Kwintsimi yokhuseleko lwenethiwekhi, iNkqubo yokuHlola i-Intrusion (IDS) kunye neNkqubo yokuThintela ukungena (IPS) idlala indima ebalulekileyo. Eli nqaku liza kuphonononga ngokunzulu iinkcazo zabo, iindima, umahluko, kunye neemeko zesicelo.
Yintoni i-IDS(Inkqubo Yokuchongwa Kwangethuba)?
Inkcazo ye-IDS
I-Intrusion Detection System sisixhobo sokhuseleko esibeka iliso kwaye sihlalutye i-traffic yenethiwekhi ukuchonga imisebenzi enobungozi okanye ukuhlaselwa. Ikhangela imisayino ehambelana neepateni zohlaselo ezaziwayo ngokuphonononga itrafikhi yenethiwekhi, iilogi zenkqubo, kunye nolunye ulwazi olufanelekileyo.
Isebenza njani i-IDS
I-IDS isebenza ikakhulu ngezi ndlela zilandelayo:
Ukufunyanwa kweSiginitsha: I-IDS isebenzisa isiginitsha esele ichaziwe yeepatheni zohlaselo ukuze zihambelane, zifana nezikena zentsholongwane zokukhangela iintsholongwane. I-IDS iphakamisa isilumkiso xa itrafikhi iqulethe iimpawu ezihambelana nale misayino.
Ukufunyaniswa okungaqhelekanga: I-IDS ibeka iliso kwisiseko somsebenzi womnatha oqhelekileyo kwaye iphakamisa izilumkiso xa ibona iipatheni ezihluke kakhulu kwindlela yokuziphatha eqhelekileyo. Oku kunceda ukuchonga uhlaselo olungaziwayo okanye olunoveli.
Uhlalutyo lweProtocol: I-IDS ihlalutya ukusetyenziswa kweeprothokholi zenethiwekhi kwaye ibone ukuziphatha okungahambelaniyo nemigaqo emiselweyo, ngaloo ndlela ichonge uhlaselo olunokwenzeka.
Iintlobo ze-IDS
Ngokuxhomekeke apho zibekwe khona, i-IDS inokohlulwa ibe ziindidi ezimbini eziphambili:
I-IDS yothungelwano (NIDS): Ifakwe kuthungelwano ukujonga zonke iitrafikhi ezihamba ngenethiwekhi. Iyakwazi ukubona zombini uhlaselo lwenethiwekhi kunye nothutho.
I-IDS yomamkeli (HIDS): Isasazwe kwinginginya enye ukujonga umsebenzi wenkqubo kuloo mamkeli. Ijolise ngakumbi ekufumaneni uhlaselo lwenqanaba lomkhosi olufana ne-malware kunye nokuziphatha okungaqhelekanga komsebenzisi.
Yintoni i-IPS(Inkqubo yoThintelo lokuNgena)?
Inkcazo ye-IPS
IiNkqubo zoThintelo lwe-Intrusion zizixhobo zokhuseleko ezithatha amanyathelo asebenzayo ukumisa okanye ukukhusela kuhlaselo olunokwenzeka emva kokuba lubhaqiwe. Xa kuthelekiswa ne-IDS, i-IPS ayisosixhobo sokubeka iliso kunye nokulumkisa kuphela, kodwa sisixhobo esinokungenelela ngokusebenzayo kwaye sithintele izisongelo ezinokubakho.
Isebenza njani i-IPS
I-IPS ikhusela inkqubo ngokuthintela ngokusebenzayo itrafikhi eyingozi ehamba kwinethiwekhi. Umgaqo wayo ophambili wokusebenza ubandakanya:
Ukuthintela ukuhlaselwa kweTrafikhi: Xa i-IPS ibona i-traffic enokuthi ihlasele, inokuthatha amanyathelo akhawulezayo ukukhusela ezi zithuthi ekungeneni kwinethiwekhi. Oku kunceda ukuthintela ukwanda ngakumbi kohlaselo.
Ukusetha kwakhona i-State Connection State: I-IPS inokusetha kwakhona imeko yoxhulumaniso ehambelana nokuhlaselwa okunokwenzeka, ukunyanzela umhlaseli ukuba aphinde amise uxhulumaniso kwaye ngaloo ndlela aphazamise uhlaselo.
Ukulungiswa kweMithetho yeFirewall: IPS inokuguqula ngokuguquguqukayo imigaqo yomlilo ukuvimba okanye ukuvumela iintlobo ezithile zetrafikhi ukuba ziqhelanise neemeko zezoyikiso zexesha lokwenyani.
Iintlobo ze-IPS
Ngokufanayo ne-IDS, i-IPS inokohlulwa ibe ziindidi ezimbini eziphambili:
Inethiwekhi ye-IPS (NIPS): Ifakwe kwinethiwekhi ukujonga nokukhusela kuhlaselo kuyo yonke inethiwekhi. Iyakwazi ukukhusela kwi-network layer kunye nokuhlaselwa kwe-transport layer.
Umamkeli IPS (HIPS): Isasazwe kumkhosi omnye ukubonelela ngokhuseleko oluchanekileyo, olusetyenziswa ikakhulu ukugada kuhlaselo lwenqanaba lomkhosi olufana ne-malware kunye nokuxhaphaza.
Uthini umahluko phakathi kweNkqubo yokuFumana ukuNgenelela (IDS) kunye neNkqubo yoThintelo lokuNgena (IPS)?
Iindlela ezahlukeneyo zokuSebenza
I-IDS yinkqubo yokubeka iliso engasebenziyo, esetyenziswa ikakhulu ukukhangela kunye ne-alam. Ngokwahlukileyo, i-IPS iyasebenza kwaye iyakwazi ukuthatha amanyathelo okukhusela kuhlaselo olunokwenzeka.
Umngcipheko kunye nothelekiso lwesiphumo
Ngenxa yobume be-IDS, inokuphosakela okanye i-positives yobuxoki, ngelixa ukukhusela okusebenzayo kwe-IPS kunokukhokelela kumlilo wobuhlobo. Kukho imfuneko yokulinganisa umngcipheko kunye nokusebenza kakuhle xa usebenzisa zombini iinkqubo.
Ukusasazwa kunye noMahluko woLungiso
I-IDS idla ngokuguquguquka kwaye inokubekwa kwiindawo ezahlukeneyo kuthungelwano. Ngokwahlukileyo, ukuthunyelwa kunye nokucwangciswa kwe-IPS kufuna ukucwangciswa okucokisekileyo ukuphepha ukuphazamiseka kwi-traffic eqhelekileyo.
Ukusetyenziswa okuDityanisiweyo kwe-IDS kunye ne-IPS
I-IDS kunye ne-IPS ziyancedisana, ngokubeka iliso kwe-IDS kunye nokubonelela ngezilumkiso kunye ne-IPS ethatha amanyathelo okuzikhusela xa kuyimfuneko. Indibaniselwano yazo inokwenza umgca wokhuseleko wenethiwekhi obanzi ngakumbi.
Kubalulekile ukuhlaziya rhoqo imithetho, utyikityo, kunye nobukrelekrele bezoyikiso ze-IDS kunye ne-IPS. Izisongelo zeCyber zihlala zivela, kwaye uhlaziyo lwangexesha lunokuphucula amandla enkqubo ukuchonga izoyikiso ezintsha.
Kubalulekile ukulungelelanisa imithetho ye-IDS kunye ne-IPS kwindawo ethile yenethiwekhi kunye neemfuno zombutho. Ngokwenza ngokwezifiso imigaqo, ukuchaneka kwenkqubo kunokuphuculwa kwaye ukuchaneka kobuxoki kunye nokulimala kobuhlobo kunokunciphisa.
I-IDS kunye ne-IPS kufuneka zikwazi ukuphendula kwiingozi ezinokubakho ngexesha lokwenyani. Impendulo ekhawulezayo nechanekileyo inceda ukuthintela abahlaseli ukuba babangele umonakalo omkhulu kwinethiwekhi.
Ukubeka iliso okuqhubekayo kwi-traffic yenethiwekhi kunye nokuqonda iipatheni eziqhelekileyo zetrafikhi kunokunceda ukuphucula ukukwazi ukufumanisa i-IDS kunye nokunciphisa ukuba nokwenzeka kobuxoki.
Fumana okulungileyoNetwork Packet Brokerukusebenza ngeIDS yakho (Intrusion Detection System)
Fumana okulungileyoI-Inline Bypass Tap Tshintshaukusebenza nge-IPS yakho (iNkqubo yoThintelo lokuNgena)
Ixesha lokuposa: Sep-26-2024
