Molweni! Wamkelekile kwisifundo sesixhenxe sekhosi . Kulo siye saqhelana neeprofayili zokhuseleko ezifana noShicilelo lweWebhu, uLawulo lweSicelo kunye nokuhlolwa kwe-HTTPS. Kwesi sifundo siya kuqhubeka nentshayelelo yethu kwiiprofayile zokhuseleko. Okokuqala, siya kuqhelana nemiba yethiyori yokusebenza kwe-antivirus kunye nenkqubo yokuthintela ukungena, kwaye emva koko siya kujonga ukuba ezi profayili zokhuseleko zisebenza njani ekusebenzeni.
Masiqale nge-antivirus. Okokuqala, makhe sixoxe ngetekhnoloji esetyenziswa yiFortiGate ukubona iintsholongwane:
Ukuskena kweAntivirus yeyona ndlela ilula kwaye ikhawulezayo yokufumanisa iintsholongwane. Ibhaqa iintsholongwane ezihambelana ngokupheleleyo neesiginitsha eziqulethwe kwi-anti-virus database.
I-Grayware Scan okanye ukuskena inkqubo engafunekiyo - obu buchwepheshe bubona iinkqubo ezingafunekiyo ezifakwe ngaphandle kolwazi lomsebenzisi okanye imvume. Ngokobuchwephesha, ezi nkqubo azikho iintsholongwane. Zidla ngokuza zidityaniswe nezinye iinkqubo, kodwa xa zifakiwe zichaphazela kakubi inkqubo, yiyo loo nto zihlelwa njenge-malware. Rhoqo iinkqubo ezinjalo zinokubonwa kusetyenziswa utyikityo olulula lwe-greyware olusuka kwisiseko sophando seFortiGuard.
Ukuskena kwe-Heuristic - le teknoloji isekelwe kwizinto ezinokwenzeka, ngoko ke ukusetyenziswa kwayo kunokubangela imiphumo emihle yobuxoki, kodwa inokubona iintsholongwane zosuku lwe-zero. Iintsholongwane ze-Zero day ziintsholongwane ezintsha ezingekaphononongwa, kwaye akukho zisayino ezinokuzibona. Ukuskena kwe-Heuristic akwenziwanga ngokungagqibekanga kwaye kufuneka kwenziwe kumgca womyalelo.
Ukuba zonke izixhobo ze-antivirus zenziwe zasebenza, i-FortiGate izisebenzisa ngolu hlobo lulandelayo: ukuskena kwe-antivirus, ukuskena kwe-grayware, ukuskena kwe-heuristic.
I-FortiGate inokusebenzisa ii-database ezininzi ze-anti-virus, kuxhomekeke kwimisebenzi:
- I-database ye-antivirus eqhelekileyo (Eqhelekileyo) - equlethwe kuzo zonke iimodeli ze-FortiGate. Iquka utyikityo lweentsholongwane ezifunyenwe kwiinyanga zakutshanje. Le yeyona datha incinci ye-antivirus, ngoko ke ihlola ngokukhawuleza xa isetyenziswa. Nangona kunjalo, le database ayikwazi ukubona zonke iintsholongwane ezaziwayo.
- Ukwandiswa - esi siseko sixhaswa yimizekelo emininzi yeFortiGate. Ingasetyenziselwa ukubona iintsholongwane ezingasasebenziyo. Amaqonga amaninzi asesichengeni kwezi ntsholongwane. Kwakhona, ezi ntsholongwane zinokubangela iingxaki kwixesha elizayo.
- Kwaye okokugqibela, isiseko esigqithisileyo (Esiphezulu) - sisetyenziswa kwiziseko zophuhliso apho kufuneka izinga eliphezulu lokhuseleko. Ngoncedo lwayo, unokubona zonke iintsholongwane ezaziwayo, kubandakanywa iintsholongwane ezijoliswe kwiinkqubo zokusebenza eziphelelwe yisikhathi, ezingasasazwanga ngokubanzi okwangoku. Olu hlobo logcino lwedatha aluxhaswanga yiyo yonke imifuziselo yeFortiGate.
Kukwakho nogcino lwedatha olwenzelwe ukuskena ngokukhawuleza. Siza kuthetha ngayo kamva.
Unokuhlaziya i-anti-virus yedatha usebenzisa iindlela ezahlukeneyo.
Indlela yokuqala yi-Push Update, evumela ukuba i-database ihlaziywe ngokukhawuleza ukuba i-database yophando ye-FortiGuard ikhupha ukuhlaziywa. Oku kuluncedo kwiziseko ezingundoqo ezifuna umgangatho ophezulu wokhuseleko, kuba i-FortiGate iya kufumana uhlaziyo oluphuthumayo ngokukhawuleza ukuba lukhona.
Indlela yesibini kukuseta ishedyuli. Ngale ndlela unokujonga uhlaziyo rhoqo ngeyure, usuku okanye iveki. Oko kukuthi, apha uluhlu lwexesha lusekwe ngokubona kwakho.
Ezi ndlela zinokusetyenziswa kunye.
Kodwa kufuneka uhlale ukhumbula ukuba ukuze kwenziwe uhlaziyo, kufuneka uvule iprofayile ye-antivirus ubuncinane ipolisi enye yomlilo. Ngaphandle koko, uhlaziyo aluyi kwenziwa.
Unokukhuphela uhlaziyo kwindawo yenkxaso ye-Fortinet kwaye emva koko uzilayishe ngesandla kwi-FortiGate.
Makhe sijonge iindlela zokuskena. Zintathu kuphela-iMowudi egcweleyo kwimowudi eSekwe ngokuHamba, iMowudi eKhawulezayo kwimowudi eSekwe ngokuHamba, kunye neMowudi egcweleyo kwimowudi yommeleli. Masiqale ngeMowudi egcweleyo kwimowudi yokuHamba.
Masithi umsebenzisi ufuna ukukhuphela ifayile. Uthumela isicelo. Umncedisi uqalisa ukumthumelela iipakethi ezenza ifayile. Umsebenzisi ufumana ngokukhawuleza ezi phakheji. Kodwa ngaphambi kokuhambisa ezi pakethe kumsebenzisi, i-FortiGate iyazigcina. Emva kokuba iFortiGate ifumene ipakethi yokugqibela, iqala ukuskena ifayile. Ngeli xesha, ipakethi yokugqibela ibekwe emgceni kwaye ayithunyelwa kumsebenzisi. Ukuba ifayile ayinazo iintsholongwane, ipakethi yamva nje ithunyelwa kumsebenzisi. Ukuba intsholongwane ifunyenwe, i-FortiGate iqhawula umdibaniso nomsebenzisi.
Imo yesibini yokuskena ekhoyo kwi-Flow Based yiMowudi eKhawulezayo. Isebenzisa i-database ye-compact signature, equlethe iisignesha ezimbalwa kunesiseko sedatha esiqhelekileyo. Ikwanazo nemida ethile xa kuthelekiswa neMowudi egcweleyo:
- Ayinakuthumela iifayile kwibhokisi yesanti
- Ayinakusebenzisa uhlalutyo lwe-heuristic
- Kananjalo ayinakusebenzisa iipakethe ezinxulumene ne-malware ephathwayo
- Ezinye iimodeli zomgangatho wokungena aziyixhasi le modi.
Imowudi ekhawulezayo ikwajonga ukugcwala kweentsholongwane, iintshulube, iitrojans kunye ne-malware, kodwa ngaphandle kokuphazamiseka. Oku kunika ukusebenza okungcono, kodwa kwangaxeshanye amathuba okufumanisa intsholongwane ayancitshiswa.
Kwimo yommeli, ekuphela kwendlela yokuskena ekhoyo yiMowudi egcweleyo. Ngeskeni esinjalo, i-FortiGate igcina kuqala yonke ifayile kuyo ngokwayo (ngaphandle kokuba, ngokuqinisekileyo, ubungakanani befayile obuvumelekileyo bokuskena bugqithisiwe). Umxhasi kufuneka alinde ukuskena kugqitywe. Ukuba intsholongwane ifunyenwe ngexesha lokuskena, umsebenzisi uya kwaziswa ngokukhawuleza. Kuba iFortiGate igcina kuqala yonke ifayile kwaye emva koko iyiskena, oku kunokuthatha ixesha elide. Ngenxa yoku, kunokwenzeka ukuba umxhasi aphelise uxhulumaniso ngaphambi kokufumana ifayile ngenxa yokulibaziseka kwexesha elide.
Lo mzobo ungezantsi ubonisa itheyibhile yokuthelekisa iindlela zokuskena - iya kukunceda ukuba ubone ukuba loluphi uhlobo lokuskena olulungele imisebenzi yakho. Ukumisela kunye nokujonga ukusebenza kwe-antivirus kuxoxwa ngokusebenza kwividiyo ekupheleni kwenqaku.
Masiqhubele phambili kwinxalenye yesibini yesifundo - inkqubo yokuthintela ukungena. Kodwa ukuze uqalise ukufunda i-IPS, kufuneka uqonde umahluko phakathi kokuxhaphaza kunye nezinto ezingaqhelekanga, kwaye uqonde nokuba zeziphi iindlela ezisetyenziswa yiFortiGate ukukhusela kubo.
Ukuxhaphaza kuhlaselo olwaziwayo oluneepateni ezithile ezinokubonwa kusetyenziswa i-IPS, i-WAF, okanye isayinwe ye-antivirus.
I-Anomalies yimpatho engaqhelekanga kuthungelwano, efana nenani elikhulu ngokungaqhelekanga letrafikhi okanye ngaphezulu kosetyenziso lwe-CPU oluqhelekileyo. Iziphazamiso kufuneka zibekwe esweni kuba isenokuba ziimpawu zohlaselo olutsha, olungajongwanga. I-anomalies idla ngokubonwa kusetyenziswa uhlalutyo lokuziphatha - okubizwa ngokuba yimisayino esekelwe kwizinga kunye nemigaqo-nkqubo ye-DoS.
Ngenxa yoko, i-IPS kwi-FortiGate isebenzisa iziseko zesignesha ukuze ibone ukuhlaselwa okwaziwayo, kunye neesignesha ezisekelwe kwiRate-Based kunye nemigaqo-nkqubo ye-DoS ukufumanisa ukungahambi kakuhle.
Ngokungagqibekanga, iseti yokuqala yeesayino ze-IPS zibandakanyiwe nenguqulelo nganye yenkqubo yokusebenza yeFortiGate. Ngohlaziyo, iFortiGate ifumana iisignesha ezintsha. Ngale ndlela, i-IPS ihlala isebenza ngokuchasene nezinto ezintsha. I-FortiGuard ihlaziya iisignesha ze-IPS rhoqo.
Inqaku elibalulekileyo elisebenza kuzo zombini ii-IPS kunye ne-antivirus kukuba ukuba iilayisensi zakho ziphelelwe lixesha, usengasebenzisa utyikityo lwamva nje olufunyenweyo. Kodwa awuzukwazi ukufumana ezintsha ngaphandle kweelayisensi. Ke ngoko, ukungabikho kweelayisenisi akunqweneleki kakhulu - ukuba kuvela uhlaselo olutsha, awuyi kukwazi ukuzikhusela ngeesignesha ezindala.
Ugcino lwedatha ye-IPS lwahlulahlulwe lwaba rhoqo kwaye lwandisiwe. Ugcino lwedatha oluqhelekileyo luqulathe utyikityo lohlaselo oluqhelekileyo olungafane lubangele okanye lungaze lubangele iziphumo zobuxoki. Intshukumo esele iqwalaselwe uninzi lwale misayino ibhloka.
I-database eyandisiweyo iqulethe iisignesha zokuhlaselwa ezongezelelweyo ezinempembelelo enkulu ekusebenzeni kwenkqubo, okanye ezingenako ukuvalelwa ngenxa yobume bazo obukhethekileyo. Ngenxa yobukhulu bale database, ayifumaneki kwiimodeli zeFortiGate ezinediski encinci okanye i-RAM. Kodwa kwiindawo ezikhuseleke kakhulu, unokufuna ukusebenzisa isiseko esandisiweyo.
Ukuseta kunye nokujonga ukusebenza kwe-IPS kuxoxwe kwakhona kwividiyo engezantsi.
Kwisifundo esilandelayo siza kujonga ukusebenza nabasebenzisi. Ukuze ungaphoswa, landela uhlaziyo kula majelo alandelayo:
umthombo: www.habr.com