I-ProHoster > Блог > Ukuphatha > Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka
Sawubona, bafundi abathandekayo bakaHabr! Lena ibhulogi yenkampani yenkampani Isixazululo se-TS. Singabadidiyeli bohlelo futhi ikakhulukazi sisebenza ngokukhethekile kuzixazululo zokuphepha zengqalasizinda ye-IT (Hlola i-Point, Fortinet) namasistimu okuhlaziya idatha yomshini (I-splunk). Sizoqala ibhulogi yethu ngesingeniso esifushane sobuchwepheshe be-Check Point.

Sacabanga isikhathi eside mayelana nokuthi bekufanele yini ukubhala lesi sihloko, ngoba... akukho okusha kuyo okungatholakalanga ku-inthanethi. Nokho, naphezu kolwazi oluningi kangaka, lapho sisebenza namakhasimende kanye nozakwethu, sivame ukuzwa imibuzo efanayo. Ngakho-ke, kunqunywe ukuthi kubhalwe uhlobo oluthile lwesingeniso emhlabeni wobuchwepheshe be-Check Point futhi kwembule ingqikithi yezakhiwo zezixazululo zabo. Futhi konke lokhu kungaphakathi kohlaka lokuthunyelwe okukodwa “okuncane,” uhambo olusheshayo, ngomqondo ongokomfanekiso. Ngaphezu kwalokho, sizozama ukungangeni ezimpini zokumaketha, ngoba... Asibona umthengisi, kodwa simane singumdidiyeli wesistimu (yize siyithanda ngempela i-Check Point) futhi sizovele sibheke amaphuzu abalulekile ngaphandle kokuwaqhathanisa nabanye abakhiqizi (abanjengoPalo Alto, Cisco, Fortinet, njll.). I-athikili ivele yaba yinde impela, kodwa ihlanganisa imibuzo eminingi esesigabeni sokujwayelana ne-Check Point. Uma unentshisekelo, wamukelekile ekatini...

UTM/NGFW

Uma uqala ingxoxo nge-Check Point, indawo yokuqala ongaqala ngayo ngencazelo yokuthi i-UTM ne-NGFW iyini nokuthi ihluke kanjani. Sizokwenza lokhu kafushane ukuze okuthunyelwe kungabi kude kakhulu (mhlawumbe ngokuzayo sizocubungula lolu daba ngemininingwane emincane)

I-UTM - Ukuphathwa Kosongo Oluhlanganisiwe

Ngamafuphi, ingqikithi ye-UTM iwukuhlanganiswa kwamathuluzi amaningana okuphepha esixazululweni esisodwa. Labo. yonke into ebhokisini elilodwa noma uhlobo oluthile lwakho konke okuhlanganisiwe. Kusho ukuthini ukuthi “amakhambi amaningi”? Inketho evame kakhulu yile: I-Firewall, i-IPS, i-Proxy (ukuhlunga i-URL), i-Antivirus yokusakaza, i-Anti-Spam, i-VPN nokunye. Konke lokhu kuhlanganiswe ngaphakathi kwesisombululo se-UTM esisodwa, esilula mayelana nokuhlanganiswa, ukumisa, ukuphatha nokuqapha, futhi lokhu kuba nomthelela omuhle ekuvikelekeni okuphelele kwenethiwekhi. Lapho izixazululo ze-UTM ziqala ukuvela, zazibhekwa njengezinkampani ezincane kuphela, ngoba... Ama-UTM awakwazanga ukuphatha umthamo omkhulu wethrafikhi. Lokhu kwakungenxa yezizathu ezimbili:

  1. Indlela yokucubungula iphakethe. Izinguqulo zokuqala zezixazululo ze-UTM zicubungule amaphakethe ngokulandelanayo, "imojula" ngayinye. Isibonelo: okokuqala iphakethe licutshungulwa yi-firewall, bese i-IPS, bese iskenwa yi-Anti-Virus, njalonjalo. Ngokwemvelo, umshini onjalo wethule ukubambezeleka okukhulu kwethrafikhi futhi wasebenzisa kakhulu izinsiza zesistimu (iprosesa, inkumbulo).
  2. Izingxenyekazi zekhompuyutha ezibuthakathaka. Njengoba kushiwo ngenhla, ukucutshungulwa okulandelanayo kwamaphakethe kwadla kakhulu izinsiza kanye ne-hardware yalezo zikhathi (1995-2005) yayingakwazi nje ukubhekana nethrafikhi enkulu.

Kodwa intuthuko ayimile. Kusukela ngaleso sikhathi, umthamo we-hardware uye wanda kakhulu, futhi ukucubungula iphakethe kushintshile (kufanele kuvunywe ukuthi akubona bonke abathengisi abanalo) futhi baqala ukuvumela ukuhlaziya cishe ngesikhathi esisodwa kumamojula amaningana ngesikhathi esisodwa (ME, IPS, AntiVirus, njll.). Izixazululo ze-UTM zanamuhla "zingakwazi ukugaya" amashumi ngisho namakhulu ama-gigabits kumodi yokuhlaziya ejulile, okwenza kube nokwenzeka ukuzisebenzisa engxenyeni yamabhizinisi amakhulu noma ngisho nezikhungo zedatha.

Ngezansi i-Gartner Magic Quadrant edumile yezixazululo ze-UTM zango-Agasti 2016:

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Ngeke ngiphawule kakhulu ngalesi sithombe, ngizosho nje ukuthi abaholi basekhoneni eliphezulu kwesokudla.

I-NGFW - I-Firewall Yesizukulwane Esilandelayo

Igama liyazikhulumela - i-firewall yesizukulwane esilandelayo. Lo mqondo uvele kamuva kakhulu kune-UTM. Umqondo oyinhloko we-NGFW ukuhlaziya iphakethe elijulile (i-DPI) kusetshenziswa i-IPS eyakhelwe ngaphakathi kanye nokulawula ukufinyelela ezingeni lohlelo (Ukulawulwa Kwezicelo). Kulokhu, i-IPS iyona kanye edingekayo ukuze uhlonze lolu noma lolo hlelo lokusebenza ekusakazweni kwephakethe, okukuvumela ukuthi uluvumele noma ulunqabe. Isibonelo: Singavumela i-Skype ukuthi isebenze, kodwa sivimbele ukudluliswa kwefayela. Singakwenqabela ukusetshenziswa kwe-Torrent noma i-RDP. Izinhlelo zewebhu nazo ziyasekelwa: Ungavumela ukufinyelela ku-VK.com, kodwa unqabele imidlalo, imilayezo noma ukubuka amavidiyo. Empeleni, ikhwalithi ye-NGFW incike enanini lezinhlelo zokusebenza engazithola. Abaningi bakholelwa ukuthi ukuvela komqondo we-NGFW kwakuyisu elivamile lokumaketha ngokumelene nesizinda lapho inkampani ye-Palo Alto yaqala ukukhula kwayo ngokushesha.

I-Gartner Magic Quadrant ye-NGFW yangoMeyi 2016:

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

I-UTM vs NGFW

Umbuzo ovame kakhulu ukuthi, yikuphi okungcono? Ayikho impendulo eqondile lapha futhi ayikwazi ukuba khona. Ikakhulukazi uma kucatshangelwa iqiniso lokuthi cishe zonke izixazululo zesimanje ze-UTM ziqukethe ukusebenza kwe-NGFW futhi ama-NGFW amaningi aqukethe imisebenzi ehambisana ne-UTM (I-Antivirus, i-VPN, i-Anti-Bot, njll.). Njengenjwayelo, "udeveli usemininingwane," ngakho okokuqala udinga ukunquma ukuthi yini oyidingayo ngokuqondile futhi unqume ngesabelomali sakho. Ngokusekelwe kulezi zinqumo, izinketho ezimbalwa zingakhethwa. Futhi yonke into idinga ukuhlolwa ngokusobala, ngaphandle kokukholelwa izinto zokuthengisa.

Nathi, ohlakeni lwezihloko eziningana, sizozama ukutshela mayelana ne-Check Point, ukuthi ungazama kanjani nokuthi yini, empeleni, ongazama (cishe yonke imisebenzi).

Amabhizinisi amathathu Wokuhlola

Lapho usebenza ne-Check Point, nakanjani uzohlangana nezingxenye ezintathu zalo mkhiqizo:

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

  1. Isango Lokuphepha (SG) — isango lokuvikeleka ngokwalo, elivame ukufakwa kumjikelezo wenethiwekhi futhi lenze imisebenzi yocingo lokuvikela, ukusakaza-bukhoma i-antivirus, i-antibot, i-IPS, njll.
  2. Iseva Yokulawulwa Kokuphepha (i-SMS) - iseva yokuphatha isango. Cishe zonke izilungiselelo zesango (SG) zenziwa kusetshenziswa le seva. I-SMS ingase futhi isebenze njengeseva yelogi futhi iwacubungule ngohlaziyo lomcimbi owakhelwe ngaphakathi kanye nesistimu yokuhlanganisa - Umcimbi Ohlakaniphile (ofana ne-SIEM Yephoyinti Lokuhlola), kodwa okwengeziwe ngalokho kamuva. I-SMS isetshenziselwa ukuphathwa okumaphakathi kwamasango amaningana (inani lamasango lincike kumodeli ye-SMS noma ilayisense), kodwa kudingeka ukuthi uyisebenzise ngisho noma unesango elilodwa kuphela. Kumele kuqashelwe lapha ukuthi i-Check Point yaba ngeyokuqala ukusebenzisa uhlelo lokuphatha oluphakathi nendawo, oluye lwaqashelwa “njengezinga legolide” ngokwemibiko kaGartner iminyaka eminingi ilandelana. Kuze kube nehlaya: “Ukube iCisco ibinohlelo olujwayelekile lokuphatha, ngabe iCheck Point ayikaze ivele.
  3. I-Smart Console — ikhonsoli yeklayenti yokuxhuma kwiseva yabaphathi (SMS). Ivamise ukufakwa kukhompuyutha yomlawuli. Zonke izinguquko kuseva yokuphatha zenziwa ngale khonsoli, futhi ngemva kwalokho ungasebenzisa izilungiselelo kumasango okuphepha (Inqubomgomo Yokufaka).

    Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Hlola Isistimu Yokusebenza Yephoyinti

Uma sikhuluma ngohlelo lokusebenza lwe-Check Point, singakhumbula ezintathu ngesikhathi esisodwa: IPSO, SPLAT kanye ne-GAIA.

  1. IPSO - isistimu yokusebenza ye-Ipsilon Networks, okwakungekaNokia. Ngo-2009, i-Check Point yathenga leli bhizinisi. Ayisekho ukuthuthukisa.
  2. SPLAT - Hlola ukuthuthukiswa kwephoyinti, ngokusekelwe ku-kernel ye-RedHat. Ayisekho ukuthuthukisa.
  3. UGaia - isistimu yokusebenza yamanje evela ku-Check Point, evele njengomphumela wokuhlanganiswa kwe-IPSO ne-SPLAT, ehlanganisa konke okuhle kakhulu. Ivele ngo-2012 futhi iyaqhubeka nokuthuthuka ngenkuthalo.

Uma sikhuluma ngeGaia, kufanele kushiwo ukuthi okwamanje inguqulo evame kakhulu yi-R77.30. Muva nje, kwavela inguqulo ye-R80, ehluke kakhulu kunangaphambili (kokubili ngokusebenza nokulawula). Sizonikela ngokuthunyelwe okuhlukile esihlokweni sokuhlukana kwabo. Elinye iphuzu elibalulekile ukuthi okwamanje inguqulo engu-R77.10 kuphela enesitifiketi se-FSTEC, futhi inguqulo engu-R77.30 iyaqinisekiswa.

Izinketho zokwenza (Bheka i-Appliance Point, umshini obonakalayo, i-OpenServer)

Akukho okumangazayo lapha, njengabathengisi abaningi, i-Check Point inezinketho eziningi zomkhiqizo:

  1. zikagesi - i-hardware ne-software idivayisi, i.e. “ucezu lwensimbi” lwalo. Kunamamodeli amaningi ahlukile ekusebenzeni, ukusebenza kanye nokuklama (kunezinketho zamanethiwekhi ezimboni).

    Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

  2. Umshini Obuhle - Bheka umshini obonakalayo we-Point one-Gaia OS. AmaHypervisors ESXi, Hyper-V, KVM asekelwa. Inikezwe ilayisense ngenombolo yama-processor cores.
  3. I-OpenServer — ukufaka i-Gaia ngqo kuseva njengesistimu yokusebenza eyinhloko (okuthiwa “Insimbi engenalutho”). Izingxenyekazi zekhompuyutha ezithile kuphela ezisekelwayo. Kunezincomo zale hardware okufanele ilandelwe, ngaphandle kwalokho kungase kuphakame izinkinga ngabashayeli kanye nemishini yobuchwepheshe. ukwesekwa kungase kwenqabe ukukusiza.

Izinketho zokuqalisa (Kusatshalaliswa noma Zizimele)

Okuphakeme kancane sesixoxile kakade ukuthi isango (SG) kanye neseva yokuphatha (i-SMS) iyini. Manje ake sixoxe ngezinketho zokuqaliswa kwazo. Kunezindlela ezimbili eziyinhloko:

  1. Okuzimele (SG+SMS) - inketho lapho kokubili isango kanye neseva yokuphatha kufakwa ngaphakathi kwedivayisi eyodwa (noma umshini obonakalayo).

    Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

    Lolu khetho lufanelekile uma unesango elilodwa kuphela elilayishwe kancane ithrafikhi yomsebenzisi. Le nketho iyonga kakhulu, ngoba... asikho isidingo sokuthenga iseva yokuphatha (i-SMS). Kodwa-ke, uma isango lilayishwe kakhulu, ungagcina unesistimu yokulawula "ehamba kancane". Ngakho-ke, ngaphambi kokukhetha isisombululo se-Standalone, kungcono ukubonisana noma ukuhlola le nketho.

  2. Kusatshalaliswa — iseva yokuphatha ifakwe ngokuhlukene nesango.

    Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

    Inketho engcono kakhulu mayelana nokulula nokusebenza. Kusetshenziswa uma kudingekile ukuphatha amasango amaningana ngesikhathi esisodwa, isibonelo amaphakathi namagatsha. Kulokhu, udinga ukuthenga iseva yokuphatha (i-SMS), engase ibe sesimweni somshini noma umshini obonakalayo.

Njengoba ngishilo ngenhla, i-Check Point inohlelo lwayo lwe-SIEM - I-Smart Event. Ungayisebenzisa kuphela uma ufaka ngokusatshalaliswa.

Izindlela zokusebenza (Ibhuloho, Elinomzila)
I-Security Gateway (SG) ingasebenza ngezindlela ezimbili eziyinhloko:

  • Kudluliselwe - inketho evame kakhulu. Kulokhu, isango lisetshenziswa njengedivaysi ye-L3 kanye nemizila yethrafikhi ngokwayo, i.e. Iphoyinti Lokuhlola liyisango elizenzakalelayo lenethiwekhi evikelwe.
  • bridge — imodi esobala. Kulesi simo, isango lifakwe "njengebhuloho" elivamile futhi lidlula ithrafikhi ezingeni lesibili (OSI). Le nketho ivamise ukusetshenziswa uma kungenzeki (noma isifiso) sokushintsha ingqalasizinda ekhona. Akudingekile ukuthi uguqule i-topology yenethiwekhi futhi akumele ucabange ngokushintsha ikheli le-IP.

Ngingathanda ukuqaphela ukuthi kumodi yeBridge kunemikhawulo ethile mayelana nokusebenza, ngakho-ke thina, njengomhlanganisi, seluleka wonke amaklayenti ethu ukuthi asebenzise Imodi Emizila, vele, uma kungenzeka.

Hlola I-Point Software Blades

Cishe sesifinyelele esihlokweni esibaluleke kakhulu se-Check Point, esiphakamisa imibuzo eminingi phakathi kwamakhasimende. Ayini lawa "ama-software blades"? Ama-blades abhekisela emisebenzini ethile Yephoyinti Lokuhlola.

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Le misebenzi ingavulwa noma icishwe kuye ngezidingo zakho. Ngesikhathi esifanayo, kukhona ama-blade acushiwe kuphela esangweni (Ukuphepha Kwenethiwekhi) futhi kuphela kuseva yokuphatha. Izithombe ezingezansi zibonisa izibonelo zazo zombili izimo:

1) Ngokuvikeleka Kwenethiwekhi (umsebenzi wesango)

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Ake sikuchaze kafushane, ngoba... i-blade ngayinye ifanelwe isihloko sayo.

  • I-Firewall - ukusebenza kwe-firewall;
  • IPSec VPN - ukwakha amanethiwekhi ayimfihlo ayimfihlo;
  • Ukufinyelela Kweselula - ukufinyelela okukude kusuka kumadivayisi eselula;
  • IPS - uhlelo lokuvimbela ukungena;
  • I-Anti-Bot - ukuvikelwa kumanethiwekhi we-botnet;
  • I-Antivirus - i-antivirus yokusakaza;
  • I-AntiSpam & Ukuphepha Kwe-imeyili - ukuvikelwa kwe-imeyili yebhizinisi;
  • Ukuqwashisa Ngobunikazi - ukuhlanganiswa nensizakalo ye-Active Directory;
  • Ukuqapha - ukuqapha cishe yonke imingcele yesango (umthwalo, umkhawulokudonsa, isimo se-VPN, njll.)
  • Ukulawulwa Kwesicelo - i-firewall yezinga lesicelo (ukusebenza kwe-NGFW);
  • Ukuhlunga kwe-URL - Ukuphepha kwewebhu (+ukusebenza kommeleli);
  • Ukuvimbela Ukulahleka Kwedatha - ukuvikela ekuvuzeni kolwazi (DLP);
  • Ukulingisa Usongo - ubuchwepheshe be-sandbox (SandBox);
  • Ukukhishwa Kosongo - ubuchwepheshe bokuhlanza ifayela;
  • I-QoS - ukubeka phambili ithrafikhi.

Ezihlokweni ezimbalwa nje sizobheka kabanzi nge-Threat Emulation and Threat Extraction blades, ngiyaqiniseka ukuthi izothakazelisa.

2) Okwabaphathi (lawula ukusebenza kweseva)

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

  • Ukuphathwa Kwenqubomgomo Yenethiwekhi - ukuphathwa kwenqubomgomo endaweni eyodwa;
  • I-Endpoint Policy Management - ukuphathwa okuphakathi kwama-ejenti we-Check Point (yebo, i-Check Point ikhiqiza izixazululo hhayi zokuvikela inethiwekhi kuphela, kodwa futhi nokuvikela izindawo zokusebenza (ama-PC) nama-smartphone);
  • Ukugawulwa kwemithi & Isimo - iqoqo elisendaweni eyodwa kanye nokucubungula izingodo;
  • Ingosi Yokuphatha - ukuphathwa kwezokuphepha kusuka kusiphequluli;
  • Ukuhamba komsebenzi - ukulawula izinguquko zenqubomgomo, ukuhlolwa kwezinguquko, njll.;
  • Uhla Lwemibhalo Lomsebenzisi - ukuhlanganiswa ne-LDAP;
  • Ukuhlinzeka - ukuzenzekelayo kokuphathwa kwesango;
  • Intatheli ehlakaniphile - uhlelo lokubika;
  • I-Smart Event - ukuhlaziywa kanye nokuhlobana kwemicimbi (SIEM);
  • Ukuthobelana - ihlola izilungiselelo ngokuzenzakalelayo bese yenza izincomo.

Ngeke sicabangele izindaba zamalayisense ngokuningiliziwe manje, ukuze singagxili isihloko futhi singadideki umfundi. Cishe sizokuthumela lokhu kokuthunyelwe okuhlukile.

Ukwakhiwa kwama-blades kukuvumela ukuthi usebenzise kuphela imisebenzi oyidingayo ngempela, ethinta isabelomali sesixazululo kanye nokusebenza okuphelele kwedivayisi. Kunengqondo ukuthi uma uvula ama-blades amaningi, kuyancipha ithrafikhi ongakwazi “ukushayela kuyo”. Kungakho ithebula lokusebenza elilandelayo linamathiselwe kumodeli ye-Check Point ngayinye (sithathe izici zemodeli engu-5400 njengesibonelo):

Hlola iphoyinti. Kuyini, kudliwa ngani, noma kafushane ngento esemqoka

Njengoba ubona, kunezigaba ezimbili zokuhlola lapha: kuthrafikhi yokwenziwa kanye nethrafikhi yangempela - okuxubile. Ngokuvamile, i-Check Point iphoqeleka ukuthi ishicilele izivivinyo zokwenziwa, ngoba... abanye abathengisi basebenzisa ukuhlola okunjalo njengezilinganiso, ngaphandle kokuhlola ukusebenza kwezixazululo zabo kuthrafikhi yangempela (noma bafihle ngamabomu idatha enjalo ngenxa yemvelo yabo engagculisi).

Ohlotsheni ngalunye lokuhlolwa, ungabona izinketho ezimbalwa:

  1. ukuhlola kuphela i-Firewall;
  2. Ukuhlolwa kwe-Firewall+IPS;
  3. Ukuhlolwa kwe-Firewall+IPS+NGFW (Ukulawula uhlelo lokusebenza);
  4. hlola i-Firewall+Application Control+URL Ukuhlunga+IPS+Antivirus+Anti-Bot+SandBlast (sandbox)

Bheka ngokucophelela le mingcele lapho ukhetha isisombululo sakho, noma othintana naye ukubonisana.

Ngicabanga ukuthi kulapho singaqedela khona indatshana eyisingeniso kubuchwepheshe be-Check Point. Okulandelayo, sizobheka ukuthi ungalihlola kanjani i-Check Point nokuthi ungabhekana kanjani nezinsongo zesimanje zokuphepha (amagciwane, ubugebengu bokweba imininingwane ebucayi, i-ransomware, i-zero-day).

PS Iphuzu elibalulekile. Naphezu komsuka wayo wangaphandle (wakwa-Israyeli), isisombululo siqinisekiswa ku-Russian Federation yiziphathimandla ezilawulayo, ezivumela ngokuzenzakalelayo ukuba khona kwazo ezikhungweni zikahulumeni (ukuphawula ngu Denyemall).

Abasebenzisi ababhalisiwe kuphela abangabamba iqhaza kuhlolovo. Ngena ngemvume, wamukelekile.

Imaphi amathuluzi e-UTM/NGFW owasebenzisayo?

  • Hlola i-Point

  • I-Cisco Firepower

  • Fortinet

  • Palo Alto

  • Sophos

  • UDell SonicWALL

  • Huawei

  • I-WatchGuard

  • zokhuni

  • UserGate

  • Umhloli wethrafikhi

  • I-Rubicon

  • I-Ideco

  • Isixazululo se-OpenSource

  • Okunye

Bangu-134 abasebenzisi abavotile. Abasebenzisi abangu-78 bagobile.

Source: www.habr.com

Engeza amazwana