I-IT enkulu yazisa i-firewall echazwe ngenkonzo

Iya kufumana isicelo kumaziko edatha kunye nelifu.

/ ifoto UChristiaan Colen CC BY-SA

Loluphi uhlobo lobuchwephesha olu

I-VMware iye yazisa i-firewall entsha ekhusela inethiwekhi kwinqanaba lesicelo.

Iziseko zeenkampani zanamhlanje zakhiwe kumawaka eenkonzo ezidityanisiweyo kwinethiwekhi eqhelekileyo. Oku kwandisa i-vector yokuhlaselwa kwe-hacker enokwenzeka. I-firewall ye-Classic inokukhusela ekuhlaselweni kwangaphandle, nangona kunjalo ijike yaba- azinamandla ukuba umhlaseli sele engenile kwinethiwekhi.

Iingcali zeCybersecurity ezivela kwiCarbon Black yithiukuba kwi-59% yamatyala, abahlaseli abayeki ukuqhekeza iseva enye. Bajonga ubuthathaka kwizixhobo ezinxulumeneyo kunye "nokuzulazula" kwinethiwekhi ngeenzame zokufumana ukufikelela kwidatha engaphezulu.

I-firewall entsha isebenzisa i-algorithms yokufunda koomatshini ukubona umsebenzi ongaqhelekanga kwinethiwekhi kwaye, ukuba iyingozi, yazisa umlawuli.

ntoni lo msebenzi

Ukucima umlilo luquka yamacandelo amabini: iqonga le-NSX kunye ne-AppDefense inkqubo yokufumanisa isoyikiso.

Inkqubo yoKhuseleko lwe-App iimpendulo ukwakha imodeli yokuziphatha yazo zonke izicelo ezisebenza kumsebenzi womnatha. Ii-algorithms zokufunda ezikhethekileyo zomatshini zihlalutya ukusebenza kweenkonzo kwaye zenze "uluhlu olumhlophe" lwezenzo abazenzayo. Ulwazi oluvela kwi-database ye-VMware lukwasetyenziselwa ukuyiqulunqa. Yenziwe ngesiseko se-telemetry ebonelelwa ngabathengi benkampani.

Olu luhlu ludlala indima ebizwa ngokuba yimigaqo-nkqubo yokhuseleko elungelelanisiweyo, ngokusekelwe apho i-firewall imisela izinto ezingaqhelekanga kuthungelwano. Inkqubo ibeka iliso ekusebenzeni kwezicelo kwaye, ukuba ukuphambuka kwindlela yokuziphatha kwabo kufunyenwe, ithumela isaziso kumsebenzisi weziko ledatha. Izixhobo ze-VMware vSphere zisetyenziselwa ukubeka esweni umsebenzi, ngoko ke i-firewall entsha ayifuni ukufakwa kwesoftware ekhethekileyo kwinginginya nganye.

Ngokuphathelele Iziko leDatha leNSX, ngoko liqonga lokulawula iinethiwekhi ezichazwe kwisoftware kwiziko ledatha. Umsebenzi wayo kukudibanisa amacandelo e-firewall kwisistim enye kunye nokunciphisa iindleko zokugcinwa kwayo. Ngokukodwa, inkqubo ikuvumela ukuba usasaze imigaqo-nkqubo efanayo yokhuseleko kwiindawo ezahlukeneyo zamafu.

Ungayibona i-firewall isebenza kuyo ividiyo kwitshaneli yeVMware YouTube.

/ ifoto USDA PD

Iingcamango

Isisombululo asibophelwanga kwi-architecture kunye ne-hardware yenkqubo ekujoliswe kuyo. Ke ngoko, inokuhanjiswa kwiziseko ezingundoqo zamafu. Umzekelo, abameli be-IlliniCloud, ukunika iinkonzo zelifu kwii-arhente zikarhulumente, zithi inkqubo ye-NSX ibanceda balinganise imithwalo yenethiwekhi kwaye isebenze njenge-firewall kumaziko amathathu edatha asasazwe ngokwejografi.

Abameli beIDC yithiukuba inani leenkampani ezisebenza ngeziseko ezingundoqo ezinamafu amaninzi likhula ngokuthe ngcembe. Ngoko ke, izisombululo ezenza lula ulawulo kunye nokukhusela iziseko ezisasazwayo (ezifana ne-NSX kunye ne-firewall eyakhelwe kwisiseko sayo) ziya kufumana ukuthandwa phakathi kwabathengi.

Phakathi kwezinto ezingalunganga ze-firewall entsha, iingcali zigxininisa imfuno yokubeka i-software-defined networks. Ayizizo zonke iinkampani kunye namaziko edatha analo thuba. Ukongezelela, akukaziwa ukuba i-firewall echazwe ngenkonzo iya kuba nefuthe njani ekusebenzeni kwenkonzo kunye nokuhamba kwenethiwekhi.

I-VMware iphinde yavavanya imveliso yayo kuphela kwiintlobo eziqhelekileyo zee-hacks (umzekelo, i-phishing). Ayicacanga indlela inkqubo izakusebenza kwiimeko ezinzima ngakumbi ezifana nohlaselo lwesitofu senkqubo. Ngelo xesha, i-firewall entsha ayikwazi ngokuzimeleyo ukuthatha amanyathelo okukhusela inethiwekhi - inokuthumela kuphela izaziso kumlawuli.

Izisombululo ezifanayo

I-Palo Alto Networks kunye neCisco nazo ziphuhlisa isizukulwana esilandelayo somlilo esikhusela iziseko zenethiwekhi kunye nomjikelezo wonke. Eli nqanaba lokukhusela liphunyezwa ngohlalutyo olunzulu lwezithuthi, iinkqubo zokuthintela ukungena (IPS) kunye ne-virtualization yenethiwekhi zabucala (VPN).

Inkampani yokuqala yenziwe iqonga eliqinisekisa ukhuseleko lwemo yenethiwekhi ngokusebenzisa iifirewall ezininzi ezikhethekileyo. Ngamnye wabo ukhusela indawo ezinikeleyo - kukho izisombululo zothungelwano lweselula, ifu kunye noomatshini benyani.

Isigebenga sesibini se-IT ukubonelela i-hardware kunye nezixhobo zesoftware ezihlalutya kwaye zihluze i-traffic kwiprotocol kunye namanqanaba omsebenzi wesicelo. Kwizixhobo ezinjalo, ungaqwalasela imigaqo-nkqubo yokhuseleko kwaye usebenzise isiseko sedatha esihlanganisiweyo sobuthathaka kunye nosongelo kwizicelo ezithile.

Kwixesha elizayo, kulindeleke ukuba iinkampani ezininzi ziza kubonelela ngee-firewall ezikhusela amanethiwekhi kwinqanaba lenkonzo.

Yintoni esibhala ngayo kwibhlog yokuqala malunga ne-IaaS yeshishini:

• Ukusabalalisa i-firewall kwi-vCloud Director 8.20: iimpawu zesisombululo
• I-SAP HANA kunye ne-software-defined data center: i-practical case
• vCloud Director: indlela yokwenza uqhagamshelwano olukhuselekileyo phakathi kwemibutho emibini

Kwaye kwijelo lethu leTelegram:

• Ugcino lwamafu - zintoni?
• Iindlela ezintathu zokubeka inkqubo ye-ERP
• Ukhuseleko lwedatha kwilifu: iimeko ezingaqhelekanga

umthombo: www.habr.com