Kwixesha lanamhlanje ledijithali, ukhuseleko lwenethiwekhi lube ngumba obalulekileyo ekufuneka amashishini kunye nabantu ngabanye bajongane nawo. Ngokuziphendukela kwemvelo okuqhubekayo kohlaselo lwenethiwekhi, amanyathelo okhuseleko lwendabuko aye ayanelanga. Kulo mongo, i-Intrusion Detection System (IDS) kunye ne-Intrusion Prevention system (IPS) ivela njengoko i-Times ifuna, kwaye ibe ngabagcini ababini abakhulu kwintsimi yokhuseleko lwenethiwekhi. Zisenokubonakala zifana, kodwa zahluke kakhulu ekusebenzeni nasekusetyenzisweni. Eli nqaku lithatha ukuntywila nzulu kumahluko phakathi kwe-IDS kunye ne-IPS, kwaye libajongela phantsi aba bagcini babini bokhuseleko lwenethiwekhi.
I-IDS: Uvavanyo loKhuseleko lweNethiwekhi
1. IiNgcebiso eziSisiseko ze-IDS ye-Intrusion Detection System (IDS)sisixhobo sokhuseleko sothungelwano okanye usetyenziso lwesoftware eyilelwe ukujonga itrafikhi yothungelwano kwaye ibone imisebenzi eyingozi enokwenzeka okanye ulwaphulo-mthetho. Ngokuhlalutya iipakethi zenethiwekhi, iifayile zelog kunye nolunye ulwazi, i-IDS ichonga i-traffic engaqhelekanga kwaye ilumkisa abalawuli ukuba bathathe amanyathelo ahambelanayo. Cinga nge-IDS njenge-scout eqapheleyo ejonga yonke intshukumo kwinethiwekhi. Xa kukho ukuziphatha okukrokrisayo kwinethiwekhi, i-IDS iya kuba sisihlandlo sokuqala ukubhaqa kunye nokukhupha isilumkiso, kodwa ayiyi kuthatha isenzo esisebenzayo. Umsebenzi walo "kukufumana iingxaki," kungekhona "ukuzicombulula."
2. Isebenza njani i-IDS Indlela i-IDS esebenza ngayo ixhomekeke ikakhulu kwezi ndlela zilandelayo:
Ukufunyanwa komsayino:I-IDS inesiseko sedatha esikhulu semisayino equlethe iisignesha zohlaselo olwaziwayo. I-IDS iphakamisa isilumkiso xa itrafikhi yenethiwekhi ihambelana nesiginitsha kwisiseko sedatha. Oku kufana namapolisa asebenzisa uvimba weenkcukacha zeminwe ukuchonga abarhanelwa, ngempumelelo kodwa exhomekeke kulwazi olwaziwayo.
Ukufunyaniswa okungaqhelekanga:I-IDS ifunda iipatheni zokuziphatha eziqhelekileyo zothungelwano, kwaye yakuba ifumene itrafikhi ephambukayo kwipatheni eqhelekileyo, iyiphatha njengesongelo esinokubakho. Umzekelo, ukuba ikhompyuter yomqeshwa ithumela ngequbuliso inani elikhulu ledatha ebusuku, i-IDS inokubonisa ukuziphatha okungaqhelekanga. Oku kufana nonogada onamava noqheleneyo nemisebenzi yemihla ngemihla yasekuhlaleni yaye uya kuhlala ephaphile xa kubhaqwe izinto ezingaqhelekanga.
Uhlalutyo lweProtocol:I-IDS iya kuqhuba uhlalutyo olunzulu lweeprothokholi zothungelwano ukubona ukuba kukho ukuphulwa okanye ukusetyenziswa kweprotocol engaqhelekanga. Umzekelo, ukuba ifomathi yeprotocol yepakethi ethile ayihambelani nomgangatho, i-IDS inokuyithatha njengohlaselo olunokwenzeka.
3. Izinto eziluncedo nezingeloncedo
I-IDS eluncedo:
Ukujongwa ngexesha lokwenyani:I-IDS inokubeka iliso kwitrafikhi yenethiwekhi ngexesha lokwenyani ukufumana izoyikiso zokhuseleko ngexesha. Njengomlindi ongalaliyo, soloko ugada ukhuseleko lwenethiwekhi.
Ukuba bhetyebhetye:I-IDS inokuthunyelwa kwiindawo ezahlukeneyo zenethiwekhi, njengemida, uthungelwano lwangaphakathi, njl., Ukubonelela ngamanqanaba amaninzi okukhusela. Nokuba luhlaselo lwangaphandle okanye isoyikiso sangaphakathi, i-IDS inokuyibona.
Ukuloga ngesiganeko:I-IDS inokurekhoda iinkcukacha zemisebenzi yenethiwekhi yohlalutyo emva kokufa kunye ne-forensics. Kufana nombhali othembekileyo ogcina ingxelo yazo zonke iinkcukacha kwinethiwekhi.
Iingxaki ze-IDS:
Izinga eliphezulu lobuxoki:Kuba i-IDS ixhomekeke kutyikityo kunye nokubhaqwa okungaqhelekanga, kuyenzeka ukuba ungajongi ngendlela engeyiyo itrafikhi eqhelekileyo njengomsebenzi okhohlakeleyo, okhokelela kwizinto ezingeyonyani. Njengomgcini wokhuseleko oluluqilima onokuthi umntu othuthayo acinge ngesela.
Akukwazeki ukuzithethelela:I-IDS inokubona kuphela kwaye iphakamise izilumkiso, kodwa ayinakunqanda ngokuqhubekayo itrafikhi enobungozi. Ungenelelo lwezandla ngabalawuli nalo luyafuneka emva kokuba ingxaki ifunyenwe, nto leyo enokukhokelela kwixesha elide lokuphendula.
Ukusetyenziswa kovimba:I-IDS idinga ukuhlalutya isixa esikhulu setrafikhi yenethiwekhi, enokuthi ithathe izixhobo ezininzi zenkqubo, ngakumbi kwindawo ephezulu yetrafikhi.
IPS: "I-Defender" yoKhuseleko lweNethiwekhi
1. Ingqiqo esisiseko ye-IPS Intrusion Prevention System (IPS)sisixhobo sokhuseleko lwenethiwekhi okanye usetyenziso lwesoftware oluphuhliswe ngokwesiseko se-IDS. Ayinakubona kuphela imisebenzi ekhohlakeleyo, kodwa iyayikhusela ngexesha langempela kwaye ikhusele inethiwekhi ekuhlaselweni. Ukuba i-IDS yiscout, i-IPS ngunogada okhaliphile. Ayinakubona kuphela utshaba, kodwa iphinde ithathe inyathelo lokumisa uhlaselo lotshaba. Injongo ye-IPS kukuba "ukufumana iingxaki kwaye uzilungise" ukukhusela ukhuseleko lwenethiwekhi ngokungenelela ngexesha langempela.
2. Isebenza njani i-IPS
Ngokusekwe kumsebenzi wokubona we-IDS, i-IPS yongeza le ndlela yokukhusela ilandelayo:
Ukuthintela itrafikhi:Xa i-IPS ibona itrafikhi enobungozi, inokuvala kwangoko le traffic ukuyithintela ekungeneni kwinethiwekhi. Umzekelo, ukuba ipakethi ifunyenwe izama ukuxhaphaza ubungozi obaziwayo, i-IPS iya kuyiyeka ngokulula.
Ukupheliswa kweseshoni:I-IPS inokuphelisa iseshoni phakathi kwenginginya ekhohlakeleyo kwaye inqumle umdibaniso womhlaseli. Ngokomzekelo, ukuba i-IPS ibona ukuba uhlaselo lwe-bruteforce lwenziwa kwidilesi ye-IP, iya kuqhawula unxibelelwano kunye naloo IP.
Uhluzo lomxholo:I-IPS inokwenza ukuhluzwa komxholo kwitrafikhi yenethiwekhi ukuvimba ukuhanjiswa kwekhowudi engalunganga okanye idatha. Umzekelo, ukuba uncamathiselo lwe-imeyile lufunyenwe lune-malware, i-IPS iya kuvala ukuhanjiswa kwaloo imeyile.
I-IPS isebenza njengomgcini-mnyango, ayipheleli nje ekuboneni abantu abarhanelayo, kodwa ikwabajikisa. Iyakhawuleza ukuphendula kwaye inokuphelisa izoyikiso ngaphambi kokuba zisasazeke.
3. Izinto eziluncedo kunye nezingeloncedo kwi-IPS
I-IPS eluncedo:
Ukhuselo olusebenzayo:I-IPS inokuthintela i-traffic enobungozi ngexesha langempela kwaye ikhusele ngokufanelekileyo ukhuseleko lwenethiwekhi. Kufana nomlindi oqeqeshwe kakuhle, okwaziyo ukugxotha iintshaba ngaphambi kokuba zisondele.
Impendulo ezenzekelayo:I-IPS inokwenza ngokuzenzekelayo imigaqo-nkqubo yokukhusela echazwe kwangaphambili, ukunciphisa umthwalo kubalawuli. Ngokomzekelo, xa uhlaselo lwe-DDoS lufunyenwe, i-IPS inokukhawulela ngokuzenzekelayo i-traffic ehambelana nayo.
Ukhuseleko olunzulu:I-IPS inokusebenza kunye ne-firewall, isango lokhuseleko kunye nezinye izixhobo zokubonelela ngezinga elinzulu lokukhusela. Ayikhuseli kuphela umda womnatha, kodwa ikhusela nempahla ebalulekileyo yangaphakathi.
I-IPS ezingalunganga:
Umngcipheko wokuthintela ngobuxoki:I-IPS inokuvala itrafikhi eqhelekileyo ngempazamo, ichaphazela ukusebenza okuqhelekileyo kwenethiwekhi. Umzekelo, ukuba i-traffic esemthethweni ihlelwe ngendlela engafanelekanga njengeyingozi, inokubangela ukucima kwenkonzo.
Impembelelo yokusebenza:I-IPS idinga uhlalutyo lwexesha langempela kunye nokucutshungulwa kwetrafikhi yenethiwekhi, enokuthi ibe nefuthe elithile ekusebenzeni kwenethiwekhi. Ngokukodwa kwindawo ephezulu yezithuthi, kunokukhokelela ekulibazisekeni okwandileyo.
Ubumbeko oluntsonkothileyo:Ubume kunye nokugcinwa kwe-IPS kunzima kwaye kufuna abasebenzi abaqeqeshiweyo ukuba balawule. Ukuba ayilungiswanga kakuhle, inokukhokelela kwisiphumo esibi sokuzikhusela okanye yandise ingxaki yokuvalwa kobuxoki.
Umahluko phakathi kwe-IDS kunye ne-IPS
Nangona i-IDS kunye ne-IPS zinegama elinye kuphela umahluko egameni, zinomohluko obalulekileyo ekusebenzeni nasekusetyenzisweni. Nantsi eyona mahluko phakathi kwe-IDS kunye ne-IPS:
1. Ukubekwa kokusebenza
I-IDS: Isetyenziselwa ukubeka iliso kunye nokubona izoyikiso zokhuseleko kwinethiwekhi, eyeyokhuseleko olungenayo. Isebenza njengentlola, ikhalisa isilumkiso xa ibona utshaba, kodwa ingathathi inyathelo lokuhlasela.
I-IPS: Umsebenzi wokukhusela osebenzayo wongezwa kwi-IDS, enokuthintela i-traffic enobungozi ngexesha langempela. Kufana nomlindi, akakwazi nje ukubona utshaba, kodwa unokulugcina ngaphandle.
2. Indlela yokuphendula
I-IDS: Izaziso zikhutshwa emva kokuba isoyikiso sifunyenwe, sifuna ukungenelela ngesandla ngumlawuli. Kufana nomlindi obona utshaba aze alubike kubaphathi bakhe, elindele imiyalelo.
IPS: Izicwangciso zokukhusela zenziwa ngokuzenzekelayo emva kokuba isoyikiso sifunyenwe ngaphandle kokungenelela komntu. Kufana nomlindi obona utshaba aze alubethe ngomva.
3. Iindawo zokusasaza
I-IDS: Ngokuqhelekileyo ibekwe kwindawo edlulayo yenethiwekhi kwaye ayichaphazeli ngokuthe ngqo i-traffic yenethiwekhi. Indima yayo kukuqwalasela nokurekhoda, kwaye ayiyi kuphazamisa unxibelelwano oluqhelekileyo.
IPS: Ngokuqhelekileyo ibekwe kwindawo ye-intanethi yenethiwekhi, ilawula i-traffic yenethiwekhi ngokuthe ngqo. Ifuna uhlalutyo lwexesha lokwenyani kunye nongenelelo lwetrafikhi, ngoko lusebenza kakhulu.
4. Umngcipheko we-alamu yobuxoki / ibhloko yobuxoki
I-IDS: Iimpawu zobuxoki azichaphazeli ngokuthe ngqo ukusebenza kwenethiwekhi, kodwa zinokubangela ukuba abalawuli basokole. Njengomthunywa obukhali kakhulu, unokukhala rhoqo kwaye unyuse umsebenzi wakho.
IPS: Ukuvaleka okungeyonyani kunokubangela uphazamiseko lwenkonzo eqhelekileyo kwaye kuchaphazele ukufumaneka kwenethiwekhi. Kufana nomlindi ongqwabalala gqitha nonokwenzakalisa amajoni anobuhlobo.
5. Sebenzisa iimeko
I-IDS: Ifanelekile kwiimeko ezifuna uhlalutyo olunzulu kunye nokubekwa esweni kwemisebenzi yothungelwano, efana nophicotho lokhuseleko, impendulo yezehlo, njl. njl.
IPS: Ifanelekile kwiimeko ezifuna ukukhusela inethiwekhi ekuhlaselweni ngexesha langempela, njengokukhuselwa komda, ukukhuselwa kwenkonzo ebalulekileyo, njl.
Ukusetyenziswa okusebenzayo kwe-IDS kunye ne-IPS
Ukuqonda ngcono umahluko phakathi kwe-IDS kunye ne-IPS, singabonisa le meko ilandelayo yesicelo esisebenzayo:
1. Ukhuseleko lwenethiwekhi yeshishini Kuthungelwano lweshishini, i-IDS ingafakwa kuthungelwano lwangaphakathi ukujonga ukuziphatha kwe-intanethi kwabasebenzi kwaye ibone ukuba kukho ukufikelela okungekho mthethweni okanye ukuvuza kwedatha. Umzekelo, ukuba ikhompyutha yomqeshwa ifunyaniswa ingena kwiwebhusayithi engalunganga, i-IDS iya kuphakamisa isilumkiso kwaye yazise umlawuli ukuba aphande.
I-IPS, ngakolunye uhlangothi, inokuthunyelwa kumda womnatha ukukhusela abahlaseli bangaphandle ekuhlaseleni inethiwekhi yezoshishino. Ngokomzekelo, ukuba idilesi ye-IP ifunyenwe phantsi kohlaselo lwe-injection ye-SQL, i-IPS iya kuvala ngokuthe ngqo i-IP traffic ukukhusela ukhuseleko lwesiseko sedatha yeshishini.
2. Ukhuseleko lweZiko leeNkcukacha Kumaziko edatha, i-IDS ingasetyenziselwa ukubeka iliso kwi-traffic phakathi kweeseva ukujonga ubukho bonxibelelwano olungaqhelekanga okanye i-malware. Umzekelo, ukuba iseva ithumela isixa esikhulu sedatha ekrokrisayo kwilizwe langaphandle, i-IDS iya kuflegi indlela yokuziphatha engaqhelekanga kwaye ilumkise umlawuli ukuba ayihlole.
I-IPS, ngakolunye uhlangothi, inokuthunyelwa ekungeneni kwamaziko edatha ukuvimba ukuhlaselwa kwe-DDoS, i-injection ye-SQL kunye nezinye izithuthi ezinobungozi. Ngokomzekelo, ukuba sifumanisa ukuba uhlaselo lwe-DDoS luzama ukuhlisa iziko ledatha, i-IPS iya kukhawulela ngokuzenzekelayo i-traffic ehambelanayo ukuqinisekisa ukusebenza okuqhelekileyo kwenkonzo.
3. Ukhuseleko lwamafu Kwimeko yelifu, i-IDS ingasetyenziselwa ukubeka iliso ukusetyenziswa kweenkonzo zefu kwaye ibone ukuba kukho ukufikelela okungagunyaziswanga okanye ukusetyenziswa kakubi kwezibonelelo. Ngokomzekelo, ukuba umsebenzisi uzama ukufikelela kwimithombo yefu engagunyaziswanga, i-IDS iya kuphakamisa isilumkiso kwaye ilumkise umlawuli ukuba athathe inyathelo.
I-IPS, ngakolunye uhlangothi, inokuthunyelwa kumda wenethiwekhi yefu ukukhusela iinkonzo zefu ekuhlaselweni kwangaphandle. Ngokomzekelo, ukuba idilesi ye-IP ifunyenwe ukuba iqalise ukuhlaselwa kwe-brute force kwinkonzo yefu, i-IPS iya kuqhawula ngokuthe ngqo kwi-IP ukukhusela ukhuseleko lwenkonzo yefu.
Ukusetyenziswa ngokubambisana kwe-IDS kunye ne-IPS
Enyanisweni, i-IDS kunye ne-IPS azikho zodwa, kodwa zinokusebenza kunye ukubonelela ngokhuseleko olubanzi lwenethiwekhi yokhuseleko. Umzekelo:
I-IDS njengesincedisi kwi-IPS:I-IDS inokubonelela ngohlalutyo olunzulu lwetrafikhi kunye nokuloga kwesiganeko ukunceda i-IPS ukuba ibone ngcono kwaye ivimbe izoyikiso. Ngokomzekelo, i-IDS inokubona iipatheni zokuhlaselwa ezifihliweyo ngokubeka iliso ixesha elide, kwaye emva koko iphinde yondle olu lwazi kwi-IPS ukuze iphucule isicwangciso sayo sokukhusela.
I-IPS isebenza njengomabi we-IDS:Emva kokuba i-IDS ibone isoyikiso, inokubangela i-IPS ukuba iqhube isicwangciso esihambelanayo sokukhusela ukufezekisa impendulo ezenzekelayo. Ngokomzekelo, ukuba i-IDS ibona ukuba idilesi ye-IP iskenwa ngokungalunganga, inokwazisa i-IPS ukuvala i-traffic ngqo kuloo IP.
Ngokudibanisa i-IDS kunye ne-IPS, amashishini kunye nemibutho inokwakha inkqubo yokhuseleko lwenethiwekhi eyomelele ngakumbi ukuxhathisa ngokufanelekileyo izoyikiso ezahlukeneyo zenethiwekhi. I-IDS inoxanduva lokufumana ingxaki, i-IPS inoxanduva lokusombulula ingxaki, ezi zimbini ziyancedisana, kwaye azinakuchithwa.
Fumana okulungileyoNetwork Packet Brokerukusebenza ngeIDS yakho (Intrusion Detection System)
Fumana okulungileyoI-Inline Bypass Tap Tshintshaukusebenza nge-IPS yakho (iNkqubo yoThintelo lokuNgena)
Ixesha lokuposa: Apr-23-2025
