Siyaqhubeka ukukwazisa kwihlabathi elilwa nokukhwabanisa, lifunda iziseko zobunjineli bezentlalo kwaye alilibali ukuqeqesha abasebenzi bayo. Namhlanje undwendwe lwethu yimveliso yePhishman. Lo ngomnye wamaqabane e-TS Solution, ukubonelela ngenkqubo ezenzekelayo yokuvavanya nokuqeqesha abasebenzi. Ngokufutshane malunga nombono wayo:
-
Ukuchonga iimfuno zoqeqesho zabasebenzi abathile.
-
Iikhosi ezisebenzayo nezethiyori kubasebenzi ngokusebenzisa i-portal yoqeqesho.
-
I-Flexible automation inkqubo yokusebenza kwenkqubo.
Intshayelelo yeMveliso
Inkampani
Izisombululo ezicetyisiweyo
UPhishman usebenzisana neenkampani ezahlukeneyo (ukusuka kumashishini amancinci ukuya kumaqumrhu amakhulu), ekuqaleni kwanele ukuba nabasebenzi abali-10. Masithathele ingqalelo umgaqo-nkqubo wamaxabiso kunye nelayisensi:
-
Kumashishini amancinci:
A)
Phishman Lite - inguqulo yemveliso ukusuka kwi-10 ukuya kubasebenzi be-249 kunye nexabiso lokuqala lelayisenisi ukusuka kwi-ruble ye-875. Iqulethe iimodyuli eziphambili: ukuqokelela ulwazi (uvavanyo lokuthunyelwa kwee-imeyile ze-phishing), uqeqesho (izifundo ezi-3 ezisisiseko malunga nokhuseleko lolwazi), ukuzenzekelayo (ukuseta imodi yokuvavanya ngokubanzi).B)
Phishman Standard - inguqulo yemveliso ukusuka kwi-10 ukuya kubasebenzi be-999 kunye nexabiso lokuqala lelayisenisi ukusuka kwi-ruble ye-1120. Ngokungafaniyo nenguqulo ye-Lite, inamandla okunxibelelana neseva yakho ye-AD; imodyuli yoqeqesho inezifundo ezi-5. -
Kumashishini amakhulu:
A)
Phishman Enterprise - kwesi sisombululo inani labasebenzi alikhawulelwanga; ibonelela ngenkqubo ebanzi yokwazisa abasebenzi kwicandelo lokhuseleko lolwazi kwiinkampani zabo nabuphi na ubukhulu obunamandla okulungelelanisa iikhosi kwiimfuno zomthengi kunye neshishini. Ungqamaniso kunye ne-AD, SIEM, iinkqubo ze-DLP ziyafumaneka ukuqokelela ulwazi malunga nabasebenzi kunye nokuchonga abasebenzisi abafuna uqeqesho. Kukho inkxaso yokudibanisa kunye nenkqubo ekhoyo yokufunda umgama (i-DLS), ukubhaliswa ngokwawo kuqulethe iikhosi ezi-7 ezisisiseko ze-IS, ezi-4 eziphambili kunye ne-3 yemidlalo. Inketho enomdla yokuhlaselwa koqeqesho usebenzisa i-USB drives (i-flash cards) nayo iyaxhaswa.B)
Phishman Enterprise+ - inguqulelo ehlaziyiweyo ibandakanya zonke iinketho ze-Enterpise, kuyenzeka ukuba uphuhlise iziqhagamshelo zakho kunye neengxelo (ngoncedo lweenjineli zePhishman).Ngaloo ndlela, imveliso inokuguqulwa ngokuguquguqukayo ukuze ihambelane nemisebenzi yeshishini elithile kwaye ihlanganiswe kwiinkqubo zoqeqesho zokhuseleko lolwazi olukhoyo.
Ukwazi inkqubo
Ukubhala eli nqaku, sisebenzise uyilo olunezi mpawu zilandelayo:
-
Umncedisi we-Ubuntu ukusuka kwinguqulo 16.04.
-
I-4 GB RAM, i-50 GB hard drive space, iprosesa ene-clock frequency ye-1 GHz okanye ngaphezulu.
-
Iseva yeWindows ene-DNS, AD, iindima ze-MAIL.
Ngokuqhelekileyo, isethi isemgangathweni kwaye ayifuni izibonelelo ezininzi, ngokukodwa ngokuqwalasela ukuba, njengomthetho, sele unomncedisi we-AD. Emva kokuthunyelwa, i-container ye-Docker iya kufakwa, eya kumisela ngokuzenzekelayo ukufikelela kulawulo nokufunda portal.
Ngezantsi kwe-spoiler kukho umzobo wenethiwekhi eqhelekileyo kunye noFishman
Idayagram yenethiwekhi eqhelekileyo
Okulandelayo, siya kuqhelana nojongano lwenkqubo, amandla olawulo kwaye, ngokuqinisekileyo, imisebenzi.
Ngena kwi-portal yolawulo
I-portal yolawulo ye-Phishman isetyenziselwa ukulawula uluhlu lwamasebe enkampani kunye nabasebenzi. Iqalisa ukuhlaselwa ngokuthumela ii-imeyile ze-phishing (njengenxalenye yoqeqesho), kwaye iziphumo zihlanganiswe kwiingxelo. Ungafikelela kuyo usebenzisa idilesi ye-IP okanye igama lesizinda olichazayo xa uhambisa inkqubo.
Ugunyaziso kwi-portal ye-Phishman
Kwiphepha eliphambili uya kuba nokufikelela kwiiwijethi ezifanelekileyo kunye namanani kubasebenzi bakho:
Iphepha lasekhaya le-Phishman portal
Ukongeza abasebenzi kwintsebenziswano
Ukusuka kwimenyu ephambili ungaya kwicandelo "Abasebenzi", apho kukho uludwe lwabo bonke abasebenzi benkampani abacazululwe lisebe (ngesandla okanye ngeAD). Iqulethe izixhobo zokulawula idatha yabo; kunokwenzeka ukwakha isakhiwo ngokuhambelana nabasebenzi.
Iphaneli yoLawulo yoMsebenzisiIkhadi lokudala abasebenzi
Ukhetho: Ukudityaniswa kunye ne-AD kuyafumaneka, okukuvumela ukuba wenze ngokuzenzekelayo inkqubo yokuqeqesha abasebenzi abatsha kunye nokugcina izibalo jikelele.
Ukuqaliswa koqeqesho lwabasebenzi
Nje ukuba wongeze ulwazi malunga nabasebenzi benkampani, unethuba lokubathumela kwiikhosi zoqeqesho. Xa kunokuba luncedo:
-
umsebenzi omtsha;
-
uqeqesho olucwangcisiweyo;
-
ikhosi engxamisekileyo (kukho ifidi yolwazi, kufuneka ulumkise).
Ukurekhoda kuyafumaneka kumsebenzi ngamnye kunye nesebe lonke.
Ukusekwa kwekhosi yoqeqesho
Ziphi iinketho:
-
yenza iqela lokufunda (dibanisa abasebenzisi);
-
ukhetho lwekhosi yoqeqesho (ubungakanani buxhomekeke kwilayisensi);
-
ukufikelela (okusisigxina okanye okwethutyana kunye nemihla ebonisiweyo).
Kubalulekile!
Xa ubhalisa okokuqala kwiikhosi, umqeshwa uya kufumana i-imeyile ngolwazi lokungena kwi-Portal Training. Ujongano lwesimemo luyitemplate, ekhoyo ukuze lulungiswe ngokokubona koMthengi.
Isample ileta yokumema ukufunda
Ukuba ulandela ikhonkco, umqeshwa uya kuthathwa kwi-portal yoqeqesho, apho inkqubela yakhe iya kubhalwa ngokuzenzekelayo kwaye iboniswe kwizibalo zomlawuli we-Phishman.
Umzekelo wekhosi eqaliswe ngumsebenzisi
Ukusebenza ngeepatheni zokuhlasela
Iitemplates zikuvumela ukuba uthumele ii-imeyile ezijoliswe kwimfundo ephishing ngokugxila kubunjineli basekuhlaleni.
Icandelo "Iitemplates"
Iitempleyithi zibekwe phakathi kweendidi, umzekelo:
Khangela ithebhu yeetemplates ezakhelwe ngaphakathi ezivela kwiindidi ezahlukeneyo
Kukho ulwazi malunga neetemplates esele zenziwe, kubandakanywa nolwazi malunga nokusebenza.
Umzekelo we-template ye-Twitter Newsletter
Kukwafanelekile ukukhankanya isakhono esifanelekileyo sokwenza iitemplates zakho: khuphela nje okubhaliweyo kunobumba kwaye kuya kuguqulwa ngokuzenzekelayo kwikhowudi ye-HTML.
Qaphela:
ukuba ubuyela kumxholo
Ukuseta ngokubanzi kunye noncedo
Kwicandelo elithi "Izicwangciso", iiparamitha zenkqubo ye-Phishman zitshintsha ngokuxhomekeke kwinqanaba lokufikelela kumsebenzisi wangoku (ngenxa yokulinganiselwa kwesakhiwo, abazange bafumaneke ngokupheleleyo kuthi).
Ujongano lwecandelo elithi "Useto".
Masidwelise ngokufutshane iinketho zoqwalaselo:
-
iparameters zenethiwekhi (idilesi yomncedisi weposi, izibuko, ufihlo, uqinisekiso);
-
ukhetho lwenkqubo yoqeqesho (ukudibanisa nezinye ii-LMS ziyaxhaswa);
-
ukuhlela ukungeniswa kunye neetemplates zoqeqesho;
-
uluhlu olumnyama lweedilesi ze-imeyile (ithuba elibalulekileyo lokungabandakanyi ukuthatha inxaxheba kwi-phishing mailings, umzekelo, kubaphathi beenkampani);
-
ulawulo lwabasebenzisi (ukudala, ukuhlela ii-akhawunti zofikelelo);
-
ukuhlaziya (jonga isimo kunye neshedyuli).
Abalawuli baya kufumana icandelo elithi "Uncedo" liluncedo; inokufikelela kwincwadana yomsebenzisi kunye nohlalutyo olunzulu lokusebenza kunye noPhishman, idilesi yenkonzo yenkxaso, kunye nolwazi malunga nesimo senkqubo.
Ujongano lwecandelo "Uncedo".Ulwazi lobume benkqubo
Uhlaselo noqeqesho
Emva kokuphonononga iinketho ezisisiseko kunye noseto lwenkqubo, siya kuqhuba uhlaselo loqeqesho; kuba oku siya kuvula icandelo elithi "Attacks".
Uhlaselo lwendawo yolawulo lwendawo yolawulo
Kuyo sinokuziqhelanisa neziphumo zohlaselo olusele luqalisiwe, senze ezintsha, njl. Masichaze amanyathelo okusungula iphulo.
Ukusungula uhlaselo
1) Masibize uhlaselo olutsha ngokuthi "ukuvuza kwedatha".
Masichaze ezi sethingi zilandelayo:
Kuphi:
Umthumeli β ummandla wokuposa ubonisiwe (ngokungagqibekanga kumthengisi).
Iifomu zokuPhishing β zisetyenziswa kwiitemplates ukuzama ukufumana idatha kubasebenzisi, ngelixa kuphela inyani yegalelo irekhodwa, idatha ayigcinwanga.
Ukuthumela umnxeba β ukwalathisa kwakhona kwiphepha kuboniswa emva kokuba umsebenzisi ejonge.
2) Kwinqanaba lokusabalalisa, imodi yokusabalalisa yokuhlaselwa ibonakalisiwe
Kuphi:
Uhlobo lohlaselo β ichaza ukuba uhlaselo luya kwenzeka njani yaye nini. (ukhetho lubandakanya indlela yokusasaza olungalinganiyo, njl.njl.)
Ixesha lokuqala lokuposa β ixesha lokuqala lokuthumela imiyalezo libonisiwe.
3) Kwinqanaba "leNjongo", abasebenzi baboniswa lisebe okanye ngabanye
4) Emva koko sibonisa iipateni zohlaselo esele sizichukumisile:
Ke, ukuqalisa uhlaselo besilufuna:
a) yenza ipateni yokuhlasela;
b) bonisa indlela yokuhambisa;
c) khetha iinjongo;
d) chonga ithempleyithi ye-imeyile yenkohliso.
Ukujonga iziphumo zohlaselo
Ekuqaleni sine:
Ukusuka kwicala lomsebenzisi, umyalezo omtsha we-imeyile uyabonakala:
Ukuba uyayivula:
Ukuba ulandela ikhonkco, uya kucelwa ukuba ufake iinkcukacha zakho ze-imeyile:
Kwangaxeshanye, makhe sijonge iinkcukacha-manani zohlaselo:
Kubalulekile!
Umgaqo-nkqubo we-Phishman ulandela ngokungqongqo imigangatho yokulawula kunye nokuziphatha, ngoko ke idatha efakwe ngumsebenzisi ayigcinwanga naphi na, kuphela inyaniso yokuvuza irekhodwa.
Iingxelo
Yonke into eyenziwe ngasentla kufuneka ixhaswe ngamanani ahlukeneyo kunye nolwazi ngokubanzi malunga nenqanaba lokulungela kwabasebenzi. Kukho icandelo "leNgxelo" elahlukileyo lokubeka iliso.
Ibandakanya:
-
Ingxelo yoqeqesho ebonisa ulwazi ngeziphumo zokuqukunjelwa kwekhosi kwixesha lokunika ingxelo.
-
Ingxelo yokuhlaselwa ebonisa iziphumo zokuhlaselwa kwe-phishing (inani leziganeko, ukusabalalisa ixesha, njl.).
-
Ingxelo yenkqubela yoqeqesho ebonisa inkqubela yabasebenzi bakho.
-
Ingxelo malunga nokutshintsha kobuthathaka bobuqili (ulwazi olusisishwankathelo ngeziganeko).
-
Ingxelo yohlalutyo (ukusabela kwabasebenzi kwiziganeko ngaphambi / emva).
Ukusebenza ngengxelo
1) Yenza "Ukuvelisa ingxelo".
2) Chaza isebe/abasebenzi ukuze benze ingxelo.
3) Khetha ixesha
4) Siza kubonisa iikhosi onomdla kuzo
5) Yenza ingxelo yokugqibela
Ngaloo ndlela, iingxelo zinceda ukubonisa izibalo kwifomu efanelekileyo kunye nokubeka iliso kwiziphumo ze-portal yoqeqesho, kunye nokuziphatha kwabasebenzi.
Ukuzenzekela koqeqesho
Kukwafanelekile ukukhankanya ukukwazi ukwenza imithetho ezenzekelayo eya kunceda abalawuli baqulunqe ingqiqo yePhishman.
Ukubhala iscript esizenzekelayo
Ukuqwalasela, kufuneka uye kwicandelo elithi "Imithetho". Sinikwa:
1) Cacisa igama kwaye ubeke ixesha lokujonga imeko.
2) Yenza isiganeko esisekelwe komnye wemithombo (Phishing, Training, Abasebenzisi), ukuba kukho ezininzi zazo, ngoko ungasebenzisa umqhubi onengqiqo (KUNYE / OKANYE).
Kumzekelo wethu, senze lo mgaqo ulandelayo: "Ukuba umsebenzisi ucofa ikhonkco elibi ukusuka kwelinye lohlaselo lwethu lobuqhetseba, uya kubhaliswa ngokuzenzekelayo kwikhosi yoqeqesho, ngokufanelekileyo, uya kufumana isimemo nge-imeyile, kwaye inkqubela iya kuqala. ukulandelelwa.
Ukhetho:
-> Kukho inkxaso yokudala imithetho eyahlukeneyo ngomthombo (i-DLP, i-SIEM, i-Antivirus, iinkonzo ze-HR, njl.).
Imeko: "Ukuba umsebenzisi uthumela ulwazi olubuthathaka, i-DLP irekhoda umsitho kwaye ithumele idatha ku-Phishman, apho umthetho uqalwa khona: yabela umsebenzi ngokusebenza ngolwazi oluyimfihlo."
Ngaloo ndlela, umlawuli unokunciphisa ezinye iinkqubo zesiqhelo (ukuthumela abasebenzi ukuba baqeqeshe, ukuqhuba ukuhlaselwa okucwangcisiweyo, njl.).
Endaweni yesiphelo
Namhlanje siye saqhelana nesisombululo saseRashiya sokuzenzekelayo inkqubo yokuvavanya nokuqeqesha abasebenzi. Inceda ekulungiseleleni inkampani ukuthobela uMthetho we-Federal 187, i-PCI DSS, i-ISO 27001. Iinzuzo zoqeqesho nge-Phishman ziquka:
-
Ikhosi yokwenza ngokwezifiso - ukukwazi ukutshintsha umxholo wezifundo;
-
Ukuthengisa - ukwenza iqonga ledijithali ngokwemigangatho yakho yeshishini;
-
Sebenza ngaphandle kweintanethi-ufakelo kwiseva yakho;
-
Ukuzenzekela - ukwenza imithetho (imeko) kubasebenzi;
-
Ukunika ingxelo - iinkcukacha-manani ngeziganeko ezinomdla;
-
Ukuguquguquka kwelayisensi - inkxaso evela kubasebenzisi abali-10.
Ukuba unomdla kwesi sisombululo, unokuhlala uqhagamshelana
umthombo: www.habr.com