Igenzura ry'amapaki yimbitse (DPI)ni ikoranabuhanga rikoreshwa muri Network Packet Brokers (NPBs) mu kugenzura no gusesengura ibikubiye muri paki z'urusobe rw'amakuru ku rwego rw'ibice. Rikubiyemo gusuzuma umutwaro, imitwe, n'andi makuru yihariye ya protocole ari muri paki kugira ngo haboneke ibisobanuro birambuye ku bijyanye n'urujya n'uruza rw'amakuru kuri interineti.
DPI irenga isesengura ry’umutwe gusa kandi itanga ubumenyi bwimbitse ku makuru anyura mu muyoboro. Ituma habaho igenzura ryimbitse rya porogaramu, nka HTTP, FTP, SMTP, VoIP, cyangwa porogaramu zo kureba amashusho. Mu gusuzuma ibikubiye muri paki, DPI ishobora kubona no kumenya porogaramu runaka, porogaramu, cyangwa imiterere yihariye y’amakuru.
Uretse isesengura ry’urwego rw’aderesi z’aho porogaramu iherereye, aderesi z’aho porogaramu iherereye, aho porogaramu iherereye, aho porogaramu iherereye, n’ubwoko bwa protocole, DPI yongeramo isesengura ry’urwego rw’ikoreshwa kugira ngo imenye porogaramu zitandukanye n’ibirimo. Iyo amakuru ya paki ya 1P, TCP cyangwa UDP anyura muri sisitemu yo gucunga bandwidth ishingiye ku ikoranabuhanga rya DPI, sisitemu isoma ibikubiye mu mutwaro wa paki ya 1P kugira ngo igorore amakuru y’urwego rw’ikoreshwa muri protocole ya OSI Layer 7, kugira ngo ibone ibikubiye muri porogaramu yose, hanyuma ishyireho uburyo bwo kugenzura urubuga hakurikijwe politiki y’imicungire igenwa na sisitemu.
DPI ikora ite?
Inkuta zisanzwe zikoresha inkuta zikunze kubura imbaraga zo kuzitunganya mu gihe nyacyo ku bwinshi bw'abagenda. Uko ikoranabuhanga rigenda ritera imbere, DPI ishobora gukoreshwa mu kugenzura ibintu bigoye cyane kugira ngo igenzure imitwe n'amakuru. Ubusanzwe, inkuta zikoresha sisitemu zo kumenya kwinjira zikunze gukoresha DPI. Mu isi aho amakuru y'ikoranabuhanga ari yo ahambaye, buri gice cy'amakuru y'ikoranabuhanga gitangwa kuri interineti mu dupaki duto. Ibi birimo imeri, ubutumwa bwoherezwa binyuze muri porogaramu, imbuga za interineti zasuwe, ibiganiro bya videwo, n'ibindi. Uretse amakuru nyayo, izi paki zirimo amakuru ajyanye n'aho abantu baturuka, ibikubiye muri porogaramu, aho ijya, n'andi makuru y'ingenzi. Hamwe n'ikoranabuhanga ryo kuyungurura paki, amakuru ashobora gukurikiranwa no gucungwa buri gihe kugira ngo yoherezwe ahantu heza. Ariko kugira ngo umutekano w'umuyoboro ugenzurwe, kuyungurura paki bisanzwe ntibihagije. Bumwe mu buryo bw'ingenzi bwo kugenzura paki mu micungire y'umuyoboro ni ubu bukurikira:
Uburyo/Umukono wo guhuza
Buri paki igenzurwa niba ihuye n'ububiko bw'amakuru azwi ku bitero bya interineti bikozwe na firewall ifite ubushobozi bwo kumenya uburyo bwo kwinjira (IDS). IDS ishakisha imiterere yihariye y'amakosa isanzwe kandi igahagarika urujya n'uruza rw'abantu iyo habonetse imiterere mibi. Ingorane ya politiki yo guhuza imikono ni uko ikoreshwa gusa ku mabanga avugururwa kenshi. Byongeye kandi, iri koranabuhanga rishobora kwirinda gusa iterabwoba cyangwa ibitero bizwi.
Irengagijwe rya Porotokole
Kubera ko uburyo bwo gutandukanya protocole butemerera gusa amakuru yose adahuye n'ububiko bw'amakuru bw'umukono, uburyo bwo gutandukanya protocole bukoreshwa na IDS firewall ntabwo bufite inenge zishingiye ku buryo bwo guhuza imiterere/umukono. Ahubwo, ikoresha politiki yo kwanga isanzwe. Dukurikije ibisobanuro bya protocole, firewall zigena uburyo bwo gukwirakwiza amakuru bukwiye kwemererwa kandi zikarinda umuyoboro w'itumanaho ibitero bitazwi.
Uburyo bwo gukumira ukwinjira mu bwihisho (IPS)
Ibisubizo bya IPS bishobora guhagarika ihererekanya ry'amapaki yangiza bitewe n'ibirimo, bityo bigahagarika ibitero bikekwa mu gihe nyacyo. Ibi bivuze ko niba paki ihagarariye umutekano uzwi, IPS izahagarika urujya n'uruza rw'amakuru ashingiye ku mategeko yagenwe. Imbogamizi imwe ya IPS ni ugukenera kuvugurura buri gihe ububiko bw'amakuru ajyanye n'ibibazo bishya, hamwe n'ubushobozi bwo kuba hari ibintu byiza bitari byo. Ariko iyi ngorane ishobora kugabanuka binyuze mu gushyiraho politiki zihamye n'imipaka yihariye, gushyiraho imyitwarire ikwiye ku bice by'amakuru, no gusuzuma buri gihe imiburo n'ibyabaye byatangajwe kugira ngo hongerwe uburyo bwo gukurikirana no gutanga amakuru.
1- DPI (Deep Packet Inspection) muri Network Packet Broker
"Uburebure" ni igereranya ry’urwego n’iry’isesengura ry’ipaki, "igenzura risanzwe ry’ipaki" gusa isesengura rikurikira rya IP packet 4 layer, harimo aderesi y’isoko, aderesi y’aho iherereye, aho iherereye, aho iherereye n’ubwoko bwa protocole, na DPI uretse isesengura ry’urwego, na byongereye isesengura ry’urwego rw’ipaki, kumenya porogaramu zitandukanye n’ibirimo, kugira ngo harebwe imirimo y’ingenzi:
1) Isesengura ry'Ikoreshwa -- Isesengura ry'imiterere y'urusobe rw'itumanaho, isesengura ry'imikorere, n'isesengura ry'imigendekere y'ibikorwa
2) Isesengura ry'Abakoresha -- itandukaniro ry'amatsinda y'abakoresha, isesengura ry'imyitwarire, isesengura rya nyuma, isesengura ry'imigendekere, n'ibindi.
3) Isesengura ry'ibice by'umuyoboro -- isesengura rishingiye ku miterere y'akarere (umujyi, akarere, umuhanda, nibindi) n'umubare w'ibiro by'ibanze
4) Igenzura ry'ibinyabiziga -- Kugabanya umuvuduko wa P2P, kwemeza QoS, kwemeza bandwidth, kunoza umutungo w'umuyoboro, nibindi.
5) Kwita ku mutekano -- Ibitero bya DDoS, inkubi y'umuyaga ikwirakwizwa mu makuru, gukumira ibitero bya virusi, nibindi.
2- Urutonde Rusange rwa Porogaramu za Network
Muri iki gihe hari porogaramu nyinshi kuri interineti, ariko porogaramu zisanzwe zo kuri interineti zishobora kuba nyinshi.
Uko mbizi, ikigo cyiza cyo kumenya porogaramu ni Huawei, kivuga ko cyakira porogaramu 4.000. Isesengura rya porotoli ni module y'ibanze y'ibigo byinshi byo mu bwoko bwa firewall (Huawei, ZTE, nibindi), kandi ni module y'ingenzi cyane, ishyigikira ishyirwa mu bikorwa ry'izindi module zikora, kumenya neza porogaramu, no kunoza cyane imikorere n'ubwizerwe bw'ibicuruzwa. Mu kwerekana uburyo bwo kumenya porogaramu za malware hashingiwe ku miterere y'urujya n'uruza rw'imiyoboro, nkuko mbikora ubu, kumenya neza porogaramu za protocole nabyo ni ingenzi cyane. Uretse urujya n'uruza rw'imiyoboro ya porogaramu zisanzwe mu rujya n'uruza rw'iyo sosiyete yohereza ibicuruzwa mu mahanga, urujya n'uruza rusigaye ruzaba ari ruto, ibyo bikaba byiza mu isesengura rya malware no gutanga amakuru.
Nkurikije ubunararibonye bwanjye, porogaramu zisanzwe zikoreshwa zishyirwa mu byiciro hakurikijwe imikorere yazo:
PS: Dukurikije uko umuntu abyumva mu byiciro by'ubusabe, ufite ibitekerezo byiza, murakaza neza gusigira ubutumwa.
1). Imeri
2). Videwo
3). Imikino
4). Isomo rya OA ry'ibiro
5). Ivugurura rya porogaramu
6). Imari (banki, Alipay)
7). Imigabane
8). Itumanaho n'Imibanire (Porogaramu ya IM)
9). Gushakisha kuri interineti (bishoboka ko byamenyekana neza hakoreshejwe URL)
10). Ibikoresho byo gukuramo (disiki ya interineti, gukuramo P2P, bijyanye na BT)
Hanyuma, uburyo DPI (Deep Packet Inspection) ikora muri NPB:
1). Gufata Packet: NPB ifata urujya n'uruza rw'itumanaho ruturutse ahantu hatandukanye, nko gusimbuza, router, cyangwa taps. Yakira packet zinyura muri network.
2). Gusesengura Paketi: Paketi zafashwe zisesengura na NPB kugira ngo zikuremo imiterere itandukanye ya protocole n'amakuru ajyanye nayo. Ubu buryo bwo gusuzuma bufasha kumenya ibice bitandukanye biri muri pakiti, nka Ethernet headers, IP headers, transport layer headers (urugero: TCP cyangwa UDP), na application layer protocols.
3). Isesengura ry'umutwaro w'amafaranga: Muri DPI, NPB irenga kugenzura umutwe w'amafaranga ahubwo yibanda ku mutwaro w'amafaranga, harimo n'amakuru nyayo ari mu mapaki. Isuzuma ibikubiye mu mutwaro w'amafaranga mu buryo bwimbitse, hatitawe ku ikoreshwa cyangwa protocole yakoreshejwe, kugira ngo ikuremo amakuru ajyanye n'ibyo.
4). Igenzura rya Porotokole: DPI ituma NPB ibasha kumenya porotokole na porogaramu zikoreshwa mu muyoboro w’itumanaho. Ishobora kubona no gushyira mu byiciro porotokole nka HTTP, FTP, SMTP, DNS, VoIP, cyangwa porotokole zo kureba amashusho.
5). Igenzura ry'ibirimo: DPI yemerera NPB kugenzura ibikubiye mu mapaki kugira ngo irebe imiterere, imikono, cyangwa amagambo y'ingenzi. Ibi bituma hamenyekana ibitero bya interineti, nka malware, virusi, kugerageza kwinjira, cyangwa ibikorwa bikekwa. DPI ishobora kandi gukoreshwa mu gushungura ibirimo, gushyira mu bikorwa politiki z'itumanaho, cyangwa kumenya ihohoterwa rishingiye ku kubahiriza amategeko.
6). Gukuramo Metadata: Mu gihe cya DPI, NPB ikuramo metadata ijyanye nayo mu mapaki. Ibi bishobora kuba birimo amakuru nka aderesi za IP z'aho iherereye n'aho ijya, nimero za port, amakuru arambuye ku gihe, amakuru y'ibikorwa, cyangwa ibindi bintu byose bifitanye isano.
7). Uburyo bwo kuyungurura cyangwa kuyungurura: Hashingiwe ku isesengura rya DPI, NPB ishobora kohereza amapaki runaka ahantu habigenewe kugira ngo akomeze gutunganywa, nk'ibikoresho by'umutekano, ibikoresho byo kugenzura, cyangwa urubuga rwo gusesengura. Ishobora kandi gukoresha amategeko yo kuyungurura kugira ngo ijugunye cyangwa yohereze amapaki hashingiwe ku bikubiye cyangwa imiterere byagaragajwe.
Igihe cyo kohereza: Kamena-25-2023
