1. I-CheckFlow - ukuhlolwa okuphelele okusheshayo namahhala kwethrafikhi yenethiwekhi yangaphakathi kusetshenziswa i-Flowmon

Siyakwamukela esifundweni sethu esilandelayo esincane. Lesi sikhathi sizokhuluma ngenkonzo yethu entsha - HlolaUkugeleza. Yini? Eqinisweni, leli yigama nje lokumaketha lokuhlolwa kwamahhala kwethrafikhi yenethiwekhi (kokubili kwangaphakathi nangaphandle). Ukucwaningwa kwamabhuku ngokwako kwenziwa kusetshenziswa ithuluzi elimangalisayo njenge I-Flowmon, okungase kusetshenziswe noma iyiphi inkampani, mahhala, izinsuku ezingama-30. Kodwa, ngiyakuqinisekisa ukuthi ngemva kwamahora okuqala okuhlola, uzoqala ukuthola ulwazi olubalulekile mayelana nenethiwekhi yakho. Ngaphezu kwalokho, lolu lwazi luzobaluleka njenge kubaphathi benethiwekhi, futhi konogada. Hhayi-ke, ake sixoxe ngokuthi luyini lolu lwazi nokuthi liyini inani (Ekugcineni kwesihloko, njengenjwayelo, kukhona isifundo sevidiyo).

Lapha, ake sithi ukuhlehla kancane. Ngiyaqiniseka ukuthi abantu abaningi manje bayacabanga: “Kuhluke kanjani lokhu Hlola Ukuhlola Ukuphepha Kwephoyinti? Ababhalisile bethu cishe bayazi ukuthi kuyini lokhu (sichithe umzamo omkhulu kulokhu) :) Ungasheshi ukuya eziphethweni, njengoba isifundo siqhubeka konke kuzongena endaweni.

Lokho umlawuli wenethiwekhi angakuhlola esebenzisa lolu cwaningo:

• Izibalo zethrafikhi yenethiwekhi — ukuthi iziteshi zilayishwa kanjani, yiziphi izivumelwano ezisetshenziswayo, yiziphi iziphakeli noma abasebenzisi abasebenzisa inani elikhulu kakhulu lethrafikhi.
• Ukubambezeleka nokulahlekelwa kwenethiwekhi — isilinganiso sesikhathi sokuphendula sezinsizakalo zakho, ukuba khona kokulahlekelwa kuwo wonke amashaneli akho (ikhono lokuthola ibhodlela).
• Izibalo zethrafikhi yomsebenzisi - ukuhlaziya okuphelele kwethrafikhi yabasebenzisi. Umthamo wethrafikhi, izinhlelo zokusebenza ezisetshenzisiwe, izinkinga ekusebenzeni nezinsizakalo zebhizinisi.
• Ukuhlolwa kokusebenza kohlelo lokusebenza - ukuhlonza imbangela yezinkinga ekusebenzeni kwezicelo zezinkampani (ukubambezeleka kwenethiwekhi, isikhathi sokuphendula sezinsizakalo, imininingwane egciniwe, izinhlelo zokusebenza).
• Ukuqapha kwe-SLA - ithola ngokuzenzakalelayo futhi ibike ukubambezeleka okukhulu kanye nokulahlekelwa lapho usebenzisa izinhlelo zakho zokusebenza zewebhu ezisesidlangalaleni ngokusekelwe kuthrafikhi yangempela.
• Sesha okudidayo kwenethiwekhi - I-DNS/DHCP spoofing, izihibe, amaseva e-DHCP angamanga, ithrafikhi ye-DNS/SMTP engavamile nokunye okuningi.
• Izinkinga ngokulungiselelwa — ukutholwa komsebenzisi ongekho emthethweni noma ithrafikhi yeseva, okungase kubonise izilungiselelo ezingalungile zamaswishi noma ama-firewall.
• Umbiko ophelele — umbiko onemininingwane ngesimo sengqalasizinda yakho ye-IT, okuvumela ukuthi uhlele umsebenzi noma uthenge izisetshenziswa ezengeziwe.

Lokho uchwepheshe wezokuvikela ulwazi angakuhlola:

• Umsebenzi wegciwane - ithola ithrafikhi yegciwane ngaphakathi kwenethiwekhi, okuhlanganisa uhlelo olungayilungele ikhompuyutha (0-day) olusekelwe ekuhlaziyweni kokuziphatha.
• Ukusatshalaliswa kwe-ransomware - ikhono lokubona i-ransomware, noma ngabe isakazeka phakathi kwamakhompyutha angomakhelwane ngaphandle kokushiya ingxenye yayo.
• Umsebenzi Ongajwayelekile - ithrafikhi engavamile yabasebenzisi, amaseva, izinhlelo zokusebenza, umhubhe we-ICMP/DNS. Ukuhlonza izinsongo zangempela noma ezingaba khona.
• Ukuhlaselwa kwenethiwekhi - ukuskena kwechweba, ukuhlasela kwe-brute-force, i-DoS, i-DDoS, ukuvinjwa kwethrafikhi (MITM).
• Ukuvuza kwedatha yebhizinisi — ukutholwa kokulandwa okungavamile (noma ukulayishwa) kwedatha yenkampani kumaseva efayela lenkampani.
• Amadivayisi angagunyaziwe — ukutholwa kwamadivayisi angekho emthethweni axhunywe kunethiwekhi yebhizinisi (okunquma umenzi nohlelo lokusebenza).
• Izinhlelo zokusebenza ezingafunwa - ukusetshenziswa kwezinhlelo zokusebenza ezingavunyelwe kunethiwekhi (Bittorent, TeamViewer, VPN, Anonymizers, njll.).
• Ama-Cryptominers nama-Botnets — ibheka inethiwekhi yamadivayisi anegciwane axhuma kumaseva e-C&C aziwayo.

Ukubika

Ngokusekelwe emiphumeleni yokucwaninga, uzokwazi ukubona zonke izibalo kumadeshibhodi e-Flowmon noma emibikweni ye-PDF. Ngezansi kunezibonelo ezithile.

Izibalo zethrafikhi ezijwayelekile

Ideshibhodi yangokwezifiso

Umsebenzi Ongajwayelekile

Amadivayisi atholiwe

Isikimu sokuhlola esijwayelekile

Isimo #1 - ihhovisi elilodwa

Isici esiyinhloko ukuthi ungakwazi ukuhlaziya kokubili ithrafikhi yangaphandle neyangaphakathi engahlaziywa ngamadivayisi okuvikela umjikelezo wenethiwekhi (NGFW, IPS, DPI, njll.).

Isimo #2 - amahhovisi amaningana

Isifundo sevidiyo

Isifingqo

Ukuhlolwa kwe-CheckFlow kuyithuba elihle kakhulu labaphathi be-IT/IS:

1. Khomba izinkinga zamanje nezingaba khona kungqalasizinda yakho ye-IT;
2. Thola izinkinga ngokuvikeleka kolwazi kanye nempumelelo yezinyathelo ezikhona zokuphepha;
3. Khomba inkinga eyinhloko ekusebenzeni kwezicelo zebhizinisi (ingxenye yenethiwekhi, ingxenye yeseva, isofthiwe) kanye nalabo abanomthwalo wemfanelo wokuyixazulula;
4. Yehlisa kakhulu isikhathi sokuxazulula izinkinga kwingqalasizinda ye-IT;
5. Qinisekisa isidingo sokwandisa iziteshi, umthamo weseva noma ukuthengwa okwengeziwe kwezinto zokuvikela.

Ngiphinde ngincome ukuthi ufunde isihloko sethu esedlule - Izinkinga zenethiwekhi ezijwayelekile eziyi-9 ezingatholwa kusetshenziswa ukuhlaziya kwe-NetFlow (kusetshenziswa i-Flowmon njengesibonelo).
Uma unentshisekelo kulesi sihloko, hlala ubukele (yocingo, Facebook, VK, I-TS Solution Blog, Yandex.Zen).

Abasebenzisi ababhalisiwe kuphela abangabamba iqhaza kuhlolovo. Ngena ngemvume, wamukelekile.

Ingabe usebenzisa abahlaziyi be-NetFlow/sFlow/jFlow/IPFIX?

• 55,6%Yebo5

• 11,1%Cha, kodwa ngihlela ukusebenzisa1

• 33,3%No3

Bangu-9 abasebenzisi abavotile. Umsebenzisi ongu-1 ugobile.

Source: www.habr.com