Honeypot vs Kunyengedza uchishandisa Xello semuenzaniso

Patova nezvinyorwa zvakati wandei paHabré nezve Honeypot uye Deception tekinoroji (1 chinyorwa, 2 chinyorwa) Nekudaro, isu tichiri kutarisana nekusanzwisisa kwemutsauko uripo pakati peaya makirasi emidziyo yekudzivirira. Nokuda kweizvi, vatinoshanda navo kubva Mhoro Deception (yekutanga mugadziri weRussia Platform Deception) akasarudza kutsanangura zvakadzama misiyano, zvakanakira uye magadzirirwo ezvigadziriso izvi.

Ngationei kuti "uchi" uye "unyengeri" chii:

"Matekinoroji ehunyengeri" akaonekwa pamusika wekuchengetedza ruzivo nguva pfupi yadarika. Nekudaro, dzimwe nyanzvi dzichiri kufunga Chengetedzo Yekunyengedza sezvingori zvehuchi.

Muchinyorwa chino tichaedza kuratidza zvose zvakafanana uye kusiyana kwakakosha pakati pemhinduro mbiri idzi. Muchikamu chekutanga, tichataura nezvehuchi, kuti tekinoroji iyi yakagadziridzwa sei uye ndezvipi zvakanakira nekuipira. Uye muchikamu chechipiri, isu tichagara zvakadzama pamisimboti yekushanda kwemapuratifomu ekugadzira dhizaini yakagoverwa ye decoys (Chirungu, Distributed Deception Platform - DDP).

Nheyo yakakosha iri pasi pehuchi kugadzira misungo yevanobira. Mazano ekutanga eDeception akagadzirwa pamusimboti mumwe chete. Asi maDDP emazuva ano akanyanya kukwirira kune huchi, zvese mukushanda uye kugona. Mapuratifomu ehunyengeri anosanganisira: decoys, misungo, zvinokwezva, maapplication, data, dhatabhesi, Active Directory. MaDDP emazuva ano anogona kupa masimba ane simba ekutyisidzira, kuongororwa kwekurwisa, uye mhinduro otomatiki.

Saka, Kunyengedza inzira yekufananidza bhizinesi reIT zvivakwa uye vanotsausa hacker. Nekuda kweizvozvo, mapuratifomu akadaro anoita kuti zvikwanise kumisa kurwiswa kusati kwakonzera kukanganisa kukuru kumidziyo yekambani. Honeypots, hongu, haina basa rakakura kudaro uye nhanho yeautomation, saka kushandiswa kwavo kunoda hunyanzvi kubva kuvashandi vezvekuchengetedza ruzivo madhipatimendi.

1. Mapoto, Huchi uye Sandboxing: chii uye mashandisirwo aanoitwa

Izwi rekuti "honeypots" rakatanga kushandiswa muna 1989 mubhuku raClifford Stoll "The Cuckoo's Egg", iro rinotsanangura zviitiko zvekuronda mubiki paLawrence Berkeley National Laboratory (USA). Pfungwa iyi yakaitwa muna 1999 naLance Spitzner, nyanzvi yezvekuchengetedza ruzivo kuSun Microsystems, akatanga chirongwa chetsvakiridzo yeHoneynet Project. Mapoto ekutanga ehuchi aive akanyanya kushandisa zviwanikwa, zvakaoma kumisikidza nekuchengetedza.

Ngatinyatsoongororai kuti chii honeypots и huchi. Honeypots ndevamwe mauto ane chinangwa chekukwezva vanorwisa kuti vapinde muhutano hwekambani uye kuedza kuba data inokosha, pamwe nekuwedzera nzvimbo yekuvhara network. Honeypot (inoshandurwa kuti "dhiramu reuchi") iseva yakakosha ine seti yeakasiyana masevhisi etiweki uye mapuroteni, akadai seHTTP, FTP, nezvimwe. (ona mufananidzo 1).

Kana ukabatanidza akati wandei honeypots mumambure, ipapo tichawana hurongwa hunobudirira huchi, inova yekutevedzera yekambani yekambani network (web server, faira server, uye zvimwe zvikamu zvetiweki). Iyi mhinduro inobvumidza iwe kuti unzwisise zano revanorwisa uye kuvarasisa. Chimiro chehuchi, sekutonga, chinoshanda pamwe chete netiweki yebasa uye yakasununguka zvachose kubva pairi. "Netiweki" yakadaro inogona kubudiswa paInternet kuburikidza nechiteshi chakasiyana; imwe yakasiyana ye IP kero inogonawo kugoverwa nokuda kwayo (ona mufananidzo 2).

Pfungwa yekushandisa uchi ndeyekuratidza hacker kuti anofungidzirwa kuti akapinda mumusangano wekambani yekambani; chaizvoizvo, munhu anorwisa ari "munzvimbo yakazvimiririra" uye pasi pekutariswa kwepedyo kwenyanzvi dzekuchengetedza ruzivo (ona mufananidzo 3).

Pano tinodawo kutaura chishandiso chakadai se "sandbox"(Chirungu, sandbox), iyo inobvumira vanorwisa kuisa uye kumhanyisa malware munzvimbo iri kure uko IT inogona kutarisa zviitiko zvavo kuti vaone njodzi dzinogona kuitika uye kutora matanho akakodzera. Parizvino, sandboxing inowanzoitwa pamichina yakatsaurirwa chaiyo pane chaiyo host host. Zvisinei, zvinofanira kucherechedzwa kuti sandboxing inongoratidza kuti zvirongwa zvine ngozi uye zvakaipa sei, nepo uchi uchibatsira nyanzvi kuongorora maitiro e“vatambi vane ngozi.”

Kubatsira kuri pachena kwehuchi ndeyekuti vanotsausa vanorwisa, vachiparadza simba ravo, zviwanikwa uye nguva. Nekuda kweizvozvo, pachinzvimbo chezvinangwa chaizvo, vanorwisa nhema uye vanogona kumisa kurwisa network pasina kuwana chero chinhu. Kazhinji kacho, tekinoroji tekinoroji inoshandiswa mumasangano ehurumende nemakambani makuru, masangano emari, sezvo izvi zviri zvimiro zvinozove zvinangwa zvekurwisa kukuru kwecyber. Nekudaro, mabhizinesi madiki nepakati (SMBs) anodawo maturusi anoshanda kudzivirira zviitiko zvekuchengetedza ruzivo, asi huchi muchikamu cheSMB hahusi nyore kushandisa nekuda kwekushaikwa kwevashandi vanokwanisa kuita basa rakaoma kudaro.

Kuganhurirwa kweHoneypots neHoneynets Solutions

Sei mapoto nehuchi asiri iwo akanakisa mhinduro dzekurwisa kurwiswa nhasi? Zvinofanira kucherechedzwa kuti kurwiswa kuri kuramba kuchikura, kuomarara kwehunyanzvi uye kunokwanisa kukonzera kukuvadza kwakakomba kuhurongwa hweIT hwesangano, uye cybercrime yasvika padanho rakasiyana zvachose uye inomiririra yakarongeka yakarongeka mabhizinesi emumvuri ane zviwanikwa zvese zvinodiwa. Kune izvi zvinofanirwa kuwedzerwa "human factor" (zvikanganiso musoftware uye zvigadziriso zvehardware, zviito zvevari mukati, nezvimwewo), saka kushandisa tekinoroji chete kudzivirira kurwiswa hakuchakwane panguva ino.

Pazasi isu tinonyora mipimo mikuru uye kuipa kwehuchi (huchi):

1. Honeypots dzakagadzirwa kuti dzione kutyisidzira kuri kunze kweiyo corporate network, inoitirwa kuongorora maitiro evanorwisa uye haina kugadzirirwa kukurumidza kupindura kutyisidzira.

2. Vanorwisa, sekutonga, vakatodzidza kuziva emulated masisitimu uye kudzivirira huchi.

3. Huchi (honeypots) dzine huwandu hwakaderera hwekudyidzana uye kudyidzana nemamwe masisitimu ekuchengetedza, semhedzisiro iyo, uchishandisa huchi, zvakaoma kuwana ruzivo rwakadzama nezve kurwiswa nevanorwisa, uye nekudaro kupindura zvinobudirira uye nekukurumidza kune ruzivo rwekuchengetedza zviitiko. . Zvakare, nyanzvi dzekuchengetedza ruzivo dzinogamuchira huwandu hukuru hwekutyisidzira kwenhema.

4. Mune zvimwe zviitiko, ma hackers anogona kushandisa honeypot yakakanganiswa sepokutangira kuti vaenderere mberi nekurwisa kwavo network yesangano.

5. Matambudziko anowanzo kumuka nekusarudzika kwehuchi, hukuru hwekushanda uye kugadziridzwa kweakadaro masisitimu (inoda nyanzvi dzakanyatso hunyanzvi, haina yakanakira manejimendi interface, nezvimwewo). Kune matambudziko makuru ekuisa huchi munzvimbo dzakakosha seIoT, POS, cloud systems, nezvimwe.

2. Tekinoroji yekunyengedza: zvakanakira uye nheyo dzekutanga dzekushandisa

Sezvo tadzidza zvose zvakanakira uye zvisingabatsiri zvehuchi, tinosvika pakugumisa kuti nzira itsva yakakwana yekupindura kune zviitiko zvekuchengetedza ruzivo inodiwa kuitira kuti tive nemhinduro yekukurumidza uye yakakwana kune zviito zvevanorwisa. Uye mhinduro yakadaro ndiyo teknolojia Cyber ​​​​hunyengeri (Chengetedzo yekunyengera).

Izwi rekuti "Cyber ​​​​deception", "Security deception", "Deception tekinoroji", "Distributed Deception Platform" (DDP) ichangoburwa uye yakaonekwa kwete kare kare. Asi izvo, ese aya mazwi anoreva kushandiswa kwe "tekinoroji yekunyengedza" kana "matekinoroji ekuteedzera IT zvivakwa uye disinformation yevanorwisa." Iwo akareruka Kunyengedza mhinduro kuvandudzwa kwemafungiro ehuchi, chete padanho repamusoro retekinoroji, iro rinosanganisira otomatiki yakakura yekuona kutyisidzira uye kupindura kwavari. Zvisinei, pane zvatove zvakakomba DDP-class solutions pamusika izvo zviri nyore kuisa uye kuyera, uyewo ane arsenal yakakomba ye "misungo" uye "zviredzo" zvevanorwisa. Semuyenzaniso, Kunyengedza kunokubvumira kuti utevedzere zvivakwa zveIT zvinhu zvakaita sedhatabhesi, nzvimbo dzekushandira, marouters, switch, maATM, maseva uye SCADA, midziyo yekurapa uye IoT.

Iyo Distributed Deception Platform inoshanda sei? Mushure mekushandiswa kweDDP, sangano reIT yesangano richavakwa sekunge kubva kune maviri akaturikidzana: yekutanga layer ndiyo chaiyo yezvigadzirwa zvekambani, uye yechipiri inzvimbo "yakatevedzerwa" inosanganisira decoys uye mabheti. pane chaiyo yemuviri network zvishandiso (ona Fig. 4).

Semuenzaniso, munhu anorwisa anogona kuwana dhatabhesi remanyepo ane "magwaro ezvakavanzika", magwaro ekunyepa evanofungidzirwa kuti "vashandisi vane rombo" - zvese izvi zvinyengeri zvinogona kufarira vanotyora, zvichibva zvatsausa pfungwa dzavo kubva kuruzivo rwechokwadi rwekambani (ona Mufananidzo 5).

DDP chigadzirwa chitsva pamusika wekuchengetedza zvigadzirwa; mhinduro idzi dzinongori makore mashoma uye kusvika pari zvino chete chikamu chemakambani chinokwanisa kuzvipa. Asi mabhizinesi madiki uye epakati nepakati achakwanisawo kutora mukana weKunyengedza nekurenda DDP kubva kune vane hunyanzvi vanopa "sevhisi." Iyi sarudzo yakatonyanya nyore, sezvo pasina chikonzero chevashandi vako vane hunyanzvi.

Mabhenefiti makuru eDeception tekinoroji anoratidzwa pazasi:

• Chokwadi (uchokwadi). Tekinoroji yehunyengeri inokwanisa kuburitsa yechokwadi chaiyo IT nharaunda yekambani, zvine hunyanzvi kutevedzera masisitimu anoshanda, IoT, POS, masisitimu akasarudzika (yekurapa, maindasitiri, nezvimwewo), masevhisi, maapplication, zvitupa, nezvimwe. Decoys yakanyatso kusanganiswa nenzvimbo yekushanda, uye anorwisa haazokwanisi kuvaziva sehuchi.

• Kutevedzera. DDPs vanoshandisa kudzidza muchina (ML) mubasa ravo. Nerubatsiro rweML, nyore, kuchinjika muzvigadziro uye kugona kwekuita kweKunyengedza kunovimbiswa. "Misungo" uye "decoys" inovandudzwa nekukasira, ichikwevera munhu anorwisa mu "nhema" yekambani IT zvivakwa, uye panguva ino, masisitimu ekuongorora epamusoro akavakirwa pahuchenjeri hwekugadzira anogona kuona zviito zvevabiki nekuvadzivirira (semuenzaniso, edza kuwana Active Directory yakavakirwa chitsotsi maakaundi).

• Kusununguka kwekushanda. Mazuva ano Distributed Deception Platforms ari nyore kuchengetedza uye kubata. Iwo anowanzo tungamirirwa kuburikidza nemunharaunda kana gore console, ine kubatanidza kugona nekambani SOC (Security Operations Center) kuburikidza neAPI uye nezvakawanda zviripo zvekuchengetedza. Kugadziriswa uye kushanda kweDDP hakudi masevhisi ehunyanzvi hwekuchengetedza ruzivo ruzivo.

• Kukwanisika. Chengetedzo yekunyengera inogona kuisirwa mune yemuviri, chaiyo uye makore nharaunda. DDPs inoshandawo zvinobudirira neakasarudzika nharaunda seIoT, ICS, POS, SWIFT, nezvimwe. Yepamberi Yehunyengeri mapuratifomu anogona kuronga "matekinoroji ehunyengeri" mumahofisi ari kure nenzvimbo dzakasarudzika, pasina kudiwa kwekuwedzera kuzere kwepuratifomu.

• Kubatana. Kushandisa zvidhori zvine simba uye zvinokwezva izvo zvinoenderana neanoshanda masisitimu uye zvine hungwaru zvakaiswa pakati peiyo chaiyo IT zvivakwa, iyo Deception platform inounganidza ruzivo rwakakura nezveanorwisa. DDP inobva yaona kuti chenjedzo dzekutyisidzira dzinofambiswa, mishumo inogadzirwa, uye zviitiko zvekuchengetedza ruzivo zvinopindurwa otomatiki.

• Kutanga nzvimbo yekurwisa. Mukunyengera kwemazuva ano, misungo uye mabheti akaiswa mukati mehutano hwemambure, pane kunze kwayo (sezvakaita nehoneypots). Iyi decoy deployment modhi inodzivirira anorwisa kubva kuvashandisa senzvimbo yekusimudza kurwisa iyo kambani chaiyo IT zvivakwa. Dzimwe mhinduro dzepamberi dzekirasi yeDeception dzine kugona kwetraffic routing, saka iwe unogona kutungamira vese vanorwisa traffic kuburikidza neyakazvitsaurira yekubatanidza. Izvi zvinokutendera kuti uongorore chiitiko chevanorwisa pasina kuisa njodzi zvinhu zvakakosha zvekambani.

• Kunyengetedza kwe "tekinoroji dzekunyengera". Padanho rekutanga rekurwiswa, vanorwisa vanounganidza uye kuongorora data nezve IT zvivakwa, vobva vaishandisa kufamba yakatwasuka kuburikidza netiweki yemakambani. Nekubatsirwa kwe "technologies yekunyengera," uyo anorwisa zvechokwadi achawira mu "misungo" iyo ichamutungamirira kubva kune chaiyo pfuma yesangano. DDP ichaongorora nzira dzinogona kuwanikwa dzekuwana zvitupa pane network yekambani uye kupa anorwisa "decoy targets" pachinzvimbo chezvitupa chaizvo. Aya masimba aive achishaikwa zvakanyanya muhuchi tekinoroji. (Ona Mufananidzo 6).

Kunyengedza VS Honeypot

Uye pakupedzisira, tinouya kune inonakidza nguva yekutsvagisa kwedu. Tichaedza kuratidza misiyano mikuru pakati peDeception uye Honeypot tekinoroji. Pasinei nekumwe kufanana, matekinoroji maviri aya achiri akasiyana zvakanyanya, kubva kune yakakosha pfungwa kusvika pakushanda zvakanaka.

1. Mazano ekutanga akasiyana. Sezvatakanyora pamusoro apa, huchi hunoiswa se "decoys" kumativi anokosha emakambani ehupfumi (kunze kwekambani yekambani), nokudaro kuedza kukanganisa vanorwisa. Tekinoroji yehuchi yakavakirwa pakunzwisisa kwezvivakwa zvesangano, asi mapoto anogona kuve pekutangira kutangisa kurwisa network yekambani. Tekinoroji yehunyengeri inogadzirwa uchifunga nezveanorwisa uye inobvumidza iwe kuona kurwiswa uchiri nhanho, nekudaro, nyanzvi dzekuchengetedza ruzivo dzinowana mukana wakakura pane vanorwisa uye kuwana nguva.

2. "Kukwezva" VS "Kuvhiringidzika". Paunenge uchishandisa mapoto, kubudirira kunoenderana nekukwezva kutarisa kwevanorwisa uye kuwedzera kuvakurudzira kuti vaende kune chinangwa chiri muhari yeuchi. Izvi zvinoreva kuti munhu anenge amurwisa anofanira kuramba asvika pahari yehuchi usati wamumisa. Nekudaro, kuvepo kwevanorwisa kunetiweki kunogona kugara kwemwedzi yakati wandei kana kupfuura, uye izvi zvinotungamira mukudonha kwedata uye kukuvara. DDPs zvine mutsindo kutevedzera chaiyo IT zvivakwa zvekambani; chinangwa chekuita kwavo hachisi chekukwezva kutarisa kweanorwisa, asi kumuvhiringa kuti aparadze nguva uye zviwanikwa, asi haawane mukana weiyo chaiyo midziyo. kambani.

3. "Limited scalability" VS "otomatiki scalability". Sezvambotaurwa, mapoto nehuchi zvine nyaya dzekuyera. Izvi zvakaoma uye zvinodhura, uye kuti uwedzere huwandu hwehuchi muhurongwa hwekambani, iwe uchafanirwa kuwedzera makomputa matsva, OS, kutenga marezinesi, uye kugovera IP. Zvakare, zvinodikanwa zvakare kuve nevashandi vanokwanisa kubata masisitimu akadai. Mapuratifomu ehunyengeri anongozvitumira sechikero chako chezvivakwa, pasina kukosha kwepamusoro.

4. "Nhamba huru yenhema" VS "hapana manyepo enhema". Chinokosha chechinetso ndechokuti kunyange mushandisi ari nyore anogona kusangana nehochi yehuchi, saka "pasi" yekombiyuta iyi nhamba yakawanda yezvinyorwa zvenhema, izvo zvinokanganisa nyanzvi dzekuchengetedza ruzivo kubva kubasa ravo. "Baits" uye "misungo" muDDP yakanyatsovanzwa kubva kune avhareji yevashandisi uye inogadzirirwa chete kune anorwisa, saka chiratidzo chega chega chinobva kuhurongwa hwakadaro chiziviso chekutyisidzira kwechokwadi, uye kwete nhema.

mhedziso

Semaonero edu, tekinoroji yehunyengeri igadziriso huru pane yekare Honeypots tekinoroji. Muchidimbu, DDP yave yakazara kuchengetedza chikuva chiri nyore kuendesa uye kubata.

Mapuratifomu echimanjemanje ekirasi ino anoita basa rakakosha mukuona nemazvo uye kupindura zvine mutsindo kunetiweki kutyisidzirwa, uye kubatanidzwa kwavo nezvimwe zvikamu zvekuchengetedza stack kunowedzera mwero we automation, kunowedzera kugona uye kushanda kwechiitiko chemhinduro. Mapuratifomu ekunyengedza akavakirwa pachokwadi, scalability, kusununguka kwekutonga uye kubatanidzwa nemamwe masisitimu. Zvese izvi zvinopa mukana wakakura mukumhanya kwekupindura kune zviitiko zvekuchengetedza ruzivo.

Zvakare, zvichibva pakucherechedzwa kwemapentest emakambani uko Xello Deception chikuva chakaitwa kana kuedzerwa, tinogona kutora mhedziso dzekuti kunyangwe mapentester ane ruzivo kazhinji haagone kuziva chirauro mumambure emakambani uye vanokundikana pavanowira kumisungo yakatarwa. Ichi chokwadi chinosimbisa zvakare kushanda kweKunyengedza uye tarisiro huru inovhura tekinoroji iyi mune ramangwana.

Kuongororwa kwechigadzirwa

Kana iwe uchifarira papuratifomu yeDeception, saka isu takagadzirira itisa kuongororwa kwakabatana.

Garai makamirirwa kuti muwane zvigadziriso mumachaneli edu (teregiramu, Facebook, VK, TS Solution Blog)!

Source: www.habr.com