I-ProHoster > Блог > Ukuphatha > Ukuphepha kolwazi lwesikhungo sedatha

Ukuphepha kolwazi lwesikhungo sedatha

Ukuphepha kolwazi lwesikhungo sedatha
Yile ndlela isikhungo sokuqapha sesikhungo sedatha se-NORD-2 esise-Moscow sibukeka kanjani

Ufunde izikhathi ezingaphezu kwesisodwa mayelana nokuthi yiziphi izinyathelo ezithathwayo ukuze kuqinisekiswe ukuphepha kolwazi (IS). Noma yimuphi uchwepheshe we-IT ozihloniphayo angasho kalula imithetho yokuphepha yolwazi engu-5-10. I-Cloud4Y inikeza ukukhuluma mayelana nokuphepha kolwazi lwezikhungo zedatha.

Lapho uqinisekisa ukuphepha kolwazi lwesikhungo sedatha, izinto “ezivikelwe” kakhulu yilezi:

  • izinsiza zolwazi (idatha);
  • izinqubo zokuqoqa, ukucubungula, ukugcina nokudlulisa ulwazi;
  • abasebenzisi besistimu kanye nabasebenzi abalungisayo;
  • ingqalasizinda yolwazi, okuhlanganisa ihadiwe kanye namathuluzi e-software okucubungula, ukudlulisa nokubonisa ulwazi, okuhlanganisa amashaneli okushintshana ngolwazi, izinhlelo zokuphepha kolwazi nezakhiwo.

Indawo yesikhungo sedatha yesibopho incike kumodeli yamasevisi anikeziwe (IaaS/PaaS/SaaS). Ukuthi kubukeka kanjani, bheka isithombe esingezansi:

Ukuphepha kolwazi lwesikhungo sedatha
Ububanzi benqubomgomo yokuphepha yesikhungo sedatha kuye ngemodeli yamasevisi anikeziwe

Ingxenye ebaluleke kakhulu yokuthuthukisa inqubomgomo yokuvikela ulwazi ukwakha imodeli yezinsongo kanye nabephula umthetho. Yini engaba usongo esikhungweni sedatha?

  1. Izehlakalo ezimbi zemvelo, ezenziwe ngumuntu kanye nenhlalo yabantu
  2. Amaphekula, izakhi zobugebengu, njll.
  3. Ukuncika kubahlinzeki, abahlinzeki, ozakwethu, amaklayenti
  4. Ukwehluleka, ukwehluleka, ukucekelwa phansi, ukulimala kwesoftware nehardware
  5. Abasebenzi besikhungo sedatha abasebenzisa izinsongo zokuphepha kolwazi besebenzisa amalungelo namandla anikezwe ngokusemthethweni (abephula umthetho wokuvikela ulwazi lwangaphakathi)
  6. Abasebenzi besikhungo sedatha abasebenzisa izinsongo zokuphepha kolwazi ngaphandle kwamalungelo namandla anikezwe ngokusemthethweni, kanye nezinhlangano ezingahlobene nabasebenzi besikhungo sedatha, kodwa ezizama ukufinyelela okungagunyaziwe nezenzo ezingagunyaziwe (abephula umthetho wangaphandle wokuvikela)
  7. Ukungathobeli izidingo zeziphathimandla ezilawulayo, umthetho wamanje

Ukuhlaziya ubungozi - ukuhlonza izinsongo ezingaba khona kanye nokuhlola ubukhulu bemiphumela yokusetshenziswa kwazo - kuzosiza ekukhetheni kahle imisebenzi ebalulekile okufanele ixazululwe ochwepheshe bezokuphepha bolwazi lwesikhungo sedatha, futhi bahlele isabelomali sokuthengwa kwezingxenyekazi zekhompyutha nesofthiwe.

Ukuqinisekisa ukuphepha kuyinqubo eqhubekayo ehlanganisa izigaba zokuhlela, ukuqaliswa nokusebenza, ukuqapha, ukuhlaziya kanye nokwenza ngcono uhlelo lokuvikela ulwazi. Ukwakha izinhlelo zokuphatha ukuphepha kolwazi, lokho okubizwa ngokuthi “Deming umjikelezo".

Ingxenye ebalulekile yezinqubomgomo zokuphepha ukusatshalaliswa kwezindima nezibopho zabasebenzi ukuze zisetshenziswe. Izinqubomgomo kufanele zihlale zibuyekezwa ukuze zibonise izinguquko emthethweni, izinsongo ezintsha, nokuvikela okuvelayo. Futhi-ke, xhumana nezidingo zokuphepha kolwazi kubasebenzi futhi unikeze uqeqesho.

Izinyathelo zenhlangano

Abanye ochwepheshe bayakungabaza mayelana nokuphepha "kwephepha", becabangela into eyinhloko njengamakhono asebenzayo okumelana nemizamo yokugebenga. Okuhlangenwe nakho kwangempela ekuqinisekiseni ukuvikeleka kolwazi emabhange kuphakamisa okuphambene. Ochwepheshe bezokuphepha bolwazi bangase babe nobuchwepheshe obuhle kakhulu ekuhlonzeni nasekunciphiseni izingozi, kodwa uma abasebenzi besikhungo sedatha bengayilandeli imiyalelo yabo, yonke into iyoba yize.

Ukuphepha, njengomthetho, akulethi imali, kodwa kunciphisa izingozi kuphela. Ngakho-ke, kuvame ukuphathwa njengento ephazamisayo futhi yesibili. Futhi lapho ochwepheshe bezokuphepha beqala ukucasuka (ngawo wonke amalungelo okwenza kanjalo), ukungqubuzana kuvame ukuvela nabasebenzi nezinhloko zeminyango yokusebenza.

Ukuba khona kwamazinga emboni kanye nezidingo zokulawula kusiza ochwepheshe bezokuphepha bavikele izikhundla zabo ezingxoxweni nabaphathi, futhi izinqubomgomo zokuphepha zolwazi ezigunyaziwe, imithethonqubo kanye nemithethonqubo ivumela abasebenzi ukuthi bahambisane nezidingo ezibekwe lapho, okuhlinzeka ngesisekelo sezinqumo ezivame ukungathandwa.

Ukuvikelwa kwezakhiwo

Lapho isikhungo sedatha sihlinzeka ngezinsizakalo sisebenzisa imodeli yokubeka indawo, kugqama ukuvikeleka ngokomzimba nokulawulwa kokufinyelela emishinini yeklayenti. Ngale njongo, kusetshenziswa izivalo (izingxenye ezibiyelwe zehholo) ezigadwe ngevidiyo yiklayenti futhi ukufinyelela kuzo izisebenzi zesikhungo sedatha kunomkhawulo.

Ezikhungweni zekhompiyutha zikahulumeni ezinokuvikeleka ngokomzimba, izinto zazingezimbi ekupheleni kwekhulu leminyaka elidlule. Kwakukhona ukulawulwa kokufinyelela, ukulawulwa kokufinyelela ezakhiweni, ngisho nangaphandle kwamakhompiyutha namakhamera wevidiyo, uhlelo lokucisha umlilo - uma kwenzeka umlilo, i-freon ikhishwe ngokuzenzakalelayo ekamelweni lomshini.

Namuhla, ukuvikeleka ngokomzimba kuqinisekiswa kangcono nakakhulu. Izinhlelo zokulawula nokuphatha (i-ACS) sezihlakaniphile, futhi izindlela ze-biometric zokukhawulela ukufinyelela ziyethulwa.

Izinhlelo zokucisha umlilo seziphephe kakhudlwana kubasebenzi namathuluzi, okuhlanganisa ukufakwa kokuvinjelwa, ukuhlukaniswa, ukupholisa kanye nemiphumela ye-hypoxic endaweni yomlilo. Kanye nezinhlelo zokuvikela umlilo eziyisibopho, izikhungo zedatha ngokuvamile zisebenzisa isistimu yokuhlonza umlilo ngaphambi kwesikhathi.

Ukuze kuvikelwe izikhungo zedatha ezinsongweni zangaphandle - imililo, ukuqhuma, ukuwa kwezakhiwo, izikhukhula, amagesi abolayo - amakamelo okuphepha kanye nezindawo eziphephile zaqala ukusetshenziswa, lapho imishini yeseva ivikelekile cishe kuzo zonke izici ezilimazayo zangaphandle.

Isixhumanisi esibuthakathaka ngumuntu

Izinhlelo zokubhekwa kwevidiyo “ezihlakaniphile”, izinzwa zokulandelela ivolumu (acoustic, infrared, ultrasonic, microwave), izinhlelo zokulawula ukufinyelela ziye zanciphisa izingozi, kodwa azizange zixazulule zonke izinkinga. Lezi zindlela ngeke zisize, isibonelo, lapho abantu abangeniswe kahle esikhungweni sedatha ngamathuluzi alungile “bexhunywe” kokuthile. Futhi, njengoba kuvame ukwenzeka, i-snag ngengozi izoletha izinkinga ezinkulu.

Umsebenzi wesikhungo sedatha ungase uthintwe ukusetshenziswa kabi kwezinsiza zayo ngabasebenzi, isibonelo, ukumba izimayini ezingekho emthethweni. Izinhlelo zokuphatha ingqalasizinda yesikhungo sedatha (DCIM) zingasiza kulezi zimo.

Abasebenzi nabo badinga ukuvikelwa, njengoba abantu bevame ukubizwa ngokuthi isixhumanisi esisengozini kakhulu ohlelweni lokuvikela. Ukuhlaselwa okuhlosiwe yizigebengu ezingochwepheshe kuvame ukuqala ngokusebenzisa izindlela zobunjiniyela bomphakathi. Ngokuvamile amasistimu avikeleke kakhulu ayaphahlazeka noma aba sengozini ngemva kokuba othile echofoze/elande/enze okuthile. Izingozi ezinjalo zingancishiswa ngokuqeqesha abasebenzi nokusebenzisa izinqubo ezihamba phambili emhlabeni wonke emkhakheni wokuphepha kolwazi.

Ukuvikelwa kwengqalasizinda yobunjiniyela

Izinsongo ezivamile ekusebenzeni kwesikhungo sedatha ukwehluleka kwamandla kanye nokwehluleka kwamasistimu okupholisa. Sesizijwayele kakade izinsongo ezinjalo futhi sesifunde ukubhekana nazo.

Umkhuba omusha usuphenduke ukwethulwa okusabalele kwemishini "ehlakaniphile" exhunywe kunethiwekhi: ama-UPS alawulwayo, amasistimu wokupholisa ahlakaniphile kanye nokukhipha umoya, izilawuli ezihlukahlukene nezinzwa ezixhunywe ezinhlelweni zokuqapha. Lapho wakha imodeli yokusongela yesikhungo sedatha, akufanele ukhohlwe mayelana namathuba okuhlaselwa kwenethiwekhi yengqalasizinda (futhi, mhlawumbe, nenethiwekhi ye-IT ehlotshaniswayo yesikhungo sedatha). Okwenza isimo sibe nzima ukuthi ezinye zezinto zokusebenza (isibonelo, ama-chiller) zingathuthelwa ngaphandle kwesikhungo sedatha, ake sithi, phezu kophahla lwesakhiwo esiqashiwe.

Ukuvikelwa kweziteshi zokuxhumana

Uma isikhungo sedatha sihlinzeka ngezinsizakalo hhayi kuphela ngokusho kwemodeli ye-colocation, khona-ke kuzodingeka sibhekane nokuvikelwa kwamafu. Ngokusho kwe-Check Point, ngonyaka odlule kuphela, i-51% yezinhlangano emhlabeni wonke yabhekana nokuhlaselwa kwezakhiwo zabo zamafu. I-DDoS ihlasela amabhizinisi amisa amabhizinisi, ama-encryption virus afuna isihlengo, ukuhlaselwa okuhlosiwe ezinhlelweni zamabhange kuholela ekwebiweni kwezimali kuma-akhawunti ombhali.

Izinsongo zokungena kwangaphandle nazo zikhathaza ochwepheshe bezokuphepha bolwazi lwesikhungo sedatha. Okubaluleke kakhulu ezikhungweni zedatha ukuhlasela okusabalalisiwe okuhloselwe ukuphazamisa ukunikezwa kwezinsizakalo, kanye nezinsongo zokugetshengwa, ukuntshontshwa noma ukuguqulwa kwedatha equkethwe kungqalasizinda ebonakalayo noma izinhlelo zokulondoloza.

Ukuze kuvikelwe i-perimeter yangaphandle yesikhungo sedatha, amasistimu esimanje asetshenziswa nemisebenzi yokuhlonza nokuqeda ikhodi enonya, ukulawula uhlelo lokusebenza kanye nekhono lokungenisa ubuchwepheshe bokuvikela obusebenzayo be-Treat Intelligence. Kwezinye izimo, amasistimu ane-IPS (ukuvimbela ukungena) asetshenziswa ngokulungiswa okuzenzakalelayo kwesiginesha esethelwe kumapharamitha wendawo evikelekile.

Ukuvikela ekuhlaselweni kwe-DDoS, izinkampani zaseRussia, njengomthetho, zisebenzisa izinsizakalo ezikhethekile zangaphandle eziphambukisa ithrafikhi kwamanye ama-node futhi zihlunge efwini. Ukuvikela ohlangothini lwe-opharetha kusebenza kakhulu kunohlangothi lweklayenti, futhi izikhungo zedatha zisebenza njengabalamuli bokuthengiswa kwezinsizakalo.

Ukuhlasela kwangaphakathi kwe-DDoS nakho kungenzeka ezikhungweni zedatha: umhlaseli ungena kumaseva avikelwe ngendlela ebuthakathaka enkampani eyodwa esingethe okokusebenza kwayo isebenzisa imodeli yokuhlanganisa, futhi esuka lapho yenza ukwenqaba ukuhlasela kwesevisi kwamanye amakhasimende alesi sikhungo sedatha ngenethiwekhi yangaphakathi. .

Gxila ezindaweni ezibonakalayo

Kudingekile ukucabangela imininingwane yento evikelwe - ukusetshenziswa kwamathuluzi e-virtualization, ukuguquguquka kwezinguquko kwingqalasizinda ye-IT, ukuxhumeka kwezinsizakalo, lapho ukuhlaselwa okuphumelelayo kweklayenti elilodwa kungasongela ukuphepha komakhelwane. Isibonelo, ngokugebenga idokhu elingaphambili ngenkathi usebenza ku-PaaS esekelwe ku-Kubernetes, umhlaseli angathola ngokushesha lonke ulwazi lwephasiwedi futhi afinyelele ngisho nohlelo lokucula.

Imikhiqizo ehlinzekwe ngaphansi kwemodeli yesevisi inezinga eliphezulu lokuzenzakalela. Ukuze ungaphazamisi ibhizinisi, izinyathelo zokuphepha kolwazi kufanele zisetshenziswe ezingeni elingekho ngaphansi lokuzenzakalela kanye nokukala okuvundlile. Ukukalwa kufanele kuqinisekiswe kuwo wonke amazinga okuphepha kolwazi, okuhlanganisa ukuzenzekelayo kokulawula ukufinyelela nokuzungezisa okhiye bokufinyelela. Umsebenzi okhethekile ukukala amamojula asebenzayo ahlola ithrafikhi yenethiwekhi.

Isibonelo, ukuhlunga ithrafikhi yenethiwekhi kuhlelo lokusebenza, amaleveli enethiwekhi naweseshini ezikhungweni zedatha ezenziwe ngokubona okuphezulu kufanele kwenziwe ezingeni lamamojula wenethiwekhi ye-hypervisor (isibonelo, i-VMware's Distributed Firewall) noma ngokudala amaketango esevisi (izindonga zokuvikela ezingokoqobo ezivela ku-Palo Alto Networks) .

Uma kukhona ubuthakathaka ezingeni le-virtualization yezinsiza zekhompuyutha, imizamo yokudala isistimu yokuphepha yolwazi olunzulu ezingeni leplathifomu ngeke isebenze.

Amazinga okuvikela ulwazi esikhungweni sedatha

Indlela ejwayelekile yokuvikela ukusetshenziswa kwezinhlelo zokuvikela ulwazi ezididiyelwe, ezinamazinga amaningi, okuhlanganisa ukuhlukaniswa okukhulu ezingeni le-firewall (ukwabiwa kwezingxenye zezindawo ezihlukahlukene zokusebenza zebhizinisi), ukuhlukaniswa okuncane okusekelwe kuma-firewall abonakalayo noma ukumaka ithrafikhi yamaqembu. (izindima zabasebenzisi noma amasevisi) kuchazwa izinqubomgomo zokufinyelela .

Ileveli elandelayo ikhomba okudidayo ngaphakathi naphakathi kwamasegimenti. Ukuguquguquka kwethrafikhi kuyahlaziywa, okungase kubonise ukuba khona kwemisebenzi enonya, njengokuskena inethiwekhi, imizamo yokuhlasela kwe-DDoS, ukulanda idatha, isibonelo, ngokusika amafayela esizindalwazi bese uwakhipha ngezikhathi ezivela ngezikhathi ezithile ngezikhathi ezinde. Inani elikhulu lethrafikhi lidlula esikhungweni sedatha, ngakho-ke ukuze ubone okudidayo, udinga ukusebenzisa ama-algorithm okusesha athuthukile, futhi ngaphandle kokuhlaziya iphakethe. Kubalulekile ukuthi kungabonwa kuphela izimpawu zemisebenzi enonya noma engaqondakali kuphela, kodwa nokusebenza kohlelo olungayilungele ikhompuyutha ngisho nakuthrafikhi ebethelwe ngaphandle kokuyisusa, njengoba kuhlongozwa kuzixazululo zeCisco (Stealthwatch).

Umngcele wokugcina ukuvikelwa kwemishini yokugcina yenethiwekhi yendawo: amaseva nemishini ebonakalayo, isibonelo, ngosizo lwama-ejenti afakwe kumadivayisi wokugcina (imishini ebonakalayo), ehlaziya ukusebenza kwe-I / O, ukususwa, amakhophi nemisebenzi yenethiwekhi, dlulisela idatha ku ifu, lapho kubalwa khona okudinga amandla amakhulu ekhompyutha kwenziwa. Lapho, ukuhlaziya kwenziwa kusetshenziswa ama-algorithms we-Big Data, izihlahla ezinengqondo zomshini ziyakhiwa futhi kukhonjwa okudidayo. Ama-algorithms azifundela wona ngokwawo ngokusekelwe enanini elikhulu ledatha elinikezwa inethiwekhi yomhlaba wonke yezinzwa.

Ungenza ngaphandle kokufaka ama-ejenti. Amathuluzi esimanje okuvikela ulwazi kumele angabi nalutho futhi ahlanganiswe ezinhlelweni zokusebenza ezingeni le-hypervisor.
Izinyathelo ezisohlwini zinciphisa kakhulu izingozi zokuphepha kolwazi, kodwa lokhu kungase kunganele ezikhungweni zedatha ezihlinzeka ngokuzenzakalelayo kwezinqubo zokukhiqiza eziyingozi enkulu, isibonelo, izimboni zamandla enuzi.

Izidingo zokulawula

Ngokuya ngolwazi olucutshungulwayo, ingqalasizinda yesikhungo sedatha ebonakalayo nesenziwe nge-virtual kufanele ihlangabezane nezimfuneko ezihlukene zokuphepha ezibekwe emithethweni nasezindinganisweni zomkhakha.

Imithetho enjalo ihlanganisa umthetho othi "On Personal Data" (152-FZ) kanye nomthetho othi "On Security of KII Facilities of the Russian Federation" (187-FZ), owaqala ukusebenza kulo nyaka - ihhovisi lomshushisi selivele linentshisekelo. enqubeni yokuqaliswa kwayo. Izingxabano mayelana nokuthi izikhungo zedatha ezezihloko ze-CII zisaqhubeka, kodwa cishe, izikhungo zedatha ezifisa ukunikeza izinsizakalo ezifundweni ze-CII kuzodingeka zithobele izimfuneko zomthetho omusha.

Ngeke kube lula ezikhungweni zedatha ezisingatha izinhlelo zolwazi zikahulumeni. NgokweSimemezelo Sikahulumeni Wenhlangano YaseRussia sangoMeyi 11.05.2017, 555 No. XNUMX, izindaba zokuphepha kolwazi kufanele zixazululwe ngaphambi kokubeka i-GIS ekusebenzeni kwezohwebo. Futhi isikhungo sedatha esifuna ukusingatha i-GIS kufanele siqale sihlangabezane nezimfuneko zokulawula.

Eminyakeni engu-30 edlule, izinhlelo zokuphepha zesikhungo sedatha ziye zahamba ibanga elide: kusukela ezinhlelweni ezilula zokuvikela ngokomzimba kanye nezinyathelo zenhlangano, okuyinto, nokho, engazange ilahlekelwe ukubaluleka kwayo, kuya ezinhlelweni ezihlakaniphile eziyinkimbinkimbi, ezivame ukusebenzisa izici zobuhlakani bokwenziwa. Kodwa ingqikithi yendlela yokwenza ayikashintshi. Ubuchwepheshe besimanje kakhulu ngeke busindise ngaphandle kwezinyathelo zenhlangano kanye nokuqeqeshwa kwabasebenzi, futhi amaphepha ngeke akusindise ngaphandle kwesofthiwe nezixazululo zobuchwepheshe. Ukuvikeleka kwesikhungo sedatha akukwazi ukuqinisekiswa unomphela; kuwumzamo oqhubekayo wansuku zonke wokuhlonza izinsongo ezibalulekile nokuxazulula izinkinga ezivelayo ngokuphelele.

Yini enye ongayifunda kubhulogi? Cloud4Y

Isetha phezulu ku-GNU/Linux
AmaPentesters ahamba phambili ku-cybersecurity
Indlela yobuhlakani bokwenziwa isuka embonweni omuhle iye embonini yesayensi
Izindlela ezi-4 zokulondoloza kuma-backups wamafu
Indaba ye-Mutt

Bhalisela yethu yocingo-isiteshi ukuze ungaphuthelwa yisihloko esilandelayo! Asibhali ngaphezu kokuphindwe kabili ngesonto futhi ngebhizinisi kuphela. Siphinde sikukhumbuze ukuthi ungakwazi test mahhala izixazululo zefu Cloud4Y.

Source: www.habr.com

Engeza amazwana