Wamkelekile kwisikhumbuzo-isifundo se-10. Kwaye namhlanje siza kuthetha ngenye i-Check Point blade - Ukwazisa ngesazisi. Ekuqaleni, xa sichaza i-NGFW, sinqume ukuba kufuneka ikwazi ukulawula ukufikelela ngokusekelwe kwi-akhawunti, kungekhona idilesi ye-IP. Oku kuqala kungenxa yokwanda kokushukuma kwabasebenzisi kunye nokusasazeka kwemodeli ye-BYOD - yiza nesixhobo sakho. Kunokuba baninzi abantu kwinkampani enxibelelana ngeWiFi, ifumana i-IP eguqukayo, kwaye nakwicandelo lenethiwekhi ezahlukeneyo. Zama ukwenza uluhlu lofikelelo ngokusekelwe kumanani e-IP apha. Apha awukwazi ukwenza ngaphandle kokuchongwa komsebenzisi. Kwaye yi-Identity Awareness blade eya kusinceda kulo mba.
Kodwa kuqala, makhe sijonge ukuba yeyiphi isazisi somsebenzisi esihlala sisetyenziselwa?
- Ukunqanda ukufikelela kwinethiwekhi ngeeakhawunti zomsebenzisi kuneedilesi ze-IP. Ukufikelela kunokulawulwa zombini ngokulula kwi-Intanethi nakwamanye amacandelo enethiwekhi, umzekelo iDMZ.
- Ukufikelela ngeVPN. Vumelana ukuba kulunge ngakumbi kumsebenzisi ukuba asebenzise i-akhawunti yakhe yendawo yokugunyazisa, kunelinye igama eliyimfihlo elenziweyo.
- Ukulawula iNdawo yokuHlola, ufuna kwakhona iakhawunti enokuba namalungelo awohlukeneyo.
- Kwaye eyona nto ingcono kukunika ingxelo. Kuhle kakhulu ukubona abasebenzisi abathile kwiingxelo kuneedilesi zabo ze-IP.
Kwangaxeshanye, Jonga iPoint ixhasa iindidi ezimbini zeeakhawunti:
- Abasebenzisi bangaphakathi beNgingqi. Umsebenzisi wenziwa kwisiseko sedatha yendawo yomncedisi wolawulo.
- Abasebenzisi bangaphandle. Isiseko sabasebenzisi bangaphandle sinokuba yiMicrosoft Active Directory okanye nayiphi na enye iseva yeLDAP.
Namhlanje siza kuthetha malunga nokufikelela kwinethiwekhi. Ukulawula ukufikelela kwinethiwekhi, phambi kwe-Active Directory, ebizwa Indima yokufikelela, evumela iinketho ezintathu zabasebenzisi:
- womnatha - okt. inethiwekhi umsebenzisi azama ukuqhagamshela kuyo
- Umsebenzisi weAD okanye iQela lomsebenzisi β le datha itsalwa ngqo kwiseva yeAD
- machine - isikhululo somsebenzi.
Kule meko, ukuchongwa komsebenzisi kunokwenziwa ngeendlela ezininzi:
- AD Umbuzo. Khangela Indawo ifunda iilog zeseva ye-AD kubasebenzisi abaqinisekisiweyo kunye needilesi zabo ze-IP. Iikhompyuter ezikummandla weAD zichongwa ngokuzenzekelayo.
- Uqinisekiso oluSekwe kwisikhangeli. Ukuchongwa ngesikhangeli somsebenzisi (I-Captive Portal okanye i-Transparent Kerberos). Uninzi lusetyenziswa rhoqo kwizixhobo ezingekho kwindawo.
- Iiseva zeterminal. Kule meko, ukuchongwa kuqhutyelwa ngokusebenzisa i-arhente ekhethekileyo ye-terminal (efakwe kwi-server ye-terminal).
Ezi zezona zikhetho zintathu ziqhelekileyo, kodwa kukho ezintathu ezingakumbi:
- Iiarhente zesazisi. I-arhente ekhethekileyo ifakwe kwiikhomputha zabasebenzisi.
- Isazisi Collector. Isixhobo esahlukileyo esifakwe kwi-Windows Server kwaye siqokelela iilog zokuqinisekisa endaweni yesango. Ngapha koko, ukhetho olunyanzelekileyo lwamanani amakhulu abasebenzisi.
- I-RADIUS Accounting. Ewe, besiya kuba phi ngaphandle kweRADIUS endala elungileyo.
Kwesi sifundo ndiza kubonisa ukhetho lwesibini-Isekwe kwisikhangeli. Ndicinga ukuba ithiyori yanele, masiqhubele phambili siziqhelanise.
Isifundo sevidiyo
Hlala ubukele ngakumbi kwaye uzibandakanye nathi π
umthombo: www.habr.com