A yau, mai gudanarwa na cibiyar sadarwa ko injiniyan tsaro na bayanai yana ciyar da lokaci mai yawa da ƙoƙari don kare kewayen cibiyar sadarwar kasuwanci daga barazana daban-daban, ƙwarewa da sababbin tsarin don hanawa da kuma lura da abubuwan da suka faru, amma ko da wannan ba ya tabbatar da cikakken tsaro. Masu kai hari suna amfani da aikin injiniya na zamantakewa kuma yana iya haifar da mummunan sakamako.
Sau nawa ka kama kanka da tunani: "Zai yi kyau a shirya gwaji ga ma'aikata kan ilimin tsaro na bayanai"? Abin takaici, tunani yana shiga cikin bango na rashin fahimta a cikin nau'i mai yawa na ayyuka ko iyakanceccen lokaci a cikin ranar aiki. Muna shirin gaya muku game da samfuran zamani da fasaha a fagen sarrafa kansa na horar da ma'aikata, waɗanda ba za su buƙaci dogon horo don tuki ko aiwatarwa ba, amma game da komai cikin tsari.
Tushen ka'idar
A yau, ana rarraba sama da kashi 80% na fayilolin ƙeta ta imel (bayanan da aka karɓa daga rahotanni daga ƙwararrun Check Point a cikin shekarar da ta gabata ta amfani da sabis na Rahotanni na Intelligence).
Rahoto na kwanaki 30 na ƙarshe akan vector harin don rarraba fayilolin ƙeta (Rasha) - Duba Point
Wannan yana nuna cewa abubuwan da ke cikin saƙonnin imel suna da rauni sosai ga cin zarafi daga maharan. Idan muka yi la'akari da mafi mashahuri qeta fayil Formats a cikin haše-haše (EXE, RTF, DOC), ya kamata a lura cewa su, a matsayin mai mulkin, sun ƙunshi atomatik abubuwa na code kisa (rubutun, macros).
Rahoton shekara-shekara kan tsarin fayil a cikin saƙon ɓarna da aka karɓa - Check Point
Yadda za a magance wannan harin vector? Duba wasiku ya ƙunshi amfani da kayan aikin tsaro:
-
riga-kafi - gano sa hannu na barazanar.
-
Emulation - akwatin yashi wanda aka buɗe haɗe-haɗe a cikin keɓe muhalli.
-
Fahimtar Abun ciki - cire abubuwa masu aiki daga takardu. Mai amfani yana karɓar daftarin aiki mai tsabta (yawanci a cikin tsarin PDF).
-
AntiSpam - duba yankin mai karɓa/mai aikawa don suna.
Kuma, a cikin ka'idar, wannan ya isa, amma akwai wata hanya mai mahimmanci ga kamfanin - kamfanoni da bayanan sirri na ma'aikata. A cikin 'yan shekarun nan, shahararren nau'in zamba na Intanet yana ƙaruwa sosai:
Fishing (Fishing na Turanci, daga kamun kifi - kamun kifi, kamun kifi) - nau'in zamba na Intanet. Manufarsa ita ce samun bayanan gano mai amfani. Wannan ya hada da satar kalmomin shiga, lambobin katin kiredit, asusun banki da sauran muhimman bayanai.
Maharan suna inganta hanyoyin kai hare-hare, suna karkatar da buƙatun DNS daga shahararrun shafuka, da ƙaddamar da duka kamfen ta amfani da injiniyan zamantakewa don aika imel.
Don haka, don kare imel ɗin ku na kamfani daga masu saɓo, ana ba da shawarar yin amfani da hanyoyi guda biyu, kuma haɗin gwiwar yin amfani da su yana haifar da sakamako mafi kyau:
-
Kayan aikin kariya na fasaha. Kamar yadda aka ambata a baya, ana amfani da fasaha daban-daban don dubawa da tura wasiku na halal kawai.
-
Horon ka'idar ma'aikata. Ya ƙunshi cikakken gwajin ma'aikata don gano waɗanda abin ya shafa. Sannan ana sake horar da su kuma ana yin kididdiga akai-akai.
Kar a amince da dubawa
A yau za mu yi magana ne game da hanya ta biyu don hana hare-haren masu satar bayanai, wato horar da ma’aikata ta atomatik don ƙara yawan matakan tsaro na kamfanoni da bayanan sirri. Me yasa hakan zai iya zama haɗari haka?
injiniyan zamantakewa - magudin tunani na mutane don yin wasu ayyuka ko bayyana bayanan sirri (dangane da tsaro na bayanai).
Jadawalin yanayin tura harin phishing na yau da kullun
Bari mu kalli taswira mai nishadi wanda ke ba da taƙaitaccen bayanin tafiyar yaƙin neman zaɓe. Yana da matakai daban-daban:
-
Tarin bayanan farko.
A cikin karni na 21, yana da wuya a sami mutumin da ba shi da rajista a kowace hanyar sadarwar zamantakewa ko a kan batutuwa daban-daban. A zahiri, yawancin mu suna barin cikakkun bayanai game da kanmu: wurin aiki na yanzu, rukuni don abokan aiki, tarho, wasiku, da sauransu. Ƙara zuwa wannan keɓaɓɓen bayanin game da abubuwan da mutum yake so kuma kuna da bayanan da za ku samar da samfurin phishing. Ko da ba za mu iya samun mutanen da ke da irin wannan bayanin ba, koyaushe akwai gidan yanar gizon kamfani inda za mu iya samun duk bayanan da muke sha'awar (imel na yanki, lambobin sadarwa, haɗin kai).
-
Kaddamar da yakin neman zabe.
Da zarar kana da allo a wurin, za ka iya amfani da kayan aikin kyauta ko biyan kuɗi don ƙaddamar da kamfen ɗin ku da aka yi niyya. Yayin aikin aikawa, zaku tara ƙididdiga: saƙon wasiku, buɗe wasiku, danna hanyoyin haɗin gwiwa, shigar da takaddun shaida, da sauransu.
Products a kasuwa
Masu kai hari da ma'aikatan tsaron bayanan kamfani na iya amfani da phishing don gudanar da ci gaba da duba halin ma'aikata. Menene kasuwar mafita na kyauta da kasuwanci don tsarin horarwa ta atomatik don ma'aikatan kamfanin ke ba mu:
-
wani buɗaɗɗen aiki ne wanda ke ba ku damar ƙaddamar da yaƙin neman zaɓe don duba ilimin IT na ma'aikatan ku. Zan yi la'akari da fa'idodin zama sauƙi na ƙaddamarwa da ƙananan buƙatun tsarin. Rashin lahani shine rashin tsarin aika imel da aka shirya, rashin gwaje-gwaje da kayan horo ga ma'aikata.
-
- rukunin yanar gizon da ke da ɗimbin samfuran da ake samu don ma'aikatan gwaji.
-
- tsarin sarrafa kansa don gwaji da horar da ma'aikata. Yana da nau'ikan samfura daban-daban waɗanda ke tallafawa daga ma'aikata 10 zuwa sama da 1000. Kwasa-kwasan horon sun haɗa da ka'ida da ayyuka masu amfani; yana yiwuwa a gano buƙatu bisa kididdigar da aka samu bayan yaƙin neman zaɓe. Maganin shine kasuwanci tare da yiwuwar amfani da gwaji.
-
- horo na atomatik da tsarin kulawa da tsaro. Samfurin kasuwanci yana ba da harin horo na lokaci-lokaci, horar da ma'aikata, da sauransu. Ana ba da yaƙin neman zaɓe azaman sigar demo, wanda ya haɗa da jigilar samfura da gudanar da harin horo uku.
Abubuwan da ke sama wani ɓangare ne kawai na samfuran da ake da su akan kasuwar horar da ma'aikata ta atomatik. Tabbas kowanne yana da nasa amfani da rashin amfaninsa. Yau za mu saba , kwaikwayi harin phishing, kuma bincika zaɓuɓɓukan da ke akwai.
GoPhish
Don haka, lokaci ya yi da za a yi aiki. Ba a zaɓi GoPhish da kwatsam ba: kayan aiki ne mai sauƙin amfani tare da fasali masu zuwa:
-
Sauƙaƙe shigarwa da farawa.
-
REST API goyon baya. Yana ba ku damar ƙirƙirar tambayoyi daga kuma yi amfani da rubutun atomatik.
-
Ingantacciyar hanyar sarrafa hoto mai dacewa.
-
Giciye-dandamali.
Ƙungiyar ci gaba ta shirya mai kyau akan turawa da daidaitawa GoPhish. A gaskiya ma, duk abin da kuke buƙatar ku yi shi ne ku je , zazzage tarihin ZIP don OS mai dacewa, gudanar da fayil ɗin binary na ciki, bayan haka za'a shigar da kayan aikin.
MUHIMMAN SANARWA!
A sakamakon haka, ya kamata ku karɓi bayanan tasha game da tashar da aka tura, da kuma bayanan izini (masu dacewa ga nau'ikan da suka girmi sigar 0.10.1). Kar a manta da kiyaye kalmar sirri don kanku!
msg="Please login with the username admin and the password <ПАРОЛЬ>"Fahimtar saitin GoPhish
Bayan shigarwa, za a ƙirƙiri fayil ɗin sanyi (config.json) a cikin kundin aikace-aikacen. Bari mu bayyana sigogin canza shi:
Key
Darajar (tsoho)
Description
admin_server.listen_url
127.0.0.1:3333
Adireshin IP na uwar garken GoPhish
admin_server.use_tls
arya
Ana amfani da TLS don haɗi zuwa uwar garken GoPhish
hanyar admin_server.cert
misali.crt
Hanyar zuwa takardar shaidar SSL don tashar mai gudanarwa ta GoPhish
hanyar admin_server.key
misali.key
Hanya zuwa maɓallin SSL mai zaman kansa
phish_server.listen_url
0.0.0.0:80
Adireshin IP da tashar jiragen ruwa inda shafin yanar gizon ya kasance yana karbar bakuncin (ta tsohuwa ana shirya shi akan sabar GoPhish kanta akan tashar jiragen ruwa 80)
-> Je zuwa tashar gudanarwa. A wajenmu: https://127.0.0.1:3333
-> Za a umarce ku da ku canza madaidaiciyar kalmar sirri zuwa mafi sauki ko akasin haka.
Ƙirƙirar bayanan mai aikawa
Jeka shafin "Aika Bayanan Bayani" kuma samar da bayanai game da mai amfani wanda daga gareshi sakonmu zai samo asali:
Inda:
sunan
Sunan mai aikawa
daga
Imel na mai aikawa
watsa shiri
Adireshin IP na sabar saƙon da za a saurari saƙo mai shigowa daga gare ta.
Sunan mai amfani
Shigar da asusun mai amfani uwar garken sabar.
Kalmar siri
Kalmar sirrin asusun mai amfani uwar garke.
Hakanan zaka iya aika saƙon gwaji don tabbatar da nasarar isarwa. Ajiye saitunan ta amfani da maɓallin "Ajiye bayanan martaba".
Ƙirƙirar ƙungiyar masu karɓa
Na gaba, yakamata ku samar da ƙungiyar masu karɓa na “sarkar haruffa”. Je zuwa "User & Groups" → "Sabon Ƙungiya". Akwai hanyoyi guda biyu don ƙarawa: da hannu ko shigo da fayil ɗin CSV.
Hanya ta biyu tana buƙatar filayen da ake buƙata:
-
Sunan rana
-
Sunan mahaifa
-
Emel
-
Matsayi
Misali:
First Name,Last Name,Position,Email
Richard,Bourne,CEO,[email protected]
Boyd,Jenius,Systems Administrator,[email protected]
Haiti,Moreo,Sales & Marketing,[email protected]Ƙirƙirar Samfuran Imel na Ƙira
Da zarar mun gano maharin maharin da wadanda abin ya shafa, muna buƙatar ƙirƙirar samfuri mai saƙo. Don yin wannan, je zuwa sashin "Sabunta Imel" → "Sabon Samfura".
Lokacin ƙirƙirar samfuri, ana amfani da hanyar fasaha da ƙirƙira; ya kamata a ƙayyade saƙo daga sabis ɗin wanda zai saba wa masu amfani da abin ya shafa ko kuma zai haifar musu da wani martani. Zaɓuɓɓuka masu yiwuwa:
sunan
Sunan samfuri
subject
Batun wasiƙa
Rubutu/HTML
Filin shigar da rubutu ko lambar HTML
Gophish yana goyan bayan shigo da haruffa, amma za mu ƙirƙiri namu. Don yin wannan, muna kwatanta wani labari: mai amfani da kamfani ya karɓi wasiƙa yana tambayarsa ya canza kalmar sirri daga imel ɗin kamfani. Na gaba, bari mu bincika yadda ya amsa kuma mu kalli “kama” namu.
Za mu yi amfani da ginanniyar masu canji a cikin samfuri. Ana iya samun ƙarin cikakkun bayanai a sama sashe .
Da farko, bari mu loda rubutu mai zuwa:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
IT TeamSaboda haka, za a shigar da sunan mai amfani ta atomatik (bisa ga abin da aka kayyade a baya "Sabon Ƙungiya") kuma za a nuna adireshin gidan waya.
Na gaba, ya kamata mu samar da hanyar haɗi zuwa albarkatun mu na phishing. Don yin wannan, haskaka kalmar "a nan" a cikin rubutu kuma zaɓi zaɓin "Haɗi" akan kwamitin kulawa.
Za mu saita URL ɗin zuwa madaidaicin ginannen {{.URL}}, wanda zamu cika daga baya. Za a saka shi ta atomatik a cikin rubutun imel ɗin phishing.
Kafin ajiye samfurin, kar a manta don kunna zaɓin "Ƙara Hoton Bibiya". Wannan zai ƙara ɓangaren watsa labarai na pixel 1x1 wanda zai bi diddigin ko mai amfani ya buɗe imel.
Don haka, babu sauran da yawa, amma da farko za mu taƙaita matakan da ake buƙata bayan shiga cikin tashar Gophish:
-
Ƙirƙirar bayanan mai aikawa;
-
Ƙirƙirar ƙungiyar rarraba inda kuka ƙayyade masu amfani;
-
Ƙirƙiri samfurin imel na phishing.
Na yarda, saitin bai ɗauki lokaci mai yawa ba kuma mun kusan shirye mu ƙaddamar da yaƙin neman zaɓe. Abin da ya rage shi ne ƙara shafin phishing.
Ƙirƙirar shafin phishing
Je zuwa shafin "Landing Pages".
Za a sa mu bayyana sunan abin. Yana yiwuwa a shigo da wurin tushen. A cikin misalinmu, na yi ƙoƙarin tantance tashar yanar gizo mai aiki na sabar saƙon. Saboda haka, an shigo da shi azaman lambar HTML (amma ba gaba ɗaya ba). Waɗannan zaɓuɓɓukan masu ban sha'awa ne don ɗaukar shigarwar mai amfani:
-
Ɗauki bayanan da aka ƙaddamar. Idan ƙayyadadden shafin yanar gizon ya ƙunshi nau'ikan shigarwa daban-daban, to duk bayanai za a yi rikodin su.
-
Ɗauki kalmomin shiga - kama shigar kalmomin shiga. Ana rubuta bayanai zuwa ga bayanan GoPhish ba tare da ɓoyewa ba, kamar yadda yake.
Bugu da ƙari, za mu iya amfani da zaɓin "Komawa zuwa", wanda zai tura mai amfani zuwa wani takamaiman shafi bayan shigar da takaddun shaida. Bari in tunatar da ku cewa mun saita yanayin inda aka sa mai amfani ya canza kalmar sirri ta imel na kamfani. Don yin wannan, an ba shi shafin yanar gizon izinin wasiku na karya, bayan haka ana iya aika mai amfani zuwa duk wani albarkatun kamfani.
Kar ka manta don adana shafin da aka kammala kuma je zuwa sashin "Sabon Gangamin".
Kaddamar da kamun kifi na GoPhish
Mun bayar da duk mahimman bayanai. A cikin shafin "Sabon Gangamin", ƙirƙirar sabon yaƙin neman zaɓe.
Kaddamar da yakin neman zabe
Inda:
sunan
Sunan kamfen
Samfurin Imel
Samfurin saƙo
Landing Page
Shafin phishing
URL
IP na sabar GoPhish ɗin ku (dole ne ya sami damar hanyar sadarwa tare da mai masaukin wanda abin ya shafa)
Ranar Kaddamarwa
Ranar farawa yakin
Aika Imel Ta
Kwanan Ƙarshen yaƙin neman zaɓe (ana rarraba wasiku daidai gwargwado)
Bayanin Aiki
Bayanin mai aikawa
Groups
Ƙungiyar masu karɓa ta aikawasiku
Bayan farawa, koyaushe zamu iya sanin kididdiga, wanda ke nuna: saƙonnin da aka aika, saƙonnin buɗewa, danna kan hanyoyin haɗin gwiwa, bayanan hagu da aka canjawa wuri zuwa spam.
Daga ƙididdiga mun ga cewa an aiko da saƙo 1, bari mu duba saƙon daga ɓangaren mai karɓa:
Lallai, wanda aka azabtar ya sami nasarar karɓar imel ɗin phishing yana tambayarsa ya bi hanyar haɗi don canza kalmar sirri ta asusun kamfani. Muna aiwatar da ayyukan da aka nema, an aika mu zuwa Shafukan Saukowa, menene game da kididdigar?
Sakamakon haka, mai amfani da mu ya danna hanyar haɗin yanar gizo, inda zai iya barin bayanin asusunsa.
Bayanan marubuci: ba a yi rikodin tsarin shigar da bayanai ba saboda amfani da shimfidar gwaji, amma akwai irin wannan zaɓi. Koyaya, ba a ɓoye abun ciki kuma ana adana shi a cikin ma'ajin bayanai na GoPhish, da fatan za a tuna da wannan.
Maimakon a ƙarshe
A yau mun tabo batun batun gudanar da horarwa ta atomatik ga ma'aikata don kare su daga hare-haren phishing da haɓaka ilimin IT a cikin su. An tura Gophish azaman mafita mai araha, wanda ya nuna kyakkyawan sakamako dangane da lokacin turawa da sakamako. Tare da wannan kayan aiki mai sauƙi, zaku iya duba ma'aikatan ku kuma ku samar da rahotanni game da halayensu. Idan kuna sha'awar wannan samfurin, muna ba da taimako wajen tura shi da duba ma'aikatan ku ([email kariya]).
Duk da haka, ba za mu tsaya a sake nazarin mafita ɗaya ba da kuma shirin ci gaba da zagayowar, inda za mu yi magana game da hanyoyin kasuwanci don sarrafa tsarin horo da kuma kula da tsaro na ma'aikata. Ku zauna tare da mu kuma ku yi hankali!
source: www.habr.com