Pali kale zolemba zingapo za Habré zaukadaulo wa Honeypot ndi Deception (, ). Komabe, tikukumanabe ndi kusamvetsetsa kusiyana pakati pa magulu awa a zida zodzitetezera. Kwa ichi, anzathu kuchokera (woyambitsa woyamba waku Russia ) adaganiza zofotokozera mwatsatanetsatane kusiyana, ubwino ndi zomangamanga za mayankhowa.
Tiyeni tiwone zomwe "miphika ya uchi" ndi "chinyengo" ndi:
"Matekinoloje achinyengo" adawonekera pamsika wachitetezo chazidziwitso posachedwa. Komabe, akatswiri ena amawonabe Chinyengo Chachitetezo kukhala miphika yapamwamba kwambiri ya uchi.
M'nkhaniyi tiyesa kuwunikira kufanana komanso kusiyana kwakukulu pakati pa mayankho awiriwa. Mu gawo loyamba, tikambirana za mphika wa uchi, momwe teknolojiyi idapangidwira komanso ubwino ndi kuipa kwake. Ndipo mu gawo lachiwiri, tikhala mwatsatanetsatane pa mfundo zoyendetsera nsanja zopangira zida zogawika (Chingerezi, Distributed Deception Platform - DDP).
Mfundo yofunikira pamiphika ya uchi ndikupangira misampha ya owononga. Njira zoyambilira za Chinyengo zidapangidwa pa mfundo yomweyo. Koma ma DDP amakono ndi apamwamba kwambiri kuposa miphika ya uchi, ponse pakugwira ntchito komanso moyenera. Mapulatifomu achinyengo akuphatikizapo: zonyenga, misampha, nyambo, mapulogalamu, deta, nkhokwe, Active Directory. Ma DDP amakono atha kupereka kuthekera kwamphamvu pakuzindikira ziwopsezo, kusanthula kuwukira, ndi kuyankha zokha.
Chifukwa chake, Chinyengo ndi njira yotsatsira mabizinesi a IT abizinesi ndi kubera osocheretsa. Zotsatira zake, nsanja zotere zimapangitsa kuti zitheke kuyimitsa ziwopsezo zisanawononge kwambiri katundu wakampani. Miphika ya uchi, ndithudi, ilibe magwiridwe antchito otere komanso kuchuluka kotereku, chifukwa chake kugwiritsa ntchito kwawo kumafuna ziyeneretso zambiri kuchokera kwa ogwira ntchito m'madipatimenti achitetezo azidziwitso.
1. Miphika ya uchi, Uchi ndi Sandboxing: zomwe zili ndi momwe zimagwiritsidwira ntchito
Mawu oti "miphika ya uchi" adagwiritsidwa ntchito koyamba mchaka cha 1989 m'buku la Clifford Stoll "The Cuckoo's Egg", lomwe limafotokoza zomwe zidachitika pakutsata wobera ku Lawrence Berkeley National Laboratory (USA). Lingaliro limeneli linagwiritsidwa ntchito mu 1999 ndi Lance Spitzner, katswiri wa chitetezo cha chidziwitso ku Sun Microsystems, yemwe anayambitsa polojekiti ya Honeynet Project. Mitsuko yoyamba ya uchi inali yofunika kwambiri, yovuta kukhazikitsa ndi kusamalira.
Tiyeni tione bwinobwino chomwe chiri honeypots и uchi. Honeypots ndi makamu omwe cholinga chake ndi kukopa omwe akuukira kuti alowe mu intaneti ya kampani ndikuyesera kuba deta yamtengo wapatali, komanso kukulitsa malo owonetsera maukonde. Honeypot (lomasuliridwa kuti "mbiya ya uchi") ndi seva yapadera yokhala ndi ma network osiyanasiyana ndi ma protocol, monga HTTP, FTP, etc. (onani mkuyu 1).
Ngati muphatikiza angapo honeypots mu netiweki, ndiye tidzapeza dongosolo bwino kwambiri uchi, zomwe zimatengera ma netiweki amakampani (ma seva apaintaneti, seva yamafayilo, ndi zida zina zamanetiweki). Yankho ili limakupatsani inu kumvetsetsa njira ya owukira ndikuwasokeretsa. Uchi wamba, monga lamulo, umagwira ntchito limodzi ndi maukonde ogwirira ntchito ndipo umakhala wodziyimira pawokha. "Ukonde" woterewu ukhoza kusindikizidwa pa intaneti kudzera pa njira ina; Ma adilesi a IP amathanso kuperekedwa kwa iwo (onani mkuyu 2).
Mfundo yogwiritsira ntchito uchi ndiyo kusonyeza wowonongayo kuti akuganiza kuti walowa mumsika wamakampani; Ndipotu, wowukirayo ali "malo akutali" ndipo akuyang'aniridwa ndi akatswiri a chitetezo cha chidziwitso (onani mkuyu 3).
Apa tiyeneranso kutchula chida ngati "sandbox"(Chingerezi, sandbox), yomwe imalola oukira kukhazikitsa ndikuyendetsa pulogalamu yaumbanda kumalo akutali komwe IT ingayang'anire zochita zawo kuti izindikire zoopsa zomwe zingachitike ndikuchitapo kanthu moyenera. Pakadali pano, sandboxing ikugwiritsidwa ntchito pamakina odzipatulira omwe ali pagulu. Komabe, ziyenera kuzindikirika kuti sandboxing imangowonetsa momwe mapulogalamu owopsa komanso oyipa amachitira, pomwe uchi umathandizira katswiri kusanthula machitidwe a "osewera owopsa."
Phindu lodziwikiratu la uchi ndi loti amasokeretsa oukira, kuwononga mphamvu zawo, chuma ndi nthawi. Chotsatira chake, mmalo mwa zolinga zenizeni, amaukira zabodza ndipo akhoza kusiya kumenyana ndi intaneti popanda kukwaniritsa chilichonse. Nthawi zambiri, matekinoloje a uchi amagwiritsidwa ntchito m'mabungwe aboma ndi mabungwe akuluakulu, mabungwe azachuma, chifukwa izi ndizomwe zimapangidwira kuukira kwakukulu kwa cyber. Komabe, mabizinesi ang'onoang'ono ndi apakatikati (SMBs) amafunikiranso zida zogwira mtima kuti ateteze zochitika zachitetezo cha chidziwitso, koma maukonde amtundu wa SMB sali osavuta kugwiritsa ntchito chifukwa chosowa antchito oyenerera pantchito zovuta zotere.
Kuchepa kwa Miphika ya Uchi ndi Mayankho a Uchi
Chifukwa chiyani miphika ya uchi ndi uchi si njira zabwino zothetsera ziwawa masiku ano? Tiyenera kuzindikira kuti kuwukira kukukulirakulira, mwaukadaulo wovuta komanso wokhoza kuwononga kwambiri zomangamanga za bungwe la IT, ndipo umbava wapaintaneti wafika pamlingo wosiyana kwambiri ndikuyimira mabizinesi amithunzi okonzedwa bwino omwe ali ndi zida zonse zofunika. Izi ziyenera kuwonjezeredwa "chinthu chaumunthu" (zolakwika mu mapulogalamu ndi mapulogalamu a hardware, zochita za anthu amkati, ndi zina zotero), kotero kugwiritsa ntchito teknoloji yokha kuti muteteze kuukira sikuli kokwanira pakalipano.
M'munsimu tikulemba zolephera zazikulu ndi kuipa kwa miphika ya uchi (uchi):
-
Miphika ya uchi idapangidwa kuti izindikire zowopseza zomwe zili kunja kwa maukonde amakampani, zimapangidwira m'malo mosanthula machitidwe a omwe akuwukira ndipo sanapangidwe kuti ayankhe mwachangu zowopseza.
-
Owukira, monga lamulo, aphunzira kale kuzindikira machitidwe otsatiridwa ndikupewa miphika ya uchi.
-
Ma honeynets (miphika ya uchi) ali ndi gawo lotsika kwambiri lolumikizana komanso kulumikizana ndi machitidwe ena achitetezo, chifukwa chake, pogwiritsa ntchito miphika ya uchi, zimakhala zovuta kudziwa zambiri za kuwukira ndi omwe akuwukira, chifukwa chake kuyankha mogwira mtima komanso mwachangu pazochitika zachitetezo chazidziwitso. . Komanso, akatswiri achitetezo azidziwitso amalandila zidziwitso zambiri zabodza.
-
Nthawi zina, achiwembu atha kugwiritsa ntchito mphika wovunda ngati poyambira kuti apitilize kuwukira maukonde a bungwe.
-
Mavuto nthawi zambiri amadza ndi scalability wa miphika ya uchi, mkulu ntchito katundu ndi kasinthidwe kachitidwe kameneka (amafunika akatswiri kwambiri oyenerera, alibe yabwino kasamalidwe mawonekedwe, etc.). Pali zovuta zambiri pakuyika miphika ya uchi m'malo apadera monga IoT, POS, cloud systems, etc.
2. Tekinoloje yachinyengo: ubwino ndi mfundo zoyendetsera ntchito
Titaphunzira zabwino zonse ndi kuipa kwa miphika ya uchi, timapeza kuti njira yatsopano yoyankhira zochitika zachitetezo chazidziwitso ndiyofunika kuti tipeze yankho lachangu komanso lokwanira pazochita za omwe akuukira. Ndipo njira yotereyi ndi teknoloji Chinyengo cha Cyber (Chinyengo chachitetezo).
Mawu akuti "Cyber deception", "Security deception", "Deception Technology", "Distributed Deception Platform" (DDP) ndi atsopano ndipo adawonekera osati kale kwambiri. M'malo mwake, mawu onsewa amatanthauza kugwiritsa ntchito "matekinoloje achinyengo" kapena "njira zofananira ndi zida za IT ndi ma disinformation a omwe akuukira." Mayankho osavuta kwambiri a Chinyengo ndi chitukuko cha malingaliro amiphika ya uchi, pokhapokha pamlingo wapamwamba kwambiri waukadaulo, womwe umaphatikizapo kudzidzimutsa kokulirapo kwa kuwopseza ndi kuyankha kwa iwo. Komabe, pali kale njira zazikulu za DDP-class pa msika zomwe zimakhala zosavuta kuyika ndi kukula, komanso zimakhala ndi zida zazikulu za "misampha" ndi "nyambo" kwa omwe akuukira. Mwachitsanzo, Kunyenga kumakupatsani mwayi wotengera zinthu za IT monga nkhokwe, malo ogwirira ntchito, ma routers, masiwichi, ma ATM, ma seva ndi SCADA, zida zamankhwala ndi IoT.
Kodi Distributed Deception Platform imagwira ntchito bwanji? DDP itatumizidwa, zomangamanga za IT za bungwe zidzamangidwa ngati kuti zimachokera ku zigawo ziwiri: gawo loyamba ndilo maziko enieni a kampaniyo, ndipo chachiwiri ndi "malo otsatiridwa" omwe ali ndi zowonongeka ndi nyambo. pazida zenizeni zapaintaneti (onani mkuyu 4).
Mwachitsanzo, wowukira amatha kupeza nkhokwe zabodza zokhala ndi "zikalata zachinsinsi", zidziwitso zabodza za omwe amati ndi "ogwiritsa ntchito mwayi" - zonsezi ndi zachinyengo zomwe zingasangalatse ophwanya, motero zimapatutsa chidwi chawo kuzinthu zenizeni zakampani (onani Chithunzi 5).
DDP ndi chinthu chatsopano pamsika wazinthu zachitetezo chazidziwitso; mayankho awa ali ndi zaka zochepa chabe ndipo mpaka pano ndi makampani okha omwe angakwanitse. Koma mabizinesi ang'onoang'ono ndi apakatikati posachedwa atenga mwayi pa Chinyengo pobwereka DDP kuchokera kwa othandizira apadera "monga ntchito." Njira iyi ndiyosavuta kwambiri, popeza sipafunikanso antchito anu oyenerera.
Ubwino waukulu waukadaulo wachinyengo ukuwonetsedwa pansipa:
-
Zowona (zowona). Ukadaulo wachinyengo umatha kutulutsanso malo enieni a IT akampani, kutengera makina ogwiritsira ntchito, IoT, POS, makina apadera (zachipatala, mafakitale, ndi zina), ntchito, ntchito, zidziwitso, ndi zina zambiri. Ma decoys amasakanizidwa mosamala ndi malo ogwirira ntchito, ndipo wowukira sangathe kuwazindikira ngati miphika ya uchi.
-
Kukhazikitsa. Ma DDP amagwiritsa ntchito kuphunzira makina (ML) pantchito yawo. Mothandizidwa ndi ML, kuphweka, kusinthasintha pazikhazikiko komanso kugwiritsa ntchito bwino kwa Chinyengo kumatsimikiziridwa. "Misampha" ndi "zonyenga" zimasinthidwa mwachangu kwambiri, kukopa wowukirayo kuti alowe mu "zabodza" za kampani ya IT, ndipo pakadali pano, makina owunikira apamwamba otengera luntha lochita kupanga amatha kuzindikira zochita za obera ndikuwaletsa (mwachitsanzo, kuyesa kupeza maakaunti achinyengo a Active Directory).
-
Ntchito yosavuta. Ma Platform Amakono Achinyengo Ogawidwa ndi osavuta kuwasamalira ndikuwongolera. Nthawi zambiri amayendetsedwa kudzera pakompyuta yapafupi kapena yamtambo, yokhala ndi kuthekera kophatikizana ndi kampani ya SOC (Security Operations Center) kudzera pa API komanso zowongolera zambiri zomwe zilipo. Kusamalira ndi kugwira ntchito kwa DDP sikufuna ntchito za akatswiri odziwa bwino chitetezo chazidziwitso.
-
Scalability. Chinyengo chachitetezo chikhoza kuyikidwa muzochitika zakuthupi, zenizeni komanso zamtambo. Ma DDP amagwiranso ntchito bwino ndi malo apadera monga IoT, ICS, POS, SWIFT, etc. Mapulatifomu achinyengo amatha kupanga "matekinoloje achinyengo" m'maofesi akutali ndi malo akutali, popanda kufunikira kowonjezera papulatifomu.
-
Kuyanjana. Pogwiritsa ntchito zowonongeka zamphamvu ndi zokopa zomwe zimachokera ku machitidwe enieni ogwiritsira ntchito ndikuyikidwa mwanzeru pakati pa zowonongeka zenizeni za IT, nsanja ya Chinyengo imasonkhanitsa zambiri zokhudza wowukirayo. DDP imawonetsetsa kuti zidziwitso zakuwopseza zimaperekedwa, malipoti amapangidwa, ndipo zochitika zachitetezo chazidziwitso zimayankhidwa zokha.
-
Poyambira kuwukira. Mu Chinyengo chamakono, misampha ndi nyambo zimayikidwa mkati mwa maukonde, osati kunja kwake (monga momwe zilili ndi uchi). Mtundu wotumizira wa decoy uwu umalepheretsa wowukira kuti asawagwiritse ntchito ngati chothandizira kuti aukire zida zenizeni zamakampani za IT. Mayankho apamwamba kwambiri agulu lachinyengo ali ndi kuthekera koyendetsa magalimoto, kotero mutha kutsogolera owukira onse kudzera pa intaneti yodzipereka mwapadera. Izi zikuthandizani kuti muwunike zomwe akuchita omwe akuukira popanda kuyika pachiwopsezo katundu wakampani.
-
Kukopa kwa "matekinoloje achinyengo". Kumayambiriro kwa chiwembucho, owukirawo amasonkhanitsa ndikusanthula zambiri zokhudzana ndi zomangamanga za IT, kenako ndikuzigwiritsa ntchito kuti ziyende mozungulira kudzera pamakampani. Mothandizidwa ndi "ukadaulo wachinyengo," wowukirayo adzagwadi mu "misampha" yomwe idzamutsogolere kutali ndi zinthu zenizeni za bungwe. DDP idzasanthula njira zomwe zingatheke kuti mupeze zidziwitso pa intaneti yamakampani ndikupatsa wowukirayo "zolinga zachinyengo" m'malo mwa zidziwitso zenizeni. Maluso awa anali kusowa kwambiri muukadaulo wa mphika wa uchi. (Onani Chithunzi 6).
Chinyengo VS Honeypot
Ndipo potsiriza, timafika pa mphindi yosangalatsa kwambiri ya kafukufuku wathu. Tidzayesa kuwunikira kusiyana kwakukulu pakati pa matekinoloje a Chinyengo ndi Honeypot. Ngakhale kufanana kwina, matekinoloje awiriwa akadali osiyana kwambiri, kuchokera ku lingaliro lofunikira mpaka kugwira ntchito bwino.
-
Malingaliro oyambira osiyanasiyana. Monga tidalembera pamwambapa, miphika ya uchi imayikidwa ngati "zonyenga" mozungulira katundu wamtengo wapatali wamakampani (kunja kwa intaneti yamakampani), poyesa kusokoneza omwe akuukira. Ukadaulo wa Honeypot udakhazikitsidwa pakumvetsetsa momwe bungwe limagwirira ntchito, koma miphika ya uchi imatha kukhala poyambira kuyambitsa kuwukira maukonde akampani. Ukadaulo wachinyengo umapangidwa poganizira momwe wowukirayo amawonera ndipo amakulolani kuti muzindikire kuwukira koyambirira, motero, akatswiri odziwa chitetezo amapeza mwayi wochulukirapo kuposa omwe akuwukirayo ndikupeza nthawi.
-
"Kukopa" VS "Chisokonezo". Mukamagwiritsa ntchito miphika ya uchi, kupambana kumadalira kukopa chidwi cha omwe akuukira ndikuwalimbikitsanso kuti asunthire ku chandamale mumphika wa uchi. Izi zikutanthauza kuti wowukirayo ayenerabe kufikira mphika wa uchi musanamuletse. Chifukwa chake, kukhalapo kwa owukira pamaneti kumatha kwa miyezi ingapo kapena kupitilira apo, ndipo izi zipangitsa kuti deta iwonongeke komanso kuwonongeka. Ma DDPs amatsanzira mwatsatanetsatane kapangidwe kake ka IT ka kampani; cholinga cha kukhazikitsa kwawo sikungokopa chidwi cha wowukira, koma kumusokoneza kuti awononge nthawi ndi chuma, koma osapeza chuma chenicheni cha kampaniyo. kampani.
-
"Limited scalability" VS "automatic scalability". Monga tanenera kale, miphika ya uchi ndi uchi zili ndi zovuta zokulitsa. Izi ndizovuta komanso zodula, ndipo kuti muwonjezere kuchuluka kwa miphika ya uchi mumakampani, muyenera kuwonjezera makompyuta atsopano, OS, kugula zilolezo, ndikugawa IP. Komanso, m'pofunikanso kukhala ndi anthu oyenerera kuti aziyang'anira machitidwewa. Mapulatifomu achinyengo amadzipangira okha ngati masikelo anu, popanda kuwongolera kwakukulu.
-
"Ziwerengero zambiri zabodza" VS "palibe zabodza". Chofunika kwambiri cha vutoli ndi chakuti ngakhale wogwiritsa ntchito wophweka akhoza kukumana ndi uchi, kotero "chotsika" cha teknolojiyi ndi chiwerengero chachikulu cha zolakwika, zomwe zimasokoneza akatswiri a chitetezo cha chidziwitso kuntchito yawo. "Nyambo" ndi "misampha" mu DDP zimabisidwa mosamala kwa wogwiritsa ntchito wamba ndipo zimangopangidwira wowukira, kotero chizindikiro chilichonse chochokera ku dongosolo loterolo ndi chidziwitso cha chiwopsezo chenicheni, osati zabodza.
Pomaliza
M'malingaliro athu, ukadaulo wa Chinyengo ndiwopambana kwambiri paukadaulo wakale wa Honeypots. M'malo mwake, DDP yakhala nsanja yotetezedwa yomwe ndiyosavuta kugwiritsa ntchito ndikuwongolera.
Mapulatifomu amakono a kalasiyi amagwira ntchito yofunikira pozindikira molondola ndikuyankha moyenera kuwopseza kwa maukonde, ndipo kuphatikiza kwawo ndi zigawo zina zachitetezo kumawonjezera kuchuluka kwa zodzichitira, kumawonjezera magwiridwe antchito komanso magwiridwe antchito azomwe zimachitika. Mapulatifomu achinyengo amachokera ku zowona, scalability, mosavuta kasamalidwe ndi kuphatikiza ndi machitidwe ena. Zonsezi zimapereka mwayi wofunikira pakufulumira kuyankha pazochitika zachitetezo chazidziwitso.
Komanso, kutengera kuwunika kwa pentests amakampani komwe nsanja ya Xello Deception idakhazikitsidwa kapena kuyendetsedwa, titha kunena kuti ngakhale akatswiri odziwa zambiri nthawi zambiri sangathe kuzindikira nyambo muukonde wamakampani ndikulephera akagwa misampha yomwe idayikidwa. Izi zimatsimikiziranso mphamvu ya Chinyengo ndi ziyembekezo zazikulu zomwe zimatsegulira ukadaulo uwu m'tsogolomu.
Kuyesa kwazinthu
Ngati muli ndi chidwi ndi nsanja ya Chinyengo, ndiye kuti ndife okonzeka .
Khalani tcheru kuti mumve zosintha zamakanema athu (, , , )!
Source: www.habr.com