Mutengesi weNetwork PacketZvishandiso zvinogadzirisa traffic yeNetwork kuitira kuti mimwe michina yekutarisa, yakaita seyakagadzirirwa Network performance monitoring uye security-related monitoring, ikwanise kushanda zvakanaka. Zvinhu zvinosanganisira kusefa mapaketi kuti zvione njodzi, mapaketi anotakura zvinhu, uye kuisa timestamp yakavakirwa pahardware.
Mugadziri weNetwork Securityzvinoreva mabasa ane chekuita nekugadzirwa kwekuchengetedzwa kwegore, kugadzirwa kwekuchengetedzwa kwenetiweki, uye kugadzirwa kwekuchengetedzwa kwedata. Zvichienderana nehukuru hwesangano, panogona kunge paine nhengo imwe chete ine basa renzvimbo yega yega. Neimwe nzira, sangano rinogona kusarudza maneja. Chero nzira, masangano anofanirwa kutsanangura kuti ndiani ane basa uye kuvapa simba rekuita sarudzo dzakakosha.
Kuongororwa kweNjodzi yeNetwork runyorwa rwakakwana rwenzira idzo kurwiswa kwemukati kana kwekunze kwakaipa kana kusina kunanga kunogona kushandiswa kubatanidza zviwanikwa. Kuongororwa kwakazara kunobvumira sangano kutsanangura njodzi nekudzideredza kuburikidza nekudzora kwekuchengetedza. Njodzi idzi dzingasanganisira:
- Kusanzwisisa zvakakwana masisitimu kana maitiro
- Masisitimu akaoma kuyera huwandu hwenjodzi
- masisitimu e "hybrid" anotarisana nenjodzi dzebhizinesi nedzehunyanzvi
Kugadzira fungidziro dzinoshanda kunoda kushanda pamwe chete pakati peIT nevanobatana mubhizinesi kuti vanzwisise huwandu hwenjodzi. Kushanda pamwe chete nekugadzira nzira yekunzwisisa mufananidzo wakakura wenjodzi kwakakosha sekukosha kwenjodzi yekupedzisira.
Zero Trust Architecture (ZTA)ipfungwa yekuchengetedza network inofungidzira kuti vamwe vashanyi vari pa network vane njodzi uye kuti kune nzvimbo dzakawanda dzekuwana dzisingakwanisi kuchengetedzwa zvizere. Saka, chengetedza zvinobudirira zvinhu zviri pa network kwete network pachayo. Sezvo ichibatanidzwa nemushandisi, mumiririri anosarudza kana achibvumidza chikumbiro chega chega chekuwana zvichibva pane njodzi yakaverengerwa zvichibva pamusanganiswa wezvinhu zvakaita sekushandiswa, nzvimbo, mushandisi, mudziyo, nguva, ruzivo rwedata, nezvimwewo. Sezvinoreva zita racho, ZTA ipuratifomu, kwete chigadzirwa. Haugone kuitenga, asi unogona kuigadzira zvichibva pane zvimwe zvezvinhu zvehunyanzvi zviri mairi.
Firewall yeNetiwekichigadzirwa chekuchengetedza chakakura uye chinozivikanwa chine zvinhu zvakawanda zvakagadzirirwa kudzivirira kupinda zvakananga kumapurogiramu esangano anochengetwa uye maseva edata. Mafirewall enetwork anopa kuchinjika kune ese ari maviri network yemukati uye gore. Kune gore, kune zvinopihwa zvakanangana negore, pamwe nenzira dzinoshandiswa nevanopa IaaS kuti vashandise zvimwe zvezvinogona zvakafanana.
Gateway reSecurewebzvakashanduka kubva pakugadzirisa bandwidth yeInternet kusvika pakudzivirira vashandisi kubva pakurwiswa kwakaipa kubva paInternet. Kusefa maURL, anti-virus, kubvisa macryption uye kuongorora mawebhusaiti anowanikwa kuburikidza neHTTPS, kudzivirira kuputswa kwedata (DLP), uye miganhu ye cloud access security agent (CASB) ikozvino ndiyo nzira yakajairika.
Kupinda KureInonyanya kushanda paVPN, asi inonyanya kushanda pakuwana network ye zero-trust (ZTNA), iyo inobvumira vashandisi kuwana maapplication ega ega vachishandisa ma profiles emamiriro ezvinhu vasingaonekwe nemidziyo.
Masisitimu Ekudzivirira Kupindira (IPS)kudzivirira zvikanganiso zvisina kurongwa kuti zvisarwiswe nekubatanidza zvishandiso zveIPS kumaseva asina kurongwa kuti zvionekwe uye zvivharirwe. Hunhu hweIPS ikozvino hunowanzo sanganisirwa mune zvimwe zvigadzirwa zvekuchengetedza, asi kuchine zvigadzirwa zvega. IPS iri kutanga kukwira zvakare sezvo cloud native control ichivaunza zvishoma nezvishoma mukuita uku.
Kudzora Kupinda Kwenetiwekiinopa kuoneka kwezviri mukati meNetwork uye kutonga kwekupinda muhurongwa hweNetwork hwemakambani hwakavakirwa pamitemo. Mitemo inogona kutsanangura kupinda zvichienderana nebasa remushandisi, kusimbiswa, kana zvimwe zvinhu.
Kuchenesa DNS (Sisitimu yeMazita eDomain Yakacheneswa)ibasa rinopihwa nemutengesi rinoshanda seDomain Name System yesangano kudzivirira vashandisi vekupedzisira (kusanganisira vashandi vari kure) kuti vasapinde mumawebhusaiti asina mukurumbira wakanaka.
Kuderedza DDoS (Kuderedza DDoS)inoganhurira kukanganisa kunoparadza kwekurambidzwa kwebasa rakapararira kune network. Chigadzirwa ichi chine nzira dzakasiyana-siyana dzekudzivirira zviwanikwa zve network mukati me firewall, izvo zviri pamberi pe network firewall, uye izvo zviri kunze kwesangano, zvakaita se network yezviwanikwa kubva kune vanopa masevhisi eInternet kana kutumira zviri mukati.
Kutarisira Mutemo weKuchengetedzwa kweNetwork (NSPM)zvinosanganisira kuongorora nekuongorora kuti mitemo inotungamira Network Security ive nani, pamwe nekushanda kwekuchinja kwemaitiro, kuyedzwa kwemitemo, kuongororwa kwekutevedzera mitemo, uye kuona. Chishandiso cheNSPM chinogona kushandisa mepu ye network inoratidza zvishandiso zvese nemitemo ye firewall inofukidza nzira dzakawanda dze network.
Kupatsanurwa kwezvikamu zvishomainzira inodzivirira kurwiswa kwenetwork kuri kuitika kuti kusafambe zvakatwasuka kuenda kuzvinhu zvakakosha. Zvishandiso zveMicroisolation zvekuchengetedza network zvinowira muzvikamu zvitatu:
- Maturusi akavakirwa panetwork akaiswa panetwork layer, kazhinji pamwe chete nemanetwork anotsanangurwa nesoftware, kuchengetedza midziyo yakabatana nenetwork.
- Zvishandiso zvine chekuita neHypervisor imhando dzekare dzezvikamu zvakasiyana-siyana zvekuvandudza kuonekwa kwetraffic isina kujeka yenetwork inofamba pakati pehypervisors.
- Maturusi akavakirwa paHost agent anoisa maagent pahost dzaanoda kubvisa kubva kune mamwe ma network; Mhinduro yehost agent inoshandawo zvakanaka kune mabasa egore, mabasa ehypervisor, uye maseva chaiwo.
Secure Access Service Edge (SASE)ipuratifomu iri kubuda inosanganisa kugona kwakazara kwekuchengetedza network, senge SWG, SD-WAN neZTNA, pamwe nehunyanzvi hwakazara hweWAN kutsigira zvinodiwa nemasangano zveSecure Access. Chinonyanya kukosha pane kuva puratifomu, SASE ine chinangwa chekupa modhi yebasa rekuchengetedza rakabatana rinopa mashandiro pakati pema network nenzira inokwenenzverwa, inochinjika, uye isina kunonoka.
Kuona uye Kupindura Network (NDR)inoramba ichiongorora traffic inopinda neinobuda uye traffic logs kuti inyore maitiro akajairwa eNetwork, kuitira kuti zvinhu zvisina kujairika zvigone kuonekwa uye kuziviswa kumasangano. Zvishandiso izvi zvinosanganisa kudzidza kwemuchina (ML), heuristics, ongororo, uye kuona kwakavakirwa pamitemo.
Kuwedzerwa kweDNS Securityzvinowedzerwa kune DNS protocol uye zvakagadzirirwa kusimbisa mhinduro dzeDNS. Mabhenefiti ekuchengetedza eDNSSEC anoda kusaina data reDNS rakavimbika nedhijitari, maitiro anotora nguva yakawanda.
Firewall seSevhisi (FWaaS)tekinoroji itsva ine chekuita neSWGS yakavakirwa pamakore. Musiyano uri mukuvaka, uko FWaaS inofamba nepakati peVPN connections pakati pe endpoints nemidziyo iri pamucheto wenetwork, pamwe ne security stack iri mugore. Inogona zvakare kubatanidza vashandisi kumasevhisi emunharaunda kuburikidza nemaVPN tunnels. FWaaS parizvino hadziwanzowanikwe zvakanyanya seSWGS.
Nguva yekutumira: Kurume-23-2022
