Chii chinonzi SSL/TLS Decryption?
Kubvisa SSL mumashoko, kunozivikanwawo seSSL/TLS decryption, zvinoreva maitiro ekubvisa nekudzima maSecure Sockets Layer (SSL) kana Transport Layer Security (TLS) encrypted network traffic. SSL/TLS inzira inoshandiswa zvakanyanya yekudzivirira data kuburikidza nemakomputa, akadai seinternet.
Kubvisa SSL kunowanzoitwa nemidziyo yekuchengetedza, yakadai semadziro ekudzivirira kupinda (IPS), kana michina yeSSL yakatsaurirwa kubvisa SSL. Midziyo iyi inoiswa zvakanaka mukati me network kuti iongorore traffic yakavharirwa nekuda kwezvikonzero zvekuchengetedza. Chinangwa chikuru ndechekuongorora data rakavharirwa kuti rione njodzi dzinogona kuitika, malware, kana mabasa asina mvumo.
Kuti iite SSL decryption, mudziyo wekuchengetedza unoshanda semunhu ari pakati pemutengi (semuenzaniso, web browser) neseva. Kana mutengi akatanga SSL/TLS connection neseva, mudziyo wekuchengetedza unodzivirira traffic yakavharirwa uye unogadzira SSL/TLS connections mbiri dzakasiyana—imwe nemutengi uye imwe neseva.
Mudziyo wekuchengetedza unozobvisa ruzivo rwakadzama kubva kumutengi, woongorora zviri mukati zvakabviswa ruzivo, uye woshandisa mitemo yekuchengetedza kuti uone chero chiitiko chine njodzi kana chinofungirwa. Unogonawo kuita mabasa akadai sekudzivirira kurasikirwa nedata, kusefa zviri mukati, kana kuona malware padata rakabviswa ruzivo. Kana traffic yangoongororwa, mudziyo wekuchengetedza unoinyorazve uchishandisa chitupa chitsva cheSSL/TLS wochitumira kuseva.
Zvakakosha kuziva kuti SSL decryption inokonzera matambudziko ekuchengetedzwa kwedata. Sezvo mudziyo wekuchengetedza uchikwanisa kuwana data rakabviswa, unogona kuona ruzivo rwakakosha senge mazita evashandisi, mapassword, ruzivo rwemakadhi echikwereti, kana rumwe ruzivo rwakavanzika rwunotumirwa netiweki. Saka, SSL decryption inowanzoitwa munzvimbo dzakadzorwa uye dzakachengeteka kuitira kuve nechokwadi chekuvanzika uye kuvimbika kwedata rakatorwa.
SSL Decryption ine nzira nhatu dzakajairika, idzo ndeidzi:
- Nzira yePassive
- Modhi Inopinda
- Nzira Yokubuda
Asi, ndeapi musiyano uripo pakati pemhando nhatu dzeSSL Decryption?
| Maitiro | Maitiro Ekusaita Chinhu | Nzira Yokupinda | Nzira Yokubuda |
| Tsananguro | Inongotumira traffic yeSSL/TLS pasina kubvisa kana kugadzirisa. | Inobvisa zvikumbiro zvevatengi, inoongorora uye inoshandisa mitemo yekuchengetedza, yozotumira zvikumbiro kuseva. | Inobvisa mhinduro dzeseva, inoongorora uye inoshandisa mitemo yekuchengetedza, yozotumira mhinduro dzacho kumutengi. |
| Kufamba Kwemotokari | Mativi maviri | Mutengi kuenda kuSeva | Sevha kuenda kuMutengi |
| Basa reMudziyo | Mucherechedzi | Munhu Ari Pakati | Munhu Ari Pakati |
| Nzvimbo yekubvisa manyorerwo emashoko | Hapana kubviswa kwemazwi | Inoburitsa mashoko ari pamuganhu wenetwork (kazhinji pamberi peserver). | Inoburitsa mashoko ari pamucheto wenetwork (kazhinji pamberi pemutengi). |
| Kuonekwa Kwemotokari | Traffic yakavharirwa chete | Zvikumbiro zvevatengi zvakabviswa crypt | Mhinduro dzeseva dzakabviswa crypt |
| Kugadziriswa Kwemotokari | Hapana shanduko | Inogona kugadzirisa traffic nekuda kwekuongorora kana kuchengetedza. | Inogona kugadzirisa traffic nekuda kwekuongorora kana kuchengetedza. |
| Chitupa cheSSL | Hapana chikonzero chekiyi yakavanzika kana chitupa | Inoda kiyi yakavanzika uye chitupa cheseva iri kubatwa | Inoda kiyi yakavanzika uye chitupa kuti mutengi ari kubatwa |
| Kudzora Kuchengetedzeka | Kudzora kushoma sezvo isingakwanise kuongorora kana kugadzirisa traffic yakavharidzirwa | Inogona kuongorora nekushandisa mitemo yekuchengetedza kune zvikumbiro zvevatengi isati yasvika kuseva | Unogona kuongorora nekushandisa mitemo yekuchengetedza mhinduro dzeseva usati wasvika kune mutengi |
| Zvinonetsa Nezvekuchengetedzwa Kwezvakavanzika | Haikwanise kuwana kana kuongorora data rakavharidzirwa | Anokwanisa kuwana zvikumbiro zvevatengi zvakabviswa zvinyorwa, zvichikonzera matambudziko ekuchengetedza ruzivo rwevanhu | Anokwanisa kuwana mhinduro dzeseva dzakabviswa crypt, zvichikonzera matambudziko ekuchengetedzwa kweruzivo rwemunhu |
| Kufunga Nezvekutevedzera Mutemo | Kukanganisa kushoma pakuchengetedzwa kwezvakavanzika uye kutevedzera mitemo | Zvingada kuti mitemo yekuchengetedzwa kwedata itevedzwe | Zvingada kuti mitemo yekuchengetedzwa kwedata itevedzwe |
Kana tichienzanisa nekushandisa serial decryption yepuratifomu yekutumira yakachengeteka, tekinoroji yechinyakare ye serial decryption ine miganhu.
Mafirewall nemagedhi ekuchengetedza network anobvisa ruzivo rwakadzama rweSSL/TLS anowanzo tadza kutumira ruzivo rwakadzama kune mamwe maturusi ekutarisa nekuchengetedza. Saizvozvowo, kuyera mutoro kunobvisa ruzivo rweSSL/TLS uye kunogovera mutoro zvakanaka pakati pemaseva, asi kunokundikana kugovera ruzivo kune maturusi ekuchengetedza akawanda asati arudzokorora. Chekupedzisira, mhinduro idzi hadzina simba rekutonga sarudzo yeruzivo uye dzinoparadzira ruzivo rwakadzama rwemashoko nekukurumidza kwewaya, zvichiwanzo tumira ruzivo rwese kuinjini yekubvisa ruzivo, zvichigadzira matambudziko ekushanda.
Nekushandisa Mylinking™ SSL decryption, unogona kugadzirisa matambudziko aya:
1- Kuvandudza maturusi ekuchengetedza aripo nekuisa pamwe chete uye kubvisa SSL decryption uye re-encryption;
2- Kufumura njodzi dzakavanzika, kutyorwa kwedata, uye malware;
3- Kuremekedza kutevedzera mitemo yekuchengetedzwa kwedata nenzira dzekusarudza nzira dzekubvisa ruzivo rwakadzama;
4 -Kushandisa nzira dzakasiyana dzekuchengetedza ruzivo rwemigwagwa dzakadai sekucheka mapaketi, kuvhara masiki, kubvisa data, uye kugadzirisa mafambiro ebasa, nezvimwewo.
5- Ita kuti network yako ishande zvakanaka, uye gadzirisa zvinhu zvakakodzera kuti pave nerunyararo pakati pekuchengetedzwa uye kushanda zvakanaka.
Aya ndiwo mamwe emashandisirwo akakosha eSSL decryption mu network packet brokers. Nekubvisa SSL/TLS traffic, NPBs inowedzera kuoneka uye kushanda kwezvishandiso zvekuchengetedza nekutarisa, zvichivimbisa kuchengetedzwa kwakakwana kwenetwork uye kugona kwekutarisa mashandiro. Kubvisa SSL decrypt mu network packet brokers (NPBs) kunosanganisira kuwana uye kubvisa traffic encrypted kuti iongororwe uye iongororwe. Kuve nechokwadi chekuti traffic decrypted yakachengetedzwa kwakakosha zvikuru. Zvakakosha kuziva kuti masangano ari kushandisa SSL decryption muNPBs anofanira kunge aine mitemo nemaitiro akajeka ekutonga kushandiswa kwetraffic decrypted, kusanganisira kudzora kupinda, kubata data, uye kuchengetedza. Kutevedzera zvinodiwa zvemutemo nemutemo zvakakosha kuti kuve nechokwadi chekuti traffic decrypted yakachengetedzwa.
Nguva yekutumira: Gunyana-04-2023
