Ukulungiswa kwe-firewall okuthuthukisiwe kumaseva

Informatec Digital » Izinsiza » Ukulungiswa kwe-firewall okuthuthukisiwe kumaseva

Master the ukucushwa kwe-firewall okuthuthukisiwe kumaseva Akuseyona indaba yezinkampani ezinkulu kuphela. Noma iyiphi inkampani ethatha ukuphepha kwe-cyber ngokungathi sína idinga ukuqonda ukuthi ingahlukanisa kanjani inethiwekhi, ichaze izindawo, idale imithetho eningiliziwe, futhi ithole okuningi kokubili ku-perimeter firewall kanye ne-Windows firewall ngokwayo kuyo yonke ikhompyutha kanye neseva.

Kuyo yonke le ncwadi uzobona, ngemininingwane eminingi, ukuthi I-Next Generation Firewalls (NGFW)Indlela yokuklama izindawo (i-LAN, i-WAN, i-DMZ, i-VLAN), yiziphi izinhlobo zemithetho okufanele zisetshenziswe (uhlelo, i-port, iphrothokholi, i-IP…), indlela yokusebenzisa IWindows Firewall enokuphepha okuthuthukileIyiphi indima edlalwa ngamathuluzi afana ne-SimpleWall, futhi yiziphi izindlela ezinhle okufanele zilandelwe ukuvimbela lesi sakhiwo sonke ukuba singabi yisiphithiphithi esingenakulawuleka?

Ama-Firewall esizukulwane esilandelayo kumaseva: okungaphezu kokuhlunga amachweba

Izicishamlilo zesizukulwane esilandelayo, njenge I-FortiGate NGFWBahlanganisa imisebenzi yokuxhumana ethuthukisiwe kanye nokuphepha okujulile kudivayisi eyodwa. Abavuli noma bavale ama-port kuphela; bahlaziya ithrafikhi ezingeni lesicelo, bahlole okuqukethwe okubethelwe, futhi bahlanganisa nezakhiwo eziyinkimbinkimbi zamafu, i-LAN, i-WLAN, kanye nokufinyelela okukude.

Endabeni ye-FortiGate, inhliziyo yesistimu I-FortiOSUhlelo lokusebenza oluthile oluhlanganisa izinqubomgomo zokuphepha kanye nemisebenzi yenethiwekhi: i-SD-WAN ehlanganisiwe, i-ZTNA yendawo yonke, ukulawulwa kwethrafikhi kumanethiwekhi angenantambo nanezintambo, kanye nokuphathwa okuphakathi ngenxa ye-FortiManager.

Ngaphezu kwalokho, la maqembu athembele ku- ukwakheka kwe-ASIC okuyimfihlo (ama-chip anikezelwe) ukusheshisa ukuhlolwa kwephakethe kanye nokususa ukubethela ngaphandle kokubhubhisa ukusebenza noma ukusetshenziswa kwamandla okukhuphukile, noma ngabe inethiwekhi ingaphansi komthwalo osindayo futhi kunezinkathi ezingamakhulu noma izinkulungwane ngesikhathi esisodwa.

Ukuvikelwa ezinsongweni kuyaqiniswa nge Izinsizakalo ze-FortiGuardokwengeza ubuhlakani bokwenziwa ukuze kutholakale i-malware, ithrafikhi esolisayo, ukuxhashazwa kanye nokuhlaselwa okuqondiwe, okuhlanganisa konke ngaphakathi komqondo we-Fortinet Security Fabric: indwangu yokuphepha ehlanganisa inethiwekhi, ama-endpoints kanye nefu ukuze iphendule ngendlela ehlelekile ezigamekweni.

Ukwakhiwa kwendawo yomlilo kanye nokuhlukaniswa kwenethiwekhi kumaseva

Ngaphambi kokuqala ukudala imithetho njengokungathi akukho kusasa, kufanele uklame... ukwakheka kwezindawo futhi i ukuhlukaniswa kwenethiwekhiUma inethi lithambile, kuba lula ngomhlaseli ukunyakaza eceleni uma esengene ngaphakathi.

Isinyathelo sokuqala siwukubona izimpahla ezibalulekile kanye nezinsizakaloAmaseva ewebhu, izizindalwazi, izinhlelo zokusebenza zangaphakathi, amadivayisi okuthengisa, ama-VoIP PBX, amanethiwekhi ezivakashi, njll. Kuye ngobucayi bawo kanye nokuvezwa kwawo, ahlukaniswe ngezindawo ezahlukene ezinengqondo.

Umkhuba ojwayelekile ukudala I-DMZ (indawo engenamasosha) Kumaseva ahlinzeka ngezinsizakalo ngqo kwi-inthanethi (i-imeyili, i-VPN, izinhlelo zokusebenza zewebhu, amaphothali omphakathi, njll.), lezi zinhlelo kumele zihlukaniswe kokubili kunethiwekhi yangaphandle kanye nenethiwekhi yangaphakathi ebucayi kakhulu, zikhawulele ngangokunokwenzeka ukuthi yiliphi ithrafikhi elingageleza phakathi kwezindawo ezahlukene.

Amaseva afinyeleleka kuphela ngaphakathi kwenhlangano atholakala ku- izindawo zeseva zangaphakathiLokhu kuhlukaniswa nenethiwekhi yomsebenzisi, inethiwekhi yokuphatha, nanoma iyiphi indawo yelabhorethri noma yokuhlola. Ukuze lokhu kube wusizo, kuvamile ukusebenzisa amaswishi anokusekelwa IVLAN ukugcina ukuhlukana futhi ezingeni lesi-2.

Ezindaweni ze-IPv4, wonke amanethiwekhi angaphakathi kumele asebenzise amabanga ayimfihlo (RFC1918) futhi bathembele ezindleleni ze-NAT ukuze bafinyelele i-inthanethi. Ukuhumusha kuvame ukwenziwa endaweni yokuvikela umngcele, ephinde iphoqelele izinqubomgomo zethrafikhi engenayo nephumayo endaweni ngayinye ethile.

Uhlu lokulawula ukufinyelela (ama-ACL) kanye nemithetho ephakathi kwezindawo

Uma izindawo sezichaziwe futhi zabelwe izixhumi zomlilo noma ama-subinterface, sekuyisikhathi sokuthi... I-ACL (Uhlu Lokulawula Ukufinyelela)okuyimithetho enquma ukuthi yimiphi ithrafikhi evunyelwe nokuthi yini enqatshwayo phakathi kwalezo zindawo.

Umqondo uwukuchaza, ku-interface ngayinye noma i-subinterface, isethi yemithetho elula ngangokunokwenzeka. ethize futhi ehlanganisiwe Izidingo ezingaba khona zifaka: i-IP yomthombo noma i-subnet, i-IP yendawo noma i-subnet, iphrothokholi (i-TCP, i-UDP, i-ICMP, njll.), ama-port ahilelekile, kanye nesenzo (vumela noma wenqabe). Uma imithetho ingajwayelekile, kuzoba nezikhala zokuphepha ezimbalwa.

Umkhuba omuhle ukuqeda i-ACL ngayinye ngomthetho wokuthi "ukuphika konke" okungabonakaliLokhu kusebenza njengenethi yokuphepha: uma iphakethe lingahambisani nanoma yimuphi umthetho wemvume okhona kakade, liyavinjelwa. Ukusuka lapho, kudalwa okuhlukile okuqondile kakhulu kokugeleza okudingekayo ngempela.

Kunconywa futhi ukukhubaza i- ukufinyelela komphakathi kuzixhumi zokuphatha ye-firewall (HTTP, HTTPS, SSH, njll.), evumela ukuphathwa kusuka kumanethiwekhi angaphakathi athile kuphela noma nge-VPN yokuphatha evikelekile.

Ama-NGFW anamuhla angadlula i-port kanye ne-IP, esebenzisa isilawuli sohlelo lokusebenzaIzigaba zewebhu, i-IPS, kanye nokuhlaziywa kwamafayela okuthuthukisiwe (i-sandboxing). Uma usuvele ukhokhele lezi zici, kunengqondo ukuzisebenzisa nokuzilungiselela emisebenzini ebalulekile, ikakhulukazi leyo edlula umngcele.

I-firewall evumelekile vs. i-firewall ekhawulelayo kumaseva

Iphuzu elibalulekile lapho kuklanywa inqubomgomo yomlilo (kungakhathaliseki ukuthi umngcele noma uhlelo lokusebenza) ukunquma ukuthi uzoqala yini esimweni esithile. ukuvumela noma ukuvimbela.

Ku-a i-firewall evumelayo Umthetho oyinhloko ongacacile uthi "vumela konke." Yilokho okuchazwe ngokucacile yimithetho yokuphika kuphela okuvinjiwe. Le ndlela ivame ukusetshenziswa kumanethiwekhi endawo athembekile (ama-LAN) noma kumakhompyutha ahlelwe "njengenethiwekhi yangasese" ku-Windows.

Ku-a i-firewall ekhawulelwe Kwenzeka okuphambene nalokho: umthetho wokugcina "ukuphika konke." Ithrafikhi ehambisana nemithetho ecacile yokuvumela kuphela evunyelwe. Le filosofi ivame kakhulu ku-interface yenethiwekhi yendawo ebanzi (i-WAN), kuma-firewall afana ne-pfSense noma ama-NGFW ezinkampani, nakumadivayisi alungiselelwe "njengenethiwekhi yomphakathi."

I-Windows, isibonelo, isebenzisa ngokuzenzakalelayo inqubomgomo evimbelayo ekuxhumaneni okungenayo (kuvimba konke okungavunyelwe ngokucacile) kanye inqubomgomo evumelayo ekuphumeni (Ivumela konke ngaphandle kwalokho okuvimbile.) Lokhu kungalungiswa kusukela ezicini ezithuthukisiwe ze-firewall.

Yini ngempela i-Windows Firewall engayinikeza kumaseva?

El IWindows Firewall enokuphepha okuthuthukile Inamandla kakhulu kunalokho abantu abaningi abakuqaphelayo. Ingalawula ithrafikhi engenayo nephumayo, ihlunge ngekheli le-IP, imbobo, iphrothokholi, isevisi, isikhombimsebenzisi senethiwekhi, uhlobo lwephrofayela (isizinda, esiyimfihlo, esomphakathi), ngisho nangomsebenzisi noma iqembu kwezinye izimo.

Phakathi kwamakhono ayo, okulandelayo kuyagqama: ukuhlunga iphakethe Ezingeni eliphansi, ikhiqiza amalogi anemininingwane (angahlaziywa nge-Event Viewer noma athunyelwe ku-SIEM), ithola amanethiwekhi omphakathi ukuze asebenzise ngokuzenzakalelayo iphrofayili eqinile, futhi ihlangana nezinye izendlalelo zokuphepha njenge-Windows Defender.

Kumabhizinisi amancane kanye nezindawo eziningi zeseva, iseva elungiselelwe kahle ingaba ngaphezu kokwaneleIkakhulukazi uma ihlanganiswa nesofthiwe enamandla yokulwa namagciwane kanye nemikhuba emihle yokuphatha. Kodwa-ke, kubalulekile ukuqaphela ukulinganiselwa kwayo: akuyona indawo ye-NGFW ejikelezayo noma i-IPS ezinikele.

Njengamaphuzu abuthakathaka, kufanele kukhulunywe ukuthi i-Windows firewall ayinikezi lesi sici ngokuzenzakalelayo. ukuhlolwa kwephakethe okujulile Ngamasignesha athuthukile, ayivimbeli ngokwendabuko i-telemetry yesistimu, izaziso zayo azibonakali (ayikuxwayisi ngokuxhumana okusha) futhi indlela yokubheka amalogi ayilula kubasebenzisi abangebona ochwepheshe.

Ukufinyelela ku-Windows Firewall ngokuphepha okuthuthukisiwe

Ukuphatha izilungiselelo ze-firewall ezithuthukisiwe endaweni ye- Isizinda se-Active DirectoryOkungcono kakhulu, umuntu kufanele asebenze I-GPO (Izinhloso Zenqubomgomo Yeqembu)Kubalulekile ukuba yingxenye yeqembu labaphathi besizinda noma ube nezimvume ezinikezwe ama-GPO.

Kusukela kukhonsoli yokuphatha inqubomgomo, uzulazula kuyo Izinqubomgomo > Ukucushwa Kwekhompyutha > Izilungiselelo ze-Windows > Izilungiselelo Zokuphepha > I-Windows Firewall enokuphepha okuthuthukisiweLapho, imithetho evamile ingachazwa kumakhompyutha namaseva eklayenti axhunywe kusizinda.

Uma kuwukuthi iseva eyodwa noma ikhompyutha yendawoUdinga nje amalungelo okuphatha kuleyo divayisi. Indlela esheshayo yokuvula ikhonsoli ukucindezela u-START bese uthayipha wf.msc bese ucindezela u-Enter. Ikhonsoli ye-Windows Firewall enokuphepha okuthuthukisiwe kwaleyo khompyutha izovuleka.

Isikrini esikhulu sibonisa imithetho engenayo, imithetho ephumayo, imithetho yokuphepha kokuxhumana kanye nokucushwa kwamaphrofayili ahlukene (isizinda, sangasese, somphakathi), kanye nendawo yokuqapha lapho kubonakala khona imithetho esebenzayo kuphela.

Amaphrofayela, izinqubomgomo zomhlaba wonke, kanye nokuziphatha okuzenzakalelayo

Iphaneli yezakhiwo ze-firewall ilawula izinketho zomhlaba wonke ze inethiwekhi yenethiwekhi (isizinda, esiyimfihlo, esisesidlangalaleni). Lezi zinketho zinquma ukuthi i-firewall iziphatha kanjani uma i-adaptha yenethiwekhi ihlotshaniswa nohlobo oluthile lwenethiwekhi.

Kuphrofayela ngayinye, unganquma ukuthi i-firewall ivuliwe yini. vula noma valaUkuthi ukuxhumana okungenayo okungahambisani nanoma yimuphi umthetho kuvinjelwe noma kuvunyelwe, futhi kuyafana nokuxhumana okuphumayo.

Amapharamitha afana nalawa alandelayo angalungiswa futhi: izaziso lapho uvimba uhlelo, indawo lapho izingodo zomlilo, usayizi omkhulu walezo zingodo kanye nokuphathwa okukhethekile kwethrafikhi evikelwe yimigudu ye-IPsec VPN, ngokuvamile ebhekwa njengethembekile kakhulu.

Esigabeni I-Supervisión Yonke imithetho esebenzayo njengamanje iyaboniswa, kufaka phakathi leyo evela ku-Group Policy Objects (GPOs) kanye naleyo echazwe endaweni. Lena indawo yokuya ukuze ubone ukuthi yimiphi imithetho esebenzayo ngempela nokuthi yimiphi imingcele, bese usuka lapho ungavula futhi ushintshe izakhiwo zayo.

Imithetho yokungena nokuphuma: isiqondiso sethrafikhi

Uma usebenza ngemithetho ku-Windows firewall, elinye lamaphutha avame kakhulu yileli ukudideka indlela ithrafikhi eya ngayoImithetho yokungena isebenza kumaphakethe afika kukhompyutha; imithetho yokuphuma isebenza kumaphakethe ashiya ikhompyutha aye komunye umshini.

Uma umgomo uwukuvimbela ukuxhumana kusuka ku-inthanethi kuya kuseva, kuzodingeka ukudala noma ukuguqula imithetho yokungenaNgakolunye uhlangothi, uma umgomo uwukuvimbela isevisi noma uhlelo lweseva ukuthi luxhumeke ngaphandle, kumele kuthathwe isinyathelo ku- imithetho yokuphuma.

Okufakiwe ngakunye ohlwini kubonisa ukuthi umthetho uvuliwe (isithonjana sokuhlola esiluhlaza) noma uvaliwe. Imithetho ekhubazekile ayithinti ithrafikhi, noma isachazwa. Kuvamile ukuthola imithetho eminingi ye-Windows echazwe ngaphambilini ekhona kodwa engasebenzi kuze kube yilapho idingeka.

Ukuqonda kahle ukugeleza komthombo/indawo oya kuyo kanye nechweba lendawo/elikude Lokhu kubalulekile ukuze kugwenywe ukudala imithetho engasetshenziswa noma evuleka ngaphezu kwalokho okudingekayo ngempela, into evame kakhulu lapho kulungiselelwa izinsizakalo eziyinkimbinkimbi.

Izinhlobo zemithetho ku-Windows Firewall

I-Windows Firewall New Rule Wizard inikeza izigaba ezine eziyinhloko: uhlelo, imbobo, okuchazwe kusengaphambili kanye nokwenza ngokwezifisoNgayinye yenzelwe isimo esihlukile, futhi kubalulekile ukukhetha ngokucophelela kuye ngokuthi yini ofuna ukuyifeza.

Imithetho ye PROGRAMA gxila kuhlelo oluthile olusebenzayo; lezo ze imbobo Zihlunga ngenombolo ye-TCP noma ye-UDP; kuchazwe ngaphambilini Zenza kube lula ukuphathwa kwezinsizakalo ze-Windows ezijwayelekile; kanye ngezifiso Zivumela ukulungiswa kahle kakhulu ngokuhlanganisa izindlela eziningi ngesikhathi esisodwa.

Kuzo zonke izimo, umthakathi uphetha ngokubuza ukuthi yisiphi isenzo esifuna ukusisebenzisa (vumela, vumela kuphela uma kuphephile nge-IPsec, noma vimba) nokuthi yimaphi amaphrofayili enethiwekhi alo mthetho azosebenza kuwo (isizinda, sangasese, somphakathi). Okokugcina, i- igama nencazelo ukuze kubonakale kalula kamuva.

Kumaseva abalulekile, kufanelekile ukuzinika isikhathi sokubhala phansi imithetho ngendlela efanele, okubonisa Iyiphi insizakalo evikelayo futhi kungani ikhonaukuze ekuhlolweni noma ezinguqukweni zesikhathi esizayo kungabikho kungabaza ngokusebenziseka kwayo.

Imithetho ngohlelo: ukulawulwa okuhle kwezinsizakalo ezithile

Imithetho yohlobo PROGRAMA Ziyindlela elula yokulawula ithrafikhi yohlelo lokusebenza ngaphandle kokukhumbula zonke izimbobo ezisebenzisayo. Zingasetshenziswa kokubili kuthrafikhi engenayo nephumayo.

Ku-wizard, khetha inketho ethi "Le ndlela yohlelo" bese ucacisa indlela esebenzisekayoKungenzeka ukusebenzisa iziguquguquko zemvelo ukuqinisekisa ukuthi umthetho usetshenziswa kahle noma ngabe uhlelo lufakwe ezindleleni ezahlukene kumakhompyutha ahlukene.

Kumaseva aphatha izinsizakalo ngaphakathi amasiv.exe Kwamanye ama-container anezinsizakalo eziningi, kungenzeka ukwenza ngokwezifiso umthetho ukuze usebenze kuphela kumasevisi athile ngokukhetha isevisi ngegama layo elifushane. Lokhu kukuvumela ukuthi uhlukanise, isibonelo, ithrafikhi yesevisi ethile ye-RPC ngaphakathi kwenqubo efanayo.

Kunconywa kakhulu ukuhlanganisa umthetho wohlelo nemikhawulo kuthebhu ethi Izivumelwano namachwebaicacisa ngokusobala ukuthi yimaphi ama-port angalalela noma asebenzise uhlelo lokusebenza. Uma uzama ukuvula i-port ehlukile, i-firewall izoyivimba.

Imithetho yembobo: ukuhlunga kwe-TCP/UDP okuvamile

Imithetho yohlobo imbobo Zikuvumela ukuthi uvumele noma uvimbele ithrafikhi ngokusekelwe enombolweni yendawo noma ekude yechweba kanye nephrothokholi (ngokuyinhloko i-TCP noma i-UDP). Zingasetshenziswa kokubili emithethweni engenayo nephumayo.

Ngokomthetho ojwayelekile wokungena ukuze uvule, isibonelo, Imbobo ye-TCP 21Kukhethwa i-TCP, kukhonjiswa "amachweba endawo athile" bese kufakwa u-21. Amachweba amaningi ahlukaniswe ngamakhoma angachazwa (isb., 21,20,22) noma amabanga afana no-5000-5100, ngisho nokuxuba amachweba ngamanye kanye namabanga emthethweni ofanayo.

Okulandelayo, unquma ngesenzo (vumela, vumela uma kuphephile, vimba) kanye namaphrofayili lapho sizosetshenziswa khona. Kuyindlela elula yokuvula izinsizakalo ezithile ezijwayelekile (HTTP, HTTPS, RDP, njll.) ngaphandle kokungena emininingwaneni yezinhlelo ezithile.

Endabeni imithetho yokuphumaUmkhuba ovame kakhulu ukucacisa ichweba elikude, njengoba lena indawo iseva ezama ukuxhuma kuyo. Ukusetshenziswa okuvamile kungaba ukuvimba yonke ithrafikhi ephumayo eya emachwebeni asolisayo noma ukuvimbela izinhlelo zokusebenza ezithile ukuthi zingaxhumani kuphela emachwebeni athile kakhulu.

Imithetho echazwe kusengaphambili futhi eyenziwe ngokwezifiso

I-Las imithetho echazwe ngaphambilini Bahlanganisa ukucushwa okulungiselelwe kwezinsizakalo ezivamile ze-Windows (Ukwabelana Ngefayela Nephrinta, Ideskithophu Ekude, njll.). Vele ukhethe isevisi, ubonise ukuthi uyayivumela noma uyayivimba, khetha amaphrofayili, bese uqedile.

Le nketho ilula uma ufuna ukuvula noma ukukhawulela isevisi yangaphakathi ngokushesha ngaphandle kokuphenya ukuthi yimaphi amachweba namaphrothokholi ayisebenzisayo esimweni ngasinye. Ngemuva kwezigcawu, uhlelo ludala imithetho eminingana ethile ehlanganisa leyo sevisi.

I-Las imithetho yangokwezifiso Lezi yizona eziphelele kakhulu futhi zinikeza ukulawula okukhulu kakhulu. Zikuvumela ukuthi ucacise wonke amapharamitha: uhlelo (noma zonke izinhlelo), uhlobo lwesevisi, iphrothokholi ye-IP (enohlu lwe-TCP, UDP, ICMPv4, ICMPv6, GRE, IPv6-Route, njll.), inhlanganisela yamachweba endawo nakude, amakheli e-IP omthombo kanye nendawo oya kuyo (kufaka phakathi amabanga nama-subnet), kanye nemibandela eyengeziwe.

Kumaphrothokholi afana ne-ICMPv4 noma i-ICMPv6, ungakhetha ukuthi Basekela zonke izinhlobo ze-ICMP noma imiyalezo ethile kuphela (isicelo se-echo, impendulo ye-echo, isikhathi esidlulile, njll.). Ungachaza ngisho nezinhlobo ezithile namakhodi angaveli ohlwini olujwayelekile.

Futhi, lapho kuchaza amakheli e-IP esigabeni se-scope, i-wizard ivumela engeza amabanga noma ama-subnet aphelele (isibonelo, 192.168.10.0/24) ukuze kuncishiswe ukuthi yimaphi amadivayisi angasebenzisa lowo mthetho, kokubili endaweni kanye nakude.

Imithetho yokungena ye-ICMP kumaseva

Ukuthi ithrafikhi ye-ICMP izovunyelwa yini noma cha kuyisinqumo esibalulekile. umthetho we-ICMP ozayo Ivumela idivayisi ukuthi iphendule kuma-ping kanye nemiyalezo ethile yokuxilonga inethiwekhi, okuwusizo kakhulu emisebenzini yokuphatha, kodwa futhi kunganikeza ulwazi kumhlaseli.

Ukuze udale umthetho we-ICMP ongenayo ku-Windows firewall, vula ikhonsoli ethuthukisiwe, iya ku- Imithetho yokungena bese kudalwa umthetho omusha wangokwezifiso. Esigabeni sohlelo, uvame ukukhetha "Zonke izinhlelo".

Esikrinini sephrothokholi, khetha I-ICMPv4 noma i-ICMPv6 Lokhu kuncike esitaki senethiwekhi esisetshenzisiwe. Uma usebenza ne-IPv4 kanye ne-IPv6, kuzodingeka udale umthetho wento ngayinye. Inketho yokwenza ngokwezifiso ikuvumela ukuthi ukhethe izinhlobo ezithile ze-ICMP ofuna ukuzivumela (isicelo se-echo/impendulo ye-echo kuphela, noma isethi ebanzi).

Okulandelayo, kuchazwa ububanzi (okungafakwa ama-IP), isenzo (ngokuvamile esivumela uxhumano), kanye namaphrofayili enethiwekhi lapho umthetho uzosebenza khona. Ekugcineni, igama elichazayo linikezwa umthetho ukuze kube lula ukuhlonza.

Imithetho yesevisi noma yohlelo engenayo nephumayo

Kwezinye izimo, isifiso siwukuvumela Isevisi ethile, lalela ithrafikhi engenayo kunoma yiliphi ichweba elilidingayo, noma okuphambene nalokho: vimbela uhlelo ukuthi luxhumane nomhlaba wangaphandle nganoma yiliphi ichweba.

Engxenyeni engenayo, kudalwa umthetho wangokwezifiso, "Le ndlela yohlelo" ikhethiwe, bese kucaciswa isevisi esebenzisekayo. Lokhu kungenziwa ngokwezifiso ukuze umthetho usebenze kuphela kumasevisi abanjwe ngaphakathi kwaleyo esebenzisekayo, ngokukhetha isevisi ngegama layo elifushane.

Kukhona ngisho nenketho yokulungisa uhlobo lwe-SID yesevisi usebenzisa umyalo we-sc sidtype Lokhu kuthinta indlela leyo nsizakalo engasetshenziswa ngayo ngaphakathi kwemithetho ye-firewall. Ukuyishintsha ibe yi-RESTRICTED kungayivimbela ukuthi iqale, ngakho-ke kufanele kwenziwe ngokucophelela futhi kuphela uma lolo hlobo lokuvikelwa ludingeka.

Engxenyeni ephumayo, inqubo iyafana kodwa idala umthetho wokuphumaUma ufuna ukuvimba ngokuphelele lolo hlelo ekufinyeleleni i-inthanethi, chaza indlela eya ku-executable, setha isenzo ku-"Vimba uxhumano," bese ukhetha amaphrofayili ofuna ukuwakhawulela.

Ukucushwa okukhethekile kwe-RPC kanye namachweba ashukumisayo

Izinsizakalo ezisebenzisa I-RPC (Ikholi Yenqubo Ekude) Lezi thrafikhi zingaba bucayi kakhulu ngoba zisebenzisa ama-port aguquguqukayo anikezwa uhlelo ngesikhathi sokusebenza. Ukuze uvumele le thrafikhi ngendlela elawulwayo nge-firewall ye-Windows, ngokuvamile kuyadingeka ukudala imithetho emibili ethile.

Eyokuqala iya ku Isevisi Yokunikeza I-RPC Endpoint, etholakala ku-%systemroot%\system32\svchost.exe. Lo mthetho wenziwe ngokwezifiso ukuze usebenze kusevisi ye-RpcSs, i-TCP isethwe njengephrothokholi, futhi inketho ethi "RPC Endpoint Mapper" ikhethwa echwebeni lendawo.

Umthetho wesibili wenzelwe Isevisi yenethiwekhi enikwe amandla yi-RPC esifuna ukuyivumela, sichaza indlela eya ku-executable eyisingathayo, futhi siyihlanganise naleyo nsizakalo ethile. Kulesi simo, kukhethwa "ama-RPC dynamic ports" echwebeni lendawo.

Kuzo zombili imithetho, ububanzi (amakheli e-IP avunyelwe), isenzo (ukuvumela uxhumano), kanye namaphrofayili kuyalungiswa. Ngale ndlela, amadivayisi namasevisi ahlangabezana nalezi zimo kuphela angasebenzisa ukudluliselwa kwe-RPC port.

Ukungena ngemvume, ukuhlola, kanye nokuxazulula izinkinga ze-Windows firewalls

Uma okuthile kungasebenzi ngendlela okufanele ngayo, i-firewall log kanye nemicimbi yokuhlola yizona umthombo wokuqala wolwaziKunconywa ukuthi iqoqo lezingobo lihlelwe kahle ngaphambi kokuba ulidinge.

Ezimpahleni zomlilo, kuthebhu yephrofayela ngayinye, ungenza ngokwezifiso indlela yefayela lelogiUsayizi omkhulu ku-KB, nokuthi amaphakethe alahliwe, ukuxhumana okuphumelelayo, noma kokubili kubhalisiwe. Ezindaweni zeseva, ngokuvamile kungumqondo omuhle ukubhalisela kokubili ukuze ube nokubuka konke okucacile.

Ngakolunye uhlangothi, ngethuluzi lomugqa womyalo i-audipol.exe Izigaba ezithile zokuhlola, njengezinguquko zenqubomgomo, zingavulwa ukuze uhlelo lukhiqize imicimbi eningiliziwe lapho kuguqulwa izinqubomgomo ze-firewall noma ze-IPsec.

Uma uphenya inkinga, kuyasiza ukuthola isimo senethiwekhi nge i-netstat -ano > i-netstat.txt kanye nohlu lwezinqubo ezine uhlu lwemisebenzi > uhlu lwemisebenzi.txtNgokubhekisela ku-PID yezinqubo ohlwini lwemisebenzi ngokuxhumeka okusebenzayo ku-netstat, kungenzeka ukuthola ukuthi yiluphi uhlelo olusebenzisa imbobo ethile.

Ezimweni eziyinkimbinkimbi, iMicrosoft inikeza izikripthi ezifana nalezi I-TSS.ps1 ukuqoqa imikhondo ethuthukisiwe ye-Windows Filtering Engine (WFP), ehlanganiswa ibe ifayela le-ZIP futhi ingahlaziywa noma ithunyelwe kososesheni bobuchwepheshe.

Amathuluzi angaphandle: I-SimpleWall kanye nama-firewall eqembu lesithathu

I-firewall eyakhelwe ku-Windows isebenza kahle, kodwa ivame ukuphuthelwa. isikhombikubona esiqondakala kalula futhi kucace izaziso lapho uhlelo lokusebenza luzama ukufinyelela i-inthanethi okokuqala. Yilapho izixazululo zezinkampani zangaphandle zingena khona.

Enye yezinketho ezilula nezivulekile ze-Windows yile I-SimpleWallIthembele ku-Windows Filtering Platform (WFP) kodwa ayishintshi ngokuqondile i-Windows Firewall. Kunalokho, idala imithetho yayo nge-WFP ukulawula ukuthi yiziphi izinhlelo zokusebenza ezinokufinyelela.

Phakathi kwezici zayo kukhona umhleli wemithetho elulaUhlu lwangaphakathi lokuvimba i-Windows telemetry kanye nokuhlola, amalogi ephakethe avinjiwe, ukuhambisana kwe-IPv6, kanye nokusekelwa kwezinsizakalo zesistimu kanye nezinhlelo zokusebenza ze-Microsoft Store.

I-SimpleWall ikuvumela ukuthi udale imithetho ehlala njalo noma yesikhashana (enyamalala ngemva kokuqala kabusha), usebenzise izihlungi emhlabeni jikelele, futhi uhlukanise izinhlelo njengezivunyelwe, ezivinjiwe, noma ezivinjiwe buthule. Kodwa-ke, ukuze imithetho yakho isebenze, i-SimpleWall ngokwayo kumele isebenze ngemuva.

Ngaphandle kwe-SimpleWall, abanye abasebenzisi bakhetha firewalls commercial ngezici ezengeziwe: ukuhlolwa kwephakethe okujulile, uhlu oluhleliwe kusengaphambili lokungalandeli, i-sandboxing, ukuhlaziywa kokuziphatha, amadeshibhodi ezithombe athuthukisiwe, kanye nokubonakala okuthuthukisiwe kwethrafikhi ephumayo. Iningi lale mikhiqizo lihlanganiswa noma lithathe indawo ye-Windows Firewall ngokwengxenye.

Ukusebenza, izinzuzo kanye nokungalungi kokusebenzisa ama-firewall kumaseva

Ukusebenzisa i-firewall, kungaba yizinga lomngcele noma lesistimu yokusebenza, kunesici esincane izindleko zokusebenzaNgoba iphakethe ngalinye lenethiwekhi lihlaziywa ngokwemithetho eyodwa noma ngaphezulu. Lokhu kungabonakala emishinini enehadiwe elinganiselwe kakhulu noma endala kakhulu. Hlola i- Umhlahlandlela wokwenza ngcono iseva ye-Linux ukunciphisa imiphumela.

Kodwa-ke, inzuzo yokuba ne- umgoqo wokuqala wokuzivikela Kukhulu kakhulu: kunciphisa ukuchayeka ekuhlaselweni kwangaphandle, kulawula ukuthi yiziphi izinhlelo zokusebenza ezingaxhuma ngaphandle, kukhiqiza amalogi awusizo okuhlola, futhi kulungisa izinga lokuvikelwa kuye ngokuthi ukunethiwekhi ethembekile noma inethiwekhi yomphakathi.

Izinkinga ezinkulu, ngaphandle komthelela ekusebenzeni, yi- ubunzima bokulungisa (ikakhulukazi kubasebenzisi abangenalwazi) kanye nomuzwa wokuphepha ongamanga: i-firewall ayithathi indawo ye-antivirus enhle, izibuyekezo zesistimu, noma, vele, ingqondo evamile yomlawuli.

Ngaphezu kwalokho, ukuphathwa kwemithetho efanele kuthatha isikhathi: ukubukeza lokho okusetshenziswayo ngempela, ukususa imithetho esiphelelwe yisikhathi, ukubhala izinguquko, nokuqinisekisa ukuthi azikho izikhala ezishiywe zivulekile ngokungahlosiwe lapho kwenziwa izivivinyo ezisheshayo noma okuhlukile kwesikhashana.

Izindlela ezinhle kakhulu ezithuthukisiwe zokuphepha komlilo kumaseva

Esimweni esibucayi seseva, akwanele ukusetha imithetho emine bese uyikhohlwa. Kunezinhlobo eziningana imikhuba emihle ezisiza ukugcina ukulawula nokunciphisa izingozi zesikhathi eside.

Okokuqala ukusebenzisa umgomo welungelo elincane (i-PoLP)Lokhu kusebenza kokubili kubasebenzisi kanye nemithetho. Kugwema imithetho ejwayelekile efana nokuthi "vumela konke kusuka kunoma iyiphi i-IP" futhi esikhundleni salokho kuchaza imithetho eyenzelwe ama-IP athile noma ama-subnet, ama-port athile, kanye nezinhlelo zokusebenza ezaziwayo.

Esinye isihluthulelo ukunakekela i-firewall kanye nezingxenye zayo. ivuselelwa njaloLokhu kuhilela ukusebenzisa ama-patches esistimu yokusebenza, i-firmware yomlilo ebonakalayo, amasignesha e-IPS, kanye nanoma yiziphi izibuyekezo ezikhishwe ngumthengisi, okungcono ngemva kokuhlolwa endaweni yokuhlola.

Okokugcina, kubalulekile ukusabalalisa ukuqapha nokurekhoda okusebenzayoThumela amalogi ku-SIEM, chaza izexwayiso zamaphethini asolisayo (isibonelo, amaphakethe amaningi avinjelwe ku-IP efanayo) bese ubuyekeza imibiko njalo, hhayi ukuyiqoqa nje "uma kwenzeka".

Ngaphezu kwesendlalelo se-logic, ukuphepha ngokomzimba Izici ezibalulekile ze-firewall zifaka: imishini efakwe kuma-rack avaliwe, ukufinyelela okulinganiselwe egumbini lobuchwepheshe, kanye nama-backup okulungiselela ukuvumela ukubuyela emuva ngokushesha uma kukhona okuphukile ngemva kokushintsha.

Izendlalelo ezengeziwe: Ukuhlunga i-URL, i-VPN, i-IPS, i-QoS, kanye nokulawula uhlelo lokusebenza

Ama-NGFW amaningi anamuhla akuvumela ukuthi unike amandla izici ezithuthukisiwe ezihambisana nokuhlunga okuyisisekelo kwephakethe kanye nemithetho ye-IP/port.

El Ukuhlunga i-URL Ikuvumela ukuthi uhlukanise amawebhusayithi ngezigaba (i-malware, amanethiwekhi omphakathi, okuqukethwe kwabantu abadala, ukulandwa kwe-P2P, njll.) futhi uvimbele lawo abhekwa njengangafanele noma ayingozi, okusiza kokubili ukuqinisa ukuphepha kanye nokuphoqelela izinqubomgomo zokusebenzisa ezamukelekayo.

I-Las i-VPNKungakhathaliseki ukuthi ukufinyelela kusuka endaweni kuya kwenye noma kude, ama-VPN athembele kumaphrothokholi afana ne-IPsec noma i-SSL/TLS ukuze abethele ithrafikhi phakathi kwamahhovisi nabasebenzisi abakude. Ama-firewall ngokuvamile ahlanganisa ukuqedwa kwala ma-VPN futhi asebenzise izinqubomgomo zokulawula ezifanayo kuthrafikhi ebethelwe njengakweminye inethiwekhi.

Un Uhlelo Lokuvimbela Ukungena (i-IPS) Ihlola ithrafikhi ngesikhathi sangempela ifuna amaphethini okuhlasela aziwayo noma ukuziphatha okungajwayelekile, futhi ingavimba ngokuzenzakalelayo ukuxhumana okuzama ukuxhaphaza ubuthakathaka besistimu noma uhlelo lokusebenza.

El isilawuli sohlelo lokusebenza Inikeza ukubonakala okukhulu kakhulu kunechweba nje kuphela: ikuvumela ukuthi unqume ukuthi yiziphi izinhlelo zokusebenza ezithile (isb., i-Skype, i-Dropbox, izinhlelo zokusebenza zemidlalo, njll.) ezivunyelwe noma ezivinjiwe, noma ngabe zisebenzisa amachweba ajwayelekile noma abethelwe.

Ekugcineni, i Ikhwalithi Yesevisi (QoS) Ivumela ukubeka phambili ithrafikhi ebalulekile (izwi, imihlangano yevidiyo, izinhlelo zokusebenza zebhizinisi) kunezinye izindlela ezingabalulekile kangako, okuvimbela ukulanda okukhulu noma isipele ukuthi singabi yinethiwekhi engasetshenziswa ngumsebenzisi wokugcina.

Nakekela kahle ukucushwa kwe-firewall okuthuthukisiwe kumasevaKusukela ekwakhiweni kwezindawo kanye nemithetho ehlanganisiwe kuya ekusetshenzisweni kwemisebenzi yesizukulwane esilandelayo, ukuloba, ukuhlola, kanye namathuluzi afana ne-SimpleWall noma i-NGFW ezinikele, kwenza umehluko phakathi kwenethiwekhi "edlula kancane" kanye nengqalasizinda elungiselelwe ngempela ukumelana nokuhlaselwa, ukukhula ngaphandle kokulahlekelwa ukulawula, nokuhlangabezana nezidingo zokuphepha zamanje.