配置场景2.0
网络安全配置场景
1. 入侵检测场景
1.1. IDS配置
常见设备:
- Snort IDS
- Suricata IDS
- Cisco Secure IDS
- McAfee Network Security Platform
- Symantec Security Information Manager (SSIM)
1.2. IPS 配置
常见设备:
- Palo Alto Networks Threat Prevention
- Fortinet FortiGate IPS
- SonicWall Network Security IPS
- Barracuda NextGen Firewall IPS
- Arbor Networks APS (Advanced Protection System)
2. 防火墙配置场景
2.1. 基本防火墙规则配置
常见设备:
- Cisco ASA (Adaptive Security Appliance)
- Fortinet FortiGate
- Palo Alto Networks Next-Generation Firewall
- SonicWall
- Check Point Firewall
2.2. 高级防火墙策略配置
常见设备:
- Cisco Firepower NGIPS
- Barracuda NextGen Firewall
- WatchGuard Firebox
- Sophos XG Firewall
- Juniper Networks SRX
3. VPN连接场景
3.1. VPN服务器配置
常见设备:
- Cisco ASA (Adaptive Security Appliance)
- Fortinet FortiGate
- Palo Alto Networks Next-Generation Firewall
- SonicWall
- Check Point Firewall
3.2. VPN 客户端配置
常见设备:
- Cisco AnyConnect
- FortiClient
- Palo Alto Networks GlobalProtect
- SonicWall Mobile Connect
- Check Point Endpoint Remote Access VPN
4. 网络流量监控场景
4.1. 流量监控工具部署
常见设备:
- SolarWinds Network Performance Monitor
- PRTG Network Monitor
- Wireshark
- Nagios
- Cisco NetFlow
4.2. 流量分析规则配置
常见设备:
- Splunk
- ELK Stack (Elasticsearch, Logstash, Kibana)
- Cisco Stealthwatch
- Darktrace
- FireEye Network Security and Forensics
5. 漏洞扫描场景
5.1. 内部网络漏洞扫描
常见设备:
- Nessus
- OpenVAS
- Qualys
- Rapid7 Nexpose
- Retina Network Security Scanner
5.2. 外部网络漏洞扫描
常见设备:
- Acunetix
- Burp Suite
- OWASP ZAP
- Netsparker
- QualysGuard
6. 日志管理场景
6.1. 日志收集配置
常见设备:
- Splunk
- ELK Stack (Elasticsearch, Logstash, Kibana)
- Graylog
- SolarWinds Log & Event Manager
- McAfee Enterprise Security Manager
6.2. 日志分析规则配置
常见设备:
- Splunk
- ELK Stack (Elasticsearch, Logstash, Kibana)
- IBM QRadar
- ArcSight ESM
- LogRhythm
7. 其它配置场景
7.1. 路由器配置
常见设备:
- Cisco ISR (Integrated Services Routers)
- Juniper MX Series
- Huawei AR Series
- HP Enterprise Routers
- MikroTik Routers
7.2. 交换机配置
常见设备:
- Cisco Catalyst Switches
- Juniper EX Series
- HP ProCurve Switches
- Arista Networks Switches
- Dell Networking Switches
7.3. 服务器安全配置
常见设备:
- Dell PowerEdge Servers
- HP ProLiant Servers
- IBM System x Servers
- Cisco UCS (Unified Computing System)
- Lenovo ThinkSystem Servers
8. 入侵防护和缓解配置场景
8.1. DDoS防护配置
常见设备:
- Arbor Networks APS
- Radware DefensePro
- F5 Networks BIG-IP ASM
- Cloudflare
- Akamai Kona Site Defender
8.2. 防止SQL注入攻击配置
常见设备:
- Imperva SecureSphere
- F5 Networks BIG-IP ASM
- Fortinet FortiWeb
- Barracuda Web Application Firewall
- Citrix NetScaler
8.3. 防止XSS攻击配置
常见设备:
- Imperva SecureSphere
- F5 Networks BIG-IP ASM
- Fortinet FortiWeb
- Barracuda Web Application Firewall
- Citrix NetScaler
8.4. 恶意软件防护配置
常见设备:
- Cisco AMP (Advanced Malware Protection)
- FireEye Malware Protection System
- Symantec Endpoint Protection
- McAfee Advanced Threat Defense
- Trend Micro Deep Discovery
8.5. 勒索软件防护配置
常见设备:
- Sophos Intercept X
- Bitdefender GravityZone
- Kaspersky Anti-Ransomware Tool
- Trend Micro Ransomware Protection
- Palo Alto Networks Traps
8.6. 高级持续性威胁(APT)防护配置
常见设备:
- FireEye Network Security
- Palo Alto Networks WildFire
- Symantec Advanced Threat Protection
- Cisco Advanced Malware Protection
- McAfee Advanced Threat Defense
9. 身份认证和访问控制配置场景
9.1. 多因素认证配置
常见设备:
- Duo Security
- RSA SecurID
- Google Authenticator
- Microsoft Authenticator
- Okta
9.2. 单点登录(SSO)配置
常见设备:
- Okta
- OneLogin
- Microsoft Azure AD
- Ping Identity
- IBM Security Access Manager
9.3. 基于角色的访问控制(RBAC)配置
常见设备:
- Cisco ISE (Identity Services Engine)
- Microsoft Active Directory
- Okta
- RSA Identity Governance and Lifecycle
- CyberArk
9.4. 网络准入控制(NAC)配置
常见设备:
- Cisco ISE (Identity Services Engine)
- Aruba ClearPass
- Forescout
- Juniper Networks NAC
- Sophos NAC
10. 数据保护和隐私配置场景
10.1. 数据加密配置
常见设备:
- Symantec Data Loss Prevention
- McAfee Total Protection for Data Loss Prevention
- Digital Guardian
- Trend Micro Endpoint Encryption
- Sophos SafeGuard Encryption
10.2. 数据丢失防护(DLP)配置
常见设备:
- Symantec Data Loss Prevention
- McAfee Total Protection for Data Loss Prevention
- Digital Guardian
- Trend Micro Endpoint Encryption
- Sophos SafeGuard Encryption
10.3. 隐私和合规性配置
常见设备:
- OneTrust
- TrustArc
- BigID
- RSA Archer
- IBM OpenPages
11. 无线网络安全配置场景
11.1. 无线入侵检测系统(WIDS)配置
常见设备:
- Cisco WIDS
- Aruba WIDS
- AirMagnet Enterprise
- Ubiquiti WIDS
- Fortinet FortiWIDS
11.2. 无线入侵防护系统(WIPS)配置
常见设备:
- Cisco WIPS
- Aruba WIPS
- AirMagnet Enterprise
- Ubiquiti WIPS
- Fortinet FortiWIPS
11.3. 无线网络访问控制配置
常见设备:
- Cisco ISE (Identity Services Engine)
- Aruba ClearPass
- Ruckus Cloudpath
- Meraki Systems Manager
- Fortinet FortiNAC
12. 云安全配置场景
12.1. 云访问安全代理(CASB)配置
常见设备:
- McAfee MVISION Cloud
- Netskope
- Symantec CloudSOC
- Microsoft Cloud App Security
- Cisco Cloudlock
12.2. 云工作负载保护平台(CWPP)配置
常见设备:
- Palo Alto Networks Prisma Cloud
- Trend Micro Deep Security
- Symantec Cloud Workload Protection
- McAfee MVISION Cloud
- Cisco Tetration
12.3. 云身份和访问管理(IAM)配置
常见设备:
- AWS IAM
- Microsoft Azure Active Directory
- Google Cloud Identity
- Okta
- Ping Identity
13. 邮件安全配置场景
13.1. 电子邮件过滤配置
常见设备:
- Cisco Email Security Appliance
- Symantec Email Security.cloud
- Mimecast
- Proofpoint
- Barracuda Email Security Gateway
13.2. 反垃圾邮件配置
常见设备:
- Cisco Email Security Appliance
- Symantec Email Security.cloud
- Mimecast
- Proofpoint
- Barracuda Email Security Gateway
13.3. 邮件加密配置
常见设备:
- Cisco Email Security Appliance
- Symantec Email Security.cloud
- Mimecast
- Proofpoint
- Barracuda Email Security Gateway
14. 物联网(IoT)安全配置场景
14.1. IoT设备安全配置
常见设备:
- Cisco IoT Threat Defense
- Palo Alto Networks IoT Security
- Forescout IoT Security
- Check Point IoT Protect
- Trend Micro IoT Security
14.2. IoT网络隔离配置
常见设备:
- Cisco IoT Threat Defense
- Palo Alto Networks IoT Security
- Forescout IoT Security
- Check Point IoT Protect
- Trend Micro IoT Security
15. 备份和恢复配置场景
15.1. 数据备份配置
常见设备:
- Veeam Backup & Replication
- Acronis Backup
- Symantec Backup Exec
- Dell EMC Avamar
- Commvault
15.2. 灾难恢复配置
常见设备:
- Veeam Backup & Replication
- Acronis Backup
- Symantec Backup Exec
- Dell EMC Avamar
- Commvault
All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
Comment
ValineDisqus