Ukwamukelwa okusabalele kwe-cloud computing kusiza izinkampani ukuthi zikhulise ibhizinisi labo. Kodwa ukusetshenziswa kwamapulatifomu amasha kusho futhi ukuvela kwezinsongo ezintsha. Ukugcina iqembu lakho ngaphakathi kwenhlangano enesibopho sokuqapha ukuphepha kwezinsizakalo zamafu akuwona umsebenzi olula. Amathuluzi okuqapha akhona ayabiza futhi ahamba kancane. Ngokwezinga elithile, zinzima ukuzilawula uma kuziwa ekutholeni ingqalasizinda yamafu enkulukazi. Ukuze zigcine ukuphepha kwazo kwamafu kusezingeni eliphezulu, izinkampani zidinga amathuluzi anamandla, aguquguqukayo, nahlakaniphile adlula lokho obekutholakala ngaphambilini. Kulapho ubuchwepheshe bomthombo ovulekile busiza khona kakhulu, busiza ukulondoloza ibhajethi yezokuphepha futhi budalwe ochwepheshe abazi okuningi ngebhizinisi labo.
I-athikili, ukuhumushwa kwayo esiyishicilelayo namuhla, inikezela ngesifingqo samathuluzi angu-7 omthombo ovulekile wokuqapha ukuphepha kwezinhlelo zamafu. Lawa mathuluzi enzelwe ukuvikela kubagebengu be-inthanethi kanye nezigebengu ze-inthanethi ngokuthola okudidayo nemisebenzi engaphephile.
1. I-Osquery
Uhlaka lwe-Osquery lwakhiwe ngu-Facebook. Ikhodi yayo yavulwa ngo-2014, ngemuva kokuba inkampani ibone ukuthi kwakungeyona kuphela ngokwayo eyayidinga amathuluzi okuqapha izindlela ezisezingeni eliphansi zezinhlelo zokusebenza. Kusukela lapho, i-Osquery isetshenziswe ngochwepheshe bezinkampani ezifana ne-Dactiv, Google, Kolide, Trail of Bits, Uptycs, nezinye eziningi. Bekusanda
I-daemon yokuqapha yomsingathi we-Osquery, ebizwa ngokuthi i-osqueryd, ikuvumela ukuthi uhlele imibuzo eqoqa idatha kuyo yonke ingqalasizinda yenhlangano yakho. I-daemon iqoqa imiphumela yemibuzo futhi idale amalogi abonisa izinguquko esimweni sengqalasizinda. Lokhu kungasiza ochwepheshe bezokuvikela bahlale bazi ngesimo sesistimu futhi kusiza kakhulu ukukhomba okudidayo. Amandla okuhlanganisa ilogu ye-Osquery angasetshenziswa ukuze akusize uthole uhlelo olungayilungele ikhompuyutha olwaziwayo nongaziwa, kanye nokukhomba lapho abahlaseli bangene khona ohlelweni lwakho futhi bathole ukuthi yiziphi izinhlelo abazifakile.
2.GoAudit
Uhlelo
Isistimu ye-GoAudit ibhalwe ngesi-Golang. Iwulimi oluphephile nolusebenza kahle kakhulu. Ngaphambi kokufaka i-GoAudit, hlola ukuthi inguqulo yakho ye-Golang ingaphezu kuka-1.7.
3. Grapl
Le phrojekthi
Ithuluzi le-Grapl lithatha amalogi ahlobene nokuvikeleka (amalogi e-Sysmon noma amalogi ngefomethi evamile ye-JSON) futhi liwaguqulele abe ama-subgraphs (okuchaza “ubunikazi” benodi ngayinye). Ngemva kwalokho, ihlanganisa izigatshana zibe igrafu evamile (Igrafu Eyinhloko), emele izenzo ezenziwa ezindaweni ezihlaziywe. I-Grapl ibe isisebenzisa Izihlaziyi kugrafu engumphumela isebenzisa “amasiginesha abahlaseli” ukuze ikhombe okudidayo namaphethini asolisayo. Uma umhlaziyi ekhomba i-subgraph engaphansi esolisayo, i-Grapl ikhiqiza ukwakhiwa kokuhlanganyela okuhloselwe ukuphenywa. Ukuzibandakanya kuyikilasi lePython elingalayishwa, ngokwesibonelo, ku-Jupyter Notebook efakwe endaweni ye-AWS. I-Grapl, ngaphezu kwalokho, ingakhuphula isikali sokuqoqwa kolwazi lophenyo lwesigameko ngokunwetshwa kwegrafu.
Uma ufuna ukuqonda kangcono i-Grapl, ungabheka
4. I-OSSEC
I-OSSEC ihlanganisa amandla oHlelo Lokutholwa Kokungeniswa Okusekelwe Kusokhaya (HIDS) nohlelo Lokulawulwa Kwesigameko Sokuphepha (i-SIM) kanye nohlelo Lolwazi Lokuphepha Nokuphathwa Kwemicimbi (SIEM). I-OSSEC futhi ingaqapha ubuqotho befayela ngesikhathi sangempela. Lokhu, ngokwesibonelo, kuqapha ukubhaliswa kweWindows futhi kuthola ama-rootkits. I-OSSEC iyakwazi ukwazisa ababambiqhaza ngezinkinga ezitholiwe ngesikhathi sangempela futhi isiza ukuphendula ngokushesha ezinsongweni ezitholiwe. Le nkundla isekela i-Microsoft Windows kanye nezinhlelo eziningi zesimanje ezifana ne-Unix, ezihlanganisa i-Linux, i-FreeBSD, i-OpenBSD ne-Solaris.
Inkundla ye-OSSEC iqukethe isikhungo sokulawula esimaphakathi, umphathi, osetshenziselwa ukuthola nokuqapha ulwazi oluvela kuma-ejenti (izinhlelo ezincane ezifakwe kumasistimu adinga ukugadwa). Umphathi ufakwe kusistimu ye-Linux, egcina isizindalwazi esisetshenziselwa ukuhlola ubuqotho bamafayela. Iphinde igcine amalogi namarekhodi emicimbi kanye nemiphumela yokuhlolwa kwesistimu.
Iphrojekthi ye-OSSEC okwamanje isekelwa yi-Atomicorp. Inkampani yengamela inguqulo yamahhala yomthombo ovulekile, futhi, ngaphezu kwalokho, izipesheli
5. meerkat
Lo mkhiqizo uvele ngo-2009. Umsebenzi wakhe usekelwe emithethweni. Okungukuthi, lowo oyisebenzisayo unethuba lokuchaza izici ezithile zethrafikhi yenethiwekhi. Uma umthetho ucushiwe, i-Suricata ikhiqiza isaziso, ivimbe noma inqamule uxhumano olusolisayo, okuyinto, futhi, incike emithethweni ecacisiwe. Le phrojekthi futhi isekela ukusebenza okunezintambo eziningi. Lokhu kwenza kube nokwenzeka ukucubungula ngokushesha inombolo enkulu yemithetho kumanethiwekhi aphethe umthamo omkhulu wethrafikhi. Ngenxa yokusekelwa kwezintambo eziningi, iseva ejwayelekile ngokuphelele iyakwazi ukuhlaziya ngempumelelo ithrafikhi ehamba ngesivinini esingu-10 Gbit/s. Kulesi simo, umlawuli akudingeki akhawule isethi yemithetho esetshenziselwa ukuhlaziywa kwethrafikhi. I-Suricata futhi isekela i-hashing kanye nokubuyiswa kwefayela.
I-Suricata ingalungiselelwa ukuthi isebenze kumaseva avamile noma emishinini ebonakalayo, njenge-AWS, isebenzisa isici esisanda kwethulwa emkhiqizweni.
Le phrojekthi isekela imibhalo ye-Lua, engasetshenziswa ukudala ingqondo eyinkimbinkimbi neningiliziwe yokuhlaziya amasignesha asongelayo.
Iphrojekthi ye-Suricata iphethwe yi-Open Information Security Foundation (OISF).
6. Zeek (Bro)
NjengoSuricata,
Uma sibheka i-Zeek njengethuluzi lokuphepha lenethiwekhi, khona-ke singasho ukuthi inikeza uchwepheshe ithuba lokuphenya isigameko ngokufunda ngokwenzekile ngaphambi noma phakathi nesigameko. I-Zeek iphinde iguqule idatha yethrafikhi yenethiwekhi ibe imicimbi yezinga eliphezulu futhi inikeza ikhono lokusebenza nomhumushi weskripthi. Umhumushi usekela ulimi lokuhlela olusetshenziselwa ukuhlanganyela nemicimbi kanye nokuthola ukuthi lezo zenzakalo zisho ukuthini mayelana nokuphepha kwenethiwekhi. Ulimi lokuhlela lwe-Zeek lungasetshenziswa ukwenza ngendlela oyifisayo imethadatha ehunyushwa ukuze ivumelane nezidingo zenhlangano ethile. Ikuvumela ukuthi wakhe izimo ezinengqondo eziyinkimbinkimbi usebenzisa ama-opharetha KANYE, NOMA kanye HHAYI. Lokhu kunikeza abasebenzisi amandla okwenza ngendlela oyifisayo ukuthi izindawo zabo zihlaziywa kanjani. Kodwa-ke, kufanele kuqashelwe ukuthi, uma kuqhathaniswa ne-Suricata, i-Zeek ingase ibonakale njengethuluzi eliyinkimbinkimbi lapho iqhuba ukucutshungulwa kokusongela kwezokuphepha.
Uma uthanda imininingwane eyengeziwe mayelana ne-Zeek, sicela uthinte
7. I-Panther
Phakathi kwezici eziyinhloko zePanther kukhona okulandelayo:
- Ukutholwa kokufinyelela okungagunyaziwe kuzinsiza ngokuhlaziya amalogi.
- Ukutholwa kosongo, kwenziwa ngokusesha izingodo zezinkomba ezibonisa izinkinga zokuphepha. Ukusesha kwenziwa kusetshenziswa izinkambu zedatha ezijwayelekile ze-Panter.
- Ihlola isistimu ukuthi iyahambisana namazinga we-SOC/PCI/HIPAA kusetshenziswa
eyakhelwe ngaphakathi Izindlela ze-panther. - Vikela izinsiza zakho zamafu ngokulungisa ngokuzenzakalela amaphutha okumisa angabangela izinkinga ezinkulu uma exhashazwa abahlaseli.
I-Panther ifakwe efwini lenhlangano le-AWS kusetshenziswa i-AWS CloudFormation. Lokhu kuvumela umsebenzisi ukuthi ahlale elawula idatha yakhe.
Imiphumela
Ukuqapha ukuphepha kwesistimu kuwumsebenzi obalulekile kulezi zinsuku. Ekuxazululeni le nkinga, izinkampani zanoma yimuphi usayizi zingasizwa ngamathuluzi omthombo ovulekile ahlinzeka ngamathuba amaningi futhi angabizi lutho noma mahhala.
Bafundi abathandekayo! Imaphi amathuluzi okuqapha ezokuphepha owasebenzisayo?
Source: www.habr.com