Network Packet Brokerizixhobo inkqubo Uthutho lwenethiwekhi ukwenzela ukuba ezinye izixhobo esweni, ezifana abo bazinikele esweni umsebenzi womnatha kunye esweni ezinxulumene-zokhuseleko, inokusebenza ngokufanelekileyo. Iimpawu zibandakanya ukuhluzwa kwepakethi ukuchonga amanqanaba omngcipheko, imithwalo yepakethi, kunye nokufakwa kwesitampu sexesha esekwe kwihardware.
I-Architect yoKhuseleko lweNethiwekhiibhekisa kwiseti yoxanduva olunxulumene nolwakhiwo lokhuseleko lwamafu, ulwakhiwo lokhuseleko lweNethiwekhi, kunye nolwakhiwo lokhuseleko lwedatha. Ngokuxhomekeke kubukhulu bombutho, kunokubakho ilungu elinye elijongene nesizinda ngasinye. Kungenjalo, umbutho usenokukhetha umphathi. Nokuba yeyiphi na indlela, imibutho kufuneka ichaze ukuba ngubani onoxanduva kwaye ibaxhobise ukuba benze izigqibo ezibalulekileyo zobuthunywa.
I-Network Risk Assessment luhlu olupheleleyo lweendlela apho uhlaselo olukhohlakeleyo lwangaphakathi okanye lwangaphandle okanye olungalunganga lungasetyenziselwa ukudibanisa izixhobo. Uvavanyo olubanzi luvumela umbutho ukuba uchaze umngcipheko kunye nokunciphisa ngolawulo lokhuseleko. Le mingcipheko inokuquka:
- Ukuqonda okunganelanga kweenkqubo okanye iinkqubo
- Iinkqubo ekunzima ukulinganisa amanqanaba omngcipheko
- Iinkqubo "ezidibeneyo" ezijongene nemingcipheko yoshishino kunye nobugcisa
Ukuphuhlisa uqikelelo olusebenzayo kufuna intsebenziswano phakathi kwe-IT kunye nabachaphazelekayo kushishino ukuqonda ububanzi bomngcipheko. Ukusebenza kunye nokudala inkqubo yokuqonda umfanekiso wengozi ebanzi kubaluleke kakhulu njengomngcipheko wokugqibela.
Zero Trust Architecture (ZTA)yiparadigm yokhuseleko lwenethiwekhi ethatha ukuba ezinye iindwendwe kuthungelwano ziyingozi kwaye zininzi iindawo zofikelelo ezinokukhuselwa ngokupheleleyo. Ngoko ke, khusela ngokufanelekileyo ii-asethi kwinethiwekhi kunokuba inethiwekhi ngokwayo. Njengoko idibaniswe nomsebenzisi, i-arhente ithatha isigqibo sokuba ivume isicelo ngasinye sokufikelela ngokusekelwe kwiprofayili yomngcipheko ebalwa ngokusekelwe kwindibaniselwano yeemeko zomxholo ezifana nesicelo, indawo, umsebenzisi, isixhobo, ixesha lexesha, uvakalelo lwedatha, njalo njalo. Njengoko igama lisitsho, i-ZTA luyilo, hayi imveliso. Awukwazi ukuyithenga, kodwa ungayiphuhlisa ngokusekelwe kwezinye zezinto zobuchwepheshe eziquletheyo.
Network Firewallyimveliso yokhuseleko ekhulileyo neyaziwayo enoluhlu lweempawu ezenzelwe ukuthintela ukufikelela ngokuthe ngqo kwizicelo zentlangano ezisingethweyo kunye neeseva zedatha. Iifirewall zenethiwekhi zibonelela ngokuguquguquka kuzo zombini iinethiwekhi zangaphakathi kunye nelifu. Kwilifu, kukho iminikelo ye-cloud-centric, kunye neendlela ezisetyenziswe ngababoneleli be-IaaS ukuphumeza ezinye zezakhono ezifanayo.
Secureweb Gatewayziye zavela ekuphuculeni i-bandwidth ye-Intanethi ekukhuseleni abasebenzisi kuhlaselo olubi olusuka kwi-Intanethi. Ukucoca i-URL, i-anti-virus, i-decryption kunye nokuhlolwa kweewebhusayithi ezifikeleleke kwi-HTTPS, ukuthintela ukuphulwa kwedatha (i-DLP), kunye neendlela ezilinganiselweyo ze-agent ye-cloud access security (CASB) ngoku ziyimpawu eziqhelekileyo.
Ukufikelela kudeithembele kancinci nangaphantsi kwi-VPN, kodwa ngakumbi nangakumbi kwi-zero-trust network access (ZTNA), eyenza ukuba abasebenzisi bafikelele kwizicelo zabo basebenzise iiprofayile zomxholo ngaphandle kokubonakala kwii-asethi.
IiNkqubo zoThintelo lokuNgena (IPS)thintela ubuthathaka obungafakwanga ekuhlaselweni ngokudibanisa izixhobo ze-IPS kwiiseva ezingafakwanga ukuze zibhaqe kwaye zithintele ukuhlaselwa. Izakhono ze-IPS ngoku zihlala zibandakanyiwe kwezinye iimveliso zokhuseleko, kodwa kusekho iimveliso ezizimeleyo. I-IPS iqala ukunyuka kwakhona njengoko ulawulo lwendalo lwamafu lubangenisa kancinci kwinkqubo.
Ulawulo loFikelelo lweNethiwekhiibonelela ngokubonakala kuso sonke isiqulatho esikuThungelwano kunye nolawulo lokufikelela kumgaqo-nkqubo weziseko zoNxibelelwano lweZiko. Imigaqo-nkqubo inokuchaza ukufikelela ngokusekelwe kwindima yomsebenzisi, ukuqinisekiswa, okanye ezinye izinto.
Ukucocwa kweDNS (iNkqubo yeGama leNdawo ecocekileyo)yinkonzo enikezelwe ngumthengisi esebenza njengesizinda segama lombutho ukukhusela abasebenzisi bokugqibela (kubandakanywa nabasebenzi abakude) ekufikeleleni kwiindawo ezingahlonelwayo.
DDoSmitigation (DDoS Mitigation)imida impembelelo eyonakalisayo yokuhanjiswa kokuhlaselwa kwenkonzo kwinethiwekhi. Imveliso ithatha iindlela ezininzi zokukhusela izibonelelo zenethiwekhi ngaphakathi kwe-firewall, ezo zifakwe phambi kwe-firewall yenethiwekhi, kunye nabangaphandle kwentlangano, njengamanethiwekhi ezibonelelo ezivela kubaboneleli benkonzo ye-Intanethi okanye ukuhanjiswa komxholo.
Ulawulo loMgaqo-nkqubo woKhuseleko lwenethiwekhi (NSPM)ibandakanya ukuhlalutya kunye nophicotho lokuphucula imigaqo elawula uKhuseleko lweNethiwekhi, kunye nokutshintsha ukuhamba komsebenzi wolawulo, uvavanyo lomgaqo, uvavanyo lokuthotyelwa, kunye nokubonwa. Isixhobo se-NSPM sinokusebenzisa imephu yenethiwekhi ebonakalayo ukubonisa zonke izixhobo kunye nemithetho yokufikelela kwi-firewall egubungela iindlela ezininzi zenethiwekhi.
I-Microsegmentationbubuchule obunqanda esele yenzekile uhlaselo lomsebenzi womnatha ukusuka ekushukumeni ngokuthe tye ukufikelela kwii-asethi ezibalulekileyo. Izixhobo ze-Microisolation zokhuseleko lwenethiwekhi ziwela kwiindidi ezintathu:
- Izixhobo ezisekelwe kuthungelwano ezibekwe kumaleko wothungelwano, rhoqo ngokudityaniswa nothungelwano oluchazwe ngesoftwe, ukukhusela ii-asethi eziqhagamshelwe kuthungelwano.
- Izixhobo ezisekelwe kwi-Hypervisor ziindlela zakudala zamacandelo ahlukeneyo ukuphucula ukubonakala kwe-opaque network traffic ehamba phakathi kwe-hypervisors.
- Izixhobo ezisekelwe kwi-arhente ezifakela ii-arhente kwiinginginya ezifuna ukwahlula kuthungelwano luphela; Isisombululo searhente yomkhosi sisebenza ngokulinganayo kumthwalo womsebenzi wamafu, umthwalo we-hypervisor, kunye neeseva zomzimba.
Khusela uMda weNkonzo yokuFikelela (SASE)sisikhokelo esivelayo esidibanisa amandla okhuseleko womnatha obanzi, afana ne-SWG, i-SD-WAN kunye ne-ZTNA, kunye nezakhono ze-WAN ezibanzi zokuxhasa iimfuno zoFikelelo oluKhuselekileyo lwemibutho. Ngaphezulu kwengqikelelo kunenkqubo-sikhokelo, i-SASE ijolise ekuboneleleni ngemodeli yenkonzo yokhuseleko emanyeneyo enikezela ukusebenza kuthungelwano ngendlela enokukaleka, ebhetyebhetye, nengenamva kwexesha elisezantsi.
Ukufunyanwa kweNethiwekhi kunye neMpendulo (NDR)ngokuqhubekayo uhlalutya i-traffic engenayo kunye nephumayo kunye ne-traffic logs ukurekhoda ukuziphatha okuqhelekileyo kweNethiwekhi, ngoko okungaqhelekanga kunokuchongwa kwaye kuvunywe kwimibutho. Ezi zixhobo zidibanisa ukufunda ngomatshini (ML), i-heuristics, uhlalutyo, kunye nokufumanisa okusekelwe kumthetho.
Izandiso zoKhuseleko lwe-DNSzizongezo kwiprotocol yeDNS kwaye ziyilelwe ukuqinisekisa iimpendulo zeDNS. Izibonelelo zokhuseleko ze-DNSSEC zifuna ukusayinwa kwedijithali kwedatha ye-DNS eqinisekisiweyo, inkqubo enzulu yeprosesa.
I-Firewall njengeNkonzo (FWaaS)yitekhnoloji entsha esondelelene ne-SWGS esekwe kwilifu. Umahluko kulwakhiwo, apho i-FWaaS iqhuba uqhagamshelo lwe-VPN phakathi kwee-endpoints kunye nezixhobo kumda womnatha, kunye ne-stack yokhuseleko efini. Inokuthi idibanise abasebenzisi bokugqibela kwiinkonzo zasekuhlaleni ngokusebenzisa i-tunnel ye-VPN. I-FWaaS ngoku ayiqhelekanga kakhulu kune-SWGS.
Ixesha lokuposa: Mar-23-2022