Kule mihla yedijithali, ukhuseleko lwenethiwekhi lube yingxaki ebalulekileyo ekufuneka amashishini kunye nabantu ngabanye bajongane nayo. Ngenxa yokuguquka okuqhubekayo kohlaselo lwenethiwekhi, amanyathelo okhuseleko emveli aye anganelanga. Kule meko, iNkqubo yokuFumanisa ukuNgena (i-IDS) kunye neNkqubo yoThintelo lokuNgena (i-IPS) zivela njengoko iThe Times ifuna, kwaye zibe ngabagcini ababini abaphambili kwicandelo lokhuseleko lwenethiwekhi. Zisenokubonakala zifana, kodwa zahluke kakhulu ekusebenzeni nasekusetyenzisweni kwazo. Eli nqaku lijonga nzulu umahluko phakathi kwe-IDS kunye ne-IPS, kwaye lichaza aba bagcini babini bokhuseleko lwenethiwekhi.
I-IDS: I-Scout yoKhuseleko lweNethiwekhi
1. Iingcamango ezisisiseko zeNkqubo yokuFumanisa ukuNgena kwe-IDS (i-IDS)sisixhobo sokhuseleko lwenethiwekhi okanye usetyenziso lwesoftware oluyilelwe ukujonga ithrafikhi yenethiwekhi kunye nokubona imisebenzi enobungozi okanye ukwaphulwa komthetho. Ngokuhlalutya iipakethi zenethiwekhi, iifayile zelog kunye nolunye ulwazi, i-IDS ichonga ithrafikhi engaqhelekanga kwaye ilumkisa abalawuli ukuba bathathe amanyathelo afanelekileyo okuchasa. Cinga nge-IDS njengomhloli oqaphelayo ojonga yonke intshukumo kwinethiwekhi. Xa kukho ukuziphatha okungathandabuzekiyo kwinethiwekhi, i-IDS iya kuba lixesha lokuqala ukufumanisa nokukhupha isilumkiso, kodwa ayizukuthatha nyathelo lisebenzayo. Umsebenzi wayo "kukufumana iingxaki," hayi "ukuzisombulula."
2. Indlela esebenza ngayo i-IDS Indlela esebenza ngayo i-IDS ixhomekeke kakhulu kwezi ndlela zilandelayo:
Ukuchonga Utyikityo:I-IDS inesiseko sedatha esikhulu seempawu eziqulethe iimpawu zohlaselo olwaziwayo. I-IDS ikhupha isilumkiso xa ithrafikhi yenethiwekhi ihambelana nesiginitsha kwisiseko sedatha. Oku kufana namapolisa asebenzisa isiseko sedatha seminwe ukuchonga abarhanelwa, abasebenzayo kodwa abaxhomekeke kulwazi olwaziwayo.
Ukufunyanwa kwe-Anomaly:I-IDS ifunda iindlela zokuziphatha eziqhelekileyo zenethiwekhi, kwaye xa ifumene ithrafikhi ephambuka kwindlela eqhelekileyo, iyithatha njengengozi enokubakho. Umzekelo, ukuba ikhompyutha yomqeshwa ithumela ngequbuliso idatha eninzi ebusuku, i-IDS inokubonakalisa indlela yokuziphatha engaqhelekanga. Oku kufana nonogada onamava oqhelene nemisebenzi yemihla ngemihla yoluntu kwaye uya kuqaphela xa kufunyenwe izinto ezingaqhelekanga.
Uhlalutyo lweProtocol:I-IDS iya kuqhuba uhlalutyo olunzulu lweeprotocol zenethiwekhi ukuze kufunyaniswe ukuba kukho ukwaphulwa komthetho okanye ukusetyenziswa okungaqhelekanga kweprotocol. Umzekelo, ukuba ifomathi yeprotocol yepakethi ethile ayihambelani nomgangatho, i-IDS inokuyithatha njengohlaselo olunokwenzeka.
3. Izinto ezilungileyo nezingalunganga
Iingenelo ze-IDS:
Ukubeka esweni ngexesha langempela:I-IDS inokujonga ithrafikhi yenethiwekhi ngexesha langempela ukuze ifumane izisongelo zokhuseleko ngexesha. Njengomlindi ongalaliyo, soloko ukhusela ukhuseleko lwenethiwekhi.
Ukuguquguquka:I-IDS ingafakwa kwiindawo ezahlukeneyo zenethiwekhi, njengemida, iinethiwekhi zangaphakathi, njl.njl., inika amanqanaba amaninzi okhuseleko. Nokuba luhlaselo lwangaphandle okanye lusongelo lwangaphakathi, i-IDS inokuyifumanisa.
Ukubhalwa kweziganeko:I-IDS inokurekhoda iirekhodi zemisebenzi yenethiwekhi eneenkcukacha ukuze kuhlalutywe emva kokufa kunye nophando lwezonyango. Kufana nombhali othembekileyo ogcina irekhodi yazo zonke iinkcukacha kwinethiwekhi.
Iingxaki ze-IDS:
Izinga eliphezulu leziphumo ezingezizo ezilungileyo:Ekubeni i-IDS ixhomekeke kwiimpawu zotyikityo kunye nokufunyanwa kwezinto ezingaqhelekanga, kunokwenzeka ukuba ukugweba ithrafikhi eqhelekileyo njengezenzo ezinobungozi, nto leyo ekhokelela kwiziphumo ezingezizo ezilungileyo. Njengonogada obuthathaka kakhulu onokuthi acinge ukuba umntu ohambisa impahla lisela.
Ayikwazi ukuzikhusela ngokukhutheleyo:I-IDS iyakwazi ukubona nokuphakamisa izilumkiso kuphela, kodwa ayinakuyithintela ngokuthe ngqo ithrafikhi enobungozi. Ukungenelela ngesandla ngabalawuli kuyafuneka xa ingxaki ifunyenwe, nto leyo enokubangela ukuba impendulo ibe mide.
Ukusetyenziswa kwezixhobo:I-IDS kufuneka ihlalutye inani elikhulu le-traffic yenethiwekhi, enokuthi ithathe izixhobo ezininzi zenkqubo, ingakumbi kwindawo enabantu abaninzi abasebenzisa i-traffic.
I-IPS: "Umkhuseli" woKhuseleko lweNethiwekhi
1. Ingcamango esisiseko yeNkqubo yoThintelo lokungena kwe-IPS (IPS)sisixhobo sokhuseleko lwenethiwekhi okanye usetyenziso lwesoftware oluphuhliswe ngokusekelwe kwi-IDS. Ayinakubona kuphela imisebenzi enobungozi, kodwa ikwayithintela ngexesha langempela kwaye ikhusele inethiwekhi ekuhlaselweni. Ukuba i-IDS yi-scout, i-IPS ngumlindi onesibindi. Ayinakubona nje kuphela utshaba, kodwa ikwathatha inyathelo lokumisa uhlaselo lotshaba. Injongo ye-IPS "kukufumana iingxaki nokuzilungisa" ukukhusela ukhuseleko lwenethiwekhi ngokungenelela ngexesha langempela.
2. Indlela esebenza ngayo i-IPS
Ngokusekelwe kumsebenzi wokufumanisa we-IDS, i-IPS yongeza le ndlela yokuzikhusela ilandelayo:
Ukuthintela izithuthi:Xa i-IPS ibona ithrafikhi enobungozi, inokuyivala ngoko nangoko le thrafikhi ukuze iyithintele ukuba ingangeni kwinethiwekhi. Umzekelo, ukuba ipakethi ifunyenwe izama ukusebenzisa ubuthathaka obaziwayo, i-IPS iya kuyilahla nje.
Ukupheliswa kweseshoni:I-IPS ingayiphelisa iseshoni phakathi kwe-host enonya kwaye inqumle unxibelelwano lomhlaseli. Umzekelo, ukuba i-IPS ifumanisa ukuba uhlaselo lwe-bruteforce lwenziwa kwidilesi ye-IP, iya kuyinqamla nje unxibelelwano naloo IP.
Ukucoca umxholo:I-IPS inokwenza ukucoca umxholo kwi-network traffic ukuthintela ukudluliselwa kwekhowudi okanye idatha enobungozi. Umzekelo, ukuba i-imeyile enamathiselweyo ifunyenwe ine-malware, i-IPS iya kuthintela ukudluliselwa kwaloo imeyile.
I-IPS isebenza njengomlindi-mnyango, ayigcini nje ngokubona abantu abakrokrelayo, kodwa ikwabagxotha. Ikhawuleza ukuphendula kwaye ingazicima izoyikiso ngaphambi kokuba zisasazeke.
3. Iingenelo kunye nokungalungi kwe-IPS
Iingenelo ze-IPS:
Ukuzikhusela okusebenzayo:I-IPS inokuthintela ukuxinana kwabantu ngexesha langempela kwaye ikhusele ngempumelelo ukhuseleko lwenethiwekhi. Ifana nomlindi oqeqeshwe kakuhle, okwaziyo ukugxotha iintshaba ngaphambi kokuba zisondele.
Impendulo ezenzekelayo:I-IPS inokwenza ngokuzenzekelayo imigaqo-nkqubo yokhuselo echazwe kwangaphambili, inciphisa umthwalo kubalawuli. Umzekelo, xa kufunyenwe uhlaselo lwe-DDoS, i-IPS ingayithintela ngokuzenzekelayo ithrafikhi enxulumene nayo.
Ukhuseleko olunzulu:I-IPS ingasebenza nee-firewalls, ii-gateways zokhuseleko kunye nezinye izixhobo ukubonelela ngokhuseleko olunzulu. Ayikhuseli nje kuphela umda wenethiwekhi, kodwa ikwakhusela neeasethi ezibalulekileyo zangaphakathi.
Iingxaki ze-IPS:
Ukuthintela okungeyonyani Ingozi:I-IPS inokuvala ithrafikhi eqhelekileyo ngempazamo, nto leyo echaphazela ukusebenza kwenethiwekhi okuqhelekileyo. Umzekelo, ukuba ithrafikhi esemthethweni ichazwa kakubi njengenobungozi, inokubangela ukungasebenzi kwenkonzo.
Impembelelo yokusebenza:I-IPS ifuna uhlalutyo lwangempela kunye nokucutshungulwa kwetrafikhi yenethiwekhi, enokuba nefuthe elithile ekusebenzeni kwenethiwekhi. Ingakumbi kwindawo apho itrafikhi iphezulu khona, inokukhokelela ekulibazisekeni okukhulu.
Uqwalaselo oluntsonkothileyo:Uqwalaselo kunye nokugcinwa kwe-IPS kuyinkimbinkimbi kwaye kufuna abasebenzi abaziingcali ukuba bayilawule. Ukuba ayilungiswanga kakuhle, inokukhokelela kwimpembelelo embi yokuzikhusela okanye iyenze mandundu ingxaki yokuvalelwa okungachanekanga.
Umahluko phakathi kwe-IDS kunye ne-IPS
Nangona i-IDS kunye ne-IPS zinomahluko omnye kuphela wegama kwigama, zinomahluko obalulekileyo kumsebenzi kunye nokusetyenziswa. Nazi umahluko ophambili phakathi kwe-IDS kunye ne-IPS:
1. Indawo yokusebenza
I-IDS: Isetyenziswa kakhulu ukujonga nokufumanisa izisongelo zokhuseleko kwinethiwekhi, enxulumene nokuzikhusela okungasebenziyo. Isebenza njenge-scout, ikhala isilumkiso xa ibona utshaba, kodwa ingathathi nyathelo lokuhlasela.
I-IPS: Umsebenzi wokuzikhusela osebenzayo wongezwa kwi-IDS, enokuthintela ithrafikhi enobugebenga ngexesha langempela. Kufana nomlindi, akapheleli nje ekufumaneni utshaba, kodwa unokulugcina lungekho.
2. Indlela yokuphendula
I-IDS: Izaziso zikhutshwa emva kokuba kusongelwe, nto leyo efuna ukungenelela ngesandla ngumlawuli. Kufana nomlindi obona utshaba aze axele kubaphathi bakhe, elinde imiyalelo.
I-IPS: Amaqhinga okuzikhusela asebenza ngokuzenzekelayo emva kokuba isoyikiso sifunyenwe ngaphandle kokungenelela komntu. Kufana nomlindi obona utshaba aze alubuyisele umva.
3. Iindawo zokusasazwa
I-IDS: Idla ngokusetyenziswa kwindawo edlulayo yenethiwekhi kwaye ayichaphazeli ngokuthe ngqo ithrafikhi yenethiwekhi. Umsebenzi wayo kukujonga nokurekhoda, kwaye ayizukuphazamisana nonxibelelwano oluqhelekileyo.
I-IPS: Idla ngokusebenza kwindawo yenethiwekhi ekwi-intanethi, ilawula ngokuthe ngqo ithrafikhi yenethiwekhi. Ifuna uhlalutyo lwangempela kunye nokungenelela kwethrafikhi, ngoko ke isebenza kakuhle kakhulu.
4. Umngcipheko we-alamu yobuxoki/ukuvalwa kobuxoki
I-IDS: Izinto ezingalunganga azichaphazeli ngqo imisebenzi yenethiwekhi, kodwa zinokubangela ukuba abaphathi basokole. Njengomlindi ova kakhulu, unokuvakala rhoqo ukhalela ii-alamu kwaye wongeze umthwalo wakho womsebenzi.
I-IPS: Ukuvalwa okungachanekanga kunokubangela ukuphazamiseka kwenkonzo eqhelekileyo kwaye kuchaphazele ukufumaneka kwenethiwekhi. Kufana nomlindi onobundlongondlongo kakhulu kwaye angonakalisa amajoni anobuhlobo.
5. Iimeko zokusetyenziswa
I-IDS: Ifanelekile kwiimeko ezifuna uhlalutyo olunzulu kunye nokubeka iliso kwimisebenzi yenethiwekhi, efana nokuhlolwa kokhuseleko, impendulo yeziganeko, njl. Umzekelo, ishishini lingasebenzisa i-IDS ukujonga indlela abasebenzi abaziphatha ngayo kwi-intanethi kunye nokufumanisa ukwaphulwa kwedatha.
I-IPS: Ifanelekile kwiimeko ezifuna ukukhusela inethiwekhi kwiintlaselo ngexesha langempela, ezinje ngokhuseleko lomda, ukhuseleko lwenkonzo ebalulekileyo, njl. Umzekelo, ishishini lingasebenzisa i-IPS ukuthintela abahlaseli bangaphandle ukuba bangangeni kwinethiwekhi yalo.
Ukusetyenziswa okusebenzayo kwe-IDS kunye ne-IPS
Ukuze siqonde ngcono umahluko phakathi kwe-IDS kunye ne-IPS, singabonisa le meko ilandelayo yokusetyenziswa:
1. Ukhuseleko lokhuseleko lwenethiwekhi yeshishini Kwinethiwekhi yeshishini, i-IDS inokusetyenziswa kwinethiwekhi yangaphakathi ukujonga indlela abasebenzi abaziphatha ngayo kwi-intanethi nokufumanisa ukuba kukho ukufikelela okungekho mthethweni okanye ukuvuza kwedatha. Umzekelo, ukuba ikhompyutha yomsebenzi ifunyenwe ingena kwiwebhusayithi enobungozi, i-IDS iya kuphakamisa isilumkiso kwaye yazise umphathi ukuba aphande.
Kwelinye icala, i-IPS inokusetyenziswa kumda wenethiwekhi ukuthintela abahlaseli bangaphandle ukuba bangangeni kwinethiwekhi yeshishini. Umzekelo, ukuba idilesi ye-IP ifunyenwe ukuba iphantsi kohlaselo lwe-SQL, i-IPS iya kuyivala ngokuthe ngqo ithrafikhi ye-IP ukukhusela ukhuseleko lwedathabheyisi yeshishini.
2. Ukhuseleko lweZiko leDatha Kwiziko ledatha, i-IDS ingasetyenziselwa ukujonga ithrafikhi phakathi kweeseva ukuze kufunyanwe ubukho bonxibelelwano olungaqhelekanga okanye i-malware. Umzekelo, ukuba iseva ithumela inani elikhulu ledatha ekrokrisayo kwihlabathi langaphandle, i-IDS iya kuyiphawula loo ndlela yokuziphatha engaqhelekanga kwaye yazise umlawuli ukuba ayihlole.
Kwelinye icala, i-IPS ingafakwa emnyango weziko ledatha ukuthintela uhlaselo lwe-DDoS, i-SQL injection kunye nezinye iindlela ezinobungozi. Umzekelo, ukuba sifumanisa ukuba uhlaselo lwe-DDoS luzama ukuwisa iziko ledatha, i-IPS iya kuyinciphisa ngokuzenzekelayo i-traffic ehambelanayo ukuqinisekisa ukusebenza okuqhelekileyo kwenkonzo.
3. Ukhuseleko lweLifu Kwimeko-bume yelifu, i-IDS ingasetyenziselwa ukujonga ukusetyenziswa kweenkonzo zelifu nokufumanisa ukuba kukho ukufikelela okungagunyaziswanga okanye ukusetyenziswa gwenxa kwezixhobo. Umzekelo, ukuba umsebenzisi uzama ukufikelela kwizixhobo zelifu ezingagunyaziswanga, i-IDS iya kuphakamisa isilumkiso kwaye yazise umlawuli ukuba athathe inyathelo.
Kwelinye icala, i-IPS inokusetyenziswa kumda wenethiwekhi yelifu ukukhusela iinkonzo zelifu kwiintlaselo zangaphandle. Umzekelo, ukuba idilesi ye-IP ifunyenwe ukuba iqalise uhlaselo lwe-brute force kwinkonzo yelifu, i-IPS iya kuqhawula ngokuthe ngqo kwi-IP ukukhusela ukhuseleko lwenkonzo yelifu.
Ukusetyenziswa ngokubambisana kwe-IDS kunye ne-IPS
Enyanisweni, i-IDS kunye ne-IPS azikho zodwa, kodwa zinokusebenzisana ukubonelela ngokhuseleko olupheleleyo lokhuseleko lwenethiwekhi. Umzekelo:
I-IDS njengenkxaso kwi-IPS:I-IDS inokubonelela ngohlalutyo olunzulu lwethrafikhi kunye nokubhalwa kweziganeko ukunceda i-IPS ichonge kwaye ithintele iingozi ngcono. Umzekelo, i-IDS inokubona iipatheni zohlaselo ezifihlakeleyo ngokubeka esweni ixesha elide, ize emva koko yongeze olu lwazi kwi-IPS ukuze iphucule icebo layo lokuzikhusela.
I-IPS isebenza njengomlawuli we-IDS:Emva kokuba i-IDS ifumene isoyikiso, inokubangela i-IPS ukuba isebenzise icebo lokuzikhusela elifanelekileyo ukuze ifumane impendulo ezenzekelayo. Umzekelo, ukuba i-IDS ifumanisa ukuba idilesi ye-IP iskenwa ngendlela enobungozi, inokwazisa i-IPS ukuba ivale ithrafikhi ngqo kuloo IP.
Ngokudibanisa i-IDS kunye ne-IPS, amashishini kunye nemibutho inokwakha inkqubo yokhuseleko lokhuseleko lwenethiwekhi eqinileyo ukuze ikwazi ukumelana ngempumelelo neengozi ezahlukeneyo zenethiwekhi. I-IDS inoxanduva lokufumana ingxaki, i-IPS inoxanduva lokusombulula ingxaki, zombini ziyahambelana, akukho nanye enokuphulukana nayo.
Fumana ekuneneUmthengisi wePakethi yeNethiwekhiukusebenza ne-IDS yakho (iNkqubo yokuHlola ukuNgena)
Fumana ekuneneIswitshi seTap ye-Inline Bypassukusebenzisana ne-IPS yakho (iNkqubo yoThintelo lokungena)
Ixesha leposi: Epreli-23-2025
