebopeho sa webo sa khomphutha ea tsamaiso, ho jarolla, o tlameha ho tobetsa konopo ea "Desktop Client".
U boloka le ho kenya moreki ka likhoka, java e ka 'na ea e hlapanya, u ka hloka ho kenyelletsa moamoheli ho mekhelo ea java.
Ka lebaka leo, ho senoloa moreki ea hlakileng, moo ho leng bonolo ho bona ho jarolloa ha barekisi, li-interfaces, litlhaselo le phallo ea bona.
7. StealthWatch Central Management
7.1. Thebo ea Central Management e na le lisebelisoa tsohle tseo e leng karolo ea StealthWatch e kentsoeng, joalo ka: FlowCollector, FlowSensor, UDP-Director le Endpoint Concetrator. Ha u le moo u ka laola litlhophiso tsa marang-rang le lits'ebeletso tsa sesebediswa, laesense, le ho tima sesebelisoa ka letsoho.
U ka ea ho eona ka ho tobetsa "gear" k'honeng e kaholimo ho le letona ebe u khetha Central Management.
7.2. Ka ho ea ho Edit Appliance Configuration ho FlowCollector, u tla bona SSH, NTP le litlhophiso tse ling tsa marang-rang tse amanang le app ka boeona. Ho ea, khetha Actions → Fetola Sebopeho sa Sesebelisoa bakeng sa sesebelisoa se hlokahalang.
7.3. Taolo ya laesense le yona e ka fumanwa ho Taolo e Bohareng > Laola Dilaesense tab. Lilaesense tsa teko tabeng ea kopo ea GVE li fanoa bakeng sa Matsatsi a 90.
Sehlahisoa se loketse ho tsamaea! Karolong e latelang, re tla sheba hore na StealthWatch e ka lemoha litlhaselo joang le ho hlahisa litlaleho.
Source: www.habr.com