Uhlolo lwePakethe eNzulu (i-DPI)yiteknoloji esetyenziswa kwiNetwork Packet Brokers (NPBs) ukuhlola nokuhlalutya umxholo weepakethi zenethiwekhi kwinqanaba eliyi-granular. Ibandakanya ukuphonononga umthwalo, ii-headers, kunye nolunye ulwazi oluphathelele iprotocol ngaphakathi kweepakethi ukuze kufunyanwe ulwazi oluneenkcukacha malunga nethrafikhi yenethiwekhi.
I-DPI idlula uhlalutyo olulula lweentloko kwaye inika ukuqonda okunzulu kwedatha ehamba ngenethiwekhi. Ivumela ukuhlolwa okunzulu kweeprotokholi zomaleko wesicelo, ezifana ne-HTTP, i-FTP, i-SMTP, i-VoIP, okanye iiprotokholi zokusasaza ividiyo. Ngokuhlola umxholo wokwenyani ngaphakathi kweepakethi, i-DPI inokufumanisa kwaye ichonge usetyenziso oluthile, iiprotokholi, okanye iipateni ezithile zedatha.
Ukongeza kuhlalutyo oluhambelanayo lweedilesi zomthombo, iidilesi zendawo oya kuyo, iiports zomthombo, iiports zendawo oya kuyo, kunye neentlobo zeprotocol, i-DPI ikwadibanisa uhlalutyo lwe-application-layer ukuze ichonge usetyenziso olwahlukeneyo kunye nomxholo walo. Xa ipakethi ye-1P, idatha ye-TCP okanye ye-UDP ihamba kwinkqubo yolawulo lwe-bandwidth ngokusekelwe kwitekhnoloji ye-DPI, inkqubo ifunda umxholo womthwalo wepakethi ye-1P ukuze ihlele kwakhona ulwazi lwe-application layer kwi-OSI Layer 7 protocol, ukuze ifumane umxholo wenkqubo yonke yesicelo, ize emva koko ibumbe itrafikhi ngokwemigaqo-nkqubo yolawulo echazwe yinkqubo.
Isebenza njani i-DPI?
Iifirewall zemveli zihlala zingenawo amandla okucubungula ukwenza uhlolo olucokisekileyo ngexesha langempela kwinani elikhulu leetrafikhi. Njengoko iteknoloji iqhubela phambili, i-DPI ingasetyenziselwa ukwenza uhlolo oluntsonkothileyo ukujonga ii-headers kunye nedatha. Ngokwesiqhelo, iifirewall ezineenkqubo zokufumanisa ukungena zihlala zisebenzisa i-DPI. Kwihlabathi apho ulwazi lwedijithali luphambili, lonke ulwazi lwedijithali luhanjiswa kwi-Intanethi kwiipakethi ezincinci. Oku kubandakanya i-imeyile, imiyalezo ethunyelwa nge-app, iiwebhusayithi ezityelelweyo, iincoko zevidiyo, nokunye. Ukongeza kwidatha yokwenyani, ezi pakethi ziquka i-metadata echaza umthombo wethrafikhi, umxholo, indawo ekuyiwa kuyo, kunye nolunye ulwazi olubalulekileyo. Ngeteknoloji yokucoca iipakethi, idatha inokubekwa esweni rhoqo kwaye ilawulwe ukuqinisekisa ukuba ithunyelwa kwindawo elungileyo. Kodwa ukuqinisekisa ukhuseleko lwenethiwekhi, ukucoca iipakethi zemveli akwanelanga kwaphela. Ezinye zeendlela eziphambili zokuhlola iipakethi ezinzulu kulawulo lwenethiwekhi zidweliswe ngezantsi:
Imo yokuHlanganisa/uMsayino
Ipakethi nganye ijongwa ukuba ayifani na nedathabheyisi yohlaselo lwenethiwekhi olwaziwayo yi-firewall enobuchule benkqubo yokubona ukungena (i-IDS). I-IDS ikhangela iipateni ezithile ezinobungozi kwaye ikhubaza ithrafikhi xa kufunyenwe iipateni ezinobungozi. Ingxaki yomgaqo-nkqubo wokufanisa isiginitsha kukuba isebenza kuphela kwiziginitsha ezihlaziywa rhoqo. Ukongeza, le teknoloji inokuzikhusela kuphela kwizisongelo okanye uhlaselo olwaziwayo.
Umahluko kwiProtocol
Ekubeni indlela yokwahlula iprotocol ayivumeli nje yonke idatha engahambelani nesiseko sedatha sotyikityo, indlela yokwahlula iprotocol esetyenziswa yi-firewall ye-IDS ayinazo iziphene ezisisiseko zendlela yokudibanisa ipateni/isiginesha. Endaweni yoko, isebenzisa umgaqo-nkqubo wokungavumi omiselweyo. Ngokwenkcazo yeprotocol, iifirewall zigqiba ukuba zeziphi iitrafikhi ekufuneka zivunyelwe kwaye zikhusele inethiwekhi kwizisongelo ezingaziwayo.
Inkqubo yoThintelo lokungena (IPS)
Izisombululo ze-IPS zinokuthintela ukudluliselwa kweepakethi ezinobungozi ngokusekelwe kumxholo wazo, ngaloo ndlela ziyeke ukuhlaselwa okurhanelwayo ngexesha langempela. Oku kuthetha ukuba ukuba ipakethi imele umngcipheko wokhuseleko owaziwayo, i-IPS iya kuyithintela ngokukhawuleza ithrafikhi yenethiwekhi ngokusekelwe kwimigaqo echaziweyo. Enye ingxaki ye-IPS kukufuneka ihlaziye rhoqo isiseko sedatha se-cyber threshooting ngeenkcukacha malunga nezisongelo ezintsha, kunye nokuba khona kwezinto ezilungileyo ezingezizo. Kodwa le ngozi inokuncitshiswa ngokudala imigaqo-nkqubo egcina izinto ngendlela eqhelekileyo kunye nemida yesiko, ukumisela indlela yokuziphatha efanelekileyo yesiseko seenxalenye zenethiwekhi, kunye nokuvavanya rhoqo izilumkiso kunye neziganeko ezixeliweyo ukuphucula ukujonga kunye nokulumkisa.
1- I-DPI (Uhlolo oluNzulu lweePakethi) kwiNethiwekhi yePakethi yoMthengisi
"Deep" kukuthelekiswa kohlalutyo lwepakethi kwinqanaba neliqhelekileyo, "ukuhlolwa kwepakethi eqhelekileyo" kuphela kohlalutyo olulandelayo lwe-IP packet 4 layer, kuquka idilesi yomthombo, idilesi yendawo, i-source port, i-destination port kunye nohlobo lweprotocol, kunye ne-DPI ngaphandle kohlalutyo oluhambelanayo, kwanokwandisa uhlalutyo lwe-application layer, ukuchonga izicelo ezahlukeneyo kunye nomxholo, ukuze kufezekiswe imisebenzi ephambili:
1) Uhlalutyo lweSicelo -- uhlalutyo lokwakheka kwetrafikhi yenethiwekhi, uhlalutyo lokusebenza, kunye nohlalutyo lokuhamba kwamanzi
2) Uhlalutyo lwaBasebenzisi -- umahluko weqela labasebenzisi, uhlalutyo lokuziphatha, uhlalutyo lwesiphelo, uhlalutyo lweendlela, njl.njl.
3) Uhlalutyo lweZinto zeNethiwekhi -- uhlalutyo olusekelwe kwiimpawu zengingqi (isixeko, isithili, isitalato, njl.njl.) kunye nomthwalo wesitishi esisisiseko
4) Ulawulo lweTrafikhi -- Ukunciphisa isantya se-P2P, uqinisekiso lwe-QoS, uqinisekiso lwe-bandwidth, ukwenziwa ngcono kwezixhobo zenethiwekhi, njl.
5) Uqinisekiso loKhuseleko -- Uhlaselo lwe-DDoS, isiphepho sokusasazwa kwedatha, ukuthintela uhlaselo lweentsholongwane olunobungozi, njl.njl.
2- Udidi oluQhelekileyo lweZicelo zeNethiwekhi
Namhlanje kukho izicelo ezininzi kwi-Intanethi, kodwa izicelo eziqhelekileyo zewebhu zingaphelela.
Ngokwazi kwam, inkampani ebalaseleyo yokuqaphela ii-app yiHuawei, ethi iyaziqonda ii-apps ezingama-4,000. Uhlalutyo lweprotokholi yimodyuli esisiseko yeenkampani ezininzi ze-firewall (iHuawei, i-ZTE, njl.njl.), kwaye ikwayimodyuli ebaluleke kakhulu, exhasa ukufezekiswa kwezinye iimodyuli ezisebenzayo, ukuchongwa ngokuchanekileyo kwesicelo, kunye nokuphucula kakhulu ukusebenza kunye nokuthembeka kweemveliso. Ekuboniseni ukuchongwa kwe-malware ngokusekelwe kwiimpawu zethrafikhi yenethiwekhi, njengoko ndenza ngoku, ukuchongwa ngokuchanekileyo nangokubanzi kweprotokholi nako kubaluleke kakhulu. Ngaphandle kwethrafikhi yenethiwekhi yezicelo eziqhelekileyo kwithrafikhi yokuthumela ngaphandle yenkampani, ithrafikhi eseleyo iya kubala inxenye encinci, engcono kuhlalutyo lwe-malware kunye ne-alamu.
Ngokusekelwe kumava am, usetyenziso olusetyenziswa rhoqo luhlelwe ngokwemisebenzi yalo:
PS: Ngokwendlela oqonda ngayo udidi lwesicelo, uneziphakamiso ezilungileyo wamkelekile ukushiya isindululo somyalezo
1). I-imeyile
2). Ividiyo
3). Imidlalo
4). Iklasi ye-OA yeOfisi
5). Uhlaziyo lwesoftware
6). Ezemali (ibhanki, i-Alipay)
7). Izitokhwe
8). Unxibelelwano lweNtlalo (isoftware ye-IM)
9). Ukukhangela kwiwebhu (mhlawumbi kuchongwe ngcono ngee-URL)
10). Izixhobo zokukhuphela (idiski yewebhu, ukhuphelo lwe-P2P, ezinxulumene ne-BT)
Emva koko, indlela esebenza ngayo i-DPI (Deep Packet Inspection) kwi-NPB:
1). UkuBanjwa kwePakethi: I-NPB ibamba ithrafikhi yenethiwekhi evela kwimithombo eyahlukeneyo, efana neeswitshi, ii-routers, okanye ii-taps. Ifumana iipakethi ezihamba ngenethiwekhi.
2). Ukuhlalutywa kwePakethi: Iipakethi ezibanjiweyo zihlalutywa yi-NPB ukuze kukhutshwe iileya ezahlukeneyo zeprotocol kunye nedatha ehambelanayo. Le nkqubo yokuhlalutywa inceda ekuchongeni iinxalenye ezahlukeneyo ngaphakathi kweepakethi, ezinje ngee-headers ze-Ethernet, ii-headers ze-IP, ii-headers ze-transport layer (umz., i-TCP okanye i-UDP), kunye nee-protocols ze-application layer.
3). Uhlalutyo lomthwalo wentlawulo: Nge-DPI, i-NPB idlula nje ekuhlolweni kwentloko kwaye igxile kumthwalo wentlawulo, kuquka idatha yokwenyani engaphakathi kwiipakethi. Ihlola umxholo womthwalo wentlawulo ngokunzulu, nokuba yeyiphi na isicelo okanye iprotocol esetyenzisiweyo, ukuze kukhutshwe ulwazi olufanelekileyo.
4). Ukuchongwa kweProtokholi: I-DPI ivumela i-NPB ukuba ichonge iiprotokholi ezithile kunye nezicelo ezisetyenziswa ngaphakathi kwethrafikhi yenethiwekhi. Ingachonga kwaye ihlele iiprotokholi ezifana ne-HTTP, FTP, SMTP, DNS, VoIP, okanye iiprotokholi zokusasaza ividiyo.
5). Uhlolo Lomxholo: I-DPI ivumela i-NPB ukuba ihlole umxholo weepakethi ukuze ifumane iipateni ezithile, iimpawu, okanye amagama angundoqo. Oku kwenza kube lula ukubona izisongelo zenethiwekhi, ezifana ne-malware, iintsholongwane, imizamo yokungena, okanye imisebenzi erhanelekayo. I-DPI ingasetyenziselwa ukucoca umxholo, ukunyanzelisa imigaqo-nkqubo yenethiwekhi, okanye ukuchonga ukwaphulwa komthetho wokuthobela idatha.
6). Ukukhutshelwa kweMetadata: Ngexesha le-DPI, i-NPB ikhupha i-metadata efanelekileyo kwiipakethi. Oku kungabandakanya ulwazi olufana needilesi ze-IP zomthombo kunye nendawo ekuyiwa kuyo, iinombolo zezibuko, iinkcukacha zeseshoni, idatha yentengiselwano, okanye naziphi na ezinye iimpawu ezifanelekileyo.
7). Ukuhambisa okanye Ukucoca iiPakethi: Ngokusekelwe kuhlalutyo lwe-DPI, i-NPB inokuhambisa iipakethi ezithile kwiindawo ezikhethiweyo ukuze ziqhubeke nokucutshungulwa, njengezixhobo zokhuseleko, izixhobo zokubeka esweni, okanye amaqonga ohlalutyo. Ingasebenzisa nemithetho yokucoca ukulahla okanye ukuhambisa iipakethi ngokusekelwe kumxholo okanye iipateni ezichongiweyo.
Ixesha lokuposa: Juni-25-2023
