Umthengisi wePakethi yeNethiwekhiIzixhobo ziqhuba i-network traffic ukuze ezinye izixhobo zokubeka esweni, ezifana nezo zinikezelwe ekubekeni esweni ukusebenza kweNetwork kunye nokubeka esweni okunxulumene nokhuseleko, zikwazi ukusebenza kakuhle. Iimpawu ziquka ukuhluzwa kwepakethi ukuchonga amanqanaba omngcipheko, imithwalo yepakethi, kunye nokufakwa kwesitampu sexesha esisekelwe kwihardware.
Umyili woKhuseleko lweNethiwekhiibhekisa kwiseti yemisebenzi enxulumene noyilo lokhuseleko lwelifu, uyilo lokhuseleko lwenethiwekhi, kunye noyilo lokhuseleko lwedatha. Ngokuxhomekeke kubukhulu bombutho, kunokubakho ilungu elinye elinoxanduva lwedomeyini nganye. Kungenjalo, umbutho unokukhetha umphathi. Nokuba yeyiphi na indlela, imibutho kufuneka ichaze ukuba ngubani onoxanduva kwaye iwanike amandla okwenza izigqibo ezibalulekileyo.
Uvavanyo loMngcipheko weNethiwekhi luluhlu olupheleleyo lweendlela ezinokuthi zisetyenziswe ngazo uhlaselo lwangaphakathi okanye lwangaphandle olunobungozi okanye olungalunganga ukuqhagamshela izixhobo. Uvavanyo olupheleleyo luvumela umbutho ukuba uchaze iingozi kwaye uzinciphise ngolawulo lokhuseleko. Ezi ngozi zingabandakanya:
- Ukungaqondi kakuhle iinkqubo okanye iinkqubo
- Iinkqubo ezinzima ukulinganisa amanqanaba omngcipheko
- Iinkqubo "ezixutyiweyo" ezijongene neengozi zoshishino nezobuchwephesha
Ukuphuhlisa uqikelelo olusebenzayo kufuna intsebenziswano phakathi kwe-IT kunye nabachaphazelekayo kwezoshishino ukuze kuqondwe ububanzi bomngcipheko. Ukusebenza kunye nokudala inkqubo yokuqonda umfanekiso obanzi womngcipheko kubaluleke kakhulu njengomngcipheko wokugqibela.
Uyilo lweZero Trust (ZTA)yinkqubo yokhuseleko lwenethiwekhi ecinga ukuba abanye abatyeleli kwinethiwekhi bayingozi kwaye kukho iindawo ezininzi zokufikelela ezikhuselekileyo ngokupheleleyo. Ke ngoko, khusela ngokufanelekileyo izinto ezikwinethiwekhi endaweni yenethiwekhi ngokwayo. Njengoko inxulunyaniswa nomsebenzisi, iarhente igqiba ekubeni iya kuvuma na isicelo ngasinye sokufikelela ngokusekelwe kwiprofayili yomngcipheko ebalwe ngokusekelwe kudibaniso lwezinto ezikwimeko ezifana nesicelo, indawo, umsebenzisi, isixhobo, ixesha, uvakalelo lwedatha, njalo njalo. Njengoko igama lisitsho, i-ZTA luyilo, ayilomveliso. Awunakukwazi ukuyithenga, kodwa ungayiphuhlisa ngokusekelwe kwezinye zezinto zobugcisa ezikuyo.
Umlilo weNethiwekhiyimveliso yokhuseleko ekhulileyo neyaziwayo enoluhlu lweempawu ezenzelwe ukuthintela ukufikelela ngokuthe ngqo kwizicelo zemibutho ezihonjisiweyo kunye neeseva zedatha. Iifirewall zenethiwekhi zibonelela ngokuguquguquka kwiinethiwekhi zangaphakathi kunye nelifu. Kwilifu, kukho izibonelelo ezigxile kwilifu, kunye neendlela ezisetyenziswa ngababoneleli be-IaaS ukuphumeza ezinye zezakhono ezifanayo.
Isango leSecurewebziye zavela ekuphuculeni i-bandwidth ye-intanethi ukuya ekukhuseleni abasebenzisi kwiintlaselo ezinobungozi ezivela kwi-intanethi. Ukucoca ii-URL, ukulwa neentsholongwane, ukucima ukubethela kunye nokuhlolwa kweewebhusayithi ezifikelelwe nge-HTTPS, ukuthintela ukwaphulwa kwedatha (i-DLP), kunye neendlela ezilinganiselweyo zearhente yokhuseleko lokufikelela kwilifu (i-CASB) ngoku ziimpawu eziqhelekileyo.
Ukufikelela KudeIxhomekeke kancinci kwi-VPN, kodwa ixhomekeke ngakumbi kwi-zero-trust network access (ZTNA), evumela abasebenzisi ukuba bafikelele kwizicelo zomntu ngamnye besebenzisa iiprofayili zomxholo ngaphandle kokubonwa ziiasethi.
Iinkqubo zoThintelo lokungena (IPS)thintela ubuthathaka obungafakwanga kwi-intanethi ukuba buhlaselwe ngokudibanisa izixhobo ze-IPS kwiiseva ezingafakwanga kwi-intanethi ukuze kubonwe kwaye kuthintelwe ukuhlaselwa. Amandla e-IPS ngoku adla ngokubandakanywa kwezinye iimveliso zokhuseleko, kodwa kusekho iimveliso ezizimeleyo. I-IPS iqala ukunyuka kwakhona njengoko ulawulo lwendalo lwamafu lubangenisa kancinci kwinkqubo.
Ulawulo lokufikelela kwiNethiwekhiIbonelela ngokubonakala kwayo yonke imixholo kwiNethiwekhi kunye nolawulo lokufikelela kwiziseko zeNethiwekhi yenkampani ezisekelwe kwimigaqo-nkqubo. Imigaqo-nkqubo ingachaza ukufikelela ngokusekelwe kwindima yomsebenzisi, ukuqinisekiswa, okanye ezinye izinto.
Ukucocwa kwe-DNS (Inkqubo yegama leDomain elicocekileyo)yinkonzo enikezelwa ngumthengisi esebenza njengeNkqubo yegama lesizinda senkampani ukuthintela abasebenzisi bokugqibela (kuquka abasebenzi abakude) ekufikeleleni kwiindawo ezingaziwayo.
Ukunciphisa i-DDoS (Ukunciphisa i-DDoS)ithintela impembelelo etshabalalisayo yokuhlaselwa kweenkonzo ezisasazwayo kwinethiwekhi. Le mveliso isebenzisa indlela enamanqanaba amaninzi yokukhusela izixhobo zenethiwekhi ngaphakathi kwe-firewall, ezo zibekwe phambi kwe-firewall yenethiwekhi, kunye nezo zingaphandle kombutho, ezifana neenethiwekhi zezixhobo ezivela kubaboneleli beenkonzo ze-intanethi okanye ukuhanjiswa komxholo.
Ulawulo lweMigaqo-nkqubo yoKhuseleko lweNethiwekhi (NSPM)kubandakanya uhlalutyo kunye nophicotho-zincwadi ukuze kuphuculwe imithetho elawula uKhuseleko lweNethiwekhi, kunye neendlela zokusebenza zolawulo lotshintsho, uvavanyo lwemithetho, uvavanyo lokuthobela imithetho, kunye nokubona. Isixhobo se-NSPM singasebenzisa imephu yenethiwekhi ebonakalayo ukubonisa zonke izixhobo kunye nemithetho yokufikelela kwi-firewall egubungela iindlela ezininzi zenethiwekhi.
Ukwahlulwahlulwa kweentlobo ngeentloboyindlela ethintela uhlaselo lwenethiwekhi esele lwenzeka ukuba luhambe ngokuthe tye ukuya kufikelela kwizinto ezibalulekileyo. Izixhobo ze-microisolation zokhuseleko lwenethiwekhi zahlulwe zibe ziindidi ezintathu:
- Izixhobo ezisekelwe kwinethiwekhi ezisetyenziswa kumaleko wenethiwekhi, rhoqo kunye neenethiwekhi ezichazwe kwisoftware, ukukhusela izinto ezidityaniswe kwinethiwekhi.
- Izixhobo ezisekelwe kwi-hypervisor ziindlela zokuqala zamacandelo ahlukeneyo ukuphucula ukubonakala kwethrafikhi yenethiwekhi engacacanga ehamba phakathi kwee-hypervisors.
- Izixhobo ezisekelwe kwi-host agent ezifakela ii-agents kwi-hosts abafuna ukuzihlukanisa nenethiwekhi yonke; Isisombululo se-host agent sisebenza kakuhle ngokufanayo kwi-cloud loadloads, i-hypervisor loadloads, kunye nee-physical servers.
Umda weNkonzo yoFikelelo oluKhuselekileyo (SASE)sisikhokelo esitsha esidibanisa amandla okhuseleko lwenethiwekhi apheleleyo, njenge-SWG, i-SD-WAN kunye ne-ZTNA, kunye nobuchule be-WAN obupheleleyo ukuxhasa iimfuno ze-Secure Access zemibutho. Ingaphezulu kwengcamango kunokuba yisakhelo, i-SASE ijolise ekuboneleleni ngemodeli yenkonzo yokhuseleko edibeneyo enikezela ukusebenza kwiinethiwekhi ngendlela ekwaziyo ukulinganiswa, ukuguquguquka, kunye nokubambezeleka okuphantsi.
Ukufunyanwa kweNethiwekhi kunye neMpendulo (NDR)ihlaziya rhoqo iirekhodi zethrafikhi ezingenayo neziphumayo kunye neerekhodi zethrafikhi ukuze irekhode indlela yokuziphatha eqhelekileyo yeNethiwekhi, ukuze izinto ezingaqhelekanga zichongwe kwaye ziqwalaselwe kwimibutho. Ezi zixhobo zidibanisa ukufunda koomatshini (ML), ubuchwephesha bezinto ezisetyenzisiweyo, uhlalutyo, kunye nokuchonga okusekelwe kwimithetho.
Ulwandiso loKhuseleko lwe-DNSzizongezo kwiprotokholi ye-DNS kwaye zenzelwe ukuqinisekisa iimpendulo ze-DNS. Iingenelo zokhuseleko ze-DNSSEC zifuna ukusayinwa kwedijithali kwedatha ye-DNS eqinisekisiweyo, inkqubo edinga iprosesa eninzi.
Umlilo njengeNkonzo (FWaaS)yiteknoloji entsha enxulumene kakhulu ne-SWGS esekwe kwilifu. Umahluko ukwindlela yokwakha, apho i-FWaaS idlula kunxibelelwano lwe-VPN phakathi kwee-endpoints kunye nezixhobo ezikumda wenethiwekhi, kunye ne-security stack efini. Ingadibanisa abasebenzisi bokugqibela neenkonzo zasekuhlaleni ngee-VPN tunnels. I-FWaaS okwangoku ayixhaphakanga kangako kune-SWGS.
Ixesha lokuthumela: Matshi-23-2022
