Izinhlangano eziningi zisebenzisa izinsiza zamafu noma zithuthele izinto zokusebenza kuzo
Isikhungo sedatha. Yini enengqondo ukuhamba ekamelweni leseva futhi iyiphi indlela engcono kakhulu yokuhlela ukuvikelwa kwe-perimeter yenethiwekhi yehhovisi esimweni esinjalo?
Kwake kwaba khona yonke into kuseva
Ekuqaleni kokuthuthukiswa kwe-Runet, izinkampani eziningi zaxazulula inkinga yengqalasizinda ye-IT ngokusho cishe uhlelo olufanayo: zabela igumbi lapho zifake khona isimo somoya futhi lapho cishe yonke imishini yenethiwekhi neseva yayigxilwe.
Umphathi wesistimu umise iseva eyodwa noma ngaphezulu ku-FreeBSD, Linux, noma i-OpenSolaris, njll. Bese kuthi kulo “sokhaya” wethule izinsiza ezidingekayo: kusuka kuseva yewebhu, i-imeyili yenkampani, kuze kufike kusevisi yokubamba ifayela.
Lapho inkampani ikhula futhi ithuthuka, nakanjani ibhekana nesimo lapho igumbi leseva lingasahlangabezani nezidingo. Uma unemali, ungazakhela esakho isikhungo sedatha. Kungaba inzuzo enkulu ukuqasha ama-racks ezikhungweni zedatha yezentengiso. Ukunikezwa kwamandla okuseqophelweni eliphezulu okusekelwe ku-DRUPS, isistimu ye-air conditioning yezimboni, izisebenzi ezigcwele zochwepheshe abakhethekile kakhulu - lezi zinto azitholakali neze esimweni se-server yehhovisi.
Ukulandela amabhizinisi amakhulu, emiqondweni yabaphathi bezinkampani eziphakathi nezincane kancane kancane kuba noshintsho olusuka kungqondongqondo yokuthi “ngithwala konke enginakho nami” nokuthi “umuzi wami uyinqaba yami” ukuthi “ngiwunike omunye umuntu hhayi hlupheka.”
Kumabhizinisi amancane, abahlinzeki bamafu sebephenduke inketho "ephuma ngaphandle". Uma ngaphambilini enkampanini yabantu abangu-40 eneseva yayo yemeyili kwakuyinto ethathwa kalula, namuhla insizakalo evela ku-Google efanayo iwina ohlangothini lwayo bonke labo ngaphambili ababengacabangi ukusebenza ngaphandle kwe-Sendmail noma i-Postfix yabo.
Amasistimu abonakalayo anikeze usizo olukhulu “ekuthuthweni” okunjalo. Uma ngaphambi kokubukeka kwabo kwakudingeka ukuthutha yonke iseva yomzimba, noma ulungiselele yonke into ku-hardware entsha, manje kwanele ukudlulisa isithombe somshini obonakalayo.
Yini eyosala kulelo gumbi elincane eline-air conditioning?
Okokuqala, lena imishini yenethiwekhi. Kokubili okusebenzayo nokungenzi lutho. Ngokuvamile, ngemuva kwegama elikhulu elithi "server" baqonda ukuxhumana okuphambene nezinsalela zemishini yenethiwekhi. Futhi ezimweni ezinjalo, igumbi elikhethekile elinesistimu ye-air conditioning enamandla, ukunikezwa kwamandla, nokunye akudingeki.
Iqembu lesibili lemishini okusenzima ukuyikhipha egumbini leseva lingamasango
ezokuphepha.
Kodwa ayini lamasango? Njengoba kushiwo ngenhla, uma esikhathini esidlule umqondisi wesistimu eneseva eyodwa noma eziningana lapho ayengasebenzisa noma yini efiswa inhliziyo yakhe, manje ukunethezeka okunjalo kungase kungabi khona.
Kodwa isidingo sokuvikela ezinsongweni zangaphandle asikapheli. Yebo, ungakwazi ukudlulisa zonke izinsizakalo kanye nemishini edingekayo ngokuphelele esikhungweni sedatha futhi ushayele ithrafikhi ukusuka kusango elinjalo ukuya ekuxhumekeni kwehhovisi ngesiteshi esivikelekile, isibonelo, nge-VPN.
Lolu hlelo lubukeka lukhanga ekuqaleni, uma kungenjalo ngomthwalo owengeziwe eziteshini ezikhona. Uma ungafuni ukukhokhela isiteshi esiwugqinsi, akukhona lokho kanye okudingayo.
Enye inketho ukuthenga idivayisi ekhethekile yokuvikelwa kwethrafikhi, ukwakhiwa kwayo, ngenxa yokugxila kwayo okuncane, ikuvumela ukuba wenze ngaphandle kwezingxenye ezinamandla ezinamandla kakhulu futhi ezikhiqiza ukushisa.
Asikho isidingo se-zoo
Uma kungabikho igumbi leseva elidala, kungcono kakhulu ukuthola izinsizakalo eziningana "ebhokisini elilodwa" ngesikhathi esisodwa kunokudala "i-zoo" ekamelweni elincane, noma ngisho nangaphakathi kwekhabhinethi encane yokuwela. Ngesikhathi esifanayo, ikhambi kufanele lingabizi, lifakazelwe futhi libe nokusekelwa okuvamile ngesiRashiya.
Qaphela. Manje sikhuluma ngamahhovisi amancane kakhulu, aphakathi nendawo namakhulu. Asikacabangi izinkampani ezinkulu ezakha izikhungo zazo zedatha - kwesinye isihloko "akunakwenzeka ukubamba ubukhulu."
Futhi kuzo zonke izimo, i-Zyxel isivele inesixazululo, ngaphakathi komugqa womkhiqizo ofanayo. Ngamafuphi, ngeke udinge "i-zoo".
I-ZyWALL ATP Security Gateways
Sike sakhuluma ngaphambilini ngezimiso zokusebenza kwamadivayisi anjalo sisebenzisa isibonelo Isici sabo esiyinhloko inhlanganisela ye-firewall nesevisi yezokuphepha ye-Zyxel Cloud. Ngenxa yalokhu kusatshalaliswa kwezibopho, i-ZyWALL ATP ixazulula ububanzi obubanzi bezinkinga zokuvikela i-perimeter ngaphandle kokudinga izinsiza ezengeziwe zehadiwe.
Uhlu lwemisebenzi yokuvikela lucebile kakhulu (bona Ithebula 1), okuhlanganisa amathuluzi okuhlaziya e-SecuReporter kanye ne-Sandboxing - “i-sandbox” yokuhlaziywa kokuqala kokuqukethwe okulandiwe.
Kuyafaneleka ukugcizelela futhi ukuthi kulokhu simane sidlulisele izinsiza kusuka ehhovisi lendawo kuya efwini. I-Zyxel Cloud isenzela konke okunye ngemodi engaziwa. Ngaphezu kokunethezeka, le ndlela ihlinzeka ngokuvikeleka okusebenzayo ezinsongweni zezinsuku eziyiziro ngokufunda komshini nokushintshisana ngolwazi phakathi kwamasango e-ATP emhlabeni jikelele. Yonke inethiwekhi ye-neural yakhelwe ukuvikela.
: “Lapho kutholwa ifayela elingaziwa, i-Cloud Query ngokushesha (phakathi nemizuzwana embalwa) ihlola ikhodi yayo ye-hashi kusizindalwazi samafu bese inquma ukuthi iyingozi noma cha. Le sevisi idinga ubuncane bezinsiza zenethiwekhi ukuze isebenze, ngakho-ke ayinciphisi ukusebenza kwedivayisi. Ukusebenza kokuvikela usongo kuqinisekiswa ukusetshenziswa kwesizindalwazi samafu esivuselelwe njalo esiqukethe idatha yezigidigidi zezinsongo. I-Cloud Query iphinde isheshise ubuhlakani bamakhono avelayo e-Zyxel Security Cloud okuthola izinsongo, okuthuthukisa ukuvikelwa kwe-malware yayo yonke i-firewall ye-ATP."
Ithebula 1. Izici zobuchwepheshe zomugqa we-ZyWALL ATP.
Amanothi:
(1) Ukusebenza kwangempela kuncike kakhulu ezimeni zenethiwekhi nezinhlelo zokusebenza ezisebenzayo.
(2) Umkhawulo ophezulu wokukhipha usekelwe ku-RFC 2544 (amaphakethe e-UDP angu-1,518-byte).
(3) Umthamo we-VPN okaliwe usekelwe ku-RFC 2544 (amaphakethe e-UDP angu-1,424-byte).
(4) Amamethrikhi okuphuma kwe-AV ne-IDP asebenzisa ukuhlolwa kokusebenza kwe-HTTP okujwayelekile komkhakha (amaphakethe we-HTTP angu-1,460-byte). Ukuhlola kwenziwe ngemodi enezintambo eziningi.
(5) Lapho kukalwa inani elikhulu lezikhathi ezingenzeka, kwasetshenziswa amathuluzi ajwayelekile embonini - Ithuluzi lokuhlola le-IXIA IxLoad.
(6) 1Gbps Imiphumela yokuhlolwa kwesivinini ye-WAN yenziwe ngaphansi kwezimo zomhlaba wangempela futhi ingahluka kancane kuye ngekhwalithi yesixhumanisi.
(7): Ngemuva kokuthi i-Gold Pack iphelelwe yisikhathi, ama-AP angu-2 kuphela azosekelwa.
(8): Unganika amandla noma unwebe ukusebenza ngokuthenga amalayisense engeziwe wamasevisi e-Zyxel.
Naka isethi esekelwayo yezinsizakalo ze-VPN. Cishe yonke into edingekayo ekuxhumaneni nendlunkulu noma ihhovisi lasekhaya isivele "sisebhodleleni elilodwa," ngakho-ke singancoma ngokuphepha le divayisi njengendlela yokugcina yokuxhumana yegatsha kanye nokusekela umsebenzi okude wezisebenzi.
Izixazululo zamahhovisi amancane
Amahhovisi amancane angahlukaniswa ngamaqembu amabili: amabhizinisi azimele namagatsha ezinkampani ezinkulu.
Ezizimele amabhizinisi asanda kuzalwa kanye nalawo amiselwe ukuthi ahlale emancane. Isibonelo, ama-design bureaus, ama-studio wezakhiwo, amahhovisi okuhlela abezindaba ezincane, njalonjalo. Amayunithi anjalo ebhizinisi avame ukusebenzisa izinsizakalo zamafu, okungenani i-imeyili nokwabelana ngefayela.
Amagatsha ezinhlangano ezinkulu - into eyinhloko kubo ukuba nokuxhumana okuzinzile nehhovisi eliphakathi. Konke okunye kuku-"Center".
Ngokuvamile "izingane" ezinjalo zidinga isixhumi esibonakalayo esilula sokulawula. Umqondisi wenethiwekhi ovela endlunkulu ngokuvamile akanalo ithuba lokuphuthuma emazweni akude ukuze axazulule inkinga egatsheni elisha. Izinkampani ezincane zendawo azinalo nhlobo leli thuba. Kufanele siphendukele ezinkonzweni “zokufika
admin." Ezimweni ezinjalo, kuyadingeka ukulawula ngokuvumelana nesimiso "esilula, esithembeke kakhulu."
Emahhovisi amancane, kunengqondo ukusebenzisa imodeli ye-ZyWALL ATP100 ne-ZyWALL ATP200.
Isango lenethiwekhi ivele kamuva nje, kodwa isivele ingenile .
Umehluko omkhulu kumfowabo omdala () - ukuthi yakhelwe umthwalo omncane, futhi ayinazo izikhwebu zerack engu-19-intshi. Kunconyelwe amahhovisi asekhaya, izinkampani ezincane, amagatsha nokunye.
Umfanekiso 1. ZyWALL ATP100.
Izici zokuklama: I-ATP100 ne-ATP200 amamodeli angena fan. Kungani lokhu kuhle: okokuqala, akukho msindo, futhi okwesibili, asikho isidingo sokushintsha fan. Esimeni “somlawuli ongenayo”, lokhu kuyinkomba ebaluleke kakhulu.
Umfanekiso 2. ZyWALL ATP200.
Imodeli ye-ATP200 isekela izimbobo ezimbili ze-WAN futhi ingaxhuma emigqeni emibili ezimele, isibonelo, evela kubahlinzeki abahlukene.
Njengoba kushiwo ngenhla, ehhovisi elincane, into ebaluleke kakhulu ngemva kokuhlinzekwa kukagesi okuzinzile ukuxhumana okuzinzile. Ngeshwa, abahlinzeki bendawo abakwazi njalo ukuqinisekisa ukuthi ngeke kube nezingozi. Kufanele sibheke izinketho zokulondoloza.
KUBALULEKILE! Ngaphezu kwamachweba we-WAN azinikele, amamodeli e-ATP anezimbobo ze-USB ongaxhuma kuzo amamodemu e-USB futhi uwasebenzise njenge-WAN. Lesi sici sitholakala kuwo wonke ama-ATP.
Uma idivayisi inembobo ye-SFP, lokhu kungasetshenziswa futhi njenge-WAN. Lesi sici sitholakalela wonke ama-ATP.
Nansi i-hack yempilo evela ku-Zyxel.
Izinkampani ezimaphakathi
Ezinkampanini eziphakathi nendawo, i-Zyxel ine-hardware yayo enhle -
Kuyisango lesizukulwane esilandelayo elinokuvikela okuthuthukile ezinsongweni eziguqukayo.
Phakathi kwezici ezithakazelisayo:
Izimbobo ezingu-7 ezilungisekayo zivumela ukucushwa okuvumelana nezimo, isibonelo, 2 WAN, 2 DMZ kanye nezimbobo ze-LAN ezi-3 kuyilapho kuxhunywa ama-VLAN angu-3 ahlukene ukuze asetshenziswe ngaphakathi. Kukhona nechweba elingu-1 le-SFP.
Umfanekiso 3. ZyWALL ATP500.
Kungenzeka ukusebenza kumodi yeqoqo etholakalayo ephezulu yedivayisi ye-HA Pro kusukela ku-ZyWALL ATP500 emibili. Uma omunye engasebenzi, owesibili usazohlinzeka ngokuxhumana.
Ukusebenzisa imisebenzi ye-ATP500 ngokugcwele, ungathola ukuguquguquka,
ukuxhumana okuthembekile kakhulu, okuvikelekile nezwe langaphandle noma indawo ehlukile, isibonelo,
indlunkulu.
Amahhovisi amakhulu
Kubo, inguqulo enamandla kakhulu yalo mugqa iyanconywa - i-ATP800.
Le modeli inenombolo ehloniphekile yamachweba: 12 RJ-45 kanye ne-2 SFP, zonke zingacushwa ngemodi ye-WAN, LAN noma i-DNZ, evumela ukuthi usebenzise ama-WLAN amaningana, uhlele ama-DMZ amaningana futhi usenethuba lokuxhuma kuwo. inethiwekhi yangaphandle yengqalasizinda yangaphakathi eyinkimbinkimbi. Ifanele amahhovisi amakhulu anenethiwekhi ethuthukisiwe kanye nezidingo eziphezulu zokuvikela nokulawula ukufinyelela.
Umfanekiso 4. ZyWALL ATP800.
Kuyaqapheleka futhi ukuthi le modeli inconywa ukuthi ithengwe ngokuthambekela "kokukhula." Uma uhlela ukukhulisa inkampani yakho, isibonelo, ukuthuthukisa uchungechunge lwezitolo zendawo, ngakho-ke kunengqondo ukuthenga ngokushesha imodeli enamandla kakhulu ukuze ungachithi imali kabili.
Njengoba ubona, ngisho nangaphansi kwezimo eziningi ze-spartan kungenzeka ukunikeza izinga elihle lokuvikela, ukubekezelelana kwamaphutha kanye nokuguquguquka ekusebenzeni.
Ukwesekwa kwezobuchwepheshe, izeluleko, izingxoxo, izindaba, ukukhushulwa kanye nezimemezelo - xhumana nathi kuTelegram!
Izixhumanisi eziwusizo
Source: www.habr.com