NSA inopa kurumbidza pamakambani anotora yakavharidzirwa DNS

nsa-kuvhura-sosi

Pasina DNS, iyo Internet yaisakwanisa kushanda zviri nyore, sezvo DNS ichiita chinzvimbo chakakosha mukuchengetedza cyber seDNS maseva anogona kukanganiswa uye kushandiswa sevheji kune mamwe marudzi ekurwiswa.

En gwaro Inonzi: "Kugamuchirwa kweDrypted DNS munzvimbo dzebhizinesi," iyo National Security Agency (NSA), Sangano rehurumende reUnited States department reDziviriro, yakaburitswa mazuva akati wandei apfuura mushumo wechengetedzo mumakambani.

Iyo gwaro inotsanangura zvakanakira uye njodzi yekutora iyo protocol Encrypted Domain Name Sisitimu (DoH) munzvimbo dzemakambani.

Kune avo vasingazive nezveDNS, vanofanirwa kuziva kuti dhatabhesi inotyisa, ine masimba uye inogoverwa zvine simba pasirese, inopa mepu pakati pemazita ekugamuchira, IP kero (IPv4 uye IPv6), zita reruzivo ruzivo, nezvimwe.

Nekudaro, chave chakakurumbira kurwisa vector kune cybercriminals seDNS inogovera zvavanokumbira uye mhinduro mumavara akajeka, ayo anogona kutaridzika nyore nyore nevanhu vatatu vasina mvumo.

Hurumende yeUnited States yehungwaru uye ruzivo rwekuchengetedzwa kwemasangano anoti DNS yakavharidzirwa iri kuramba ichishandiswa kudzivirira kuturika uye kukanganisa traffic yeDNS.

"Nemukurumbira uri kukura we encrypted DNS, varidzi venzvimbo vemakambani nevatungamiriri vanofanirwa kunyatsonzwisisa kuti vangazvitore sei pachirongwa chavo," rinodaro sangano. "Kunyangwe kana kambani isina kuvagamuchira zviri pamutemo, mabhurawuza matsva uye zvimwe software vangangoramba vachishandisa DNS yakavharika uye kudarika zvidziviriro zvetsika," akadaro.

Iyo domain name system iyo inoshandisa yakachengeteka yekufambisa protocol pamusoro peTLS (HTTPS) inonyora mibvunzo yeDNS kuona zvakavanzika, kuvimbika, uye sosi yekusimbiswa panguva yekutengeserana neye mutengi DNS resolution. Chirevo cheNSA chinodaro apo iyo DoH inogona kuchengetedza kuvanzika kwezvikumbiro zveDNS uye kuvimbika kwemhinduro, makambani anoishandisa acharasikirwa, Kunyange zvakadaro, kumwe kwekutonga kwavanoda kana vachishandisa DNS mukati memanethiwo avo, kunze kwekunge vabvumidza Resolver DoH yavo kuti ishandiswe.

Iyo DoH yemubatanidzwa inogadzirisa inogona kunge iri kambani-inotarisirwa DNS server kana yekunze resolution.

Nekudaro, kana iyo yemubatanidzwa DNS resolution iyo isiri inoenderana neDoH, iyo yekugadzirisa bhizinesi inofanira kuramba ichishandiswa uye ese akavharidzirwa DNS anofanirwa kuve akaremara uye akavharika kudzamara kugona kweiyo yakavanzika DNS kunogona kunyatso kubatanidzwa mukambani yeDNS zvivakwa.

Kunyanya, Iyo NSA inokurudzira kuti DNS traffic kune yemakambani network, yakavharidzirwa kana kwete, kutumirwa chete kune yakasarudzika yemakambani DNS resolution. Izvi zvinobatsira kuona kushandiswa kwakakodzera kweanokosha mabhizinesi ekuchengetedza chengetedzo, inofambisa mukana kune zviwanikwa zvemuno network, uye inochengetedza ruzivo pane yemukati network

Mashandiro anoita Enterprise DNS Maumbirwo

  • Mushandisi anoda kushanyira webhusaiti iyo yaasingazive yakaipa uye anonyora zita rezita mudura rewebhu
  • Chikumbiro chezita remudunhu chinotumirwa kune yemubatanidzwa DNS resolutioner ine yakajeka chinyorwa packet pachiteshi 53
  • Mibvunzo inopesana neDNS yekutarisa mazano inogona kuburitsa machenjedzo uye / kana kuvharirwa.
  • Kana iyo kero yeIP kero isiri mune domain cache yekambani DNS resolution uye domain haina kusefa, inozotumira iyo DNS query kuburikidza nekambani gedhi.
  • Iyo yekudyidzana suwo rinotungamira iyo DNS query mune yakajeka mameseji kune yekunze DNS server. Iyo inodzivirirawo DNS zvikumbiro izvo zvisiri kuuya kubva kukambani DNS resolution.
  • Mhinduro kumubvunzo neiyo IP kero yedura, kero yeimwe DNS server ine rumwe ruzivo, kana kukanganisa kunodzoreredzwa mumavara akajeka kuburikidza negedhi rekambani;
    gedhi rekambani rinotumira mhinduro kune yemubatanidzwa DNS resolution. Nhanho dze3 kusvika ku6 dzinodzokororwa kudzamara dunhu rakakumbirwa IP kero yawanikwa kana kukanganisa kwaitika.
  • Iyo DNS resolution inodzosera mhinduro kune yemushandisi webhurawuza, iyo inokumbira iyo peji rewebhu kubva kukero ye IP mumhinduro.

mabviro: https://media.defense.gov/


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako