Kwaye kwakhona malunga nokukhusela iziseko ezingundoqo

Kule posi, siya kuzama ukukhokela abafundi bethu kwiingcamango ezingalunganga malunga nokhuseleko lweeseva ezibonakalayo kwaye usixelele indlela yokukhusela ngokufanelekileyo amafu abo aqeshiweyo ekupheleni kuka-2019. Eli nqaku lijoliswe ikakhulu kubathengi bethu abatsha nabanokubakho, ngakumbi abo basandula kuthenga okanye abafuna ukuthenga iiseva zenyani RUVDS, kodwa abakayazi kakhulu imiba ye-cybersecurity kunye nokusebenza kweVPS. Siyathemba ukuba abasebenzisi abanolwazi baya kuyifumana iluncedo.

Iindlela ezine ezingalunganga kuKhuseleko lwamafu

Kukho izimvo, zixhaphake kakhulu phakathi kwabanini bamashishini kunye nabaphathi (siyaziqaqambisa ngokungqindilili), oko Ukuqinisekisa ukhuseleko lwe-cybersecurity lweenkonzo zelifu mhlawumbi yinto ephambili engeyomfuneko, ekubeni amafu ekhuselekile (1), okanye lo ngumsebenzi womboneleli welifu: Ndihlawule iVPS - oku kuthetha ukuba yonke into kufuneka iqulunqwe, ikhuseleke kwaye isebenze ngaphandle kweengxaki (2). Kukwakho noluvo lwesithathu, oluqhelekileyo kuzo zombini iingcali zokhuseleko lolwazi kunye nosomashishini: amafu ayingozi! Akukho zixhobo zokhuseleko ezaziwayo ezinokubonelela ngokhuseleko olululo lwemeko-bume yenyani (3) - iinkokeli zoshishino ngale ndlela zishiya iteknoloji yefu ngenxa yokungathembeki okanye ukungaqondi kakuhle umahluko phakathi kwezixhobo zokhuseleko zendabuko kunye nezikhethekileyo (ngaphezulu kuzo ngezantsi). Udidi lwesine lwabemi lukholelwa ukuba ewe, kuya kufuneka ukhusele isiseko sakho selifu, kuba kukho ii-antivirus ezisemgangathweni (4).

Zonke ezi ndlela zine azichanekanga - zinokuzisa ilahleko (ngaphandle kwendlela yokungasebenzisi iiseva ezibonakalayo konke konke, kodwa nalapha akufanele utyeshele i-postulate yeshishini "inzuzo elahlekileyo nayo yilahleko"). Ukubonisa izibalo ukuya kwinqanaba elithile, nantsi isicatshulwa esivela kwingxelo ye-Kaspersky Lab ingcali yenkxaso yokuthengisa yenkampani uVladimir Ostroverkhov, esithe ipapashiwe ehlobo lika-2017. Ngelo xesha, uKaspersky wenza uphando phakathi kweenkampani ezingamawaka amahlanu ezivela kumazwe angama-25 - ezi ziinkampani ezinkulu ezinobuncinci kunye nesiqingatha sabasebenzi. I-75% yabo isebenzisa i-virtualization kodwa ayityali imali kukhuseleko. Ingxaki ayikaphulukananga nokubaluleka kwayo namhlanje:

Malunga nesiqingatha seenkampani [ezinkulu] azisebenzisi naluphi na ukhuselo koomatshini ababonakalayo, kwaye esinye isiqingatha sikholelwa ukuba naluphi na uhlobo lokuthintela iintsholongwane luya kwanela. Zonke ezi nkampani [nganye] zichitha ngokomyinge phantse izigidi zeerandi [ngonyaka] ukubuyisela emva kweziganeko: kuphando, ukubuyiselwa kwenkqubo, ukuhlawulwa kweendleko, ukuhlawulwa kwelahleko evela kwi-hack enye ... Ziya kuba yintoni iindleko zabo ukuba bazithobe ngokwabo? Ilahleko ngokuthe ngqo yokubuyisela, ukutshintshwa kwezixhobo, isofthiwe ... Ilahleko engathanga ngqo - idumela ... Ilahleko yembuyekezo kubaxhasi babo, kubandakanywa nodumo ... Kwaye nophando lweziganeko, ukutshintshwa kwenxalenye yeziseko zophuhliso, ngenxa yokuba sele idibanise ngokwayo, ezi ziingxoxo noorhulumente, oku kuthethathethwano neenkampani zeinshorensi, iingxoxo nabathengi ekufuneka bahlawule imbuyekezo.”

Kutheni ezi ndlela zingasebenzi

Indlela yoku-1: Amafu akhuselekile, akufuneki akhuselwe. Malunga namawaka angama-240 amaqhekeza e-malware avela imihla ngemihla ahlala ngokugqibeleleyo ngaphakathi kwamafu: ukusuka kwikhowudi elula ebhalwe ngumntwana wesikolo kwaye ifakwe kwi-Intanethi (oko kuthetha ukuba inokonakalisa idatha) ukuya kuhlaselo oluntsonkothileyo olujoliswe ngqo oluphuhliswe ngokukodwa kwimibutho ethile, iimeko kunye neemeko. zilungile kakhulu ekwaphuleni nasekubileni idatha, kodwa "zifihla" ngokwabo. Iziseko ezingundoqo ze-Virtual nazo zinomdla kubageki: kulula kakhulu ukugqekeza kunye nokufumana ukufikelela kubo bonke oomatshini bakho kunye nedatha ngexesha elinye, kunokuzama ukuqhekeza iseva nganye yomzimba ngokwahlukeneyo. Ngaphezu koko, kufanelekile ukuthathela ingqalelo ukuba ngaphakathi kweziseko ezingundoqo, ikhowudi ekhohlakeleyo isasazeka ngesantya esikhulu- amashumi amawaka oomatshini anokosuleleka ngemizuzu elishumi, elilingana nobhubhane (jonga oku kukhankanyiwe ngasentla). ingxelo). Iinkqubo ezinobungozi kunye nemisebenzi ye-ransomware enegalelo kwiakhawunti yokuvuza kwedatha yenkampani malunga ne-27% yenani lilonke leengozi zelifu. Obona buthathaka kwilifu: ujongano olungakhuselekanga kunye nokufikelela okungagunyaziswanga - malunga ne-80% iyonke (ngokophando Ingxelo yoKhuseleko lwamafu ngo-2019 ngenkxaso evela kwiCheck Point Software Technologies Ltd. ngumboneleli okhokelayo wezisombululo zokhuseleko lwe-cyber koorhulumente kunye namashishini kwihlabathi liphela. 

Ingxelo yoKhuseleko lwamafu ngo-2019

Indlela ye-2: Ukukhusela isiseko sefu luxanduva lomboneleli weVPS. Oku kuyinyani, kuba umboneleli womncedisi we-virtual ukhathalele ukuzinza kweenkqubo zayo kunye nenqanaba eliphezulu ngokwaneleyo lokukhusela amacandelo aphambili elifu: iiseva, izixhobo zokugcina, uthungelwano, ukubonwa (okulawulwa yisivumelwano somgangatho wenkonzo, i-SLA) . Kodwa akanyanzelekanga ukuba akhathazeke ngokuthintela izoyikiso zangaphakathi nangaphandle ezinokuvela kwisiseko selifu somthengi. Masizivumele isifaniso samazinyo apha. Emva kokuba uhlawule nemali eninzi yokufakelwa kakuhle, umxhasi wekliniki yamazinyo uyaqonda ukuba ukusebenza ngokuchanekileyo kweprosthesis kuxhomekeke kakhulu kuye (umxhasi). Ugqirha wamazinyo, inxalenye yakhe, wenza yonke into efunekayo ngokwemiqathango yokhuseleko: wakhetha izinto ezisemgangathweni ophezulu, ngokuthembekileyo "unamathele" ukufakelwa, akazange aphazamise ukuluma, waphilisa iintsini emva kokuhlinzwa, njl. Kwaye ukuba umsebenzisi ayilandeli imigaqo yococeko kwixesha elizayo, kuya kuba, umzekelo,, vula iibhotile zentsimbi ezivulekileyo ngamazinyo akho kwaye wenze ezinye izenzo ezifanayo ezingakhuselekanga, akuyi kuba nzima ukuqinisekisa ukusebenza kakuhle kwezinyo elitsha. Ibali elifanayo lisebenza ekuqinisekiseni i-100% yokhuseleko lwamafu kwi-VPS eqeshwe kumnikezeli. "Ngaphandle kolawulo" lomnikezeli wenkonzo yefu, ukukhusela idatha yomxhasi kunye nezicelo kuyimfanelo yakhe yobuqu.

Indlela yesi-3: Akukho zixhobo zokhuseleko ezinokubonelela ngokhuseleko olwaneleyo lwendalo engqongileyo. Hayi akunjalo. Kukho izisombululo ezikhethekileyo zokhuseleko lwamafu, esiza kuxubusha kwinxalenye yokugqibela yenqaku.

Indlela yesi-4: Ukusebenzisa i-antivirus eqhelekileyo (ukhuseleko lwemveli). Kubalulekile ukwazi apha ukuba izixhobo zokhuseleko zemveli ezisetyenziswa ngumntu wonke kwiikhompyuter zengingqi aziyilwanga nje ukusasazwa kweemeko ezingqongileyo (aziboni "unxibelelwano" lwenzeka njani phakathi koomatshini benyani) kwaye azikhuseli iziseko ezingundoqo zangaphakathi ukusuka. iinzame zokugqekeza zangaphakathi. Ukubeka nje, isoftware ye-antivirus eqhelekileyo ayisebenzi efini. Kwangaxeshanye, efakwe kwi-WM nganye, batya isixa esikhulu semithombo yendalo iphela xa bejonga iintsholongwane kunye nohlaziyo, “bachitha” uthungelwano kunye nokucotha umsebenzi wenkampani, kodwa ngenxa yoko, banikela phantse. Ukungasebenzi kakuhle kwezero kumsebenzi wabo ophambili.

Kumacandelo amabini alandelayo eli nqaku, siza kudwelisa ukuba zeziphi iingozi ezinokuvela xa inkampani isebenza emafini (yabucala, kawonke-wonke, ingxubevange) kwaye ichaze ukuba ezi ngozi zinokuthintelwa njani kwaye kufuneka zithintelwe ngokuchanekileyo.

Iingozi ezihlala zisongela iinkonzo zefu

▍ Uhlaselo lwenethiwekhi ekude

Olu luhlobo olwahlukeneyo lolwazi olutshabalalisayo kwinkqubo yekhompyutha esasazwayo, eqhutywa ngokwenkqubo ngokusebenzisa imijelo yonxibelelwano ukufikelela kwiinjongo ezahlukeneyo. Ezona zixhaphakileyo kuzo:

• Uhlaselo lweDDoS (Ukuhanjiswa okuchaseneyo kweNkonzo). Ukuthunyelwa okukhulu kwezicelo zolwazi kumncedisi ngenjongo yokusebenzisa izixhobo okanye i-bandwidth kwinkqubo ehlaselweyo ukwenzela ukukhubaza inkqubo ekujoliswe kuyo, ngaloo ndlela kubangele umonakalo kwinkampani. Isetyenziswa ngabakhuphisanayo njengenkonzo yesiko, abaphangi, abalweli bezopolitiko kunye noorhulumente ukufumana ingeniso yezopolitiko. Uhlaselo olunjalo lwenziwa kusetyenziswa i-botnet - uthungelwano lweekhompyuter ezine-bots ezifakwe kuzo (isoftware enokuthi iqulathe iintsholongwane, iinkqubo zolawulo olukude lwekhompyuter kunye nezixhobo zokufihla kwi-OS), ezisetyenziswa ngabaduni ukude ukuhambisa i-spam kunye ne-ransomware. . Funda ngakumbi kwiposi yethu I-DDoS: I-IT maniacs phambili ekuhlaselweni.
• Ukukhukula kwePing - ukubangela ukugcwala komgca. 
• I-Ping yokufa - ukubangela umkhenkce, ukuqalisa ngokutsha kunye nokuwa kwenkqubo.
• Uhlaselo lwenqanaba lesicelo — ukufumana ufikelelo kwikhompyutha evumela ukuba usetyenziso luvulwe kwiakhawunti ethile (inkqubo evunyiweyo).
• Ukwahlulwa kwedatha — xa kucinywa inkqubo kaxakeka ngenxa yokuphuphuma kwebuffer yesoftware.
• Ii-Autorooters -ukwenza ngokuzenzekelayo inkqubo yokuqhekeza ngokuskena inani elikhulu leenkqubo ngexesha elifutshane ngokufaka i-rootkit.
• Ukuphunga — ukumamela itshaneli.
• Ukubekwa kwephakheji -ukutshintshela kwikhompyuter yakho unxibelelwano olusekiweyo phakathi kwezinye iikhompyuter.
• Packet interception kwi-router - ukufumana iiphasiwedi zomsebenzisi kunye nolwazi oluvela kwi-imeyile.
• IP spoofing - ukuze i-hacker ngaphakathi okanye ngaphandle kwenethiwekhi ikwazi ukulinganisa ikhompyutha enokuthenjwa. Oku kwenziwa ngokusebenzisa idilesi ye-IP spoofing.
• Brute force uhlaselo (brute force) - ukukhetha igama eliyimfihlo ngokuzama imidibaniso. Basebenzisa ubuthathaka kwi-RDP nakwi-SSH.
• Smurf — ukunciphisa ukusebenza kwejelo lonxibelelwano kunye/okanye ukwahlula ngokupheleleyo inethiwekhi ehlaselweyo.
• DNS spoofing - ukonakalisa ingqibelelo yedatha kwinkqubo ye-DNS ngokusebenzisa "ityhefu" i-cache ye-DNS. 
• Thenjiwe umamkeli spoofing — ukukwazi ukuqhuba iseshoni nomncedisi egameni lomamkeli othembekileyo. 
• TCP SYN uNogumbe — ukuphuphuma kwimemori yeseva.
• Indoda-esembindini - ngenxa yokubiwa kolwazi, ukuchithwa kwedatha edlulisiweyo, ukuhlaselwa kwe-DoS, ukukhwabanisa kweseshoni yonxibelelwano lwangoku ukuze kufumaneke ukufikelela kwimithombo yenethiwekhi yangasese, uhlalutyo lwetrafikhi ukuze ufumane ulwazi malunga nenethiwekhi kunye nabasebenzisi bayo.
• Ubukrelekrele benethiwekhi -ukufunda ulwazi malunga nenethiwekhi kunye nezicelo ezisebenza kwiinginginya phambi kohlaselo.
• Ukwalathisa izibuko luhlobo lohlaselo olusebenzisa umamkeli osengozini ukudlula itrafikhi kwifirewall. Umzekelo, ukuba i-firewall iqhagamshelwe kwiinginginya ezintathu (iinkonzo zangaphandle, zangaphakathi, nezoluntu), ngoko umamkeli wangaphandle uyakwazi ukunxibelelana nomamkeli wangaphakathi ngokuthumela izibuko kumamkeli weenkonzo zoluntu.
• Ukuthemba ukuxhaphaza - uhlaselo lwenzeka xa umntu ethatha ithuba lobudlelwane obuthembekileyo ngaphakathi kwenethiwekhi. Ngokomzekelo, ukukhwabanisa inkqubo enye ngaphakathi kwenethiwekhi yenkampani (i-HTTP, i-DNS, iiseva ze-SMTP) kunokukhokelela ekugqeni kwezinye iinkqubo. 

▍ Ubunjineli bezentlalo

• Phishing - ukufumana ulwazi oluyimfihlo (i-passwords, iinombolo zekhadi lebhanki, njl.) ngokuthumela i-imeyile egameni lemibutho eyaziwayo kunye neebhanki.
• Ipakethi yokuphunga (Packet sniffers) - ukufumana ukufikelela kulwazi olubalulekileyo, kubandakanywa amagama ayimfihlo. Iphumelele kakhulu ngenxa yokuba abasebenzisi bahlala bephinda basebenzise igama labo lomsebenzisi kunye negama lokugqitha ukuze bafumane ukufikelela kwiinkqubo ezahlukeneyo kunye neenkqubo. Ngale ndlela, i-hacker ingakwazi ukufikelela kwi-akhawunti yomsebenzisi wenkqubo kwaye yenze i-akhawunti entsha ngayo ukuze ikwazi ukufikelela kwinethiwekhi kunye nezibonelelo zayo nangaliphi na ixesha.
• Ukuxela kwangaphambili - uhlaselo olubhaliweyo usebenzisa unxibelelwano lwezwi, injongo yokunyanzelisa ixhoba ukuba lenze isenzo. 
• Ihashe leTrojan - ubuchule obusekwe kwiimvakalelo zexhoba: uloyiko, ukufuna ukwazi. I-Malware idla ngokufunyanwa njengoncamathiselo lwe-imeyile.
• Quid malunga ne-quo (emva koko, i-quid pro quo) - umhlaseli uqhagamshelana nawe ngefowuni yenkampani okanye i-imeyile phantsi kobuchwephesha bomsebenzi wenkxaso yobugcisa, ukunika ingxelo ngeengxaki kwikhompyuter yexhoba kwaye unikezela ukuzisombulula. Injongo kukufaka isoftware kwaye wenze imiyalelo engalunganga kule khompyutha.
• Indlela yeapile - ukutyala imidiya yokugcina indawo echaphazelekayo kwiindawo zikawonkewonke (i-flash drive kwindlu yangasese, idiski kwi-elevator), ixhotyiswe ngemibhalo evuselela umdla. 
• Ukuqokelela ulwazi kwiinethiwekhi zentlalo.

▍Ukuphumelela

Naluphi na uhlaselo olungekho mthethweni nolungagunyaziswanga olujoliswe ekufumaneni idatha, ukuphazamisa ukusebenza kwenkqubo, okanye ukubamba ulawulo lwenkqubo kuthiwa yi-exploits. Zibangelwa ziimpazamo kwinkqubo yophuhliso lwesoftware, ngenxa yoko ubuthathaka buvela kwinkqubo yokhuselo yenkqubo, esetyenziswa ngempumelelo ngabaphuli-mthetho ukuze bafumane ukufikelela okungenamkhawulo kwiprogram ngokwayo, kwaye ngayo kwikhompyuter yonke kunye nokuya phambili. inethiwekhi koomatshini.

▍Ukulungelelana kweeakhawunti

Ukugqekezwa kweakhawunti yomqeshwa wenkampani ngumntu wangaphandle ukuze kufumaneke ukufikelela kulwazi olukhuselweyo: ukusuka ekubambeni ulwazi (kubandakanywa nomsindo) kunye nezitshixo nge-malware ukuya ekungeneni kwindawo yokugcina yolwazi lomthwali wolwazi.

▍Ukulungelelana koovimba

Ukosuleleka kweeseva zokugcina kubafaki besoftware, uhlaziyo kunye namathala eencwadi.

▍Imingcipheko yangaphakathi yenkampani

Oku kuquka ukuvuza kolwazi ngenxa yempazamo yabasebenzi benkampani ngokwabo. Oku kunokuba kukungakhathali okanye izenzo ezikhohlakeleyo zangabom: ukusuka kukona kwangabom kwemigaqo-nkqubo yokhuseleko yolawulo ukuya ekuthengisweni kolwazi oluyimfihlo kumaqela esithathu. Oku kunokubandakanya ukufikelela okungagunyaziswanga, ujongano olungakhuselekanga, ukungalungiswa kakuhle kwamaqonga elifu, kunye nokufakwa/ukusetyenziswa kwezicelo ezingagunyaziswanga.

Ngoku makhe sijonge ukuba unokuthintela njani uluhlu olubanzi (kwaye kude nokugqiba) lweengxaki zokhuseleko lwamafu.

Izisombululo zanamhlanje ezikhethekileyo zokhuseleko lwamafu

Zonke iziseko zelifu zifuna ukhuseleko olubanzi, olunamanqanaba amaninzi. Iindlela ezichazwe ngezantsi ziya kukunceda uqonde ukuba iphakheji yokhuseleko lwamafu kufuneka ibe yintoni.

▍IiAntiviruses

Kubalulekile ukukhumbula ukuba nayiphi na i-antivirus yemveli ayiyi kuthenjwa xa uzama ukubonelela ngokhuseleko lwamafu. Kufuneka usebenzise isisombululo esilungiselelwe ngokuthe ngqo kwi-virtual and cloud environments, kwaye ukufakwa kwayo kunemithetho yayo kule meko. Namhlanje, kukho iindlela ezimbini zokuqinisekisa ukhuseleko lwamafu usebenzisa ii-antiviruses ezikhethekileyo zamacandelo amaninzi aphuhliswe kusetyenziswa itekhnoloji yamva nje: ukhuseleko olungena-arhente kunye nokukhuselwa kwearhente yokukhanya.

Ukukhuselwa ngaphandle kwe-Agentless. Iphuhliswe yi-VMware kwaye inokwenzeka kuphela ngezisombululo zayo. Oomatshini ababini abongezelelweyo basebenza kwi-server yomzimba kunye noomatshini ababonakalayo: i-Seva yoKhuseleko (SVM) kunye ne-Network Attack Blocker (NAB). Akukho nto ibekwe ngaphakathi ngamnye kubo. Kuphela i-antivirus kernel efakwe kwi-SVM - isixhobo sokhuseleko esinikezelweyo. Kumatshini we-NAB, eli candelo linoxanduva kuphela lokuqinisekisa unxibelelwano phakathi koomatshini bokwenene kunye nento eyenzekayo kwi-ecosystem (kunye nokunxibelelana nobuchwepheshe be-NSX). Le SVM ijonga zonke iitrafikhi eziza kwiseva ebonakalayo. Lenza iqela lezigwebo, ezifumaneka kubo bonke oomatshini bokhuseleko benyani ngokusebenzisa i-cache yesigwebo esiqhelekileyo. Umatshini ngamnye wokhuseleko wenyani ufikelela kweli dama kuqala, endaweni yokuskena yonke inkqubo - lo mgaqo ikuvumela ukuba unciphise iindleko zezibonelelo kwaye ukhawuleze ukusebenza kwe-ecosystem. 

Ukukhuselwa nge-arhente yokukhanya. Iphuhliswe nguKaspersky kwaye akukho zithintelo zeVMware. Njengokhuseleko olungena-arhente, i-injini ye-antivirus ifakwe kwi-SVM, kodwa ngokungafaniyo nayo, kukho i-arhente ekhaphukhaphu efakwe ngaphakathi kwe-WM nganye. I-arhente ayenzi iitshekhi, kodwa ibeka esweni kuphela yonke into eyenzekayo ngaphakathi kwe-WM yasekwe kwi-self-learning network technology. Le teknoloji ikhumbula ulandelelwano oluchanekileyo lwezicelo; Xa ujongene nenyaniso yokuba ukulandelelana kwezenzo zesicelo ngaphakathi kwe-WM akwenzeki ngokuchanekileyo, kuyayivimba. 

Okunye malunga Funda uKhuseleko lwemekobume ebonakalayo kwiwebhusayithi yomphuhlisi, kodwa malunga nendlela yokufaka ukhuseleko lwe-anti-virus kunye ne-arhente yokukhanya yomncedisi wakho wenyani, funda kuluhlu lwethu (ezantsi kwephepha ngabafowunelwa be-24/7 inkxaso yobugcisa xa unemibuzo). 

▍Ukudityaniswa neenkonzo zokuthintela okanye ukulungisa imiba yokhuseleko lwamafu

• Guqula amaqonga olawulo. Ezi ziinkonzo eziqinisekisiweyo ezixhasa iinkqubo ze-ITSM eziphambili zenkampani, ezibandakanya ezifana nokhuseleko lwe-IT kunye neziganeko. Umzekelo, ServiceNow, Remedy, JIRA.
• Izixhobo zokuskena zokhuseleko. Umzekelo, Rapid7, Qualys, Tenable.
• Izixhobo zolawulo loqwalaselo. Zikuvumela ukuba wenze ngokuzenzekelayo ukusebenza kweeseva kwaye ngokwenza kube lula ukuseta kunye nokugcinwa kwamashumi, amakhulu kunye namawaka eeseva ezinokusasazwa kwihlabathi liphela. Ngokomzekelo, i-TrueSight Server Automation, i-IBM BigFix, uMphathi we-TrueSight Vulnerability, uChef, uPuppet.
• Khusela izixhobo zolawulo lwesilumkiso. Ikuvumela ukuba unikeze inkonzo eqhubekayo kwaye uqhubeke nokubeka iliso kwimeko ngexesha leziganeko, unikeze inkxaso efanelekileyo yokudibanisa ifowuni, ukuthumela imiyalezo, kunye ne-imeyile (Ngokutsho kweCisco, ngaphezu kwe-85% yemiyalezo ye-imeyile yayiyi-spam ngoJulayi 2019, enokuthi iqulethe i-malware, iinzame zokurhwaphiliza, njl.njl. Kule mihla, i-malware isoloko ithunyelwa ngeendidi "zesiqhelo" zoncamathiselo: ezona zincamatheleyo ziyingozi kwi-imeyile ziifayile zeMicrosoft Office. Cisco ngoJuni 2019 Ingxelo yoKhuseleko lwe-imeyile). Isixhobo esinjalo sinokuba, umzekelo, i-OpsGenie.

▍Sebenzisa ukhuseleko

Kuba ukuxhaphaza kuyiziphumo zobuthathaka besoftware, ngabaphuhlisi besoftware ekufuneka balungise iimpazamo kwimveliso yabo. Kuluxanduva lwabasebenzisi ukufaka kwangexesha iipakethi zohlaziyo kunye neepatches ngokukhawuleza emva kokukhululwa kwazo. Ukusebenzisa ukukhangela okuzenzekelayo kunye nesixhobo sokufakela okanye umphathi wesicelo onale nqaku kukunceda uphephe ukuhlaziywa okulahlekileyo. Ukhuseleko lokuxhaphaza oluzenzekelayo lwakhiwe kwisicelo esichazwe ngasentla UKhuseleko lweKaspersky lwe-Virtualization Light Agent. 

▍IFirewall

I-firewall, i-firewall. Izihluzi kunye nokulawula itrafikhi yenethiwekhi ngokwemigaqo esele iqwalaselwe. I-firewall inokumelwa njengolandelelwano lwezihluzi eziqhuba ukuhamba komsebenzi womnatha wolwazi. Ubumbeko olululo lwefirewall lusebenza ngokuchasene nohlaselo lwamandla akhohlakeleyo. Ungavumela udibaniso lwe-RDP okanye lwe-SSH kuphela kwiidilesi ezithile ze-IP zomnini womncedisi kwaye ukhusele umncedisi kwiinzame zokuqikelela igama lokugqitha. Iifirewall zikhona kuzo zonke iinkqubo zokusebenza zanamhlanje. Ukongeza koku, i-akhawunti yakho ye-RUVDS inikezela free firewall kwinqanaba lezixhobo zenethiwekhi. Ngaloo ndlela, i-traffic network engafunekiyo ayiyi kufikelela kumatshini obonakalayo, kodwa iya kuhluzwa kwinqanaba ledatha yedatha. Ukwenzela uncedo olongezelelweyo lomxhasi, eyona mithetho ixhaphakileyo yokucoca yongezwe kwi-firewall interface. Ukuba idilesi ye-IP itshintshiwe, umxhasi unokuya nje kwiakhawunti yakhe kwaye ahlele umthetho ngaphandle kokungena kumncedisi.

▍Ukhuseleko kuhlaselo lweDDoS

Kukho inkonzo eyongezelelweyo enokuthengwa kuyo 
umboneleli weeseva zenyani (kunye nezomzimba). Isekelwe kubuchwephesha bokuhlalutya i-traffic yenethiwekhi, oko, umzekelo, kwi-RUVDS iqhutywe i-24/7, kwaye ukhuseleko lunokumelana ngokuzinzileyo ukuya kwi-1500 Gbit / s. Uhlawula kuphela i-traffic oyifunayo. Ngoku kunyuso kwi-RUVDS kwinyanga yokuqala simahla 0.5 Mbit / s, ngoko ke ukusuka 400 rub. ngenyanga.

▍Ukuyila nokuphumeza ukuthotyelwa kwemigaqo

Imithetho yomsebenzisi ebhaliweyo kunye neyenziwayo kunye nemithetho yamanyathelo okubuyisela (isicwangciso sempendulo yesiganeko se-cybersecurity) inobunzima obubalulekileyo kwimiba yokhuseleko lwamafu ukusuka kwindawo yokujonga i-human factor, kubandakanywa ukukhwabanisa usebenzisa iindlela zobunjineli bezentlalo. Eli nqaku libandakanya ukuthintela ukufikelela kwabasebenzi, ukuchonga izicelo eziphambili zefu zenkampani (akukho ezinye izicelo ngaphandle kwezo zimbalwa ezikulo "luhlu olumhlophe" olunokufakwa), kunye nokuqinisekisa ukhuseleko lwezixhobo eziphathwayo ezinokuthi zisetyenziswe kwinkampani ukusebenzisana. ngesiseko selifu senkampani, kunye nolawulo lwesixhobo, esinoxanduva lwemigaqo-nkqubo yokusetyenziswa kwemidiya yangaphandle.

Siyathemba ukuba eli nqaku beliluncedo. Njengesiqhelo, siyawamkela amagqabaza akhayo, ulwazi olutsha, iimbono ezibangel’ umdla, kwakunye neengxelo zazo nakuphi na ukungachaneki kwezinto. 

umthombo: www.habr.com