Ukuchongwa kweSicelo sePakethe yePakethi yeBroker esekwe kwiDPI - Ukuhlolwa kwePakethi eNzulu

Ukuhlolwa kwePakethi enzulu (DPI)iteknoloji esetyenziswa kwi-Network Packet Brokers (NPBs) ukuhlola nokuhlalutya imixholo yeepakethi zenethiwekhi kwinqanaba legranular. Kubandakanya ukuphonononga umthwalo wokuhlawula, iiheader, kunye nolunye ulwazi oluthe ngqo kwiprothokholi ngaphakathi kweepakethi ukuze ufumane ulwazi oluneenkcukacha kwitrafikhi yenethiwekhi.

I-DPI ihamba ngaphaya kohlalutyo olulula lwentloko kwaye inikezela ukuqonda okunzulu kwedatha ehamba ngenethiwekhi. Ivumela ukuhlolwa okunzulu kweeprothokholi zomaleko wesicelo, njenge-HTTP, i-FTP, i-SMTP, i-VoIP, okanye i-protocol yokusakaza ividiyo. Ngokuphonononga umxholo wokwenene kwiipakethi, i-DPI inokubona kwaye ichonge iinkqubo ezithile, iiprothokholi, okanye iipateni ezithile zedatha.

Ukongeza kuhlalutyo oluphezulu lweedilesi zomthombo, iidilesi zendawo ekuyiwa kuyo, amazibuko omthombo, iindawo zokusingwa, kunye neentlobo zeprotocol, iDPI yongeza uhlalutyo lwe-application-layer ukuchonga izicelo ezahlukeneyo kunye nemixholo yazo. Xa ipakethe ye-1P, i-TCP okanye i-UDP yedatha ihamba ngenkqubo yolawulo lwe-bandwidth esekelwe kwi-teknoloji ye-DPI, inkqubo ifunda umxholo we-1P yomthwalo wepakethi ukucwangcisa kwakhona ulwazi lwe-application layer kwi-OSI Layer 7 protocol, ukuze ufumane umxholo yonke inkqubo yesicelo, kwaye emva koko ukubumba i-traffic ngokomgaqo-nkqubo wolawulo ochazwe yinkqubo.

Isebenza njani iDPI?

Iifirewall zemveli zihlala zingenawo amandla okusebenza ukwenza uqwalaselo lwexesha lokwenyani kumthamo omkhulu wetrafikhi. Njengoko iteknoloji ihambela phambili, i-DPI ingasetyenziselwa ukwenza uhlolo olunzima ngakumbi ukujonga iiheader kunye nedatha. Ngokuqhelekileyo, i-firewall eneenkqubo zokubona ukungena ngaphakathi zihlala zisebenzisa i-DPI. Ehlabathini apho ulwazi lwedijithali luyiParamount, lonke ulwazi lwedijithali luhanjiswa kwi-Intanethi kwiipakethi ezincinci. Oku kuquka i-imeyile, imiyalezo ethunyelwe nge-app, iiwebhusayithi ezityelelweyo, iincoko zevidiyo, nokunye. Ukongeza kwidatha yangempela, ezi phakheji ziquka i-metadata echaza umthombo wethrafikhi, umxholo, indawo ekuyiwa kuyo, kunye nolunye ulwazi olubalulekileyo. Ngeteknoloji yokucoca ipakethi, idatha inokujongwa ngokuqhubekayo kwaye ilawulwe ukuqinisekisa ukuba ithunyelwa kwindawo efanelekileyo. Kodwa ukuqinisekisa ukhuseleko lwenethiwekhi, ukuhluza ipakethi yemveli kude ngokwaneleyo. Ezinye zeendlela eziphambili zokuhlola ipakethe enzulu kulawulo lwenethiwekhi zidweliswe ngezantsi:

Imowudi yokuTshisana/Utyikityo

Ipakethe nganye ikhangelwa umdlalo ngokuchasene nedathabheyisi yohlaselo lwenethiwekhi olwaziwayo ngofirewall ngenkqubo yokubona intrusion (IDS) amandla. I-IDS ikhangela iipateni ezithile ezinobungozi kwaye ivala itrafikhi xa iipateni ezikhohlakeleyo zifunyenwe. Ukungalungi komgaqo-nkqubo wokutshatisa isiginitsha kukuba usebenza kuphela kwiisignesha ezihlaziywa rhoqo. Ukongeza, le teknoloji inokukhusela kuphela kwizisongelo okanye uhlaselo olwaziwayo.

DPI

Ukwahluka kweProtocol

Ukusukela ukuba indlela yokukhutshwa kweprothokholi ingavumeli nje yonke idatha engahambelani nesiseko sedata sotyikityo, indlela yokukhutshwa kweprotocol esetyenziswa yifirewall ye-IDS ayinazo iziphene zendlela yokulinganisa/yomtyikityo wokuthelekisa. Endaweni yoko, yamkela umgaqo-nkqubo wokulandula. Ngenkcazo yeprotocol, i-firewalls ithatha isigqibo sokuba yeyiphi i-traffic ekufuneka ivunyelwe kwaye ikhusele inethiwekhi kwiisongelo ezingaziwayo.

Inkqubo yoThintelo lokuNgena (IPS)

Izisombululo ze-IPS zinokuthintela ukuhanjiswa kweepakethi ezinobungozi ngokusekelwe kumxholo wazo, ngaloo ndlela ziyeke ukuhlaselwa okukrokrelwayo ngexesha langempela. Oku kuthetha ukuba ukuba ipakethi imele umngcipheko wokhuseleko owaziwayo, i-IPS iya kuvala ngokuqhubekayo itrafikhi yothungelwano ngokusekelwe kwiseti yemithetho echaziweyo. Enye into engalunganga ye-IPS yimfuneko yokuhlaziya rhoqo i-database ye-cyber isongelo kunye neenkcukacha malunga nezisongelo ezintsha, kunye nokuba nokwenzeka kobuxoki. Kodwa le ngozi inokuthotywa ngokuyila imigaqo-nkqubo elondolozayo kunye nemigangatho yesiko, ukuseka isiseko esifanelekileyo sokuziphatha kumacandelo othungelwano, kunye nokuvavanya ngamaxesha athile izilumkiso kunye neziganeko ezixeliweyo ukwandisa ukubeka iliso kunye nokwazisa.

I-1- I-DPI (i-Deep Packet Inspection) kwi-Network Packet Broker

"Unzulu" linqanaba kunye nothelekiso lohlalutyo lwepakethe oluqhelekileyo, "ukuhlolwa kwepakethi eqhelekileyo" kuphela olu hlalutyo lulandelayo lwepakethe ye-IP ye-4 umaleko, kubandakanya idilesi yomthombo, idilesi yendawo, izibuko lomthombo, izibuko lendawo kunye nohlobo lweprotocol, kunye ne-DPI ngaphandle kwe-hierarchical. uhlalutyo, kwakhona kwandisa uhlalutyo umaleko isicelo, ukuchonga izicelo ezahlukeneyo kunye nomxholo, ukuqonda imisebenzi ephambili:

I-1) Uhlalutyo lwesicelo - uhlalutyo lokuqulunqwa kwetrafikhi yenethiwekhi, uhlalutyo lokusebenza, kunye nohlalutyo lokuhamba

2) Uhlalutyo lomsebenzisi -- ukwahlula kweqela labasebenzisi, uhlalutyo lokuziphatha, uhlalutyo lwesiphelo, uhlalutyo lwendlela, njl.

3) I-Network Element Analysis -- uhlalutyo olusekelwe kwiimpawu zengingqi (isixeko, isithili, isitalato, njl.) kunye nomthwalo wesikhululo

4) Ulawulo lweTrafikhi--P2P yokunciphisa isantya, ukuqinisekiswa kweQoS, ukuqinisekiswa kwe-bandwidth, ukusetyenziswa kwemithombo yenethiwekhi, njl.

I-5) Isiqinisekiso soKhuseleko -- ukuhlaselwa kwe-DDoS, isaqhwithi sokusasazwa kwedatha, ukuthintela ukuhlaselwa kwentsholongwane enobungozi, njl.

I-2- Ukuhlelwa ngokubanzi kwezicelo zeNethiwekhi

Namhlanje kukho intaphane yezicelo kwi-Intanethi, kodwa usetyenziso lwewebhu oluqhelekileyo lunokuphelelwa.

Ngokokwazi kwam, eyona nkampani igqwesileyo yokwamkelwa kweapp yiHuawei, ethi iqaphela ii-apps ezingama-4,000. Uhlalutyo lweprotocol luyimodyuli eyisiseko yeenkampani ezininzi ze-firewall (i-Huawei, i-ZTE, njl.), kwaye nayo imodyuli ebaluleke kakhulu, exhasa ukufezekiswa kwezinye iimodyuli ezisebenzayo, ukuchongwa kwesicelo esichanekileyo, kunye nokuphucula kakhulu ukusebenza kunye nokuthembeka kweemveliso. Kumzekelo wokuchongwa kwe-malware ngokusekelwe kwiimpawu zetrafikhi yenethiwekhi, njengoko ndisenza ngoku, ukuchongwa kweprothokholi echanekileyo kunye nebanzi nayo ibaluleke kakhulu. Ngaphandle kwe-traffic yenethiwekhi yezicelo eziqhelekileyo ezivela kwi-traffic traffic yenkampani, i-traffic eseleyo iya kuphendula inxalenye encinci, engcono kuhlalutyo lwe-malware kunye ne-alamu.

Ngokusekwe kumava am, izicelo ezikhoyo ezisetyenziswa ngokuqhelekileyo zihlelwa ngokwemisebenzi yazo:

I-PS: Ngokwengqiqo yobuqu yokuhlelwa kwesicelo, unazo naziphi na iingcebiso ezilungileyo wamkelekile ukushiya isindululo somyalezo

1). I-imeyile

2). Ividiyo

3). Imidlalo

4). Iklasi yeOfisi yeOA

5). Uhlaziyo lweSoftware

6). Ezemali (ibhanki, Alipay)

7). Izabelo

8). Unxibelelwano loLuntu (isoftware ye-IM)

9). Ukhangelo lwewebhu (mhlawumbi ichongiwe ngcono ngee-URLs)

10). Khuphela izixhobo (idiski yewebhu, ukhuphelo lweP2P, ezinxulumene neBT)

20191210153150_32811

Emva koko, i-DPI (uHlolo lwePakethi eNzulu) isebenza njani kwi-NPB:

1). I-Packet Capture: I-NPB ibamba i-traffic yenethiwekhi ukusuka kwimithombo eyahlukeneyo, njengokutshintsha, ii-routers, okanye iimpompo. Ifumana iipakethi ezihamba ngenethiwekhi.

2). Ukupakishwa kwePakethi: Iipakethi ezibanjiweyo zicazululwa yi-NPB ukukhupha iileya ezahlukeneyo zeprotocol kunye nedatha ehambelanayo. Le nkqubo yokwahlulahlula inceda ekuchongeni amacandelo ahlukeneyo ngaphakathi kweepakethi, njengee-header ze-Ethernet, iiheader ze-IP, iiheader zothutho zothutho (umzekelo, i-TCP okanye i-UDP), kunye neeprothokholi zomaleko wesicelo.

3). Uhlalutyo lwe-Payload: Nge-DPI, i-NPB ihamba ngaphaya kokuhlolwa kwentloko kwaye igxininise kwi-payload, kubandakanywa nedatha yangempela ngaphakathi kweepakethi. Ihlola umxholo womvuzo ngokunzulu, kungakhathaliseki ukuba isicelo okanye iprotocol esetyenzisiweyo, ukukhupha ulwazi olufanelekileyo.

4). Ukuchongwa kweProtocol: I-DPI yenza ukuba i-NPB ikwazi ukuchonga iiprothokholi ezithile kunye nezicelo ezisetyenziswa ngaphakathi kwetrafikhi yenethiwekhi. Iyakwazi ukubona kwaye ihlele iiprothokholi ezifana neHTTP, FTP, SMTP, DNS, VoIP, okanye iiprothokholi zokusasaza ividiyo.

5). Ukuhlolwa komxholo: I-DPI ivumela i-NPB ukuba ihlole umxholo weepakethi kwiipatheni ezithile, iisayinwe, okanye amagama angundoqo. Oku kwenza ukuba kubonwe izoyikiso zenethiwekhi, ezifana ne-malware, iintsholongwane, iinzame zokungena, okanye imisebenzi ekrokrisayo. I-DPI ingasetyenziselwa ukuhluza umxholo, ukunyanzelisa imigaqo-nkqubo yenethiwekhi, okanye ukuchonga ukuphulwa kokuthotyelwa kwedatha.

6). I-Metadata Extraction: Ngexesha le-DPI, i-NPB ikhupha i-metadata efanelekileyo kwiipakethi. Oku kunokubandakanya ulwazi olufana nomthombo kunye needilesi ze-IP, iinombolo zezibuko, iinkcukacha zeseshoni, idatha yentengiselwano, okanye naziphi na ezinye iimpawu ezifanelekileyo.

7). I-Traffic Routing okanye i-Filtering: Ngokusekelwe kuhlalutyo lwe-DPI, i-NPB inokuhambisa iipakethi ezithile kwiindawo ezichongiweyo zokuqhubela phambili, ezifana nezixhobo zokukhusela, izixhobo zokubeka iliso, okanye iiplatifomu zokuhlalutya. Isenokuthi isebenzise imigaqo yokucoca ukulahla okanye ukuqondisa kwakhona iipakethi ngokusekelwe kumxholo ochongiweyo okanye iipatheni.

ML-NPB-5660 3d


Ixesha lokuposa: Jun-25-2023