Hi,
請選擇管理功能:
College
win_nas
請先選擇語言
Deutsch
Global English
English
italiano
français
Nederlands
русский
日本語
繁體中文
简体中文
한국어
Česká
Español
Türk
Português
Svenska
Polish
Thai
Magyar
Vietnamese
Finnish
Back to college List
Date:
Topic_id:
Subject:
Description:
content:
<h4><strong>課程目的</strong></h4> <p><span style="line-height: 1.5;">完成此課程後您將能夠:</span></p> <ol> <li>在 ASUSTOR NAS 上設定信任清單。</li> <li>在 ASUSTOR NAS 上啟用智慧安全防護。</li> <li>在 ASUSTOR NAS 上設定防火牆設定檔並啟用防火牆。</li> </ol> <br /> <h4><strong>必修項目</strong></h4> <p><span style="line-height: 1.5;"><strong><i>課程必修項目:</i></strong></span></p> <p><span style="line-height: 1.5;">無</span></p> <p><span style="line-height: 1.5;"><strong><i>學生須先具備以下知識:</i></strong></span></p> <p><span style="line-height: 1.5;">無</span></p> <br /> <h4><strong>大綱</strong></h4> <p><a href="#defend1">1. ADM Defender 簡介</a></p> <p><a href="#defend2">2. 新增信任清單</a></p> <p><a href="#defend3">3. 啟用智慧安全防護</a></p> <p><a href="#defend4">4. 啟用防火牆</a></p> <p style="padding-left: 20px;"><a href="#defend41">4.1 管理防火牆設定檔</a></p> <p><a href="#defend5">5. 備註</a></p> <br /><br /><hr /><br /> <h4><strong><a name="defend1"></a>1. ADM Defender 簡介</strong></h4> <p><span style="line-height: 1.5;">全新 ADM Defender 提供預設及自訂的防火牆設定規則,智慧安全防護可主動防堵可疑 IP 連線到 NAS,同時能監測網路傳輸封包以攔截可疑的網路活動。獨立的 App 設計,能更方便啟用防火牆及安全防護,主動的防堵可以有效降低 NAS 被攻擊的風險,進一步提昇 ADM 的資料安全性。</span></p> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-info-sign"></span> ADM 5.0 及以上版本支援。</span></p> <br /> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910135830_ADM_Desktop.png" alt="" width="880" height="529" title="" align="" /></p> <br /><br /><br /> <h4><strong><a name="defend2"></a>2. 新增信任清單</strong></h4> <p><span style="line-height: 1.5;">信任清單中指定的 IP 位址允許連線的優先權最高,在信任清單中的 IP 即使錯誤登入次數超過限制,也不會被列入自動黑名單封鎖。</span></p> <br /> <ul> <li>使用網頁瀏覽器並以 Administrators 群組的帳號登入 ADM。</li> <li>選擇 [ADM Defender] <span class="glyphicon glyphicon-arrow-right"></span> [信任清單] 。</li> <li>點擊 [新增]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910140819_ADM_Defender_trusted_list_s1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>選擇不同格式以新增信任清單。 <ul> <li>IP 位址: <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910140903_ADM_Defender_trusted_list_s2.png" alt="" width="880" height="528" title="" align="" /></p> </li> <li>IP 區段: <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910140932_ADM_Defender_trusted_list_s3.png" alt="" width="880" height="528" title="" align="" /></p> </li> <li>子網路遮罩: <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910140956_ADM_Defender_trusted_list_s4.png" alt="" width="880" height="528" title="" align="" /></p> </li> </ul> </li> </ul> <br /> <ul> <li>點擊 [匯入] 可使用 csv 檔案同時新增多筆信任清單。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910141039_ADM_Defender_trusted_list_import.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>新增到信任清單的 IP 位址將被允許連線至 ASUSTOR NAS。</li> <li>可在此編輯或移除信任清單。</li> <li>信任清單可匯出為 csv 檔案以備份設定。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910141101_ADM_Defender_trusted_list_s5.png" alt="" width="880" height="528" title="" align="" /></p> <br /><br /><br /> <h4><strong><a name="defend3"></a>3. 啟用智慧安全防護</strong></h4> <p><span style="line-height: 1.5;">啟用智慧安全防護功能,可主動阻止可疑 IP 位址連線到您的 NAS。</span></p> <br /> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-list"></span> <strong>自動黑名單:</strong><br />自動黑名單會自動封鎖在設定的時間內多次嘗試登入失敗的用戶端 IP 位址。</span></p> <ul> <li>選擇 [智慧防護] <span class="glyphicon glyphicon-arrow-right"></span> [自動黑名單] 。</li> <li>勾選 [啟用自動黑名單] 並點擊 [套用]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910142548_ADM_Defender_auto_blacklist_s1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>點擊 [匯入] 可使用 csv 檔案同時新增多筆黑名單。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910142637_ADM_Defender_auto_blacklist_s2.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>系統管理員可以在「偏好設定」中更改自動封鎖的策略規則。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910142703_ADM_Defender_auto_blacklist_s3.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910142827_ADM_Defender_auto_blacklist_s3-1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>自動新增到黑名單的 IP 位址將被禁止連接到 ASUSTOR NAS。</li> <li>可在此移除黑名單。</li> <li>黑名單可匯出為 csv 檔案以備份設定。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910142845_ADM_Defender_auto_blacklist_s4.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-list"></span> <strong>風險名單:</strong><br />啟用 IP 風險偵測後,ADM 將檢查任何嘗試連線到 NAS 的 IP,不在防火牆設定的拒絕 IP 列表及信任清單裡的 IP 都將被檢查。透過跟 ADM 已儲存的風險名單或 AbuseIPDB 線上資料庫比對,存在於 ADM 風險名單內的 IP 或超過指定風險值的 IP 都將直接被封鎖,不允許登入及連線,被封鎖的 IP 則會直接加入風險名單內。<br />使用此功能前,請先至 AbuseIPDB 註冊帳號並取得 API key。點擊<a href="https://www.asustor.com/knowledge/detail?group_id=1023" target="_blank" rel="noopener"><u>這裡</u></a>查看使用教學。若 IP 比對次數已超過 AbuseIPDB 方案的單日上限,如欲增加比對次數請取得 AbuseIPDB 付費方案並輸入 API key。</span></p> <br /> <ul> <li>選擇 [智慧防護] <span class="glyphicon glyphicon-arrow-right"></span> [風險名單] 。</li> <li>勾選 [啟用 IP 風險偵測]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910144146_ADM_Defender_risk_greylist_s1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>輸入從 AbuseIPDB 取得的 API key,點擊 [驗證]。</li> <li>選擇一個風險值後點擊 [套用]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910144204_ADM_Defender_risk_greylist_s2.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>在偏好設定中,可以設定風險名單 IP 的封鎖期間及需要封鎖的連線服務,預設將永遠封鎖這些可疑 IP,最短可設定為封鎖 7 天。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910144224_ADM_Defender_risk_greylist_s3.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>自動新增到風險名單的 IP 位址將被禁止連接到 ASUSTOR NAS。</li> <li>可在此移除風險名單。</li> <li>風險名單可匯出為 csv 檔案以備份設定。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910144237_ADM_Defender_risk_greylist_s4.png" alt="" width="880" height="528" title="" align="" /></p> <br /><br /><br /> <h4><strong><a name="defend4"></a>4. 啟用防火牆</strong></h4> <p><span style="line-height: 1.5;">啟用防火牆可允許或拒絕特定用戶端 IP 位址、整個 IP 範圍或整個地區連線到您的 NAS。ADM Defender 預設提供「僅限內網」及「僅限地域性網際網路連線」設定檔可直接套用,亦可新增自訂的防火牆規則。自訂防火牆規則可設定防護全部或特定的網路界面、通訊埠及通訊協定。<br />為了確保在拒絕所有與 NAS 的連線時能繼續連線您的 NAS,請確保您的用戶端設備 IP 位址已添加到允許連線清單中,否則所有設備將被拒絕連線。</span></p> <br /> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-info-sign"></span> 要使用地理位置定義 IP 位址或顯示 IP 的所在地區資訊,請先安裝 App Central 上的 Geo IP Database App。</span></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910171836_App_central_geoip_database.png" alt="" width="880" height="506" title="" align="" /></p> <br /> <ul> <li>選擇 [防火牆] <span class="glyphicon glyphicon-arrow-right"></span> [一般] 。</li> <li>勾選 [啟用防火牆]。</li> <li>選擇需啟用的設定檔,或新增設定檔後點擊 [套用]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910144846_ADM_Defender_firewall_s1.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910144910_ADM_Defender_firewall_s2.png" alt="" width="880" height="528" title="" align="" /></p> <br /><br /> <p><b><b><a name="defend41"></a>4.1 管理防火牆設定檔</b></b></p> <br /> <ul> <li>選擇 [防火牆] <span class="glyphicon glyphicon-arrow-right"></span> [一般] 。</li> <li>點擊 [新增設定檔]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150134_ADM_Defender_firewall_s2-1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>選擇 [防火牆] <span class="glyphicon glyphicon-arrow-right"></span> [設定檔管理] 。</li> <li>點擊 [新增]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150209_ADM_Defender_firewall_profile_s1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-list"></span> <strong>僅限內網:</strong><br />ADM Defender 預設提供「僅限內網」設定檔可直接套用,若您只允許 NAS 在內網內連接使用,可啟用這個設定檔阻擋所有不在內網的客戶端裝置包含使用手機網路連線的手機 App 連線到 NAS。</span></p> <br /> <ul> <li>選擇 [僅限內網],點擊 [套用]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150231_ADM_Defender_firewall_profile_s2.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>點擊 [確定] 即可啟用防火牆及此設定檔。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150253_ADM_Defender_firewall_profile_s3.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-list"></span> <strong>僅限地域性網際網路:</strong><br />ADM Defender 預設提供「僅限地域性網際網路連線」設定檔可直接套用,若您只允許 NAS 在你所在的國家地區內連接使用,可啟用這個設定檔阻擋所有不在此國家地區內的客戶端裝置連線到 NAS。</span></p> <br /> <ul> <li>選擇 [僅限地域性網際網路],點擊 [下一步]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150635_ADM_Defender_firewall_profile_s4.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>選擇 [允許連線的國家地區],點擊 [套用]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150710_ADM_Defender_firewall_profile_s5.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150725_ADM_Defender_firewall_profile_s6.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>確認設定檔已啟用。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150807_ADM_Defender_firewall_profile_s7.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-list"></span> <strong>自定義:</strong></span></p> <br /> <ul> <li>選擇 [自定義],點擊 [套用]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910150822_ADM_Defender_firewall_profile_s8.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>輸入自定義的設定檔名稱。</li> <li>點擊 [新增]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910152432_ADM_Defender_firewall_profile_custom_s1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>選擇此規則允許或拒絕連線的網路界面。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910152452_ADM_Defender_firewall_profile_custom_s2.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910152905_ADM_Defender_firewall_profile_custom_s5.png" alt="" width="600" height="426" title="" align="" /></p> <br /> <ul> <li>選擇來源 IP 位址或地區。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910152803_ADM_Defender_firewall_profile_custom_s6.png" alt="" width="600" height="425" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153014_ADM_Defender_firewall_profile_custom_s6-1.png" alt="" width="600" height="426" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153030_ADM_Defender_firewall_profile_custom_s6-2.png" alt="" width="600" height="426" title="" align="" /></p> <br /> <ul> <li>選擇受限的通訊埠。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153046_ADM_Defender_firewall_profile_custom_s7.png" alt="" width="600" height="426" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153101_ADM_Defender_firewall_profile_custom_s7-1.png" alt="" width="600" height="426" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153132_ADM_Defender_firewall_profile_custom_s7-2.png" alt="" width="600" height="426" title="" align="" /></p> <br /> <ul> <li>點擊 [確定] 啟用此自定義設定檔。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153542_ADM_Defender_firewall_profile_custom_s3.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153559_ADM_Defender_firewall_profile_custom_s3-1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <p><span style="line-height: 1.5;">預設的設定檔僅供檢視,不可修改。但可以將其複製到另一個設定檔並編輯修改其中規則。</span></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153649_ADM_Defender_firewall_profile_manage.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153724_ADM_Defender_firewall_profile_view.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <p><span style="line-height: 1.5;">例如:複製原來的「僅限地域性網際網路連線」設定檔,編輯加入另一個允許連線的國家地區。</span></p> <ul> <li>選擇「僅限地域性網際網路連線」,點擊 [複製]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153649_ADM_Defender_firewall_profile_manage.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>輸入自定義的設定檔名稱。</li> <li>選擇來源為地理位置的規則,點擊 [編輯]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153845_ADM_Defender_firewall_profile_copy_s1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>選擇其他地理位置,點擊 [確定]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153911_ADM_Defender_firewall_profile_copy_s2.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>確認規則後,點擊 [確定]。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910153938_ADM_Defender_firewall_profile_copy_s3.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>可在此移除未啟用的自定義或修改後的設定檔。</li> <li>防火牆設定檔可匯出為 JSON 檔案以備份設定。</li> <li>點擊 [匯入] 可使用 JSON 檔案新增防火牆設定檔。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910154249_ADM_Defender_firewall_profile_copy_s4.png" alt="" width="880" height="528" title="" align="" /></p> <br /><br /><br /> <h4><strong><a name="defend5"></a>5. 備註</strong></h4> <ul> <li>封包事件記錄:啟用自動黑名單、風險名單或防火牆之後,被阻攔的封包將記錄於此。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910154856_ADM_Defender_packet_log.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910154910_ADM_Defender_packet_log_1.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>封包擷取: <ul> <li>啟用 [自動封包擷取] 後,當指定擷取時間內達到您指定的攔截次數時,系統將自動開始擷取封包,您可以調整擷取的時間長度。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910154946_ADM_Defender_packet_capture_s1.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910155005_ADM_Defender_packet_capture_s2.png" alt="" width="880" height="528" title="" align="" /></p> <br /> <ul> <li>可在任何時間手動擷取封包。</li> </ul> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910155022_ADM_Defender_packet_capture_s3.png" alt="" width="880" height="528" title="" align="" /></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910155041_ADM_Defender_packet_capture_s4.png" alt="" width="880" height="528" title="" align="" /></p> </li> </ul> <br /> <p><span style="line-height: 1.5;">擷取的封包資料可以 PCAP 或 TXT 檔案格式下載,以便更深入的分析網路攻擊行為。</span></p> <p><span style="line-height: 1.5;"><span class="glyphicon glyphicon-info-sign"></span> 需安裝其他支援 PCAP 檔案的軟體才能開啟這類檔案,例如:WireShark 或 NetworkMiner。</span></p> <p><img src="https://www.asustor.com/images/tinymce/upload_img_20250910171302_Wireshark_screen.png" alt="" width="900" height="483" title="" align="" /></p>
Publish:
Don't Publish
Publish