Wamkelekile kwikhosi yethu encinci elandelayo. Ngeli xesha siza kuthetha ngenkonzo yethu entsha -
Apha, masenze uphambuko oluncinane. Ndiqinisekile ukuba abantu abaninzi ngoku bacinga: βYahluke njani le
Yintoni enokwenziwa ngumlawuli wothungelwano esebenzisa olu phicotho:
- Uhlalutyo lwetrafikhi yenethiwekhi - ukuba iziteshi zilayishwa njani, zeziphi iiprotocol ezisetyenzisiweyo, zeziphi iiseva okanye abasebenzisi abasebenzisa inani elikhulu letrafikhi.
- Ulibaziseko lwenethiwekhi kunye nelahleko - ixesha lokuphendula eliphakathi kweenkonzo zakho, ubukho belahleko kuwo onke amajelo akho (amandla okufumana i-bottleneck).
- Uhlalutyo lwendlela yomsebenzisi - uhlalutyo olubanzi lwetrafikhi yabasebenzisi. Umthamo wezithuthi, izicelo ezisetyenzisiweyo, iingxaki ekusebenzeni neenkonzo zequmrhu.
- Uvavanyo lwentsebenzo yesicelo - ukuchonga imbangela yeengxaki ekusebenzeni kwezicelo zenkampani (ukulibaziseka kwenethiwekhi, ixesha lokuphendula leenkonzo, i-database, izicelo).
- esweni SLA -Izibhaqa ngokuzenzekelayo kwaye inike ingxelo yokulibaziseka kunye nelahleko xa usebenzisa usetyenziso lwakho lwewebhu lusekwe kwitrafikhi yokwenyani.
- Khangela izinto ezididayo kwinethiwekhi - I-DNS / DHCP spoofing, iilophu, iiseva ze-DHCP zobuxoki, i-DNS engaqhelekanga / i-SMTP traffic kunye nokunye okuninzi.
- Iingxaki ngolungelelwaniso β ukufunyanwa komsebenzisi ongekho mthethweni okanye itrafikhi yeseva, enokuthi ibonise useto olungachanekanga lokutshintsha okanye iindonga zomlilo.
- Ingxelo ebanzi - ingxelo eneenkcukacha malunga nobume besiseko sakho se-IT, ekuvumela ukuba ucwangcise umsebenzi okanye uthenge izixhobo ezongezelelweyo.
Yintoni enokwenziwa yingcali yokhuseleko yolwazi:
- Umsebenzi wentsholongwane - ibona i-viral traffic ngaphakathi kwenethiwekhi, kubandakanywa ne-malware engaziwayo (i-0-day) ngokusekelwe kuhlalutyo lokuziphatha.
- Ukuhanjiswa kweransomware - ukukwazi ukubona i-ransomware, nokuba isasazeka phakathi kweekhompyuter ezingabamelwane ngaphandle kokushiya icandelo layo.
- Umsebenzi ongaqhelekanga -itrafikhi engaqhelekanga yabasebenzisi, iiseva, usetyenziso, i-ICMP/DNS tunneling. Ukuchonga izoyikiso zokwenyani okanye ezinokubakho.
- Uhlaselo lwenethiwekhi - ukuskena kwezibuko, ukuhlaselwa kwe-brute-force, i-DoS, i-DDoS, i-traffic interception (MITM).
- Ukuvuza kwedatha yenkampani - ukufunyanwa kokukhuphela okungaqhelekanga (okanye ukulayishwa) kwedatha yenkampani kwiiseva zeefayile zenkampani.
- Izixhobo ezingagunyaziswanga - ukufunyanwa kwezixhobo ezingekho mthethweni ezixhunywe kwinethiwekhi yenkampani (ukugqiba umenzi kunye nenkqubo yokusebenza).
- izicelo ezingafunwayo Ukusetyenziswa kwezicelo ezingavumelekanga kwinethiwekhi (Bittorent, TeamViewer, VPN, Anonymizers, njl.).
- IiCryptominers kunye neBotnets β ukujonga inethiwekhi yezixhobo ezosulelekileyo eziqhagamshela kwiiseva zeC&C ezaziwayo.
Ingxelo
Ngokusekwe kwiziphumo zophicotho, uya kuba nakho ukubona zonke ii-analytics kwi-Flowmon dashboards okanye kwiingxelo zePDF. Ngezantsi kukho imizekelo ethile.
Uhlalutyo lwendlela jikelele
Ideshibhodi yesiko
Umsebenzi ongaqhelekanga
Izixhobo ezifunyenweyo
Iskimu sovavanyo oluqhelekileyo
Imeko #1 - ofisi enye
Into ephambili kukuba unokuhlalutya zombini i-traffic yangaphandle nangaphakathi engahlalutywanga ngezixhobo zokukhusela i-perimeter network (NGFW, IPS, DPI, njl.).
Imeko #2 - iiofisi ezininzi
Isifundo sevidiyo
Isishwankathelo
I-CheckFlow audit lelona thuba libalaseleyo kubaphathi be-IT/IS:
- Ukuchonga iingxaki ezikhoyo kunye nezinokwenzeka kwiziseko zakho ze-IT;
- Ukufumanisa iingxaki ngokhuseleko lolwazi kunye nokusebenza kwamanyathelo okhuseleko akhoyo;
- Chonga ingxaki ephambili ekusebenzeni kwezicelo zeshishini (inxalenye yenethiwekhi, inxalenye yeseva, isoftware) kunye nabo banoxanduva lokuyicombulula;
- Ukunciphisa kakhulu ixesha lokusombulula iingxaki kwiziseko ze-IT;
- Qinisekisa isidingo sokwandisa amajelo, umthamo weseva okanye ukuthengwa okongeziweyo kwezixhobo zokukhusela.
Ndikwacebisa ukufunda inqaku lethu elidlulileyo -
Ukuba unomdla kwesi sihloko, hlala ubukele (
Ngabasebenzisi ababhalisiweyo kuphela abanokuthatha inxaxheba kuphando.
Ngaba usebenzisa abahlalutyi be-NetFlow/sFlow/jFlow/IPFIX?
-
55,6%Ewe5
-
11,1%Hayi, kodwa ndiceba ukusebenzisa1
-
33,3%No3
Bali-9 abasebenzisi abavotileyo. Umsebenzisi om-1 akakhange.
umthombo: www.habr.com