Kwinkalo yokhuseleko lwenethiwekhi, inkqubo yokufumanisa ukungena (IDS) kunye nenkqubo yokuthintela ukungena (IPS) idlala indima ebalulekileyo. Eli nqaku liza kuphonononga ngokunzulu iinkcazo zabo, iindima, umahluko, kunye neemeko zesicelo.
Yintoni i-IDS(Inkqubo Yokuchongwa Kwangethuba)?
Inkcazo ye-IDS
Inkqubo yokufumanisa i-Intrusion sisixhobo sokhuseleko esibeka esweni kwaye sihlalutye itrafikhi yenethiwekhi ukuchonga imisebenzi enobungozi okanye uhlaselo olunokwenzeka. Ikhangela imisayino ehambelana neepateni zohlaselo ezaziwayo ngokuphonononga itrafikhi yenethiwekhi, iilogi zenkqubo, kunye nolunye ulwazi olufanelekileyo.
Isebenza njani i-IDS
I-IDS isebenza ikakhulu ngezi ndlela zilandelayo:
Ukufunyanwa kweSiginitsha: I-IDS isebenzisa isiginitsha esele ichaziwe yeepatheni zohlaselo ukuze zihambelane, zifana nezikena zentsholongwane zokukhangela iintsholongwane. I-IDS iphakamisa isilumkiso xa itrafikhi iqulethe iimpawu ezihambelana nale misayino.
Ukufunyaniswa okungaqhelekanga: I-IDS ibeka iliso kwisiseko somsebenzi wenethiwekhi yesiqhelo kwaye iphakamisa izilumkiso xa ibona iipatheni ezihluke kakhulu kwindlela yokuziphatha eqhelekileyo. Oku kunceda ukuchonga uhlaselo olungaziwayo okanye olunoveli.
Uhlalutyo lweProtocol: I-IDS ihlalutya ukusetyenziswa kweeprothokholi zenethiwekhi kwaye ibone ukuziphatha okungahambelaniyo nemigaqo emiselweyo, ngaloo ndlela ichonge uhlaselo olunokwenzeka.
Iintlobo ze-IDS
Ngokuxhomekeke apho zibekwe khona, i-IDS inokohlulwa ibe ziindidi ezimbini eziphambili:
I-IDS yothungelwano (NIDS): Ifakwe kuthungelwano ukujonga zonke iitrafikhi ezihamba ngenethiwekhi. Iyakwazi ukubona zombini uhlaselo lwenethiwekhi kunye nothutho.
I-IDS yomamkeli (HIDS): Isasazwe kwinginginya enye ukujonga umsebenzi wenkqubo kuloo mamkeli. Ijolise ngakumbi ekufumaneni uhlaselo lwenqanaba lomkhosi olufana ne-malware kunye nokuziphatha okungaqhelekanga komsebenzisi.
Yintoni i-IPS(Inkqubo yoThintelo lokuNgena)?
Inkcazo ye-IPS
Iinkqubo zokuthintela ukungena zizixhobo zokhuseleko ezithatha amanyathelo asebenzayo ukumisa okanye ukukhusela kuhlaselo olunokwenzeka emva kokuba lubhaqiwe. Xa kuthelekiswa ne-IDS, i-IPS ayisosixhobo sokubeka iliso kunye nokulumkisa kuphela, kodwa sisixhobo esinokungenelela ngokusebenzayo kwaye sithintele izisongelo ezinokubakho.
Isebenza njani i-IPS
I-IPS ikhusela inkqubo ngokuthintela ngokusebenzayo itrafikhi eyingozi ehamba kwinethiwekhi. Umgaqo wayo ophambili wokusebenza ubandakanya:
Ukuthintela ukuhlaselwa kweTrafikhi: Xa i-IPS ibona i-traffic enokuthi ihlasele, inokuthatha amanyathelo akhawulezayo ukukhusela ezi zithuthi ekungeneni kwinethiwekhi. Oku kunceda ukuthintela ukwanda ngakumbi kohlaselo.
Ukuseta kwakhona i-State Connection State: I-IPS inokusetha kwakhona imeko yoxhulumaniso ehambelana nokuhlaselwa okunokwenzeka, ukunyanzela umhlaseli ukuba aphinde amise uxhulumaniso kwaye ngaloo ndlela aphazamise uhlaselo.
Ukulungiswa kweMithetho yeFirewall: IPS inokuguqula ngokuguquguqukayo imigaqo yomlilo ukuvimba okanye ukuvumela iintlobo ezithile zetrafikhi ukuba ziqhelanise neemeko zezoyikiso zexesha lokwenyani.
Iintlobo ze-IPS
Ngokufanayo ne-IDS, i-IPS inokohlulwa ibe ziindidi ezimbini eziphambili:
Inethiwekhi ye-IPS (NIPS): Ifakwe kwinethiwekhi ukujonga nokukhusela kuhlaselo kuyo yonke inethiwekhi. Iyakwazi ukukhusela kwi-network layer kunye nokuhlaselwa kwe-transport layer.
Umamkeli IPS (HIPS): Isasazwe kumkhosi omnye ukubonelela ngokhuseleko oluchanekileyo, olusetyenziswa ikakhulu ukugada kuhlaselo lwenqanaba lomkhosi olufana ne-malware kunye nokuxhaphaza.
Uthini umahluko phakathi kweNkqubo yokuFumana ukuNgenelela (IDS) kunye neNkqubo yoThintelo lokuNgena (IPS)?
Iindlela ezahlukeneyo zokuSebenza
I-IDS yinkqubo yokubeka iliso engasebenziyo, esetyenziswa ikakhulu ukukhangela kunye ne-alam. Ngokwahlukileyo, i-IPS iyasebenza kwaye iyakwazi ukuthatha amanyathelo okukhusela kuhlaselo olunokwenzeka.
Umngcipheko kunye nothelekiso lwesiphumo
Ngenxa yobume be-IDS, inokuphosakela okanye i-positives yobuxoki, ngelixa ukukhusela okusebenzayo kwe-IPS kunokukhokelela kumlilo wobuhlobo. Kukho imfuneko yokulinganisa umngcipheko kunye nokusebenza kakuhle xa usebenzisa zombini iinkqubo.
Ukusasazwa kunye noMahluko woLungiso
I-IDS idla ngokuguquguquka kwaye inokubekwa kwiindawo ezahlukeneyo kuthungelwano. Ngokwahlukileyo, ukuthunyelwa kunye nokucwangciswa kwe-IPS kufuna ukucwangciswa okucokisekileyo ukuphepha ukuphazamiseka kwi-traffic eqhelekileyo.
Ukusetyenziswa okuDityanisiweyo kwe-IDS kunye ne-IPS
I-IDS kunye ne-IPS ziyancedisana, ngokubeka iliso kwe-IDS kunye nokubonelela ngezilumkiso kunye ne-IPS ethatha amanyathelo okuzikhusela xa kuyimfuneko. Indibaniselwano yazo inokwenza umgca wokhuseleko wenethiwekhi obanzi ngakumbi.
Kubalulekile ukuhlaziya rhoqo imithetho, utyikityo, kunye nobukrelekrele bezoyikiso ze-IDS kunye ne-IPS. Izisongelo zeCyber zihlala zivela, kwaye uhlaziyo lwangexesha lunokuphucula amandla enkqubo ukuchonga izoyikiso ezintsha.
Kubalulekile ukulungelelanisa imithetho ye-IDS kunye ne-IPS kwindawo ethile yenethiwekhi kunye neemfuno zombutho. Ngokwenza ngokwezifiso imigaqo, ukuchaneka kwenkqubo kunokuphuculwa kwaye ukuchaneka kobuxoki kunye nokulimala kobuhlobo kunokunciphisa.
I-IDS kunye ne-IPS kufuneka zikwazi ukuphendula kwiingozi ezinokubakho ngexesha lokwenyani. Impendulo ekhawulezayo nechanekileyo inceda ukuthintela abahlaseli ukuba babangele umonakalo omkhulu kwinethiwekhi.
Ukubeka iliso okuqhubekayo kwi-traffic yenethiwekhi kunye nokuqonda iipatheni eziqhelekileyo zetrafikhi kunokunceda ukuphucula ukukwazi ukufumanisa ukungahambi kakuhle kwe-IDS kunye nokunciphisa ukuba nokwenzeka kwezinto zobuxoki.
Fumana okulungileyoNetwork Packet Brokerukusebenza ngeIDS yakho (Intrusion Detection System)
Fumana okulungileyoI-Inline Bypass Tap Tshintshaukusebenza nge-IPS yakho (iNkqubo yoThintelo lokuNgena)
Ixesha lokuposa: Sep-26-2024
