{"id":7947,"date":"2016-06-16T09:30:17","date_gmt":"2016-06-16T07:30:17","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=7947"},"modified":"2017-02-09T15:02:47","modified_gmt":"2017-02-09T13:02:47","slug":"kriptolanmis-trafik-yonetimi-ile-cozebileceginiz-7-sorun","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/kriptolanmis-trafik-yonetimi-ile-cozebileceginiz-7-sorun\/","title":{"rendered":"Kriptolanm\u0131\u015f Trafik Y\u00f6netimi \u0130le \u00c7\u00f6zebilece\u011finiz 7 Sorun"},"content":{"rendered":"

Kurumsal a\u011flardaki kontrol edilmeyen kriptolanm\u0131\u015f trafik t\u00fcm \u015firketler i\u00e7in giderek b\u00fcy\u00fcyen bir risk halini almakta. SSL\/TLS ile kriptolanm\u0131\u015f ileti\u015fim kullan\u0131m\u0131 artt\u0131k\u00e7a, gizli tehditlerin te\u015fkil etti\u011fi riskler de giderek art\u0131yor. \u00d6nde gelen g\u00fcvenlik \u015firketleri a\u011f kriptolamas\u0131n\u0131n \u00f6nemini ve g\u00fcvenlik altyap\u0131lar\u0131n\u0131n rand\u0131man\u0131na y\u00f6nelik etkilerini fark etmeye ba\u015flam\u0131\u015f durumda.<\/span><\/p>\n

Do\u011fru kriptolanm\u0131\u015f trafik y\u00f6netimi \u00e7\u00f6z\u00fcmleri sayesinde g\u00fcvenlik ve a\u011f ekiplerinin \u00fcstesinden gelebilece\u011fi sorunlar ise \u015funlar:<\/span><\/p>\n

1) K\u0131s\u0131tl\u0131 kriptolanm\u0131\u015f trafik g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcn\u00fcn veri kayb\u0131na ve s\u0131zmas\u0131na neden olmas\u0131<\/span><\/strong><\/p>\n

G\u00fcn\u00fcm\u00fczdeki veri kayb\u0131 \u00f6nleme cihazlar\u0131n\u0131n \u00e7o\u011fu SSL trafi\u011fini g\u00f6rm\u00fcyor. Bu da a\u011flar\u0131 b\u00fcy\u00fck bir riskle kar\u015f\u0131 kar\u015f\u0131ya b\u0131rak\u0131yor. Geli\u015fmi\u015f kriptolanm\u0131\u015f trafik y\u00f6netimi \u00e7\u00f6z\u00fcmleri kriptosu \u00e7\u00f6z\u00fclm\u00fc\u015f SSL trafi\u011finin oldu\u011fu veri kayb\u0131 \u00f6nleme teknolojileri gibi cihazlar\u0131 ak\u0131ll\u0131 bir \u015fekilde besleyerek bu cihazlar\u0131n i\u015flerini daha verimli bir \u015fekilde yapmas\u0131n\u0131 ve kritik veri hareketleri ile muhtemel veri s\u0131zmalar\u0131n\u0131 g\u00f6stermesini sa\u011fl\u0131yor. Bu da bir yandan genel riski azalt\u0131rken bir yandan da veri gizlili\u011finin ve end\u00fcstriyel uyumlulu\u011fun (\u00f6r. HIPAA, PCI ve Sarbanes-Oxley) s\u00fcrd\u00fcr\u00fclebilmesine olanak tan\u0131yor.<\/span><\/p>\n

2) T\u00fcm k\u00f6t\u00fc ama\u00e7l\u0131 tehditleri analiz edemeyen tamamlanmam\u0131\u015f sandboxing<\/span><\/strong><\/p>\n

Art\u0131k kurulu\u015flar anti-malware ve sandboxing \u00e7\u00f6z\u00fcmlerine hem kriptosu \u00e7\u00f6z\u00fclm\u00fc\u015f hem de kriptolanmam\u0131\u015f trafi\u011fi tan\u0131tarak kriptolanm\u0131\u015f trafiklerini y\u00f6netebilecek. B\u00f6ylece daha kapsaml\u0131 bir tehdit analizi yapmak ve tespit edilmi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m say\u0131s\u0131n\u0131 artt\u0131rmak m\u00fcmk\u00fcn olacak.<\/span><\/p>\n

3) \u0130zinsiz giri\u015f \u00f6nleme sistemlerinin sald\u0131r\u0131lar\u0131 engelleyememesi<\/span><\/strong><\/p>\n

IDS\/IPS \u00e7\u00f6z\u00fcmleri kriptolanm\u0131\u015f trafik i\u00e7erisinde gizlenmi\u015f tehditleri g\u00f6remiyor veya engelleyemiyor. Bu da tehlikeli k\u00f6r noktalar\u0131n olu\u015fmas\u0131na neden oluyor. Kurulu\u015flar\u0131n kendi kurallar\u0131 \u00fczerinden belirlenen t\u00fcm SSL trafi\u011fini otomatik olarak tan\u0131mlayarak art\u0131k IDS\/IPS \u00e7\u00f6z\u00fcmlerine giden t\u00fcm kriptosuz ak\u0131\u015f tan\u0131t\u0131labiliyor. B\u00f6ylece bu \u00e7\u00f6z\u00fcmler cihaz\u0131n performans\u0131n\u0131 etkilemeden geli\u015fmi\u015f tehditleri daha iyi bir \u015fekilde tespit edip ortadan kald\u0131rabiliyor. Bu \u00f6zellikle SSL\u2019i kullanan ve kurulu\u015flar\u0131n a\u011f\u0131 i\u00e7erisinde ortaya \u00e7\u0131kan k\u00f6t\u00fc C&C trafi\u011findeki h\u0131zl\u0131 art\u0131\u015f nedeniyle \u00f6nemli.<\/span><\/p>\n

\"kriptolanm\u0131\u015f<\/p>\n

4) Zay\u0131f a\u011flar\u0131n geli\u015fmi\u015f sald\u0131r\u0131lar\u0131 takip ve tespit edememesi<\/span><\/strong><\/p>\n

Kriptolama g\u00fcvenlik analizi veya a\u011f forensi\u011fi ara\u00e7lar\u0131n\u0131n a\u011f ihlallerini ve hedefli sald\u0131r\u0131lar\u0131 takip ve tespit etmesini zorla\u015ft\u0131r\u0131yor. Do\u011fru kriptolanm\u0131\u015f<\/a> trafik y\u00f6netimi \u00e7\u00f6z\u00fcmleriyle art\u0131k t\u00fcm a\u011f trafi\u011findeki \u015f\u00fcpheli a\u011f ve sald\u0131rgan davran\u0131\u015flar\u0131n\u0131 daha verimli bir \u015fekilde analiz etmek m\u00fcmk\u00fcn. Bunu yapt\u0131\u011f\u0131 gibi, risk alt\u0131na giren a\u011f cihazlar\u0131n\u0131n kurtar\u0131lmas\u0131na y\u00f6nelik h\u0131zl\u0131 tepkiler verilmesini sa\u011flayan baz\u0131 kriptolanm\u0131\u015f trafik y\u00f6netimi \u00e7\u00f6z\u00fcmleri bulunmakta.<\/span><\/p>\n

5) Merkezi SSL kripto \u00e7\u00f6z\u00fcm\u00fcn\u00fcn fazladan karma\u015faya ve maliyete neden olmas\u0131<\/span><\/strong><\/p>\n

Blue Coat\u2019un SSL G\u00f6r\u00fcn\u00fcrl\u00fck Ayg\u0131t\u0131, kapsaml\u0131 kural motoru sayesinde DLP, NGFW, IPS, i\u00e7erik analizi, a\u011f forensi\u011fi gibi mevcut g\u00fcvenlik uygulamalar\u0131na kriptosu \u00e7\u00f6z\u00fclm\u00fc\u015f SSL i\u00e7erik ak\u0131\u015f\u0131 sa\u011fl\u0131yor. Bu sayede SSL kaynakl\u0131 tehditlerle m\u00fccadele etmek i\u00e7in gerekli t\u00fcm g\u00f6r\u00fcn\u00fcrl\u00fck ve kontrol elde edilmi\u015f oluyor. Bunun i\u00e7in de altyap\u0131daki g\u00fcvenlik ara\u00e7lar\u0131 i\u00e7in hi\u00e7bir \u00f6zel yaz\u0131l\u0131ma veya API\u2019a gerek yok.<\/span><\/p>\n

6) SSL trafi\u011fi kripto \u00e7\u00f6z\u00fcm\u00fcn\u00fcn ve tespitinin yava\u015flamaya neden olmas\u0131<\/span><\/strong><\/p>\n

Bu sorun t\u00fcm SSL trafi\u011finin otomatik g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fcn\u00fc sa\u011flayarak ve a\u011f\u0131n performans\u0131n\u0131 d\u00fc\u015f\u00fcrmeden veya karmar\u015f\u0131k betiklere ve kural setlerine gerek kalmadan \u00e7\u00f6z\u00fclebilir. Etkili bir kriptolanm\u0131\u015f trafik y\u00f6netimi \u00e7\u00f6z\u00fcm\u00fc yo\u011fun i\u015flemler gerektiren zahmetli SSL tespiti s\u00fcrecini ortadan kald\u0131rarak a\u011f g\u00fcvenli\u011fi cihazlar\u0131n\u0131n performans\u0131n\u0131 artt\u0131rabilir. Bunun yan\u0131 s\u0131ra mevcut g\u00fcvenlik cihazlar\u0131na yap\u0131lan yat\u0131r\u0131m\u0131n kar\u015f\u0131l\u0131\u011f\u0131n\u0131 vererek bu cihazlar\u0131n t\u00fcm trafi\u011fi, uygulamalar\u0131 ve potansiyel tehditleri daha verimli bir \u015fekilde g\u00f6rebilmesini de sa\u011flar.<\/span><\/p>\n

7) S\u00fcrekli artan veri gizlili\u011fi ve uyum zorunluluklar\u0131na uymak<\/span><\/strong><\/p>\n

Veri gizlili\u011finin<\/a> bir ticari mesele olarak \u00f6neminin giderek artmas\u0131yla, IT g\u00fcvenlik ekipleri bu durumu a\u011f g\u00fcvenli\u011finin g\u00fcc\u00fcn\u00fc s\u00fcrd\u00fcrme s\u00fcreciyle dengeleme konusunda zorluklar ya\u015famas\u0131na neden oluyor. Do\u011fru kriptolanm\u0131\u015f trafik y\u00f6netimi \u00e7\u00f6z\u00fcmleri bu anlamda t\u00fcm \u00fcr\u00fcnleri tehdit istihbarat\u0131 ve web sitesi ve trafik kategorizasyonu bak\u0131m\u0131ndan s\u00fcrekli g\u00fcncel tutan kapsaml\u0131 kural motorlar\u0131 sunuyor. Hem \u015f\u00fcpheli ve k\u00f6t\u00fc ama\u00e7l\u0131 SSL\/TLS trafi\u011finin kriptosunu se\u00e7ici olarak \u00e7\u00f6zen hem de iyi trafi\u011fin kriptolanm\u0131\u015f durumu i\u00e7erisinden ge\u00e7mesine izin veren tek bir \u00e7\u00f6z\u00fcm bile g\u00fcvenlik ve y\u00fcksek performans sa\u011flama bak\u0131m\u0131ndan yeterli olacakt\u0131r.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

Kurumsal a\u011flardaki kontrol edilmeyen kriptolanm\u0131\u015f trafik t\u00fcm \u015firketler i\u00e7in giderek b\u00fcy\u00fcyen bir risk halini almakta. SSL\/TLS ile kriptolanm\u0131\u015f ileti\u015fim kullan\u0131m\u0131 artt\u0131k\u00e7a, gizli…<\/p>\n","protected":false},"author":3,"featured_media":7948,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-7947","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7947","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=7947"}],"version-history":[{"count":4,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7947\/revisions"}],"predecessor-version":[{"id":9457,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/7947\/revisions\/9457"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/7948"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=7947"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=7947"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=7947"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}