Yakadzika Packet Kuongorora (DPI)tekinoroji inoshandiswa muNetwork Packet Brokers (NPBs) kuongorora uye kuongorora zviri mukati metiweki mapaketi pamwero wegranular. Izvo zvinosanganisira kuongorora iyo payload, misoro, uye imwe protocol-yakatarwa ruzivo mukati memapakiti kuti uwane yakadzama ruzivo mune network traffic.
DPI inodarika yakapusa kuongororwa kwemusoro uye inopa kunzwisisa kwakadzama kweiyo data inoyerera kuburikidza netiweki. Inobvumira kuongororwa kwakadzama kweiyo application layer protocol, seHTTP, FTP, SMTP, VoIP, kana vhidhiyo yekufambisa mapuroteni. Nekuongorora izvo chaizvo zviri mukati memapakiti, DPI inogona kuona uye kuona chaiyo maapplication, maprotocol, kana kunyange chaiwo data mapatani.
Pamusoro pekuongororwa kwehutongi hwemaakero ekwaanobva, kero dzekuenda, zviteshi zvechiteshi, nzvimbo dzekuenda, uye mhando dzeprotocol, DPI inowedzerawo kuongorora-layer kuongororwa kuti uone maapplication akasiyana uye zvirimo. Kana iyo 1P packet, TCP kana UDP data ichiyerera kuburikidza nebandwidth manejimendi system yakavakirwa paDPI tekinoroji, sisitimu inoverenga zvirimo mu1P packet load kurongazve ruzivo rwechishandiso muOSI Layer 7 protocol, kuitira kuti uwane zvirimo. iyo yose purogiramu yekushanda, uyezve kuumba traffic maererano nehutungamiri mutemo unotsanangurwa nehurongwa.
DPI inoshanda sei?
Mafirewall echinyakare anowanzo kushaya simba rekugadzirisa kuti aite zvakakwana-chaiyo-nguva cheki pahuwandu hukuru hwetraffic. Sezvo tekinoroji ichifambira mberi, DPI inogona kushandiswa kuita mamwe macheki akaomarara kutarisa misoro uye data. Kazhinji, firewall ine intrusion yekuona masisitimu anowanzo shandisa DPI. Munyika umo ruzivo rwedhijitari rwakanyanya, chidimbu chega chega cheruzivo rwedhijitari chinounzwa paInternet mumapaketi madiki. Izvi zvinosanganisira email, mameseji anotumirwa kuburikidza neapp, mawebhusaiti akashanyirwa, hurukuro dzevhidhiyo, nezvimwe. Pamusoro peiyo chaiyo data, mapaketi aya anosanganisira metadata inoratidza iyo traffic sosi, zvirimo, kwainoenda, uye rumwe ruzivo rwakakosha. Iine tekinoroji yekusefa tekinoroji, data inogona kuramba ichitariswa uye kutariswa kuti ive nechokwadi chekuti inotumirwa kunzvimbo chaiyo. Asi kuti uve nechokwadi chekuchengetedzwa kwetiweki, kusefa kwepaketi kwechinyakare kuri kure nekuringana. Dzimwe dzenzira huru dzekudzika kwepaketi yekuongorora mune network manejimendi dzakanyorwa pazasi:
Matching Mode/Siginecha
Pakiti yega yega inotariswa kuti inoenderana nedhatabhesi yeinozivikanwa network kurwiswa nefirewall ine intrusion yekuona system (IDS) kugona. IDS inotsvaga maitiro akashata anozivikanwa uye inodzima traffic kana maitiro akaipa awanikwa. Kuipa kweiyo siginecha yekufananidza mutemo ndeyekuti inongoshanda kune masiginicha anogadziridzwa kazhinji. Pamusoro pezvo, tekinoroji iyi inogona chete kudzivirira kubva kunjodzi dzinozivikanwa kana kurwiswa.
Protocol Kunze
Sezvo nzira yekusarudzika yeprotocol isingangotenderi data rese risingaenderane nedhatabhesi, iyo protocol yekusarudzika nzira inoshandiswa neIDS firewall haina kukanganisa kwepatani/ siginecha yekufananidza nzira. Pane kudaro, inotora mutemo wekuramba wakagara. Nekutsanangurwa kweprotocol, firewall inosarudza kuti ndeipi traffic inofanirwa kutenderwa uye kudzivirira network kubva kune zvisingazivikanwe kutyisidzira.
Intrusion Prevention System (IPS)
IPS mhinduro dzinogona kuvharira kutapurirana kwemapaketi anokuvadza zvichienderana nezviri mukati, nekudaro kumisa kunofungidzirwa kurwiswa munguva chaiyo. Izvi zvinoreva kuti kana pakiti ichimiririra njodzi inozivikanwa yekuchengetedza, IPS inovhara network traffic zvichibva pane yakatsanangurwa seti yemitemo. Imwe yakashata yeIPS kudiwa kwekugara uchigadziridza cyber kutyisidzira dhatabhesi ine ruzivo nezve kutsva kutsva, uye mukana wekunyepa. Asi njodzi iyi inogona kudzikiswa nekugadzira mitemo inochengetedza uye tsika dzetsika, kumisikidza hunhu hwakakodzera hwezvikamu zvetiweki, uye nguva nenguva kuongorora yambiro uye zviitiko zvakashumwa kuwedzera kutarisa uye kunyevera.
1- Iyo DPI (Yakadzika Packet Inspection) muNetwork Packet Broker
Iyo "yakadzika" nhanho uye yakajairwa pakiti yekuongorora kuenzanisa, "yakajairika packet yekuongorora" chete inotevera ongororo yeIP packet 4 layer, kusanganisira kwainosuka kero, kero yekuenda, chiteshi chengarava, nzvimbo yekuenda uye protocol mhando, uye DPI kunze kweiyo hierarchical. ongororo, yakawedzerawo kuongororwa kwechinyorwa chekushandisa, kuona akasiyana mashandisirwo uye zvirimo, kuona iwo makuru mabasa:
1) Ongororo Yekushandisa -- network traffic kuumbwa kuongororwa, kuongororwa kwekuita, uye kuongorora kuyerera
2) Ongororo yeMushandisi -- musiyano weboka revashandisi, kuongororwa maitiro, kuongorora kwekupedzisira, kuongorora maitiro, nezvimwe.
3) Network Element Analysis - ongororo yakavakirwa pahunhu hwedunhu (guta, dunhu, mugwagwa, nezvimwewo) uye base station load.
4) Kudzora Traffic - P2P kumhanya kudzikamisa, QoS vimbiso, bandwidth vimbiso, network sosi optimization, nezvimwe.
5) Chengetedzo Chengetedzo - DDoS kurwiswa, dhata kutepfenyura dutu, kudzivirira kurwiswa kwehutachiona hunotyisa, nezvimwe.
2- General Classification yeNetwork Applications
Nhasi kune zvisingaverengeki zvikumbiro paInternet, asi zvakajairika zvewebhu zvikumbiro zvinogona kupera.
Sekuziva kwangu, iyo yakanakisa app yekuziva kambani iHuawei, iyo inoti inoziva zviuru zvina zveapp. Protocol analysis ndiyo yakakosha module yemakambani akawanda e firewall (Huawei, ZTE, etc.), uye zvakare yakakosha module, inotsigira kuzadzikiswa kwemamwe mamodule anoshanda, kunyatsozivikanwa application, uye kuvandudza zvakanyanya mashandiro uye kuvimbika kwezvigadzirwa. Mukuenzanisa malware identification yakavakirwa pamanetiweki traffic maitiro, sezvandiri kuita izvozvi, kwakaringana uye kwakakura kuzivikanwa kweprotocol kwakakoshawo. Kunze kweiyo network traffic yeakajairika maapplication kubva kune ekunze traffic yekambani, iyo yasara traffic ichazvidavirira kune diki chikamu, chiri nani chekuongorora malware uye alarm.
Zvichienderana neruzivo rwangu, izvo zviripo zvinowanzo shandiswa zvikumbiro zvinoiswa muzvikamu zvinoenderana nemabasa avo:
PS: Zvinoenderana nekunzwisisa kwega kwechikamu chekunyorera, une chero mazano akanaka anogamuchirwa kuti usiye meseji chikumbiro
1). E-mail
2). Vhidhiyo
3). Mitambo
4). Office OA kirasi
5). Software update
6). Zvemari (bhangi, Alipay)
7). Stocks
8). Social Communication (IM software)
9). Kubhurawuza paWebhu (pamwe zviri nani kuzivikanwa nemaURL)
10). Dhawunirodha zvishandiso (web disk, P2P download, BT ine chekuita)
Zvadaro, mashandisiro anoita DPI (Deep Packet Inspection) muNPB:
1). Packet Capture: Iyo NPB inobata network traffic kubva kwakasiyana masosi, senge switch, routers, kana matepi. Inogamuchira mapaketi anoyerera kuburikidza netiweki.
2). Packet Parsing: Iwo mapaketi akabatwa anopatsanurwa neNPB kuti abudise akasiyana maprotocol layer uye data yakabatana. Iyi parsing process inobatsira kuona izvo zvakasiyana-siyana zviri mukati memapaketi, senge Ethernet misoro, IP misoro, yekutakura layer misoro (semuenzaniso, TCP kana UDP), uye application layer protocol.
3). Payload Analysis: NeDPI, iyo NPB inodarika yekutarisa musoro uye inotarisa pamubhadharo, kusanganisira iyo chaiyo data mukati memapaketi. Iyo inoongorora iyo payload yemukati zvakadzama, zvisinei nekunyorera kana protocol inoshandiswa, kuburitsa ruzivo rwakakodzera.
4). Protocol Identification: DPI inogonesa iyo NPB kuona chaiwo maprotocol uye maapplication ari kushandiswa mukati me network traffic. Inogona kuona uye kuisa mapuroteni akaita seHTTP, FTP, SMTP, DNS, VoIP, kana vhidhiyo yekufambisa mapuroteni.
5). Ongororo Yezvemukati: DPI inobvumira iyo NPB kuti iongorore zviri mukati memapaketi kune chaiwo mapatani, siginicha, kana mazwi akakosha. Izvi zvinogonesa kuonekwa kwekutyisidzira kwenetiweki, senge malware, mavhairasi, kuedza kupindira, kana zviitiko zvinofungirwa. DPI inogona zvakare kushandiswa kusefa zvemukati, kumanikidza network marongero, kana kuona kutyorwa kwedata.
6). Metadata Kubvisa: Munguva yeDPI, iyo NPB inobvisa yakakodzera metadata kubva pamapakiti. Izvi zvinogona kusanganisira ruzivo rwakadai seyekunobva uye kwekuenda IP kero, nhamba dzechiteshi, ruzivo rwesesheni, data rekutengeserana, kana chero humwe hunhu hwakakodzera.
7). Traffic Routing kana Kusefa: Zvichienderana nekuongorora kweDPI, iyo NPB inogona kuendesa chaiwo mapaketi kunzvimbo dzakatarwa kuti uwedzere kugadzirisa, senge midziyo yekuchengetedza, maturusi ekutarisa, kana mapuratifomu ekuongorora. Inogona zvakare kushandisa mitemo yekusefa kurasa kana kutungamirazve mapaketi zvichienderana nezvakaonekwa zvemukati kana mapatani.
Nguva yekutumira: Jun-25-2023