Sanibonani! Siyakwamukela esifundweni sesikhombisa sesifundo . Kuvuliwe sajwayelana namaphrofayili okuphepha anjengokuhlunga Kwewebhu, Ukulawulwa Kohlelo Lokusebenza kanye nokuhlolwa kwe-HTTPS. Kulesi sifundo sizoqhubeka nesingeniso sethu samaphrofayili okuphepha. Okokuqala, sizojwayelana nezici zethiyori zokusebenza kwe-antivirus kanye nohlelo lokuvimbela ukungena, bese sibheka ukuthi la maphrofayili okuphepha asebenza kanjani ekusebenzeni.
Ake siqale nge-antivirus. Okokuqala, ake sixoxe ngobuchwepheshe obusetshenziswa yiFortiGate ukuthola amagciwane:
Ukuskena kwe-antivirus kuyindlela elula neshesha kakhulu yokuthola amagciwane. Ithola amagciwane afana ngokuphelele namasiginesha aqukethwe kusizindalwazi se-anti-virus.
I-Grayware Scan noma ukuskena kohlelo okungafunwa - lobu buchwepheshe buthola izinhlelo ezingafuneki ezifakwe ngaphandle kolwazi noma imvume yomsebenzisi. Ngobuchwepheshe, lezi zinhlelo aziwona amagciwane. Ngokuvamile zifika sezihlanganiswe nezinye izinhlelo, kodwa uma zifakiwe ziba nomthelela omubi ohlelweni, yingakho zihlukaniswa njenge-malware. Ngokuvamile izinhlelo ezinjalo zingatholwa kusetshenziswa amasiginesha alula e-grayware asuka kusisekelo socwaningo se-FortiGuard.
Ukuskena kwe-Heuristic - lobu buchwepheshe busekelwe emathubeni, ngakho-ke ukusetshenziswa kwawo kungabangela imiphumela emihle engamanga, kodwa futhi kungathola amagciwane osuku lwe-zero. Amagciwane osuku lwe-Zero angamagciwane amasha angakahlolisiswa, futhi awekho amasiginesha angawathola. Ukuskena kwe-Heuristic akuvunyelwe ngokuzenzakalelayo futhi kufanele kunikwe amandla emugqeni womyalo.
Uma wonke amandla okuvikela amagciwane evuliwe, i-FortiGate iwasebenzisa ngokulandelana okulandelayo: ukuskena kwe-antivirus, ukuskena kwe-grayware, ukuskena kwe-heuristic.
I-FortiGate ingasebenzisa imininingwane eminingi yokulwa namagciwane, kuye ngemisebenzi:
- I-database evamile ye-antivirus (Ejwayelekile) - equkethwe kuwo wonke amamodeli we-FortiGate. Kubandakanya amasignesha amagciwane atholwe ezinyangeni ezedlule. Lesi isizindalwazi esincane kakhulu se-antivirus, ngakho siskena esisheshayo uma sisetshenziswa. Nokho, le database ayikwazi ukubona wonke amagciwane aziwayo.
- Kunwetshiwe - lesi sisekelo sisekelwa amamodeli amaningi we-FortiGate. Ingasetshenziswa ukuthola amagciwane angasasebenzi. Izinkundla eziningi zisasengozini kulawa magciwane. Futhi, lawa magciwane angabangela izinkinga esikhathini esizayo.
- Futhi isisekelo sokugcina, esidlulele (Extreme) - sisetshenziswa kwingqalasizinda lapho kudingeka izinga eliphezulu lokuphepha. Ngosizo lwayo, ungathola wonke amagciwane aziwayo, kuhlanganise namagciwane ahloselwe izinhlelo zokusebenza eziphelelwe yisikhathi, ezingasatshalaliswa kabanzi okwamanje. Lolu hlobo lwedathabheyisi yesiginesha nalo alusekelwa yiwo wonke amamodeli we-FortiGate.
Kukhona futhi isizindalwazi sesignesha esihlangene esiklanyelwe ukuskena ngokushesha. Sizoxoxa ngakho ngemva kwesikhashana.
Ungabuyekeza isizindalwazi esilwa namagciwane usebenzisa izindlela ezahlukene.
Indlela yokuqala i-Push Update, evumela ukuthi imininingwane yolwazi ibuyekezwe ngokushesha nje lapho isizindalwazi socwaningo lwe-FortiGuard sikhipha isibuyekezo. Lokhu kuyasiza ezingqalasizinda ezidinga izinga eliphezulu lokuphepha, njengoba i-FortiGate izothola izibuyekezo eziphuthumayo ngokushesha nje lapho sezitholakala.
Indlela yesibili iwukusetha isimiso. Ngale ndlela ungabheka izibuyekezo njalo ngehora, usuku noma isonto. Okusho ukuthi, lapha ibanga lesikhathi lisethwe ngokubona kwakho.
Lezi zindlela zingasetshenziswa ndawonye.
Kodwa udinga ukukhumbula ukuthi ukuze kwenziwe ukubuyekezwa, kufanele unike amandla iphrofayela ye-antivirus okungenani inqubomgomo eyodwa yohlelo lokuvikela. Uma kungenjalo, izibuyekezo ngeke zenziwe.
Futhi ungadawuniloda izibuyekezo kusayithi losekelo lwe-Fortinet bese uzilayisha mathupha ku-FortiGate.
Ake sibheke izindlela zokuskena. Zintathu kuphela - Imodi Egcwele kumodi Esekelwe Ukugeleza, Imodi Esheshayo kumodi Esekelwe Ukugeleza, kanye Nemodi Egcwele kumodi yommeleli. Ake siqale ngeModi Egcwele kumodi yokugeleza.
Ake sithi umsebenzisi ufuna ukulanda ifayela. Uthumela isicelo. Iseva iqala ukumthumelela amaphakethe akha ifayela. Umsebenzisi uthola ngokushesha lawa maphakheji. Kodwa ngaphambi kokuletha lawa maphakethe kumsebenzisi, i-FortiGate iyawagcina. Ngemuva kokuthi i-FortiGate ithole iphakethe lokugcina, iqala ukuskena ifayela. Ngalesi sikhathi, iphakethe lokugcina likulayini futhi alidluliselwa kumsebenzisi. Uma ifayela lingawaqukethe amagciwane, iphakethe lakamuva lithunyelwa kumsebenzisi. Uma kutholwa igciwane, i-FortiGate iphula ukuxhumana nomsebenzisi.
Imodi yesibili yokuskena etholakala ku-Flow Based yi-Quick Mode. Isebenzisa idatha egciniwe yesiginesha ehlangene, equkethe amasiginesha ambalwa kunesizindalwazi esivamile. Futhi inemikhawulo ethile uma iqhathaniswa neModi Egcwele:
- Ayikwazi ukuthumela amafayela ku-sandbox
- Ayikwazi ukusebenzisa ukuhlaziywa kwe-heuristic
- Futhi ayikwazi ukusebenzisa amaphakheji ahlobene nohlelo olungayilungele ikhompuyutha yeselula
- Amanye amamodeli weleveli yokungena awasekeli le modi.
Imodi esheshayo iphinda ihlole ithrafikhi ukuze ibone amagciwane, izikelemu, ama-trojan nohlelo olungayilungele ikhompuyutha, kodwa ngaphandle kokubhafa. Lokhu kunikeza ukusebenza okungcono, kodwa ngesikhathi esifanayo amathuba okuthola igciwane ayancipha.
Kumodi ye-Proxy, imodi yokuskena kuphela etholakalayo i-Full Mode. Ngokuskena okunjalo, i-FortiGate igcina kuqala lonke ifayela kuyona (ngaphandle uma kunjalo, usayizi wefayela ovumelekile wokuskena weqiwe). Iklayenti kufanele lilinde ukuskena kuqedwe. Uma igciwane litholwa ngesikhathi sokuskena, umsebenzisi uzokwaziswa ngokushesha. Ngenxa yokuthi i-FortiGate iqala ngokugcina lonke ifayela bese iyaliskena, lokhu kungathatha isikhathi eside. Ngenxa yalokhu, kungenzeka ukuthi iklayenti linqamule ukuxhumana ngaphambi kokuthola ifayela ngenxa yokubambezeleka isikhathi eside.
Isithombe esingezansi sibonisa ithebula lokuqhathanisa lamamodi okuskena - lizokusiza ukuthi unqume ukuthi yiluphi uhlobo lokuskena olulungele imisebenzi yakho. Ukusetha nokuhlola ukusebenza kwe-antivirus kuxoxwa ngokusebenza kuvidiyo ekupheleni kwesihloko.
Masiqhubekele engxenyeni yesibili yesifundo - uhlelo lokuvimbela ukungena. Kodwa ukuze uqale ukufunda i-IPS, udinga ukuqonda umehluko phakathi kokuxhaphaza nokudidayo, futhi uqonde ukuthi yiziphi izindlela ezisetshenziswa yi-FortiGate ukuvikela kuzo.
Ukuxhaphaza ukuhlasela okwaziwayo okunamaphethini athile angatholwa kusetshenziswa amasiginesha e-IPS, WAF, noma alwa namagciwane.
Okudidayo ukuziphatha okungajwayelekile kunethiwekhi, njengenani elikhulu ngokungavamile lethrafikhi noma ngaphezulu kokusetshenziswa kwe-CPU evamile. Okudidayo kudinga ukugadwa ngoba kungase kube izimpawu zokuhlasela okusha, okungahloliwe. Okudidayo kuvame ukutholwa kusetshenziswa ukuhlaziywa kokuziphatha - lokho okubizwa ngokuthi amasiginesha asuselwa kusilinganiso kanye nezinqubomgomo ze-DoS.
Ngenxa yalokho, i-IPS ku-FortiGate isebenzisa izisekelo zesiginesha ukuze ithole ukuhlasela okwaziwayo, kanye namasiginesha Asekelwe Ngokwesilinganiso kanye nezinqubomgomo ze-DoS ukuze kutholwe iziphazamiso ezihlukahlukene.
Ngokuzenzakalelayo, isethi yokuqala yamasiginesha e-IPS ifakiwe nenguqulo ngayinye yesistimu yokusebenza ye-FortiGate. Ngezibuyekezo, i-FortiGate ithola amasiginesha amasha. Ngale ndlela, i-IPS ihlala isebenza ngokumelene nokuxhashazwa okusha. I-FortiGuard ibuyekeza amasignesha e-IPS kaningi.
Iphuzu elibalulekile elisebenza kukho kokubili i-IPS ne-antivirus ukuthi uma amalayisense akho ephelelwe yisikhathi, usengasebenzisa amasiginesha akamuva atholiwe. Kodwa ngeke ukwazi ukuthola ezintsha ngaphandle kwamalayisensi. Ngakho-ke, ukungabi khona kwamalayisensi kuyinto engathandeki kakhulu - uma kuvela ukuhlaselwa okusha, ngeke ukwazi ukuzivikela ngamasignesha amadala.
Imininingo egciniwe yesiginesha ye-IPS ihlukaniswe yaba evamile futhi yandisiwe. Isizindalwazi esijwayelekile siqukethe amasiginesha okuhlasela okuvamile okungavamisile noma okungalokothi kubangele amanga. Isenzo esilungiselelwe ngaphambili salezi ziginesha eziningi siwukuvimba.
Isizindalwazi esinwetshiwe siqukethe amasiginesha engeziwe okuhlasela anomthelela omkhulu ekusebenzeni kwesistimu, noma angakwazi ukuvinjwa ngenxa yemvelo yawo ekhethekile. Ngenxa yobukhulu bale database, ayitholakali kumamodeli e-FortiGate anediski elincane noma i-RAM. Kodwa ezindaweni ezivikeleke kakhulu, kungase kudingeke usebenzise isisekelo esinwetshiwe.
Ukusetha nokuhlola ukusebenza kwe-IPS nakho kuyaxoxwa ngakho kuvidiyo engezansi.
Esifundweni esilandelayo sizobheka ukusebenza nabasebenzisi. Ukuze ungaphuthelwa, landela izibuyekezo eziteshini ezilandelayo:
Source: www.habr.com