Ithini i-SSL / TLS DERYTION?
I-SSL Gecterption, ekwabizwa ngokuba yi-SSL / TLS I-SSL / TLS I-STRYVIPRENT, ibhekisa kwinkqubo yokunikezela kunye nokugqiba kwelokhuseleko olukhuselekileyo (i-SSL) okanye i-TRS) yendlela efihliweyo. I-SSL / TLS yinkqubo esetyenziswa ngokubanzi esetyenzisiweyo eqhotyoshelweyo exhasa usulelo lwedatha ngaphezulu kweenethiwekhi zekhompyuter, njenge-Intanethi.
Ubungakanani be-SSL buhlala busebenza zizixhobo zokhuseleko, ezinjengee-firewalls, iinkqubo zokuthintela i-Ips), okanye izixhobo ze-SSL ezinikezelweyo. Ezi zixhobo zibekwe ngobuchule ngaphakathi kwenethiwekhi ukuze zihlolwe iitrafikhi ezifihliweyo ngeenjongo zokhuseleko. Eyona njongo iphambili kukuhlalutya idatha efihliweyo kwizisongelo ezinokubakho, i-malware, okanye imisebenzi engagunyaziswanga.
Ukwenza i-SSL Gecterption, isixhobo sezokhuseleko sisebenza njengendoda-ngaphakathi phakathi komthengi (umzekelo, ibrawuza) kunye neseva. Xa umthengi uqalisa uqhagamshelo lwe-SSL / TLS kwiserver, isixhobo sokhuseleko sizibandakanya kwitrafikhi ye-SSL / TLS enxulumene ne-SSL / TLS-enye kunye nomthengi.
Isixhobo sezokhuseleko senzekile ukugcwala komthengi, sihlole umxholo ogqityiweyo, kwaye sisebenzisa imigaqo-nkqubo yokhuseleko ukuba sichonge nakuphi na umsebenzi onobungozi okanye okrokrelayo. Inokwenza imisebenzi efana nokuthintela idatha ilahleko, ukucoca umxholo, okanye ukubonwa kweMalware kwidatha ecinyiweyo. Nje ukuba itrafikhi ihlaziyiwe, isixhobo sokhuseleko siphinda sibenze kwakhona isatifikethi esitsha se-SSL / TLs kwaye sidlulisele kwiseva.
Kubalulekile ukuba uqaphele ukuba i-SSL Gection iphakamise iinkxalabo zobumfihlo kunye nezokhuseleko. Kuba isixhobo sokhuseleko sinokufikelela kwidatha ecinyiweyo, inokujonga ngokuthi iinkcukacha ezibuthathaka njengamagama abasebenzisi, iiphasiwedi, iinkcukacha zekhadi letyala, okanye enye idatha eyimfihlo edluliselwe kwinethiwekhi. Ke ngoko, ubuyiselo lwe-SSL ngokubanzi, i-SSL ye-SSL iphunyezwe ngokubanzi kwindawo elawulwayo kwaye ikhuselekile ukuqinisekisa ukuba yimfihlo kunye nedatha ethathelwe ingqalelo.
I-SSL Debyption ineendlela ezintathu eziqhelekileyo, zezi:
-Imowudi yokuhamba
-Imowudi engaphakathi
-Imowudi engaphandle
Kodwa, yeyiphi umahluko weendlela ezintathu ze-SSL ubuyelo?
| Imowudi | Imowudi yokuhamba | Imowudi engaphakathi | Imowudi engaphandle |
| Inkcazo | Phambisisa nje i-SSL / TLS traffic ngaphandle kokuguqulwa okanye ukutshintsha. | I-Decypypys icela, zihlalutye kwaye isebenzisa imigaqo-nkqubo yokhuseleko, emva koko iqhubekele phambili izicelo zeseva. | Imigca yeseva yeseva, uhlalutyi kwaye isebenzisa imigaqo-nkqubo yokhuseleko, emva koko iqhubela phambili iimpendulo kumthengi. |
| Ukuhamba kwezithuthi | I-BI-ISIQINISEKISO | Umxhasi kwiseva | Iseva kumthengi |
| Indima yesixhobo | Umbukeli | Umntu-ngaphakathi-phakathi | Umntu-ngaphakathi-phakathi |
| Indawo yokuGqibela | Akukho tyala | I-Decyps kwi-perimeter yenethiwekhi (ihlala iphambi kweseva). | I-Decyps kwi-perimeter yenethiwekhi (ihlala iphambi komthengi). |
| Ukubonakala kwezithuthi | Iithokhwe ezifihliweyo kuphela | Izicelo zabathengi ezigqityiweyo | Iimpendulo zeseva ezigqityiweyo |
| Ukulungiswa kwetrafikhi | Akukho sigqibo | Ingaguqula itrafikhi yohlalutyo okanye iinjongo zokhuseleko. | Ingaguqula itrafikhi yohlalutyo okanye iinjongo zokhuseleko. |
| Isatifikethi se-SSL | Akukho sidingo sesitshixo sangasese okanye isiqinisekiso | Ifuna isitshixo sangasese kunye nesatifikethi seseva | Ifuna isitshixo sangasese kunye nesatifikethi somthengi |
| Ulawulo loKhuseleko | Ulawulo olulinganiselweyo njengoko lungenakuhlola okanye luguqule ukugcwala kwetrafikhi | Ungayihlola kwaye isebenzise imigaqo-nkqubo yokhuseleko kwizicelo zangaphantsi ngaphambi kokufikelela kwiseva | Ungayihlola kwaye ufaka imigaqo-nkqubo yokhuseleko kwiimpendulo zeseva ngaphambi kokufikelela kumthengi |
| Iingxaki zabucala | Ayifikeleli okanye ahlalutye idatha efihliweyo | Ukufikelela kwizicelo zabathengi ezigqityiweyo, ukukhulisa iingxaki zabucala | Ukufikelela kwiimpendulo zeseva ezigqityiweyo, ukuphakamisa iingxaki zabucala |
| Ukuqwalaselwa kokuthobela | Impembelelo encinci kukhuseleko lwabucala kunye nokuThobela | Inokufuna ukuthotyelwa kweMigaqo yabucala yeDatha | Inokufuna ukuthotyelwa kweMigaqo yabucala yeDatha |
Xa kuthelekiswa nesigqibo se-serial seqonga elikhuselekileyo lokuhambisa, itekhnoloji ye-Gecysiption yeSintu inomda.
I-Firewalls kunye neSango lokhuseleko lweNethiwekhi le-DESL / TLS iTls trafith ihlala isilela ukuthumela itrafikhi eyenziweyo kwezinye izixhobo zokubeka iliso nezokhuseleko. Ngokufanayo, ukulayisha ukulinganisa kuphelisa i-SSL / TLS trafikhi kwaye usasaze ngokugqibeleleyo umthwalo phakathi kweeseva, kodwa iyasilela ukuhambisa itrafikhi kwizixhobo ezininzi zokhuseleko ngaphambi kokuba iphinde ifihlise i-ping. Okokugqibela, ezi zisombululo zingenalo ukunqunyulwa kweendlela kwaye ziya kuhambisa itrafikhi yenzuzo kwi-wire-isantya, ngokuqhelekileyo ukuthumela itrafikhi yonke kwi-injini yokuguqula, ukudala iingxaki zomsebenzi.
Ngomnqweno wokuncwina kwe-SSL ye-SSL, ungazisombulula ezi ngxaki:
1- phucula izixhobo ezikhoyo zokhuseleko ngokubambisana nokulayishwa kwakhona i-SSL GORYPREX kunye nokufihlwa kwakhona;
2- chaza izoyikiso ezifihliweyo, ukwaphulwa kwedatha, kunye ne-malware;
3- Hlonipha ukuthotyelwa kwabucala ngedatha ngemigaqo-nkqubo yokhetho lomgaqo-nkqubo;
I-4 -Service Chain izicelo ezininzi zobuntlola zendlela ezinjengeepakethi zepakethi, imaski, ukuvuselelwa, kunye nokucoca iseshini, njl.
Ukuchaphazela intsebenzo yakho yenethiwekhi, kwaye wenze uhlengahlengiso olufanelekileyo ukuqinisekisa ukuba ibhalansi phakathi kokhuseleko kunye nokusebenza.
Ezi zezinye zezicelo eziphambili ze-SSL ye-SSL iqapheshelo kwiipakethi zenethiwekhi. Ngokubuza i-SSL / TLS iTraffic Traffic, i-NPBS yandisa ukubonakala kunye nokusebenza kokhuseleko kunye nezixhobo zokubeka iliso, ukuqinisekisa ukhuseleko lwenethiwekhi ebanzi kunye nezakhono zokujonga ngentsebenzo. I-SSL Gecterption kwi-Transket yePacket Brockers (i-NPBS) ibandakanya ukufikelela kwaye igqibe itrafikhi efihliweyo yovavanyo kunye nohlalutyo. Ukuqinisekisa ukuba ubumfihlo kunye nokhuseleko lwendlela egqityiweyo ibaluleke kakhulu. Kubalulekile ukuba uqaphele ukuba imibutho ehambisa i-SSL ye-SSL kwi-NPBS kufuneka ibe nemigaqo-nkqubo ecacileyo kunye neenkqubo ezikhoyo zokulawula ukusetyenziswa kwetrafikhi egqityiweyo, kubandakanya imigaqo-nkqubo yokufikelela. Ukuthotyelwa kweemfuno ezifanelekileyo zomthetho kunye nokulawula kubalulekile ukuqinisekisa ubumfihlo kunye nokhuseleko lwetrafikhi.
IXESHA LOKUQALA: UPE-04-2023
