Chii chinonzi SSL/TLS Decryption?
SSL decryption, inozivikanwawo seSSL/TLS decryption, inoreva maitiro ekutora uye kudhibhita Secure Sockets Layer (SSL) kana Transport Layer Security (TLS) encrypted network traffic. SSL/TLS inzira inoshandiswa nevakawanda encryption protocol inochengetedza kutapurirana data pamacomputer network, senge internet.
SSL decryption inowanzoitwa nemidziyo yekuchengetedza, senge firewall, intrusion kudzivirira masisitimu (IPS), kana yakatsaurirwa SSL decryption midziyo. Midziyo iyi inoiswa zvine hungwaru mukati metiweki kuti iongorore yakavharidzirwa traffic nekuda kwekuchengetedza. Chinangwa chikuru ndechekuongorora iyo yakavharidzirwa data yezvingangoita kutyisidzira, malware, kana zvisingatenderwe zviitiko.
Kuita SSL decryption, mudziyo wekuchengetedza unoshanda semurume-pakati-pakati pakati pemutengi (semuenzaniso, web browser) neserver. Kana mutengi atanga kubatana kweSSL/TLS nesevha, mudziyo wekuchengetedza unobata traffic yakavharidzirwa uye inotanga maviri akapatsanurwa eSSL/TLS ekubatanidza-imwe nemutengi uye imwe neserver.
Chidziviriro chekuchengetedza chinobva chabvisa traffic kubva kumutengi, yoongorora zvakavharwa, uye inoshandisa mitemo yekuchengetedza kuona chero njodzi kana fungidziro. Iyo inogona zvakare kuita mabasa akadai sekudzivirira kurasikirwa kwedata, kusefa zvemukati, kana kuona malware pane yakadhindwa data. Kana traffic yaongororwa, mudziyo wekuchengetedza unoinyora zvakare uchishandisa chitupa cheSSL/TLS chitsva uye wochiendesa kune server.
Izvo zvakakosha kuti uzive kuti SSL decryption inosimudza kuvanzika uye kuchengetedzeka kunetseka. Sezvo mudziyo wekuchengetedza uchiwana iyo data yakavharwa, unogona kuona ruzivo rwakadzama senge mazita ekushandisa, mapassword, ruzivo rwekadhi rechikwereti, kana imwe data yakavanzika inofambiswa panetiweki. Naizvozvo, SSL decryption inowanzoitwa mukati menzvimbo dzakadzorwa uye dzakachengetedzwa kuti ive nechokwadi chekuvanzika uye kutendeseka kweiyo data yakagamuchirwa.
SSL Decryption ine matatu akajairika modes, ndeaya:
-Passive Mode
- Inbound Mode
- Outbound Mode
Asi, ndeipi misiyano yemhando nhatu dzeSSL Decryption?
| Mode | Passive Mode | Inbound Mode | Outbound Mode |
| Tsanangudzo | Inongoendesa mberi SSL/TLS traffic pasina decryption kana kugadziridzwa. | Decrypts zvikumbiro zvemutengi, anoongorora uye nekushandisa chengetedzo marongero, wozoendesa zvikumbiro kune server. | Decrypts server mhinduro, inoongorora uye nekushandisa chengetedzo marongero, wozoendesa mhinduro kumutengi. |
| Traffic Flow | Bi-directional | Mutengi kune Server | Server kune Mutengi |
| Basa remudziyo | Mucherechedzi | Murume-mu-pakati | Murume-mu-pakati |
| Decryption Nzvimbo | Hapana decryption | Decrypts pane network perimeter (kazhinji pamberi pesevha). | Decrypts pane network perimeter (kazhinji pamberi pemutengi). |
| Traffic Kuonekwa | Trafiki yakavharidzirwa chete | Decrypted client applications | Decrypted server mhinduro |
| Traffic Modification | Hapana kugadzirisa | Inogona kugadzirisa traffic yekuongorora kana kuchengetedza zvinangwa. | Inogona kugadzirisa traffic yekuongorora kana kuchengetedza zvinangwa. |
| SSL Chitupa | Hapana kudikanwa kwekiyi yakavanzika kana chitupa | Inoda kiyi yakavanzika uye chitupa kuti server itambirwe | Inoda yakavanzika kiyi uye chitupa kune mutengi ari kutambirwa |
| Chengetedzo Kudzora | Kudzora kwakaganhurirwa sezvo isingakwanise kuongorora kana kugadzirisa yakavharidzirwa traffic | Inogona kuongorora uye kushandisa mitemo yekuchengetedza kune zvikumbiro zvevatengi vasati vasvika kune server | Inogona kuongorora uye kushandisa mitemo yekuchengetedza kune server mhinduro isati yasvika kumutengi |
| Zvekuvanzika | Haikwanise kuwana kana kuongorora data rakavharidzirwa | Inokwanisa kuwana zvikumbiro zvevatengi zvakadzimirwa, zvichisimudza zvinonetsa kuvanzika | Inokwanisa kuwana mhinduro dze server dzakadzikiswa, zvichimutsa zvinonetsa kuvanzika |
| Mafungiro Ekuteerera | Kukanganisa kudiki pakuvanzika uye kutevedzera | Inogona kuda kutevedzwa nemirairo yekuvanzika kwedata | Inogona kuda kutevedzwa nemirairo yekuvanzika kwedata |
Kuenzaniswa neiyo serial decryption yeyakachengeteka kuburitsa chikuva, iyo yechinyakare serial decryption tekinoroji ine painogumira.
Mafirewall uye network kuchengetedza magedhi ayo decrypt SSL/TLS traffic inowanzotadza kutumira yakavharwa traffic kune mamwe ekutarisa uye ekuchengetedza maturusi. Saizvozvo, kuyera kuyera kunobvisa SSL/TLS traffic uye kugovera zvakakwana mutoro pakati pemaseva, asi inotadza kugovera iyo traffic kune akawanda chaining ekuchengetedza maturusi asati ainyora zvakare. Chekupedzisira, idzi mhinduro dzinoshaya kutonga pamusoro pesarudzo yetraffic uye inogovera isina kuvharirwa traffic pawaya-kumhanya, kazhinji kutumira iyo traffic yese kune decryption injini, ichigadzira matambudziko ekuita.
NeMylinking™ SSL decryption, unogona kugadzirisa matambudziko aya:
1- Kuvandudza maturusi ekuchengetedza aripo nekuisa pakati uye kurodha SSL decryption uye zvakare encryption;
2- Ratidza kutyisidzira kwakavanzika, kutyora data, uye malware;
3- Remekedza kuvanzika kwedata kutevedza nepolicy-based selective decryption nzira;
4 -Service chain yakawanda traffic intelligence application senge packet slicing, masking, deduplication, uye inogadzirisa chikamu kusefa, nezvimwe.
5- Kukanganisa mashandiro ako etiweki, uye ita zvigadziriso zvakakodzera kuti uve nechokwadi chekuenzanisa pakati pekuchengetedza uye kuita.
Aya ndiwo mamwe eakakosha mashandisirwo eSSL decryption mune network packet broker. Nekudzvanya SSL/TLS traffic, NPBs inosimudzira kuoneka uye kushanda kwekuchengetedza uye yekutarisa maturusi, kuve nechokwadi chakazara chekuchengetedzwa kwetiweki uye kugona kwekutarisa maitiro. SSL decryption mune network packet broker (NPBs) inosanganisira kuwana uye kudhibhita yakavharidzirwa traffic kuti iongororwe uye kuongororwa. Kuve nechokwadi chekuvanzika uye kuchengetedzeka kweiyo decrypted traffic kwakakosha zvakanyanya. Izvo zvakakosha kuti uzive kuti masangano ari kuendesa SSL decryption muNPBs anofanirwa kuve nematongerwo akajeka uye maitiro aripo ekutonga kushandiswa kweiyo decrypted traffic, kusanganisira yekuwana kudzora, kubata data, uye kuchengetedza marongero. Kutevedzera zvinodiwa zvemutemo uye zvekutonga kwakakosha kuti uve nechokwadi chekuvanzika uye kuchengetedzeka kweiyo decrypted traffic.
Nguva yekutumira: Sep-04-2023
