I-NSA yenza izindululo kwiinkampani ezamkela i-DNS ebhaliweyo

Darkcrizt

Imizuzu ye4

umthombo ovulekileyo

Ngaphandle kwe-DNS, i-Intanethi ayinakusebenza ngokululaKuba i-DNS idlala indima ebalulekileyo kukhuseleko lwe-cyber njengoko iiseva ze-DNS zinokuthotywa kwaye zisetyenziswe njengevektha yezinye iintlobo zokuhlaselwa.

En uxwebhu Isihloko: "Ukwamkelwa kwe-DNS ebhaliweyo kwiiNdawo zoShishino," i-Arhente yoKhuseleko kaZwelonke (NSA), iarhente yaseburhulumenteni yeSebe lezoKhuselo laseMelika, ipapashwe kwiintsuku ezimbalwa ezidlulileyo ingxelo malunga nokhuseleko lwe-cyber kwiinkampani.

Uxwebhu ichaza izibonelelo kunye nomngcipheko wokusebenzisa umthetho olandelwayo Inkqubo Efihliweyo Yegama Lommandla (DoH) kwiindawo ezimanyanisiweyo.

Kulabo abangaqhelananga ne-DNS, kufuneka bazi ukuba sisiseko sedatha esinobunkunkqele, esinamandla kunye nesasazwa ngokubanzi kumgangatho wehlabathi, ibonelela ngemephu phakathi kwamagama wokubamba, iidilesi ze-IP (i-IPv4 kunye ne-IPv6), ulwazi lwegama lomncedisi, njl.

Nangona kunjalo, kuye kwaba yinto ethandwayo yokuhlaselwa kwe-cybercriminals njengoko i-DNS yabelana ngezicelo zabo kunye neempendulo kwisicatshulwa esicacileyo, esinokujongwa ngokulula ngabantu abangagunyaziswanga.

I-arhente yezokhuseleko ye-US kunye neenkqubo zolwazi zithi ukhuseleko lwe-DNS luyasetyenziselwa ukuthintela ukuyekethisa kunye nokuphazamisa ukugcwala kwabantu be-DNS.

Ngokukhula kokuthandwa kwe-DNS ebhaliweyo, abanini benethiwekhi kunye nabalawuli kufuneka baqonde ngokupheleleyo ukuba bangayisebenzisa njani ngempumelelo kwiinkqubo zabo, utshilo umbutho. "Nokuba inkampani ayikhange ibamkele ngokusesikweni, izikhangeli ezitsha kunye nezinye iisoftware zisenokuzama ukusebenzisa i-DNS ebhaliweyo kwaye zidlule kukhuseleko lwendabuko lweshishini," utshilo.

Inkqubo yegama lesizinda isebenzisa umgaqo-nkqubo wokudlulisa okhuselekileyo kwi-TLS (HTTPS) ibhala ngemibuzo imibuzo ye-DNS ukuqinisekisa ukugcinwa kwemfihlo, ukuthembeka, kunye nokuqinisekiswa komthombo ngexesha lokuthengiselana ngesisombululo somthengi se-DNS. Ingxelo ye-NSA ithi ngelixa i I-DoH inokukhusela ubumfihlo bezicelo ze-DNS kunye nokunyaniseka kweempendulo, iinkampani eziyisebenzisayo ziya kulahlekaNangona kunjalo, Olunye lolawulo abaludingayo xa besebenzisa i-DNS ngaphakathi kwenethiwekhiNgaphandle kokuba bayigunyazisa i-Resolver DoH yabo ukuba isebenze.

Isisombululo seshishini se-DoH sinokuba yinkampani elawulwa yi-DNS iseva okanye isisombululo sangaphandle.

Nangona kunjalo, ukuba isisombululo se-DNS esidibeneyo asihambelani ne-DoH, isisombululo seshishini kufuneka siqhubeke nokusetyenziswa kwaye zonke i-DNS ezifihliweyo kufuneka zikhubazeke kwaye zivaliwe kude kube kubanakho ukubethelwa kwe-DNS ebhaliweyo kungadityaniswa ngokupheleleyo kwiziseko zophuhliso zeDNS.

Ngokuyinene, I-NSA icebisa ukuba ukugcwala kwe-DNS kuthungelwano lwendibaniselwano, kubhalwe ngokufihliweyo okanye kungenjalo, kuthunyelwe kuphela kwisisombululo se-DNS. Oku kunceda ekuqinisekiseni ukusetyenziswa okufanelekileyo kolawulo lolawulo olubalulekileyo, ukuququzelela ukufikelela kwimithombo yenethiwekhi yendawo, kunye nokukhusela ulwazi kuthungelwano lwangaphakathi.

Isebenza njani i-Enterprise DNS Architectures

  • Umsebenzisi ufuna ukutyelela iwebhusayithi angayazi ukuba inobungozi kwaye uthayiphe igama lesizinda kwi-web browser.
  • Isicelo segama lesizinda sithunyelwa kwisisombululo se-DNS senkampani kunye nepakethe yokubhaliweyo ecacileyo kwizibuko lama-53.
  • Imibuzo ephula imigaqo-nkqubo yokubukela i-DNS inokuvelisa izilumkiso kunye / okanye ibhlokiwe.
  • Ukuba idilesi ye-IP yedomeyini ayikho kwi-cache yedomain yokusombulula i-DNS kwaye idomeyini ayihluzwanga, iya kuthumela umbuzo we-DNS ngesango lendibaniselwano.
  • Isango elihlanganisiweyo lithumela umbuzo we-DNS kwisicatshulwa esicacileyo kwiseva ye-DNS yangaphandle. Ikwathintela izicelo ze-DNS ezingaveli kwisisombululo se-DNS senkampani.
  • Impendulo kumbuzo kunye nedilesi ye-IP yedilesi, idilesi yenye iseva ye-DNS ngolwazi oluthe kratya, okanye impazamo ibuyisiwe kumbhalo ocacileyo ngesango lendibaniselwano;
    isango lokudibana lithumela impendulo kumxazululi we-DNS. Amanyathelo 3 ukuya ku-6 ayaphindaphindwa de kufumaneke idilesi ye-IP efunwayo okanye kwenzeke impazamo.
  • Isisombululo se-DNS sibuyisela impendulo kwisikhangeli sewebhu somsebenzisi, esithi emva koko sicele iphepha lewebhu kwidilesi ye-IP kwimpendulo.

Umthombo: https://media.defense.gov/


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.