安全故障点之一你不知道的升级
题记
安全设备经常会因为功能迭代、规则更新进行大版本升级,而升级包内容本身对甲方而言是黑盒的,你永远不知道设备在升级时新增了哪些代码,删除了哪些功能点。
本文不对定制系统升级产生的问题进行展开讨论,仅对原版本升级进行简单论述。文中出现的案例纯属猜测,如有雷同请尽量避免。
故障一:问题描述,访问策略不通
某终端类设备在升级后,服务器和网络出现了大面积访问不同的情况或设备访问地址不通的情况。
故障一:原因分析,ips、iptables启动
首先排除了防火墙以及阻断类设备发生的阻断,问题本身出现在了终端类设备开启了ips功能或iptables,对之前防火墙已放行的端口及访问控制进行了阻断。
实际中遇到过升级后开启了ips、开启了iptables、设备路由表配置丢失等情况
故障一:解决方案,把厂商吊起来打
紧急回退、灰度测试与发布、把厂商吊起来打。
故障二:问题描述,少量终端类设备无法上网了
少量终端无法访问内网等系统,影响了领导日常办公。排除简单问题mac地址冲突和ip地址冲突,通过抓包无异常,只发设备连接被重置了,怀疑猜测有未知设备发起rst包。
故障二:原因分析
准入类软件升级,因判定/禁用rst包功能出现故障,向防火墙发起rst包进行旁路阻断。
故障二:解决方案,把厂商吊起来打
紧急回退、灰度测试与发布、把厂商吊起来打。
故障三:问题描述,大量终端类设备无法上网了
未发生计划性变更,防火墙、dhcp等基础设备正常,但大面积员工无法正常冲浪了。
故障三:原因分析,设备静默升级,升级后开启了阻断功能
设备因需要与互联网通讯,升级防护规则以及版本升级,升级时间不可预知。升级后设备自动开启了阻断功能。
因自身业务系统在开发时存在问题,出现了大量存在被“误报”的正常功能点,安全设备进行旁路阻断。
故障三:解决方案,把厂商吊起来打
紧急回退、灰度测试与发布、把厂商吊起来打。
Spot onn with tthis write-up, I abwolutely believe that this sit
needs much more attention. I’ll probsbly be returning to readd
more, thanks for thhe info!
Outstandong story there. What occurred after? Goood luck!
Howddy jjust wwanted to give youu a quick eads up. The words
in yur content seem tto be running offf thhe screen inn Opera.
I’m not sure iff this is a formatting issue oor somkething tto do with inernet browser compatibility bbut I thought I’d pos too llet you know.
Thhe design look grezt though! Hope you geet tthe issue resollved soon. Thanks
Whyy people still make uuse of to read news papers when in this technological glopbe
everything is presente on net?
After looking aat a numbrr of thee blog podts onn yopur blog,
I seriously like your way off writing a blog.
I saed aas a fvorite iit too mmy bookmarrk site liswt aand will
bbe checking back soon. Pleease visit myy web site aas well annd
let mme knjow your opinion.
Hi would yyou mind statikng whch blig platform you’re using?
I’m planning too start my own blog soon but I’m having
a difficult time deciding between BlogEngine/Wordpress/B2evolution andd Drupal.
Thhe reason I aask iss because your design aand style sedms different then most blogfs andd
I’m looking forr something completely unique. P.S Aplogies for getting off-topic but I had too ask!
Excelklent post. I wwas checking constantly tis webloog andd I amm inspired!
Verry helplful infformation speciftically the final ssection 🙂 I take care of such info a lot.
I was seeking his cwrtain information for a vesry
lengthy time. Thank you and best off luck.