Tangolingalirani mkhalidwe umenewu. Cold October m'mawa, malo opangira mapangidwe pakati pachigawo chimodzi cha zigawo za Russia. Wina wochokera ku dipatimenti ya HR amapita kutsamba limodzi lazantchito patsamba la sukuluyi, lolemba masiku angapo apitawa, ndikuwona chithunzi cha mphaka pamenepo. M'mawa ukutha msanga kukhala wotopetsa ...
M'nkhaniyi, a Pavel Suprunyuk, mutu waukadaulo wa dipatimenti yowona za kafukufuku ndi upangiri ku Gulu-IB, akulankhula za malo omenyera ufulu wa anthu pama projekiti omwe amawunika chitetezo chothandiza, ndi mitundu yanji yomwe angatenge, komanso momwe angadzitetezere ku izi. Wolembayo akufotokoza kuti nkhaniyi ndi yobwerezabwereza, komabe, ngati mbali iliyonse imakonda owerenga, akatswiri a Gulu-IB amayankha mosavuta mafunso mu ndemanga.
Gawo 1. Chifukwa chiyani chovuta kwambiri?
Tiyeni tibwerere kwa mphaka wathu. Patapita nthawi, dipatimenti ya HR imachotsa chithunzicho (zithunzi apa ndi pansipa zasinthidwa pang'ono kuti zisaulule mayina enieni), koma zimabwereranso, zimachotsedwanso, ndipo izi zimachitika kangapo. Dipatimenti ya HR imamvetsetsa kuti mphaka ali ndi zolinga zazikulu kwambiri, sakufuna kuchoka, ndipo amapempha thandizo kuchokera kwa wolemba mapulogalamu a pa intaneti - munthu amene adapanga malowa ndikumvetsetsa, ndipo tsopano akuyendetsa. Wopanga mapulogalamu amapita pamalowa, amachotsanso mphaka wokhumudwitsayo, apeza kuti idayikidwa m'malo mwa dipatimenti ya HR palokha, ndiye kuti akuganiza kuti mawu achinsinsi a dipatimenti ya HR adatsikira kwa zigawenga zapaintaneti, ndikuzisintha. Mphaka sakuwonekeranso.
Kodi chinachitika nβchiyani kwenikweni? Mogwirizana ndi gulu lamakampani omwe adaphatikiza nawo bungweli, akatswiri a Gulu-IB adayesa kulowa mkati mwamtundu womwe uli pafupi ndi Red Teaming (mwanjira ina, uku ndikutsanzira kuwukira komwe kampani yanu ikufuna kugwiritsa ntchito njira ndi zida zapamwamba kwambiri kuchokera ku zida zamagulu owononga). Tinakambirana mwatsatanetsatane za Red Teaming . Ndikofunikira kudziwa kuti poyesa mayeso otere, ziwopsezo zambiri zomwe zidagwirizana kale zitha kugwiritsidwa ntchito, kuphatikiza uinjiniya wa anthu. Zikuwonekeratu kuti kuyika kwa mphaka sikunali cholinga chachikulu cha zomwe zinali kuchitika. Ndipo zinali izi:
- tsamba la bungweli lidasungidwa pa seva mkati mwa netiweki ya bungwe lokha, osati pa ma seva a chipani chachitatu;
- Kutayikira mu akaunti ya dipatimenti ya HR kudapezeka (fayilo ya imelo yomwe ili pamizu yatsambalo). Zinali zosatheka kuyang'anira tsambalo ndi akauntiyi, koma zinali zotheka kusintha masamba a ntchito;
- Posintha masamba, mutha kuyika zolemba zanu mu JavaScript. Nthawi zambiri amapangitsa masamba kukhala olumikizana, koma muzochitika izi, zolemba zomwezo zitha kuba kuchokera kwa msakatuli wa mlendo zomwe zimasiyanitsa dipatimenti ya HR ndi wopanga mapulogalamu, komanso wopanga mapulogalamu ndi mlendo wosavuta - chozindikiritsa gawo patsambalo. Mphaka anali choyambitsa kuukira ndi chithunzi kuti akope chidwi. M'chinenero cholembera webusayiti ya HTML, zikuwoneka ngati izi: ngati chithunzi chanu chadzaza, JavaScript yachitika kale ndipo ID yanu yagawo, komanso zambiri za msakatuli wanu ndi adilesi ya IP, zabedwa kale.
- Ndi ID yobedwa ya gawo la oyang'anira, zitha kukhala zotheka kupeza mwayi wopezeka patsambalo, kulandila masamba omwe atha kukwaniritsidwa mu PHP, ndiye kuti mupeze mwayi wogwiritsa ntchito makina ogwiritsira ntchito seva, kenako ku netiweki ya komweko, chomwe chinali cholinga chapakati chapakati. polojekiti.
Kuwukirako kunapambana pang'ono: ID ya gawo la woyang'anira idabedwa, koma idamangidwa ku adilesi ya IP. Sitinathe kuchitapo kanthu; sitinathe kukweza maudindo athu pamasamba kuti akhale otsogolera, koma tidasintha malingaliro athu. Chotsatira chomaliza chinapezedwa mu gawo lina la network yozungulira.
Gawo 2. Ndikukulemberani - ndi chiyani china? Ndimayimbanso ndikukhala muofesi yanu, ndikugwetsa ma flash drive.
Zomwe zidachitika ndi mphaka ndi chitsanzo cha uinjiniya wamagulu, ngakhale sizodziwika bwino. M'malo mwake, panali zochitika zambiri m'nkhaniyi: panali mphaka, ndi bungwe, ndi dipatimenti ya ogwira ntchito, ndi wolemba mapulogalamu, koma panalinso maimelo omwe ali ndi mafunso omveka bwino omwe amati "otsatira" adalembera dipatimenti ya ogwira ntchito palokha komanso payekha. kwa wopanga mapulogalamu kuti awapangitse kupita patsamba latsambalo.
Kulankhula za makalata. Imelo wamba, mwina galimoto yayikulu yochitira uinjiniya, sinataye kufunika kwake kwazaka makumi angapo ndipo nthawi zina kumabweretsa zotsatira zachilendo kwambiri.
Nthawi zambiri timakamba nkhani yotsatirayi pazochitika zathu, chifukwa imawulula kwambiri.
Kawirikawiri, kutengera zotsatira za ntchito za chikhalidwe cha anthu, timapanga ziwerengero, zomwe, monga tikudziwira, ndi chinthu chouma komanso chotopetsa. Ambiri mwa omwe adalandira adatsegula chikalatacho, ambiri adatsatira ulalo, koma atatuwa adalemba dzina lawo lolowera ndi mawu achinsinsi. Mu pulojekiti imodzi, tidalandira mawu achinsinsi opitilira 100% omwe adalowetsedwa - ndiye kuti, zambiri zidatuluka kuposa zomwe tidatumiza.
Izi zidachitika motere: kalata yachinyengo idatumizidwa, yochokera ku CISO yabungwe la boma, yofuna "kuyesa mwachangu kusintha kwamakalata." Kalatayo inakafika kwa mkulu wa dipatimenti ina yaikulu yoona za chithandizo chaukadaulo. Woyangβanirayo anachita khama kwambiri potsatira malangizo ochokera kwa akuluakulu a boma ndipo anawatumiza kwa onse amene anali pansi pa ntchitoyo. Ma call center omwewo adakhala aakulu ndithu. Nthawi zambiri, nthawi zomwe wina amatumiza maimelo achinyengo "osangalatsa" kwa anzawo ndipo nawonso amagwidwa ndizochitika zofala. Kwa ife, iyi ndi ndemanga yabwino kwambiri pa khalidwe la kulemba kalata.
Pambuyo pake adazindikira za ife (kalatayo idatengedwa m'bokosi lamakalata):
Kupambana kwa chiwembucho kunali chifukwa choti kutumizako kunagwiritsa ntchito zolakwika zingapo pamakalata a kasitomala. Zinakonzedwa m'njira yoti zinali zotheka kutumiza makalata aliwonse m'malo mwa wotumiza aliyense wa bungwe lokha popanda chilolezo, ngakhale kuchokera pa intaneti. Ndiko kuti, mutha kudziyesa CISO, kapena mutu wa chithandizo chaukadaulo, kapena munthu wina. Komanso, mawonekedwe a makalata, poyang'ana makalata ochokera ku "domeni" yake, anaika mosamala chithunzi kuchokera m'buku la maadiresi, zomwe zinawonjezera mwachibadwa kwa wotumiza.
Kunena zowona, kuwukira koteroko siukadaulo wovuta kwambiri, koma ndikugwiritsa ntchito bwino zolakwika zoyambira pamakalata. Imawunikiridwa pafupipafupi pazapadera za IT komanso zida zotetezera zidziwitso, komabe, pali makampani omwe ali ndi zonsezi. Popeza palibe amene amafuna kuyang'anitsitsa mitu yautumiki ya SMTP mail protocol, kalata nthawi zambiri imafufuzidwa ngati "ngozi" pogwiritsa ntchito zizindikiro zochenjeza pamakina a makalata, zomwe sizimawonetsa chithunzi chonse nthawi zonse.
Chosangalatsa ndichakuti, kusatetezeka kofananako kumagwiranso ntchito mbali ina: wowukira amatha kutumiza imelo m'malo mwa kampani yanu kwa wolandila wina. Mwachitsanzo, akhoza kunamizira invoice kuti akulipirireni pafupipafupi, kuwonetsa zina m'malo mwanu. Kupatula nkhani zotsutsana ndi chinyengo ndi ndalama, iyi mwina ndi imodzi mwa njira zosavuta zobera ndalama kudzera muukadaulo wa chikhalidwe cha anthu.
Kuphatikiza pa kuba mawu achinsinsi kudzera pa phishing, kuwukira kwachikale kwa sociotechnical kumatumiza zomata zomwe zingagwiritsidwe ntchito. Ngati ndalamazi zigonjetsa njira zonse zotetezera, zomwe makampani amakono nthawi zambiri amakhala ndi zambiri, njira yolowera kutali idzapangidwa pakompyuta ya wozunzidwayo. Kuti muwonetse zotsatira za chiwonongeko, chowongolera chakutali chikhoza kupangidwa kuti mupeze zinsinsi zofunika kwambiri. Ndizofunikira kudziwa kuti ziwopsezo zambiri zomwe atolankhani amagwiritsa ntchito kuwopseza aliyense zimayamba chimodzimodzi.
Mu dipatimenti yathu yowerengera ndalama, kuti tisangalale, timawerengera ziwerengero: kodi ndalama zonse zamakampani zomwe tapezako Domain Administrator zitha bwanji, makamaka kudzera mwachinyengo komanso kutumiza zolumikizira zomwe zingagwiritsidwe ntchito? Chaka chino idafika pafupifupi ma euro 150 biliyoni.
N'zoonekeratu kuti kutumiza maimelo ochititsa chidwi ndi kutumiza zithunzi za amphaka pa mawebusaiti si njira zokhazo zopangira chikhalidwe cha anthu. M'zitsanzozi tayesera kusonyeza mitundu yosiyanasiyana ya kuukira ndi zotsatira zake. Kuphatikiza pamakalata, wowukirayo atha kuyimba foni kuti adziwe zambiri, amamwaza media (mwachitsanzo, ma drive flash) okhala ndi mafayilo omwe angathe kuchitika muofesi ya kampani yomwe akufuna, kupeza ntchito ngati wophunzira, kupeza mwayi wolumikizana ndi netiweki yakomweko. pansi pa chithunzi cha CCTV kamera installer. Zonsezi, mwa njira, ndi zitsanzo kuchokera kumapulojekiti omwe tamaliza bwino.
Gawo 3. Chiphunzitso ndi chopepuka, koma osaphunzira ali mdima
Funso lomveka limabuka: chabwino, pali uinjiniya wamagulu, zikuwoneka zowopsa, koma makampani ayenera kuchita chiyani pa zonsezi? Captain Obvious amabwera kudzapulumutsa: muyenera kudziteteza, komanso mwatsatanetsatane. Gawo lina lachitetezo lidzayang'ana njira zachitetezo zakale, monga njira zamakono zotetezera zidziwitso, kuyang'anira, kuthandizidwa ndi mabungwe ndizamalamulo, koma gawo lalikulu, m'malingaliro athu, liyenera kuwongolera ntchito ndi antchito ulalo wofooka kwambiri. Pambuyo pake, ziribe kanthu momwe mungalimbikitsire teknoloji kapena kulemba malamulo okhwima, nthawi zonse padzakhala wogwiritsa ntchito yemwe adzapeza njira yatsopano yowonongera chirichonse. Komanso, palibe malamulo kapena luso lamakono lomwe silingagwirizane ndi kuthawa kwa luso la wogwiritsa ntchito, makamaka ngati akulimbikitsidwa ndi wotsutsa woyenerera.
Choyamba, ndikofunikira kuphunzitsa wogwiritsa ntchito: fotokozani kuti ngakhale muntchito yake yanthawi zonse, zochitika zokhudzana ndi chikhalidwe cha anthu zimatha kuchitika. Kwa makasitomala athu nthawi zambiri timachita pa ukhondo wa digito - chochitika chomwe chimaphunzitsa maluso oyambira kuthana ndi ziwopsezo zambiri.
Nditha kuwonjezera kuti njira imodzi yabwino kwambiri yodzitetezera sikungakhale kuloweza malamulo achitetezo azidziwitso nkomwe, koma kuwunika momwe zinthu zilili mwatsatanetsatane:
- Wondiyankhula ndi ndani?
- Kodi pempho lake kapena pempho lake linachokera kuti (izi sizinachitikepo, ndipo tsopano zawonekera)?
- Chodabwitsa ndi chiyani pa pempholi?
Ngakhale mtundu wachilendo wa zilembo kapena kalankhulidwe kachilendo kwa wotumizayo angayambitse chikaiko chimene chingalepheretse kuukira. Malangizo operekedwa amafunikiranso, koma amagwira ntchito mosiyana ndipo sangathe kufotokoza zonse zomwe zingatheke. Mwachitsanzo, oyang'anira chitetezo chazidziwitso amalembamo kuti simungathe kuyika mawu anu achinsinsi pazinthu zamagulu ena. Nanga bwanji ngati "yanu", "kampani" network ikufuna mawu achinsinsi? Wogwiritsa akuganiza kuti: "Kampani yathu ili kale ndi ntchito khumi ndi ziwiri ndi akaunti imodzi, bwanji osakhala ndi ina?" Izi zimatsogolera ku lamulo lina: ntchito yokonzedwa bwino imakhudzanso chitetezo mwachindunji: ngati dipatimenti yoyandikana nayo ingakufunseni zambiri polemba komanso kudzera mwa manejala wanu, munthu "kuchokera kwa bwenzi lodalirika la kampani" sangakhalepo. wokhoza kuzipempha pafoni - izi ndi zanu zidzakhala zopanda pake. Muyenera kukhala osamala makamaka ngati wofunsira wanu akufuna kuchita chilichonse pompano, kapena "ASAP", chifukwa kulemba ndikosavuta. Ngakhale ntchito yabwinobwino, izi nthawi zambiri sizikhala zathanzi, ndipo poyang'anizana ndi ziwonetsero zomwe zingatheke, zimakhala zoyambitsa mwamphamvu. Palibe nthawi yofotokozera, yendetsani fayilo yanga!
Timazindikira kuti ogwiritsa ntchito nthawi zonse amakhala ngati nthano zakuukira kwa chikhalidwe cha anthu ndi mitu yokhudzana ndi ndalama mwanjira ina: malonjezo okweza, zokonda, mphatso, komanso zidziwitso zokhala ndi miseche ndi ziwembu zakomweko. Mwanjira ina, banal "machimo akupha" akugwira ntchito: ludzu lopeza phindu, umbombo komanso chidwi chochulukirapo.
Maphunziro abwino nthawi zonse ayenera kukhala ndi chizolowezi. Apa ndipamene akatswiri oyezetsa kulowa angabwere kudzathandiza. Funso lotsatira ndilakuti: tidzayesa chiyani ndipo tidzayesa bwanji? Ife ku Gulu-IB tikupereka njira zotsatirazi: nthawi yomweyo sankhani zomwe mukufuna kuyesa: mwina muone kuti ndinu okonzeka kuzunzidwa ndi ogwiritsa ntchito okha, kapena fufuzani chitetezo cha kampani yonse. Ndipo yesani kugwiritsa ntchito njira zamaumisiri, kutengera kuukira kwenikweni - ndiko kuti, kubisa komweko, kutumiza zikalata zomwe zingatheke, mafoni ndi njira zina.
Pachiyambi choyamba, kuukirako kumakonzedwa mosamala pamodzi ndi oimira makasitomala, makamaka ndi IT ndi akatswiri a chitetezo cha chidziwitso. Nthano, zida ndi njira zowukira zimagwirizana. Makasitomala mwiniwake amapereka magulu owunikira komanso mndandanda wa ogwiritsa ntchito omwe amawukiridwa, omwe amaphatikiza onse ofunikira. Kupatulapo kumapangidwa pazitetezo, popeza mauthenga ndi katundu wokhoza kuchitidwa ziyenera kufika kwa wolandira, chifukwa mu polojekiti yotereyi ndi zomwe anthu amachita ndi chidwi. Mwachidziwitso, mutha kuphatikiza zolembera pakuwukira, zomwe wogwiritsa ntchito angaganize kuti uku ndikuwukira - mwachitsanzo, mutha kupanga zolakwika zingapo m'mauthenga kapena kusiya zolakwika pakukopera kalembedwe kakampani. Pamapeto pa ntchitoyi, "ziwerengero zowuma" zomwezo zimapezedwa: ndi magulu ati omwe adayankhapo pazochitikazo komanso mpaka kufika pati.
Chachiwiri, kuukira kumachitika ndi chidziwitso choyambirira cha zero, pogwiritsa ntchito njira ya "black box". Timasonkhanitsa patokha zidziwitso za kampaniyo, ogwira nawo ntchito, ma network ozungulira, kupanga nthano zowukira, kusankha njira, kuyang'ana njira zotetezera zomwe zimagwiritsidwa ntchito pakampani yomwe tikufuna, sinthani zida, ndikupanga zochitika. Akatswiri athu amagwiritsa ntchito njira zanzeru zanzeru (OSINT) komanso zopangidwa ndi Gulu-IB - Threat Intelligence, dongosolo lomwe, pokonzekera chinyengo, limatha kukhala ngati likuphatikiza zambiri zamakampani kwa nthawi yayitali, kuphatikiza zidziwitso zachinsinsi . Inde, kuti kuukirako kusakhale kudabwitsa kosasangalatsa, tsatanetsatane wake amavomerezanso ndi kasitomala. Zimakhala zoyeserera zolowera kwathunthu, koma zidzakhazikitsidwa ndiukadaulo wapamwamba wamagulu. Njira yomveka pankhaniyi ndikukulitsa kuukira mkati mwa maukonde, mpaka kupeza ufulu wapamwamba kwambiri mu machitidwe amkati. Mwa njira, momwemonso timagwiritsa ntchito kuukira kwa sociotechnical mu , ndi m'mayeso ena olowera. Zotsatira zake, kasitomala adzalandira masomphenya odziyimira pawokha achitetezo chawo motsutsana ndi mtundu wina wa kuukira kwa sociotechnical, komanso chiwonetsero champhamvu (kapena, mosiyana, kusagwira ntchito) kwa mzere wodzitchinjiriza motsutsana ndi ziwopsezo zakunja.
Timalimbikitsa kuchita maphunzirowa osachepera kawiri pachaka. Choyamba, mu kampani iliyonse pali kusintha kwa ogwira ntchito ndipo zochitika zam'mbuyomu zimayiwalika pang'onopang'ono ndi antchito. Kachiwiri, njira ndi njira zowukira zikusintha nthawi zonse ndipo izi zimapangitsa kuti pakhale kufunikira kosintha njira zachitetezo ndi zida zoteteza.
Ngati tilankhula za njira zaukadaulo zodzitetezera ku ziwopsezo, zotsatirazi ndizothandiza kwambiri:
- Kukhalapo kwa kutsimikizika kwazinthu ziwiri zovomerezeka pazantchito zofalitsidwa pa intaneti. Kutulutsa mautumikiwa mu 2019 popanda machitidwe a Single Sign On, popanda chitetezo ku mphamvu yankhanza yachinsinsi komanso popanda kutsimikizika pazifukwa ziwiri pagulu la anthu mazana angapo ndizofanana ndi kuyitanidwa kuti "ndiswe." Chitetezo chokhazikitsidwa bwino chidzapangitsa kuti kugwiritsa ntchito mawu achinsinsi kubedwa kukhala kosatheka ndipo kudzapereka nthawi kuti athetse zotsatira za chiwembu cha phishing.
- Kuwongolera kuwongolera mwayi wopezeka, kuchepetsa ufulu wa ogwiritsa ntchito pamakina, ndikutsatira malangizo okonzekera zotetezedwa zomwe zimatulutsidwa ndi wopanga wamkulu aliyense. Izi nthawi zambiri zimakhala zosavuta m'chilengedwe, koma zothandiza kwambiri komanso zovuta kuzitsatira, zomwe aliyense, kumlingo wina, amanyalanyaza chifukwa cha liwiro. Ndipo zina ndizofunika kwambiri kotero kuti popanda iwo palibe njira zodzitetezera zomwe zingapulumutse.
- Mzere wosefera wamaimelo wopangidwa bwino. Antispam, kusanthula kwathunthu kwa zomata za code yoyipa, kuphatikiza kuyesa kwamphamvu kudzera m'mabokosi a mchenga. Kuwukira kokonzekera bwino kumatanthauza kuti cholumikizira chomwe chingathe kuchitika sichidzazindikirika ndi zida za antivayirasi. Bokosi la mchenga, mosiyana, lidzayesa chirichonse palokha, pogwiritsa ntchito mafayilo mofanana ndi momwe munthu amawagwiritsira ntchito. Zotsatira zake, gawo loyipa lomwe lingatheke lidzawululidwa ndi kusintha komwe kumachitika mkati mwa sandbox.
- Njira zodzitetezera ku zigawenga zomwe zikufuna. Monga tanenera kale, zida za antivayirasi zapamwamba sizingazindikire mafayilo oyipa ngati atakonzekera bwino. Zogulitsa zapamwamba kwambiri ziyenera kuyang'anira zonse zomwe zikuchitika pa intaneti - pamlingo wa munthu yemwe ali ndi chidwi komanso kuchuluka kwa magalimoto pamaneti. Pankhani ya kuukiridwa, maunyolo odziwika kwambiri amawonekera omwe amatha kutsatiridwa ndikuyimitsidwa ngati mumayang'ana kwambiri zochitika zamtunduwu.
Nkhani yoyamba m'magazini ya "Information Security/ Information Security" #6, 2019.
Source: www.habr.com