Iyini i-SSL/TLS Decryption?
Ukususa ukubethela kwe-SSL, okwaziwa nangokuthi ukukhishwa kwemfihlo kwe-SSL/TLS, kubhekisela enqubweni yokubamba kanye nokukhipha ukubethela Kwesendlalelo Sezikhoxe Ezivikelekile (SSL) noma I-Transport Layer Security (TLS) ithrafikhi yenethiwekhi ebethelwe. I-SSL/TLS iyiphrothokholi yokubethela esetshenziswa kabanzi evikela ukudluliswa kwedatha ngamanethiwekhi ekhompyutha, njenge-inthanethi.
Ukususa ukubethela kwe-SSL ngokuvamile kwenziwa ngamadivayisi okuphepha, afana nezinqamuleli zomlilo, amasistimu okuvimbela ukungena kokungena (IPS), noma izinto zikagesi ezizinikele zokukhipha ukubethela ze-SSL. Lawa madivayisi abekwe ngokwecebo ngaphakathi kwenethiwekhi ukuze ahlole ithrafikhi ebethelwe ngezinjongo zokuphepha. Inhloso eyinhloko ukuhlaziya idatha ebethelwe ngezinsongo ezingaba khona, uhlelo olungayilungele ikhompuyutha, noma imisebenzi engagunyaziwe.
Ukuze wenze ukususa ukubethela kwe-SSL, idivayisi yokuvikela isebenza njengendoda ephakathi phakathi kweklayenti (isb, isiphequluli sewebhu) kanye neseva. Lapho iklayenti liqalisa uxhumano lwe-SSL/TLS neseva, idivayisi yezokuvikela ibamba ithrafikhi ebethelwe bese isungula ukuxhumana okubili okuhlukene kwe-SSL/TLS—okukodwa neklayenti kanye nesiphakeli.
Idivayisi yokuvikela ibe isisusa ukubethela kwethrafikhi kuklayenti, ihlola okuqukethwe okususwe ukubethela, futhi isebenzisa izinqubomgomo zokuphepha ukuze ikhombe noma yimuphi umsebenzi ongalungile noma osolisayo. Ingase futhi yenze imisebenzi efana nokuvimbela ukulahleka kwedatha, ukuhlunga okuqukethwe, noma ukuthola uhlelo olungayilungele ikhompuyutha kudatha esusiwe. Uma ithrafikhi isihlaziyiwe, idivayisi yokuvikela iphinda ibethelwe kusetshenziswa isitifiketi esisha se-SSL/TLS bese isidlulisela kuseva.
Kubalulekile ukuqaphela ukuthi ukukhishwa kwemfihlo kwe-SSL kuphakamisa ukukhathazeka kobumfihlo nokuphepha. Njengoba idivayisi yokuvikela inokufinyelela kudatha esusiwe, ingakwazi ukubuka ulwazi olubucayi njengamagama abasebenzisi, amagama ayimfihlo, imininingwane yekhadi lesikweletu, noma enye idatha eyimfihlo ethunyelwa ngenethiwekhi. Ngakho-ke, ukususa ukubethela kwe-SSL kuvamise ukusetshenziswa ngaphakathi kwezindawo ezilawulwayo nezivikelekile ukuze kuqinisekiswe ubumfihlo nobuqotho bedatha ebanjiwe.
I-SSL Decryption inezindlela ezintathu ezijwayelekile, yilezi:
- Imodi ye-Passive
- Imodi yangaphakathi
- Imodi ephumayo
Kepha, yimuphi umehluko wezindlela ezintathu ze-SSL Decryption?
| Imodi | Imodi yokwenziwa | Imodi Engenayo | Imodi Ephumayo |
| Incazelo | Idlulisela kalula ithrafikhi ye-SSL/TLS ngaphandle kokukhishwa kwekhodi noma ukuguqulwa. | Isusa ukubethela izicelo zeklayenti, ihlaziye futhi isebenzise izinqubomgomo zokuphepha, bese idlulisela izicelo kuseva. | Isusa ukubethela izimpendulo zeseva, ihlaziye futhi isebenzise izinqubomgomo zokuphepha, bese idlulisela izimpendulo kuklayenti. |
| Ukugeleza Kwethrafikhi | Izindlela ezimbili | Iklayenti Kuseva | Iseva kuKlayenti |
| Indima Yedivayisi | Isibukeli | Umuntu-phakathi-phakathi | Umuntu-phakathi-phakathi |
| Ukususa ukubethela Indawo | Akukho ukubethela | Isusa ukubethela kumjikelezo wenethiwekhi (imvamisa phambi kweseva). | Isusa ukubethela kumjikelezo wenethiwekhi (imvamisa phambi kweklayenti). |
| Ukubonakala Kwethrafikhi | Ithrafikhi ebethelwe kuphela | Izicelo zeklayenti ezisuswe ukubethela | Izimpendulo zeseva ezisuswe ukubethela |
| Ukuguqulwa Kwethrafikhi | Akukho ukuguqulwa | Ingashintsha ithrafikhi ukuze ihlaziye noma izinjongo zokuphepha. | Ingashintsha ithrafikhi ukuze ihlaziye noma izinjongo zokuphepha. |
| Isitifiketi se-SSL | Asikho isidingo sokhiye oyimfihlo noma isitifiketi | Idinga ukhiye oyimfihlo nesitifiketi ukuze iseva ivinjwe | Idinga ukhiye oyimfihlo nesitifiketi ukuze iklayenti livinjwe |
| Ukulawula Ukuphepha | Ukulawula okunomkhawulo njengoba kungakwazi ukuhlola noma ukuguqula ithrafikhi ebethelwe | Ingahlola futhi isebenzise izinqubomgomo zokuphepha ezicelweni zeklayenti ngaphambi kokufinyelela kuseva | Ingahlola futhi isebenzise izinqubomgomo zokuphepha ezimpendulweni zeseva ngaphambi kokufinyelela iklayenti |
| Izinkathazo Zobumfihlo | Ayifinyeleli noma ayihlaziye idatha ebethelwe | Unokufinyelela kuzicelo zeklayenti ezisuswe ukubethela, okuphakamisa ukukhathazeka kobumfihlo | Unokufinyelela ezimpendulweni zeseva ezisuswe ukubethela, okuphakamisa ukukhathazeka kobumfihlo |
| Ukucatshangelwa kokuhambisana | Umthelela omncane kubumfihlo nokuhambisana | Ingase idinge ukuthotshelwa kwemithetho yobumfihlo bedatha | Ingase idinge ukuthotshelwa kwemithetho yobumfihlo bedatha |
Uma kuqhathaniswa ne-serial decryption yeplathifomu yokulethwa evikelekile, ubuchwepheshe bokukhishwa kwemfihlo obujwayelekile bunomkhawulo.
Ama-firewall namasango okuphepha enethiwekhi asusa ukubhala umbhalo wethrafikhi ye-SSL/TLS ngokuvamile ehluleka ukuthumela ithrafikhi esusiwe kwamanye amathuluzi okuqapha nawokuvikela. Ngokufanayo, ukulinganisa komthwalo kuqeda ithrafikhi ye-SSL/TLS futhi kusabalalise kahle umthwalo phakathi kwamaseva, kodwa yehluleka ukusabalalisa ithrafikhi kumathuluzi okuphepha amaketango amaningi ngaphambi kokuyibethela kabusha. Okokugcina, lezi zixazululo azikwazi ukulawula ukukhethwa kwethrafikhi futhi zizosabalalisa ithrafikhi engabetheliwe ngesivinini sezintambo, ngokuvamile sithumela yonke ithrafikhi enjinini yokuguqula ikhodi, idale izinselele zokusebenza.
Nge-Mylinking™ SSL decryption, ungakwazi ukuxazulula lezi zinkinga:
1- Thuthukisa amathuluzi okuphepha akhona ngokubeka endaweni eyodwa kanye nokukhipha ukubethela kwe-SSL kanye nokubethela kabusha;
2- Dalula izinsongo ezifihliwe, ukwephulwa kwedatha, nohlelo olungayilungele ikhompuyutha;
3- Hlonipha ukuthobela ubumfihlo bedatha nezindlela zokukhetha ezisuselwe kunqubomgomo;
4 -Uchungechunge lwezinsizakalo izinhlelo zokusebenza eziningi zobuhlakani bethrafikhi njengokusikwa kwephakethe, ukufihla ubuso, ukuphindaphinda, nokuhlunga kweseshini eguqukayo, njll.
5- Kuthinta ukusebenza kwenethiwekhi yakho, futhi wenze izinguquko ezifanele ukuze uqinisekise ibhalansi phakathi kokuphepha nokusebenza.
Lezi ezinye zezinhlelo zokusebenza eziyisihluthulelo zokukhishwa kwemfihlo kwe-SSL kubadayisi bephakethe lenethiwekhi. Ngokususa ukubethela kwethrafikhi ye-SSL/TLS, ama-NPB athuthukisa ukubonakala nokusebenza ngempumelelo kwamathuluzi okuphepha nawokugada, aqinisekisa ukuvikelwa kwenethiwekhi okuphelele namandla okuqapha ukusebenza. Ukukhishwa kwemfihlo kwe-SSL kuma-packet broker enethiwekhi (NPBs) kuhilela ukufinyelela kanye nokususa ukubethela kwethrafikhi ukuze ihlolwe futhi ihlaziywe. Ukuqinisekisa ubumfihlo nokuvikeleka kwethrafikhi engafihliwe kubaluleke kakhulu. Kubalulekile ukuqaphela ukuthi izinhlangano ezisebenzisa ukususwa kwekhodi ye-SSL kuma-NPB kufanele zibe nezinqubomgomo nezinqubo ezicacile ezikhona ukuze zilawule ukusetshenziswa kwethrafikhi esusiwe, okuhlanganisa izilawuli zokufinyelela, ukuphatha idatha, nezinqubomgomo zokugcinwa. Ukuthobelana nezidingo ezisebenzayo zomthetho nezokulawula kubalulekile ukuze kuqinisekiswe ubumfihlo nokuvikeleka kwethrafikhi engafihliwe.
Isikhathi sokuthumela: Sep-04-2023
