Yini ukuwohloka kwe-SSL / TLS?
I-SSL Decryption, eyaziwa nangokuthi i-SSL / TLS Decryption, ibhekisa kwinqubo yokuhlukanisa nokukhipha i-Secures Layer (SSL) noma i-Testiction Network Teffiction (TLS) ebethelwe. I-SSL / TLS iyinhlangano esetshenziselwa ukubethela okusetshenziswa kabanzi evikela ukudluliswa kwedatha ngaphezulu kwamanethiwekhi ekhompyutha, njenge-Intanethi.
I-SSL Decryption yenziwa ngokujwayelekile ngamadivayisi ezokuphepha, njengama-Firewall, amasistimu wokuvimbela ama-Inclusion (IPS), noma izinto ezinikele ngokuzinikezela kwe-SSL decryption. Lawa madivayisi abekwe ngokuhlelekile ngaphakathi kwenethiwekhi ukuhlola ithrafikhi ebethelwe ngezinhloso zokuphepha. Injongo eyinhloko ukuhlaziya idatha ebethelwe ukuze izinsongo ezingaba khona, i-malware, noma enikeziwe.
Ukwenza ukuwohloka kwe-SSL, idivaysi yezokuphepha isebenza njengendoda-in-maphakathi phakathi kweklayenti (isib. Isiphequluli seWebhu) kanye neseva. Lapho iklayenti liqala ukuxhumana kwe-SSL / TLS neseva, idivaysi yezokuphepha ihlukanisa ithrafikhi ebethelwe futhi isungula ukuxhumana okubili okuhlukile kwe-SSL / TLS-eyodwa neklayenti neseva.
Idivaysi yezokuphepha bese ichaza ithrafikhi evela kwiklayenti, ihlola okuqukethwe okuhlotshisiwe, futhi isebenzisa izinqubomgomo zokuphepha ukukhomba noma yimuphi umsebenzi ononya noma osolisayo. Kungenzeka futhi yenza imisebenzi efana nokuvimbela ukulahleka kwedatha, ukuhlunga okuqukethwe, noma ukutholwa kwe-malware kwidatha ehlotshisiwe. Lapho ithrafikhi isihlazikelwe, idivaysi yezokuphepha iphinde ifake embhalweni kabusha isebenzisa isitifiketi esisha se-SSL / TLS futhi ikudlulisele kuseva.
Kubalulekile ukuqaphela ukuthi i-SSL decryption ikhulisa ukukhathazeka ngobumfihlo nokuphepha. Njengoba idivaysi yezokuphepha ikwazi ukufinyelela idatha ehlotshisiwe, ingahle ibuke imininingwane ebucayi efana namagama abasebenzisi, amaphasiwedi, imininingwane yekhadi lesikweletu, noma enye idatha eyimfihlo edluliselwe kwinethiwekhi. Ngakho-ke, i-SSL decryption ivame ukusetshenziswa ezindaweni ezilawulwayo nezivikelekile ukuqinisekisa ubumfihlo nobuqotho bemininingwane ehlanganisiwe.
I-SSL Decryption inezindlela ezintathu ezivamile, yilezi:
- Imodi ye-Passive
- Imodi ye-Inbound
- Imodi ephumayo
Kepha, yini umehluko wezindlela ezintathu ze-SSL decreption?
| Umkhuba | Imodi ye-Passive | Imodi ye-Inbound | Imodi ephumayo |
| Ukufanisa | Mane nje udlulisele i-SSL / TLS traffic ngaphandle kokuhlehlisa noma ukuguqulwa. | I-Decrypts izicelo zamakhasimende, ihlaziye futhi isebenzise izinqubomgomo zokuphepha, bese idlulisela izicelo kwiseva. | Izimpendulo zeseva ye-decrypts, zihlaziya futhi zisebenzisa izinqubomgomo zokuphepha, bese zidlulisela izimpendulo kwiklayenti. |
| Ukuhamba kwethrafikhi | Bi-ukuqondisa | Iklayenti kuseva | Iseva eklayenti |
| Indima yedivayisi | Ukubheka | Man-in-maphakathi | Man-in-maphakathi |
| Indawo yokuhumusha | AKUKHO ukutolonga | Ama-decrypts kunethiwekhi yenethiwekhi (imvamisa phambi kweseva). | Ama-decrypts ku-perimeter yenethiwekhi (imvamisa phambi kweklayenti). |
| Ukubonakala Kwethrafikhi | Ithrafikhi ebethelwe kuphela | Izicelo zeklayenti ezihlotshisiwe | Izimpendulo zeseva ezichaziwe |
| Ukuguqulwa Kwethrafikhi | Akukho ukuguqulwa | Ingashintsha ithrafikhi yokuhlaziya noma izinhloso zokuphepha. | Ingashintsha ithrafikhi yokuhlaziya noma izinhloso zokuphepha. |
| Isitifiketi se-SSL | Akunasidingo sokhiye wangasese noma isitifiketi | Idinga ukhiye wangasese kanye nesitifiketi se-server esetshenziselwe | Idinga ukhiye wangasese kanye nesitifiketi seklayenti livunyelwe |
| Ukulawulwa Kwezokuphepha | Ukulawulwa okulinganiselwe njengoba kungakwazi ukuhlola noma ukuguqula ithrafikhi efihliwe | Ingahlola futhi isebenzise izinqubomgomo zokuphepha ezicelo zamakhasimende ngaphambi kokufinyelela kwiseva | Ingahlola futhi isebenzise izinqubomgomo zokuphepha eziphendukweni zeseva ngaphambi kokufinyelela iklayenti |
| Ukukhathazeka Ngobumfihlo | Ayifinyeleli noma hlaziya idatha ebethelwe | Ifinyelela izicelo zeklayenti ezihlotshisiwe, kuphakamisa ukukhathazeka kobumfihlo | Inokufinyelela izimpendulo zeseva ezihleliwe, ukukhulisa ukukhathazeka kobumfihlo |
| Ukucatshangelwa kokuhambisana | Umthelela omncane kokubumfihlo nokuhambisana | Ingadinga ukuhambisana nemithetho yobumfihlo yedatha | Ingadinga ukuhambisana nemithetho yobumfihlo yedatha |
Uma kuqhathaniswa nokutholwa kwe-serial kwepulatifomu ephephile yokulethwa, ubuchwepheshe bendabuko bokuhlehlisa i-serialption bunokulinganiselwa.
Izicishamlilo kanye namasango wokuphepha wenethiwekhi akhipha ithrafikhi ye-SSL / TLS ngokuvamile ehluleka ukuthumela ithrafikhi eqoshiwe kwamanye amathuluzi okuqapha kanye nokuphepha. Ngokufanayo, ukulinganisa umthwalo kuqeda ithrafikhi ye-SSL / TLS futhi kusabalalisa kahle umthwalo phakathi kwamaseva, kepha yehluleka ukusabalalisa ithrafikhi kumathuluzi amaningi okuphepha wokuphepha ngaphambi kokuzenzela kabusha. Ekugcineni, lezi zixazululo zintula ukulawula kokukhethwa kwezimoto futhi zizosabalalisa ithrafikhi engabhaliwe ngesivinini socingo, ngokuvamile zithumela yonke ithrafikhi kwinjini yokuhumusha, ukudala izinselelo zokusebenza.
Nge-MyLink ™ SSL Decryption, ungaxazulula lezi zinkinga:
1- Thuthukisa amathuluzi okuphepha akhona ngokufaka phakathi nokulayisha ukukhishwa kwe-SSL kanye nokubethela kabusha;
2- Vula izinsongo ezifihliwe, ukwephulwa kwedatha, ne-malware;
3- Hlonipha ukuhambisana nobumfihlo bedatha ngezindlela ezisetshenziselwa ukutolika ezisetshenziselwa inqubomgomo;
Izicelo ze-4 -Service Chain Multiple Intelligence Interence enjengephakethe lepakethe, imasking, ukudicilelanisa nokuhlunga kweseshini eguqukayo, njll.
5- Shake ukusebenza kwakho kwenethiwekhi, futhi wenze izinguquko ezifanele ukuqinisekisa ukulingana phakathi kokuphepha nokusebenza.
Lezi ngezinye zezicelo ezibalulekile ze-SSL decryption ku-Network Packet Broker. Ngokukhipha ithrafikhi ye-SSL / TLS, i-NPBS yenyusa ukubonakala nokuphumelela kwamathuluzi okuphepha nokuqapha, ukuqinisekisa ukuvikelwa kwenethiwekhi okuphelele namandla okuqapha ukusebenza. I-SSL Decryption kunethiwekhi yePacket Broker (NPBS) ifaka ukufinyelela nokukhipha ithrafikhi ebethelwe ukuze ihlolwe futhi ihlaziywe. Ukuqinisekisa ubumfihlo nokuvikeleka kwethrafikhi eqokiwe kubaluleke kakhulu. Kubalulekile ukuqaphela ukuthi izinhlangano ezisebenzisa ukutolika kwe-SSL kuma-NPB kufanele zibe nezinqubomgomo nezinqubo ezicacile zokulawula ukusetshenziswa kwethrafikhi ehlehlisiwe, kufaka phakathi izilawuli zokufinyelela, ukuphendula idatha kanye nokugcinwa kabusha. Ukuhambisana nezidingo ezisebenzayo zezomthetho nezokulawula kubalulekile ukuze uqinisekise ubumfihlo nokuvikeleka kwethrafikhi ebonakalayo.
Isikhathi sePosi: Sep-04-2023
