Kuyini ukuSuswa kwe-SSL/TLS?
Ukuqedwa kwe-SSL, okwaziwa nangokuthi ukuqedwa kwe-SSL/TLS, kubhekisela enqubweni yokuvimba nokususa ukubethela ithrafikhi yenethiwekhi ebethelwe ye-Secure Sockets Layer (SSL) noma ye-Transport Layer Security (TLS). I-SSL/TLS iyiphrothokholi yokubethela esetshenziswa kabanzi evikela ukudluliswa kwedatha ngamanethiwekhi ekhompyutha, njenge-inthanethi.
Ukususwa kokubethela kwe-SSL kuvame ukwenziwa ngamadivayisi okuphepha, njengezivikelo zomlilo, izinhlelo zokuvimbela ukungena (i-IPS), noma amadivayisi azinikele okususwa kokubethela kwe-SSL. Lawa madivayisi abekwe ngendlela efanele ngaphakathi kwenethiwekhi ukuze ahlole ithrafikhi ebethelwe ngezinjongo zokuphepha. Inhloso eyinhloko ukuhlaziya idatha ebethelwe ukuze kutholakale izinsongo ezingaba khona, i-malware, noma imisebenzi engagunyaziwe.
Ukuze kwenziwe ukubethela kwe-SSL, idivayisi yokuphepha isebenza njengomuntu ophakathi phakathi kweklayenti (isb., isiphequluli sewebhu) kanye neseva. Uma iklayenti iqala uxhumano lwe-SSL/TLS neseva, idivayisi yokuphepha ivimba ithrafikhi ebethelwe futhi isungula ukuxhumana okubili okuhlukene kwe-SSL/TLS—okunye neklayenti kanti okunye neseva.
Idivayisi yokuphepha ibe isivula ithrafikhi evela kuklayenti, ihlole okuqukethwe okuvuliwe, bese isebenzisa izinqubomgomo zokuphepha ukuze ithole noma yimuphi umsebenzi ononya noma osolisayo. Ingase futhi yenze imisebenzi efana nokuvimbela ukulahleka kwedatha, ukuhlunga okuqukethwe, noma ukuthola i-malware kudatha evuliwe. Uma ithrafikhi isihlaziyiwe, idivayisi yokuphepha iyivula kabusha isebenzisa isitifiketi esisha se-SSL/TLS bese iyithumela kuseva.
Kubalulekile ukuqaphela ukuthi ukubethela kwe-SSL kuphakamisa ukukhathazeka kobumfihlo nokuphepha. Njengoba idivayisi yokuphepha inokufinyelela kudatha ekhishwe ukubethela, ingabuka ulwazi olubucayi njengamagama abasebenzisi, amaphasiwedi, imininingwane yekhadi lesikweletu, noma olunye ulwazi oluyimfihlo oludluliselwa ngenethiwekhi. Ngakho-ke, ukubethela kwe-SSL ngokuvamile kusetshenziswa ngaphakathi kwezimo ezilawulwayo nezivikelekile ukuqinisekisa ubumfihlo nobuqotho bedatha ethintekile.
I-SSL Decryption inezindlela ezintathu ezivamile, yilezi:
- Imodi Yokungasebenzi
- Imodi Yokungena
- Imodi Yokuphuma
Kodwa, umehluko phakathi kwezindlela ezintathu ze-SSL Decryption uyini?
| Imodi | Imodi Yokungasebenzi | Imodi Yokungena | Imodi Yokuphuma |
| Incazelo | Imane idlulise ithrafikhi ye-SSL/TLS ngaphandle kokususa ukubethela noma ukuguqulwa. | Isusa ukubethela izicelo zeklayenti, ihlaziye futhi isebenzise izinqubomgomo zokuphepha, bese idlulisela izicelo kuseva. | Isusa ukubethela izimpendulo zeseva, ihlaziye futhi isebenzise izinqubomgomo zokuphepha, bese idlulisela izimpendulo kuklayenti. |
| Ukuhamba Kwethrafikhi | I-Bi-direction | Iklayenti kuya kuseva | Iseva Kuklayenti |
| Indima Yedivayisi | Umqapheli | Indoda Ephakathi | Indoda Ephakathi |
| Indawo Yokususa Ukubethela | Akukho ukubethela | I-Decrypts ku-perimeter yenethiwekhi (ngokuvamile phambi kweseva). | I-Decrypts emngceleni wenethiwekhi (ngokuvamile phambi kweklayenti). |
| Ukubonakala Kwethrafikhi | Ithrafikhi ebethelwe kuphela | Izicelo zamakhasimende ezisusiwe ekubethelweni | Izimpendulo zeseva ezisusiwe ukubethela |
| Ukuguqulwa Kwethrafikhi | Akukho ukuguqulwa | Kungashintsha ithrafikhi ngezinjongo zokuhlaziya noma zokuphepha. | Kungashintsha ithrafikhi ngezinjongo zokuhlaziya noma zokuphepha. |
| Isitifiketi se-SSL | Asikho isidingo sokhiye noma isitifiketi sangasese | Kudinga ukhiye wangasese kanye nesitifiketi seseva evinjiwe | Kudinga ukhiye wangasese kanye nesitifiketi seklayenti elibanjwayo |
| Ukulawula Ukuphepha | Ukulawula okulinganiselwe njengoba kungenakukwazi ukuhlola noma ukuguqula ithrafikhi ebethelwe | Ingahlola futhi isebenzise izinqubomgomo zokuphepha ezicelweni zeklayenti ngaphambi kokufinyelela iseva | Ingahlola futhi isebenzise izinqubomgomo zokuphepha ezimpendulweni zeseva ngaphambi kokufinyelela iklayenti |
| Ukukhathazeka Ngobumfihlo | Ayifinyeleli noma ayihlaziyi idatha ebethelwe | Ukwazi ukufinyelela izicelo zamakhasimende ezisusiwe ekubethelweni, okuphakamisa ukukhathazeka kobumfihlo | Inokufinyelela ezimpendulweni zeseva ezisuselwe ekubethelweni, okuphakamisa ukukhathazeka kobumfihlo |
| Izinto Okumelwe Uzicabangele Ngokuhambisana Nemithetho | Umthelela omncane kubumfihlo kanye nokuthobela imithetho | Kungadinga ukuthobela imithethonqubo yobumfihlo bedatha | Kungadinga ukuthobela imithethonqubo yobumfihlo bedatha |
Uma kuqhathaniswa nokuqaqwa kokubhala ngekhodi kwepulatifomu yokulethwa evikelekile, ubuchwepheshe bendabuko bokuqaqwa kokubhala ngekhodi bunemikhawulo.
Ama-firewall kanye namasango okuphepha kwenethiwekhi akhipha ukubethela kwethrafikhi ye-SSL/TLS avame ukwehluleka ukuthumela ithrafikhi ekhishwe ukubethela kwamanye amathuluzi okuqapha kanye nokuphepha. Ngokufanayo, ukulinganisela umthwalo kususa ithrafikhi ye-SSL/TLS futhi kusabalalisa kahle umthwalo phakathi kwamaseva, kodwa yehluleka ukusabalalisa ithrafikhi kumathuluzi amaningi okuphepha okuhlanganisa ngaphambi kokuyibhala kabusha. Okokugcina, lezi zixazululo azinawo amandla okulawula ukukhethwa kwethrafikhi futhi zizosabalalisa ithrafikhi engabhalwanga ngesivinini sentambo, ngokuvamile zithumela yonke ithrafikhi enjinini yokucisha ukubethela, okudala izinselele zokusebenza.
Ngokususa ukubethela kwe-Mylinking™ SSL, ungaxazulula lezi zinkinga:
1- Thuthukisa amathuluzi okuphepha akhona ngokuhlanganisa kanye nokukhipha i-SSL decryption kanye ne-re-encryption;
2- Ukudalula izinsongo ezifihliwe, ukwephulwa kwedatha, kanye ne-malware;
3- Hlonipha ukuthobela ubumfihlo bedatha ngezindlela zokususa ukubethela ezisekelwe kunqubomgomo;
4 - Izinhlelo zokusebenza eziningi zobuhlakani bethrafikhi njengokusika amaphakethe, ukufihla, ukuhlukanisa, kanye nokuhlunga iseshini eguquguqukayo, njll.
5- Thinta ukusebenza kwenethiwekhi yakho, bese wenza izinguquko ezifanele ukuqinisekisa ibhalansi phakathi kokuphepha nokusebenza.
Lezi ezinye zezinhlelo zokusebenza ezibalulekile zokususa ukubethela kwe-SSL kuma-packet broker enethiwekhi. Ngokususa ukubethela kwethrafikhi ye-SSL/TLS, ama-NPB athuthukisa ukubonakala nokusebenza kahle kwamathuluzi okuphepha nokuqapha, aqinisekisa ukuvikelwa okuphelele kwenethiwekhi kanye namakhono okuqapha ukusebenza. Ukususa ukubethela kwe-SSL kuma-packet broker enethiwekhi (ama-NPB) kuhilela ukufinyelela nokususa ukubethela kwethrafikhi ebethelwe ukuze kuhlolwe futhi kuhlaziywe. Ukuqinisekisa ubumfihlo nokuphepha kwethrafikhi ekhishwe ukubethela kubaluleke kakhulu. Kubalulekile ukuqaphela ukuthi izinhlangano ezisebenzisa ukususa ukubethela kwe-SSL kuma-NPB kufanele zibe nezinqubomgomo nezinqubo ezicacile zokulawula ukusetshenziswa kwethrafikhi ekhishwe ukubethela, okuhlanganisa nokulawula ukufinyelela, ukuphathwa kwedatha, kanye nezinqubomgomo zokugcina. Ukuhambisana nezidingo zomthetho nezokulawula ezisebenzayo kubalulekile ukuqinisekisa ubumfihlo nokuphepha kwethrafikhi ekhishwe ukubethela.
Isikhathi sokuthunyelwe: Septhemba-04-2023
