ProHoster > Π‘Π»ΠΎΠ³ > Kev tswj hwm > DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws

DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws

DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws
Chain kev ntseeg. CC BY-SA 4.0 Yanpas

Kev tshuaj xyuas kev tsheb khiav SSL (SSL / TLS decryption, SSL lossis DPI tsom xam) tau dhau los ua cov ntsiab lus kub ntawm kev sib tham hauv kev lag luam. Lub tswv yim ntawm decrypting tsheb zoo li tsis sib haum xeeb lub tswv yim ntawm cryptography. Txawm li cas los xij, qhov tseeb yog qhov tseeb: ntau thiab ntau lub tuam txhab siv DPI thev naus laus zis, piav qhia qhov no los ntawm qhov xav tau los xyuas cov ntsiab lus rau malware, cov ntaub ntawv xau, thiab lwm yam.

Zoo, yog tias peb lees txais qhov tseeb tias cov thev naus laus zis zoo li no yuav tsum tau ua, ces peb yuav tsum tsawg kawg xav txog txoj hauv kev ua kom muaj kev nyab xeeb thiab tswj tau zoo tshaj plaws. Yam tsawg kawg tsis txhob cia siab rau cov ntawv pov thawj, piv txwv li, uas DPI system muab rau koj.

Muaj ib yam ntawm kev siv uas tsis yog txhua tus paub txog. Qhov tseeb, ntau tus neeg xav tsis thoob thaum lawv hnov ​​​​txog nws. Qhov no yog ib tug private certification authority (CA). Nws tsim cov ntawv pov thawj los decrypt thiab rov encrypt tsheb.

Tsis txhob cia siab rau daim ntawv pov thawj tus kheej lossis daim ntawv pov thawj los ntawm DPI cov khoom siv, koj tuaj yeem siv CA los ntawm ib tus neeg thib peb daim ntawv pov thawj txoj cai xws li GlobalSign. Tab sis ua ntej, cia peb ua me ntsis saib ntawm qhov teeb meem nws tus kheej.

Kev tshuaj xyuas SSL yog dab tsi thiab vim li cas nws thiaj siv?

Ntau thiab ntau lub vev xaib pej xeem tau tsiv mus rau HTTPS. Piv txwv li, raws li Chrome txheeb cais, thaum pib lub Cuaj Hlis 2019, qhov sib koom ntawm kev nkag mus hauv tebchaws Russia tau nce mus txog 83%.

DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws

Hmoov tsis zoo, kev nkag mus encryption tau siv ntau dua los ntawm cov neeg tawm tsam, tshwj xeeb tshaj yog txij li Let's Encrypt faib ntau txhiab daim ntawv pov thawj SSL dawb hauv kev siv tshuab. Yog li, HTTPS tau siv txhua qhov chaw - thiab lub ntsuas phoo hauv qhov browser chaw nyob bar tau tso tseg los ua qhov taw qhia kev ruaj ntseg.

Cov neeg tsim khoom ntawm DPI cov kev daws teeb meem txhawb nqa lawv cov khoom los ntawm cov haujlwm no. Lawv nyob nruab nrab ntawm cov neeg siv kawg (piv txwv li koj cov neeg ua haujlwm saib lub vev xaib) thiab Is Taws Nem, lim tawm cov tsheb tsis zoo. Muaj ib tug xov tooj ntawm cov khoom lag luam niaj hnub no, tab sis cov txheej txheem tseem ceeb yog tib yam. HTTPS tsheb hla dhau los ntawm cov cuab yeej tshuaj xyuas qhov twg nws tau decrypted thiab kuaj xyuas malware.

Thaum qhov kev txheeb xyuas tiav lawm, lub cuab yeej tsim ib qho kev sib tham SSL tshiab nrog tus neeg siv kawg kom decrypt thiab rov encrypt cov ntsiab lus.

Yuav ua li cas cov txheej txheem decryption/re-encryption ua haujlwm

Txhawm rau kom cov cuab yeej tshuaj xyuas SSL kom decrypt thiab rov encrypt cov pob ntawv ua ntej xa lawv mus rau cov neeg siv kawg, nws yuav tsum muaj peev xwm tshaj tawm SSL daim ntawv pov thawj ntawm ya. Qhov no txhais tau tias nws yuav tsum muaj daim ntawv pov thawj CA ntsia.

Nws yog ib qho tseem ceeb rau lub tuam txhab (los yog leej twg-hauv-tus-nruab nrab) tias cov ntawv pov thawj SSL no tau ntseeg los ntawm browsers (piv txwv li, tsis txhob ua rau cov lus ceeb toom txaus ntshai zoo li cov hauv qab no). Yog li ntawd CA saw (los yog hierarchy) yuav tsum nyob rau hauv lub browser lub khw muag khoom. Vim tias cov ntawv pov thawj no tsis tau muab los ntawm cov tub ceev xwm daim ntawv pov thawj uas ntseeg tau, koj yuav tsum muab faib CA hierarchy rau txhua tus neeg siv khoom kawg.

DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws
Cov lus ceeb toom rau daim ntawv pov thawj tus kheej kos npe hauv Chrome. Qhov chaw: BadSSL.com

Hauv Windows khoos phis tawj, koj tuaj yeem siv Active Directory thiab Pawg Txoj Cai, tab sis rau cov khoom siv mobile cov txheej txheem yuav nyuaj dua.

Qhov xwm txheej yuav nyuaj dua yog tias koj xav tau los txhawb lwm cov ntawv pov thawj hauv paus hauv ib puag ncig kev lag luam, piv txwv li, los ntawm Microsoft, lossis raws li OpenSSL. Ntxiv rau kev tiv thaiv thiab kev tswj hwm tus yuam sij ntiag tug kom cov yuam sij tsis tas sij hawm poob nthav.

Qhov kev xaiv zoo tshaj plaws: ntiag tug, nplooj siab daim ntawv pov thawj los ntawm peb tog CA

Yog tias tswj hwm ntau lub hauv paus lossis daim ntawv pov thawj tus kheej kos npe tsis txaus siab, muaj lwm txoj kev xaiv: tso siab rau CA thib peb. Hauv qhov no, daim ntawv pov thawj raug muab los ntawm ntiag tug ib lub CA uas tau txuas rau hauv cov saw ntawm kev ntseeg siab rau lub siab, ntiag tug hauv paus CA tsim tshwj xeeb rau lub tuam txhab.

DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws
Simplified architecture rau cov neeg mob siab rau daim ntawv pov thawj hauv paus

Qhov kev teeb tsa no tshem tawm qee qhov teeb meem uas tau hais ua ntej: tsawg kawg nws txo cov hauv paus hniav uas yuav tsum tau tswj hwm. Ntawm no koj tuaj yeem siv tsuas yog ib txoj cai ntiag tug rau txhua qhov kev xav tau PKI sab hauv, nrog rau tus lej ntawm CAs nruab nrab. Piv txwv li, daim duab saum toj no qhia tau hais tias muaj ntau theem hierarchy uas ib qho ntawm CAs nruab nrab yog siv rau SSL pov thawj / decryption thiab lwm yam yog siv rau hauv computers (laptops, servers, desktops, thiab lwm yam).

Hauv kev tsim qauv no, tsis tas yuav tsum tuav CA rau txhua tus neeg siv khoom vim tias CA sab saum toj yog tuav los ntawm GlobalSign, uas daws cov teeb meem ntiag tug tiv thaiv thiab tas sij hawm.

Lwm qhov zoo dua ntawm txoj hauv kev no yog lub peev xwm tshem tawm SSL txoj cai tshuaj xyuas rau txhua qhov laj thawj. Hloov chaw, ib qho tshiab tsuas yog tsim, uas yog khi rau koj tus kheej ntiag tug hauv paus, thiab koj tuaj yeem siv tam sim ntawd.

Txawm hais tias tag nrho cov kev tsis sib haum xeeb, cov tuam txhab tau nce siv SSL kev tshuaj xyuas kev tsheb khiav raws li ib feem ntawm lawv cov PKI sab hauv lossis ntiag tug. Lwm yam kev siv rau PKI ntiag tug suav nrog kev tshaj tawm cov ntawv pov thawj rau cov cuab yeej lossis cov neeg siv kev lees paub, SSL rau cov servers sab hauv, thiab ntau yam kev teeb tsa uas tsis raug tso cai hauv pej xeem cov ntawv pov thawj raws li xav tau los ntawm CA/Browser Forum.

Browsers tab tom sib ntaus sib tua

Nws yuav tsum raug sau tseg tias browser tsim tawm sim tawm tsam qhov sib txawv no thiab tiv thaiv cov neeg siv kawg ntawm MiTM. Piv txwv li, ob peb hnub dhau los Mozilla tau txiav txim siab Qhib DoH (DNS-over-HTTPS) raws tu qauv los ntawm lub neej ntawd hauv ib qho ntawm cov browser txuas ntxiv hauv Firefox. DoH raws tu qauv zais DNS queries los ntawm DPI system, ua rau SSL tshuaj xyuas nyuaj.

Hais txog cov phiaj xwm zoo sib xws rau lub Cuaj Hlis 10, 2019 tshaj tawm Google rau Chrome browser.

DPI (SSL tshuaj xyuas) tawm tsam cov lis ntawm cryptography, tab sis cov tuam txhab siv nws

Tsuas yog cov neeg siv sau npe tuaj yeem koom nrog hauv daim ntawv ntsuam xyuas. Kos npe rau hauvthov.

Koj puas xav tias ib lub tuam txhab muaj cai los tshuaj xyuas SSL kev khiav tsheb ntawm nws cov neeg ua haujlwm?

  • Yog, nrog lawv kev tso cai

  • Tsis yog, thov kom pom zoo li no tsis raug cai thiab/lossis tsis ncaj ncees

122 cov neeg siv pov npav. 15 cov neeg siv txwv tsis pub siv.

Tau qhov twg los: www.hab.com

Ntxiv ib saib