Barka da zuwa labari na uku a cikin jerin game da sabon na'ura mai sarrafa kariyar kwamfuta ta tushen girgije - Check Point SandBlast Agent Platform. Bari in tunatar da ku cewa in mun saba da Infinity Portal kuma mun ƙirƙiri sabis ɗin sarrafa wakili na tushen girgije, Sabis na Gudanar da Ƙarshen. A ciki Mun yi nazarin haɗin gwiwar sarrafa kayan aikin gidan yanar gizo kuma mun shigar da wakili tare da madaidaicin manufa akan injin mai amfani. A yau za mu duba abubuwan da ke cikin daidaitattun manufofin tsaro na Rigakafin Barazana da gwada tasirin sa wajen fuskantar hare-haren da suka shahara.
Matsayin Manufofin Rigakafin Barazana: Bayani
Hoton da ke sama yana nuna daidaitattun ƙa'idodin ƙa'idar Rigakafin Barazana, wanda ta tsohuwa ya shafi ƙungiyar gabaɗaya (duk wakilan da aka shigar) kuma sun haɗa da ƙungiyoyin ma'ana guda uku na abubuwan kariya: Yanar Gizo & Fayiloli Kariyar, Kariyar Halayyar da Bincike & Gyarawa. Bari mu dubi kowane rukuni.
Kariyar Yanar Gizo & Fayiloli
Tace URL
Tacewar URL yana ba ku damar sarrafa damar mai amfani zuwa albarkatun yanar gizo, ta amfani da ƙayyadaddun rukunan rukunin yanar gizo guda 5. Kowane nau'i na 5 ya ƙunshi ƙarin ƙayyadaddun ƙayyadaddun ƙananan rukunoni da yawa, waɗanda ke ba ku damar daidaitawa, misali, toshe damar shiga rukunin wasannin da ba da damar shiga sashin Saƙon take, waɗanda ke cikin nau'in Asarar Samfurin iri ɗaya. URLs masu alaƙa da ƙayyadaddun rukunoni an ƙaddara su ta Check Point. Kuna iya bincika nau'in da takamaiman URL ke cikinsa ko buƙatar jujjuya rukuni akan wata hanya ta musamman .
Ana iya saita matakin zuwa Hana, Gane ko Kashe. Hakanan, lokacin zabar aikin Gane, ana ƙara saiti ta atomatik wanda ke bawa masu amfani damar tsallake gargaɗin Tacewar URL kuma su je wurin albarkatun ban sha'awa. Idan aka yi amfani da Prevent, za a iya cire wannan saitin kuma mai amfani ba zai iya shiga wurin da aka haramta ba. Wata hanyar da ta dace don sarrafa albarkatun da aka haramta ita ce saita Toshe List, wanda za ku iya ƙayyade yanki, adiresoshin IP, ko loda fayil ɗin .csv tare da jerin wuraren da za a toshe.
A cikin daidaitaccen tsari don Tacewar URL, an saita aikin zuwa Gane kuma an zaɓi nau'i ɗaya - Tsaro, wanda za a gano abubuwan da suka faru. Wannan rukunin ya ƙunshi nau'ikan masu ɓoye bayanan, shafuka masu mahimmin matakin haɗari/Maɗaukaki/Matsakaici, rukunin yanar gizo, spam da ƙari. Duk da haka, masu amfani za su iya samun dama ga albarkatun godiya ga "Bada mai amfani ya watsar da faɗakarwar Tacewar URL da samun dama ga saitin gidan yanar gizon".
Zazzage (web) Kariya
Emulation & Extraction yana ba ku damar yin koyi da fayilolin da aka zazzage a cikin akwatin akwatin gajimare na Check Point da tsaftace takardu akan tashi, cire abubuwan da ke da yuwuwar qeta, ko canza takaddar zuwa PDF. Akwai hanyoyin aiki guda uku:
- Hana - ba ku damar samun kwafin takaddun da aka tsaftace kafin yanke hukunci na ƙarshe, ko jira kwaikwayo don kammalawa da saukar da ainihin fayil ɗin nan da nan;
- Gano - yana aiwatar da kwaikwaya a bango, ba tare da hana mai amfani ba daga karɓar ainihin fayil ɗin ba, ba tare da la'akari da hukuncin ba;
- off - Ana ba da izinin zazzage kowane fayiloli ba tare da yin kwaikwaya da tsaftace abubuwan da ke da yuwuwar qeta ba.
Hakanan yana yiwuwa a zaɓi wani aiki don fayiloli waɗanda ba su da goyan bayan kwaikwayo na Check Point da kayan aikin tsaftacewa - kuna iya ba da izini ko ƙin zazzage duk fayilolin da ba su da tallafi.
An saita daidaitaccen tsarin kariyar Zazzagewa zuwa Hana, wanda ke ba ka damar samun kwafin ainihin takaddar da aka share daga abubuwan da ke da yuwuwar qeta, da kuma ba da damar zazzage fayilolin da ba su da tallafi ta hanyar kwaikwaya da kayan aikin tsaftacewa.
Kariya Takaddun shaida
Bangaren Kariyar Ƙirar yana kare bayanan mai amfani kuma ya haɗa da abubuwa 2: Zero Phishing da Kariyar Kalmar wucewa. Sifili Fishing yana kare masu amfani daga samun damar albarkatun phishing, kuma Password Kariya yana sanar da mai amfani game da rashin amincewar yin amfani da takaddun shaida na kamfani a wajen yankin da aka kare. Za a iya saita sifilin ƙwanƙwasa don Hana, Gane ko Kashe. Lokacin da aka saita aikin Hana, yana yiwuwa a ƙyale masu amfani su yi watsi da gargaɗin game da yuwuwar hanyar phishing da samun dama ga albarkatun, ko don musaki wannan zaɓi da toshe shiga har abada. Tare da aikin Ganewa, masu amfani koyaushe suna da zaɓi don yin watsi da gargaɗin da samun damar albarkatun. Kariyar Kalmar wucewa tana ba ka damar zaɓar wuraren da aka kare waɗanda za a bincika kalmomin shiga don bin ka'ida, da ɗayan ayyuka uku: Gano & Faɗakarwa (sanar da mai amfani), Gano ko Kashe.
Ma'auni na Kariyar Kariya shine don hana duk wani albarkatun phishing hana masu amfani shiga wani rukunin yanar gizo mai yuwuwar qeta. Hakanan ana ba da kariya ga amfani da kalmomin shiga na kamfani, amma idan ba tare da ƙayyadadden yanki ba wannan fasalin ba zai yi aiki ba.
Kariyar Fayiloli
Kariyar Fayiloli yana da alhakin kare fayilolin da aka adana akan injin mai amfani kuma ya haɗa da abubuwa biyu: Anti-Malware da Fayilolin Barazana Kwaikwayo. Anti-malware kayan aiki ne da ke bincikar duk mai amfani da fayilolin tsarin akai-akai ta amfani da nazarin sa hannu. A cikin saitunan wannan bangaren, zaku iya saita saitunan don dubawa na yau da kullun ko lokutan dubawa bazuwar, lokacin sabunta sa hannu, da ikon masu amfani don soke binciken da aka tsara. Fayilolin Barazana Kwaikwayo yana ba ku damar kwaikwayi fayilolin da aka adana akan na'urar mai amfani a cikin akwatin akwatin gajimare na Check Point, duk da haka, wannan yanayin tsaro yana aiki ne kawai a yanayin Ganewa.
Madaidaicin manufa don Kariyar Fayiloli sun haɗa da kariya tare da Anti-Malware da gano fayilolin ƙeta tare da Fayilolin Barazana Kwaikwayo. Ana gudanar da bincike na yau da kullun kowane wata, kuma ana sabunta sa hannu akan na'urar mai amfani kowane awa 4. A lokaci guda, ana saita masu amfani don su iya soke binciken da aka tsara, amma ba a wuce kwanaki 30 daga ranar binciken da aka yi nasara na ƙarshe ba.
Kariyar Halaye
Anti-Bot, Kariyar Halayyar & Anti-Ransomware, Anti-Exploit
Ƙungiyar Kariyar Halayyar kayan kariya ta ƙunshi abubuwa uku: Anti-Bot, Tsaron Halayyan & Anti-Ransomware da Anti-Exploit. Anti-Bot yana ba ku damar saka idanu da toshe haɗin C&C ta amfani da sabunta bayanan Check Point ThreatCloud. Kariyar Halayyar & Anti-Ransomware koyaushe yana sa ido kan ayyuka (fayil, matakai, hulɗar cibiyar sadarwa) akan injin mai amfani kuma yana ba ku damar hana hare-haren ransomware a matakin farko. Bugu da ƙari, wannan ɓangaren kariya yana ba ku damar maido da fayilolin da malware suka rigaya ya ɓoye su. Ana mayar da fayiloli zuwa ga kundayen adireshi na asali, ko kuma za ku iya saka takamaiman hanyar da za a adana duk fayilolin da aka kwato. Anti-Exploit yana ba ku damar gano hare-haren kwana-kwana. Duk abubuwan Kariyar Halayyar suna goyan bayan hanyoyin aiki guda uku: Hana, Ganewa da Kashe.
Madaidaicin manufa don Kariyar Halayyar yana ba da Hana don Anti-Bot da Guard Halay & Abubuwan Anti-Ransomware, tare da maido da rufaffiyar fayiloli a cikin kundayen adireshi na asali. An kashe bangaren Anti-Exploit kuma ba a amfani da shi.
Nazari & Gyara
Binciken Harin Kai Kai tsaye (Kwayoyin Shari'a), Gyara & Amsa
Akwai bangarorin tsaro guda biyu don bincike da bincike kan lamuran tsaro: Attack Attack Analysis (Forensics) da Remediation & Response. Binciken Harin Kai tsaye (Forensics) yana ba ku damar samar da rahotanni kan sakamakon tunkuɗe hare-hare tare da cikakken bayani - kai tsaye zuwa nazarin tsarin aiwatar da malware akan na'urar mai amfani. Hakanan yana yiwuwa a yi amfani da fasalin Farauta na Barazana, wanda ke ba da damar a binciko abubuwan da ba su da kyau da kuma yiwuwar mugun hali ta hanyar amfani da ƙayyadaddun ƙirƙira ko ƙirƙira masu tacewa. Gyara & Amsa yana ba ku damar saita saitunan don dawo da keɓancewar fayiloli bayan harin: ana daidaita hulɗar mai amfani tare da fayilolin keɓe, kuma yana yiwuwa a adana fayilolin keɓe a cikin kundin adireshi da mai gudanarwa ya ayyana.
Manufofin Bincike & Gyarawa ya haɗa da kariya, wanda ya haɗa da ayyuka na atomatik don farfadowa (ƙarewa matakai, maido da fayiloli, da dai sauransu), kuma zaɓin aika fayiloli zuwa keɓe yana aiki, kuma masu amfani kawai za su iya share fayiloli daga keɓe.
Matsayin Manufofin Rigakafin Barazana: Gwaji
Duba Point CheckMe Endpoint
Hanya mafi sauri kuma mafi sauƙi don bincika amincin na'urar mai amfani da mafi mashahuri nau'ikan hare-hare ita ce yin gwaji ta amfani da albarkatun. , wanda ke aiwatar da yawan hare-hare na yau da kullun na nau'ikan nau'ikan daban-daban kuma yana ba ku damar samun rahoto kan sakamakon gwaji. A wannan yanayin, an yi amfani da zaɓin gwaji na Ƙarshen, inda aka zazzage fayil ɗin da za a iya aiwatarwa kuma a ƙaddamar da shi a kan kwamfutar, sannan aikin tantancewa ya fara.
A cikin aiwatar da bincika amincin kwamfutar da ke aiki, SandBlast Agent yana yin ishara game da ganowa da kuma nuna hare-hare akan kwamfutar mai amfani, alal misali: Blade Anti-Bot ya ba da rahoton gano kamuwa da cuta, ruwan Anti-Malware ya gano kuma ya share CP_AM.exe mai cutarwa, kuma Tushen Ƙirar Barazana ya shigar cewa fayil ɗin CP_ZD.exe na mugunta ne.
Dangane da sakamakon gwaji ta amfani da CheckMe Endpoint, muna da sakamako mai zuwa: daga cikin nau'ikan hari guda 6, ƙa'idar Rigakafin Barazana ta kasa jurewa nau'i ɗaya kawai - Browser Exploit. Wannan saboda daidaitaccen manufar Rigakafin Barazana bai haɗa da ɓangarorin Anti-Exploit ba. Ya kamata a lura cewa ba tare da shigar da Wakilin SandBlast ba, kwamfutar mai amfani ta wuce binciken kawai a ƙarƙashin nau'in Ransomware.
KnowBe4 RanSim
Don gwada aikin ruwan Anti-Ransomware, zaku iya amfani da mafita kyauta , wanda ke gudanar da jerin gwaje-gwaje akan na'urar mai amfani: 18 cututtukan cututtuka na ransomware da 1 yanayin kamuwa da cuta na cryptominer. Ya kamata a lura da cewa kasancewar yawan ruwan wukake a cikin daidaitattun manufofin (Thanzarta Emulation, Anti-Malware, Behavioral Guard) tare da aikin hanawa baya ƙyale wannan gwajin yayi daidai. Koyaya, ko da tare da rage matakin tsaro (Tsarin Kwaikwayo a Yanayin Kashe), Gwajin Anti-Ransomware yana nuna babban sakamako: 18 cikin 19 gwaje-gwaje sun ci nasara cikin nasara (1 ya kasa farawa).
Fayilolin qeta da takardu
Yana da nuni don duba aiki na wukake daban-daban na daidaitaccen manufar Rigakafin Barazana ta amfani da miyagu fayilolin shahararrun nau'ikan da aka sauke zuwa na'urar mai amfani. Wannan gwajin ya ƙunshi fayiloli 66 a cikin PDF, DOC, DOCX, EXE, XLS, XLSX, CAB, RTF. Sakamakon gwajin ya nuna cewa Wakilin SandBlast ya sami damar toshe fayilolin qeta 64 daga cikin 66. An goge fayilolin da suka kamu da cutar bayan an zazzagewa, ko kuma an share su daga mugun abun ciki ta amfani da Haɓakar Barazana kuma mai amfani ya karɓa.
Shawarwari don inganta manufar Rigakafin Barazana
1. URL Tace
Abu na farko da ake buƙatar gyara a cikin daidaitattun manufofin don haɓaka matakin tsaro na na'urar abokin ciniki shine canza URL ɗin Tace ruwa don Hana da kuma ƙayyade nau'ikan da suka dace don toshewa. A cikin yanayinmu, an zaɓi duk nau'ikan sai dai Amfani da Gabaɗaya, tunda sun haɗa da yawancin albarkatun da ya wajaba don iyakance damar masu amfani a wurin aiki. Har ila yau, don irin waɗannan shafuka, yana da kyau a cire ikon masu amfani don tsallake taga gargadi ta hanyar cirewa "Bada mai amfani ya watsar da faɗakarwar Tacewar URL da samun dama ga shafin yanar gizon".
2.Download Kariya
Zabi na biyu da ya kamata a kula da shi shine ikon masu amfani don zazzage fayilolin da ba su da tallafi ta hanyar Check Point. Tun da a cikin wannan sashe muna duban ingantawa ga daidaitattun manufofin Rigakafin Barazana daga yanayin tsaro, mafi kyawun zaɓi shine toshe zazzage fayilolin da ba su da tallafi.
3. Kariyar Fayiloli
Hakanan kuna buƙatar kula da saitunan don kare fayiloli - musamman, saitunan don dubawa lokaci-lokaci da kuma ikon mai amfani don jinkirta binciken tilastawa. A wannan yanayin, dole ne a yi la'akari da tsarin lokaci na mai amfani, kuma zaɓi mai kyau daga tsaro da ra'ayi na aiki shine saita gwajin tilasta yin aiki kowace rana, tare da lokacin da aka zaɓa ba da gangan (daga 00:00 zuwa 8: 00), kuma mai amfani zai iya jinkirta binciken har tsawon mako guda.
4. Anti-Exploit
Muhimmin koma baya na daidaitaccen manufar Rigakafin Barazana shine cewa an kashe wuƙar Anti-Exploit. Ana ba da shawarar ba da damar wannan ruwa tare da aikin Hana don kare wurin aiki daga hare-hare ta amfani da abubuwan amfani. Tare da wannan gyara, an kammala gwajin CheckMe cikin nasara ba tare da gano lahani akan na'urar samar da mai amfani ba.
ƙarshe
Bari mu taƙaita: a cikin wannan labarin mun san abubuwan da ke daidai da daidaitattun manufofin Rigakafin Barazana, mun gwada wannan manufar ta amfani da hanyoyi da kayan aiki daban-daban, kuma mun bayyana shawarwarin inganta saitunan daidaitattun manufofin don ƙara matakin tsaro na injin mai amfani. . A cikin labarin na gaba a cikin jerin, za mu ci gaba zuwa nazarin manufofin Kariyar bayanai da duba Saitunan Manufofin Duniya.
. Don kar a rasa wallafe-wallafen na gaba kan batun SandBlast Agent Management Platform, bi sabuntawa akan hanyoyin sadarwar mu (, , , , ).
source: www.habr.com