Takava nemusi wa 4 July mukuru . Nhasi tiri kuburitsa chinyorwa chekutaura kwaAndrey Novikov kubva kuQualys. Iye achakuudza matanho aunofanira kupfuura nawo kuti uvake vulnerability management workflow. Spoiler: tichangosvika pakati penzira tisati tatarisa.
Nhanho #1: Sarudza iyo yekukura mwero wekusagadzikana kwako manejimendi maitiro
Pakutanga, iwe unofanirwa kunzwisisa kuti sangano rako riri padanho ripi maererano nekukura kwematanho aro ekutonga kwenjodzi. Chete mushure meizvi iwe uchakwanisa kunzwisisa kwaunofamba uye kuti ndeapi matanho anofanirwa kutorwa. Asati atanga ma scan uye zvimwe zviitiko, masangano anofanirwa kuita rimwe basa remukati kuti anzwisise maitiro ako azvino akaumbwa kubva kuIT uye ruzivo rwekuchengetedza ruzivo.
Edza kupindura mibvunzo yakakosha:
- Iwe une maitiro ekugadzira uye kurongedza asset;
- Iko nguva yakawanda sei iyo IT infrastructure inoongororwa uye ndiyo yose zvivako zvakavharwa, unoona mufananidzo wose;
- Zviwanikwa zvako zveIT zvinotariswa here?
- Pane chero KPIs inoshandiswa mumaitiro ako uye unonzwisisa sei kuti ari kusangana;
- Maitiro ese aya akanyorwa here?
Nhanho #2: Ita shuwa Yakazara Infrastructure Coverage
Iwe haugone kuchengetedza zvausingazive nezvazvo. Kana iwe usina mufananidzo wakazara weiyo yako IT magadzirirwo akagadzirwa, haugone kuidzivirira. Zvivakwa zvemazuva ano zvakaoma uye zvinogara zvichichinja kuwanda uye nemhando.
Ikozvino iyo IT masisitimu haina kungoenderana neakawanda tekinoroji tekinoroji (nzvimbo dzekushandira, maseva, chaiwo muchina), asiwo pane zvinyowani - midziyo, microservices. Iyo ruzivo rwekuchengetedza sevhisi iri kutiza kubva kune yekupedzisira munzira dzese dzinogoneka, nekuti zvakanyanya kuoma kuti ishande navo uchishandisa iripo maturusi seti, ayo anosanganisira kunyanya ma scanner. Dambudziko nderekuti chero scanner haigone kuvhara zvese zvivakwa. Kuti scanner isvike chero node mune zvivakwa, zvinhu zvakati wandei zvinofanirwa kuenderana. Iyo asset inofanirwa kunge iri mukati mechikamu chesangano panguva yekuongororwa. Iyo scanner inofanirwa kunge iine network yekuwana zvinhu uye maakaundi avo kuitira kuti utore ruzivo rwakakwana.
Zvinoenderana nenhamba dzedu, kana zvasvika kumasangano epakati kana makuru, ingangoita 15-20% yezvivakwa haina kutorwa ne scanner nechikonzero chimwe kana chimwe: asset yafamba kupfuura perimeter kana kusamboonekwa muhofisi zvachose. Semuyenzaniso, laptop yemushandi anoshanda arikure asi achingokwanisa kuwana kune network yemakambani, kana asset iri mune ekunze cloud services seAmazon. Uye scanner, ingangoita, haizozive chero chinhu nezvezvinhu izvi, sezvo zviri kunze kwenzvimbo yayo yekuona.
Kuti uvhare zvivakwa zvese, haufanirwe kushandisa ma scanner chete, asi seti yese ye sensors, kusanganisira passive traffic yekuteerera matekinoroji kuti uone zvishandiso zvitsva mune yako masikirwo, agent data yekuunganidza nzira yekugamuchira ruzivo - inobvumidza iwe kugamuchira data online, pasina. kudiwa kwekuongorora, pasina kuburitsa magwaro.
Nhanho #3: Rongedza Assets
Haasi zvinhu zvese zvinogadzirwa zvakaenzana. Ibasa rako kuona kuti ndezvipi midziyo yakakosha uye isingakoshi. Hapana chishandiso, senge scanner, chinokuitira izvi. Nenzira yakanaka, kuchengetedza ruzivo, IT uye bhizinesi zvinoshanda pamwe chete kuongorora zvivakwa kuti zvione bhizinesi-akakosha masisitimu. Kwavari, ivo vanosarudza metrics inogamuchirwa yekuwanika, kutendeseka, kuvanzika, RTO/RPO, nezvimwe.
Izvi zvichakubatsira iwe kukoshesa yako vulnerability management process. Kana nyanzvi dzako dzichigamuchira data pamusoro pekusagadzikana, harizove pepa rine zviuru zvekusagadzikana pane zvese zvivakwa, asi ruzivo rwegranular uchifunga nezve kutsoropodza masisitimu.
Nhanho #4: Ita Infrastructure Assessment
Uye chete padanho rechina ndipo patinosvika pakuongorora zvivakwa kubva pakuona kwekusagadzikana. Panguva ino, isu tinokurudzira kuti usatarise kwete chete kune kusagadzikana kwesoftware, asiwo kune zvikanganiso zvekugadzirisa, izvo zvinogona zvakare kuve munjodzi. Pano tinokurudzira nzira yeagent yekuunganidza ruzivo. Ma scanner anogona uye anofanira kushandiswa kuongorora perimeter kuchengetedzwa. Kana iwe ukashandisa zviwanikwa zvevanopa makore, saka iwe zvakare unofanirwa kuunganidza ruzivo rwezvinhu uye zvigadziriso kubva ipapo. Bhadhara zvakanyanya pakuongorora kusasimba muzvivakwa uchishandisa Docker midziyo.
Nhanho #5: Gadzira kushuma
Ichi ndicho chimwe chezvinhu zvakakosha mukati meiyo vulnerability management process.
Pfungwa yekutanga: hapana anozoshanda neakawanda-mapeji mishumo ane runyoro runyoro rwekusagadzikana uye tsananguro yekuti ungazvibvisa sei. Chekutanga pane zvese, iwe unofanirwa kutaurirana nevamwe vaunoshanda navo uye kuona kuti chii chinofanira kunge chiri mumushumo uye kuti zviri nyore sei kuti vagamuchire data. Semuenzaniso, mumwe maneja haadi tsananguro yakadzama yekusagadzikana uye inongoda ruzivo nezve chigamba uye chinongedzo kwachiri. Imwe nyanzvi ine hanya chete nezve kusasimba kunowanikwa mune network network.
Chechipiri poindi: nekubika handirevi chete mapepa marepoti. Iyi ifomati yechinyakare yekuwana ruzivo uye nyaya yakamira. Munhu anogashira mushumo uye haakwanise nenzira ipi zvayo kufurira kuti data racho richaunzwa sei mumushumo uyu. Kuti uwane mushumo muchimiro chaunoda, nyanzvi yeIT inofanirwa kubata nyanzvi yekuchengetedza ruzivo uye kumukumbira kuti avakezve chirevo. Nokufamba kwenguva, hurema hutsva hunooneka. Panzvimbo yekusundira mishumo kubva kudhipatimendi kuenda kune rimwe dhipatimendi, nyanzvi mune ese ari maviri dzidziso dzinofanirwa kukwanisa kutarisa iyo data online uye kuona iwo mufananidzo mumwe chete. Naizvozvo, mupuratifomu yedu tinoshandisa mishumo ine simba muchimiro cheanogona dhibhodhi.
Nhanho #6: Isa pamberi
Pano unogona kuita zvinotevera:
1. Kugadzira repository ine mifananidzo yegoridhe yehurongwa. Shanda nemifananidzo yegoridhe, itarise kune kusasimba uye kugadzirisa kwakaringana nguva dzose. Izvi zvinogona kuitwa nerubatsiro rwevamiririri vanozongotaura kubuda kwechinhu chitsva uye nekupa ruzivo nezve kusagadzikana kwayo.
2. Tarisa pane izvo zvinhu zvakakosha kune bhizinesi. Hapana kana sangano rimwechete pasi rose rinogona kubvisa kusakuvara mune imwe nguva. Iyo nzira yekubvisa kusasimba irefu uye inotonetsa.
3. Kuderedza nzvimbo yekurwisa. Chenesa zvivakwa zvako zvezvisina basa software nemasevhisi, vhara zvisina basa zviteshi. Isu nguva pfupi yadarika takava nemhosva neimwe kambani umo zvingangoita zviuru zana zvekusagadzikana zvine chekuita neshanduro yekare yeMozilla browser yakawanikwa pamidziyo zviuru makumi mana. Sezvazvakazoitika gare gare, Mozilla yakaunzwa mumufananidzo wegoridhe makore mazhinji apfuura, hapana anoishandisa, asi ndiko kunobva huwandu hukuru hwekusagadzikana. Pakabviswa bhurawuza kubva kumakomputa (yaive kunyange pane mamwe maseva), aya makumi ezviuru ekusagadzikana akanyangarika.
4. Rank vulnerabilities zvichienderana nekutyisidzira njere. Funga kwete chete kutsoropodza kwekusagadzikana, asiwo kuvepo kwekushandiswa kweveruzhinji, malware, chigamba, kana yekunze kuwana kune iyo system nekusagadzikana. Ongorora kukanganisa kwekusagadzikana uku pane yakakosha bhizinesi masisitimu: inogona kutungamira mukurasikirwa nedata, kurambwa kwesevhisi, nezvimwe.
Nhanho #7: Bvumiranai pamaKPIs
Usatarise nekuda kwekutarisa. Kana pasina chikaitika kune kusasimba kunowanikwa, saka scanning iyi inoshanduka kuita isina basa. Kuti udzivise kushanda nehutera kubva pakuva chimiro, funga nezvekuti unozoongorora sei mhedzisiro yacho. Chengetedzo yeruzivo uye IT inofanirwa kubvumirana kuti basa rekubvisa kusagadzikana richagadziriswa sei, kangani scans ichaitwa, zvigamba zvichaiswa, nezvimwe.
Pasiraidhi unoona mienzaniso yeanogona KPIs. Kune zvakare rondedzero yakawedzerwa yatinokurudzira kune vatengi vedu. Kana iwe uchida, ndapota ndibate, ini ndichagovera ruzivo urwu newe.
Nhanho #8: Automate
Back to scanning zvakare. KuQualys, isu tinotenda kuti scanning ndicho chinhu chisina kukosha kwazvo chinogona kuitika muhusungwa manejimendi maitiro nhasi, uye kuti chekutanga chinoda kuve otomatiki zvakanyanya sezvinobvira kuitira kuti zviitwe pasina kutora chikamu kwenyanzvi yekuchengetedza ruzivo. Nhasi kune zvishandiso zvakawanda zvinokutendera kuti uite izvi. Zvakakwana kuti vane API yakazaruka uye nhamba inodiwa yezvibatanidza.
Muenzaniso wandinoda kupa ndeweDevOps. Kana iwe ukaisa vulnerability scanner ipapo, unogona kungokanganwa nezve DevOps. Nematekinoroji ekare, inova yekirasi scanner, iwe haungangotenderwe kuita izvi maitiro. Vagadziri havamiriri kuti iwe utarise uye uvape akawanda-mapeji, isingaite mushumo. Vagadziri vanotarisira kuti ruzivo rwekusagadzikana ruchapinda masystem emusangano wavo nenzira yeruzivo rwebug. Chengetedzo inofanirwa kuvakwa zvisina mutsetse mune aya maitiro, uye inofanira kungova chinhu chinodaidzwa otomatiki nehurongwa hunoshandiswa nevagadziri vako.
Nhanho #9: Tarisa pane Zvinokosha
Tarisa pane izvo zvinounza kukosha chaiko kukambani yako. Scans inogona kuve otomatiki, mishumo inogona zvakare kutumirwa otomatiki.
Tarisa pakuvandudza maitiro ekuita kuti awedzere kushanduka uye akanakira munhu wese anobatanidzwa. Tarisa pakuona kuti chengetedzo yakavakirwa muzvibvumirano zvese nevevamwe vako, avo, semuenzaniso, vanokugadziridza mawebhusaiti.
Kana iwe uchida rumwe ruzivo rwakadzama rwekuti ungavaka sei njodzi manejimendi maitiro mukambani yako, ndapota ndibate ini nevandinoshanda navo. Ndichafara kubatsira.
Source: www.habr.com