ProHoster > Ibhulogi > Ulawulo > 2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Siyaqhubeka ukukwazisa kwihlabathi elilwa nokukhwabanisa, lifunda iziseko zobunjineli bezentlalo kwaye alilibali ukuqeqesha abasebenzi bayo. Namhlanje undwendwe lwethu yimveliso yePhishman. Lo ngomnye wamaqabane e-TS Solution, ukubonelela ngenkqubo ezenzekelayo yokuvavanya nokuqeqesha abasebenzi. Ngokufutshane malunga nombono wayo:

  • Ukuchonga iimfuno zoqeqesho zabasebenzi abathile.

  • Iikhosi ezisebenzayo nezethiyori kubasebenzi ngokusebenzisa i-portal yoqeqesho.

  • I-Flexible automation inkqubo yokusebenza kwenkqubo.

Intshayelelo yeMveliso

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Inkampani Phishman Ukususela ngo-2016, uye waphuhlisa isofthiwe ehambelana novavanyo kunye nenkqubo yoqeqesho kubasebenzi beenkampani ezinkulu kwi-cybersecurity. Phakathi kwabathengi kukho abameli abahlukeneyo bamashishini: imali, i-inshurensi, ukurhweba, izinto ezibonakalayo kunye nama-giants giants - ukusuka kwi-M.Video ukuya eRosatom.

Izisombululo ezicetyisiweyo

UPhishman usebenzisana neenkampani ezahlukeneyo (ukusuka kumashishini amancinci ukuya kumaqumrhu amakhulu), ekuqaleni kwanele ukuba nabasebenzi abali-10. Masithathele ingqalelo umgaqo-nkqubo wamaxabiso kunye nelayisensi:

  1. Kumashishini amancinci:

    A) Phishman Lite - inguqulo yemveliso ukusuka kwi-10 ukuya kubasebenzi be-249 kunye nexabiso lokuqala lelayisenisi ukusuka kwi-ruble ye-875. Iqulethe iimodyuli eziphambili: ukuqokelela ulwazi (uvavanyo lokuthunyelwa kwee-imeyile ze-phishing), uqeqesho (izifundo ezi-3 ezisisiseko malunga nokhuseleko lolwazi), ukuzenzekelayo (ukuseta imodi yokuvavanya ngokubanzi).

    B) Phishman Standard - inguqulo yemveliso ukusuka kwi-10 ukuya kubasebenzi be-999 kunye nexabiso lokuqala lelayisenisi ukusuka kwi-ruble ye-1120. Ngokungafaniyo nenguqulo ye-Lite, inamandla okunxibelelana neseva yakho ye-AD; imodyuli yoqeqesho inezifundo ezi-5.

  2. Kumashishini amakhulu:

    A) Phishman Enterprise - kwesi sisombululo inani labasebenzi alikhawulelwanga; ibonelela ngenkqubo ebanzi yokwazisa abasebenzi kwicandelo lokhuseleko lolwazi kwiinkampani zabo nabuphi na ubukhulu obunamandla okulungelelanisa iikhosi kwiimfuno zomthengi kunye neshishini. Ungqamaniso kunye ne-AD, SIEM, iinkqubo ze-DLP ziyafumaneka ukuqokelela ulwazi malunga nabasebenzi kunye nokuchonga abasebenzisi abafuna uqeqesho. Kukho inkxaso yokudibanisa kunye nenkqubo ekhoyo yokufunda umgama (i-DLS), ukubhaliswa ngokwawo kuqulethe iikhosi ezi-7 ezisisiseko ze-IS, ezi-4 eziphambili kunye ne-3 yemidlalo. Inketho enomdla yokuhlaselwa koqeqesho usebenzisa i-USB drives (i-flash cards) nayo iyaxhaswa.

    B) Phishman Enterprise+ - inguqulelo ehlaziyiweyo ibandakanya zonke iinketho ze-Enterpise, kuyenzeka ukuba uphuhlise iziqhagamshelo zakho kunye neengxelo (ngoncedo lweenjineli zePhishman).

    Ngaloo ndlela, imveliso inokuguqulwa ngokuguquguqukayo ukuze ihambelane nemisebenzi yeshishini elithile kwaye ihlanganiswe kwiinkqubo zoqeqesho zokhuseleko lolwazi olukhoyo.

Ukwazi inkqubo

Ukubhala eli nqaku, sisebenzise uyilo olunezi mpawu zilandelayo:

  1. Umncedisi we-Ubuntu ukusuka kwinguqulo 16.04.

  2. I-4 GB RAM, i-50 GB hard drive space, iprosesa ene-clock frequency ye-1 GHz okanye ngaphezulu.

  3. Iseva yeWindows ene-DNS, AD, iindima ze-MAIL.

Ngokuqhelekileyo, isethi isemgangathweni kwaye ayifuni izibonelelo ezininzi, ngokukodwa ngokuqwalasela ukuba, njengomthetho, sele unomncedisi we-AD. Emva kokuthunyelwa, i-container ye-Docker iya kufakwa, eya kumisela ngokuzenzekelayo ukufikelela kulawulo nokufunda portal.

Ngezantsi kwe-spoiler kukho umzobo wenethiwekhi eqhelekileyo kunye noFishman

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanIdayagram yenethiwekhi eqhelekileyo

Okulandelayo, siya kuqhelana nojongano lwenkqubo, amandla olawulo kwaye, ngokuqinisekileyo, imisebenzi.

Ngena kwi-portal yolawulo

I-portal yolawulo ye-Phishman isetyenziselwa ukulawula uluhlu lwamasebe enkampani kunye nabasebenzi. Iqalisa ukuhlaselwa ngokuthumela ii-imeyile ze-phishing (njengenxalenye yoqeqesho), kwaye iziphumo zihlanganiswe kwiingxelo. Ungafikelela kuyo usebenzisa idilesi ye-IP okanye igama lesizinda olichazayo xa uhambisa inkqubo.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUgunyaziso kwi-portal ye-Phishman

Kwiphepha eliphambili uya kuba nokufikelela kwiiwijethi ezifanelekileyo kunye namanani kubasebenzi bakho:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanIphepha lasekhaya le-Phishman portal

Ukongeza abasebenzi kwintsebenziswano

Ukusuka kwimenyu ephambili ungaya kwicandelo "Abasebenzi", apho kukho uludwe lwabo bonke abasebenzi benkampani abacazululwe lisebe (ngesandla okanye ngeAD). Iqulethe izixhobo zokulawula idatha yabo; kunokwenzeka ukwakha isakhiwo ngokuhambelana nabasebenzi.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanIphaneli yoLawulo yoMsebenzisi2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanIkhadi lokudala abasebenzi

Ukhetho: Ukudityaniswa kunye ne-AD kuyafumaneka, okukuvumela ukuba wenze ngokuzenzekelayo inkqubo yokuqeqesha abasebenzi abatsha kunye nokugcina izibalo jikelele.

Ukuqaliswa koqeqesho lwabasebenzi

Nje ukuba wongeze ulwazi malunga nabasebenzi benkampani, unethuba lokubathumela kwiikhosi zoqeqesho. Xa kunokuba luncedo:

  • umsebenzi omtsha;

  • uqeqesho olucwangcisiweyo;

  • ikhosi engxamisekileyo (kukho ifidi yolwazi, kufuneka ulumkise).

Ukurekhoda kuyafumaneka kumsebenzi ngamnye kunye nesebe lonke.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUkusekwa kwekhosi yoqeqesho

Ziphi iinketho:

  • yenza iqela lokufunda (dibanisa abasebenzisi);

  • ukhetho lwekhosi yoqeqesho (ubungakanani buxhomekeke kwilayisensi);

  • ukufikelela (okusisigxina okanye okwethutyana kunye nemihla ebonisiweyo).

Kubalulekile!

Xa ubhalisa okokuqala kwiikhosi, umqeshwa uya kufumana i-imeyile ngolwazi lokungena kwi-Portal Training. Ujongano lwesimemo luyitemplate, ekhoyo ukuze lulungiswe ngokokubona koMthengi.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanIsample ileta yokumema ukufunda

Ukuba ulandela ikhonkco, umqeshwa uya kuthathwa kwi-portal yoqeqesho, apho inkqubela yakhe iya kubhalwa ngokuzenzekelayo kwaye iboniswe kwizibalo zomlawuli we-Phishman.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUmzekelo wekhosi eqaliswe ngumsebenzisi

Ukusebenza ngeepatheni zokuhlasela

Iitemplates zikuvumela ukuba uthumele ii-imeyile ezijoliswe kwimfundo ephishing ngokugxila kubunjineli basekuhlaleni.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanIcandelo "Iitemplates"

Iitempleyithi zibekwe phakathi kweendidi, umzekelo:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanKhangela ithebhu yeetemplates ezakhelwe ngaphakathi ezivela kwiindidi ezahlukeneyo

Kukho ulwazi malunga neetemplates esele zenziwe, kubandakanywa nolwazi malunga nokusebenza.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUmzekelo we-template ye-Twitter Newsletter

Kukwafanelekile ukukhankanya isakhono esifanelekileyo sokwenza iitemplates zakho: khuphela nje okubhaliweyo kunobumba kwaye kuya kuguqulwa ngokuzenzekelayo kwikhowudi ye-HTML.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Qaphela:

ukuba ubuyela kumxholo 1 amanqaku, emva koko kwafuneka sikhethe ngesandla itemplate ukulungiselela uhlaselo lwe phishing. Isisombululo sePhishman Enterprise sinenani elikhulu leetemplates ezidibeneyo, kwaye kukho inkxaso yezixhobo ezifanelekileyo zokudala eyakho. Ukongeza, umthengisi uxhasa abathengi ngenkuthalo kwaye unokunceda ekongezeni iitemplate ezizodwa, esikholelwa ukuba zisebenza ngakumbi.  

Ukuseta ngokubanzi kunye noncedo

Kwicandelo elithi "Izicwangciso", iiparamitha zenkqubo ye-Phishman zitshintsha ngokuxhomekeke kwinqanaba lokufikelela kumsebenzisi wangoku (ngenxa yokulinganiselwa kwesakhiwo, abazange bafumaneke ngokupheleleyo kuthi).

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUjongano lwecandelo elithi "Useto".

Masidwelise ngokufutshane iinketho zoqwalaselo:

  • iparameters zenethiwekhi (idilesi yomncedisi weposi, izibuko, ufihlo, uqinisekiso);

  • ukhetho lwenkqubo yoqeqesho (ukudibanisa nezinye ii-LMS ziyaxhaswa);

  • ukuhlela ukungeniswa kunye neetemplates zoqeqesho;

  • uluhlu olumnyama lweedilesi ze-imeyile (ithuba elibalulekileyo lokungabandakanyi ukuthatha inxaxheba kwi-phishing mailings, umzekelo, kubaphathi beenkampani);

  • ulawulo lwabasebenzisi (ukudala, ukuhlela ii-akhawunti zofikelelo);

  • ukuhlaziya (jonga isimo kunye neshedyuli).

Abalawuli baya kufumana icandelo elithi "Uncedo" liluncedo; inokufikelela kwincwadana yomsebenzisi kunye nohlalutyo olunzulu lokusebenza kunye noPhishman, idilesi yenkonzo yenkxaso, kunye nolwazi malunga nesimo senkqubo.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUjongano lwecandelo "Uncedo".2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUlwazi lobume benkqubo

Uhlaselo noqeqesho

Emva kokuphonononga iinketho ezisisiseko kunye noseto lwenkqubo, siya kuqhuba uhlaselo loqeqesho; kuba oku siya kuvula icandelo elithi "Attacks".

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. PhishmanUhlaselo lwendawo yolawulo lwendawo yolawulo

Kuyo sinokuziqhelanisa neziphumo zohlaselo olusele luqalisiwe, senze ezintsha, njl. Masichaze amanyathelo okusungula iphulo.

Ukusungula uhlaselo

1) Masibize uhlaselo olutsha ngokuthi "ukuvuza kwedatha".

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Masichaze ezi sethingi zilandelayo:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Kuphi:

Umthumeli β†’ ummandla wokuposa ubonisiwe (ngokungagqibekanga kumthengisi).

Iifomu zokuPhishing β†’ zisetyenziswa kwiitemplates ukuzama ukufumana idatha kubasebenzisi, ngelixa kuphela inyani yegalelo irekhodwa, idatha ayigcinwanga.

Ukuthumela umnxeba β†’ ukwalathisa kwakhona kwiphepha kuboniswa emva kokuba umsebenzisi ejonge.

2) Kwinqanaba lokusabalalisa, imodi yokusabalalisa yokuhlaselwa ibonakalisiwe

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Kuphi:

Uhlobo lohlaselo β†’ ichaza ukuba uhlaselo luya kwenzeka njani yaye nini. (ukhetho lubandakanya indlela yokusasaza olungalinganiyo, njl.njl.)

Ixesha lokuqala lokuposa β†’ ixesha lokuqala lokuthumela imiyalezo libonisiwe.

3) Kwinqanaba "leNjongo", abasebenzi baboniswa lisebe okanye ngabanye

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

4) Emva koko sibonisa iipateni zohlaselo esele sizichukumisile:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Ke, ukuqalisa uhlaselo besilufuna:

a) yenza ipateni yokuhlasela;

b) bonisa indlela yokuhambisa;

c) khetha iinjongo;

d) chonga ithempleyithi ye-imeyile yenkohliso.

Ukujonga iziphumo zohlaselo

Ekuqaleni sine:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Ukusuka kwicala lomsebenzisi, umyalezo omtsha we-imeyile uyabonakala:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Ukuba uyayivula:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Ukuba ulandela ikhonkco, uya kucelwa ukuba ufake iinkcukacha zakho ze-imeyile:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Kwangaxeshanye, makhe sijonge iinkcukacha-manani zohlaselo:

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Kubalulekile!

Umgaqo-nkqubo we-Phishman ulandela ngokungqongqo imigangatho yokulawula kunye nokuziphatha, ngoko ke idatha efakwe ngumsebenzisi ayigcinwanga naphi na, kuphela inyaniso yokuvuza irekhodwa.

Iingxelo

Yonke into eyenziwe ngasentla kufuneka ixhaswe ngamanani ahlukeneyo kunye nolwazi ngokubanzi malunga nenqanaba lokulungela kwabasebenzi. Kukho icandelo "leNgxelo" elahlukileyo lokubeka iliso.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Ibandakanya:

  • Ingxelo yoqeqesho ebonisa ulwazi ngeziphumo zokuqukunjelwa kwekhosi kwixesha lokunika ingxelo.

  • Ingxelo yokuhlaselwa ebonisa iziphumo zokuhlaselwa kwe-phishing (inani leziganeko, ukusabalalisa ixesha, njl.).

  • Ingxelo yenkqubela yoqeqesho ebonisa inkqubela yabasebenzi bakho.

  • Ingxelo malunga nokutshintsha kobuthathaka bobuqili (ulwazi olusisishwankathelo ngeziganeko).

  • Ingxelo yohlalutyo (ukusabela kwabasebenzi kwiziganeko ngaphambi / emva).

Ukusebenza ngengxelo

1) Yenza "Ukuvelisa ingxelo".

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

2) Chaza isebe/abasebenzi ukuze benze ingxelo.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

3) Khetha ixesha

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

4) Siza kubonisa iikhosi onomdla kuzo

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

5) Yenza ingxelo yokugqibela

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Ngaloo ndlela, iingxelo zinceda ukubonisa izibalo kwifomu efanelekileyo kunye nokubeka iliso kwiziphumo ze-portal yoqeqesho, kunye nokuziphatha kwabasebenzi.

Ukuzenzekela koqeqesho

Kukwafanelekile ukukhankanya ukukwazi ukwenza imithetho ezenzekelayo eya kunceda abalawuli baqulunqe ingqiqo yePhishman.

Ukubhala iscript esizenzekelayo

Ukuqwalasela, kufuneka uye kwicandelo elithi "Imithetho". Sinikwa:

1) Cacisa igama kwaye ubeke ixesha lokujonga imeko.

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

2) Yenza isiganeko esisekelwe komnye wemithombo (Phishing, Training, Abasebenzisi), ukuba kukho ezininzi zazo, ngoko ungasebenzisa umqhubi onengqiqo (KUNYE / OKANYE). 

2. Ukuqeqeshwa kwabasebenzisi kwiziseko zokhuseleko lolwazi. Phishman

Kumzekelo wethu, senze lo mgaqo ulandelayo: "Ukuba umsebenzisi ucofa ikhonkco elibi ukusuka kwelinye lohlaselo lwethu lobuqhetseba, uya kubhaliswa ngokuzenzekelayo kwikhosi yoqeqesho, ngokufanelekileyo, uya kufumana isimemo nge-imeyile, kwaye inkqubela iya kuqala. ukulandelelwa.

Ukhetho:

-> Kukho inkxaso yokudala imithetho eyahlukeneyo ngomthombo (i-DLP, i-SIEM, i-Antivirus, iinkonzo ze-HR, njl.). 

Imeko: "Ukuba umsebenzisi uthumela ulwazi olubuthathaka, i-DLP irekhoda umsitho kwaye ithumele idatha ku-Phishman, apho umthetho uqalwa khona: yabela umsebenzi ngokusebenza ngolwazi oluyimfihlo."

Ngaloo ndlela, umlawuli unokunciphisa ezinye iinkqubo zesiqhelo (ukuthumela abasebenzi ukuba baqeqeshe, ukuqhuba ukuhlaselwa okucwangcisiweyo, njl.).

Endaweni yesiphelo

Namhlanje siye saqhelana nesisombululo saseRashiya sokuzenzekelayo inkqubo yokuvavanya nokuqeqesha abasebenzi. Inceda ekulungiseleleni inkampani ukuthobela uMthetho we-Federal 187, i-PCI DSS, i-ISO 27001. Iinzuzo zoqeqesho nge-Phishman ziquka:

  • Ikhosi yokwenza ngokwezifiso - ukukwazi ukutshintsha umxholo wezifundo;

  • Ukuthengisa - ukwenza iqonga ledijithali ngokwemigangatho yakho yeshishini;

  • Sebenza ngaphandle kweintanethi-ufakelo kwiseva yakho;

  • Ukuzenzekela - ukwenza imithetho (imeko) kubasebenzi;

  • Ukunika ingxelo - iinkcukacha-manani ngeziganeko ezinomdla;

  • Ukuguquguquka kwelayisensi - inkxaso evela kubasebenzisi abali-10. 

Ukuba unomdla kwesi sisombululo, unokuhlala uqhagamshelana thina, siya kunceda ekuququzeleleni umqhubi kunye nokucebisa kunye nabameli bePhishman. Kuphelele apho namhlanje, zifundele kwaye uqeqeshe abasebenzi bakho, sibonane kwixesha elizayo!

umthombo: www.habr.com

Yongeza izimvo