Yintoni i-SSL/TLS Decryption?
Ukususwa kwe-SSL, okwaziwa ngokuba yi-SSL/TLS decryption, kubhekisa kwinkqubo yokuthintela nokususa ukubethela i-Secure Sockets Layer (SSL) okanye i-Transport Layer Security (TLS) yenethiwekhi efihliweyo. I-SSL/TLS yiprotocol yokubethela esetyenziswa kakhulu ekhusela ukudluliselwa kwedatha kwiinethiwekhi zekhompyutha, ezifana ne-intanethi.
Ukususwa kwe-SSL kudla ngokwenziwa zizixhobo zokhuseleko, ezifana nee-firewalls, iinkqubo zokuthintela ukungena (IPS), okanye izixhobo ze-SSL ezizinikeleyo zokususwa kwe-SSL. Ezi zixhobo zibekwe ngobuchule ngaphakathi kwenethiwekhi ukuze zihlole ithrafikhi efihliweyo ngeenjongo zokhuseleko. Injongo ephambili kukuhlalutya idatha efihliweyo ukuze kujongwe izisongelo ezinokubakho, i-malware, okanye imisebenzi engagunyaziswanga.
Ukuze kwenziwe i-SSL decryption, isixhobo sokhuseleko sisebenza njengomntu ophakathi phakathi kweklayenti (umz., isikhangeli sewebhu) kunye neseva. Xa iklayenti iqala uqhagamshelo lwe-SSL/TLS neseva, isixhobo sokhuseleko sithintela ithrafikhi efihliweyo kwaye simise uqhagamshelo olubini olwahlukeneyo lwe-SSL/TLS—olunye nomthengi nolunye nomncedisi.
Isixhobo sokhuseleko emva koko siyayicima ithrafikhi evela kumthengi, sihlole umxholo ocinyiweyo, size sisebenzise imigaqo-nkqubo yokhuseleko ukuchonga nayiphi na imisebenzi enobungozi okanye erhanelekayo. Sinokwenza imisebenzi efana nokuthintela ukulahleka kwedatha, ukucoca umxholo, okanye ukufunyanwa kwe-malware kwidatha ecinyiweyo. Nje ukuba ithrafikhi ihlalutywe, isixhobo sokhuseleko siyayicima kwakhona sisebenzisa isatifikethi esitsha se-SSL/TLS size siyithumele kwiseva.
Kubalulekile ukuqaphela ukuba ukususwa kwe-SSL kuphakamisa iinkxalabo zobumfihlo kunye nokhuseleko. Ekubeni isixhobo sokhuseleko sinokufikelela kwidatha esusiweyo, sinokubona ulwazi oluyimfihlo olufana namagama abasebenzisi, iiphasiwedi, iinkcukacha zekhadi letyala, okanye olunye ulwazi oluyimfihlo oluthunyelwa ngenethiwekhi. Ke ngoko, ukususwa kwe-SSL ngokuqhelekileyo kwenziwa ngaphakathi kweendawo ezilawulwayo nezikhuselekileyo ukuqinisekisa ubumfihlo kunye nokuthembeka kwedatha esusiweyo.
I-SSL Decryption ineendlela ezintathu eziqhelekileyo, zezi:
- Imo Yokungasebenzi
- Imo Yokungena
- Imo yokuPhuma
Kodwa, yintoni umahluko phakathi kweendlela ezintathu ze-SSL Decryption?
| Imo | Imo Yokungasebenzi | Imo Yokungena | Imo yokuPhuma |
| Inkcazo | Ithumela nje i-traffic ye-SSL/TLS ngaphandle kokususa ukubethela okanye ukuguqula. | Isusa izicelo zabathengi, ihlalutye kwaye isebenzise imigaqo-nkqubo yokhuseleko, ize ithumele izicelo kwiseva. | Isusa iimpendulo zeseva, ihlalutye kwaye isebenzise imigaqo-nkqubo yokhuseleko, ize ithumele iimpendulo kumthengi. |
| Ukuhamba kweTrafikhi | Icala eliya kwicala elibini | Umthengi ukuya kwiSeva | Iseva kwiKlayenti |
| Indima yesixhobo | Umqapheli | Indoda Ephakathi | Indoda Ephakathi |
| Indawo yokususa ukubethela | Akukho kususwa kwekhowudi | I-Decrypts kwi-perimeter yenethiwekhi (ngesiqhelo phambi kweseva). | I-Decrypts kwi-perimeter yenethiwekhi (ngesiqhelo phambi komthengi). |
| Ukubonakala kweTrafikhi | Ithrafikhi efihliweyo kuphela | Izicelo zabathengi eziguqulweyo | Iimpendulo zeseva eziguqulweyo |
| Uhlengahlengiso lweTrafikhi | Akukho tshintsho | Ingatshintsha ithrafikhi ngeenjongo zohlalutyo okanye zokhuseleko. | Ingatshintsha ithrafikhi ngeenjongo zohlalutyo okanye zokhuseleko. |
| Isatifikethi se-SSL | Akukho mfuneko yesitshixo sabucala okanye isatifikethi | Ifuna isitshixo sabucala kunye nesatifikethi seseva ethintelwayo | Ifuna isitshixo sabucala kunye nesatifikethi kumthengi obanjwayo |
| Ulawulo loKhuseleko | Ulawulo olulinganiselweyo njengoko ingenako ukuhlola okanye ukuguqula ithrafikhi efihliweyo | Ingahlola kwaye isebenzise imigaqo-nkqubo yokhuseleko kwizicelo zabathengi ngaphambi kokufikelela kwiseva | Ingahlola kwaye isebenzise imigaqo-nkqubo yokhuseleko kwiimpendulo zeseva ngaphambi kokufikelela kumthengi |
| Iingxaki zoBucala | Ayifikeleli okanye ayihlalutyi idatha efihliweyo | Unokufikelela kwizicelo zabathengi eziguqulweyo, nto leyo ephakamisa iinkxalabo zobumfihlo | Unokufikelela kwiimpendulo zeseva ezingaguqulelwanga kwi-crypt, nto leyo ephakamisa iinkxalabo zobumfihlo |
| Izinto ekufuneka ziqwalaselwe ukuze kuthotyelwe imithetho | Impembelelo encinci kubumfihlo kunye nokuthobela imithetho | Isenokufuna ukuthotyelwa kwemigaqo yobumfihlo bedatha | Isenokufuna ukuthotyelwa kwemigaqo yobumfihlo bedatha |
Xa kuthelekiswa nokususwa kwe-serial kweqonga lokuhambisa elikhuselekileyo, itekhnoloji yendabuko yokususwa kwe-serial inemida.
Ii-firewall kunye neengcango zokhuseleko lwenethiwekhi ezisusa ukubethela ithrafikhi ye-SSL/TLS zihlala zisilela ukuthumela ithrafikhi esusiweyo kwezinye izixhobo zokubeka esweni nezokhuseleko. Ngokufanayo, ukulinganisela umthwalo kususa ithrafikhi ye-SSL/TLS kwaye kusasaza ngokugqibeleleyo umthwalo phakathi kweeseva, kodwa iyasilela ukusasaza ithrafikhi kwizixhobo ezininzi zokhuseleko ezidibanisayo ngaphambi kokuba iphinde ibethele. Okokugqibela, ezi zisombululo azinalo ulawulo lokukhetha ithrafikhi kwaye ziya kusasaza ithrafikhi engaguqulelwanga ngesantya sentambo, zihlala zithumela yonke ithrafikhi kwinjini yokuguqulela ukubethela, nto leyo edala imingeni yokusebenza.
Ngokusebenzisa i-Mylinking™ SSL decryption, ungazisombulula ezi ngxaki:
1- Phucula izixhobo zokhuseleko ezikhoyo ngokubeka kwindawo enye kunye nokukhupha i-SSL decryption kunye ne-re-encryption;
2- Ukutyhila izisongelo ezifihlakeleyo, ukwaphulwa kwedatha, kunye ne-malware;
3- Hlonipha ukuthobela ubumfihlo bedatha ngeendlela ezikhethiweyo zokususa ukubethela ezisekelwe kumgaqo-nkqubo;
4 -Iinkonzo ezininzi zeenkqubo zolwazi lwendlela ezifana nokusika iipakethi, ukufihla, ukukhupha idatha, kunye nokucoca iseshoni eguquguqukayo, njl.
5- Chaphazela ukusebenza kwenethiwekhi yakho, kwaye wenze uhlengahlengiso olufanelekileyo ukuqinisekisa ulungelelwano phakathi kokhuseleko kunye nokusebenza.
Ezi zezinye zezona zicelo ziphambili ze-SSL decryption kwii-network packet brokers. Ngokususa i-SSL/TLS traffic, ii-NPBs ziphucula ukubonakala nokusebenza kwezixhobo zokhuseleko kunye nokubeka iliso, ziqinisekisa ukhuseleko olupheleleyo lwenethiwekhi kunye nobuchule bokubeka iliso ekusebenzeni. Ukususa i-SSL decryption kwii-network packet brokers (NPBs) kubandakanya ukufikelela kunye nokususa i-crypt traffic ukuze ihlolwe kwaye ihlalutywe. Ukuqinisekisa ubumfihlo kunye nokhuseleko lwe-traffic decrypted kubaluleke kakhulu. Kubalulekile ukuqaphela ukuba imibutho esebenzisa i-SSL decryption kwii-NPBs kufuneka ibe nemigaqo-nkqubo ecacileyo kunye neenkqubo ezilawula ukusetyenziswa kwe-traffic decrypted, kubandakanya ulawulo lokufikelela, ukuphathwa kwedatha, kunye nemigaqo-nkqubo yokugcina. Ukuthobela iimfuno zomthetho kunye nemithetho efanelekileyo kubalulekile ukuqinisekisa ubumfihlo kunye nokhuseleko lwe-traffic decrypted.
Ixesha lokuthumela: Septemba-04-2023
