Sawubona ozakwethu! Ngemva kokunquma izimfuneko eziyisisekelo zokuphakela i-StealthWatch ngaphakathi , singaqala ukuphakela umkhiqizo.
1. Izindlela zokusebenzisa i-StealthWatch
Kunezindlela ezimbalwa "zothinta" i-StealthWatch:
- - isevisi yamafu yomsebenzi waselabhorethri;
- I-Cloud Based: - lapha i-Netflow isuka kudivayisi yakho izogelezela efwini futhi izohlaziywa lapho nge-software ye-StealthWatch;
- I-POV yasendaweni () - indlela engiyilandele, bazokuthumela amafayela angu-4 we-OVF emishini ebonakalayo enamalayisense akhelwe ngaphakathi izinsuku ezingu-90, angafakwa kuseva ezinikezele kunethiwekhi yenkampani.
Naphezu kwenqwaba yemishini ebonakalayo elandiwe, ekucushweni okuncane okungu-2 kuphela kwanele: I-StealthWatch Management Console ne-FlowCollector. Nokho, uma ingekho idivayisi yenethiwekhi engathekelisa i-Netflow ku-FlowCollector, kusho ukuthi kuyadingeka futhi ukuthi usebenzise i-FlowSensor, njengoba eyakamuva ikuvumela ukuthi uqoqe i-Netflow usebenzisa ubuchwepheshe be-SPAN/RSPAN.
Njengoba ngishilo ekuqaleni, inethiwekhi yakho yangempela ingasebenza njengebhentshi laselabhorethri, njengoba i-StealthWatch idinga kuphela ikhophi, noma, kahle kakhulu, ukuminyanisa ikhophi yethrafikhi. Isithombe esingezansi sibonisa inethiwekhi yami, lapho esangweni lokuphepha ngizomisa i-Netflow Exporter futhi, ngenxa yalokho, ngizothumela i-Netflow kumqoqi.
Ukuze ufinyelele ama-VM azayo, izimbobo ezilandelayo kufanele zivunyelwe ku-firewall yakho, uma unayo:
TCP 22 l TCP 25 l TCP 389 l TCP 443 l TCP 2393 l TCP 5222 l UDP 53 l UDP 123 l UDP 161 l UDP 162 l UDP 389 l UDP 514l UDP 2055 UDP 6343 UDP XNUMX l UDP XNUMXl XNUMX UDP XNUMX
Ezinye zazo ziyizinsizakalo ezaziwayo, ezinye zibekelwe izinsizakalo zeCisco.
Endabeni yami, ngivele ngafaka iStelathWatch kunethiwekhi efanayo ne-Check Point, futhi akuzange kudingeke ukuthi ngilungise noma yimiphi imithetho yemvume.
2. Ukufaka i-FlowCollector usebenzisa i-VMware vSphere njengesibonelo
2.1. Chofoza Phequlula bese ukhetha ifayela le-OVF1. Ngemva kokuhlola ukutholakala kwezinsiza, hamba kumenyu Buka, Inventory β Inethiwekhi (Ctrl+Shift+N).
2.2. Kuthebhu Yenethiwekhi, khetha iqembu lembobo Entsha Esabalalisiwe kuzilungiselelo zokushintshwa okubonakalayo.
2.3. Setha igama, malibe yi-StealthWatchPortGroup, zonke ezinye izilungiselelo zingenziwa njengasesithombeni-skrini bese uchofoza Okulandelayo.
2.4. Siqedela ukwakha Iqembu Lechweba ngenkinobho ethi Qeda.
2.5. Ake sihlele izilungiselelo ze-Port Group edaliwe ngokuchofoza kwesokudla eqenjini lembobo bese ukhetha Hlela izilungiselelo. Kuthebhu Yezokuphepha, qiniseka ukuthi unika amandla "imodi yokuziphatha okuxekethile", Imodi Yokuziphatha Okuxekethile β Yamukela β KULUNGILE.
2.6. Njengesibonelo, masingenise i-OVF FlowCollector, isixhumanisi sokulanda esithunyelwe unjiniyela we-Cisco ngemva kwesicelo se-GVE. Chofoza kwesokudla kumsingathi ohlela ukusebenzisa i-VM bese ukhetha Sebenzisa Isifanekiso se-OVF. Ngokuphathelene nendawo eyabiwe, "izoqala" ku-50 GB, kodwa ngezimo zokulwa kunconywa ukuthi ihlukanise amagigabhayithi angu-200.
2.7. Khetha ifolda lapho ifayela le-OVF likhona.
2.8. Chofoza "Okulandelayo".
2.9. Sikhombisa igama neseva lapho sikusebenzisela khona.
2.10. Ngenxa yalokho, sithola isithombe esilandelayo bese uchofoza "Qeda".
2.11. Silandela izinyathelo ezifanayo ukuze sikhiphe i-StealthWatch Management Console.
2.12. Manje udinga ukucacisa amanethiwekhi adingekayo kuzinkundla zokuxhumana ukuze i-FlowCollector ibone kokubili i-SMC namadivayisi lapho i-Netflow izothunyelwa khona.
3. Ukuqalisa I-StealthWatch Management Console
3.1. Ngokuya kukhonsoli yomshini ofakiwe we-SMCVE, uzobona indawo yokufaka ukungena kwakho nephasiwedi, ngokuzenzakalelayo sysadmin/lan1cope.
3.2. Siya entweni yokuphatha, setha ikheli le-IP kanye neminye imingcele yenethiwekhi, bese uqinisekisa izinguquko zabo. Idivayisi izoqala kabusha.
3.3. Iya kusixhumi esibonakalayo sewebhu (nge-https ekhelini olicacisile ku-SMC) bese uqalisa ikhonsoli, ukungena okuzenzakalelayo/iphasiwedi - admin/lan411cope.
I-PS: kwenzeka ukuthi ayivuli ku-Google Chrome, i-Explorer izosiza njalo.
3.4. Qiniseka ukuthi ushintsha amaphasiwedi, usethe i-DNS, amaseva e-NTP, isizinda, njll. Izilungiselelo zinembile.
3.5. Ngemva kokuchofoza inkinobho ethi "Sebenzisa", idivayisi izoqala kabusha. Ngemva kwemizuzu engu-5-7 ungakwazi ukuxhuma futhi kuleli kheli; I-StealthWatch izophathwa ngesixhumi esibonakalayo sewebhu.
4. Ukusetha i-FlowCollector
4.1. Kuyafana nangomqoqi. Okokuqala, ku-CLI sicacisa ikheli le-IP, imaski, isizinda, bese i-FC iqala kabusha. Ungabe usuxhuma kusixhumi esibonakalayo sewebhu ekhelini elishiwo futhi wenze ukusetha okuyisisekelo okufanayo. Ngenxa yokuthi izilungiselelo ziyefana, izithombe-skrini ezinemininingwane azifakwa. Imininingwane ukungena okufanayo.
4.2. Ephuzwini elingaphambili, udinga ukusetha ikheli le-IP le-SMC, kulokhu ikhonsoli izobona idivayisi, kuzodingeka uqinisekise lesi silungiselelo ngokufaka imininingwane yakho.
4.3. Khetha isizinda se-StealthWatch, samiswa ngaphambili, kanye nechweba 2055 - I-Netflow evamile, uma usebenza ne-sFlow, ichweba 6343.
5. Ukucushwa kwe-Netflow Exporter
5.1. Ukuze ulungiselele isithekelisi se-Netflow, ngincoma kakhulu ukuthi uphendukele kulokhu , nansi imihlahlandlela eyinhloko yokumisa isithekelisi se-Netflow samadivayisi amaningi: I-Cisco, i-Check Point, i-Fortinet.
5.2. Esimweni sethu, ngiyaphinda, sithumela i-Netflow kusuka esangweni le-Check Point. Isithekelisi se-Netflow silungiselelwe kuthebhu yegama elifanayo kusixhumi esibonakalayo sewebhu (Gaia Portal). Ukuze wenze lokhu, chofoza okuthi "Engeza", cacisa inguqulo ye-Netflow kanye nembobo edingekayo.
6. Ukuhlaziywa kokusebenza kwe-StealthWatch
6.1. Iya kusixhumi esibonakalayo sewebhu ye-SMC, ekhasini lokuqala elithi Amadeshibhodi > Ukuphepha Kwenethiwekhi ungabona ukuthi ithrafikhi isiqalile!
6.2. Ezinye izilungiselelo, isibonelo, ukuhlukanisa ababungazi babe amaqembu, ukuqapha izindawo zokusebenzelana ngazinye, umthwalo wabo, ukuphatha abaqoqi, nokunye, kungatholakala kuphela kuhlelo lokusebenza lwe-StealthWatch Java. Yebo, i-Cisco idlulisela kancane kancane konke ukusebenza enguqulweni yesiphequluli futhi maduze sizolishiya iklayenti elinjalo ledeskithophu.
Ukuze ufake uhlelo, kufanele uqale ulufake (Ngifake inguqulo 8, nakuba kuthiwa isekelwa kuze kufike ku-10) kusukela kuwebhusayithi ye-Oracle esemthethweni.
Ekhoneni eliphezulu kwesokudla lesixhumi esibonakalayo sewebhu sekhonsoli yokuphatha, ukuze ulande, kufanele uchofoze inkinobho ethi βIklayenti Ledeskithophuβ.
Ulondoloza futhi ufake iklayenti ngenkani, i-java cishe izoyithuka, ungase udinge ukungeza umsingathi kokuhlukile kwe-java.
Ngenxa yalokho, kwembulwa iklayenti elicacile, lapho kulula khona ukubona ukulayishwa kwabathumeli, izixhumanisi, ukuhlaselwa nokugeleza kwabo.
7. I-StealthWatch Central Management
7.1. Ithebhu Yokuphatha Okumaphakathi iqukethe wonke amadivayisi ayingxenye ye-StealthWatch esetshenzisiwe, njengalokhu: I-FlowCollector, i-FlowSensor, i-UDP-Director ne-Endpoint Concetrator. Lapho ungaphatha izilungiselelo zenethiwekhi namasevisi edivayisi, amalayisense, futhi uvale idivayisi mathupha.
Ungaya kuyo ngokuchofoza "igiya" ekhoneni eliphezulu kwesokudla bese ukhetha Ukuphathwa Okuphakathi.
7.2. Ngokuya kokuthi Hlela Ukucushwa Kwensiza ku-FlowCollector, uzobona i-SSH, i-NTP nezinye izilungiselelo zenethiwekhi ezihlobene nohlelo lokusebenza ngokwalo. Ukuze uhambe, khetha Izenzo β Hlela Ukucushwa Kwensiza kudivayisi edingekayo.
7.3. Ukuphathwa kwelayisensi kungaphinda kutholakale kokuthi Ukuphathwa Okumaphakathi > Ithebhu yokuphatha amalayisense. Amalayisense esivivinyo uma kunesicelo se-GVE anikeziwe Izinsuku ze-90.
Umkhiqizo usulungele ukuhamba! Engxenyeni elandelayo, sizobheka ukuthi i-StealthWatch ingabona kanjani ukuhlaselwa futhi ikhiqize imibiko.
Source: www.habr.com