Namuhla, umlawuli wenethiwekhi noma unjiniyela wokuphepha wolwazi uchitha isikhathi esiningi nomzamo ukuze avikele i-perimeter yenethiwekhi yebhizinisi ezinsongweni ezihlukahlukene, ukuphatha izinhlelo ezintsha zokuvimbela nokuqapha izenzakalo, kodwa ngisho nalokhu akuqinisekisi ukuphepha okuphelele. Ubunjiniyela bomphakathi busetshenziswa abahlaseli futhi kungaba nemiphumela emibi.
Kukangaki uzithole ucabanga ukuthi: "Kungaba kuhle ukuhlela ukuhlolwa kwabasebenzi mayelana nolwazi lokufunda nokubhala"? Ngeshwa, imicabango ingena odongeni lokungaqondi ngendlela yenani elikhulu lemisebenzi noma isikhathi esilinganiselwe osukwini lokusebenza. Sihlela ukukutshela mayelana nemikhiqizo yesimanje kanye nobuchwepheshe emkhakheni wokuzenzakalela kokuqeqeshwa kwabasebenzi, okungeke kudinge ukuqeqeshwa okude kokuhlola noma ukuqaliswa, kodwa mayelana nakho konke ngohlelo.
Isisekelo setiyori
Namuhla, amafayela anonya angaphezu kuka-80% asatshalaliswa nge-imeyili (idatha ethathwe emibikweni evela kochwepheshe be-Check Point onyakeni odlule kusetshenziswa isevisi Yemibiko Yezobunhloli).
Bika izinsuku ezingu-30 zokugcina ku-vector yokuhlasela ukuze kusatshalaliswe amafayela anonya (eRussia) - Hlola Indawo
Lokhu kuphakamisa ukuthi okuqukethwe emilayezweni ye-imeyili kusengozini yokuxhashazwa abahlaseli. Uma sicubungula amafomethi wefayela anonya aziwa kakhulu ezinamathiselwe (i-EXE, i-RTF, i-DOC), kufanelekile ukuqaphela ukuthi, njengomthetho, aqukethe izinto ezizenzakalelayo zokwenziwa kwekhodi (izikripthi, ama-macros).
Umbiko wonyaka wamafomethi wefayela emilayezweni enonya eyamukelwe - Hlola Indawo
Ungabhekana kanjani nale vector yokuhlasela? Ukuhlola imeyili kubandakanya ukusebenzisa amathuluzi okuvikela:
-
I-antivirus - ukutholwa kwesiginesha kwezinsongo.
-
Ukumemezela - Ibhokisi lesihlabathi lapho okunamathiselwe kuvulwa endaweni engayodwa.
-
Ukuqwashisa Ngokuqukethwe — ukukhipha izinto ezisebenzayo kumadokhumenti. Umsebenzisi uthola idokhumenti ehlanzekile (imvamisa ibe ngefomethi ye-PDF).
-
I-AntiSpam — ukuhlola isizinda somamukeli/umthumeli isithunzi.
Futhi, ngombono, lokhu kwanele, kodwa kunenye insiza ebaluleke ngokulinganayo yenkampani - idatha yenkampani neyomuntu siqu yabasebenzi. Eminyakeni yamuva nje, ukuthandwa kwalolu hlobo olulandelayo lokukhwabanisa ku-inthanethi bekukhula ngenkuthalo:
Ubugebengu bokweba imininingwane ebucayi (Ubugebengu bokweba imininingwane ebucayi ngesiNgisi, kusukela ekudobeni - ukudoba, ukudoba) - uhlobo lokukhwabanisa kwe-inthanethi. Inhloso yawo ukuthola idatha yokuhlonza umsebenzisi. Lokhu kuhlanganisa ukuntshontshwa kwamaphasiwedi, izinombolo zekhadi lesikweletu, ama-akhawunti asebhange nolunye ulwazi olubucayi.
Abahlaseli bathuthukisa izindlela zokuhlasela kobugebengu bokweba imininingwane ebucayi, baqondise kabusha izicelo ze-DNS ezisuka kumasayithi adumile, futhi baqalise yonke imikhankaso besebenzisa ubunjiniyela bokuxhumana nabantu ukuze bathumele ama-imeyili.
Ngakho-ke, ukuze uvikele i-imeyili yakho yebhizinisi ebugebengwini bokweba imininingwane ebucayi, kuyanconywa ukuthi usebenzise izindlela ezimbili, futhi ukusetshenziswa kwazo okuhlangene kuholela emiphumeleni engcono kakhulu:
-
Amathuluzi okuvikela ezobuchwepheshe. Njengoba kushiwo ngaphambili, kusetshenziselwa ubuchwepheshe obuhlukahlukene ukuhlola nokudlulisa imeyili esemthethweni kuphela.
-
Ukuqeqeshwa kwethiyori kwabasebenzi. Kubandakanya ukuhlolwa okuphelele kwabasebenzi ukuze kutholakale abangaba izisulu. Bese beqeqeshwa kabusha futhi izibalo ziqoshwa njalo.
Ungathembi futhi uhlole
Namuhla sizokhuluma ngendlela yesibili yokuvimbela ukuhlaselwa kobugebengu bokweba imininingwane ebucayi, okungukuthi ukuqeqeshwa kwabasebenzi okuzenzakalelayo ukuze kwandiswe izinga eliphelele lokuphepha kwedatha yebhizinisi neyomuntu siqu. Kungani lokhu kungaba yingozi kangaka?
ubunjiniyela bezenhlalakahle - ukuxhaphaza ngokwengqondo kwabantu ukuze benze izenzo ezithile noma badalule ulwazi oluyimfihlo (ngokuphathelene nokuphepha kolwazi).
Umdwebo wesimo esivamile sokuhlaselwa kobugebengu bokweba imininingwane ebucayi
Ake sibheke i-flowchart ejabulisayo echaza kafushane uhambo lomkhankaso wobugebengu bokweba imininingwane ebucayi. Inezigaba ezahlukene:
-
Ukuqoqwa kwedatha eyinhloko.
Ekhulwini lama-21, kunzima ukuthola umuntu ongabhalisiwe kunoma iyiphi inethiwekhi yokuxhumana nabantu noma ezinkundleni ezihlukahlukene ezinezihloko. Ngokwemvelo, abaningi bethu bashiya imininingwane eningiliziwe ngathi: indawo yomsebenzi wamanje, iqembu labasebenza nabo, ucingo, iposi, njll. Engeza kulolu lwazi lomuntu siqu mayelana nezinto azithakaselayo futhi unedatha yokwenza isifanekiso sobugebengu bokweba imininingwane ebucayi. Ngisho noma asikwazanga ukuthola abantu abanolwazi olunjalo, kuhlale kunewebhusayithi yenkampani lapho singathola khona yonke imininingwane esiyithandayo (i-imeyili yesizinda, abathintwayo, ukuxhumana).
-
Ukwethulwa komkhankaso.
Uma usunebhodi lokusungula, ungasebenzisa amathuluzi amahhala noma akhokhelwayo ukuze uqalise umkhankaso wakho ohlosiwe wobugebengu bokweba imininingwane ebucayi. Phakathi nenqubo yokuposa, uzoqongelela izibalo: imeyili ethunyelwe, i-imeyili ivuliwe, izixhumanisi ezichofoziwe, imininingwane efakiwe, njll.
Imikhiqizo emakethe
Ubugebengu bokweba imininingwane ebucayi bungasetshenziswa yibo bobabili abahlaseli nabasebenzi bezokuphepha bolwazi lwenkampani ukuze benze ucwaningo oluqhubekayo lokuziphatha kwabasebenzi. Imakethe yezixazululo zamahhala nezentengiso zohlelo lokuqeqesha oluzenzakalelayo lwabasebenzi benkampani isinika ini:
-
iphrojekthi yomthombo ovulekile ekuvumela ukuthi usebenzise umkhankaso wobugebengu bokweba imininingwane ebucayi ukuze uhlole ulwazi lwe-IT lwabasebenzi bakho. Ngingabheka izinzuzo njengokusebenziseka kalula kanye nezidingo zesistimu ezincane. Okubi ukushoda kwezifanekiso zokuposa esezilungile, ukushoda kwezivivinyo nezinto zokuqeqesha zabasebenzi.
-
— indawo enenani elikhulu lemikhiqizo etholakalayo yokuhlola abasebenzi.
-
- uhlelo oluzenzakalelayo lokuhlola nokuqeqeshwa kwabasebenzi. Inezinhlobo ezahlukene zemikhiqizo esekela abasebenzi abayi-10 kuye kwangaphezu kuka-1000. Izifundo zokuqeqesha zifaka ithiyori kanye nama-asayinimenti angokoqobo; kungenzeka ukuhlonza izidingo ngokusekelwe kwizibalo ezitholwe ngemva komkhankaso wobugebengu bokweba imininingwane ebucayi. Isixazululo esokuhweba kanye nokwenzeka kokusetshenziswa kwesilingo.
-
- ukuqeqeshwa okuzenzakalelayo kanye nohlelo lokuqapha ukuphepha. Umkhiqizo wokuthengisa unikeza ukuhlaselwa kokuqeqeshwa ngezikhathi ezithile, ukuqeqeshwa kwabasebenzi, njll. Umkhankaso unikezwa njengenguqulo yedemo yomkhiqizo, ehlanganisa ukuthumela izifanekiso nokwenza ukuhlaselwa kathathu kokuqeqeshwa.
Izixazululo ezingenhla ziyingxenye kuphela yemikhiqizo etholakalayo emakethe yokuqeqeshwa kwabasebenzi ezenzakalelayo. Yiqiniso, ngayinye inezinzuzo zayo kanye nokubi. Namuhla sizojwayelana , belingisa ukuhlasela kobugebengu bokweba imininingwane ebucayi, futhi uhlole izinketho ezitholakalayo.
GoPhish
Ngakho-ke, yisikhathi sokuzilolonga. I-GoPhish ayikhethwanga ngenhlanhla: iyithuluzi elisebenziseka kalula elinezici ezilandelayo:
-
Ukufakwa nokuqalisa okwenziwe lula.
-
Ukusekelwa kwe-REST API. Ikuvumela ukuthi udale imibuzo kusuka futhi usebenzise izikripthi ezizenzakalelayo.
-
Isixhumi esibonakalayo sokulawula isithombe esilula.
-
Cross-platform.
Ithimba lokuthuthukisa lilungiselele okuhle kakhulu ekukhipheni nasekulungiseleleni i-GoPhish. Eqinisweni, konke okudingeka ukwenze ukuya , landa ingobo yomlando ye-ZIP ye-OS ehambisanayo, sebenzisa ifayela kanambambili langaphakathi, ngemva kwalokho ithuluzi lizofakwa.
ISAZISO ESIBALULEKILE!
Ngenxa yalokho, kufanele uthole kulwazi lwetheminali mayelana nephothali esetshenzisiwe, kanye nedatha yokugunyazwa (ifanele izinguqulo ezindala kunenguqulo engu-0.10.1). Ungakhohlwa ukuvikela iphasiwedi yakho!
msg="Please login with the username admin and the password <ПАРОЛЬ>"Ukuqonda ukusethwa kwe-GoPhish
Ngemva kokufaka, ifayela lokumisa (config.json) lizokwakhiwa kunkomba yohlelo lokusebenza. Ake sichaze amapharamitha wokuyishintsha:
Ukhiye
Inani (okuzenzakalelayo)
Incazelo
admin_server.lalela_url
127.0.0.1:3333
Ikheli le-IP leseva ye-GoPhish
admin_server.use_tls
bamanga
Ingabe i-TLS isetshenziselwa ukuxhuma kuseva ye-GoPhish
admin_server.cert_path
isibonelo.crt
Indlela eya kwisitifiketi se-SSL sengosi yomqondisi we-GoPhish
admin_server.key_path
isibonelo.ukhiye
Indlela eya kukhiye we-SSL oyimfihlo
phish_server.lalela_url
0.0.0.0:80
Ikheli lasesizindeni se-inthanethi kanye nembobo lapho ikhasi lobugebengu bokweba imininingwane ebucayi lisingathwa khona (ngokuzenzakalelayo lisingathwa kuseva ye-GoPhish ngokwayo ku-port 80)
—> Iya kuphothali yabaphathi. Esimweni sethu: https://127.0.0.1:3333
—> Uzocelwa ukuthi uguqule iphasiwedi ende iye kwelula noma wenze okuphambene nalokho.
Idala iphrofayela yomthumeli
Iya kuthebhu "Ukuthumela Amaphrofayili" futhi unikeze ulwazi mayelana nomsebenzisi okuzovela kuye ukuthunyelwa kwethu kwe-imeyili:
Kuphi:
Igama
Igama lomthumeli
Kusukela
I-imeyili yomthumeli
Host
Ikheli lasesizindeni se-inthanethi leseva yemeyili lapho imeyili engenayo izolalelwa khona.
Igama lomsebenzisi
Ukungena ngemvume kwe-akhawunti yomsebenzisi weseva yemeyili.
Iphasiwedi
Iphasiwedi ye-akhawunti yomsebenzisi yeseva yemeyili.
Ungaphinda uthumele umlayezo wokuhlola ukuze uqinisekise impumelelo yokulethwa. Londoloza izilungiselelo usebenzisa inkinobho ethi "Londoloza iphrofayela".
Ukudala iqembu labamukeli
Okulandelayo, kufanele wakhe iqembu labamukeli “bezinhlamvu zamaketanga”. Iya kokuthi “Umsebenzisi Namaqembu” → “Iqembu elisha”. Kunezindlela ezimbili zokwengeza: ngokwenza noma ukungenisa ifayela le-CSV.
Indlela yesibili idinga izinkambu ezidingekayo ezilandelayo:
-
Igama
-
Isibongo
-
imeyili
-
Isikhundla
Njengesibonelo:
First Name,Last Name,Position,Email
Richard,Bourne,CEO,[email protected]
Boyd,Jenius,Systems Administrator,[email protected]
Haiti,Moreo,Sales & Marketing,[email protected]Ukudala Isifanekiso Se-imeyili Yobugebengu Bokweba imininingwane ebucayi
Uma sesihlonze umhlaseli ocatshangelwayo nalabo abangase babe izisulu, sidinga ukudala isifanekiso esinomlayezo. Ukuze wenze lokhu, yiya engxenyeni ethi “Izifanekiso Ze-imeyili” → “Izifanekiso Ezintsha”.
Lapho kwakhiwa isifanekiso, kusetshenziswa indlela yobuchwepheshe neyokudala; umlayezo ovela kusevisi kufanele ucaciswe ozokwaziwa kubasebenzisi abazisulu noma ozobabangela ukusabela okuthile. Izinketho ezingenzeka:
Igama
Igama lesifanekiso
Isihloko
Isihloko sencwadi
Umbhalo/HTML
Inkambu yokufaka umbhalo noma ikhodi ye-HTML
I-Gophish isekela ukungenisa kwezinhlamvu, kodwa sizodala ezethu. Ukuze senze lokhu, silingisa isimo: umsebenzisi wenkampani uthola incwadi emcela ukuthi ashintshe iphasiwedi ku-imeyili yakhe yenkampani. Okulandelayo, ake sihlaziye ukusabela kwakhe futhi sibheke “ukubamba” kwethu.
Sizosebenzisa okuguquguqukayo okwakhelwe ngaphakathi kusifanekiso. Imininingwane eyengeziwe ingatholakala kulokhu okungenhla esigabeni .
Okokuqala, masilayishe umbhalo olandelayo:
{{.FirstName}},
The password for {{.Email}} has expired. Please reset your password here.
Thanks,
IT TeamNgokuvumelana nalokho, igama lomsebenzisi lizofakwa ngokuzenzakalelayo (ngokuvumelana nento eshiwo ngaphambili ethi “Iqembu Elisha”) futhi ikheli lakhe leposi lizokhonjiswa.
Okulandelayo, kufanele sinikeze isixhumanisi esisetshenziswa sethu sobugebengu bokweba imininingwane ebucayi. Ukuze wenze lokhu, gqamisa igama elithi “lapha” embhalweni bese ukhetha inketho ethi “Xhumanisa” kuphaneli yokulawula.
Sizosetha i-URL kokuhluka eyakhelwe ngaphakathi {{.URL}}, esizoyigcwalisa kamuva. Izoshumeka ngokuzenzakalelayo embhalweni we-imeyili yobugebengu bokweba imininingwane ebucayi.
Ngaphambi kokulondoloza isifanekiso, ungakhohlwa ukunika amandla inketho ethi “Engeza Isithombe Sokulandelela”. Lokhu kuzongeza ingxenye yemidiya ye-pixel engu-1x1 ezolandelela ukuthi umsebenzisi uyivulile yini i-imeyili.
Ngakho-ke, akukuningi okusele, kodwa okokuqala sizofingqa izinyathelo ezidingekayo ngemuva kokungena kuphothali ye-Gophish:
-
Dala iphrofayela yomthumeli;
-
Dala iqembu lokusabalalisa lapho ucacisa khona abasebenzisi;
-
Dala isifanekiso se-imeyili sobugebengu bokweba imininingwane ebucayi.
Ngiyavuma, ukusetha akuthathanga isikhathi esiningi futhi cishe sesilungele ukwethula umkhankaso wethu. Okusele nje ukwengeza ikhasi lobugebengu bokweba imininingwane ebucayi.
Ukudala ikhasi lobugebengu bokweba imininingwane ebucayi
Yiya kuthebhu ethi “Landing Pages”.
Sizotshelwa ukuthi sicacise igama lento. Kungenzeka ukungenisa isizinda somthombo. Esibonelweni sethu, ngizame ukucacisa ingosi yewebhu esebenzayo yeseva yemeyili. Ngakho-ke, ingeniswe njengekhodi ye-HTML (nakuba hhayi ngokuphelele). Okulandelayo izinketho ezithokozisayo zokuthwebula okokufaka komsebenzisi:
-
Thatha Idatha Ethunyelwe. Uma ikhasi lesayithi elishiwo liqukethe amafomu okufaka ahlukahlukene, yonke idatha izorekhodwa.
-
Thwebula Amagama-mfihlo - thatha amaphasiwedi afakiwe. Idatha ibhalwe kusizindalwazi se-GoPhish ngaphandle kokubethela, njengoba kunjalo.
Ukwengeza, singasebenzisa inketho "yokuqondisa kabusha", ezoqondisa kabusha umsebenzisi ekhasini elishiwo ngemuva kokufaka imininingwane. Ake ngikukhumbuze ukuthi simise isimo lapho umsebenzisi eyalwa khona ukuthi ashintshe iphasiwedi ye-imeyili yebhizinisi. Ukuze enze lokhu, unikezwa ikhasi lephothali lokugunyazwa kweposi elingelona iqiniso, ngemva kwalokho umsebenzisi angathunyelwa kunoma iyiphi insiza yenkampani etholakalayo.
Ungakhohlwa ukulondoloza ikhasi eliqediwe bese uye engxenyeni ethi "Umkhankaso Omusha".
Ukwethulwa kokudoba kwe-GoPhish
Sinikeze lonke ulwazi oludingekayo. Kuthebhu "Umkhankaso Omusha", dala umkhankaso omusha.
Ukwethulwa komkhankaso
Kuphi:
Igama
Igama lomkhankaso
Isifanekiso se-imeyili
Isifanekiso somlayezo
Ikhasi lokufika
Ikhasi lobugebengu bokweba imininingwane ebucayi
I-URL
I-IP yeseva yakho ye-GoPhish (kufanele ibe nokufinyeleleka kwenethiwekhi nomsingathi wesisulu)
Usuku lokuqalisa
Idethi yokuqala yomkhankaso
Thumela Ama-imeyili Nga
Idethi yokuqeda umkhankaso (i-imeyili isatshalaliswa ngokulinganayo)
Ithumela Iphrofayela
Iphrofayela yomthumeli
Amaqembu
Iqembu lomamukeli lokuposa
Ngemva kokuqala, singahlala sijwayelana nezibalo, ezibonisa: imilayezo ethunyelwe, imilayezo evuliwe, ukuchofoza izixhumanisi, idatha eshiywe idluliselwe kugaxekile.
Ngokwezibalo sibona ukuthi umlayezo ongu-1 uthunyelwe, ake sihlole imeyili ohlangothini lomamukeli:
Ngempela, isisulu sithole ngempumelelo i-imeyili yobugebengu bokweba imininingwane ebucayi emcela ukuthi alandele isixhumanisi sokushintsha iphasiwedi ye-akhawunti yebhizinisi. Senza izenzo eziceliwe, sithunyelwa emakhasini okufika, kuthiwani ngezibalo?
Ngenxa yalokho, umsebenzisi wethu uchofoze isixhumanisi sobugebengu bokweba imininingwane ebucayi, lapho engashiya khona ulwazi lwe-akhawunti yakhe.
Inothi lombhali: inqubo yokufaka idatha ayizange irekhodwe ngenxa yokusetshenziswa kwesakhiwo sokuhlola, kodwa inketho enjalo ikhona. Nokho, okuqukethwe akubetheliwe futhi kugcinwa kusizindalwazi se-GoPhish, sicela ukugcine lokhu engqondweni.
Esikhundleni isiphetho
Namuhla sithinte isihloko samanje sokuqhuba ukuqeqeshwa okuzenzakalelayo kwabasebenzi ukuze sibavikele ekuhlaselweni kobugebengu bokweba imininingwane ebucayi futhi kuthuthukiswe ulwazi lwe-IT kubo. I-Gophish yasetshenziswa njengesixazululo esithengekayo, esibonise imiphumela emihle ngokwesikhathi sokuthunyelwa kanye nomphumela. Ngaleli thuluzi elifinyelelekayo, ungahlola abasebenzi bakho futhi ukhiqize imibiko ngokuziphatha kwabo. Uma unentshisekelo kulo mkhiqizo, sinikeza usizo ekuwuthumeleni nasekuhloleni abasebenzi bakho ([i-imeyili ivikelwe]).
Kodwa-ke, ngeke sime ekubuyekezeni isisombululo esisodwa futhi sihlele ukuqhubeka nomjikelezo, lapho sizokhuluma khona ngezixazululo ze-Enterprise zokuzenzakalela inqubo yokuqeqesha kanye nokuqapha ukuphepha kwabasebenzi. Hlala nathi futhi uqaphe!
Source: www.habr.com