Ukuhlolwa Kwephakethe Elijulile (I-DPI)ubuchwepheshe obusetshenziswa kuma-Network Packet Brokers (NPBs) ukuhlola nokuhlaziya okuqukethwe kwamaphakethe enethiwekhi ezingeni eliyindilinga. Buhilela ukuhlola umthwalo okhokhelwayo, izihloko, kanye nolunye ulwazi oluqondene nephrothokholi ngaphakathi kwamaphakethe ukuze uthole ukuqonda okuningiliziwe ngethrafikhi yenethiwekhi.
I-DPI idlula ukuhlaziywa kwekhanda okulula futhi inikeza ukuqonda okujulile kwedatha egeleza kunethiwekhi. Ivumela ukuhlolwa okujulile kwephrothokholi yesendlalelo sohlelo lokusebenza, njenge-HTTP, FTP, SMTP, VoIP, noma iphrothokholi yokusakaza ividiyo. Ngokuhlola okuqukethwe kwangempela ngaphakathi kwamaphakethe, i-DPI ingathola futhi ihlonze izinhlelo zokusebenza ezithile, iphrothokholi, noma ngisho namaphethini edatha athile.
Ngaphezu kokuhlaziywa kwesigaba samakheli omthombo, amakheli okuya kuwo, amachweba omthombo, amachweba okuya kuwo, kanye nezinhlobo zephrothokholi, i-DPI iphinde yengeze ukuhlaziywa kwesendlalelo sohlelo lokusebenza ukuhlonza izinhlelo zokusebenza ezahlukahlukene kanye nokuqukethwe kwazo. Lapho idatha yephakethe le-1P, i-TCP noma i-UDP igeleza ohlelweni lokuphatha i-bandwidth olusekelwe kubuchwepheshe be-DPI, uhlelo lufunda okuqukethwe komthwalo wephakethe le-1P ukuze luhlele kabusha ulwazi lwesendlalelo sohlelo lokusebenza kuphrothokholi ye-OSI Layer 7, ukuze kutholakale okuqukethwe kohlelo lonke lohlelo lokusebenza, bese kwakheka ithrafikhi ngokwenqubomgomo yokuphatha echazwe uhlelo.
Isebenza kanjani i-DPI?
Ama-firewall endabuko avame ukungabi namandla okucubungula ukwenza ukuhlolwa okujulile ngesikhathi sangempela kumthamo omkhulu wethrafikhi. Njengoba ubuchwepheshe buthuthuka, i-DPI ingasetshenziswa ukwenza ukuhlolwa okuyinkimbinkimbi kakhulu ukuhlola izihloko nedatha. Ngokuvamile, ama-firewall anezinhlelo zokuthola ukungena avame ukusebenzisa i-DPI. Ezweni lapho ulwazi lwedijithali lubaluleke kakhulu, yonke imininingwane yedijithali ilethwa nge-inthanethi ngamaphakethe amancane. Lokhu kufaka phakathi i-imeyili, imiyalezo ethunyelwe ngohlelo lokusebenza, amawebhusayithi avakashelwe, izingxoxo zevidiyo, nokuningi. Ngaphezu kwedatha yangempela, la maphakethe afaka imethadatha ekhomba umthombo wethrafikhi, okuqukethwe, indawo oya kuyo, kanye nolunye ulwazi olubalulekile. Ngobuchwepheshe bokuhlunga amaphakethe, idatha ingaqashwa njalo futhi iphathwe ukuqinisekisa ukuthi ithunyelwa endaweni efanele. Kodwa ukuqinisekisa ukuphepha kwenethiwekhi, ukuhlunga amaphakethe endabuko akwanele neze. Ezinye zezindlela eziyinhloko zokuhlola amaphakethe okujulile ekuphathweni kwenethiwekhi zibhalwe ngezansi:
Imodi/Isiginesha Yokufanisa
Iphakethe ngalinye lihlolwa ukuthi lihambisana yini nesizindalwazi sokuhlaselwa kwenethiwekhi okwaziwayo yi-firewall enekhono lokuthola uhlelo lokungena (i-IDS). I-IDS isesha amaphethini athile anobungozi aziwayo futhi ikhubaza ithrafikhi lapho kutholakala amaphethini anobungozi. Ububi benqubomgomo yokufanisa isiginesha ukuthi isebenza kuphela kumasignesha abuyekezwa njalo. Ngaphezu kwalokho, lobu buchwepheshe bungavikela kuphela ezinsongweni noma ekuhlaselweni okwaziwayo.
Okuhlukile Kwephrothokholi
Njengoba inqubo yokukhipha iphrothokholi ingavumeli nje yonke idatha engahambisani nesizindalwazi sesiginesha, inqubo yokukhipha iphrothokholi esetshenziswa yi-firewall ye-IDS ayinawo amaphutha angokwemvelo endlela yokufanisa iphethini/isiginesha. Esikhundleni salokho, isebenzisa inqubomgomo yokwenqaba okuzenzakalelayo. Ngokwencazelo yephrothokholi, ama-firewall anquma ukuthi iyiphi ithrafikhi okufanele ivunyelwe futhi avikele inethiwekhi ezinsongweni ezingaziwa.
Uhlelo Lokuvimbela Ukungena (i-IPS)
Izixazululo ze-IPS zingavimba ukudluliswa kwamaphakethe ayingozi ngokusekelwe kokuqukethwe kwawo, ngaleyo ndlela kumiswe ukuhlaselwa okusolwayo ngesikhathi sangempela. Lokhu kusho ukuthi uma iphakethe limelela ingozi yokuphepha eyaziwayo, i-IPS izovimba ithrafikhi yenethiwekhi ngokusekelwe kusethi yemithetho echaziwe. Ububi obunye be-IPS isidingo sokuvuselela njalo isizindalwazi sezinsongo ze-cyber ngemininingwane mayelana nezinsongo ezintsha, kanye nokwenzeka kwezinzuzo ezingamanga. Kodwa le ngozi ingancishiswa ngokudala izinqubomgomo ezilondolozayo kanye nemikhawulo yangokwezifiso, ukusungula ukuziphatha okuyisisekelo okufanele kwezingxenye zenethiwekhi, kanye nokuhlola njalo izixwayiso kanye nemicimbi ebikiwe ukuze kuthuthukiswe ukuqapha nokuxwayisa.
1- I-DPI (Ukuhlolwa Kwephakethe Elijulile) ku-Network Packet Broker
"Okujulile" kuqhathanisa ukuhlaziywa kwephakethi okujwayelekile kanye nokujwayelekile, "ukuhlolwa kwephakethi okujwayelekile" kuphela ukuhlaziywa okulandelayo kwengqimba yephakethi ye-IP engu-4, kufaka phakathi ikheli lomthombo, ikheli lendawo oya kuyo, imbobo yomthombo, imbobo yendawo oya kuyo kanye nohlobo lwephrothokholi, kanye ne-DPI ngaphandle kokuhlaziywa kokulandelana, futhi kwandise ukuhlaziywa kwengqimba yesicelo, ukuhlonza izinhlelo zokusebenza ezahlukahlukene kanye nokuqukethwe, ukuze kufezwe imisebenzi eyinhloko:
1) Ukuhlaziywa Kwesicelo -- ukuhlaziywa kokwakheka kwethrafikhi yenethiwekhi, ukuhlaziywa kokusebenza, kanye nokuhlaziywa kokugeleza
2) Ukuhlaziywa Komsebenzisi -- ukuhlukaniswa kweqembu lomsebenzisi, ukuhlaziywa kokuziphatha, ukuhlaziywa kwesiphelo, ukuhlaziywa kwezitayela, njll.
3) Ukuhlaziywa Kwezakhi Zenethiwekhi -- ukuhlaziywa okusekelwe ezicini zesifunda (idolobha, isifunda, umgwaqo, njll.) kanye nomthwalo wesiteshi esiyisisekelo
4) Ukulawulwa Kwethrafikhi -- Ukunciphisa isivinini se-P2P, isiqinisekiso se-QoS, isiqinisekiso se-bandwidth, ukwenza ngcono izinsiza zenethiwekhi, njll.
5) Isiqinisekiso Sokuphepha -- Ukuhlaselwa kwe-DDoS, isiphepho sokusakazwa kwedatha, ukuvimbela ukuhlaselwa kwamagciwane okunonya, njll.
2- Ukuhlukaniswa Okujwayelekile Kwezinhlelo Zokusebenza Zenethiwekhi
Namuhla kunezinhlelo zokusebenza eziningi kakhulu ku-inthanethi, kodwa izinhlelo zokusebenza ezivamile zewebhu zingaba ziphelele.
Ngokwazi kwami, inkampani engcono kakhulu yokuqaphela izinhlelo zokusebenza yiHuawei, ethi iqaphela izinhlelo zokusebenza ezingu-4,000. Ukuhlaziywa kwephrothokholi kuyimojuli eyisisekelo yezinkampani eziningi ze-firewall (iHuawei, i-ZTE, njll.), futhi kuyimojuli ebaluleke kakhulu, esekela ukufezwa kwamanye amamojula asebenzayo, ukuhlonza uhlelo lokusebenza okunembile, kanye nokuthuthukisa kakhulu ukusebenza nokuthembeka kwemikhiqizo. Ekuboniseni ukuhlonza i-malware ngokusekelwe ezicini zethrafikhi yenethiwekhi, njengoba ngenza manje, ukuhlonza iphrothokholi okunembile nokubanzi nakho kubaluleke kakhulu. Ngaphandle kwethrafikhi yenethiwekhi yezinhlelo zokusebenza ezivamile kuthrafikhi yokuthumela yenkampani, ithrafikhi esele izobalelwa engxenyeni encane, okungcono ekuhlaziyweni kwe-malware kanye ne-alamu.
Ngokusekelwe kokuhlangenwe nakho kwami, izinhlelo zokusebenza ezisetshenziswa kakhulu ezikhona zihlukaniswa ngokwemisebenzi yazo:
PS: Ngokusho kokuqonda komuntu siqu ngesigaba sesicelo, uneziphakamiso ezinhle wamukelekile ukushiya isiphakamiso somlayezo
1). I-imeyili
2). Ividiyo
3). Imidlalo
4). Ikilasi le-OA leHhovisi
5). Isibuyekezo sesofthiwe
6). Ezezimali (ibhange, i-Alipay)
7). Amasheya
8). Ukuxhumana Komphakathi (isofthiwe ye-IM)
9). Ukuphequlula iwebhu (mhlawumbe kuhlobana kangcono nama-URL)
10). Amathuluzi okulanda (idiski yewebhu, ukulanda i-P2P, okuhlobene ne-BT)
Bese, ukuthi i-DPI (Deep Packet Inspection) isebenza kanjani ku-NPB:
1). Ukuthwebula Iphakethe: I-NPB ithwebula ithrafikhi yenethiwekhi evela emithonjeni ehlukahlukene, njengezishintshi, ama-router, noma ama-tap. Ithola amaphakethe ageleza kunethiwekhi.
2). Ukuhluzwa Kwephakethe: Amaphakethe athwetshuliwe ahluzwa yi-NPB ukuze kukhishwe izendlalelo ezahlukene zephrothokholi kanye nedatha ehlobene. Le nqubo yokuhluzwa isiza ukuhlonza izingxenye ezahlukene ngaphakathi kwamaphakethe, njengezihloko ze-Ethernet, izihloko ze-IP, izihloko zezendlalelo zokuthutha (isb., i-TCP noma i-UDP), kanye nezinqubo zezendlalelo zohlelo lokusebenza.
3). Ukuhlaziywa Komthwalo Okhokhelwayo: Nge-DPI, i-NPB idlula ukuhlolwa kwekhanda futhi igxile kumthwalo okhokhelwayo, kufaka phakathi idatha yangempela ngaphakathi kwamaphakethe. Ihlola okuqukethwe komthwalo okhokhelwayo ngokujulile, kungakhathaliseki ukuthi uhlelo lokusebenza noma iphrothokholi isetshenzisiwe, ukukhipha ulwazi olufanele.
4). Ukuhlonza Iphrothokholi: I-DPI ivumela i-NPB ukuthi ikwazi ukubona amaphrothokholi athile kanye nezinhlelo zokusebenza ezisetshenziswa ngaphakathi kwethrafikhi yenethiwekhi. Ingathola futhi ihlukanise amaphrothokholi afana ne-HTTP, FTP, SMTP, DNS, VoIP, noma amaphrothokholi okusakaza ividiyo.
5). Ukuhlolwa Kokuqukethwe: I-DPI ivumela i-NPB ukuthi ihlole okuqukethwe kwamaphakethe ukuze ithole amaphethini athile, amasignesha, noma amagama angukhiye. Lokhu kwenza kube lula ukuthola izinsongo zenethiwekhi, njenge-malware, amagciwane, imizamo yokungena, noma imisebenzi esolisayo. I-DPI ingasetshenziswa futhi ekuhlungeni okuqukethwe, ekuphoqeleleni izinqubomgomo zenethiwekhi, noma ekuboneni ukwephulwa kokuhambisana nedatha.
6). Ukukhishwa Kwemethadatha: Ngesikhathi se-DPI, i-NPB ikhipha imethadatha efanele emaphaketheni. Lokhu kungafaka ulwazi olufana namakheli e-IP omthombo nendawo oya kuyo, izinombolo ze-port, imininingwane yeseshini, idatha yokuthengiselana, noma ezinye izimfanelo ezifanele.
7). Umzila noma Ukuhlunga Ithrafikhi: Ngokusekelwe ekuhlaziyweni kwe-DPI, i-NPB ingahambisa amaphakethe athile ezindaweni ezikhethiwe ukuze aqhutshwe phambili, njengemishini yokuphepha, amathuluzi okuqapha, noma amapulatifomu okuhlaziya. Ingasebenzisa futhi imithetho yokuhlunga ukulahla noma ukuqondisa kabusha amaphakethe ngokusekelwe kokuqukethwe noma amaphethini atholakele.
Isikhathi sokuthunyelwe: Juni-25-2023
