ProHoster > Blog > Utongi > Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso
Kunobva: Acunetix

Red Teaming ndiyo yakaoma simulation yekurwiswa chaiko kuitira kuti uongorore cybersecurity yemasisitimu. "Red Team" iboka pentesters (nyanzvi dzichiita bvunzo yekupinda muhurongwa). Vanogona kubhadharwa kubva kunze kana vashandi vesangano rako, asi muzviitiko zvose basa ravo rakafanana - kutevedzera zviito zvevapambi uye kuedza kupinda muhurongwa hwako.

Pamwe chete ne "zvikwata zvitsvuku" mucybersecurity, kune akati wandei mamwe. Semuenzaniso, Blue Team inoshanda pamwe chete neRed Team, asi zviitiko zvayo zvine chinangwa chekuvandudza kuchengetedzeka kwehurongwa hwehurongwa kubva mukati. Chikwata chePurple ndicho chinongedzo, chinobatsira zvimwe zvikwata zviviri mukugadzira nzira dzekurwisa uye dziviriro. Nekudaro, kudzoreredza imwe yedzisinganzwisisike nzira dzekutonga cybersecurity, uye masangano mazhinji anoramba achizeza kutora tsika iyi.
Muchinyorwa chino, isu tichatsanangura zvakadzama chii chiri kuseri kweiyo pfungwa yeRed Teaming, uye kuti kuitiswa kweakaoma simulation maitiro ekurwiswa chaiko kunogona kubatsira kuvandudza kuchengetedzeka kwesangano rako. Chinangwa chechinyorwa chino ndechekuratidza kuti nzira iyi inogona sei kuwedzera zvakanyanya kuchengetedzeka kweako ruzivo masisitimu.

Red Teaming Overview

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Kunyangwe munguva yedu, "tsvuku" uye "bhuruu" zvikwata zvinonyanya kubatanidzwa nemunda weruzivo tekinoroji uye cybersecurity, idzi pfungwa dzakagadzirwa nemauto. Kazhinji, maiva muchiuto mandakatanga kunzwa nezvepfungwa idzi. Kushanda semuongorori wecybersecurity mu1980s kwaive kwakasiyana zvakanyanya kubva nhasi: kuwana kune encrypted makomputa masisitimu aive akaganhurirwa zvakanyanya kupfuura zvazviri nhasi.

Zvikasadaro, ruzivo rwangu rwekutanga rwemitambo yehondo β€” kutevedzera, kutevedzera, uye kudyidzana β€” kwakafanana zvakanyanya neanhasi yakaoma kurwisa simulation maitiro, ayo awana nzira yayo mucybersecurity. Sezvazvino, kutarisisa kukuru kwakabhadharwa pakushandiswa kwemagariro einjiniya nzira dzekugonesa vashandi kuti vape "muvengi" mukana usina kufanira kuhurongwa hwemauto. Naizvozvo, kunyangwe nzira dzehunyanzvi dzekurwisa simulation dzakafambira mberi zvakanyanya kubva kuma80s, zvakakosha kuti ticherechedze kuti akawanda ematurusi makuru enzira yeanopikisa, uye kunyanya maitiro einjiniya yemagariro, anonyanya kuzvimiririra papuratifomu.

Iko kukosha kwakakosha kwekuteedzera kwakaoma kwekurwiswa chaiko hakunawo kuchinja kubva kuma80s. Nekutevedzera kurwisa masisitimu ako, zviri nyore kwauri kuti uwane kusasimba uye unzwisise mashandisirwo aanogona kuitwa. Uye nepo kudzoreredza kwaimboshandiswa zvakanyanya neheti chena uye cybersecurity nyanzvi dzichitsvaga kusagadzikana kuburikidza nekupinda kuyedza, iko zvino kwave kushandiswa zvakanyanya mucybersecurity uye bhizinesi.

Kiyi yekudzosera nguva ndeyekunzwisisa kuti haugone kunyatso nzwisisa chengetedzo yeako masisitimu kudzamara arwiswa. Uye panzvimbo yekuzviisa panjodzi yekurwiswa nevanorwisa chaivo, zvakachengeteka zvakanyanya kutevedzera kurwisa kwakadaro nemurairo mutsvuku.

Red Teaming: shandisa makesi

Nzira iri nyore yekunzwisisa izvo zvekutanga zve redtiming ndeye kutarisa mienzaniso mishoma. Heano maviri acho:

  • Scenario 1. Fungidzira kuti saiti yebasa revatengi yakapinzwa uye yakaedzwa zvakabudirira. Zvinoita sekuti izvi zvinoratidza kuti zvese zvakarongeka. Nekudaro, gare gare, mukurwisa kwakaoma kwekuseka, timu dzvuku inoona kuti nepo iyo yevatengi sevhisi app pachayo yakanaka, yechitatu-bato yekutaura chimiro haigone kunyatso ziva vanhu, uye izvi zvinoita kuti zvikwanise kunyengedza vamiriri vebasa revatengi kuti vachinje email kero yavo. .muakaundi (semugumisiro wekuti munhu mutsva, anorwisa, anogona kuwana).
  • Scenario 2. Nekuda kwepentesting, ese VPN neremote access controls zvakawanikwa zvakachengeteka. Nekudaro, ipapo mumiriri we "timu tsvuku" akasununguka kupfuura nedhipatimendi rekunyoresa uye anotora laptop yemumwe wevashandi.

Muzviitiko zvose zviri pamusoro apa, "chikwata chitsvuku" chinotarisa kwete chete kuvimbika kwegadziriro yega yega, asiwo hurongwa hwose huzere nekuda kwekushaya simba.

Ndiani Anoda Complex Attack Simulation?

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Muchidimbu, ingangoita chero kambani inogona kubatsirwa kubva mukudzoreredza. Sezvakaratidzwa mune yedu 2019 Global Data Risk Report., nhamba inotyisa yemasangano ari pasi pekutenda kwenhema kuti vane simba rakakwana pamusoro pe data yavo. Isu takaona, semuenzaniso, kuti paavhareji 22% yemaforodha ekambani anowanikwa kune wese mushandi, uye kuti makumi masere nenomwe muzana emakambani ane anopfuura chiuru ekare mafaera ekare pahurongwa hwavo.

Kana kambani yako isiri muindasitiri yetekinoroji, zvingaite senge kudzoreredza nguva kunokuitira zvakanaka. Asi handizvo. Cybersecurity haisi yekuchengetedza ruzivo rwakavanzika chete.

Vanopara mhosva vanoedzawo kubata matekinoroji zvisinei nenzvimbo yebasa rekambani. Semuenzaniso, vanogona kutsvaga kuwana mukana kunetiweki yako kuitira kuvanza zviito zvavo kuti vatore imwe system kana network kune imwe nzvimbo pasirese. Nerudzi urwu rwekurwisa, vanorwisa havadi data rako. Vanoda kutapurira makomputa ako ne malware kuitira kushandura system yako kuita boka re botnet nerubatsiro rwavo.

Kumakambani madiki, zvinogona kunetsa kuwana zvekushandisa zvekudzikinura. Muchiitiko ichi, zvine musoro kupa iyi nzira kune wekunze kontrakta.

Red Teaming: Mazano

Iyo yakakwana nguva uye frequency yekudzoreredza zvinoenderana nechikamu chaunoshanda mairi uye kukura kweiyo cybersecurity maturusi.

Kunyanya, iwe unofanirwa kuve uine otomatiki zviitiko zvakaita sekuongorora asset uye kuongororwa kwenjodzi. Sangano rako rinofanirwawo kusanganisa otomatiki tekinoroji nekutarisa kwevanhu nekugara vachiita yakazara yekupinda bvunzo.
Mushure mekupedza akati wandei bhizinesi kutenderera kwekupinda kuyedza uye nekutsvaga kusasimba, unogona kuenderera kune yakaoma simulation yekurwiswa chaiko. Panguva ino, kugadzirisa nguva kuchakuunzira mabhenefiti anooneka. Nekudaro, kuyedza kuzviita usati wawana izvo zvekutanga zvecybersecurity munzvimbo hazviunze mhedzisiro inooneka.

Chikwata cheheti chena chingangokwanisa kukanganisa hurongwa husina kugadzirira nekukurumidza uye nyore zvekuti iwe unowana ruzivo rushoma kuti utore chimwe chiito. Kuti uve nemhedzisiro chaiyo, ruzivo rwakawanikwa ne "timu dzvuku" runofanirwa kufananidzwa nebvunzo dzekupinda dzakapfuura uye kuongororwa kwekusagadzikana.

Chii chinonzi penetration test?

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Kuteedzera kwakaoma kwekurwiswa chaiko (Red Teaming) kunowanzo kuvhiringika ne kuyedza kupinda (pentest), asi nzira mbiri idzi dzakasiyana zvishoma. Kunyanya, kuyedzwa kwekupinda ingori imwe yenzira dzekudzokorora.

Basa rePentester zvakanyatsotsanangurwa. Basa revapentester rakakamurwa kuita matanho mana makuru: kuronga, kuwanikwa kweruzivo, kurwisa, uye kushuma. Sezvauri kuona, mapentesters anoita zvinopfuura kungotsvaga kusashanda kwesoftware. Vanoedza kuzviisa muzvishangu zvevabiki, uye kana vangopinda muhurongwa hwako, basa ravo chairo rinotanga.

Ivo vanowana kusasimba uye vobva vaita kurwiswa kutsva zvichienderana neruzivo rwakagamuchirwa, vachifamba nepakati peiyo dhairekitori. Izvi ndizvo zvinosiyanisa vanoedza kupinda kubva kune avo vanopihwa basa chete kuti vawane kusaita, vachishandisa port scanning software kana kuona hutachiona. Pentester ane ruzivo anogona kusarudza:

  • uko vatengesi vanogona kutungamira kurwisa kwavo;
  • nzira iyo matsotsi acharwisa nayo;
  • Kuzvidzivirira kwako kuchaita sei?
  • mukana wekukanganisa.

Kuongorora kwekupinda kunotarisa pakuona kusasimba pachishandiso uye mazinga etiweki, pamwe nemikana yekukunda zvipingamupinyi zvekuchengetedza zvemuviri. Nepo kuyedza otomatiki kunogona kuratidza dzimwe nyaya dzecybersecurity, bvunzo yekupinda nemaoko inofungawo kusadzika kwebhizinesi kurwisa.

Red Teaming vs. kuyedza kupinda

Pasina kupokana, kuyedza kwekupinda kwakakosha, asi ingori chikamu chimwe chezere nhevedzano yezviitwa zve redtiming. Zviitwa zve "timu dzvuku" zvine zvinangwa zvakakura kupfuura zvevapentester, avo vanowanzo tsvaga kuwana mukana kune network. Kudzoreredza kazhinji kunosanganisira vanhu vazhinji, zviwanikwa uye nguva apo timu dzvuku inochera zvakadzama kuti inzwisise zvizere nhanho yechokwadi yenjodzi nekusagadzikana mune tekinoroji uye midziyo yevanhu neyemuviri yesangano.

Mukuwedzera, kune zvimwe zvakasiyana. Redtiming inowanzo shandiswa nemasangano ane akakura uye epamberi cybersecurity matanho (kunyangwe izvi zvisiri izvo nguva dzose mukuita).

Aya anowanzo makambani akatoita bvunzo yekupinda uye akagadzirisa mazhinji ekusagadzikana akawanikwa uye ave kutsvaga mumwe munhu anogona kuedza zvakare kuwana ruzivo rwakadzama kana kutyora dziviriro chero nzira.
Ichi ndicho chikonzero kudzoreredza nguva kuchitsamira pachikwata chenyanzvi dzezvekuchengetedza dzakatarisa pane chimwe chinangwa. Ivo vanonangidzira kusagadzikana kwemukati uye vanoshandisa ese emagetsi uye emuviri magariro einjiniya maitiro pane vashandi vesangano. Kusiyana nemapentesters, zvikwata zvitsvuku zvinotora nguva yavo panguva yekurwiswa kwavo, vachida kudzivirira kuonekwa senge cybercriminal chaiyo ingaite.

Zvakanakira Red Teaming

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Kune akawanda mabhenefiti ekuenzanisa kwakaomarara kwekurwiswa chaiko, asi zvinonyanya kukosha, nzira iyi inobvumidza iwe kuti uwane yakazara mufananidzo weiyo cybersecurity yesangano. Iyo yakajairika yekupedzisira-kusvika-kumagumo inoteedzerwa kurwisa maitiro ingasanganisira yekupinda kuyedza (network, application, mbozhanhare, uye imwe mudziyo), social engineering (kugara pasaiti, kufona, email, kana mameseji uye kutaura), uye kupindira kwemuviri. (kutyora makiyi, kuona nzvimbo dzakafa dzemakamera ekuchengetedza, kunzvenga masisitimu ekunyevera). Kana paine kusasimba mune chero yeaya maficha esystem yako, ivo vanozowanikwa.

Kana kusakwana kwawanikwa, kunogona kugadziriswa. Iyo inobudirira kurwisa simulation maitiro haipere nekuwanikwa kwehutera. Kana zvikanganiso zvekuchengetedza zvanyatsoonekwa, iwe uchada kushanda pakuzvigadzirisa uye kuzviongorora zvakare. Muchokwadi, iro basa chairo rinowanzotanga mushure mekupindirwa kwechikwata chitsvuku, kana iwe uchiongorora kurwiswa uye kuyedza kudzikisira kusasimba kwakawanikwa.

Pamusoro peaya maviri mabhenefiti makuru, redtiming zvakare inopa akati wandei mamwe. Saka, "timu tsvuku" inogona:

  • kuona njodzi uye kusasimba kwekurwiswa mune akakosha ruzivo rwebhizinesi zvinhu;
  • tevedzera nzira, matekiniki uye maitiro evanorwisa chaivo munzvimbo ine njodzi shoma uye inodzorwa;
  • Ongorora kugona kwesangano rako kuona, kupindura, nekudzivirira kutyisidzira kwakaoma, kwakanangwa;
  • Kurudzirai kudyidzana kwepedyo nemadhipatimendi ekuchengetedza uye zvikwata zveblue kuti zvipe kudzikisira kwakanyanya uye kuitisa mawoko-pamusangano akazara zvichitevera kusagadzikana kwakawanikwa.

Red Teaming inoshanda sei?

Nzira huru yekunzwisisa kuti redtiming inoshanda sei kutarisa kuti inowanzoshanda sei. Iyo yakajairika maitiro ekuomarara kurwisa simulation ine akati wandei matanho:

  • Sangano rinobvumirana ne "chikwata chitsvuku" (mukati kana kunze) pane chinangwa chekurwisa. Semuenzaniso, chinangwa chakadaro chinogona kunge chiri chekutora ruzivo rwakadzama kubva kune imwe sevha.
  • Ipapo "timu tsvuku" inoitisa kucherechedzwa kwechinangwa. Mhedzisiro iyi dhizaini yezvinotangwa masisitimu, anosanganisira network masevhisi, webhu maapplication, uye mukati mevashandi portals. .
  • Mushure meizvozvo, kusasimba kunotsvagwa mune inotarirwa sisitimu, iyo inowanzoitwa uchishandisa phishing kana XSS kurwisa. .
  • Kana ma tokeni ekuwana awanikwa, timu dzvuku inoashandisa kuongorora kumwe kusagadzikana. .
  • Kana humwe hurema hwawanikwa, "timu dzvuku" inotsvaka kuwedzera nhanho yavo yekusvika padanho rinodiwa kuzadzisa chinangwa. .
  • Pakuwana mukana kune yakananga data kana asset, basa rekurwisa rinoonekwa rakapera.

Muchokwadi, nyanzvi yechikwata chitsvuku ine ruzivo ichashandisa nhamba huru yenzira dzakasiyana kuti ipfuure imwe neimwe yeaya nhanho. Nekudaro, chinhu chakakosha chekutora kubva pamuenzaniso wepamusoro ndechekuti kusadzivirirwa kudiki mumasisitimu ega ega kunogona kushanduka kuita kutadza kunotyisa kana kwakasungwa pamwechete.

Chii chinofanira kufungwa kana tichitaura nezve "timu tsvuku"?

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Kuti uwane zvakanyanya kubva pa redtiming, unofanirwa kugadzirira zvakanyatsonaka. Iwo masisitimu nematanho anoshandiswa nesangano rega rega akasiyana, uye nhanho yemhando yekudzoreredza inowanikwa kana yakanangana nekutsvaga kusasimba mumasisitimu ako. Nokuda kwechikonzero ichi, zvakakosha kufunga nezvehuwandu hwezvinhu:

Ziva zvauri kutsvaga

Chekutanga pane zvese, zvakakosha kuti unzwisise kuti ndeapi masisitimu uye maitiro aunoda kutarisa. Zvichida iwe unoziva kuti iwe unoda kuyedza webhu application, asi haunyatso nzwisisa zvazvinoreva chaizvo uye kuti mamwe masisitimu anosanganisirwa newebhu maapplication ako. Naizvozvo, zvakakosha kuti uve nekunzwisisa kwakanaka kweako masisitimu uye ugadzirise chero hutsinye huri pachena usati watanga kuenzanisa kwakaoma kwekurwisa chaiko.

Ziva network yako

Izvi zvine chekuita nekurudziro yapfuura, asi zvakanyanya nezve hunyanzvi hunhu hwetiweki yako. Izvo zvirinani zvaunokwanisa kuyera nzvimbo yako yekuyedza, iyo yakanyanya kunyatso uye yakananga timu yako tsvuku ichave.

Ziva Budget Yako

Redtiming inogona kuitwa pamatanho akasiyana, asi kutevedzera huwandu hwakazara hwekurwiswa kunetiweki yako, kusanganisira social engineering uye kupindira kwemuviri, kunogona kudhura. Nechikonzero ichi, zvakakosha kuti unzwisise kuti imarii yaungashandisa pane cheki yakadaro uye, maererano, tsanangura chiyero chayo.

Ziva nhanho yako

Mamwe masangano anogona kushivirira mwero wakanyanya wenjodzi sechikamu chemaitiro avo ebhizinesi. Vamwe vanozoda kudzikamisa nhanho yavo kusvika pamwero wakakura, kunyanya kana kambani ichishanda muindasitiri inodzorwa zvakanyanya. Naizvozvo, kana uchiitisa redtiming, zvakakosha kuti utarise panjodzi dzinoisa njodzi kubhizinesi rako.

Red Teaming: Zvishandiso uye Tactics

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Kana ikashandiswa nemazvo, "timu dzvuku" ichaita kurwisa kwakazara pamanetiweki ako uchishandisa ese maturusi uye nzira dzinoshandiswa nevanobira. Pakati pezvimwe zvinhu, izvi zvinosanganisira:

  • Application Penetration Testing -ine chinangwa chekuona kushaya simba padanho rekushandisa, senge-cross-saiti chikumbiro chekunyepedzera, kukanganisa kwekupinda data, kusasimba kwechikamu manejimendi, nezvimwe zvakawanda.
  • Network Penetration Testing -ine chinangwa chekuona kusasimba kunetiweki uye system level, kusanganisira zvisizvo, wireless network vulnerabilities, zvisina mvumo masevhisi, nezvimwe.
  • Kuedza kupinda mumuviri - kutarisa kushanda, pamwe nekusimba uye kushaya simba kwekutonga kwekuchengetedza kwemuviri muhupenyu chaihwo.
  • social engineering - inovavarira kushandisa kusasimba kwevanhu uye hunhu hwevanhu, kuyedza kukanganisa kwevanhu kunyengedza, kunyengetedza uye kunyengera kuburikidza nemaemail ephishing, kufona uye mameseji, pamwe nekubata kumeso ipapo.

Zvese zviri pamusoro apa ndezvekudzokorodza zvinhu. Iyo yakazara-yakazara, yakaturikidzana kurwisa simulation yakagadzirirwa kuona kuti vanhu vako, network, maapplication, uye ekuchengetedza ekuchengetedza emuviri anogona kumirisana nekurwiswa kweanorwisa chaiye.

Kuenderera mberi kwekuvandudza kweRed Teaming nzira

Chimiro chekuenzanisa kwakaoma kwekurwiswa kwechokwadi, umo zvikwata zvitsvuku zvinoedza kutsvaga hutsva hutsva hwekuchengetedza uye zvikwata zvebhuruu zvinoedza kuzvigadzirisa, zvinotungamirira kukuvandudzwa kwemaitiro ekuongorora kwakadaro. Nokuda kwechikonzero ichi, zvakaoma kuunganidza runyorwa rwemazuva ano rwekugadzirisa nzira dzemazuva ano, sezvo dzichikurumidza kupera.

Naizvozvo, vatsigiri vazhinji vanozopedza chikamu chenguva yavo vachidzidza nezvekusagadzikana kutsva nekuzvishandisa, vachishandisa zviwanikwa zvakawanda zvinopihwa nenharaunda yetimu dzvuku. Hedzino dzinonyanya kufarirwa munharaunda idzi:

  • Pentester Chikoro ibasa rekunyorera iro rinopa online vhidhiyo makosi akatarisana zvakanyanya nekuyedza kupinda, pamwe nemakosi ezvekushandisa system forensics, mabasa einjiniya yemagariro, uye mutauro wekuchengetedza ruzivo.
  • Vincent Yiu i "anogumbura cybersecurity opareta" anogara achingo bhuroga nezve nzira dzakaomarara simulation yekurwiswa chaiko uye ndiyo yakanaka sosi yemaitiro matsva.
  • Twitter zvakare yakanaka sosi kana iwe uchitsvaga-kusvika-date retiming ruzivo. Unogona kuzviwana nema hashtag #redteam ΠΈ #kugadzirisa.
  • Daniel Miessler mumwe ane ruzivo rwekudzoreredza nyanzvi anogadzira tsamba yenhau uye podcast, inotungamira webhusaiti uye anonyora zvakawanda pamusoro pemazuva ano matsvuku echikwata maitiro. Pakati pezvinyorwa zvake zvichangoburwa: "Purple Team Pentest inoreva kuti Zvikwata zvako zvitsvuku neBlue zvakundikana" ΠΈ "Kusagadzikana Mibairo uye Inguva Yekushandisa Vulnerability Assessment, Penetration Testing, uye Comprehensive Attack Simulation".
  • Zuva nezuva Swig ipepanhau rekuchengetedza webhu rinotsigirwa nePortSwigger Web Security. Ichi chishandiso chakanaka chekudzidza nezve zvichangobva kuitika uye nhau mumunda wekudzoreredza - hacks, kuburitswa kwedata, zviitiko, kusashanda kwewebhu application uye matekinoroji matsva ekuchengetedza.
  • Florian Hansemann ndiye chena hacker hacker uye penetration tester anogara achivhara matsva etimu tsvuku tactics mune yake blog.
  • MWR labs yakanaka, kunyangwe yakanyanyisa tekinoroji, sosi yekudzokorora nhau. Vanotumira zvinobatsira kuzvikwata zvitsvuku zvishandisouye yavo Twitter feed ine matipi ekugadzirisa matambudziko anotarisana nevanoedza kuchengetedza.
  • Emad Shanab - Gweta uye "white hacker". Yake Twitter feed ine matekiniki anobatsira e "zvikwata zvitsvuku" sekunyora majekiseni eSQL nekugadzira maOAuth tokens.
  • Mitre's Adversarial Tactics, Techniques uye Ruzivo Rwose (ATT & CK) inzvimbo yakasarudzika yeruzivo yeanorwisa maitiro. Inoteedza zvikamu zvehupenyu hwevanorwisa uye mapuratifomu avanonongedza.
  • Iyo Hacker Playbook igwara rema hackers, ayo, kunyangwe akachembera, anovhara akawanda ehunyanzvi maitiro achiri pamwoyo wekuteedzera kwakaoma kwekurwiswa chaiko. Munyori Peter Kim anewo Twitter feed, umo anopa mazano ekubira uye mamwe mashoko.
  • SANS Institute mumwe mupi mukuru wezve cybersecurity kudzidzisa zvinhu. Zvavo Twitter feedYakatarisana nedhijitari forensics uye mhinduro yezviitiko, ine nhau dzichangoburwa dzeSANS makosi uye zano kubva kune nyanzvi dzehunyanzvi.
  • Dzimwe dzenhau dzinonakidza kwazvo nezve redtiming dzinoburitswa mukati Red Team Journal. Pane zvinyorwa zvakanangana nehunyanzvi zvakadai sekuenzanisa Red Teaming nekuyedzwa kwekupinda, pamwe nezvinyorwa zvekuongorora zvakaita seThe Red Team Specialist Manifesto.
  • Chekupedzisira, Anotyisa Red Teaming inharaunda yeGitHub inopa runyoro rwakadzama zviwanikwa zvakatsaurirwa kuRed Teaming. Iyo inovhara ingangoita yese tekinoroji yezviitwa zvechikwata chitsvuku, kubva pakuwana kwekutanga, kuita zviitwa zvakashata, kuunganidza uye kutora data.

"Blue team" - chii ichocho?

Red Teaming ndiyo yakaoma simulation yekurwiswa. Methodology uye zvishandiso

Nezvikwata zvakawanda zvine mavara mazhinji, zvinogona kuve zvakaoma kufunga kuti ndeupi rudzi rwunoda sangano rako.

Imwe nzira kune timu dzvuku, uye kunyanya imwe mhando yetimu inogona kushandiswa pamwe neiyo dzvuku timu, iboka rebhuruu. The Blue Team inoongororawo kuchengetedzeka kwenetiweki uye inotaridza chero njodzi inogona kuitika. Zvisinei, ane chinangwa chakasiyana. Mapoka emhando iyi anodiwa kutsvaga nzira dzekudzivirira, kuchinja uye kurongazve nzira dzekudzivirira kuita kuti mhinduro yezviitiko inyatsoshanda.

Kufanana neboka dzvuku, boka rebhuruu rinofanira kuva neruzivo rwakafanana rweanorwisa maitiro, maitiro, uye maitiro kuitira kugadzira mazano ekupindura akavakirwa pazviri. Nekudaro, mabasa echikwata chebhuruu haagumiri pakungodzivirira pakurwiswa. Inobatanidzwawo mukusimbisa kuchengetedzwa kwese kwekuchengetedza, kushandisa, semuenzaniso, intrusion monitoring system (IDS) inopa kuongororwa kunoramba kuripo kwechiitiko chisina kujairika uye chinofungidzirwa.

Heano mamwe ematanho anotorwa ne "blue team":

  • kuchengetedzwa kwekuchengetedza, kunyanya DNS kuongororwa;
  • log uye ndangariro kuongorora;
  • kuongororwa kwemapaketi e data network;
  • njodzi data analysis;
  • digital footprint analysis;
  • reverse engineering;
  • DDoS kuongorora;
  • kuvandudzwa kwezviitiko zvekushandisa njodzi.

Kusiyana pakati pezvikwata zvitsvuku nebhuruu

Mubvunzo wakajairika kumasangano mazhinji ndewekuti nderipi boka ravanofanira kushandisa, tsvuku kana bhuruu. Nyaya iyi inowanzoperekedzwawo neruvengo rweushamwari pakati pevanhu vanoshanda "kumativi akapesana ezvivharidzo." Muchokwadi, hapana murayiro une musoro pasina mumwe. Saka mhinduro chaiyo kumubvunzo uyu ndeyekuti zvikwata zviviri izvi zvakakosha.

Chikwata Chitsvuku chiri kurwisa uye chinoshandiswa kuyedza kugadzirira kweBlue Team kudzivirira. Dzimwe nguva timu dzvuku inogona kuwana kusadzivirirwa uko timu yebhuruu yakafuratira zvachose, mune iyo nyaya iyo dzvuku timu inofanirwa kuratidza kuti izvo zvidziviriro zvinogona kugadziriswa sei.

Zvakakosha kuti zvikwata zviviri izvi zvishande pamwechete kurwisa matsotsi epamhepo kusimbisa kuchengetedzeka kweruzivo.

Nechikonzero ichi, hazvina musoro kusarudza divi rimwe chete kana kuisa mari mumhando imwe chete yechikwata. Zvakakosha kuyeuka kuti chinangwa chemapato ese ndechekudzivirira cybercrime.
Mune mamwe mazwi, makambani anofanirwa kumisa kubatana kwezvikwata zviviri izvi kuitira kuti vape ongororo yakazara - nematanda ekurwiswa kwese uye macheki akaitwa, marekodhi ezvakaonekwa.

"Chikwata chitsvuku" chinopa ruzivo nezve maoparesheni avakaita panguva yekuedzerwa kurwiswa, nepo timu yebhuruu ichipa ruzivo nezve zviito zvavakatora kuti vazadze maburi uye kugadzirisa kusasimba kwakawanikwa.

Kukosha kwezvikwata zviviri izvi hakugone kurerutswa. Pasina kuenderera mberi kwekuongorora kwavo kuchengetedza, kuyedzwa kwekupinda, uye kuvandudzwa kwezvivakwa, makambani angadai asina kuziva mamiriro ekuchengetedza kwavo. Zvirinani kusvika iyo data yaburitswa uye zvinova zvinorwadza zvakajeka kuti matanho ekuchengetedza akange asina kukwana.

Chii chinonzi timu yepepuru?

Iyo "Purple Team" yakazvarwa nekuda kwekuyedza kubatanidza maRed and Blue Teams. Chikwata chePurple chinopfuura chepfungwa pane yakasarudzika mhando yetimu. Inonyanya kuonekwa sekusanganiswa kwezvikwata zvitsvuku uye zvebhuruu. Anobatanidza zvikwata zviviri izvi, achivabatsira kushanda pamwechete.

Chikwata chePurple chinogona kubatsira zvikwata zvekuchengetedza kuvandudza kuona njodzi, kuwanikwa kwekutyisidzira, uye kutarisa kunetiweki nekuenzanisira nenzira kwayo mamiriro ezvinhu akajairika uye kubatsira kugadzira nzira nyowani dzekutyisidzira uye nzira dzekudzivirira.

Mamwe masangano anoshandisa Purple Team yenguva-yakatarisana zviitiko zvinotsanangura zvakajeka zvinangwa zvekuchengetedza, nguva, uye zvakakosha mhedzisiro. Izvi zvinosanganisira kuziva kushaya simba mukurwisa nekudzivirira, pamwe nekuziva kudzidziswa kweramangwana uye tekinoroji zvinodiwa.

Imwe nzira yave kuwedzera simba ndeyekuona Chikwata chePurple semuenzaniso wemuono unoshanda musangano rese kubatsira kugadzira uye kuenderera mberi nekuvandudza tsika yecybersecurity.

mhedziso

Red Teaming, kana yakaoma kurwisa simulation, inzira ine simba yekuyedza kusagadzikana kwesangano, asi inofanirwa kushandiswa nekuchenjerera. Kunyanya, kuti uishandise, iwe unofanirwa kunge uine zvakakwana nzira dzepamusoro dzekuchengetedza ruzivo rwekuchengetedzaZvikasadaro, angasaruramisa tariro dzakaiswa paari.
Redtiming inogona kuratidza kusasimba mune yako system yawaisatomboziva kuti iripo uye kubatsira kugadzirisa. Nekutora nzira yekupikisa pakati pezvikwata zvebhuruu nezvitsvuku, unogona kutevedzera zvingaitwe nemubiki wepachokwadi kana achida kuba data rako kana kukuvadza zvinhu zvako.

Source: www.habr.com

Voeg