Umuhuzabikorwa wa Pake ya Mylinking™ Network hamwe na Inline Bypass Switch ML-BYPASS-M2000
Moduli ya Bypass: 8 * 10G SFP + na 4 * 100GE, Moduli ya Monitor: 16 * 10GE SFP + na 4 * 100GE, Ibiyiko ntarengwa 2.4
1-Incamake
Kubera iterambere ryihuse rya interineti, ikibazo cy’umutekano w’amakuru kuri interineti kirushaho gukomera, bityo porogaramu zitandukanye zo kurinda umutekano w’amakuru zikoreshwa cyane. Byaba ibikoresho bisanzwe byo kugenzura uburyo bwo kwinjira (firewall) cyangwa ubwoko bushya bw’uburyo bwo kurinda bugezweho nka sisitemu yo gukumira kwinjira (IPS), urubuga rw’imicungire y’ibitero by’iterabwoba (UTM), sisitemu yo kurwanya ibitero by’abadashaka (Anti-DDoS), Gateway yo kurwanya spam, Sisitemu yo kugenzura no kugenzura ibinyabiziga bya DPI, hamwe n’ibikoresho byinshi by’umutekano bishyirwa mu buryo butandukanye mu buryo bw’ingenzi bw’umuyoboro, ishyirwa mu bikorwa rya politiki y’umutekano w’amakuru ijyanye nayo kugira ngo hamenyekane kandi hakorwe n’ibijyanye n’urujya n’uruza rwemewe n’amategeko / rutemewe n’amategeko. Ariko, muri icyo gihe kimwe, umuyoboro wa mudasobwa uzatera gutinda gukomeye kwa interineti cyangwa ndetse no guhungabana kwa interineti mu gihe habayeho kwangirika, kubungabunga, kuvugurura, gusimbuza ibikoresho n’ibindi mu buryo bwizewe cyane bwo gukora umuyoboro, abakoresha ntibashobora kwihanganira.
ML-BYPASS-M2000 Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch byakorewe ubushakashatsi kandi bigakorwa kugira ngo bikoreshwe mu gushyira mu bikorwa ibikoresho bitandukanye by’umutekano mu buryo bworoshye mu gihe bitanga uburyo bwo kwizerwa cyane.
Mu gushyiraho Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch:
●Abakoresha bashobora gushyiraho/gukuraho ibikoresho birinda umutekano mu buryo bworoshye nta kugira icyo bahindura cyangwa ngo bahagarike umuyoboro usanzweho;
● Ifite uburyo bwo gupima ubuzima bw’ubwenge kugira ngo ikurikirane imikorere isanzwe y’ibikoresho by’umutekano byahujwe mu buryo bufatika mu gihe nyacyo. Iyo igikoresho cy’umutekano cyahujwe kigize ikibazo, umurinzi azahita anyura mu buryo bwikora kugira ngo akomeze itumanaho risanzwe ry’umuyoboro.
●Ikoranabuhanga ryo kurengera ibinyabiziga rishobora gukoreshwa mu gushyiraho ibikoresho byihariye byo gukaraba ibinyabiziga, ibikoresho byo kugenzura bishingiye ku igenzura, nibindi. Rishyira mu bikorwa neza uburyo bwo kurinda ibinyabiziga byinjira mu murongo ku bwoko bwihariye bw'ibinyabiziga, rikuramo ibikoresho bikoresha umurongo umwe.
● Ikoranabuhanga ryo kurinda umutwaro rishobora gukoreshwa mu gushyira ibikoresho birinzwe mu murongo mu matsinda kugira ngo bihuze n'ibikenewe mu kurinda umutekano mu murongo mu gihe cy'ubushyuhe bwinshi bw'umuvuduko w'itumanaho.
●Ifite ubushobozi bwo gukora porogaramu ya SSL, ihura n'ibisabwa mu kugenzura no gusesengura ibikoresho birinda umutekano ku makuru adasobanutse.
● Ifite ubushobozi bw'ibanze bwo gutunganya urujya n'uruza rw'abantu nko gukusanya amakuru, kuyakusanya, kuyayungurura no kuyashyiraho, ndetse n'ubushobozi bwo gutunganya amakuru agezweho nko kuyakuraho, kuyapfuka, kumenya uburyo bwo kuyakoresha, no kuyahindura mu buryo bugezweho.
2-Mylinking™ Network Packet Broker hamwe n'ibikoresho bigezweho bya Inline Bypass Switch n'ikoranabuhanga
Uburyo bwo Kurinda bwa Mylinking™ “SpecFlow” n'ikoranabuhanga rya “FullLink”
Ikoranabuhanga ryo Kurinda Guhindura Inzira mu Buryo bwihuse bwa Mylinking™
Ikoranabuhanga rya Mylinking™ “LinkSafeSwitch”
Ikoranabuhanga rya Mylinking™ “WebService” rijyanye no kohereza/gutanga amakuru ku buryo burambye
Ikoranabuhanga ryo Gutahura Paki y'Umutima ya Mylinking™ Intelligent
Kwandika kwanjye™ Ikoranabuhanga ry'udupfunyika tw'umutima dusobanutse
Kwandika kwanjye™ Ikoranabuhanga ryo Kunoza Imitwaro mu Mirongo Itandukanye
Kwandika kwanjye™ Ikoranabuhanga ryo Gukwirakwiza Ibinyabiziga mu Buhanga
Kwandika kwanjye™ Ikoranabuhanga ryo Kugereranya Umutwaro Udahinduka
Kwandika kwanjye™ Ikoranabuhanga ryo gucunga kure (HTTP/WEB, TELNET/SSH, "EasyConfig/AdvanceConfig" Iranga)
3-Mylinking™ Network Packet Broker hamwe n'Ubuyobozi bwo Guhindura Uburyo bwo Guhindura Uburyo bwo Gukoresha Inline Bypass
Nkuko bigaragara ku gishushanyo kiri hejuru, igice cyose kigizwe n'imirongo ine ya modular:
Imirongo ya module ya SLOT1, SLOT2, SLOT3, na SLOT4 ishobora kwakira module za port zo kurinda za BYPASS cyangwa module za port za MONITOR zifite ibiciro bitandukanye n'imibare ya port. Mu gusimbuza module zitandukanye, birashoboka gushyigikira uburinzi bwa BYPASS ku miyoboro myinshi ya 10G/40G/100G, ndetse no gushyiraho ibikoresho byo kugenzura bya Inline Bypass ku miyoboro myinshi ya 10G/40G/100G.
Icyitonderwa: Moduli ya BYPASS na module ya MONITOR byombi bishyigikira guhinduranya amakuru mu buryo bugezweho.
3.1-Urutonde rw'ibiranga module
| Icyitegererezo cy'ibicuruzwa | ImikorereParamateri |
| Cikibazo | |
| ML-BYPASS-M2000-CHS/AC | 2U isanzwe ya santimetero 19; ikoreshwa ry'ingufu ntarengwa rya 300W; modular BYPASS protector main unit; module slots 4; 1*RS232 Console interface, 1*10/100/1000M RJ45 interface hamwe n'imicungire y'umuyoboro wo hanze; AC-220V y'amashanyarazi abiri; |
| NT-BYPASS-M2000-CHS/DC | 2U isanzwe ya santimetero 19; ikoreshwa ry'ingufu ntarengwa rya 300W; modular BYPASS protector main unit; module slots 4; 1*RS232 Console interface, 1*10/100/1000M RJ45 interface hamwe n'imicungire y'umuyoboro wo hanze; dual power supply DC-48V; |
| BURYO BWO KUNYURAHOModule | |
| INL-I8XM8X(LM/SM) | Ishyigikira uburinzi bw'imirongo ya 10GE (ijyanye na 1G) ifite uburyo bwo kurinda imikoranire, ifite ubushobozi bwo kugenzura 8 * 10GE; ishyigikira uburyo bwo kugenzura 8 * 10G SFP + (hatarimo modules optique). |
| INL-I4HM2H (LM/SM) | Ishyigikira uburinzi bw'uruhererekane bwa 100GE (bujyanye na 40GE) bw'inzira ebyiri, ifite imiyoboro 4 * 100GE yose hamwe; ishyigikira imiyoboro 2 * 100GE QSFP28 yo kugenzura (hatarimo modules optique). |
| Moduli yo kugenzura | |
| KUWA MBERE-M16X | Imbuga zo kugenzura za 16 * 10GE SFP + (hatarimo modules optique); |
| MON-M16X-CN98 | Imbuga zo kugenzura za 16 * 10GE SFP + (module y'amajwi ntabwo irimo); zifite moteri igezweho, ishyigikira imikorere igezweho yo gutunganya traffic nka bypass SSL decryption, SSL proxy, na traffic dragplication; |
| Kuva kuwa mbere kugeza kuwa gatanu | Imbuga zo kugenzura za 4 * 100GE QSFP28 (modules optique ntabwo zirimo); |
| KUWA MBERE-M4H-CN98 | Imbuga zo kugenzura za 4 * 100GE QSFP28 (ntizirimo modules optique); zifite moteri igezweho, ishyigikira imikorere igezweho yo gutunganya traffic nka bypass SSL decryption, SSL proxy, na traffic dragplication; |
3.2-Amategeko yo Guhitamo Module
Ukurikije uburyo butandukanye bwo kurinda no kugenzura ibikoresho, ushobora guhitamo mu buryo bworoshye imiterere itandukanye ya module kugira ngo ihuze n'ibyo ukeneye mu bidukikije; nyamuneka kurikiza aya mategeko mugihe uhitamo:
1) Guteranya chassis ni ikintu cy'ingenzi kandi kigomba gutoranywa mbere yo guhitamo izindi module. Nyamuneka hitamo kandi uburyo bukwiye bwo gutanga amashanyarazi (AC/DC) ukurikije ibyo ukeneye.
2) Iyi mashini ishyigikira imyanya ya module 4 ntarengwa; ntushobora guhitamo module zirenze umubare w'imyanya yo kuyishyiraho. Hashingiwe ku buryo bworoshye bwo guhuza module zitandukanye, iyi mashini ishobora gushyigikira uburinzi bw'uruhererekane kugeza kuri linki 16 za 10GE/GE cyangwa linki 8 za 100GE/40GE.
4-Ubushobozi bwo gutunganya ibinyabiziga mu buryo bw'ubwenge
4.1-Gushyira mu bikorwa umurongo
Uburinzi bwihariye bw'umuhanda mu muhanda
IrashyigikiraUmurongo (urukurikirane)uburyo bwo kurinda ubwoko bwihariye bw'imodoka muri ubwo buryo bwoseumurongoumurongo.Toohereza ubwoko bumwe na bumwe bw'abakoresha ku rubugaumurongoumurongo ugana kuriUmurongo Sumutekanoigikoreshokugira ngo itunganywe, kandi ibisigaye byoherezwa mu buryo butaziguye bitanyuze muriUmurongo SumutekanoigikoreshoMuri icyo gihe,itikora igenzura ryihuse ku mikorere yaUmurongo Sumutekanoigikoresho. Igihe imiterere y’ibicuruzwa bidasanzwe yagaragaraga,itbizavanwa mu nzira yo kohereza amakuru mu buryo bwikora kugira ngo serivisi y'umuyoboro ikomeze.
Uburinzi bwose bw'umuhanda mu muhanda
IrashyigikiraUmurongo (urukurikirane)uburyo bwo kurinda ubwoko bwose bw'imodoka muri ubwo buryo bwoseumurongoumurongo.Tokohereza urujya n'uruza rw'abantu bose muriumurongoumurongo ugana kuriUmurongo Sumutekanoigikoreshoyo gutunganya, no gukurikirana imikorere ya Inline Securityigikoreshomu gihe nyacyo. Igihe imiterere y’ibijyanye n’umuhanda idasanzwe yagaragaraga,itbizavanwa mu nzira yo kohereza amakuru mu buryo bwikora kugira ngo serivisi y'umuyoboro ikomeze.
Ingano y'imizigo
Ifite ubushobozi bwo kuringaniza umutwaro w'imodoka mu buryo bw'ubwenge. Iyo imikorere yo gutunganya imodoka imweUmurongo Sumutekanoigikoreshontabwo bihagije guhangana n'ikibazoumurongourujya n'uruza rw'itumanaho, ishobora kugenaumurongoHuza ubwikorezi bw'imodoka kuri N Monitor ukoresheje uburyo bwo guhuza imizigo. Dukurikije MAC, amakuru ya IP, nimero ya port, protocole n'andi makuru,itikora uburyo bwo kwishyura bwa Hash algorithm, kugira ngoumurongourujya n'uruza rw'abantu ku murongo rukwirakwizwa ku buryo bungana kuri byinshiumurongoumutekanoIgikoreshos yo gutunganya amatsinda, ibyo bikaba binoza neza imikorere rusange yo gutunganyaumurongoumutekanoIgikoreshos. Kugira ngo habeho guhuza n'ibisabwa ku muyoboro munini w'itumanaho n'ibipimo by'urujya n'uruza rw'abantu benshi.
Gusuzuma Paketi y'Umutima
IrashyigikiraTxnaRxudupaki two kumenya umutima binyuze kuri uplink na downlink bya connectedumurongoibikoresho by'umutekano, kandi ikamenyaibikoresho biri kuri interinetiimiterere y'akazi n'uko inzira yo gutunganya urujya n'uruza rw'abantu imeze nk'isanzwe. Itera ry'umutima rigana mu cyerekezo cy'ibiriipakiuburyo bwo gutahura bushobora kugaragaza neza uko ibintu bimeze ubuumurongoumutekanoigikoresho, kandi bikarushaho gutuma umuyoboro ukora neza.
Ishobora guhindura ibipimo by'umutima w'umuntu uwo ari we weseumurongoigikoresho cy'umutekano, nk'umutimaTxigihe ntarengwa cyo gusubiramo umutima, igihe ntarengwa cyo kongera kugerageza umutima, igihe umutima uteraTxicyerekezo, nibindi. Ishobora kumenya no gucira urubanza imiterere y'ikosa ryaumurongoibikoresho by'umutekano ku gihe, kandi bigatuma habaho kwihuta mu guhinduranya imiyoboro y'uburinzi.
Paketi zo gutahura umutima ni amafuremu ya Ethernet layer 2 asanzwe. Iyo uburyo bwa Layer 2 bridge bugaragara (nka IPS/FW) bukoreshejwe, amafuremu ya Ethernet layer 2 azoherezwa mu buryo busanzwe nta gufunga cyangwa ngo agwe. Muri icyo gihe, ishobora kandi gushyigikira pakiti za Ethernet layer 2, layer 3 na layer 4 zo gutahura umutima kugira ngo zihuze n'ibintu byihariye.umurongoIbikoresho by'umutekano ntibishobora kohereza amafuremu asanzwe ya Ethernet layer 2.
Hashingiwe ku buryo bwavuzwe haruguru, abakoresha bashobora kubona ingaruka zo kumenya ubuzima bw'ibikoresho by'umutekano bihujwe ku rwego rwa serivisi, kugira ngo babashe kwemeza ko serivisi z'umutekano zikora neza kurushaho.
Guhindura inzira yo kwinjira
Ishyigikira inzira yoroshye cyane yo kunyuramoguhinduragutinda (<8ms), kandi abakoresha ntibashobora kumva ingaruka ku muyoboro w'itumanaho iyo igikoresho gikoresheje inzira yo kunyuramoguhinduraMuri icyo gihe, ikoranabuhanga ryo guhindura Link ryihariye ku gikoresho rishobora kwemeza ko imiterere y'ihuza ry'ihuza ry'ibanze idahinduka mu gihe cyo kunyura mu nziraguhinduraIri koranabuhanga rizafasha kwemeza ko inzira yo kunyuramoguhindurairinzwe cyane, kandi ntabwo izatuma porotoliyo ya topology y'urwego rwa 2 / Icyiciro cya 3 cy'imiyoboro irinzwe yongera kubarwa no guhuzwa, kugira ngo igabanye ingaruka ku muyoboro w'abakoresha mu giheguhindura.
Guhagarika imodoka
Iyo igikoresho cy’umutekano kibonye ko hari umurongo utemewe cyangwa udasanzwe mu muhanda kandi kigakenera kuwufunga ku gihe, igikoresho gishobora gufata amapaki yose yagenwe mu muhanda uzamuka/umanuka waumurongoumurongo ushingiye ku miterere ya tuple matching filter kugira ngo serivisi za network zikore neza mu mutekano.
Indorerwamo y'ibinyabiziga
Uretse kurinda urujya n'uruza rw'imodoka n'igikoresho cya Inline Security (nka IPS, WAF), urujya n'uruza rw'imodoka rwa SPAN rushobora no gushyirwa muri sisitemu yo kugenzura umutekano wa SPAN (nka IDS, APT), kugira ngo huzuzwe ibisabwa mu kugenzura amakuru y'imodoka cyangwa isuzuma n'igenzura ry'imodoka muri SPAN.
Porogisi ya SSL
Binyuze muri SSL proxy function, paki y’umwimerere ihishe irakurwaho uburinzi yoherezwa kuri sisitemu yo kurinda umutekano, hanyuma amakuru yakuweho uburinzi agasubizwa kuri link y’umwimerere, kugira ngo amakuru yakuweho uburinzi yoherezwe kuri sisitemu yo kurinda umutekano yo mu murongo nta ngaruka ku kohereza amakuru yakuweho uburinzi ku link y’umwimerere y’umukoresha, kandi igenzure kandi isesengura amakuru yakuweho uburinzi n’isitemu yo gusesengura.
4.2-Gutanga serivisi zo muri SPAN
Uburyo bwo kohereza amakuru ku rubuga
IrashyigikiraUmurongo (urukurikirane)uburyo bwo kurinda ubwoko bwihariye bw'imodoka muri ubwo buryo bwoseumurongoumurongo.Toohereza ubwoko bumwe na bumwe bw'abakoresha ku rubugaumurongoumurongo ugana kuriUmurongo Sumutekanoigikoreshokugira ngo itunganywe, kandi ibisigaye byoherezwa mu buryo butaziguye bitanyuze muriUmurongo SumutekanoigikoreshoMuri icyo gihe,itikora igenzura ryihuse ku mikorere yaUmurongo Sumutekanoigikoresho. Igihe imiterere y’ibicuruzwa bidasanzwe yagaragaraga,itbizavanwa mu nzira yo kohereza amakuru mu buryo bwikora kugira ngo serivisi y'umuyoboro ikomeze.
Guteranya urujya n'uruza rw'abantu ku rubuga
Urujya n'uruza rw'amajwi rwabanje gukorwa rushobora gukoporora ikimenyetso cya N hakurikijwe ikimenyetso cya 1 cyangwa gukoporora ikimenyetso cya M nyuma yo gukusanya ikimenyetso cya N kuri GE, 10GE, 40G na 100G line speed forwarding, ibi bikaba bikemura neza ibikenewe byo gushyira ibikoresho birenga bibiri byo kumva kuri interineti icyarimwe.
Gukwirakwiza/Kohereza amakuru
Yashyize mu byiciro amakuru yinjira neza kandi yataye cyangwa yohereje serivisi zitandukanye z'amakuru ku bisohoka byinshi bya interineti hakurikijwe amategeko y'umukoresha yagenwe mbere.
Gusesengura amakuru ya paki
Amakuru yinjiyeibinyabizigaishobora gushyirwa mu byiciro neza, kandi serivisi zitandukanye z'amakuru zishobora kuba amategeko y'abashinzwe uburenganzira cyangwa abashinzwe kurutonde rw'abatari abaziranenge, kandi ibisubizo byinshi bya interineti bishobora gutabwa cyangwa koherezwa. Ishyigikira guhuza guhindagurika hashingiwe ku bwoko bwa Ethernet, tag ya vlan, IP five-tuple,TCPikiranga, imiterere y'ipaki n'ibindi bintu kugira ngo birusheho kuzuza ibisabwa mu gushyira ibikoresho bitandukanye by'umutekano w'umuyoboro, isesengura rya protocole, isesengura ry'ibimenyetso, n'ibindi bigenzura urujya n'uruza rw'imodoka.
Ingano y'imizigo
Kugereranya imizigo ya algorithme ya Hash ishobora gukorwa hakurikijwe imiterere y'imbere n'iy'inyuma ya L2-L4 kugira ngo harebwe ubusugire bw'umuvuduko w'amakuru yakiriwe naSPANIigikoresho cyo kugenzura. Iyo imiterere y'aho umurongo uherereye ihindutse, abagize itsinda ry'aho usohora amakuru bashobora gusohoka (guhuza DOWN) cyangwa kwiyandikisha (guhuza UP) mu buryo bworoshye, kandi itsinda ry'aho usohora amakuru rishobora kongera gukwirakwiza amakuru mu buryo bwikora kugira ngo harebwe ko umutwaro uhinduka mu buryo buhindagurika.
VLAN ifite tagi
VLAN Ntiyashyizweho ikimenyetso
VLAN yasimbuwe
Yashyigikiye guhuza urufunguzo urwo arirwo rwose muri bytes 128 za mbere z'ipaki. Umukoresha ashobora guhindura agaciro k'urufunguzo n'uburebure bw'urufunguzo n'ibikubiye murirwo, no kugena politiki y'umusaruro w'abakoresha hakurikijwe imiterere y'umukoresha.
Gupima Igihe
Bishyigikiwe kuri Huza seriveri ya NTP kugira ngo ukosore igihe no kwandika ubutumwa muri paki mu buryo bwa "time tag" ifite ikimenyetso cy'igihe ku mpera y'ishusho, hamwe n'uburyo bwo gukora neza kwa nanoseconds.
Gukuraho imiyoboro y'amazi yo mu muyoboro
Yashyigikiye umutwe wa VxLAN, VLAN, GRE, GTP, MPLS, IPIP wakuwe mu ipaki y'amakuru y'umwimerere hanyuma woherezwa.
Gukata Amakuru/Paki
Irashyigikiraagace k'ipakiGukoresha amakuru y'umwimerere hashingiwe ku buryo bwo kwinjiza amakuru ku rwego rwa politiki n'uburyo bwo gusohora amakuru (64, 96, 128, 160, 192, 224, 256, 288, 320, 384, 512, 640, 768, 896, 960 byites ni ngombwa), kandi politiki yo gusohora amakuru ku buryo bwo gusohora amakuru ishobora gushyirwa mu bikorwa hakurikijwe imiterere y'umukoresha.
Igenzura rya Porotokole y'Uburyo bwo Kugabanya Imiyoboro y'Amatafari
Ishyigikiwe ihita imenya protocole zitandukanye zo gukurura imiyoboro nka GTP / GRE / VxLAN / PPTP / L2TP / PPPOE / IPIP. Dukurikije imiterere y'umukoresha, ingamba zo gusohora ibicuruzwa zishobora gushyirwa mu bikorwa hakurikijwe urwego rw'imbere cyangwa rw'inyuma rw'imiyoboro
Icy'ingenzi cyo kohereza paki
Ishyigikira ibisobanuro by’ibanze ku mapaki y’amakuru hakurikijwe akamaro ka serivisi ku muyoboro winjira, kandi amapaki y’ingenzi cyane yoherezwa cyane cyane ku musaruro. Nyuma yo koherezwa amapaki y’ingenzi cyane, andi mapaki y’ibanze n’ay’ibanze make aratangwa. Irinde kohereza amakuru y’ingenzi aterwa no kubura amapaki y’ingenzi.
Iterabwoba ridasanzwe
Ishyigikira inzogera yo kugenzura mu gihe nyacyo n'inyandiko z'amateka z'inzogera z'uburyo abantu banyura mu kirere hashingiwe ku miterere y'umurongo. Ishyigikira inzogera yo kugenzura mu gihe nyacyo n'inyandiko z'amateka z'inzogera hashingiwe ku miterere y'ibikoresho by'ikoranabuhanga (CPU, ububiko, ubushyuhe, umufana, umuriro, nibindi).
Ububiko bw'amakuru bushyushye bwo mu bwoko bwa Interface
Ishyigikira uburyo bwo gushyiramo amakuru mu buryo bwa "input interface" 1+1 primary/standby configuration, uburyo bwo gushyiramo amakuru mu buryo bwa "output interface" 1+1 primary/standby configuration, hamwe n'uburyo bwo gushyiramo amakuru mu buryo bwa "load balancing group N+1 primary/standby configuration" kugira ngo igere ku buryo bwizewe cyane mu gihe cy'urugendo rw'amakuru kuva ku kwinjira kugeza ku gusohoka.
Igipimo cy'ihindagurika ry'imodoka mu muhanda
Ishobora kumenya igihe, igihe n'umuvuduko w'impanuka z'imodoka mu gihe nyacyo, kandi igatanga uburyo bwo kubika inyandiko z'amateka, ibyo bikaba bitanga uburyo bushobora kubarwa kandi bugaragara n'ishingiro ryo gukemura ibibazo by'imikorere n'imicungire y'ibikoresho no kumenya igihombo cya paki.
Uburinzi bwo Kuzenguruka kw'Ikoranabuhanga
Ishyigikira uburyo bwo kubona no kurinda ibikorwa byo kuzenguruka kw'amakuru kuri interineti, kugira ngo hirindwe ko amakuru yinjira n'asohoka abura bitewe no kuzamuka no kumanuka kw'amakuru, kandi irusheho kunoza uburyo bwo gukusanya no kohereza amakuru ku buryo buhamye.
Umusaruro wo gufunga imiyoboro y'amazi
Ishyigikira uburyo bwo gufunga inzira ya ERSPAN2, GRE, VXLAN, NVGRE y’urujya n’uruza rw’abantu bakusanyijwe n’abasohoka kugira ngo ihuze n’ibisabwa mu kohereza urujya n’uruza rw’abantu bakusanyijwe muri sisitemu yo gusesengura kure.
Guhagarika ipaki ya Tunnel
Ishyigikira imikorere yo guhagarika ubutumwa bwa tunnel. Iyi function yemerera gushyiraho aderesi za IP/mask na aderesi za MAC kuri port yinjiyemo traffic. Ituma transmission itaziguye y'traffic igomba gukusanywa muri network y'abakoresha binyuze mu buryo bwa tunnel encapsulation nka GRE, GTP, na VXLAN kuri port y'ububiko bw'ibikoresho.
Gukuraho uburiganya bwa SPAN SSL
Gushyiramo icyemezo cya SSL gihuye nacyo bishyigikiwe. Nyuma yo gukuramo amakuru ya HTTPS ahishe kuri traffic yagenwe, azoherezwa kuri sisitemu zo gukurikirana no gusesengura inyuma y'inyuma uko bikenewe. Gushyigikira TLS1.0, TLS1.2 na SSL3.0
Gukuraho amakuru/paketi
Ubunini bw'ibarurishamibare bushingiye ku muyoboro cyangwa ku rwego rwa politiki bushyigikiwe kugira ngo bugereranye amakuru menshi yo gukusanya no gusubiramo amakuru amwe mu gihe runaka. Abakoresha bashobora guhitamo ibiranga paki bitandukanye (dst.ip, src.port, dst.port, tcp.seq, tcp.ack, dst.mac, src.mac, vlan.id)
Gupfuka amatariki mu buryo bwa classified
Gushyigikira ubucucike bushingiye kuri politiki kugira ngo bisimbuze umwanya uwo ari wo wose w'ingenzi mu makuru fatizo kugira ngo bigere ku ntego yo kurinda amakuru y'ibanga. Dukurikije imiterere y'umukoresha, politiki y'ibisohoka mu itumanaho ishobora gushyirwa mu bikorwa.
Irangamimerere rya Porotokole y'Urwego rwa APP
Ishyigikira kumenya, gusohora no guta porogaramu za Porogaramu hashingiwe ku buryo bwo guhuza DNS/URL. Isomero ry'ibikoresho bya DPI rishobora guhuzwa kugira ngo rimenye, risohoke kandi ritangire ubwoko bugera ku 1800 bw'ibikoresho bya porogaramu (nk'amajwi na videwo, imikino, ubutumwa bwihuse, ububiko bw'amakuru, imeri, P2P, nibindi), kandi isomero ry'ibikoresho bya DPI rishobora kuvugururwa no kuvugururwa. Niba hari ibikenewe byihariye, iterambere rya kabiri rishobora gukorwa.
Paki Gukuraho Kapsule byagenwe n'umukoresha
Ishyigikira imikorere ya paki idahinduka, ishobora gukuraho imirima ya encapsulation n'ibirimo aho ari ho hose kuri byte 128 za mbere z'ipaki no kuyisohora.
Uburyo bwo Guhindura Imihanda
Muri icyo gihe, ikoranabuhanga ryo guhindura imiterere y’urujya n’uruza rw’abantu rikoreshwa mu buryo bwo gusohora amakuru kugira ngo asohore neza mu gikoresho cyo gusesengura, ibyo bikaba bikemura ikibazo cyo gutakaza ipaki giterwa no guturika kwa micro-burst kandi birinda inzogera idasanzwe iterwa no gutakaza urujya n’uruza rw’abantu mu buryo bwo gusesengura.
Guhuza amagambo y'ingenzi ya paki
Nyuma y’uko ibikubiye mu gice cy’umutwaro w’ipaki bihujwe kandi bigakubitwa, ipaki cyangwa umurongo w’ipaki bijyana nabyo byoherezwa hanyuma bigasohoka cyangwa bigatabwa kugira ngo bihuze n’ibisabwa mbere yo gutunganya amakuru yihariye y’urujya n’uruza rw’abantu.
Gukuraho imiyoboro y'amazi yo mu muyoboro
Ishyigikira umusaruro wa VXLAN, MPLS, GRE, SRV6, FABRICPATCH, GENEVE n'izindi paki ziri muri paki y'amakuru y'umwimerere nyuma yo gusimburwa.
Gusohora itumanaho rirambye
Dukurikije ibyo umukoresha akeneye, inzira iyo ari yo yose y’itsinda ishobora koherezwa no gusohoka hakurikijwe umubare wa bytes zoherejwe n’umubare wa paki zoherejwe, kandi inzira y’itsinda ikurikiraho ishobora gutabwa, kugira ngo huzuzwe ibisabwa na sisitemu yo gusesengura inyuma mu bihe bimwe na bimwe byihariye, ikeneye gusa kubona igice cy’inzira y’itsinda, kugabanya umuvuduko w’isesengura ry’itsinda no kunoza imikorere ya sisitemu yo gusesengura.
Isesengura ry'ibarurishamibare ry'ibinyabiziga
Ishyigikira imibare y'ibice by'urujya n'uruza rw'abantu mu buryo bwo kwinjira, kandi ishobora kwerekana ingano y'urujya n'uruza rw'abantu mu buryo bworoshye, ingano y'abantu mu buryo bworoshye/ingano y'aderesi ya IP, ingano y'abantu mu buryo bworoshye/ingano y'uruza rw'abantu mu buryo bworoshye, ingano y'abantu mu buryo bworoshye/ingano y'izina ry'uruza rw'abantu mu buryo bworoshye n'amakuru y'uruza rw'abantu mu buryo bw'imbonerahamwe mu gihe nyacyo, kandi igatanga amakuru y'ibarurishamibare mu buryo bwo kohereza mu buryo burambuye ibyavuye mu bushakashatsi ku madosiye yo mu gace. Bityo, abakoresha bashobora gusobanukirwa neza imiterere y'uruza rw'abantu mu buryo bworoshye, kandi bagatanga ishingiro ry'inkunga y'amakuru mu buryo butaziguye mu gushyiraho ingamba zo guhindura imiterere y'abantu mu buryo bworoshye no guhindura ibisabwa mu bucuruzi.
Kugaragara kw'ibinyabiziga - Isesengura ry'ibanze ry'amakuru
Moduli y'ibanze yo gusesengura uburyo bwo kubona amakuru ajyanye n'urujya n'uruza rw'abantu ishobora kwerekana amakuru y'ibanze y'amakuru ajyanye n'uruza rw'abantu bafashwe, nk'umubare w'amapaki, ikwirakwizwa ry'amapaki ya unicast/multicast/broadcast, nimero yo guhuza ibikorwa, ikwirakwizwa rya protocole ya paki, n'ingano y'uruza rw'abantu bafashwe.
Kugaragara kw'ibinyabiziga - Isesengura ryimbitse rya DPI
Uburyo bwo gusesengura bwimbitse bwa DPI bw'imikorere yo kumenya aho abantu banyura bushobora gukora isesengura ryimbitse ry'amakuru y'aho abantu banyura mu buryo butandukanye, no kwerekana imibare irambuye mu buryo bw'imbonerahamwe n'imbonerahamwe.
Uburyo imodoka zigaragara - Isesengura ry'ibipimo by'imodoka
● Isesengura ry'ibipimo bya protocole y'urwego rw'ubwikorezi: nka TCP, UDP, ICMP, IGMP, ARP n'ibindi bipimo bya paki n'imibare y'ibipimo by'umuhanda hamwe n'imbonerahamwe y'imbonerahamwe
● Isesengura ry'ibipimo by'urujya n'uruza rwa IP: nk'imibare y'urujya n'uruza ikorwa na aderesi za IP zitandukanye, urutonde rw'uruza rushingiye kuri IP TOP N n'ishusho ry'imbonerahamwe y'imirongo
● Isesengura ry'ibipimo bya porogaramu ya DPI: nka HTTP, QQ, FTP n'izindi porogaramu, umubare wa byte, ikwirakwizwa ry'ibarurishamibare ry'itumanaho n'imbonerahamwe y'imbonerahamwe
Uburyo imodoka zigaragara - Isesengura ry'igihe imodoka zigenda
Dukurikije imiterere itandukanye yo gushungura, nka IP, port, transport layer protocol, application layer protocol n'ibindi bikubiye muri iyo porogaramu, amakuru y'inzira akoreshwa muri iki gihe ashobora gusesengura no kwerekwa hashingiwe ku gihe cyo gupima, kandi ingano y'inzira n'icyerekezo bishobora kubazwa hifashishijwe uburyo bwo gupima igihe n'uburyo bwo gupima imibare, kandi ubunyangamugayo bushobora kugera kuri milisegonda imwe.
Uburyo imodoka zigaragara - Isesengura ry'imbonerahamwe y'amazi
Dukurikije imiterere itandukanye ya filter, nka flow ID, IP, port, transport layer protocol, application layer protocol n'ibindi bikubiye muri iyo porogaramu, amakuru y'inzira yafashwe ashobora gusesengura no kubarwa hashingiwe ku buryo bwa session flow, ni ukuvuga, kwerekana amakuru arambuye y'inzira ya session, harimo amakuru atanu ya buri ruziga, ubwoko bwa porogaramu itwara, umubare na byte by'ihererekanya ry'amakuru, hamwe n'urujya n'uruza rw'amakuru ajyanye nayo. Kandi ifite uburyo bwo kwerekana urwego hashingiwe ku makuru yavuzwe haruguru. Dushingiye kuri aya makuru, abakoresha bashobora guhitamo byoroshye ubwoko bw'inzira bitaho, ibyo bikaba bitanga ishingiro risobanutse ku bakoresha ryo gushyiraho politiki yo kohereza amakuru.
Uburyo imodoka zigaragara - Isesengura ry'amapaki
Hashingiwe ku bipimo bitandukanye byo kuyungurura, nka packet ID, IP, port, transport layer protocol, application layer protocol n'ibindi bikubiye muri porogaramu, amakuru y'inzira yafashwe ashobora gutangwa hamwe n'isesengura ry'urwego rwa paki, harimo:
● Isesengura ry'igihe cyo gukusanya amapaki
● Isesengura ry'amakuru ku ipaki y'ingenzi, nka sip, dip, smac, dmac, protocol, flag, TTL, uburebure bw'ubutumwa, ibikorwa by'ingenzi
● Isesengura ry'inzira yo kohereza paki n'iyerekana ry'amashusho, nko: igihe cyo kohereza, gutinda kohereza, ubwoko bwo kohereza (gukoresha inzira, guhindura, firewall, kuringaniza imizigo, NAT)
● Incamake y'amakuru yerekeye paki n'imiterere yayo irambuye
● Isesengura ry'umubare w'amapaki asubirwamo
Kugaragara kw'imodoka - Isesengura ry'amakosa neza
Moduli yo gusesengura amakosa y'uburyo bwo kubona aho abantu banyura ishobora gutanga uburyo butandukanye bwo gusesengura amakosa y'amashusho ku makuru y'inzira yafashwe, harimo:
● Incamake idasanzwe, nka: ibisubizo by'isesengura rya serivisi z'umuyoboro, ibisubizo by'isesengura ry'ibyabaye bidasanzwe, inzira y'umuyoboro ishingiye ku isesengura ry'imyitwarire (nk'umubare w'ibikoresho byo kurohereza inzira, ibikoresho bya NAT, ibikoresho byo kurinda umuriro, ibikoresho byo kuringaniza imitwaro byanyujijwe mu ipaki)
● Isesengura ry'ikosa ku rwego rw'imbonerahamwe y'imigendekere y'amakuru, nk'ubwoko bw'ibintu bidasanzwe (guhuza byanze/guhuza bidasubirwaho/guhuza nta kohereza amakuru/guhuza bifunguye igice/inzira y'itsinda idashoboka, nibindi), ● Isesengura ry'ikosa ku rwego rwa paki, nko: ubwoko bw'ikintu kidasanzwe (ikosa rya paki /TTL 0 / ikosa ridashobora kugerwaho / ikosa rya FCS checksum, nibindi), ibisobanuro birambuye by'amakuru adasanzwe, n'ibisobanuro birambuye by'urujya n'uruza rw'amakuru ajyanye nabyo.
● Isesengura ry'amakosa y'umutekano, nko: ubwoko bw'ibyabaye bidasanzwe (igitero cya DDOS/gufunga inkuta z'umuriro /igitero cya ARP/umwuzure wa UDP/UMWUZURO WA SYN, nibindi), ibisobanuro birambuye by'amakuru adasanzwe, n'ibisobanuro birambuye by'urujya n'uruza rw'amakuru ajyanye nabyo
● Isesengura ry'amakosa ya network, nko: ubwoko bw'ibyabaye bidasanzwe (guhindura umurongo/inzira/inzira idashoboka/guhagarika umurongo, nibindi), ibisobanuro birambuye by'amakuru adasanzwe, n'ibisobanuro birambuye by'urujya n'uruza rw'amakuru ajyanye nayo
5-Mylinking™ Network Packet Broker hamwe n'ibisobanuro bya Inline Bypass Switch
| ML-BURYO BWO KUNYURAHO-M2000 Umuhuzabikorwa wa Mylinking™ Network Packet hamwe na Inline Bypass Switch Ibisobanuro by'imikorere | ||||
| Interuro y'umuyoboro | Agace k'imashini | Uduce 4 twa module ya BYPASS cyangwa MONITOR | ||
| Umubare w'amasano ari ku murongo | Ifasha mu kurinda imiyoboro y'urumuri igera kuri 16 ya 1G/10G cyangwa imiyoboro 8 ya 40G/100G. | |||
| Uburyo bwo kugenzura igenzura | Ishyigikira imiyoboro y’igenzura ya 64 * 1G / 10GE cyangwa imiyoboro y’igenzura ya 16 * 40G / 100G. | |||
| Uburyo bwo gucunga hanze y'umuyoboro | Umuyoboro wa Ethernet wa 1*10/100/1000M; | |||
| Uburyo bwo kohereza | Gushyira mu bikorwa umurongo | Inkunga | ||
| Gushyira mu bikorwa SPAN | Inkunga | |||
| Imikorere ya sisitemu | Uburyo bwo kohereza ibintu kuri interineti | Uburinzi bwihariye bwo gufungana kw'amazi | Inkunga | |
| Uburinzi bwose bw'uruhererekane rw'imiyoboro y'amazi | Inkunga | |||
| Kurenza imitwaro | Inkunga | |||
| Gusuzuma ugutera k'umutima | Inkunga | |||
| Guhinduranya BYPASS | Inkunga | |||
| Guhagarika imodoka | Inkunga | |||
| Indorerwamo y'imodoka | Inkunga | |||
| Porogisi ya SSL | Inkunga | |||
| Uburyo bwo gutanga SPAN | Gutunganya urujya n'uruza rw'abantu ku buryo bw'ibanze | Gukurikirana/gukwirakwiza ibinyabiziga | Inkunga | |
| Kurenza imitwaro | Inkunga | |||
| Gushungura ibinyabiziga bishingiye ku indangamuntu ya IP/protocol/port 5-tuple | Inkunga | |||
| Gushyiramo tagi kuri VLAN/guhindura/gusiba | Inkunga | |||
| Gushyiraho ikimenyetso cy'igihe | Inkunga | |||
| Gukuraho imiyoboro y'amazi yo mu muyoboro | Inkunga | |||
| Gukata Amakuru | Inkunga | |||
| Igenzura rya Protocole y'Uburyo bwo Kunyura mu Muyoboro w'Amatafari | Inkunga | |||
| Icy'ingenzi cyo kohereza paki | Inkunga | |||
| Umuburo udasanzwe | Inkunga | |||
| Interface ishyushye yo guhagarara | Inkunga | |||
| Igipimo cya micro-burst | Inkunga | |||
| Uburinzi bw'ihindagurika ry'urusobe rw'amajwi | Inkunga | |||
| Umusaruro wo gufunga imiyoboro y'amazi | Inkunga | |||
| Guhagarika ipaki y'imiyoboro | Inkunga | |||
| Gutunganya urujya n'uruza rw'abantu ku buryo buhanitse | Gukuraho uburiganya bwa SSL | Inkunga | ||
| Gukuramo amakuru | Inkunga | |||
| Gupfuka amakuru | Inkunga | |||
| Igenzura rya protocole y'urwego rwa porogaramu | Inkunga | |||
| Gukuraho kapsule byihariye | Inkunga | |||
| Igenamiterere ry'umuvuduko w'amazi | Inkunga | |||
| Guhuza amagambo y'ingenzi | Inkunga | |||
| Gukuraho imiyoboro y'amazi yo mu muyoboro | Inkunga | |||
| Gupakurura umurongo w'itumanaho igihe kirekire | Inkunga | |||
| Isuzuma ry'ibice by'umuvuduko w'amazi | Inkunga | |||
| Gusuzuma no gukurikirana | Gukurikirana mu buryo bufatika | Inkunga | ||
| Ikibazo cy'amateka y'urujya n'uruza rw'abantu | Inkunga | |||
| Gufata imodoka | Inkunga | |||
| Gutahura uko imodoka zihagaze | Isesengura ry'ibanze | Ishyigikira incamake y'igaragaza ry'ibarurishamibare rishingiye ku makuru y'ibanze nko kubara paki, ubwoko bw'ikwirakwizwa rya paki, umubare w'ihuza rya session, n'ikwirakwizwa rya paki. | ||
| Isesengura ryimbitse rya DPI | Ishyigikira isesengura ry'ibipimo bya protocole z'urwego rw'ubwikorezi, igipimo cya unicast, itangazamakuru n'ibyerekanwa byinshi, igipimo cya IP traffic, n'igipimo cya porogaramu za DPI. Ishyigikira isesengura n'igaragazwa ry'ibikubiye mu makuru hashingiwe ku gihe cyo gupima no ku bwinshi bw'amakuru. Ishyigikira isesengura ry'amakuru n'imibare hashingiwe ku miyoboro y'ibikorwa. | |||
| Isesengura ry'amakosa neza | Ishyigikira isesengura ry'amakosa n'aho aherereye hakoreshejwe amakuru y'abagana mu buryo butandukanye, harimo: isesengura ry'imyitwarire yo kohereza amakuru mu buryo bwa pakiti, isesengura ry'amakosa ku rwego rw'amakuru, isesengura ry'amakosa ku rwego rw'amakuru mu buryo bwa pakiti, isesengura ry'amakosa ajyanye n'umutekano, n'isesengura ry'amakosa ajyanye n'umuyoboro w'itumanaho. | |||
| Ubushobozi bwo gutunganya | Ibiyiko 2.4 by'ibiceri | |||
| Gucunga | Imicungire y'umuyoboro wa CONSOLE | Inkunga | ||
| Imicungire y'umuyoboro wa IP/WEB | Inkunga | |||
| Imicungire y'umuyoboro wa SNMP | Inkunga | |||
| Imicungire ya TELNET/SSH y'umuyoboro | Inkunga | |||
| Porotokole ya SYSLOG | Inkunga | |||
| Kwemeza uburenganzira bwa RADIUS cyangwa TADACS+ mu buryo bwa rusange | Inkunga | |||
| Igikorwa cyo kwemeza umukoresha | Kwemeza izina ry'ukoresha n'ijambo ry'ibanga | |||
| Amashanyarazi | Voltage y'amashanyarazi ifite amanota | AC-220V/DC-48V [Ntabwo ari ngombwa] | ||
| Ingano y'ingufu ihabwa amanota | AC-50HZ | |||
| Igipimo cy'umuvuduko w'injira | AC-3A / DC-10A | |||
| Ingufu z'imikorere zihabwa amanota | Ntarengwa 300W | |||
| Ibidukikije | Ubushyuhe bwo gukora | 0-50℃ | ||
| Ubushyuhe bwo kubika | -20-70℃ | |||
| Ubushuhe bwo gukora | 10%-95%, idakonjesha | |||
| Igenamiterere ry'Umukoresha | Imiterere ya konsole | Interuro ya RS232, 115200, 8, N, 1 | ||
| Kwemeza ijambo ry'ibanga | Sinkunga | |||
| Ingano y'igitanda | Umwanya wo gushyiramo ibikoresho (U) | 2U 444mm*88mm*670mm | ||
6-Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch Application
6.1ItsindaRisk yaUmurongo wa SumutekanoEibikoresho (IPS / FW)
Ibi bikurikira ni uburyo busanzwe bwa IPS (Intrusion Prevention System), uburyo bwa FW (Firewall), IPS / FW ishyirwa ku bikoresho bya interineti (routers, switches, nibindi) hagati y’urujya n’uruza rw’abantu binyuze mu ishyirwa mu bikorwa ry’igenzura ry’umutekano, hakurikijwe politiki y’umutekano ijyanye nabyo kugira ngo hamenyekane uburyo bwo kurekura cyangwa guhagarika urujya n’uruza rw’abantu, kugira ngo hagerwe ku ngaruka zo kurinda umutekano.
Ibi bikurikira ni uburyo busanzwe bwa IPS (Intrusion Prevention System), uburyo bwa FW (Firewall), IPS / FW ishyirwa ku bikoresho bya interineti (routers, switches, nibindi) hagati y’urujya n’uruza rw’abantu binyuze mu ishyirwa mu bikorwa ry’igenzura ry’umutekano, hakurikijwe politiki y’umutekano ijyanye nabyo kugira ngo hamenyekane uburyo bwo kurekura cyangwa guhagarika urujya n’uruza rw’abantu, kugira ngo hagerwe ku ngaruka zo kurinda umutekano.
6.2 Uburinzi bw'ibikoresho bya Inline Link Series
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch ishyirwa mu buryo bukurikiranye hagati y’ibikoresho by’umuyoboro (routers, switches, nibindi), kandi urujya n’uruza rw’amakuru hagati y’ibikoresho by’umuyoboro ntiruzongera kugera kuri IPS / FW, "Smart Inline Bypass Switch" kuri IPS / FW, iyo IPS / FW bitewe no kurenza urugero, kugwa, kuvugurura porogaramu, kuvugurura politiki n’izindi mpamvu zo gutsindwa, "Smart Inline Bypass Switch" binyuze mu buryo bw’ubwenge bwo kumenya ubutumwa bw’umutima. Imikorere yo kuvumbura ubutumwa ku gihe, bityo ikarenga igikoresho gifite ikibazo, idahagaritse intego y’umuyoboro, ibikoresho byihuse by’umuyoboro bihujwe neza kugira ngo birinde umuyoboro usanzwe w’itumanaho; iyo IPS / FW inaniwe gusubirana, ariko nanone binyuze mu mapaki y’ubwenge yo kumenya imikorere. Kumenya uburyo imikorere ifatwa ku gihe, umurongo w’umwimerere wo kugarura umutekano w’igenzura ry’umutekano w’umuyoboro w’ikigo.
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch ifite ubushobozi bukomeye bwo kumenya ubutumwa bw'umutima, umukoresha ashobora guhindura igihe umutima utera n'umubare ntarengwa w'ibizamini byo gusubiramo, binyuze mu butumwa bwihariye bw'umutima kuri IPS / FW kugira ngo habeho isuzuma ry'ubuzima, nko kohereza ubutumwa bwo kugenzura umutima kuri IPS / FW, hanyuma ukabona ubutumwa buturutse kuri IPS / FW, hanyuma ugasuzuma niba IPS / FW ikora neza yohereza kandi ikakira ubutumwa bw'umutima.
6.3 Politiki y'Inzira ya "SpecFlow" ku murongoUmutekanoUburinzi bw'uruhererekane
Iyo igikoresho cy’umutekano gikeneye gusa guhangana n’umutekano wihariye w’urujya n’uruza rw’abantu, binyuze muri Mylinking™ Network Packet Broker hamwe n’imikorere ya Inline Bypass Switch yo kugenzura urujya n’uruza rw’abantu, binyuze muri politiki yo gusuzuma urujya n’uruza rw’abantu kugira ngo bahuze igikoresho cy’umutekano cy’umurongo "Ibibazo" bisubizwa ku murongo w’uruza rw’abantu, kandi "igice cy’ibiba bireba" ni ugukurura igikoresho cy’umutekano cy’umurongo kugira ngo gikore igenzura ry’umutekano. Ibi ntibizakomeza gusa gukoresha neza imikorere yo kumenya umutekano w’igikoresho cy’umutekano, ahubwo bizanagabanya urujya n’uruza rw’ibikoresho by’umutekano kugira ngo bihangane n’umuvuduko; icyarimwe, "Smart Inline Bypass Switch" ishobora kumenya imikorere y’igikoresho cy’umutekano mu gihe nyacyo. Igikoresho cy’umutekano gikora mu buryo budasanzwe kinyura mu buryo butaziguye urujya n’uruza rw’amakuru kugira ngo hirindwe ko serivisi y’umuyoboro yahungabanywa.
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch ishobora kumenya traffic hashingiwe ku kimenyetso cy'umutwe wa L2-L4, nka VLAN tag, aderesi ya MAC y'aho iherereye / aho iherereye, aderesi ya IP y'aho iherereye, ubwoko bwa packet ya IP, port ya protocol y'aho iherereye, protocol y'umutwe wa protocol, n'ibindi. Uburyo butandukanye bwo guhuza ibintu bushobora gusobanurwa mu buryo bworoshye kugira ngo hamenyekane traffic yihariye ifitiye akamaro igikoresho runaka cy'umutekano kandi gishobora gukoreshwa cyane mu gushyiraho ibikoresho byihariye byo kugenzura umutekano (RDP, SSH, igenzura ry'amakuru, nibindi).
6.4LkuringanizaUmutekano wo kuri interinetiUburinzi bw'uruhererekane
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch ishyirwa mu buryo butandukanye hagati y’ibikoresho bya network (routers, switches, nibindi). Iyo imikorere imwe ya IPS / FW idahagije kugira ngo ihangane n’urujya n’uruza rw’amakuru, imikorere yo kuringaniza umutwaro w’amakuru, "guhuza" amakuru menshi ya IPS / FW cluster processing network link, ishobora kugabanya neza igitutu kimwe cya IPS / FW processing, no kunoza imikorere rusange ya processing kugira ngo ihuze n’umuvuduko munini w’ahantu ho kohereza.
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch ifite imikorere ikomeye yo kuringaniza umutwaro, hakurikijwe tag ya VLAN, amakuru ya MAC, amakuru ya IP, nimero ya port, protocole n'andi makuru ku ikwirakwizwa rya Hash load balancing ry'urujya n'uruza rw'abantu kugira ngo buri IPS / FW yakiriye ubuziranenge bwa Session y'umuvuduko w'amakuru.
6.5Inkurikirane nyinshiIbikoresho byo mu murongo FhasiTgukururaPkurinda(ImpindukaIfatikaIhuza ry'uruhererekane kuriIshingiye ku bwengeGuhuza kuri Parallel)
Muri zimwe mu mbuga z'ingenzi (nk'amasoko ya interineti, umurongo wo guhanahana amakuru ku gace ka seriveri), aho hantu akenshi haterwa n'ibikenewe ku bikoresho by'umutekano no gushyiraho ibikoresho byinshi byo gupima umutekano (nk'umuriro, ibikoresho byo kurwanya DDOS, umuriro wo kwirinda kwinjira muri porogaramu ya WEB, ibikoresho byo gukumira kwinjira, nibindi), ibikoresho byinshi byo kumenya umutekano icyarimwe mu buryo bukurikiranye kuri uwo murongo kugira ngo byongere umurongo w'aho ikintu kimwe cyangiritse, bigabanye icyizere rusange cy'umuyoboro. Kandi muri ibyo bikoresho by'umutekano byavuzwe haruguru byo gushyira ahagaragara kuri interineti, kuvugurura ibikoresho, gusimbuza ibikoresho n'ibindi bikorwa, bizatuma umuyoboro uhagarara igihe kirekire kandi umushinga munini ugahagarika ibikorwa byo kurangiza ishyirwa mu bikorwa ry'iyo mishinga neza.
Mu gushyiraho Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch mu buryo bumwe, uburyo bwo gushyiraho ibikoresho byinshi by’umutekano bihujwe mu buryo bukurikiranye kuri link imwe bushobora guhinduka kuva kuri "Physical Serial Connection Mode" kugera kuri "Physical Parallel Connection but Logical Serial Connection Mode". Ibi bigabanya neza inkomoko y’aho ikintu kimwe cyangiritse kuri serial link kandi bikongera icyizere cy’iyi link. Muri icyo gihe, Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch bashobora kuyobora link traffic iyo babisabye, bakagera ku ngaruka imwe yo gutunganya umutekano w’imodoka nk’uko byari bimeze mbere.
Ibikoresho byinshi bya Inline Security icyarimwe mu mbonerahamwe yo gushyiraho amakuru:
Mylinking™ Network Packet Broker hamwe n'Ishusho yo Gukoresha Inline Bypass Switch:
(Hindura Pysical Serial Connection kuri Logical Parallel Connection)
6.6Hashingiwe kuDPolitiki ya Synamic yaTRaffic InlineSumutekanoDgupimaPkurinda
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch, indi porogaramu igezweho ishingiye kuri politiki ihamye yo kurinda umutekano w’imodoka, ikoreshwa ry’inzira nk’uko bigaragara hano hepfo:
Fata ibikoresho byo gupima umutekano bya "Anti-DDoS attack protection and detection", urugero, binyuze mu gushyira imbere "Smart Bypass Switch" hanyuma ibikoresho byo kurinda anti-DDOS hanyuma ugahuzwa na "Smart Bypass Switch", muri "Smart Bypass Switch" isanzwe, kugeza ku muvuduko wose w'umuvuduko w'inzira icyarimwe n'indorerwamo y'amazi ijya kuri "Anti-DDOS attack protection device", iyo imaze kugaragara kuri seriveri ya IP (cyangwa igice cya IP network) nyuma y'igitero, "Anti-DDOS attack protection device" izatanga amategeko ajyanye n'inzira y'umuhanda w'inzira maze ayohereze kuri "Smart Bypass Switch" binyuze mu buryo bwo gutanga politiki ihindagurika. "Bypass Switch" ishobora kuvugurura "traffic traction dynamic" nyuma yo kwakira amategeko agenga politiki ihindagurika. Itegeko rigenga "kandi ako kanya" rihita rikubita ibikoresho byo kurinda no gutahura bya seriveri y'igitero "gukurura" ibikoresho byo kurinda no gutahura bya anti-DDoS kugira ngo bikoreshwe, kugira ngo bikore neza nyuma y'urugendo rw'igitero hanyuma bikongere gushyirwa mu muyoboro.
Gahunda yo gukoresha ishingiye kuri "Smart Bypass Switch" iroroshye kuyishyira mu bikorwa kurusha uburyo busanzwe bwo gushyira inzira ya BGP cyangwa ubundi buryo bwo gukurura abantu, kandi ibidukikije ntibishingira cyane ku muyoboro w'itumanaho kandi icyizere kiri hejuru.
"Smart Bypass Switch" ifite ibi bikurikira kugira ngo ishyigikire uburinzi bw'umutekano buhindagurika bwa politiki:
1. "Smart Bypass Switch" kugira ngo bitange ibintu bitari amategeko ashingiye kuri interface ya WEBSERIVCE, byoroshye guhuza n'ibikoresho by'umutekano by'abandi.
2. "Smart Bypass Switch" ishingiye kuri chip ya ASIC yohereza ubutumwa bugufi kugeza kuri paki za 100Gbps nta gufunga uburyo bwo kohereza ubutumwa, hamwe na "ububiko bw'amategeko agenga traffic traction dynamic rule" hatitawe ku mubare.
3. "Smart Bypass Switch" imikorere y’umwuga ya BYPASS, nubwo umurinzi ubwe yaba yananiwe, ishobora no guhita inyura ku murongo w’ibanze w’ihuza ry’amakuru ako kanya, ntabwo igira ingaruka ku murongo w’umwimerere w’itumanaho risanzwe.
6.7Indorerwamo y'ibinyabiziga mu buryo bw'uruhererekaneku mutekano wo hanze y'umuyoboro (Inline + SPAN)
Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch ikunze gushyirwa mu muyoboro w’ikoranabuhanga w’umukiriya cyangwa umuyoboro wa cloud platform kugira ngo itange uburinzi mu murongo w’ibikoresho bya WAF/IPS n’umuyoboro w’umwimerere. Abakoresha bashobora kandi kugira ibindi bisabwa mu gupima, kugenzura, cyangwa gushyira mu bikorwa ibikoresho byo kugenzura bypass, bikaba ngombwa ko haboneka amakuru y’urujya n’uruza rw’abantu kuri uyu muyoboro.
Bityo rero, hakoreshejwe uburyo bwo kureba aho abantu banyura bwa Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch, uburyo abantu banyura aho banyura bushobora kurebwa uhereye kuri monitor port, nk'uko bigaragara ku ishusho ikurikira:
Imbonerahamwe iri hepfo igaragaza uburyo bwo gukoresha uburyo bwagutse bwo kuzenguruka kw'imiyoboro y'itumanaho n'imiyoboro y'itumanaho hakoreshejwe imirasire y'imashini. Ibi bituma habaho uburinzi bw'imiyoboro y'itumanaho hakoreshejwe imirasire y'imashini (inline link traffic) hatabayeho ingaruka ku miyoboro y'itumanaho hakoreshejwe imirasire y'imashini. Sisitemu yo gusesengura IDS ishobora kubona icyarimwe imiyoboro y'itumanaho n'imiyoboro y'itumanaho hakoreshejwe imirasire y'imashini. Uburyo bwo kuyikoresha bugaragara ku ishusho iri hepfo:
6.8Gukuraho amakuru/paketiPorogaramu
Nkuko bigaragara mu miterere yo gushyiraho porogaramu haruguru, kugira ngo hamenyekane ubuziranenge bw'amakuru y'umwimerere ku murongo wose, hari udupaki tw'amakuru tumwe dushobora gukusanywa inshuro nyinshi mu nzira imwe. Ibi bituma habaho kwiyongera kw'amakuru atari yo no kongera kohereza amakuru muri sisitemu y'inyuma, byongera imikorere y'uburyo bwo gusesengura kandi bigira ingaruka ku buryo bunoze n'imikorere y'isesengura. Hashingiwe ku gisubizo, mbere na mbere, udupaki tw'amakuru dukopororwa mu duce dutandukanye two gufata amakuru. Agapaki kamwe gusa k'amakuru koherezwa muri sisitemu y'isesengura ry'imikorere ya NPM network na sisitemu y'isesengura ry'imikorere ya APM, bityo bigatuma sisitemu y'isesengura ikomeza gukora neza kandi ikongera imikorere n'ubunyangamugayo bw'isesengura.
6.9Amakuru/PakiVLAN TagggukoraPorogaramu
Mu miterere y'umuyoboro w'amakuru igaragara ku gishushanyo kiri hejuru, igisubizo gikoreshwa mu gushyira ikimenyetso ku makuru fatizo aturutse ku bikoresho bitandukanye by'umuyoboro w'amakuru n'amakuru ahuza amakuru. Iyo habayeho urujya n'uruza rw'amakuru adasanzwe cyangwa amapaki y'amakuru mu muyoboro w'amakuru, ibikoresho byo gusesengura inyuma y'amakuru bishobora kubona vuba kandi neza aho amakuru aturuka binyuze mu gukurikirana amakuru hashingiwe ku makuru ajyanye n'amakuru.
6.10 Urujya n'uruza rw'abantu ku rubugaGahunda IhuriwehoPorogaramu
Mu miterere y'umuyoboro w'itumanaho igaragara ku gishushanyo kiri hejuru, amakuru menshi ya 10GE, 25GE, 40GE na 100GE ashyirwa mu buryo bwuzuye muri Mylinking™ Network Packet Broker hamwe na Inline Bypass Switch hakoreshejwe optique splitting cyangwa port mirror. Hanyuma, kuyungurura no gutandukanya traffic bikoreshwa mu gutanga amakuru atandukanye ya serivisi ku bikoresho bitandukanye byo kugenzura no kurinda umuyoboro w'itumanaho. Iyo ibibazo bya packets z'umuyoboro w'itumanaho cyangwa ihindagurika ridasanzwe ry'umuhanda bisaba kwitabazwa n'intoki, gufata no gusesengura packets z'amakuru z'umwimerere mu buryo bwihuse bishobora gukorwa ako kanya kugira ngo bifashe abakoresha gusesengura no kubona ikibazo vuba.
6.11UmuyoboroIsesengura ry'uko amakuru y'umuhanda agaragaraPorogaramu
Ishobora kwerekana amakuru yose yabonetse kandi yafashwe mu buryo bworoshye kandi bukoresha uburyo bwinshi binyuze mu buryo bworoshye bwo gukoresha amashusho n'inyandiko, harimo imiterere y'imiterere y'urujya n'uruza rw'abantu, ikwirakwizwa rya porogaramu, ikwirakwizwa ry'uruza rw'abantu bose basura urujya n'uruza rw'abantu, inzira yo kohereza amakuru, kumenya ibintu bidasanzwe, aho amakosa y'ibice by'uruza rw'abantu/ibice by'uruza rw'abantu aherereye, aho ubutumwa bugeze, uko urujya n'uruza rw'abantu rugenda n'ibindi bintu byo gukurikirana no gusesengura, kugira ngo hashyirweho urubuga rwuzuye, rugaragara kandi rugenzurwa rwo gukusanya amakuru n'umutekano ku miyoboro y'ibigo.
