Umdondoshiya we-IT wethule i-firewall echazwe yisevisi

Izothola isicelo kuzikhungo zedatha kanye nefu.

/isithombe UChristiaan Colen CC BY-SA

Lolu hlobo luni lobuchwepheshe

I-VMware yethule i-firewall entsha evikela inethiwekhi ezingeni lesicelo.

Ingqalasizinda yezinkampani zanamuhla yakhelwe phezu kwezinkulungwane zezinsizakalo ezihlanganiswe kunethiwekhi evamile. Lokhu kunweba i-vector yokuhlasela okungaba yi-hacker. I-firewall yakudala ingavikela ekuhlaselweni kwangaphandle, nokho kuvele kube azinamandla uma umhlaseli esevele engenile kunethiwekhi.

Ochwepheshe beCybersecurity abavela kuCarbon Black bathiukuthi kuma-59% wamacala, abahlaseli abagcini ngokugebenga iseva eyodwa. Babheka ubungozi kumadivayisi ahlobene futhi "bazulazule" inethiwekhi ngomzamo wokuthola ukufinyelela kudatha eyengeziwe.

I-firewall entsha isebenzisa ama-algorithms okufunda komshini ukuze ithole umsebenzi ongaqondakali kunethiwekhi futhi, uma kuyingozi, yazisa umlawuli.

Kanjani lo msebenzi

I-Firewall siqukethe yezingxenye ezimbili: iplathifomu ye-NSX kanye nohlelo lokutholwa kosongo lwe-AppDefense.

Uhlelo lwe-AppDefense unesibopho ukwakha imodeli yokuziphatha yazo zonke izinhlelo zokusebenza ezisebenza kunethiwekhi. Ama-algorithms okufunda omshini akhethekile ahlaziya ukusebenza kwamasevisi futhi akhe “uhlu olumhlophe” lwezenzo ezizenzayo. Ulwazi oluvela ku-database ye-VMware luyasetshenziswa futhi ukuyihlanganisa. Yakhiwe ngesisekelo se-telemetry ehlinzekwa ngamakhasimende enkampani.

Lolu hlu ludlala indima yalokho okubizwa ngezinqubomgomo zokuphepha eziguquguqukayo, ngokusekelwe lapho i-firewall inquma okudidayo kunethiwekhi. Uhlelo luqapha ukusebenza kwezinhlelo zokusebenza futhi, uma kutholwa ukuchezuka ekuziphatheni kwazo, lithumela isaziso ku-opharetha wesikhungo sedatha. Amathuluzi e-VMware vSphere asetshenziselwa ukuqapha umsebenzi, ngakho-ke i-firewall entsha ayidingi ukufakwa kwesofthiwe ekhethekile kumsingathi ngamunye.

Mayelana NSX Data Center, bese kuba inkundla yokuphatha amanethiwekhi achazwe ngesoftware esikhungweni sedatha. Umsebenzi wayo ukuxhuma izingxenye ze-firewall ohlelweni olulodwa futhi unciphise izindleko zokuyigcina. Ikakhulukazi, isistimu ikuvumela ukuthi usabalalise izinqubomgomo zokuphepha ezifanayo ezindaweni ezihlukene zamafu.

Ungabona i-firewall isebenza ku- ividiyo esiteshini se-YouTube se-VMware.

/isithombe USDA PD

Okuthunyelwe

Isixazululo asiboshelwe ekwakhiweni kwezakhiwo nehardware yesistimu eqondiwe. Ngakho-ke, ingasatshalaliswa kungqalasizinda yamafu amaningi. Isibonelo, abamele i-IlliniCloud, ukuhlinzeka izinsiza zamafu ezikhungweni zikahulumeni, zithi uhlelo lwe-NSX lubasiza ukuthi balinganise imithwalo yenethiwekhi futhi basebenze njengodonga lokuvikela kuzo zonke izikhungo zedatha ezihlakazekile ezintathu.

Abamele IDC bathiukuthi inani lezinkampani ezisebenza nengqalasizinda enamafu amaningi likhula kancane kancane. Ngakho-ke, izixazululo ezenza ukuphatha kube lula futhi zivikele ingqalasizinda esabalalisiwe (njenge-NSX kanye ne-firewall eyakhelwe phezu kwayo) zizothola ukuduma kumakhasimende kuphela.

Phakathi kokubi kwe-firewall entsha, ochwepheshe bagqamisa isidingo sokuphakela amanethiwekhi achazwe ngesoftware. Akuzona zonke izinkampani nezikhungo zedatha ezinaleli thuba. Ukwengeza, akwaziwa ukuthi i-firewall echazwe yisevisi izoba nomthelela kanjani ekusebenzeni kwesevisi kanye nokuphuma kwenethiwekhi.

I-VMware iphinde yahlola umkhiqizo wayo kuphela ngokumelene nezinhlobo ezivame kakhulu zokugebenga (isibonelo, ubugebengu bokweba imininingwane ebucayi). Akucaci ukuthi uhlelo lunjani izosebenza ezimweni eziyinkimbinkimbi kakhulu njengokuhlaselwa komjovo wenqubo. Ngesikhathi esifanayo, i-firewall entsha ayikwazi okwamanje ngokuzimela ukuthatha izinyathelo zokuvikela inethiwekhi - ingathumela kuphela izaziso kumlawuli.

Izixazululo ezifanayo

I-Palo Alto Networks kanye ne-Cisco futhi bakha iziqhumane zomlilo zesizukulwane esilandelayo ezivikela ingqalasizinda yenethiwekhi kuwo wonke umjikelezo. Leli zinga lokuvikela lifinyelelwa ngokuhlaziywa okujulile kwethrafikhi, izinhlelo zokuvimbela ukungena kwe-intrusion (IPS) kanye ne-virtualization of private networks (VPN).

Inkampani yokuqala kudaliwe inkundla eqinisekisa ukuvikeleka kwendawo yenethiwekhi ngokusebenzisa ama-firewall amaningana akhethekile. Ngamunye wabo uvikela indawo ezinikezele - kunezixazululo zamanethiwekhi eselula, ifu nemishini ebonakalayo.

Umdondoshiya wesibili we-IT okunikezwayo i-hardware ne-software amathuluzi ahlaziya futhi ahlunge ithrafikhi kuphrothokholi namazinga omsebenzi wohlelo lokusebenza. Kumathuluzi anjalo, ungamisa izinqubomgomo zokuphepha futhi usebenzise isizindalwazi esihlanganisiwe sobungozi kanye nezinsongo zezinhlelo zokusebenza ezithile.

Ngokuzayo, kulindeleke ukuthi izinkampani eziningi zinikeze izibhamu ezivikela amanethiwekhi ezingeni lesevisi.

Esibhala ngakho kubhulogi Lokuqala mayelana ne-IaaS yebhizinisi:

• I-firewall esabalalisiwe ku-vCloud Director 8.20: izici zesixazululo
• I-SAP HANA kanye nesikhungo sedatha esichazwe ngesoftware: icala elisebenzayo
• Umqondisi we-vCloud: ungakha kanjani ukuxhumana okuphephile phakathi kwezinhlangano ezimbili

Futhi esiteshini sethu seTelegram:

• Isitoreji samafu - ziyini?
• Izindlela ezintathu zokusebenzisa uhlelo lwe-ERP
• Ukuvikelwa kwedatha emafini: izimo ezingajwayelekile

Source: www.habr.com