Kwicandelo lokukhuseleka kwenethiwekhi, inkqubo yokuchonga i-Inrusion (i-IDS) kunye nenkqubo yokuthintela i-IPRUSI (ips) idlala indima ephambili. Eli nqaku liziphonononge ngokunzulu iinkcazo zawo, iindima, umahluko kunye nemeko yesicelo.
Yintoni i-ID (inkqubo yokuchonga into)
Inkcazo ye-IDS
Inkqubo yokuchonga i-IntrUsion sisixhobo sokhuseleko esibeka iliso kwaye sihlalutya ithrafikhi yendlela yokuchonga imisebenzi enokubakho okanye uhlaselo. Ikhangela imiqondiso ehambelana nepateni eyaziwayo yokuhlawula ngokuhlola izithuthi zenethiwekhi, iingogs zenkqubo, kunye nolunye ulwazi olufanelekileyo.
Isebenza njani i-ID
I-IDS isebenza ikakhulu ngezi ndlela zilandelayo:
Ukufunyanwa kwesiginitsha: I-IDS isebenzisa utyikityo oluchazwe kwangaphambili lweepateni zohlaselo lokuthelekisa, ezifanayo neziskena zentsholongwane ukufumana iintsholongwane. I-IDS iphakamisa isilumkiso xa itrafikhi iqulathe amanqaku ahambelana nale ntetho.
I-Anomaly ifunyenwe: I-IDS ibeka iliso kwisiseko somsebenzi oqhelekileyo wenethiwekhi kwaye iphakamise izilumkiso xa ibona iipatheni ezahlukileyo ngokuziphatha okuqhelekileyo. Oku kunceda ekuchongeni uhlaselo olungaziwayo okanye lwe-novel.
Uhlalutyo lweProtocol: I-IDS ihlalutya ukusetyenziswa kweeprothokholi zenethiwekhi kwaye ifumanise indlela yokuziphatha engahambelani neeprotokholi ezisemgangathweni, ngaloo ndlela ukubonisa uhlaselo olunokwenzeka.
Iintlobo ze-ID
Kuxhomekeka ekubeni bathunyelwe phi, i-IDS inokwahlulwa ibe ziintlobo ezimbini eziphambili:
I-ID yenethiwekhi (i-Nids): Ithunyelwe kwinethiwekhi ukubeka iliso kuzo zonke izithuthi eziqukuqelayo kwinethiwekhi. Inokufumana zombini inethiwekhi kunye nenethiwekhi yokuhlaselwa kwenethiwekhi.
I-ID ye-HOS (HIDS): Ithunyelwe kumkhosi omnye wokubeka iliso kwinkqubo yenkqubo. Igxile kakhulu ekuboneni ukuhlaselwa komgangatho wethanga njenge-malware kunye nokuziphatha okungaqhelekanga.
Yintoni inkqubo yokuthintela i-IPS (i-Inrusion)?
Inkcazo ye-IPS
Iinkqubo zokuthintela intuthuzo zizixhobo zokhuseleko ezithatha amanyathelo asebenzayo ukumisa okanye ukukhusela ngokuchasene nokuhlaselwa okunokubakho emva kokubazifumana. Xa kuthelekiswa ne-ID, i-IPS ayisiyo isixhobo sokubeka esweni kwaye sikwazi ukuthandisa, kodwa ngesixhobo esinokuthi singenelelo ngenkuthalo kwaye sithintele izoyikiso ezinokubakho.
Isebenza njani i-IPS
I-IPS ikhusela inkqubo ngokuthintela i-ratict yezithuthi ezihamba kwinethiwekhi. Umgaqo wayo ophambili wokuSebenza ubandakanya:
Ukuthintela ukuhlaselwa kwendlela: Xa i-IPS ifumana itrafikhi enokubakho, inokuthatha amanyathelo ngokukhawuleza ukuthintela ezi trafiki ekuthengiseni inethiwekhi. Oku kunceda ukuthintela ukuqhubeka nokuhlaselwa kohlaselo.
Ukuseta kwakhona i-State StateI-IPS inokuseta kwakhona i-State State enxulumene nokuhlaselwa okunokubakho, ukunyanzela umhlaseli ukuba ahlaziye unxibelelwano kwaye ke ukuphazamisa uhlaselo.
Ukuguqula imithetho yomliloI-IPS inokuguqula inyathelo lemithetho ye-firewall ukuvimba okanye ivumele iintlobo ezithile zetrafikhi yokuziqhelanisa neemeko ezisoyikisayo zexesha lokwenyani.
Iindidi ze-Ips
Ifana ne-IDS, ips inokwahlulwa ibe ziintlobo ezimbini eziphambili:
I-IPS yeNethiwekhi (i-Nips): Ukwahlulwa kwinethiwekhi ukubeka iliso kwaye kukhusela ukuhlaselwa kuyo yonke inethiwekhi. Inokukhusela ngokuchasene nomsebenzi wenethiwekhi kunye nokuhlaselwa kweendlela zothutho.
I-ips ye-ips (Hips): Ithunyelwe kumamkeli omnye ukubonelela ngokhuseleko oluchanekileyo, ngokuyintloko yayisetyenziselwa ukuhlasela umnini-mbambano olunjenge-malware kunye nokuxhaphaza.
Yintoni umahluko phakathi kwenkqubo yokuchonga impahla (i-IDS) kunye nenkqubo yokuthintela i-Ips)?
Iindlela ezahlukeneyo zokusebenza
I-IDS yinkqubo yokuhlola eyahlukileyo, ikakhulu isetyenziselwa ukufumanisa kunye ne-alamu. Ngokwahlukileyo, ips isebenza kwaye iyakwazi ukuthatha amanyathelo okuzikhusela ngokuchasene nokuhlaselwa okunokubakho.
Umngcipheko kunye nefuthe lokuthelekisa
Ngenxa yobume bezazisi, inokuphoswa okanye iposti ebubuxoki, ngelixa ukuzikhusela kwe-Ips kunokukhokelela kumlilo onobuhlobo. Kukho isidingo sokulinganisa umngcipheko kunye nokusebenza xa usebenzisa zombini iinkqubo.
Ukuhanjiswa kunye neyantlukwano yoqwalaselo
I-IDS ihlala iguquka kwaye inokuthunyelwa kwiindawo ezahlukeneyo kwinethiwekhi. Ngokwahlukileyo, ukuhanjiswa kunye nokucwangciswa kwe-IPS kufuna ukucwangciswa ngononophelo ngakumbi ukunqanda ukuphazamiseka kwendlela eqhelekileyo.
Ukusetyenziswa okuDibeneyo kwe-IDS kunye ne-IPS
I-IDS kunye ne-IPS nganye nganye, kunye nokubeka iliso kwi-ID kunye nokubonelela ngezilumkiso kunye ne-IPS ukuthatha amanyathelo okhuseleko xa kufuneka. Ukudityaniswa kwazo kunokwenza umgca wokhuselo lwenethiwekhi ebanzi.
Kubalulekile ukuhlaziya rhoqo imithetho, ukusayina, kunye nengqondo yobukrelekrele bee-ID kunye ne-IPS. Izisongelo ze-cyber zihlala zivela rhoqo, kwaye ngokuhlaziywa ngexesha elifanelekileyo kunokuphucula amandla enkqubo yokuchonga izoyikiso ezintsha.
Kubaluleke kakhulu ukumisela imigaqo ye-IDS kunye ne-IPS ukuya kwindalo ethile kunye neemfuno zombutho. Ngokwenza imigaqo, ukuchaneka kwale nkqubo kunokuphuculwa kwaye i-postals yobuxoki kunye nokulimala ngobuhlobo kunokuncitshiswa.
I-IDS kunye ne-IPS kufuneka zikwazi ukuphendula kwizisongelo zexesha lokwenyani. Impendulo ekhawulezayo nechanekileyo inceda ukuthintela abathathi-nxaxheba ukuba bangabangeli monakalo ngakumbi kwinethiwekhi.
Ukuqhubeka nokubekwa kweliso kwindlela yenethiwekhi kunye nokuqonda kweepateni eziqhelekileyo zendlela kunokunceda ukuphucula amandla e-anomaly kunye nee-ID ze-ID kwaye kunciphise ukubakho kweposi yobuxoki.
Fumana ilungeloIpakethi yenethiwekhi yenethiwekhiukusebenza kunye ne-ID yakho (inkqubo yokuchonga)
Fumana ilungeloI-Inline Bypass itshintshiweUkusebenza ngenkqubo yakho ye-IPs
IXESHA LOKUQALA: USep-26 ukuya ku-2624
