Munguva pfupi yapfuura, kambani yekutsvagisa Javelin Strategy & Research yakaburitsa chirevo, "Iyo Nyika Yekusimbisa Kusimbisa 2019." Vagadziri vayo vakaunganidza ruzivo rwekuti ndedzipi nzira dzechokwadi dzinoshandiswa munzvimbo dzemakambani uye mashandisirwo evatengi, uye vakaitawo mhedziso dzinonakidza nezveramangwana rekusimbisa kwakasimba.
Dudziro yechikamu chekutanga nemhedziso yevanyori veshumo, isu . Uye zvino tinopa kwauri chikamu chechipiri - nedata uye magirafu.
Kubva kumushanduri
Ini handisi kuzotevedzera zvachose block yezita rimwe chete kubva pachikamu chekutanga, asi ini ndicharamba ndichidzokorora ndima imwe.
Zvose nhamba uye chokwadi zvinoratidzwa pasina kuchinja kuduku, uye kana iwe usingabvumirani navo, saka zviri nani kukakavara kwete nemuturikiri, asi nevanyori vemushumo. Uye heano maonero angu (akarongwa semakotesheni, uye akamakwa muzvinyorwa ChiItalian) ndiko kutonga kwangu kwekukosha uye ndichafara kukakavadzana pane chimwe nechimwe chazvo (pamwe chete nemhando yeshanduro).
User Authentication
Kubva 2017, kushandiswa kwehuchokwadi hwakasimba mumashandisirwo evatengi kwakawedzera zvakanyanya, zvakanyanya nekuda kwekuwanikwa kwekriptographic authentication nzira panharembozha, kunyangwe chikamu chidiki chidiki chemakambani anoshandisa kusimbiswa kwakasimba kweInternet application.
Pakazere, chikamu chemakambani anoshandisa humbowo hwakasimba mubhizinesi ravo zvakapetwa katatu kubva pa5% muna 2017 kusvika 16% muna 2018 (Mufananidzo 3).
Iko kugona kushandisa kusimbiswa kwakasimba kwewebhu maapplication kuchiri kushoma (nekuda kwekuti mavhezheni matsva chete emamwe mabhurawuza anotsigira kudyidzana nekriptographic tokens, zvisinei dambudziko iri rinogona kugadziriswa nekuisa mamwe software senge. ), makambani mazhinji anoshandisa dzimwe nzira dzekusimbisa pamhepo, senge zvirongwa zvemafoni emafoni anoburitsa mapassword enguva imwe chete.
Hardware cryptographic keys (apa tinoreva chete izvo zvinoenderana nemitemo yeFIDO), seaya anopihwa neGoogle, Feitian, One Span, uye Yubico anogona kushandiswa kusimbisa kwakasimba pasina kuisa mamwe software pamakomputa edesktop nemalaptops (nekuti mabhurawuza mazhinji anototsigira iyo WebAuthn standard kubva kuFIDO), asi 3% chete yemakambani anoshandisa chimiro ichi kupinda muvashandisi vavo.
Kuenzanisa kwekriptographic tokens (se ) uye makiyi akavanzika anoshanda maererano neFIDO zviyero zviri kunze kwechikamu chemushumo uyu, asiwo zvandinotaura kwazviri. Muchidimbu, marudzi ese ezviratidzo anoshandisa algorithms akafanana uye misimboti yekushandisa. FIDO tokens parizvino ari kutsigirwa zvirinani nevatengesi vebrowser, kunyangwe izvi zvichakurumidza kuchinja sezvo mamwe mabhurawuza anotsigira . Asi classic cryptographic tokens inodzivirirwa nePIN kodhi, inogona kusaina magwaro emagetsi uye kushandiswa kune maviri-factor authentication muWindows (chero vhezheni), Linux uye Mac OS X, ine maAPIs emitauro yakasiyana-siyana yekuronga, inobvumidza iwe kuita 2FA nemagetsi. siginicha mudesktop, nharembozha uye Webhu zvikumbiro, uye zviratidzo zvinogadzirwa muRussia zvinotsigira Russian GOST algorithms. Chero zvazvingaitika, chiratidzo chekriptographic, zvisinei kuti chakagadzirwa nei, ndiyo yakavimbika uye iri nyore nzira yekusimbisa.
Beyond Chengetedzo: Zvimwe Zvakanakira Kusimba Kwakasimba
Hazvishamisi kuti kushandiswa kwechokwadi kwakasimba kwakanyatso kusungirirwa kune kukosha kweiyo data bhizinesi zvitoro. Makambani anochengeta Ruzivo Rwemunhu Anoziva (PII), akadai senhamba dzeSocial Security kana Ruzivo Rwehutano Hwega (PHI), anotarisana nedzvinyiriro huru yemutemo uye yekudzora. Aya ndiwo makambani anonyanya kutsigira vatsigiri vehuchokwadi hwakasimba. Dzvinyiriro pamabhizinesi inokwidziridzwa nezvinotarisirwa nevatengi vanoda kuziva kuti masangano avanovimba nedata ravo rinonyanya kunzwisiswa anoshandisa nzira dzakasimba dzehuchokwadi. Masangano anobata PII kana PHI ane hunyoro ane mukana wakapetwa kaviri wekushandisa chokwadi chakasimba pane masangano anongochengeta ruzivo rwevashandisi chete (Mufananidzo 7).
Nehurombo, makambani haasati agadzirira kushandisa nzira dzakasimba dzekusimbisa. Vanenge chikamu chimwe muzvitatu chevagadziri vesarudzo vanotarisa mapassword senzira yechokwadi yechokwadi pakati peavo vese vakanyorwa muFigure 9, uye 43% vanofunga mapassword nzira yakapusa yechokwadi.
Iyi chati inoratidza kwatiri kuti vanogadzira bhizinesi rekushandisa pasi rose vakafanana ... Havaoni kubatsira kwekushandisa nzira dzepamusoro dzekuchengetedza account uye vanogovana zvimwe zvisirizvo. Uye chete zviito zvevatongi zvinogona kuchinja mamiriro acho ezvinhu.
Ngatisabate mapassword. Asi chii chaunofanira kutenda kuti utende kuti mibvunzo yekuchengetedza yakachengeteka kupfuura cryptographic tokens? Kubudirira kwemibvunzo yekudzora, iyo inongosarudzwa, yaifungidzirwa pa15%, uye kwete hackable tokens - chete 10. Kanenge tarisa firimu "Illusion of Deception", apo, kunyange muchimiro chekufananidzira, inoratidzwa kuti nyore sei n'anga. akakwevera zvinhu zvese zvinodiwa kubva kune muzvinabhizimisi-anobiridzira mhinduro ndokumusiya asina mari.
Uye chimwezve chokwadi chinotaura zvakawanda nezve zvikwaniriso zveavo vane basa rekuchengetedza nzira mukushandisa mushandisi. Mukunzwisisa kwavo, maitiro ekuisa password ibasa rakareruka pane kutendeseka uchishandisa cryptographic token. Kunyangwe, zvingaite senge zviri nyore kubatanidza chiratidzo kune USB port uye kuisa iri nyore PIN kodhi.
Zvakakosha, kuita huchokwadi hwakasimba kunobvumira mabhizinesi kuti abve pakufunga nezve nzira dzechokwadi nemitemo yekushanda inodiwa kuvharidzira zvirongwa zvekubiridzira kuzadzisa zvidikanwi chaizvo zvevatengi vavo.
Nepo kutevedza kwemitemo kuri chinhu chakakosha chepamusoro kune ese mabhizinesi anoshandisa humbowo hwakasimba neasingadaro, makambani anotoshandisa humbowo hwakasimba ane mukana wekutaura kuti kuwedzera kuvimbika kwevatengi ndiyo inonyanya kukosha metric yavanofunga kana vachiongorora huchokwadi. nzira. (18% vs. 12%) (Mufananidzo 10).
Enterprise Authentication
Kubva 2017, kugamuchirwa kwehuchokwadi hwakasimba mumabhizinesi kwave kukura, asi pamwero wakaderera pane wekushandisa kwevatengi. Mugove wemabhizinesi anoshandisa kusimbiswa kwakasimba kwakawedzera kubva ku7% muna 2017 kusvika ku12% muna 2018. Kusiyana nevatengi vekushandisa, munharaunda yebhizinesi kushandiswa kwemaitiro asiri-password echokwadi kune imwe nzira yakajairika muwebhu application pane nharembozha. Inenge hafu yemabhizinesi inoshuma vachishandisa mazita ekushandisa chete uye mapassword kuratidza vashandisi vavo pavanenge vachipinda mukati, neimwe pavashanu (22%) zvakare ichivimba chete nemapassword ekusimbisa chechipiri kana uchiwana data yakaoma.ndiko kuti, mushandisi anotanga kupinda muchishandiso achishandisa nzira iri nyore yekusimbisa, uye kana achida kuwana ruzivo rwe data yakakosha, achaita imwe nzira yekusimbisa, panguva ino kazhinji achishandisa nzira yakavimbika.).
Iwe unofanirwa kunzwisisa kuti mushumo haufungi nezvekushandiswa kwekriptographic tokens kune mbiri-factor authentication mumashandisirwo ekushanda Windows, Linux uye Mac OS X. Uye iyi ikozvino ndiyo inonyanya kushandiswa kwe2FA. (Maiwe, ma tokens akagadzirwa zvinoenderana neFIDO zviyero anogona kuita 2FA chete Windows 10).
Uyezve, kana kuitwa kwe2FA muinternet uye nharembozha kuchida seti yezviyero, kusanganisira kugadziridzwa kwezvishandiso izvi, ipapo kuita 2FA muWindows unongoda kugadzirisa PKI (semuenzaniso, zvichibva paMicrosoft Certification Server) nemitemo yekusimbisa. muAD.
Uye sezvo kuchengetedza kupinda kuPC yebasa uye domain chinhu chakakosha chekuchengetedza data yekambani, kuisirwa kwezviviri-zvinhu kusimbiswa kuri kuramba kuchiwedzera.
Nzira mbiri dzinotevera dzinowanzozivikanwa dzekutendesa vashandisi kana uchinge wapinda mapassword enguva imwe chete anopiwa kuburikidza neyakasiyana app (13% yemabhizinesi) uye enguva imwe-password anounzwa kuburikidza neSMS (12%). Pasinei nokuti chikamu chekushandiswa kwenzira mbiri dzakafanana, OTP SMS inonyanya kushandiswa kuwedzera chiyero chemvumo (mu24% yemakambani). (Mufananidzo 12).
Kusimuka kwekushandiswa kwehuchokwadi hwakasimba mubhizinesi kunogona kuve kwakakonzerwa nekuwedzera kuwanikwa kwekriptographic authentication maitirwo mumapuratifomu ekuzivikanwa kwebhizinesi (nemamwe mazwi, bhizinesi SSO uye IAM masisitimu akadzidza kushandisa tokens).
Nekusimbiswa kwenharembozha kwevashandi nemakondirakiti, mabhizinesi anovimba zvakanyanya nemapassword pane kutenderwa mumashandisirwo evatengi. Inongopfuura hafu (53%) yemabhizinesi anoshandisa mapassword kana achisimbisa kuwana kwevashandisi kune data yekambani kuburikidza nenharembozha (Mufananidzo 13).
Panyaya yezvigadzirwa zvefoni, munhu aizotenda musimba guru re biometrics, kana kwete nokuda kwezviitiko zvakawanda zvenhema zvigunwe zveminwe, manzwi, zviso uye kunyange irises. Imwe yekutsvaga injini yemubvunzo icharatidza kuti nzira yakavimbika yekusimbisa biometric haipo. Chokwadi ma sensors echokwadi, aripo, asi anodhura zvakanyanya uye akakura muhukuru - uye haana kuiswa mune smartphones.
Naizvozvo, iyo chete inoshanda 2FA nzira mune nharembozha kushandiswa kwekriptographic tokens inobatana neiyo smartphone kuburikidza neNFC, Bluetooth uye USB Type-C interfaces.
Kuchengetedza dhata rezvemari rekambani ndicho chikonzero chepamusoro chekudyara mukusimbisa password isina (44%), nekukura kwakakurumidza kubva muna 2017 (kuwedzera kwezvikamu zvisere muzana). Izvi zvinoteverwa nekuchengetedzwa kwepfuma yehungwaru (40%) nevashandi (HR) data (39%). Uye zviri pachena kuti nei - kwete chete kukosha kwakabatana nemhando idzi dze data kunozivikanwa zvakanyanya, asi vashoma vashandi vanoshanda navo. Ndiko kuti, mari yekushandisa haina kukura zvakanyanya, uye vashoma chete vanhu vanofanirwa kudzidziswa kushanda neyakaomesesa yekusimbisa system. Kusiyana neizvi, mhando dzedata nemidziyo iyo vashandi vazhinji vebhizinesi vanogarowana zvichiri kuchengetedzwa chete nemapassword. Zvinyorwa zvevashandi, nzvimbo dzekushandira, uye makambani eemail portals inzvimbo dzine njodzi huru, sezvo chikamu chimwe chete muzvina chebhizinesi chinodzivirira zvinhu izvi nepassword yekusimbisa (Mufananidzo 14).
Kazhinji, email yekambani chinhu chine njodzi uye chinovhuvhuta, chiyero chenjodzi inogona kushomeka nemaCIO mazhinji. Vashandi vanogashira maemail akawanda mazuva ese, saka wadii kusanganisa kamwechete phishing (kureva, hutsotsi) email pakati pavo. Tsamba iyi ichagadzirwa nenzira yemabhii ekambani, saka mushandi anozonzwa akasununguka kubaya link iri mutsamba iyi. Zvakanaka, ipapo chero chinhu chinogona kuitika, semuenzaniso, kudhawunirodha hutachiona pamushini wakarwiswa kana mapassword ari kubuda (kusanganisira kuburikidza nesocial engineering, nekuisa fomu rekunyepedzera rechokwadi rakagadzirwa neanorwisa).
Kuti zvinhu zvakadai zvisaitike, maemail anofanira kusainwa. Ipapo zvinobva zvanyatsojeka kuti ndeipi tsamba yakagadzirwa nemushandi ari pamutemo uye neanorwisa. MuOutlook/Exchange, semuenzaniso, cryptographic token-based electronic siginicha inogoneswa nekukasira uye zviri nyore uye inogona kushandiswa pamwe chete ne-two-factor authentication muPC uye Windows domains.
Pakati peavo vatungamiriri vanovimba chete nekusimbiswa kwepassword mukati mebhizinesi, zvikamu zviviri muzvitatu (66%) vanozviita nekuti vanotenda mapassword anopa chengetedzo yakakwana yerudzi rweruzivo rwunodiwa nekambani yavo kuchengetedza (Mufananidzo 15).
Asi nzira dzechokwadi dzakasimba dziri kuwedzera kuwanda. Kunyanya nekuda kwekuti kuwanikwa kwavo kuri kuwedzera. Nhamba iri kuwedzera yekuzivikanwa uye yekuwana manejimendi (IAM) masisitimu, mabhurawuza, uye masisitimu anoshanda anotsigira huchokwadi uchishandisa cryptographic tokens.
Kusimbisa kwakasimba kune imwe bhenefiti. Sezvo password isisashandiswe (yakatsiviwa nePIN iri nyore), hapana zvikumbiro kubva kuvashandi vachivakumbira kuti vachinje password yakakanganwa. Izvo zvakare zvinoderedza mutoro pane bhizinesi reIT department.
Mhedzisiro uye mhedziso
- Mamaneja kazhinji haana ruzivo rwakakodzera rwekuongorora chaiye kushanda kweakasiyana echokwadi sarudzo. Vajaira kuvimba vakadaro zvechinyakare nzira dzekuchengetedza senge mapassword uye mibvunzo yekuchengetedza nekuda kwekuti "yakamboshanda."
- Vashandisi vachiri neruzivo urwu zvishoma, kwavari chinhu chikuru ndechekuti nyore uye nyore. Chero bedzi vasina kurudziro yekusarudza mhinduro dzakachengeteka.
- Vagadziri vezvishandiso zvetsika kazhinji hapana chikonzerokuita mbiri-chinhu chechokwadi panzvimbo yekusimbisa password. Makwikwi padanho redziviriro mumashandisirwo emushandisi asipo.
- Mutoro wakakwana wehack yakachinjirwa kumushandisi. Ipa password yenguva imwe chete kune anorwisa - mhosva. password yako yakabatwa kana kusoriwa pa - mhosva. Zvaisada kuti mugadziri ashandise nzira dzakavimbika dzechokwadi muchigadzirwa - mhosva.
- Rudyi mutongi kutanga kwezvose inofanirwa kuti makambani aite zvigadziriso izvo block data leaks (kunyanya mbiri-factor authentication), pane kuranga zvakatoitika data leak.
- Vamwe vanogadzira software vari kuyedza kutengesa kune vatengi yekare uye isina kunyanya kuvimbika mhinduro mupakeji yakanaka "innovative" chigadzirwa. Semuenzaniso, huchokwadi nekubatanidza kune chaiyo smartphone kana kushandisa biometric. Sezvazvinogona kuonekwa kubva mushumo, maererano akavimbika zvechokwadi Ikoko kunogona chete kuva nemhinduro inobva pakusimbisa kwakasimba, kureva, cryptographic tokens.
- Zvimwe chete cryptographic token inogona kushandiswa mabasa akati wandei: nokuti kusimbiswa kwakasimba mune bhizinesi rekushandisa system, mumakambani uye mushandisi zvikumbiro, zve siginecha yemagetsi kutengeserana kwemari (yakakosha kubhengi kunyorera), zvinyorwa uye email.
Source: www.habr.com