Kugenzura Amapaki Yimbitse (DPI)ni tekinoroji ikoreshwa muri Network Packet Brokers (NPBs) kugenzura no gusesengura ibiri mubipaki y'urusobe kurwego rwa granular.Harimo gusuzuma imizigo, imitwe, nandi makuru yihariye ya protocole mumapaki kugirango ubone ibisobanuro birambuye mumihanda.
DPI irenze gusesengura imitwe yoroshye kandi itanga gusobanukirwa byimbitse amakuru anyura murusobe.Iremera kugenzura byimbitse porotokole ya porogaramu, nka HTTP, FTP, SMTP, VoIP, cyangwa amashusho yerekana amashusho.Mugusuzuma ibiriho mubipaki, DPI irashobora kumenya no kumenya porogaramu zihariye, protocole, cyangwa nuburyo bwihariye bwamakuru.
Usibye isesengura ryibanze rya aderesi ya aderesi, aderesi zerekeza, ibyambu bituruka, ibyambu byerekanwa, nubwoko bwa protocole, DPI yongeraho isesengura rya porogaramu kugirango igaragaze porogaramu zitandukanye nibirimo.Iyo paki ya 1P, TCP cyangwa UDP itembera muri sisitemu yo gucunga umurongo wa enterineti ishingiye ku ikoranabuhanga rya DPI, sisitemu isoma ibikubiye mu mutwaro wa 1P ipaki kugirango uhindure gahunda yamakuru ya porogaramu muri protocole ya OSI Layeri 7, kugirango ubone ibikubiyemo porogaramu yose yo gusaba, hanyuma ugashiraho traffic ukurikije politiki yubuyobozi yasobanuwe na sisitemu.
DPI ikora ite?
Firewall gakondo akenshi ibura imbaraga zo gutunganya kugirango ikore igenzura ryigihe-nyacyo kumubare munini wimodoka.Nka tekinoroji igenda itera imbere, DPI irashobora gukoreshwa mugukora igenzura ryinshi kugirango ugenzure imitwe namakuru.Mubisanzwe, firewall hamwe na sisitemu yo kumenya kwinjira akenshi ikoresha DPI.Mw'isi aho amakuru ya digitale ari Paramount, buri gice cyamakuru ya digitale gitangwa kuri interineti mumapaki mato.Ibi birimo imeri, ubutumwa bwoherejwe binyuze muri porogaramu, imbuga zasuwe, ibiganiro bya videwo, n'ibindi.Usibye amakuru nyayo, izi paki zirimo metadata igaragaza inkomoko yumuhanda, ibirimo, aho ujya, nandi makuru yingenzi.Hamwe na tekinoroji yo gushungura, amakuru arashobora gukomeza gukurikiranwa no gucungwa neza kugirango yoherezwe ahabigenewe.Ariko kugirango umutekano wumutekano urusheho, gushungura paki gakondo ni kure bihagije.Bumwe muburyo bwingenzi bwo kugenzura paki yimbitse mugucunga imiyoboro urutonde hepfo:
Guhuza Uburyo / Umukono
Buri paki igenzurwa kugirango ihuze na base yububiko bwibitero bizwi na firewall hamwe na sisitemu yo kwinjira (IDS).IDS ishakisha uburyo bubi buzwi kandi ikabuza traffic mugihe habonetse imiterere mibi.Ingaruka za politiki ihuza umukono ni uko ikoreshwa gusa kumikono ivugururwa kenshi.Byongeye kandi, iri koranabuhanga rishobora gusa kwirinda iterabwoba cyangwa ibitero bizwi.
Ibidasanzwe
Kubera ko tekinike idasanzwe ya protocole itemerera gusa amakuru yose adahuye nububiko bwumukono, tekinike idasanzwe ya protocole ikoreshwa na IDS firewall ntabwo ifite inenge yihariye yuburyo / guhuza umukono.Ahubwo, ifata politiki isanzwe yo kwangwa.Mubisobanuro bya protocole, firewall ihitamo traffic igomba kwemererwa no kurinda umuyoboro iterabwoba ritazwi.
Sisitemu yo Kurinda Kwinjira (IPS)
Ibisubizo bya IPS birashobora guhagarika ihererekanyabubasha ryuzuye rishingiye kubirimo, bityo bigahagarika ibitero bikekwa mugihe nyacyo.Ibi bivuze ko niba paki igereranya ibyago byumutekano bizwi, IPS izahagarika guhagarika traffic traffic ishingiye kumurongo wasobanuwe.Imwe mu mbogamizi za IPS ni nkenerwa guhora tuvugurura ububiko bwitumanaho rya cyber hamwe nibisobanuro birambuye kubyerekeye iterabwoba rishya, hamwe nibishoboka byiza.Ariko iyi mpanuka irashobora kugabanywa hashyizweho politiki yo guharanira inyungu n’ibipimo ngenderwaho, gushyiraho imyitwarire iboneye y’ibice bigize urusobe, no gusuzuma buri gihe imiburo hamwe n’ibikorwa byatangajwe kugira ngo ikurikirane kandi ikangurwe.
1- DPI (Igenzura ryimbitse) muri Network Packet Broker
"Ubujyakuzimu" ni urwego kandi rusanzwe rwo kugereranya paki, "igenzura risanzwe ryipaki" gusa isesengura rikurikira rya IP packet ya 4, harimo aderesi yinkomoko, aho yerekeza, icyambu, icyambu cyerekanwe nubwoko bwa protocole, na DPI usibye kurwego rwubuyobozi. isesengura, yongereye isesengura rya porogaramu isesengura, menya porogaramu zitandukanye n'ibirimo, kugirango umenye imirimo nyamukuru:
1) Isesengura rya Porogaramu - isesengura ryumuhanda wumuhanda, isesengura ryimikorere, hamwe nisesengura ryimikorere
2) Isesengura ryabakoresha - itandukaniro ryitsinda ryabakoresha, isesengura ryimyitwarire, isesengura ryanyuma, isesengura ryibyerekezo, nibindi.
3) Isesengura ryibintu byurusobe - isesengura rishingiye kubiranga akarere (umujyi, akarere, umuhanda, nibindi) hamwe nuburemere bwa sitasiyo
4) Igenzura ryumuhanda - P2P kugabanya umuvuduko, QoS ibyiringiro, ubwishingizi bwumurongo, gutezimbere umutungo, nibindi.
5) Ubwishingizi bw'umutekano - Ibitero bya DDoS, amakuru yerekana amakuru yumuyaga, gukumira virusi mbi, nibindi.
2- Ibyiciro rusange byurwego rusaba
Uyu munsi hari porogaramu zitabarika kuri enterineti, ariko urubuga rusanzwe rushobora kuba rwuzuye.
Nkuko mbizi, isosiyete imenyekanisha porogaramu nziza ni Huawei, ivuga ko izi porogaramu 4000.Isesengura rya protocole ni module shingiro yamasosiyete menshi ya firewall (Huawei, ZTE, nibindi), kandi nayo ni module yingenzi cyane, ishyigikira ishyirwa mubikorwa ryizindi module ikora, kumenyekanisha neza neza, no kunoza cyane imikorere nubwizerwe bwibicuruzwa.Mu kwerekana imiterere ya malware ishingiye kumurongo wumuhanda, nkuko ndimo kubikora ubu, kumenyekanisha neza kandi kwagutse protocole nayo ni ngombwa cyane.Usibye imiyoboro y'urusobekerane rusanzwe ruva mu ruganda rwohereza ibicuruzwa mu mahanga, urujya n'uruza rusigaye ruzabarirwa ku gipimo gito, bikaba byiza mu gusesengura malware no gutabaza.
Nkurikije ubunararibonye bwanjye, ibisanzwe bisanzwe bikoreshwa bishyirwa mubikorwa ukurikije imirimo yabo:
PS: Ukurikije imyumvire yawe bwite yo gutondekanya porogaramu, ufite icyifuzo cyiza urakaza neza kugirango usige ubutumwa
1).E-imeri
2).Video
3).Imikino
4).Ibiro bya OA
5).Kuvugurura software
6).Amafaranga (banki, Alipay)
7).Ububiko
8).Itumanaho rusange (IM software)
9).Gushakisha Urubuga (birashoboka ko byamenyekanye neza na URL)
10).Gukuramo ibikoresho (disiki y'urubuga, gukuramo P2P, BT bijyanye)
Noneho, burya DPI (Igenzura ryimbitse) ikora muri NPB:
1).Gufata paki: NPB ifata traffic traffic ituruka ahantu hatandukanye, nka switch, router, cyangwa kanda.Yakiriye paki zinyura murusobe.
2).Gupakira paki: Ibipaki byafashwe bigereranwa na NPB kugirango bikuremo protocole zitandukanye hamwe namakuru ajyanye nayo.Ubu buryo bwo gusesengura bufasha kumenya ibice bitandukanye mubipaki, nkumutwe wa Ethernet, imitwe ya IP, imitwe yo gutwara abantu (urugero, TCP cyangwa UDP), hamwe na protocole ya porogaramu.
3).Isesengura ryo Kwishura: Hamwe na DPI, NPB irenze igenzura ry'umutwe kandi yibanda ku kwishura, harimo amakuru nyayo mubipaki.Irasuzuma ibintu byishyurwa byimbitse, hatitawe kubisabwa cyangwa protocole yakoreshejwe, kugirango ikuremo amakuru afatika.
4).Kumenyekanisha Porotokole: DPI ituma NPB imenya protocole yihariye hamwe na porogaramu zikoreshwa murugendo rwumuyoboro.Irashobora gutahura no gutondekanya protocole nka HTTP, FTP, SMTP, DNS, VoIP, cyangwa protocole yerekana amashusho.
5).Kugenzura Ibirimo: DPI yemerera NPB kugenzura ibiri mubipaki kubishusho byihariye, umukono, cyangwa ijambo ryibanze.Ibi bifasha gutahura iterabwoba ryurusobe, nka malware, virusi, kugerageza kwinjira, cyangwa ibikorwa biteye amakenga.DPI irashobora kandi gukoreshwa mugushungura ibirimo, kubahiriza politiki y'urusobe, cyangwa kumenya ihohoterwa ryubahiriza amakuru.
6).Gukuramo Metadata: Mugihe cya DPI, NPB ikuramo metadata ijyanye na paki.Ibi birashobora kubamo amakuru nkinkomoko na aderesi ya IP aderesi, nimero yicyambu, ibisobanuro birambuye, amakuru yubucuruzi, cyangwa ibindi byose biranga.
7).Inzira nyabagendwa cyangwa kuyungurura: Ukurikije isesengura rya DPI, NPB irashobora guhuza udupaki twihariye tuyerekeza ahabigenewe kugirango bitunganyirizwe hamwe, nkibikoresho byumutekano, ibikoresho byo gukurikirana, cyangwa urubuga rwo gusesengura.Irashobora kandi gukurikiza amategeko yo kuyungurura kugirango ujugunye cyangwa wohereze paki ukurikije ibirimo cyangwa imiterere.
Igihe cyo kohereza: Jun-25-2023
