ProHoster > Ibhulogi > Ulawulo > I-Honeypot vs Inkohliso kumzekelo we-Xello

I-Honeypot vs Inkohliso kumzekelo we-Xello

I-Honeypot vs Inkohliso kumzekelo we-Xello

Sele kukho amanqaku amaninzi kuHabré malunga ne-Honeypot kunye neTekhnoloji yokukhohlisa (Inqaku eli-1, Inqaku eli-2). Nangona kunjalo, sisajongene nokunqongophala kokuqonda umahluko phakathi kwezi klasi zezixhobo zokukhusela. Kule nto, oogxa bethu abavela Molo Inkohliso (umphuhlisi wokuqala waseRashiya Ukukhohlisa kweQonga) bagqiba ukuchaza ngokweenkcukacha umahluko, iingenelo kunye neempawu zezakhiwo zezi zisombululo.

Makhe sibone ukuba zeziphi "iimbiza zobusi" kunye "nenkohliso":

"Itekhnoloji yenkohliso" ivele kwimarike yeenkqubo zokhuseleko lolwazi kutsha nje. Nangona kunjalo, ezinye iingcali zisathatha iNkohliso yoKhuseleko njengee-honeypots eziphambili.

Kweli nqaku siza kuzama ukuqaqambisa ukufana kunye nomahluko osisiseko phakathi kwezi zisombululo zibini. Kwinxalenye yokuqala, siza kuthetha nge-honeypot, ukuba le teknoloji yaphuhliswa njani kwaye zeziphi iingenelo kunye nokungalunganga. Kwaye kwinxalenye yesibini, siya kuhlala ngokucokisekileyo kwimigaqo yokusebenza kwamaqonga ekudaleni isiseko esisasazwayo se-decoys (isiNgesi, i-Distributed Deception Platform - DDP).

Umgaqo osisiseko osisiseko se-honeypot kukwenza imigibe kubageli. Ezona zisombululo zokuqala zokukhohlisa zaphuhliswa kumgaqo ofanayo. Kodwa ii-DDPs zanamhlanje ziphezulu kakhulu kunezimbiza zobusi, zombini ekusebenzeni kunye nokusebenza kakuhle. Amaqonga enkohliso abandakanya: i-decoys, imigibe, i-lures, izicelo, idatha, i-database, i-Active Directory. Ii-DDPs zanamhlanje zinokubonelela ngezakhono ezinamandla zokubona isoyikiso, ukuhlalutya uhlaselo, kunye ne-automation yokuphendula.

Ke, ubuqhetseba bubuchule bokulinganisa isiseko se-IT yeshishini kunye nabadukisi abalahlekisayo. Ngenxa yoko, iiplatifomu ezinjalo zenza kube lula ukuyeka ukuhlaselwa ngaphambi kokubangela umonakalo omkhulu kwiimpahla zenkampani. I-Honeypots, ngokuqinisekileyo, ayinayo imisebenzi ebanzi kunye nenqanaba elinjalo lokuzenzekelayo, ngoko ke ukusetyenziswa kwabo kufuna iziqinisekiso ezingaphezulu kubasebenzi bamasebe okhuseleko lolwazi.

1. Iimbiza zobusi, iiHoneynets kunye neSandboxing: yintoni na kwaye zisetyenziswa njani

Igama elithi "iimbiza zobusi" laqala ukusetyenziswa ngo-1989 kwincwadi kaClifford Stoll ethi "The Cuckoo's Egg", echaza iziganeko zokulandela umkhondo we-hacker kwiLabhoratri yeSizwe yaseLawrence Berkeley (e-USA). Le ngcamango isetyenziswe kwi-1999 nguLance Spitzner, ingcali yokhuseleko lolwazi e-Sun Microsystems, owaseka iprojekthi yophando ye-Honeynet Project. Iimbiza zokuqala zobusi bezifuna kakhulu ubutyebi, kunzima ukuzimisa nokuzigcina.

Makhe sijonge ngakumbi ukuba yintoni na honeypots и iinethi zobusi. I-Honeypots yimikhosi yomntu ngamnye enenjongo yokutsala abahlaseli ukuba bangene kwinethiwekhi yenkampani kwaye bazame ukuntshontsha idatha ebalulekileyo, kunye nokwandisa indawo yokugubungela inethiwekhi. I-Honeypot (iguqulelwe ngokoqobo ngokuthi "ibhere yobusi") yiseva ekhethekileyo enesethi yeenkonzo zenethiwekhi ezahlukeneyo kunye neeprotocol, ezifana neHTTP, FTP, njl. (jonga umfanekiso 1).

I-Honeypot vs Inkohliso kumzekelo we-Xello

Ukuba udibanisa ezininzi honeypots kuthungelwano, ngoko ke siya kufumana inkqubo esebenzayo ngakumbi umnatha wobusi, nto leyo engumzekelo wothungelwano lwenkampani yenkampani (iseva yewebhu, iseva yefayile, kunye namanye amacandelo enethiwekhi). Esi sisombululo sikuvumela ukuba uqonde isicwangciso sabahlaseli kwaye ubalahlekise. I-honeynet eqhelekileyo, njengomthetho, isebenza ngokuhambelana nenethiwekhi yomsebenzi kwaye izimele ngokupheleleyo kuyo. "Uthungelwano" olunjalo lunokupapashwa kwi-Intanethi ngokusebenzisa itshaneli eyahlukileyo; uluhlu oluhlukeneyo lweedilesi ze-IP nazo zingabelwa kuyo (jonga umfanekiso 2).

I-Honeypot vs Inkohliso kumzekelo we-Xello

Inqaku lokusebenzisa i-honeynet kukubonisa i-hacker ukuba uye wangena kwinethiwekhi yenkampani yentlangano; Enyanisweni, umhlaseli "uhlala kwindawo esecaleni" kwaye phantsi kweliso elisondeleyo leengcali zokhuseleko lolwazi (jonga umfanekiso 3).

I-Honeypot vs Inkohliso kumzekelo we-Xello

Apha kufuneka sikhankanye isixhobo esinje “ibhokisi yesanti"(IsiNgesi, i sandbox), evumela abahlaseli ukuba bafake kwaye baqhube i-malware kwindawo esecaleni apho i-IT inokubeka iliso kwimisebenzi yabo ukuchonga ubungozi obunokubakho kwaye bathathe amanyathelo afanelekileyo. Okwangoku, i-sandboxing iqhele ukwenziwa koomatshini abazinikeleyo benyani kumamkeli wenyani. Nangona kunjalo, kufuneka kuqatshelwe ukuba i-sandboxing ibonisa kuphela indlela enobungozi kunye neenkqubo ezinobungozi eziziphatha ngayo, ngelixa i-honeynet inceda ingcali ukuba ihlalutye ukuziphatha "kwabadlali abayingozi."

Inzuzo ecacileyo ye-honeynets kukuba ilahlekise abahlaseli, ichitha amandla abo, izixhobo kunye nexesha. Ngenxa yoko, endaweni yeethagethi zangempela, bahlasela amanga kwaye banokuyeka ukuhlasela inethiwekhi ngaphandle kokuphumeza nantoni na. Ngokuqhelekileyo, itekhnoloji ye-honeynets isetyenziswa kwii-arhente zikarhulumente kunye neenkampani ezinkulu, imibutho yezemali, kuba ezi zizakhiwo ezijika zibe ziinjongo zokuhlaselwa okukhulu kwe-cyber. Nangona kunjalo, amashishini amancinci naphakathi (SMBs) nawo afuna izixhobo ezisebenzayo zokuthintela iziganeko zokhuseleko lolwazi, kodwa i-honeynets kwicandelo le-SMB ayilula kakhulu ukuyisebenzisa ngenxa yokungabikho kwabasebenzi abaqeqeshiweyo kulo msebenzi onzima.

Unyino lweziSombululo zeHoneynets kunye neHoneynets

Kutheni i-honeypots kunye ne-honeynets azizona izisombululo ezingcono kakhulu zokulwa nokuhlaselwa namhlanje? Kufuneka kuqatshelwe ukuba uhlaselo luba lukhulu kakhulu, luyinkimbinkimbi kwaye lukwazi ukwenza umonakalo omkhulu kwisiseko se-IT sombutho, kwaye i-cybercrime ifikelele kwinqanaba elihluke ngokupheleleyo kwaye imele izakhiwo zoshishino zethunzi ezicwangcisiweyo ezixhotyiswe ngazo zonke izixhobo eziyimfuneko. Kule nto kufuneka yongezwe "i-human factor" (iimpazamo kwi-software kunye ne-hardware setting, izenzo zangaphakathi, njl.), Ngoko ke ukusebenzisa iteknoloji kuphela ukukhusela ukuhlaselwa akusekho ngokwaneleyo okwangoku.

Ngezantsi sidwelisa imida ephambili kunye nokungonakali kwee-honeypots (honeynets):

  1. I-Honeypots yayiphuhliswe ekuqaleni ukuchonga izisongelo ezingaphandle kwenethiwekhi yenkampani, zijoliswe kunokuba zihlalutye ukuziphatha kwabahlaseli kwaye azenzelwanga ukuphendula ngokukhawuleza kwiisongelo.

  2. Abahlaseli, njengomthetho, sele befunde ukuqaphela iinkqubo ezifanisiweyo kwaye bagweme i-honeypots.

  3. I-honeynets (i-honeypots) inezinga eliphantsi kakhulu lokusebenzisana kunye nokusebenzisana nezinye iinkqubo zokhuseleko, ngenxa yoko, usebenzisa i-honeypots, kunzima ukufumana ulwazi oluthe kratya malunga nokuhlaselwa kunye nabahlaseli, ngoko ke ukuphendula ngokufanelekileyo nangokukhawuleza kwiziganeko zokhuseleko lolwazi. . Ngaphezu koko, iingcali zokhuseleko lolwazi zifumana inani elikhulu lezilumkiso zobuxoki.

  4. Kwezinye iimeko, abahlaseli banokusebenzisa i-honeypot edibeneyo njengesiqalo sokuqhubeka nokuhlaselwa kwabo kwinethiwekhi yombutho.

  5. Iingxaki zivame ukuvela ngokunyuka kwee-honeypots, umthwalo ophezulu wokusebenza kunye nokucwangciswa kweenkqubo ezinjalo (zifuna iingcali eziqeqeshwe kakhulu, azinalo ulawulo olufanelekileyo, njl. njl.). Kukho ubunzima obukhulu bokuhambisa iimbiza zobusi kwiindawo ezikhethekileyo ezifana ne-IoT, i-POS, iinkqubo zefu, njl.

2. Iteknoloji yokukhohlisa: izibonelelo kunye nemigaqo esisiseko yokusebenza

Emva kokuba sifunde zonke iingenelo kunye nokungonakali kwee-honeypots, sifikelela kwisigqibo sokuba indlela entsha ngokupheleleyo yokuphendula kwiziganeko zokhuseleko lolwazi iyadingeka ukuze kuphuhliswe impendulo ekhawulezayo neyaneleyo kwizenzo zabahlaseli. Kwaye isisombululo esinjalo siteknoloji Inkohliso yeCyber ​​​​(Inkohliso yoKhuseleko).

Isigama esithi "Inkohliso ye-Cyber", "Inkohliso yoKhuseleko", "iteknoloji yokukhohlisa", "i-Distributed Deception Platform" (DDP) yinto entsha kwaye ibonakala kungekudala. Ngapha koko, onke la magama athetha ukusetyenziswa "kwetekhnoloji yenkohliso" okanye "iindlela zokulinganisa iziseko ze-IT kunye ne-disinformation yabahlaseli." Izisombululo ezilula zokukhohlisa kukuphuhliswa kweengcamango ze-honeypots, kuphela kwinqanaba eliphezulu lezobuchwepheshe, elibandakanya ukuzenzekelayo okukhulu kokubona ingozi kunye nokuphendula kubo. Nangona kunjalo, sele sele kukho izisombululo ezinzulu ze-DDP-class kwimarike ekulula ukuyisebenzisa kunye nokulinganisa, kunye ne-arsenal enzulu "yemigibe" kunye "nezithintelo" kubahlaseli. Ngokomzekelo, ukukhohlisa kukuvumela ukuba ulandele izinto zeziseko ze-IT ezifana nedathabhesi, iindawo zokusebenza, ii-routers, ii-switching, ii-ATM, iiseva kunye ne-SCADA, izixhobo zonyango kunye ne-IoT.

Isebenza njani iPlatform yenkohliso eSasazwayo? Emva kokuba i-DDP isetyenziswe, iziseko ze-IT zombutho ziya kwakhiwa ngokungathi zivela kumacandelo amabini: umaleko wokuqala sisiseko sokwenyani senkampani, kwaye okwesibini yindawo "efanisiweyo" equka i-decoys kunye ne-baits. kwizixhobo zokwenyani zenethiwekhi (jonga umfanekiso 4).

I-Honeypot vs Inkohliso kumzekelo we-Xello

Ngokomzekelo, umhlaseli unokufumanisa i-database yobuxoki kunye "namaxwebhu ayimfihlo", iziqinisekiso zobuxoki zabo kuthiwa "abasebenzisi abanelungelo" - zonke ezi zikhohlisayo ezinokubakho abaphuli bomdla, ngaloo ndlela ziphambukise ingqalelo yabo kwii-asethi zolwazi lwenkampani (jonga umfanekiso 5).

I-Honeypot vs Inkohliso kumzekelo we-Xello

I-DDP yimveliso entsha kwimakethi yemveliso yokhuseleko lolwazi; ezi zisombululo zineminyaka embalwa kuphela ubudala kwaye ukuza kuthi ga ngoku kuphela licandelo leshishini elinokuzifumana. Kodwa amashishini amancinci naphakathi kungekudala aza kukwazi ukuthatha ithuba leNkohliso ngokuqesha i-DDP kubaboneleli abakhethekileyo "njengenkonzo." Olu khetho luluncedo ngakumbi, kuba akukho mfuneko yabasebenzi bakho abaqeqeshwe kakhulu.

Iinzuzo eziphambili zetekhnoloji yenkohliso ziboniswe ngezantsi:

  • Ubunyani (ubunyani). Itekhnoloji yokukhohlisa iyakwazi ukuvelisa indawo ye-IT eyinyani ngokupheleleyo yenkampani, ilinganisa ngokusemgangathweni iinkqubo zokusebenza, i-IoT, i-POS, iinkqubo ezikhethekileyo (ezonyango, ishishini, njl.), iinkonzo, izicelo, iziqinisekiso, njl. I-Decoys ixutywe ngokucophelela kunye nendawo yokusebenza, kwaye umhlaseli akayi kukwazi ukuwachonga njenge-honeypots.

  • Ukuphunyezwa. Ii-DDPs zisebenzisa umatshini wokufunda (ML) kumsebenzi wazo. Ngoncedo lwe-ML, ukulula, ukuguquguquka kwimimiselo kunye nokusebenza kakuhle kokuphunyezwa kweNkohliso kuqinisekiswa. "Imigibe" kunye "nobuqhetseba" ihlaziywa ngokukhawuleza kakhulu, itsalela umhlaseli kwisiseko se-IT "sobuxoki" senkampani, kwaye okwangoku, iinkqubo zokuhlalutya eziphambili ezisekwe kubukrelekrele bokwenziwa ziyakwazi ukubona iintshukumo ezisebenzayo zabahlaseli kwaye zibathintele (umzekelo, ukuzama ukufikelela kwi-Active Directory esekwe kwiiakhawunti zobuqhophololo).

  • Ukusebenza ngokulula. Iiplatform zanamhlanje ezisasazwayo zokukhohlisa kulula ukuzigcina nokulawula. Ngokuqhelekileyo zilawulwa nge-console yendawo okanye yefu, kunye namandla okudibanisa kunye ne-SOC yenkampani (iZiko lokuSebenza loKhuseleko) nge-API kunye nolawulo oluninzi olukhoyo. Ukugcinwa kunye nokusebenza kwe-DDP ayifuni iinkonzo zeengcali zokhuseleko lolwazi oluqeqeshwe kakhulu.

  • Ukubaleka. Ubuqhetseba bokhuseleko bunokuthunyelwa kwiindawo eziphathekayo, ezibonakalayo kunye nefu. Ii-DDPs zikwasebenza ngempumelelo kunye neendawo ezikhethekileyo ezifana ne-IoT, ICS, POS, SWIFT, njl. Iiplatifti zoBuqhetseba obuPhezulu zinokuthi zifake "iiteknoloji zokukhohlisa" kwiiofisi ezikude kunye neendawo ezizimeleyo, ngaphandle kwesidingo sokusasazwa kweqonga elipheleleyo.

  • Ukusebenzisana. Ukusebenzisa i-decoys enamandla kwaye ekhangayo esekelwe kwiinkqubo zokusebenza zangempela kunye nokubekwa ngobuchule phakathi kweziseko ze-IT zangempela, iqonga lokukhohlisa liqokelela ulwazi olubanzi malunga nomhlaseli. I-DDP ke iqinisekisa ukuba izilumkiso ezisongelayo zihanjiswa, iingxelo zenziwe, kwaye iziganeko zokhuseleko lolwazi ziphendulwa ngokuzenzekelayo.

  • Indawo yokuqala yokuhlaselwa. KwiNkohliso yanamhlanje, imigibe kunye ne-baits ibekwe ngaphakathi koluhlu lwenethiwekhi, kunokuba ngaphandle kwayo (njengokuba kunjalo nge-honeypots). Le modeli yokuthunyelwa kwe-decoy ithintela umhlaseli ukuba angawasebenzisi njengendawo yokunyusa ukuhlasela isiseko se-IT sangempela senkampani. Izisombululo ezihambele phambili ngakumbi zodidi lwenkohliso zinobuchule bokuhamba ngendlela yetrafikhi, ukuze ukwazi ukwalathisa zonke iitrafikhi zomhlaseli ngoqhagamshelo oluzinikele ngokukodwa. Oku kuya kukuvumela ukuba uhlalutye umsebenzi wabahlaseli ngaphandle kokubeka umngcipheko kwiimpahla zenkampani ezibalulekileyo.

  • Ukucenga "kweteknoloji yokukhohlisa". Kwinqanaba lokuqala lokuhlaselwa, abahlaseli baqokelela kwaye bahlalutye idatha malunga nesiseko se-IT, emva koko uyisebenzise ukuhamba ngokuthe tye kwinethiwekhi yenkampani. Ngoncedo "lweteknoloji yokukhohlisa," umhlaseli ngokuqinisekileyo uya kuwela "kwimigibe" eya kumkhokelela kude nempahla yokwenene yombutho. I-DDP iya kuhlalutya iindlela ezinokubakho zokufikelela kwiziqinisekiso kwinethiwekhi yenkampani kunye nokubonelela umhlaseli "kwiithagethi ze-decoy" endaweni yeziqinisekiso zangempela. Ezi zakhono zazinqongophele kakhulu kwiitekhnoloji ze-honeypot. (Jonga umzobo 6).

I-Honeypot vs Inkohliso kumzekelo we-Xello

Inkohliso VS Honeypot

Kwaye ekugqibeleni, siza kowona mzuzu unomdla wophando lwethu. Siza kuzama ukugqamisa umahluko ophambili phakathi koBuqhetseba kunye neTekhnoloji ye-Honeypot. Ngaphandle kokufana okuthile, ezi teknoloji zimbini zisahluke kakhulu, ukusuka kwingcamango esisiseko ukuya ekusebenzeni kakuhle.

  1. Iingcamango ezisisiseko ezahlukeneyo. Njengoko sibhale ngasentla, ii-honeypots zifakwe njenge "decoys" malunga nempahla yenkampani ebalulekileyo (ngaphandle kwenethiwekhi yenkampani), ngaloo ndlela izama ukuphazamisa abahlaseli. Itekhnoloji ye-Honeypot isekelwe ekuqondeni iziseko zombutho, kodwa i-honeypot ingaba yindawo yokuqala yokuhlaselwa kwinethiwekhi yenkampani. Itekhnoloji yokukhohlisa iphuhliswa ngokuthathela ingqalelo imbono yomhlaseli kwaye ikuvumela ukuba uchonge ukuhlaselwa kwasekuqaleni, ngoko ke, iingcali zokhuseleko lolwazi zifumana inzuzo enkulu kubahlaseli kwaye zifumane ixesha.

  2. "Umtsalane" VS "Ukudideka". Xa usebenzisa i-honeypots, impumelelo ixhomekeke ekutsaleni ingqalelo yabahlaseli kwaye ibakhuthaze ngakumbi ukuba baye kwindawo ekujoliswe kuyo kwi-honeypot. Oku kuthetha ukuba umhlaseli kusafuneka afikelele kwimbiza yobusi phambi kokuba umnqande. Ngaloo ndlela, ubukho babahlaseli kwinethiwekhi bunokuhlala iinyanga eziliqela okanye ngaphezulu, kwaye oku kuya kubangela ukuvuza kwedatha kunye nomonakalo. Ii-DDPs zixelisa ngokufanelekileyo isiseko se-IT yenkampani; injongo yokuphunyezwa kwazo ayikona nje ukutsala ingqalelo yomhlaseli, kodwa ukumbhidanisa ukuze achithe ixesha kunye nezixhobo, kodwa akafumani ukufikelela kwii-asethi zokwenyani. inkampani.

  3. "I-scalability elinganiselweyo" VS "i-automatic scalability". Njengoko kuphawuliwe ngaphambili, iimbiza zobusi kunye ne-honeynets zinemiba yokukala. Oku kunzima kwaye kuyabiza, kwaye ukuze ukwandise inani lee-honeypots kwinkqubo yenkampani, kuya kufuneka udibanise iikhomputha ezintsha, i-OS, uthenge iilayisensi, kwaye unike i-IP. Ngaphezu koko, kukwayimfuneko ukuba kubekho abasebenzi abafanelekileyo bokulawula ezo nkqubo. Amaqonga enkohliso asebenzisa ngokuzenzekelayo njengezikali zakho zeziseko zophuhliso, ngaphandle kokungaphezulu okubalulekileyo.

  4. "Inani elikhulu lezinto ezingeyonyani" VS "akukho ziphumo zobuxoki". Undoqo wengxaki kukuba nokuba umsebenzisi olula unokuhlangabezana ne-honeypot, ngoko "i-downside" yale teknoloji inamba enkulu yobuxoki, ephazamisa iingcali zokhuseleko lolwazi emsebenzini wabo. "Izibambiso" kunye "nemigibe" kwi-DDP zifihlwe ngokucophelela kumsebenzisi oqhelekileyo kwaye zenzelwe kuphela umhlaseli, ngoko ke yonke imiqondiso evela kwinkqubo enjalo ikwazisa ngesongelo langempela, kwaye kungekhona into ephosakeleyo.

isiphelo

Ngokombono wethu, itekhnoloji yokukhohlisa luphuculo olukhulu ngaphezu kwetekhnoloji endala ye-Honeypots. Ngokwenene, i-DDP ibe liqonga lokhuseleko olubanzi ekulula ukulisebenzisa nokulawula.

Iiplatifti zanamhlanje zale klasi zidlala indima ebalulekileyo ekufumaneni ngokuchanekileyo kunye nokuphendula ngokufanelekileyo kwiisongelo zenethiwekhi, kunye nokudibanisa kwazo kunye namanye amacandelo e-stack yokhuseleko kwandisa izinga lokuzenzekelayo, kwandisa ukusebenza kakuhle kunye nokusebenza kwempendulo yesiganeko. Iiplatifti zokukhohlisa zisekelwe kwinyani, ukulinganisa, ukukhululeka kolawulo kunye nokudibanisa nezinye iinkqubo. Konke oku kunika inzuzo ebalulekileyo kwisantya sokuphendula kwiziganeko zokhuseleko lolwazi.

Kwakhona, ngokusekwe kuqwalaselo lwepentest yeenkampani apho iqonga leXello Deception laphunyezwa okanye liqhutywa, sinokufikelela kwizigqibo zokuba kwanabapentesta abanamava kaninzi abanako ukuqaphela isithiyelo kuthungelwano loshishino kwaye basilele xa bewela kwiseti yemigibe. Le nyaniso iphinda iqinisekise ukusebenza kweNkohliso kunye nethemba elikhulu elivula le teknoloji kwixesha elizayo.

Uvavanyo lwemveliso

Ukuba unomdla kwiqonga lokukhohlisa, ngoko sikulungele qhuba uvavanyo oludibeneyo.

Hlala ubukele uhlaziyo kumajelo ethu (yocingoFacebookVKTS Solution Blog)!

umthombo: www.habr.com

Yongeza izimvo