1. Kuphunzitsa ogwiritsa ntchito zoyambira zachitetezo chazidziwitso. Kulimbana ndi phishing
Masiku ano, woyang'anira ma netiweki kapena injiniya woteteza zidziwitso amathera nthawi yochulukirapo komanso kuyesetsa kuti ateteze kuzungulira kwa mabizinesi ku zoopsa zosiyanasiyana, kudziwa njira zatsopano zopewera ndikuwunika zochitika, koma ngakhale izi sizitanthauza chitetezo chokwanira. Social engineering imagwiritsidwa ntchito ndi omwe akuwukira ndipo imatha kukhala ndi zotsatirapo zoyipa.
Kodi ndi kangati mwadzipeza nokha mukuganiza kuti: "Zingakhale zabwino kukonza mayeso kwa ogwira ntchito pa chidziwitso cha chitetezo cha chidziwitso"? Tsoka ilo, malingaliro amathamangira kukhoma la kusamvetsetsana mwa mawonekedwe a kuchuluka kwa ntchito kapena nthawi yochepa pa tsiku logwira ntchito. Tikukonzekera kukuuzani zazinthu zamakono ndi matekinoloje okhudzana ndi maphunziro a anthu ogwira ntchito, zomwe sizidzafuna maphunziro aatali oyendetsa ndege kapena kukhazikitsa, koma zonse zomwe zili mu dongosolo.
Theoretical maziko
Masiku ano, oposa 80% a mafayilo oyipa amagawidwa kudzera pa imelo (deta yotengedwa kuchokera ku malipoti kuchokera kwa akatswiri a Check Point chaka chatha pogwiritsa ntchito Intelligence Reports service).
Lipoti kwa masiku 30 apitawa pa vekitala yowukira yogawa mafayilo oyipa (Russia) - Check Point
Izi zikusonyeza kuti zomwe zili mu mauthenga a imelo ndizosavuta kugwiriridwa ndi omwe akuukira. Ngati tilingalira za mafayilo owopsa omwe ali muzowonjezera (EXE, RTF, DOC), ndizoyenera kudziwa kuti, monga lamulo, amakhala ndi zinthu zodziwikiratu za ma code (zolemba, macros).
Lipoti lapachaka pamafayilo omwe adalandira mauthenga oyipa - Check Point
AntiSpam - kuyang'ana wolandila / wotumiza adani kuti ali ndi mbiri.
Ndipo, mwamalingaliro, izi ndi zokwanira, koma palinso chinthu china chofunikira kwambiri kwa kampani - deta yamakampani ndi yaumwini ya antchito. M'zaka zaposachedwa, kutchuka kwa mtundu wotsatira wachinyengo pa intaneti kwakula kwambiri:
Phishing (Chingerezi phishing, kuchokera ku nsomba - kuwedza, kusodza) - mtundu wachinyengo pa intaneti. Cholinga chake ndikupeza chidziwitso cha ogwiritsa ntchito. Izi zikuphatikiza kuba kwa mawu achinsinsi, manambala a kirediti kadi, maakaunti aku banki ndi zidziwitso zina.
Zigawenga zikuwongolera njira zochitira chinyengo, kulozeranso zopempha za DNS kuchokera patsamba lodziwika bwino, ndikuyambitsa kampeni yonse pogwiritsa ntchito uinjiniya wa anthu kutumiza maimelo.
GoPhish ndi pulojekiti yotseguka yomwe imakulolani kuti mugwiritse ntchito kampeni yachinyengo kuti muwone luso la IT la antchito anu. Ndikadawona zabwino zake kukhala zosavuta zotumizira komanso zofunikira zochepa pamakina. Zoyipa zake ndi kusowa kwa ma tempulo okonzeka otumizira, kusowa kwa mayeso ndi zida zophunzitsira antchito.
DziwaniBe4 - malo omwe ali ndi zinthu zambiri zomwe zilipo zoyesa anthu ogwira ntchito.
Phishman - makina opangira kuyesa ndi kuphunzitsa antchito. Ili ndi mitundu yosiyanasiyana yazogulitsa zomwe zimathandizira kuyambira 10 mpaka antchito opitilira 1000. Maphunzirowa amaphatikizapo malingaliro ndi ntchito zothandiza; ndizotheka kuzindikira zosowa potengera ziwerengero zomwe zapezeka pambuyo pa kampeni yachinyengo. Yankho lake ndi lamalonda ndi mwayi wogwiritsa ntchito mayesero.
Anti-phishing - Makina ophunzitsira ndi kuwunikira chitetezo. Zogulitsa zamalonda zimapereka kuukira kwanthawi ndi nthawi, kuphunzitsa antchito, ndi zina. Kampeni imaperekedwa ngati chiwonetsero chazogulitsa, chomwe chimaphatikizapo kuyika ma templates ndikuchita ziwonetsero zitatu zophunzitsira.
Mayankho omwe ali pamwambawa ndi gawo chabe lazinthu zomwe zilipo pamsika wophunzitsira anthu ogwira ntchito. Inde, aliyense ali ndi ubwino wake ndi kuipa kwake. Lero tidziwana GoPhish, yerekezerani zachinyengo, ndikuwona zosankha zomwe zilipo.
GoPhish
Kotero, ndi nthawi yoti muzichita. GoPhish sinasankhidwe mwangozi: ndi chida chosavuta kugwiritsa ntchito chomwe chili ndi izi:
Kukhazikitsa kosavuta ndi kuyambitsa.
Chithandizo cha REST API. Imakulolani kuti mupange mafunso kuchokera zolemba ndi kugwiritsa ntchito zolemba zokha.
Yabwino zithunzi kuwongolera mawonekedwe.
Mtanda-nsanja.
Gulu lachitukuko lakonzekera bwino kwambiri wotsogolera pa kutumiza ndi kukonza GoPhish. M'malo mwake, zomwe muyenera kuchita ndikupita posungira, tsitsani zolemba za ZIP za OS yofananira, yendetsani fayilo ya binary yamkati, kenako chidacho chidzayikidwa.
ZOFUNIKA KWAMBIRI!
Zotsatira zake, muyenera kulandira mu terminal zidziwitso za portal yomwe yatumizidwa, komanso data yololeza (yoyenera kumasulira akale kuposa mtundu 0.10.1). Musaiwale kuti muteteze mawu achinsinsi anu!
msg="Please login with the username admin and the password <ΠΠΠ ΠΠΠ¬>"
Titazindikira yemwe akuwukirayo ndi omwe angakhale akuzunzidwa, tiyenera kupanga template yokhala ndi uthenga. Kuti muchite izi, pitani ku gawo la "Ma Templates a Imelo" β "Zatsopano Zatsopano".
Popanga template, njira yaukadaulo ndi yopangira imagwiritsidwa ntchito; uthenga wochokera ku ntchitoyo uyenera kufotokozedwa womwe udzakhala wodziwika kwa ogwiritsa ntchito omwe akuzunzidwa kapena ungawapangitse kuti achitepo kanthu. Zosankha zotheka:
dzina
Dzina lachitsanzo
mutu
Mutu wamakalata
Zolemba / HTML
Gawo lolowera zolemba kapena HTML code
Gophish imathandizira kuitanitsa zilembo, koma tidzapanga zathu. Kuti tichite izi, timatengera chitsanzo: wogwiritsa ntchito kampani amalandira kalata yomupempha kuti asinthe mawu achinsinsi kuchokera ku imelo yake yamakampani. Kenako, tiyeni tipende momwe iye amachitira ndikuyang'ana "kugwira" kwathu.
Tidzagwiritsa ntchito zosinthika zomangidwa mu template. Zambiri zitha kupezeka pamwambapa wotsogolera gawo Template Reference.
Choyamba, tiyeni tilowetse mawu otsatirawa:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
IT Team
Chifukwa chake, dzina la wogwiritsa ntchito lidzalowetsedwa (malinga ndi "Gulu Latsopano" lomwe latchulidwa kale) ndipo adilesi yake idzawonetsedwa.