Izixhumanisi kwezinye izingxenye zocwaningo
- (Ulapha)
Lesi sihloko siqedela uchungechunge lwezincwadi ezinikelwe ekuqinisekiseni ukuvikeleka kolwazi lwezinkokhelo ezingezona zemali ebhange. Lapha sizobheka amamodeli ajwayelekile okusongela okukhulunywe ngawo :
- .
- .
- .
- .
HABRO-ISEXWAYISO!!! Ama-Khabrovites athandekayo, lokhu akukona okuthunyelwe kokuzijabulisa.
Amakhasi angama-40+ wezinto ezifihliwe ngaphansi kokusikwa ahloselwe usizo ngomsebenzi noma ukufunda abantu abangochwepheshe bebhange noma ukuphepha kolwazi. Lezi zinto ziwumkhiqizo wokugcina wocwaningo futhi zibhalwe ngephimbo elomile, elihlelekile. Empeleni, lezi izikhala zamadokhumenti okuvikela ulwazi lwangaphakathi.Yebo, ngokwesiko - "ukusetshenziswa kolwazi oluvela esihlokweni ngezinhloso ezingekho emthethweni kujeziswa ngumthetho". Ukufunda okukhiqizayo!
Ulwazi lwabafundi abajwayelene nesifundo esiqala ngale ncwadi.
Lumayelana nani lolu cwaningo?
Ufunda umhlahlandlela kachwepheshe onomthwalo wemfanelo wokuqinisekisa ukuphepha kolwazi lwezinkokhelo ebhange.
Logic of isethulo
Ekuqaleni ku и kunikezwa incazelo yento evikelwe. Bese ungena ichaza indlela yokwakhiwa kwesistimu yokuphepha futhi ikhuluma ngesidingo sokudala imodeli yosongo. IN ikhuluma ngokuthi yiziphi izinhlobo zosongo ezikhona nokuthi zakhiwe kanjani. IN и Ukuhlaziywa kokuhlaselwa kwangempela kunikezwa. и ziqukethe incazelo yemodeli yokusongela, eyakhelwe ngokucabangela ulwazi oluvela kuzo zonke izingxenye zangaphambilini.
TYPICAL THREAT MODEL. UKUXHUMANA KWENEWEKHI
Into yokuvikela lapho kusetshenziswa khona imodeli yokusongela (ububanzi).
Into yokuvikela idatha edluliswa ngoxhumo lwenethiwekhi olusebenza kumanethiwekhi edatha akhiwe ngesisekelo sesitaki se-TCP/IP.
bokwakha
Incazelo yezinto zokwakha:
- "Izindawo Zokugcina" - ama-node ashintshisana ngolwazi oluvikelwe.
- "Amanodi aphakathi" — izici zenethiwekhi yokudluliswa kwedatha: amarutha, amaswishi, iziphakeli zokufinyelela, amaseva elibamba nezinye izinto zokusebenza — okudluliselwa ngazo ithrafikhi yoxhumano lwenethiwekhi. Ngokuvamile, uxhumano lwenethiwekhi lungasebenza ngaphandle kwama-node aphakathi (ngokuqondile phakathi kwama-end nodes).
Izinsongo zokuphepha ezisezingeni eliphezulu
Ukubola
U1. Ukufinyelela okungagunyaziwe kudatha edlulisiwe.
U2. Ukuguqulwa okungagunyaziwe kwedatha edlulisiwe.
U3. Ukwephulwa kobunikazi bedatha edlulisiwe.
U1. Ukufinyelela okungagunyaziwe kudatha edlulisiwe
Ukubola
U1.1. <…>, kwenziwa ezindaweni zokugcina noma eziphakathi:
U1.1.1. <…> ngokufunda idatha ngenkathi ingaphakathi kwedivayisi yokugcina umsingathi:
U1.1.1.1. <…> ku-RAM.
Izincazelo ze-U1.1.1.1.
Isibonelo, phakathi nokucutshungulwa kwedatha yisitaki senethiwekhi sosokhaya.
U1.1.1.2. <…> kumemori engaguquki.
Izincazelo ze-U1.1.1.2.
Isibonelo, lapho ugcina idatha edlulisiwe kunqolobane, amafayela esikhashana noma amafayela ashintshiwe.
U1.2. <…>, kwenziwa kumanodi ezinkampani zangaphandle zenethiwekhi yedatha:
U1.2.1. <…> ngendlela yokuthwebula wonke amaphakethe afika kunethiwekhi yomsingathi:
Izincazelo ze-U1.2.1.
Ukuthwebula wonke amaphakethe kwenziwa ngokushintsha ikhadi lenethiwekhi kumodi yokuziphatha okubi (imodi yokuziphatha okubi yama-adaptha anezintambo noma imodi yokuqapha yama-adaptha e-wi-fi).
U1.2.2. <…> ngokwenza ukuhlasela kwe-man-in-the-middle (MiTM), kodwa ngaphandle kokulungisa idatha edlulisiwe (ingabalwa idatha yesevisi yephrothokholi yenethiwekhi).
U1.2.2.1. Isixhumanisi: .
U1.3. <…>, okwenziwa ngenxa yokuvuza kolwazi ngamashaneli obuchwepheshe (TKUI) kusuka kumanodi aphathekayo noma imigqa yokuxhumana.
U1.4. <…>, eyenziwa ngokufaka izindlela zobuchwepheshe ezikhethekile (STS) ekugcineni noma izindawo eziphakathi nendawo, ezihloselwe ukuqoqwa kolwazi oluyimfihlo.
U2. Ukuguqulwa okungagunyaziwe kwedatha edlulisiwe
Ukubola
U2.1. <…>, kwenziwa ezindaweni zokugcina noma eziphakathi:
U2.1.1. <…> ngokufunda nokwenza izinguquko kudatha ngenkathi isemishinini yokugcina yamanodi:
U2.1.1.1. <…> ku-RAM:
U2.1.1.2. <…> kumemori engaguquki:
U2.2. <…>, kwenziwa kumanodi ezinkampani zangaphandle zenethiwekhi yokudlulisa idatha:
U2.2.1. <…> ngokwenza ukuhlasela kwe-man-in-the-middle (MiTM) nokuqondisa kabusha ithrafikhi endaweni yabahlaseli:
U2.2.1.1. Ukuxhumeka okungokoqobo kwempahla yabahlaseli kubangela ukuba uxhumo lwenethiwekhi luphuke.
U2.2.1.2. Ukuhlasela kumaphrothokholi enethiwekhi:
U2.2.1.2.1. <…> ukuphathwa kwamanethiwekhi endawo abonakalayo (VLAN):
U2.2.1.2.1.1. .
U2.2.1.2.1.2. Ukuguqulwa okungagunyaziwe kwezilungiselelo ze-VLAN kumaswishi noma amarutha.
U2.2.1.2.2. <…> umzila wethrafikhi:
U2.2.1.2.2.1. Ukuguqulwa okungagunyaziwe kwamathebula omzila amile wamarutha.
U2.2.1.2.2.2. Isimemezelo semizila engamanga ngabahlaseli ngamaphrothokholi omzila aguqukayo.
U2.2.1.2.3. <…> ukumisa okuzenzakalelayo:
U2.2.1.2.3.1. .
U2.2.1.2.3.2. .
U2.2.1.2.4. <…> ikheli kanye nokulungiswa kwegama:
U2.2.1.2.4.1. .
U2.2.1.2.4.2. .
U2.2.1.2.4.3. Ukwenza izinguquko ezingagunyaziwe kumafayela egama lomsingathi wendawo (abasingathi, ama-lmhosts, njll.)
U3. Ukwephulwa kwe-copyright yedatha edlulisiwe
Ukubola
U3.1. Ukungathathi hlangothi kwezinqubo zokunquma ubunikazi bolwazi ngokubonisa ulwazi olungamanga ngombhali noma umthombo wedatha:
U3.1.1. Ukushintsha ulwazi mayelana nombhali equkethwe ulwazi ngocansi.
U3.1.1.1. Ukungathathi hlangothi kokuvikelwa kwe-cryptographic kobuqotho kanye nobunikazi bedatha edlulisiwe:
U3.1.1.1.1. Isixhumanisi: .
U3.1.1.2. Ukungathathi hlangothi kokuvikelwa kwe-copyright kwedatha edlulisiwe, okusetshenziswa kusetshenziswa amakhodi okuqinisekisa esikhathi esisodwa:
U3.1.1.2.1. .
U3.1.2. Ukushintsha ulwazi mayelana nomthombo wolwazi oludlulisiwe:
U3.1.2.1. .
U3.1.2.2. .
TYPICAL THREAT MODEL. UHLELO LOLWAZI OLWAKHIWE ESISEKENI SE-ARCHITECTURE YECALIENTE-SERVER
Into yokuvikela lapho kusetshenziswa khona imodeli yokusongela (ububanzi).
Inhloso yokuvikelwa wuhlelo lolwazi olwakhelwe phezu kwesisekelo sesakhiwo seseva yeklayenti.
bokwakha
Incazelo yezinto zokwakha:
- "Iklayenti" – idivaysi lapho iklayenti ingxenye yesistimu yolwazi isebenza khona.
- "Iseva" – idivaysi lapho ingxenye yeseva yohlelo lolwazi isebenza khona.
- "Isitolo sedatha" - ingxenye yengqalasizinda yeseva yesistimu yolwazi, eklanyelwe ukugcina idatha ecutshungulwe uhlelo lolwazi.
- "Uxhumano lwenethiwekhi" — ishaneli yokushintshisana ngolwazi phakathi kweKlayenti neseva edlula kunethiwekhi yedatha. Incazelo enemininingwane eyengeziwe yemodeli ye-elementi inikezwe .
Izithibelo
Lapho wenza imodeli yento, imikhawulo elandelayo isethiwe:
- Umsebenzisi usebenzisana nesistimu yolwazi phakathi nezikhathi ezinqunyelwe, ezibizwa ngokuthi amaseshini omsebenzi.
- Ekuqaleni kweseshini ngayinye yomsebenzi, umsebenzisi uyakhonjwa, agunyazwe futhi agunyazwe.
- Yonke imininingwane evikelwe igcinwa engxenyeni yeseva yohlelo lolwazi.
Izinsongo zokuphepha ezisezingeni eliphezulu
Ukubola
U1. Ukwenza izenzo ezingagunyaziwe ngabahlaseli egameni lomsebenzisi osemthethweni.
U2. Ukuguqulwa okungagunyaziwe kolwazi oluvikelwe phakathi nokucutshungulwa kwalo yingxenye yeseva yesistimu yolwazi.
U1. Ukwenza izenzo ezingagunyaziwe ngabahlaseli egameni lomsebenzisi osemthethweni
Izincazelo
Ngokuvamile ezinhlelweni zolwazi, izenzo zihlotshaniswa nomsebenzisi ozenzile esebenzisa:
- izingodo zokusebenza kwesistimu (amalogi).
- izibaluli ezikhethekile zezinto zedatha eziqukethe ulwazi mayelana nomsebenzisi ozidalile noma ozilungisile.
Ngokuphathelene neseshini yomsebenzi, lolu songo lungahlukaniswa lube:
- <…> yenziwe ngaphakathi kweseshini yomsebenzisi.
- <…> yenziwe ngaphandle kweseshini yomsebenzisi.
Iseshini yomsebenzisi ingaqalwa:
- Ngomsebenzisi ngokwakhe.
- Abenzi bobubi.
Kulesi sigaba, ukubola okuphakathi kwalolu songo kuzobukeka kanje:
U1.1. Izenzo ezingagunyaziwe zenziwe phakathi nesikhathi somsebenzisi:
U1.1.1. <...> ifakwe umsebenzisi ohlaselwe.
U1.1.2. <...> ifakwe abahlaseli.
U1.2. Izenzo ezingagunyaziwe zenziwe ngaphandle kwesikhathi somsebenzisi.
Ngokombono wezinto zengqalasizinda yolwazi ezingathintwa abahlaseli, ukubola kwezinsongo ezimaphakathi kuzobukeka kanje:
Izinto
Ukubola kosongo
U1.1.1.
U1.1.2.
U1.2.
Ikhasimende
U1.1.1.1.
U1.1.2.1.
Uxhumano lwenethiwekhi
U1.1.1.2.
Iseva
U1.2.1.
Ukubola
U1.1. Izenzo ezingagunyaziwe zenziwe phakathi nesikhathi somsebenzisi:
U1.1.1. <...> ifakwe umsebenzisi ohlaselwe:
U1.1.1.1. Abahlaseli basebenze ngokuzimela kuKlayenti:
U1.1.1.1.1 Abahlaseli basebenzise amathuluzi ajwayelekile okufinyelela ohlelweni lolwazi:
У1.1.1.1.1.1. Abahlaseli basebenzise okokufaka/okuphumayo okuphathekayo kweklayenti (ikhibhodi, igundane, ukuqapha noma isikrini sokuthinta sedivayisi yeselula):
U1.1.1.1.1.1.1. Abahlaseli basebenze phakathi nezikhathi lapho iseshini isebenza, izindawo ze-I/O zazitholakala, futhi umsebenzisi wayengekho.
У1.1.1.1.1.2. Abahlaseli basebenzise amathuluzi okulawula okukude (okujwayelekile noma ahlinzekwe ngekhodi enonya) ukuze balawule Iklayenti:
U1.1.1.1.1.2.1. Abahlaseli basebenze phakathi nezikhathi lapho iseshini isebenza, izindawo ze-I/O zazitholakala, futhi umsebenzisi wayengekho.
U1.1.1.1.1.2.2. Abahlaseli basebenzise amathuluzi okuphatha akude, ukusebenza kwawo okungabonakali kumsebenzisi ohlaselwe.
U1.1.1.2. Abahlaseli bamiselele idatha ekuxhumaneni kwenethiwekhi phakathi kweKlayenti kanye Neseva, beyilungisa ngendlela yokuthi kubonakale njengezenzo zomsebenzisi osemthethweni:
U1.1.1.2.1. Isixhumanisi: .
U1.1.1.3. Abahlaseli baphoqe umsebenzisi ukuthi enze izenzo abazishilo esebenzisa izindlela zobunjiniyela bomphakathi.
У1.1.2 <…> ifakwe abahlaseli:
U1.1.2.1. Abahlaseli benze ngeKlayenti (И):
U1.1.2.1.1. Abahlaseli banciphise isistimu yokulawula ukufinyelela yesistimu yolwazi:
U1.1.2.1.1.1. Isixhumanisi: .
У1.1.2.1.2. Abahlaseli basebenzise amathuluzi ajwayelekile okufinyelela esistimu yolwazi
U1.1.2.2. Abahlaseli basebenze besuka kwamanye amanodi enethiwekhi yedatha, lapho kungaqalwa khona ukuxhumana kwenethiwekhi Kuseva (И):
U1.1.2.2.1. Abahlaseli banciphise isistimu yokulawula ukufinyelela yesistimu yolwazi:
U1.1.2.2.1.1. Isixhumanisi: .
U1.1.2.2.2. Abahlaseli basebenzise izindlela ezingajwayelekile zokufinyelela ohlelweni lolwazi.
Izincazelo U1.1.2.2.2.
Abahlaseli bangafaka iklayenti elijwayelekile lesistimu yolwazi ku-node yenkampani yangaphandle noma bangasebenzisa isofthiwe engajwayelekile esebenzisa izimiso zokushintshisana ezijwayelekile phakathi kweKlayenti kanye Neseva.
U1.2 Izenzo ezingagunyaziwe zenziwe ngaphandle kwesikhathi somsebenzisi.
U1.2.1 Abahlaseli benze izenzo ezingagunyaziwe base benza izinguquko ezingagunyaziwe kumalogi okusebenza kwesistimu yolwazi noma izibaluli ezikhethekile zezinto zedatha, okubonisa ukuthi izenzo abazenzile zenziwe umsebenzisi osemthethweni.
U2. Ukuguqulwa okungagunyaziwe kolwazi oluvikelwe phakathi nokucutshungulwa kwalo yingxenye yeseva yesistimu yolwazi
Ukubola
U2.1. Abahlaseli bashintsha ulwazi oluvikelwe besebenzisa amathuluzi esistimu yolwazi olujwayelekile futhi lokhu bakwenzela umsebenzisi osemthethweni.
U2.1.1. Isixhumanisi: .
U2.2. Abahlaseli bashintsha ulwazi oluvikelwe ngokusebenzisa izindlela zokufinyelela idatha ezinganikezwanga ukusebenza okuvamile kwesistimu yolwazi.
U2.2.1. Abahlaseli balungisa amafayela aqukethe ulwazi oluvikelwe:
U2.2.1.1. <…>, kusetshenziswa izindlela zokuphatha ifayela ezinikezwe isistimu yokusebenza.
U2.2.1.2. <…> ngokuvusa ukubuyiselwa kwamafayela ekhophi eyisipele elungisiwe engagunyaziwe.
U2.2.2. Abahlaseli balungisa imininingwane evikelwe egcinwe kusizindalwazi (И):
U2.2.2.1. Abahlaseli banciphisa uhlelo lokulawula ukufinyelela lwe-DBMS:
U2.2.2.1.1. Isixhumanisi: .
U2.2.2.2. Abahlaseli balungisa ulwazi besebenzisa izixhumi ezibonakalayo ze-DBMS ukuze bafinyelele idatha.
U2.3. Abahlaseli bashintsha ulwazi oluvikelwe ngokuguqulwa okungagunyaziwe kwe-algorithms yokusebenza yesofthiwe eyicubungulayo.
U2.3.1. Ikhodi yomthombo yesofthiwe ingaphansi kokuguqulwa.
U2.3.1. Ikhodi yomshini yesofthiwe ingaphansi kokuguqulwa.
U2.4. Abahlaseli bashintsha ulwazi oluvikelwe ngokusebenzisa ubungozi kusofthiwe yesistimu yolwazi.
U2.5. Abahlaseli bashintsha imininingwane evikelwe lapho idluliswa phakathi kwezingxenye zengxenye yeseva yesistimu yolwazi (isibonelo, iseva yedathabheyisi kanye neseva yohlelo lokusebenza):
U2.5.1. Isixhumanisi: .
TYPICAL THREAT MODEL. UHLELO LOKULAWULA UKUFINYELELA
Into yokuvikela lapho kusetshenziswa khona imodeli yokusongela (ububanzi).
Into yokuvikela okusetshenziswa kuyo le modeli yokusongela ihambisana nento evikelayo yemodeli yosongo: “Imodeli yosongo evamile. Uhlelo lolwazi olwakhelwe ekwakhiweni kwe-client-server. ”
Kule modeli yokusongela, isistimu yokulawula ukufinyelela komsebenzisi isho ingxenye yesistimu yolwazi esebenzisa le misebenzi elandelayo:
- Ukuhlonza umsebenzisi.
- Ukuqinisekisa komsebenzisi.
- Ukugunyazwa komsebenzisi.
- Izenzo zomsebenzisi zokungena.
Izinsongo zokuphepha ezisezingeni eliphezulu
Ukubola
U1. Ukusungulwa okungagunyaziwe kweseshini egameni lomsebenzisi osemthethweni.
U2. Ukwenyuka okungagunyaziwe kwamalungelo abasebenzisi ohlelweni lolwazi.
U1. Ukusungulwa okungagunyaziwe kweseshini egameni lomsebenzisi osemthethweni
Izincazelo
Ukubola kwalokhu kusongela kuzoncika ohlotsheni lokukhonjwa komsebenzisi kanye nezinhlelo zokuqinisekisa ezisetshenziswayo.
Kule modeli, kuzocatshangelwa kuphela ukuhlonza komsebenzisi nohlelo lokuqinisekisa olusebenzisa ukungena ngemvume kombhalo nephasiwedi. Kulesi simo, sizothatha ngokuthi ukungena ngemvume komsebenzisi kuwulwazi olutholakala esidlangalaleni olwaziwa ngabahlaseli.
Ukubola
U1.1. <…> ngenxa yokwehliswa kwemininingwane:
U1.1.1. Abahlaseli bafake engozini iziqinisekiso zomsebenzisi ngenkathi bezigcina.
Izincazelo U1.1.1.
Isibonelo, imininingwane ingabhalwa kunothi elinamathelayo elinamathiselwe kusiqapha.
U1.1.2. Umsebenzisi udlulisele ngephutha imininingwane yokufinyelela kubahlaseli.
U1.1.2.1. Umsebenzisi ukhulume izifakazelo ngokuzwakalayo njengoba bengena.
U1.1.2.2. Umsebenzisi wabelane ngemininingwane yakhe ngamabomu:
U1.1.2.2.1. <…> ukusebenza nozakwethu.
Izincazelo U1.1.2.2.1.
Isibonelo, ukuze bakwazi ukuyibuyisela ngesikhathi sokugula.
U1.1.2.2.2. <...> kosonkontileka bomqashi abenza umsebenzi ezintweni zengqalasizinda yolwazi.
U1.1.2.2.3. <…> kubantu besithathu.
Izincazelo U1.1.2.2.3.
Enye, kodwa akuyona ukuphela kwenketho yokusebenzisa lolu songo ukusetshenziswa kwezindlela zobunjiniyela bomphakathi ngabahlaseli.
U1.1.3. Abahlaseli bakhethe imininingwane besebenzisa izindlela ze-brute force:
U1.1.3.1. <…> kusetshenziswa izindlela zokufinyelela ezijwayelekile.
U1.1.3.2. <…> kusetshenziswa amakhodi abanjwe ngaphambilini (isibonelo, ama-hashi ephasiwedi) ukuze kugcinwe imininingwane.
U1.1.4. Abahlaseli basebenzise ikhodi enonya ukuze babambe izifakazelo zomsebenzisi.
U1.1.5. Abahlaseli bakhiphe izifakazelo ekuxhumekeni kwenethiwekhi phakathi kweKlayenti kanye Neseva:
U1.1.5.1. Isixhumanisi: .
U1.1.6. Abahlaseli bakhiphe izifakazelo kumarekhodi amasistimu okuqapha umsebenzi:
U1.1.6.1. <…> amasistimu wokugada amavidiyo (uma ama-keystrokes kukhibhodi arekhodwa phakathi nokusebenza).
U1.1.6.2. <…> amasistimu okuqapha izenzo zabasebenzi kukhompuyutha
Izincazelo U1.1.6.2.
Isibonelo sohlelo olunjalo .
U1.1.7. Abahlaseli bafake engozini iziqinisekiso zomsebenzisi ngenxa yamaphutha enqubo yokudlulisela.
Izincazelo U1.1.7.
Isibonelo, ukuthumela amaphasiwedi ngombhalo ocacile nge-imeyili.
U1.1.8. Abahlaseli bathole imininingwane ngokuqapha isikhathi somsebenzisi besebenzisa amasistimu okulawula akude.
U1.1.9. Abahlaseli bathole iziqinisekiso ngenxa yokuputshuka kwabo ngamashaneli obuchwepheshe (TCUI):
U1.1.9.1. Abahlaseli babone ukuthi umsebenzisi ufake kanjani imininingwane esuka kukhibhodi:
U1.1.9.1.1 Abahlaseli bebebekwe eduze nomsebenzisi futhi babone ukufakwa kwemininingwane ngeso labo.
Izincazelo U1.1.9.1.1
Izimo ezinjalo zihlanganisa izenzo zozakwethu bomsebenzi noma icala lapho ikhibhodi yomsebenzisi ibonakala ezivakashini zenhlangano.
U1.1.9.1.2 Abahlaseli basebenzise izindlela zobuchwepheshe ezengeziwe, njengezibonakude noma imoto yasemoyeni engenamuntu, futhi babone kufakwa izincwadi ngefasitela.
U1.1.9.2. Abahlaseli bakhiphe izifakazelo ekuxhumaneni nomsakazo phakathi kwekhibhodi neyunithi yesistimu yekhompyutha lapho bexhunywe ngoxhumo lomsakazo (isibonelo, i-Bluetooth).
U1.1.9.3. Abahlaseli babambe iziqinisekiso ngokuzivuza ngomzila wemisebe ye-electromagnetic engamanga kanye nokuphazamiseka (PEMIN).
Izincazelo U1.1.9.3.
Izibonelo zokuhlasela и .
U1.1.9.4. Umhlaseli ubambe ukufakwa kwemininingwane evela kukhibhodi esebenzisa izindlela zobuchwepheshe ezikhethekile (STS) ezidizayinelwe ukuthola ulwazi ngokuyimfihlo.
Izincazelo U1.1.9.4.
Izibonelo .
U1.1.9.5. Abahlaseli bahlangabeze okokufaka kwemininingwane evela kukhibhodi besebenzisa
ukuhlaziywa kwesiginali ye-Wi-Fi elungiswe inqubo yomsebenzisi yokuchofoza ukhiye.
Izincazelo U1.1.9.5.
Isibonelo: .
U1.1.9.6. Abahlaseli babambe okufakwayo kokuqinisekisa okuvela kukhibhodi ngokuhlaziya imisindo yamakhiya.
Izincazelo U1.1.9.6.
Isibonelo: .
U1.1.9.7. Abahlaseli babambe ukufakwa kwemininingwane evela kukhibhodi yedivayisi yeselula ngokuhlaziya ukufundwa kwe-accelerometer.
Izincazelo U1.1.9.7.
Isibonelo: .
U1.1.10. <…>, ilondolozwe ngaphambilini kuKlayenti.
Izincazelo U1.1.10.
Isibonelo, umsebenzisi angagcina ukungena ngemvume nephasiwedi esipheqululini ukuze afinyelele isayithi elithile.
U1.1.11. Abahlaseli bafake engozini iziqinisekiso ngenxa yamaphutha enqubweni yokuhoxisa ukufinyelela komsebenzisi.
Izincazelo U1.1.11.
Ngokwesibonelo, ngemva kokuxoshwa komsebenzisi, ama-akhawunti akhe ahlala evuliwe.
U1.2. <…> ngokusebenzisa ubungozi ohlelweni lokulawula ukufinyelela.
U2. Ukuphakama okungagunyaziwe kwamalungelo abasebenzisi ohlelweni lolwazi
Ukubola
U2.1 <…> ngokwenza izinguquko ezingagunyaziwe kudatha equkethe ulwazi mayelana namalungelo omsebenzisi.
U2.2 <…> ngokusebenzisa ubungozi ohlelweni lokulawula ukufinyelela.
U2.3. <…> ngenxa yokushiyeka kunqubo yokulawula ukufinyelela komsebenzisi.
Izincazelo U2.3.
Isibonelo 1. Umsebenzisi unikezwe ukufinyelela okwengeziwe emsebenzini kunalokho abekudinga ngenxa yezizathu zebhizinisi.
Isibonelo sesi-2: Ngemva kokuthi umsebenzisi edluliselwe kwesinye isikhundla, amalungelo okufinyelela anikezwe ngaphambilini awazange ahoxiswe.
TYPICAL THREAT MODEL. IMODULI YOKUHLANGANISA
Into yokuvikela lapho kusetshenziswa khona imodeli yokusongela (ububanzi).
Imojula yokuhlanganisa iqoqo lezinto zengqalasizinda yolwazi eziklanyelwe ukuhlela ukushintshana kolwazi phakathi kwezinhlelo zolwazi.
Uma kucatshangelwa iqiniso lokuthi kumanethiwekhi ezinkampani akwenzeki ngaso sonke isikhathi ukuhlukanisa ngokusobala uhlelo olulodwa lwemininingwane kolunye, imojula yokuhlanganisa ingabuye ibhekwe njengesixhumanisi esixhumanisa phakathi kwezingxenye ngaphakathi kwesistimu eyodwa yolwazi.
bokwakha
Umdwebo ojwayelekile wemojula yokuhlanganisa ubukeka kanje:
Incazelo yezinto zokwakha:
- "Iseva Yokushintshana (SO)" – i-node/isevisi/ingxenye yohlelo lolwazi elenza umsebenzi wokushintshana ngedatha nolunye uhlelo lolwazi.
- "Umlamuleli" - i-node/isevisi eklanyelwe ukuhlela ukuxhumana phakathi kwezinhlelo zolwazi, kodwa hhayi ingxenye yazo.
Izibonelo "Abalamuli" kungase kube nezinsizakalo ze-imeyili, amabhasi esevisi yebhizinisi (ibhasi lensiza yebhizinisi / izakhiwo ze-SoA), amaseva wefayela lomuntu wesithathu, njll. Ngokuvamile, imojula yokuhlanganisa ingase ingaqukathi "Abalamuli". - "Isoftware yokucubungula idatha" - isethi yezinhlelo ezisebenzisa izivumelwano zokushintshana kwedatha kanye nokuguqulwa kwefomethi.
Isibonelo, ukuguqula idatha isuka kufomethi ye-UFEBS iye kufomethi ye-ABS, ukushintsha izimo zomlayezo ngesikhathi sokudlulisa, njll. - "Uxhumano lwenethiwekhi" ihambisana nento echazwe kumodeli evamile yokusongela "Uxhumano Lwenethiwekhi". Okunye kokuxhumana kwenethiwekhi okuboniswe kumdwebo ongenhla kungenzeka ukuthi akukho.
Izibonelo zamamojula wokuhlanganisa
Uhlelo 1. Ukuhlanganiswa kwe-ABS ne-AWS KBR kusetshenziswa iseva yefayela lomuntu wesithathu
Ukuze kwenziwe izinkokhelo, umsebenzi wasebhange ogunyaziwe ulanda amadokhumenti okukhokha nge-elekthronikhi ohlelweni lwebhange oluyinhloko futhi awalondoloze efayelini (ngefomethi yalo, isibonelo ukulahlwa kwe-SQL) kufolda yenethiwekhi (...SHARE) kuseva yefayela. Bese leli fayela liguqulwa kusetshenziswa iskripthi sokuguqula libe yiqoqo lamafayela ngefomethi ye-UFEBS, abese efundwa isikhungo sokusebenzela se-CBD.
Ngemuva kwalokhu, isisebenzi esigunyaziwe - umsebenzisi wendawo yokusebenza ezenzakalelayo i-KBR - ibhala ngemfihlo futhi isayine amafayela atholakele futhi iwathumele ohlelweni lokukhokha lweBhange LaseRussia.
Lapho izinkokhelo zitholwa eBhange LaseRussia, indawo yokusebenza ezenzakalelayo ye-KBR iyazisusa bese ihlola isiginesha ye-elekthronikhi, ngemva kwalokho iwaqopha ngendlela yeqoqo lamafayela ngefomethi ye-UFEBS kuseva yefayela. Ngaphambi kokungenisa amadokhumenti okukhokha ku-ABS, aguqulwa kusetshenziswa umbhalo wokuguqula usuka kufomethi ye-UFEBS ukuya kufomethi ye-ABS.
Sizothatha ngokuthi kulolu hlelo, i-ABS isebenza kuseva eyodwa ebonakalayo, indawo yokusebenzela ye-KBR isebenza kukhompyutha ezinikezele, futhi umbhalo wokuguqula usebenza kuseva yefayela.
Ukuxhumana kwezinto zomdwebo ocatshangelwe ezintweni zemodeli yemojuli yokuhlanganisa:
"Shintsha iseva ohlangothini lwe-ABS" - Iseva ye-ABS.
"Shintsha iseva ohlangothini lwe-AWS KBR" - indawo yokusebenza yekhompyutha i-KBR.
"Umlamuleli" – iseva yefayela yomuntu wesithathu.
"Isoftware yokucubungula idatha" - iskripthi sokuguqula.
Uhlelo 2. Ukuhlanganiswa kwe-ABS ne-AWS KBR lapho kubekwa ifolda yenethiwekhi eyabelwe enezinkokhelo ku-AWS KBR
Yonke into iyafana neSikimu 1, kodwa iseva yefayela ehlukile ayisetshenziswa, esikhundleni salokho, ifolda yenethiwekhi (...SHARE) enamadokhumenti okukhokha nge-elekthronikhi ifakwa kukhompyutha enendawo yokusebenza ye-CBD. Iskripthi sokuguqula siphinde sisebenze endaweni yokusebenza ye-CBD.
Ukuxhumana kwezinto zomdwebo ocatshangelwe ezintweni zemodeli yemojuli yokuhlanganisa:
Kufana neSikimu 1, kodwa "Umlamuleli" engasetshenzisiwe.
Uhlelo 3. Ukuhlanganiswa kwe-ABS nendawo yokusebenza okuzenzakalelayo KBR-N nge-IBM WebSphera MQ kanye nokusayinwa kwemibhalo ye-elekthronikhi “sohlangothini lwe-ABS”
I-ABS isebenza endaweni engasekelwe Isiginesha ye-CIPF SCAD. Ukusayinwa kwemibhalo ye-elekthronikhi ephumayo kwenziwa kuseva ekhethekile yesiginesha ye-elekthronikhi (i-ES Server). Iseva efanayo ihlola isiginesha ye-elekthronikhi kumadokhumenti angenayo evela eBhange LaseRussia.
I-ABS ilayisha ifayela elinamadokhumenti okukhokha ngefomethi yalo ku-ES Server.
Iseva ye-ES, isebenzisa umbhalo wokuguqula, iguqula ifayela libe yimilayezo ye-elekthronikhi ngefomethi ye-UFEBS, ngemva kwalokho imilayezo ye-elekthronikhi isayinwe futhi idluliselwe ku-IBM WebSphere MQ.
Indawo yokusebenzela ye-KBR-N ifinyelela ku-IBM WebSphere MQ futhi ithola imilayezo yokukhokha esayiniwe esuka lapho, ngemva kwalokho isisebenzi esigunyaziwe - umsebenzisi wesiteshi sokusebenzela se-KBR - siyibhale ngemfihlo futhi siyithumele ohlelweni lokukhokha lweBhange LaseRussia.
Uma izinkokhelo zitholwa eBhange LaseRussia, indawo yokusebenza ezenzakalelayo i-KBR-N iyazisusa futhi iqinisekise isiginesha ye-elekthronikhi. Izinkokhelo ezicutshungulwe ngempumelelo ngendlela yemilayezo ye-elekthronikhi esuswe ukubethela nesayinwe ngefomethi ye-UFEBS idluliselwa ku-IBM WebSphere MQ, ukusuka lapho itholwa khona Iseva Yesiginesha ye-Electronic.
Iseva yesiginesha ye-elekthronikhi iqinisekisa isiginesha ye-elekthronikhi yezinkokhelo ezitholiwe futhi izigcina kufayela ngefomethi ye-ABS. Ngemva kwalokhu, umsebenzi ogunyaziwe - umsebenzisi we-ABS - ulayisha ifayela eliwumphumela ku-ABS ngendlela enqunyiwe.
Ukuxhumana kwezinto zomdwebo ocatshangelwe ezintweni zemodeli yemojuli yokuhlanganisa:
"Shintsha iseva ohlangothini lwe-ABS" - Iseva ye-ABS.
"Shintsha iseva ohlangothini lwe-AWS KBR" - indawo yokusebenza yekhompyutha i-KBR.
"Umlamuleli" - Iseva ye-ES kanye ne-IBM WebSphere MQ.
"Isoftware yokucubungula idatha" - Isiguquli sombhalo, Isiginesha ye-CIPF SCAD Kuseva ye-ES.
Uhlelo 4. Ukuhlanganiswa Kweseva ye-RBS kanye nesistimu yebhange eyinhloko nge-API ehlinzekwa iseva yokushintshisana ezinikele.
Sizothatha ngokuthi ibhange lisebenzisa amasistimu amabhange akude (RBS):
- "I-Internet Client-Bank" yabantu ngabanye (IKB FL);
- "I-Internet Client-Bank" yezinhlangano ezisemthethweni (IKB LE).
Ukuze kuqinisekiswe ukuphepha kolwazi, konke ukusebenzisana phakathi kwe-ABS nezinhlelo zamabhange akude kwenziwa ngeseva yokushintshisana ezinikele esebenza ngaphakathi kohlaka lwesistimu yolwazi ye-ABS.
Okulandelayo, sizocubungula inqubo yokusebenzisana phakathi kwesistimu ye-RBS ye-IKB LE ne-ABS.
Iseva ye-RBS, ngemva kokuthola i-oda lokukhokha eliqinisekiswe ngokufanelekile kuklayenti, kufanele yakhe idokhumenti ehambisanayo ku-ABS ngokusekelwe kuyo. Ukuze wenze lokhu, usebenzisa i-API, idlulisela ulwazi kuseva yokushintshanisa, yona, ifaka idatha ku-ABS.
Lapho ibhalansi ye-akhawunti yeklayenti ishintsha, i-ABS ikhiqiza izaziso ze-elekthronikhi, ezidluliselwa kuseva yebhange elikude kusetshenziswa iseva yokushintshanisa.
Ukuxhumana kwezinto zomdwebo ocatshangelwe ezintweni zemodeli yemojuli yokuhlanganisa:
"Shintsha iseva ohlangothini lwe-RBS" - Iseva ye-RBS ye-IKB YUL.
"Shintsha iseva ohlangothini lwe-ABS" – iseva yokushintshisana.
"Umlamuleli" - engekho.
"Isoftware yokucubungula idatha" - Izingxenye zeseva ye-RBS ezinesibopho sokusebenzisa i-API yeseva yokushintshisana, izingxenye zeseva zokushintshana ezinomthwalo wemfanelo wokusebenzisa i-API yasebhange eyinhloko.
Izinsongo zokuphepha ezisezingeni eliphezulu
Ukubola
U1. Ukujovwa kolwazi olungamanga ngabahlaseli ngemojula yokuhlanganisa.
U1. Ukujovwa kolwazi olungamanga ngabahlaseli ngemojula yokuhlanganisa
Ukubola
U1.1. Ukuguqulwa okungagunyaziwe kwedatha esemthethweni uma idluliswa ngoxhumo lwenethiwekhi:
U1.1.1 Isixhumanisi: .
U1.2. Ukudluliswa kwedatha engamanga ngamashaneli okuxhumana egameni lomhlanganyeli wokushintshana osemthethweni:
U1.1.2 Isixhumanisi: .
U1.3. Ukuguqulwa okungagunyaziwe kwedatha esemthethweni phakathi nokucutshungulwa kwayo ku-Exchange Servers noma uMlamuli:
U1.3.1. Isixhumanisi: .
U1.4. Ukudalwa kwedatha engamanga kumaseva e-Exchange noma uMlamuli egameni lomhlanganyeli wokushintshana osemthethweni:
U1.4.1. Isixhumanisi:
U1.5. Ukuguqulwa okungagunyaziwe kwedatha uma kusetshenzwa kusetshenziswa isofthiwe yokucubungula idatha:
U1.5.1. <…> ngenxa yabahlaseli abenza izinguquko ezingagunyaziwe kuzilungiselelo (ukulungiselelwa) kwesofthiwe yokucubungula idatha.
U1.5.2. <…> ngenxa yabahlaseli abenza izinguquko ezingagunyaziwe kumafayela asebenzisekayo wesofthiwe yokucubungula idatha.
U1.5.3. <…> ngenxa yokulawulwa okusebenzisanayo kwesofthiwe yokucubungula idatha ngabahlaseli.
TYPICAL THREAT MODEL. I-CRYPTOGRAPHIC INFORMATION PROTECTION SYSTEM
Into yokuvikela lapho kusetshenziswa khona imodeli yokusongela (ububanzi).
Inhloso yokuvikela uhlelo lokuvikela ulwazi lwe-cryptographic olusetshenziselwa ukuqinisekisa ukuphepha kohlelo lolwazi.
bokwakha
Isisekelo sanoma iyiphi isistimu yolwazi isofthiwe yohlelo lokusebenza esebenzisa ukusebenza kwayo okuhlosiwe.
Ukuvikelwa kwe-Cryptographic kuvame ukusetshenziswa ngokubiza ama-cryptographic primitives kusukela kungqondongqondo yebhizinisi yesofthiwe yohlelo lokusebenza, etholakala kumitapo yolwazi ekhethekile - ama-crypto cores.
I-Cryptographic primitives ihlanganisa imisebenzi ye-cryptographic esezingeni eliphansi, efana nale:
- bethela/susa ukubethela ibhulokhi yedatha;
- dala/qinisekisa isiginesha ye-elekthronikhi yebhulokhi yedatha;
- bala umsebenzi we-hash we-block data;
- khiqiza / layisha / layisha imininingwane yokhiye;
- nokunye.
Ingqondo yebhizinisi yesofthiwe yohlelo lokusebenza isebenzisa ukusebenza kwezinga eliphezulu kusetshenziswa ama-cryptographic primitives:
- bhala ngemfihlo ifayela usebenzisa izikhiye zabamukeli abakhethiwe;
- sungula uxhumano lwenethiwekhi oluvikelekile;
- yazisa ngemiphumela yokuhlola isiginesha ye-elekthronikhi;
- njll.
Ukusebenzisana kwe-logic yebhizinisi kanye ne-crypto core kungenziwa:
- ngokuqondile, ngomqondo webhizinisi obiza ama-cryptographic primitives kusuka kumalabhulali ashukumisayo we-crypto kernel (.DLL ye-Windows, .SO ye-Linux);
- ngokuqondile, ngokusebenzisa i-cryptographic interfaces - ama-wrappers, isibonelo, i-MS Crypto API, i-Java Cryptography Architecture, i-PKCS#11, njll. Kulokhu, ingqondo yebhizinisi ifinyelela ku-interface ye-crypto, futhi ihumusha ucingo ku-crypto core ohambisanayo, okuthi leli cala libizwa ngokuthi umhlinzeki we-crypto. Ukusetshenziswa kwe-cryptographic interfaces kuvumela isofthiwe yohlelo lokusebenza ukuthi ikhiphe kude nama-algorithms athile we-cryptographic futhi ibe nezimo eziguquguqukayo.
Kunezinhlelo ezimbili ezijwayelekile zokuhlela i-crypto core:
I-Scheme 1 - i-crypto core ye-Monolithic
Uhlelo 2 - Hlukanisa i-crypto core
Izinto ezikule midwebo engenhla zingaba amamojula esofthiwe ngayinye asebenza kukhompuyutha eyodwa noma amasevisi enethiwekhi asebenzisana ngaphakathi kwenethiwekhi yekhompyutha.
Uma usebenzisa amasistimu akhiwe ngokuvumelana ne-Scheme 1, isofthiwe yohlelo lokusebenza kanye ne-crypto core isebenza ngaphakathi kwendawo yokusebenza eyodwa yethuluzi le-crypto (SFC), isibonelo, kukhompyutha efanayo, esebenzisa isistimu yokusebenza efanayo. Umsebenzisi wesistimu, njengomthetho, angasebenzisa ezinye izinhlelo, kuhlanganise nalezo eziqukethe ikhodi enonya, ngaphakathi kwendawo yokusebenza efanayo. Ngaphansi kwezimo ezinjalo, kunobungozi obukhulu bokuvuza kokhiye abayimfihlo be-cryptographic.
Ukunciphisa ubungozi, kusetshenziswa uhlelo 2, lapho i-crypto core ihlukaniswe izingxenye ezimbili:
- Ingxenye yokuqala, kanye nesofthiwe yohlelo lokusebenza, isebenza endaweni engathenjwa lapho kunobungozi bokutheleleka ngekhodi engalungile. Sizobiza le ngxenye ngokuthi "ingxenye yesofthiwe".
- Ingxenye yesibili isebenza endaweni ethembekile kudivayisi ezinikele, equkethe isitoreji sokhiye oyimfihlo. Kusukela manje sizobiza le ngxenye ngokuthi "hardware".
Ukwehlukaniswa kwe-crypto core ibe izingxenye ze-software ne-hardware akunangqondo kakhulu. Kunezinhlelo emakethe ezakhiwe ngokohlelo olunomgogodla ohlukanisiwe we-crypto, kodwa ingxenye "ye-hardware" ethulwa ngendlela yesithombe somshini obonakalayo - i-HSM ebonakalayo ().
Ukusebenzisana kwazo zombili izingxenye ze-crypto core kwenzeka ngendlela yokuthi okhiye be-cryptographic abayimfihlo bangalokothi badluliselwe engxenyeni yesofthiwe futhi, ngokufanelekile, abanakuntshontshwa kusetshenziswa ikhodi enonya.
Isixhumi esibonakalayo sokusebenzisana (API) kanye nesethi yama-cryptographic primitives anikezwe isofthiwe yohlelo lokusebenza yi-crypto core kuyafana kuzo zombili izimo. Umehluko usendleleni ezisetshenziswa ngayo.
Ngakho-ke, lapho usebenzisa uhlelo olunomgogodla ohlukanisiwe we-crypto, ukusebenzisana kwesoftware ne-Hardware kwenziwa ngokulandela isimiso esilandelayo:
- Ama-primitives e-Cryptographic angadingi ukusetshenziswa kokhiye oyimfihlo (isibonelo, ukubala umsebenzi we-hash, ukuqinisekisa isiginesha ye-elekthronikhi, njll.) enziwa isofthiwe.
- Ama-primitives e-Cryptographic asebenzisa ukhiye oyimfihlo (ukudala isiginesha ye-elekthronikhi, ukususa ukubethela idatha, njll.) enziwa ihadiwe.
Ake sifanekise umsebenzi we-crypto core ehlukanisiwe sisebenzisa isibonelo sokwenza isiginesha ye-elekthronikhi:
- Ingxenye yesofthiwe ibala umsebenzi we-hashi wedatha esayiniwe bese idlulisela leli nani ku-hardware ngesiteshi sokushintshanisa phakathi kwama-crypto cores.
- Ingxenye yehadiwe, isebenzisa ukhiye wangasese kanye ne-hashi, ikhiqiza inani lesiginesha ye-elekthronikhi futhi iyidlulisele engxenyeni yesofthiwe ngesiteshi sokushintshisana.
- Ingxenye yesofthiwe ibuyisela inani elitholiwe kusofthiwe yohlelo lokusebenza.
Izici zokuhlola ukufaneleka kwesiginesha ye-elekthronikhi
Uma iqembu elitholayo lithola idatha esayiniwe nge-elekthronikhi, kufanele lithathe izinyathelo ezimbalwa zokuqinisekisa. Umphumela omuhle wokuhlola isiginesha ye-elekthronikhi ufinyelelwa kuphela uma zonke izigaba zokuqinisekisa ziqedwa ngempumelelo.
Isiteji 1. Ukulawulwa kobuqotho bedatha kanye nobunikazi bedatha.
Okuqukethwe esiteji. Isiginesha ye-elekthronikhi yedatha iqinisekiswa kusetshenziswa i-cryptographic algorithm efanelekile. Ukuqedwa ngempumelelo kwalesi sigaba kubonisa ukuthi idatha ayizange ilungiswe kusukela ngesikhathi isayinwa, futhi nokuthi isiginesha yenziwe ngokhiye oyimfihlo ohambisana nokhiye womphakathi ukuze kuqinisekiswe isiginesha ye-elekthronikhi.
Indawo yesiteji: i-crypto core.
Isigaba 2. Ukulawulwa kokuthemba ukhiye womphakathi womuntu osayinile kanye nokulawula isikhathi sokufaneleka kokhiye oyimfihlo wesiginisha ye-elekthronikhi.
Okuqukethwe esiteji. Isiteji siqukethe izigaba ezimbili eziphakathi nendawo. Okokuqala ukunquma ukuthi ingabe ukhiye osesidlangalaleni wokuqinisekisa isiginesha ye-elekthronikhi wawuthenjwa yini ngesikhathi sokusayina idatha. Eyesibili inquma ukuthi ingabe ukhiye oyimfihlo wesiginisha ye-elekthronikhi ubuvumelekile yini ngesikhathi sokusayina idatha. Ngokuvamile, izikhathi zokuqinisekisa zalabo khiye kungenzeka zingaqondani (isibonelo, ezitifiketini ezifanelekayo zokhiye bokuqinisekisa isiginesha ye-elekthronikhi). Izindlela zokuthola ukwethenjwa kokhiye womphakathi womuntu osayinileyo zinqunywa imithetho yokuphathwa kwedokhumenti ye-elekthronikhi eyamukelwa amaqembu asebenzisanayo.
Indawo yesiteji: isofthiwe yohlelo lokusebenza / i-crypto core.
Isigaba 3. Ukulawulwa kwegunya lalowo osayinayo.
Okuqukethwe esiteji. Ngokuhambisana nemithetho emisiwe yokuphathwa kwedokhumenti ye-elekthronikhi, kuyabhekwa ukuthi osayinile unelungelo lokuqinisekisa idatha evikelwe. Njengesibonelo, ake sinikeze isimo sokwephulwa kwegunya. Ake sithi kunenhlangano lapho zonke izisebenzi zinesignesha kagesi. Uhlelo lwangaphakathi lokuphathwa kwemibhalo ye-elekthronikhi luthola i-oda elivela kumphathi, kodwa lisayinwe ngesiginesha ye-elekthronikhi yomphathi we-warehouse. Ngakho-ke, idokhumenti enjalo ayikwazi ukubhekwa njengesemthethweni.
Indawo yesiteji: isofthiwe yohlelo lokusebenza.
Ukuqagela okwenziwe lapho kuchazwa into yokuvikela
- Iziteshi zokudlulisa ulwazi, ngaphandle kwamashaneli okushintshana abalulekile, ziphinde zidlule kusofthiwe yohlelo lokusebenza, i-API kanye ne-crypto core.
- Ulwazi mayelana nokuthembela kokhiye basesidlangalaleni kanye (noma) nezitifiketi, kanye nolwazi olumayelana namandla abanikazi bokhiye basesidlangalaleni, lubekwe esitolo sokhiye basesidlangalaleni.
- Isofthiwe yohlelo lokusebenza isebenza nesitolo sokhiye womphakathi ngokusebenzisa i-crypto kernel.
Isibonelo sohlelo lolwazi oluvikelwe kusetshenziswa i-CIPF
Ukukhombisa imidwebo eyethulwe ngaphambilini, ake sicabangele uhlelo lolwazi lokucatshangelwa futhi sigqamise zonke izici zesakhiwo kulo.
Incazelo yesistimu yolwazi
Lezi zinhlangano ezimbili zinqume ukwethula ukuphathwa kwemibhalo ye-elekthronikhi ebalulekile ngokusemthethweni (EDF) phakathi kwazo. Ukuze benze lokhu, bangena esivumelwaneni lapho babeka khona ukuthi imibhalo izothunyelwa nge-imeyili, futhi ngesikhathi esifanayo kufanele ibhalwe ngekhodi futhi isayinwe ngesiginesha ye-elekthronikhi efanelekayo. Izinhlelo zehhovisi ezivela kuphakheji ye-Microsoft Office 2016 kufanele zisetshenziswe njengamathuluzi okudala nokucubungula imibhalo, futhi i-CIPF CryptoPRO kanye nesofthiwe yokubethela i-CryptoARM kufanele isetshenziswe njengendlela yokuvikela i-cryptographic.
Incazelo yengqalasizinda yenhlangano 1
Inhlangano 1 inqume ukuthi izofaka isoftware ye-CIPF CryptoPRO kanye ne-CryptoARM endaweni yokusebenza yomsebenzisi - ikhompuyutha ephathekayo. Okhiye bokubethela kanye nesiginesha ye-elekthronikhi bazogcinwa kumidiya ye-ruToken key, esebenza kumodi yokhiye ebuyisekayo. Umsebenzisi uzolungisa amadokhumenti e-elekthronikhi endaweni ekhompyutheni yakhe, bese ebhala ngemfihlo, awasayine futhi ayithumele esebenzisa iklayenti le-imeyili elifakwe endaweni.
Incazelo yengqalasizinda yenhlangano 2
Inhlangano 2 inqume ukuhambisa ukubethela kanye nemisebenzi yesiginesha ye-elekthronikhi emshinini ozinikele obonakalayo. Kulokhu, yonke imisebenzi ye-cryptographic izokwenziwa ngokuzenzakalelayo.
Ukuze wenze lokhu, amafolda amabili enethiwekhi ahlelwa emshinini ozinikele obonakalayo: "...Ngena", "... Ngaphandle". Amafayela atholwe kozakwethu efomini elivuliwe azofakwa ngokuzenzakalelayo kufolda yenethiwekhi ethi “...In”. Lawa mafayela azosuswa ukubethela futhi isiginesha ye-elekthronikhi izoqinisekiswa.
Umsebenzisi uzobeka amafayela kufolda ethi “…Phuma” adinga ukubethelwa, asayinwe futhi athunyelwe komunye. Umsebenzisi uzolungiselela amafayela ngokwawo endaweni yakhe yokusebenza.
Ukuze wenze imisebenzi yokubhala ngemfihlo nemisebenzi yesiginesha ye-elekthronikhi, i-CIPF CryptoPRO, isofthiwe ye-CryptoARM kanye neklayenti le-imeyili kufakwa emshinini wokubuka. Ukuphatha okuzenzakalelayo kwazo zonke izici zomshini obonakalayo kuzokwenziwa kusetshenziswa imibhalo ethuthukiswe abaphathi besistimu. Umsebenzi weskripthi ungene kumafayela okungena.
Izikhiye ze-Cryptographic zesiginesha ye-elekthronikhi zizofakwa kuthokheni enokhiye ongabuyiseki we-JaCarta GOST, umsebenzisi azowuxhuma kukhompyutha yakhe yendawo.
Ithokheni izodluliselwa emshinini obonakalayo kusetshenziswa isofthiwe ekhethekile ye-USB-over-IP efakwe endaweni yokusebenza yomsebenzisi nasemshinini obonakalayo.
Iwashi lesistimu endaweni yokusebenza yomsebenzisi enhlanganweni 1 lizolungiswa mathupha. Iwashi lesistimu lomshini wokubuka ozinikele kuNhlangano 2 lizovunyelaniswa newashi lesistimu ye-hypervisor, yona ezovumelaniswa ku-inthanethi neziphakeli zesikhathi zomphakathi.
Ukuhlonzwa kwezakhi ze-CIPF
Ngokusekelwe encazelweni engenhla yengqalasizinda ye-IT, sizogqamisa izici zesakhiwo se-CIPF futhi sizibhale kuthebula.
Ithebula - Ukuxhumana kwama-elementi emodeli ye-CIPF kuma-elementi esistimu yolwazi
Igama legama
Inhlangano 1
Inhlangano 2
Isoftware yohlelo lokusebenza
Isoftware ye-CryptoARM
Isoftware ye-CryptoARM
Ingxenye yesofthiwe ye-crypto core
I-CIPF CryptoPRO CSP
I-CIPF CryptoPRO CSP
I-Crypto core hardware
akukho
I-JaCarta GOST
API
I-MS CryptoAPI
I-MS CryptoAPI
Isitolo Sezikhiye Zomphakathi
Indawo yokusebenza yomsebenzisi:
- HDD;
- Isitolo sesitifiketi seWindows esijwayelekile.
I-Hypervisor:
- HDD.
Umshini obonakalayo:
- HDD;
- Isitolo sesitifiketi seWindows esijwayelekile.
Isitoreji sikakhiye oyimfihlo
I-ruToken yenethiwekhi yenethiwekhi esebenza kumodi yokhiye obuyisekayo
Inkampani yenethiwekhi yenethiwekhi ye-JaCarta GOST isebenza kumodi yokhiye ongakhipheki
Isiteshi sokushintshisana ngokhiye osesidlangalaleni
Indawo yokusebenza yomsebenzisi:
- RAM.
I-Hypervisor:
- RAM.
Umshini obonakalayo:
- RAM.
Isiteshi sokushintshisana ngokhiye oyimfihlo
Indawo yokusebenza yomsebenzisi:
- ibhasi le-USB;
- RAM.
akukho
Shintshanisa isiteshi phakathi kwama-crypto cores
ulahlekile (ayikho i-crypto core hardware)
Indawo yokusebenza yomsebenzisi:
- ibhasi le-USB;
- RAM;
- Imojula yesoftware ye-USB-over-IP;
- inethiwekhi interface.
Inethiwekhi yebhizinisi yenhlangano 2.
I-Hypervisor:
- RAM;
- inethiwekhi interface.
Umshini obonakalayo:
- inethiwekhi interface;
- RAM;
— Imojula yesoftware ye-USB-over-IP.
Vula Isiteshi Sedatha
Indawo yokusebenza yomsebenzisi:
- okufakwayo kusho izindlela zokuphumayo;
- RAM;
- HDD.
Indawo yokusebenza yomsebenzisi:
- okufakwayo kusho izindlela zokuphumayo;
- RAM;
- HDD;
- inethiwekhi interface.
Inethiwekhi yebhizinisi yenhlangano 2.
I-Hypervisor:
- inethiwekhi interface;
- RAM;
- HDD.
Umshini obonakalayo:
- inethiwekhi interface;
- RAM;
- HDD.
Vikela isiteshi sokushintshisana ngedatha
Inthanethi.
Inethiwekhi yebhizinisi yenhlangano 1.
Indawo yokusebenza yomsebenzisi:
- HDD;
- RAM;
- inethiwekhi interface.
Inthanethi.
Inethiwekhi yebhizinisi yenhlangano 2.
I-Hypervisor:
- inethiwekhi interface;
- RAM;
- HDD.
Umshini obonakalayo:
- inethiwekhi interface;
- RAM;
- HDD.
Isiteshi sesikhathi
Indawo yokusebenza yomsebenzisi:
- okufakwayo kusho izindlela zokuphumayo;
- RAM;
- isibali sikhathi sesistimu.
Inthanethi.
Inethiwekhi yebhizinisi yenhlangano 2,
I-Hypervisor:
- inethiwekhi interface;
- RAM;
- isibali sikhathi sesistimu.
Umshini obonakalayo:
- RAM;
- isibali sikhathi sesistimu.
Lawula isiteshi sokudlulisa umyalo
Indawo yokusebenza yomsebenzisi:
- okufakwayo kusho izindlela zokuphumayo;
- RAM.
(Isikhombimsebenzisi esibonakalayo sesoftware ye-CryptoARM)
Umshini obonakalayo:
- RAM;
- HDD.
(Izikripthi ezizenzakalelayo)
Isiteshi sokuthola imiphumela yomsebenzi
Indawo yokusebenza yomsebenzisi:
- okufakwayo kusho izindlela zokuphumayo;
- RAM.
(Isikhombimsebenzisi esibonakalayo sesoftware ye-CryptoARM)
Umshini obonakalayo:
- RAM;
- HDD.
(Amafayela okungena ezikripthi ezizenzakalelayo)
Izinsongo zokuphepha ezisezingeni eliphezulu
Izincazelo
Ukuqagela okwenziwe lapho kususwa izinsongo:
- Kusetshenziswa ama-algorithms aqinile we-cryptographic.
- Ama-Cryptographic algorithms asetshenziswa ngokuphephile ezindleleni ezifanele zokusebenza (isb. ayisetshenziselwa ukubethela umthamo omkhulu wedatha, umthwalo ovunyelwe kukhiye uyacatshangelwa, njll.).
- Abahlaseli bawazi wonke ama-algorithms, izivumelwano nokhiye basesidlangalaleni abasetshenziswa.
- Abahlaseli bangafunda yonke idatha ebethelwe.
- Abahlaseli bayakwazi ukukhiqiza kabusha noma yiziphi izici zesofthiwe ohlelweni.
Ukubola
U1. Ukwehliswa kokhiye abayimfihlo be-cryptographic.
U2. Ukubethela idatha engamanga egameni lomthumeli osemthethweni.
U3. Ukususwa kwedatha ebethelwe ngabantu okungebona abamukeli abasemthethweni bedatha (abahlaseli).
U4. Ukudalwa kwesiginesha ye-elekthronikhi yomuntu osayindayo osemthethweni ngaphansi kwedatha engamanga.
U5. Ukuthola umphumela omuhle ngokubheka isiginesha ye-elekthronikhi yedatha engumgunyathi.
U6. Ukwamukelwa okuyiphutha kwemibhalo ye-elekthronikhi ukuze isetshenziswe ngenxa yezinkinga ekuhleleni ukuphathwa kwemibhalo ye-elekthronikhi.
U7. Ukufinyelela okungagunyaziwe kudatha evikelwe ngesikhathi sokucutshungulwa kwayo yi-CIPF.
U1. Ukwehliswa kokhiye abayimfihlo be-cryptographic
U1.1. Ithola ukhiye oyimfihlo esitolo sokhiye oyimfihlo.
U1.2. Ukuthola ukhiye wangasese ezintweni ezisendaweni yokusebenza ye-crypto-tool, lapho engase ihlale khona okwesikhashana.
Izincazelo U1.2.
Izinto ezingagcina ukhiye oyimfihlo okwesikhashana zingafaka:
- RAM,
- amafayela esikhashana,
- shintsha amafayela,
- amafayela e-hibernation,
- amafayela ezifinyezo zesimo "sokushisa" semishini ebonakalayo, okuhlanganisa amafayela wokuqukethwe kwe-RAM yemishini ebonakalayo emisiwe.
U1.2.1. Ukukhipha okhiye abayimfihlo ekusebenzeni kwe-RAM ngokufriza amamojula e-RAM, ukuwakhipha bese ufunda idatha (ukuhlasela kweqhwa).
Izincazelo U1.2.1.
Isibonelo: .
U1.3. Ukuthola ukhiye oyimfihlo esiteshini sokushintshisana ngokhiye oyimfihlo.
Izincazelo U1.3.
Isibonelo sokuqaliswa kwalolu songo sizonikezwa .
U1.4. Ukuguqulwa okungagunyaziwe kwe-crypto core, ngenxa yalokho okhiye abayimfihlo baziwa ngabahlaseli.
U1.5. Ukufaka engozini ukhiye wangasese ngenxa yokusetshenziswa kwamashaneli okuvuza kolwazi lobuchwepheshe (TCIL).
Izincazelo U1.5.
Isibonelo: .
U1.6. Ukufaka engozini ukhiye oyimfihlo ngenxa yokusetshenziswa kwezindlela zobuchwepheshe ezikhethekile (STS) ezidizayinelwe ukubuyisela ngokuyimfihlo ulwazi (“iziphazamisi”).
U1.7. Ukufakwa ebucayini kokhiye bangasese ngesikhathi sokugcina kwabo ngaphandle kwe-CIPF.
Izincazelo U1.7.
Isibonelo, umsebenzisi ugcina imidiya yakhe eyinhloko ekhabetheni ledeskithophu, lapho zingatholwa khona kalula abahlaseli.
U2. Ukubethela idatha engamanga egameni lomthumeli osemthethweni
Izincazelo
Lokhu kusongela kucatshangelwa kuphela izikimu zokubethela idatha ezinokuqinisekiswa komthumeli. Izibonelo zalezi zinhlelo zivezwe ezincomweni zokumisa . Kwezinye izikimu ze-cryptographic, lolu songo alukho, njengoba ukubethela kwenziwa kokhiye basesidlangalaleni bamamukeli, futhi ngokuvamile baziwa ngabahlaseli.
Ukubola
U2.1. Ukufaka engozini ukhiye oyimfihlo womthumeli:
U2.1.1. Isixhumanisi: .
U2.2. Ukufakwa esikhundleni sedatha yokufaka esiteshini esivulekile sokushintshana kwedatha.
Amanothi U2.2.
Izibonelo zokuqaliswa kwalokhu kusongela zinikezwe ngezansi. и .
U3. Ukususwa kwedatha ebethelwe ngabantu okungebona abamukeli abasemthethweni bedatha (abahlaseli)
Ukubola
U3.1. Ukufaka engozini kokhiye abayimfihlo bomamukeli wedatha ebethelwe.
U3.1.1 Isixhumanisi: .
U3.2. Ukufakwa esikhundleni kwedatha ebethelwe esiteshini esivikelekile sokushintshana ngedatha.
U4. Ukudala isiginesha ye-elekthronikhi yomuntu osayinayo osemthethweni ngaphansi kwedatha engamanga
Ukubola
U4.1. Ukufaka engozini kokhiye abayimfihlo besiginesha ye-elekthronikhi yomuntu osayindayo osemthethweni.
U4.1.1 Isixhumanisi: .
U4.2. Ukufakwa esikhundleni kwedatha esayiniwe esiteshini esivulekile sokushintshanisa idatha.
Qaphela U4.2.
Izibonelo zokuqaliswa kwalokhu kusongela zinikezwe ngezansi. и .
U5. Ukuthola umphumela omuhle ngokubheka isiginesha ye-elekthronikhi yedatha engumgunyathi
Ukubola
U5.1. Abahlaseli babamba umlayezo esiteshini wokudlulisa imiphumela yomsebenzi mayelana nomphumela ongemuhle wokuhlola isiginesha ye-elekthronikhi bese ufaka umlayezo esikhundleni sawo ngomphumela omuhle.
U5.2. Abahlaseli bahlasela ukwethenjwa kwezitifiketi zokusayina (I-SCRIPT - zonke izakhi ziyadingeka):
U5.2.1. Abahlaseli bakhiqiza ukhiye osesidlangalaleni noyimfihlo wesiginisha ye-elekthronikhi. Uma isistimu isebenzisa izitifiketi zokhiye wesiginesha ye-elekthronikhi, bese ikhiqiza isitifiketi sesiginesha ye-elekthronikhi efana ngangokunokwenzeka nesitifiketi somthumeli ohlosiwe wedatha abafuna ukuwenza umlayezo womgunyathi.
U5.2.2. Abahlaseli benza izinguquko ezingagunyaziwe esitolo sokhiye womphakathi, okunikeza ukhiye osesidlangalaleni ukuthi bakhiqize izinga elidingekayo lokwethenjwa negunya.
U5.2.3. Abahlaseli basayina idatha engamanga ngokhiye wesiginesha we-elekthronikhi owakhelwe ngaphambilini futhi bayifake esiteshini esivikelekile sokushintshisana ngedatha.
U5.3. Abahlaseli benza ukuhlasela besebenzisa okhiye besiginesha kagesi abaphelelwe yisikhathi bomuntu osayine ngokusemthethweni (I-SCRIPT - zonke izakhi ziyadingeka):
U5.3.1. Abahlaseli ebucayini baphelelwe yisikhathi (okwamanje abavumelekile) okhiye abayimfihlo besiginisha ye-elekthronikhi yomthumeli osemthethweni.
U5.3.2. Abahlaseli bashintsha isikhathi esiteshini sokudluliswa kwesikhathi bafake isikhathi lapho okhiye ababoshiwe bebesasebenza khona.
U5.3.3. Abahlaseli basayina idatha engamanga ngokhiye wesiginesha kagesi owake waba sengozini futhi bayijove esiteshini esivikelekile sokushintshana kwedatha.
U5.4. Abahlaseli benza ukuhlasela besebenzisa okhiye besiginesha kagesi abekelwe engcupheni yomuntu osayine umthetho (I-SCRIPT - zonke izakhi ziyadingeka):
U5.4.1. Umhlaseli wenza ikhophi yesitolo sokhiye womphakathi.
U5.4.2. Abahlaseli bafaka engozini okhiye abayimfihlo bomunye wabathumeli abasemthethweni. Ubona ukuvumelana, ahoxise okhiye, futhi ulwazi mayelana nokuhoxiswa okuyinhloko lufakwa esitolo sokhiye womphakathi.
U5.4.3. Abahlaseli bashintsha isitolo sikakhiye osesidlangalaleni bafake owakopishwa ngaphambilini.
U5.4.4. Abahlaseli basayina idatha engamanga ngokhiye wesiginesha kagesi owake waba sengozini futhi bayijove esiteshini esivikelekile sokushintshana kwedatha.
U5.5. <…> ngenxa yokuba khona kwamaphutha ekusetshenzisweni kwesigaba sesi-2 nesi-3 sokuqinisekiswa kwesiginesha kagesi:
Izincazelo U5.5.
Isibonelo sokuqaliswa kwalokhu kusongela kunikezwa .
U5.5.1. Ukuhlola ukwethenjwa kwesitifiketi sikakhiye wesiginesha ye-elekthronikhi kuphela ngokuba khona kokwethenjwa kwesitifiketi esisayinwe ngaso, ngaphandle kokuhlolwa kwe-CRL noma i-OCSP.
Izincazelo U5.5.1.
Isibonelo sokuqalisa .
U5.5.2. Lapho wakha i-trust chain yesitifiketi, iziphathimandla zokukhipha izitifiketi azihlaziywa
Izincazelo U5.5.2.
Isibonelo sokuhlaselwa kwezitifiketi ze-SSL/TLS.
Abahlaseli bathenge isitifiketi esisemthethweni se-imeyili yabo. Babe sebesenza isitifiketi sesizinda somgunyathi basisayina nesitifiketi sabo. Uma iziqinisekiso zingahloliwe, khona-ke lapho uhlola uchungechunge lokwethenjwa luzobonakala lulungile, futhi, ngokufanele, isitifiketi sokukhwabanisa sizobe silungile.
U5.5.3. Lapho wakha iketango lokwethenjwa kwesitifiketi, izitifiketi ezimaphakathi azihloliwe ukuze zihoxiswe.
U5.5.4. Ama-CRL abuyekezwa izikhathi ezimbalwa kunalokho akhishwa isiphathimandla sokunikeza izitifiketi.
U5.5.5. Isinqumo sokuthemba isiginesha ye-elekthronikhi senziwa ngaphambi kokuba kutholwe impendulo ye-OCSP mayelana nesimo sesitifiketi, sithunyelwe ngesicelo esenziwe ngemva kwesikhathi esikhiqizwe ngaso isiginesha noma ngaphambi kwe-CRL elandelayo ngemva kokukhiqizwa kwesiginesha.
Izincazelo U5.5.5.
Kumithethonqubo yama-CA amaningi, isikhathi sokuhoxiswa kwesitifiketi sithathwa njengesikhathi sokukhishwa kwe-CRL eseduze equkethe ulwazi mayelana nokuhoxiswa kwesitifiketi.
U5.5.6. Lapho ethola idatha esayiniwe, isitifiketi kungokwalabo umthumeli is hhayi ihlolwe.
Izincazelo U5.5.6.
Isibonelo sokuhlasela. Maqondana nezitifiketi ze-SSL: ukuxhumana kwekheli leseva elibizwa ngevelu lenkambu ye-CN esitifiketini kungase kungahlolisiswa.
Isibonelo sokuhlasela. Abahlaseli bafake engcupheni okhiye besiginesha ye-elekthronikhi yomunye wabahlanganyeli besistimu yokukhokha. Ngemva kwalokho, bangena kunethiwekhi yomunye umhlanganyeli futhi, esikhundleni sakhe, bathumela imibhalo yokukhokha esayinwe nezihluthulelo eziphazamisekile kuseva yokukhokhela uhlelo lokukhokha. Uma iseva ihlaziya ukwethembana kuphela futhi ingahloli ukuthobela imithetho, khona-ke amadokhumenti omgunyathi azobhekwa njengasemthethweni.
U6. Ukwamukelwa okuyiphutha kwemibhalo ye-elekthronikhi ukuze isetshenziswe ngenxa yezinkinga ekuhleleni ukuphathwa kwemibhalo ye-elekthronikhi.
Ukubola
U6.1. Iqembu elamukelayo aliyiboni impinda yamadokhumenti atholiwe.
Izincazelo U6.1.
Isibonelo sokuhlasela. Abahlaseli bangakwazi ukuvimba idokhumenti edluliselwa kumamukeli, ngisho noma ivikelwe nge-cryptographically, bese beyithumela ngokuphindaphindiwe ngesiteshi esivikelekile sokudlulisa idatha. Uma umamukeli engazihlonzi izimpinda, khona-ke wonke amadokhumenti atholiwe azobonwa futhi acutshungulwe njengamadokhumenti ahlukene.
U7. Ukufinyelela okungagunyaziwe kudatha evikelwe ngesikhathi sokucutshungulwa kwayo yi-CIPF
Ukubola
U7.1. <…> ngenxa yokuvuza kolwazi ngamashaneli aseceleni (ukuhlasela kwesiteshi eseceleni).
Izincazelo U7.1.
Isibonelo: .
U7.2. <…> ngenxa yokwehliswa kokuvikelwa ekufinyeleleni okungagunyaziwe olwazini olucutshungulwe ku-CIPF:
U7.2.1. Ukusebenza kwe-CIPF ngokwephula izimfuneko ezichazwe emibhalweni ye-CIPF.
U7.2.2. <…>, okwenziwe ngenxa yokuba khona kobungozi ku:
U7.2.2.1. <…> izindlela zokuvikela ekufinyeleleni okungagunyaziwe.
U7.2.2.2. <…> I-CIPF ngokwayo.
U7.2.2.3. <...> indawo yokusebenza ye-crypto-tool.
Izibonelo zokuhlasela
Izimo okuxoxwe ngazo ngezansi ngokusobala ziqukethe amaphutha okuvikela ulwazi futhi zisebenza kuphela ukukhombisa ukuhlasela okungenzeka.
Isimo 1. Isibonelo sokusetshenziswa kwezinsongo ezi-U2.2 ne-U4.2.
Incazelo yento
Isofthiwe ye-AWS KBR kanye Nesiginesha ye-CIPF SCAD kufakwe kukhompuyutha ephathekayo engaxhumekile kunethiwekhi yekhompyutha. I-FKN vdToken isetshenziswa njengesiphathi esiyinhloko kumodi yokusebenza ngokhiye ongakhipheki.
Imithetho yokukhokhelana ithatha ngokuthi uchwepheshe wezokukhokhelana ekhompyutheni yakhe yomsebenzi ulanda imilayezo ye-elekthronikhi ngombhalo ocacile (uhlelo lwendawo yokusebenzela ye-KBR endala) isuka kuseva yefayela evikelekile ekhethekile, bese iyibhala ku-USB flash drive edluliswayo bese iyidlulisela esiteshini sokusebenzela se-KBR, lapho zibethelwe khona kanye nezimpawu. Ngemva kwalokhu, uchwepheshe udlulisela imilayezo ye-elekthronikhi evikelekile kumuntu ohlukanisiwe, bese, ngekhompyutha yakhe yomsebenzi, ayibhalele kuseva yefayela, lapho eya khona e-UTA bese eya ohlelweni lokukhokha lweBhange LaseRussia.
Kulokhu, iziteshi zokushintshana ngedatha evulekile nevikelekile zizofaka: iseva yefayela, ikhompuyutha yomsebenzi wochwepheshe, kanye nemidiya ehlukile.
Ukuhlasela
Abahlaseli abangagunyaziwe bafaka isistimu yesilawuli kude kukhompuyutha yomsebenzi kachwepheshe futhi, ngesikhathi sokubhala ama-oda okukhokha (imilayezo ye-elekthronikhi) endaweni edlulisekayo, bashintshe okuqukethwe kweyodwa ngombhalo ocacile. Uchwepheshe udlulisela ama-oda okukhokha endaweni yokusebenza ezenzakalelayo ye-KBR, awasayinde futhi awabhale ngemfihlo ngaphandle kokuqaphela ukushintshwa kwawo (ngokwesibonelo, ngenxa yenani elikhulu lama-oda okukhokha endizeni, ukukhathala, njll.). Ngemva kwalokhu, umyalo wokukhokha mbumbulu, usudlule ochungechungeni lwezobuchwepheshe, ungena ohlelweni lokukhokha lweBhange LaseRussia.
Isimo 2. Isibonelo sokusetshenziswa kwezinsongo ezi-U2.2 ne-U4.2.
Incazelo yento
Ikhompyutha enendawo yokusebenzela efakiwe i-KBR, Isiginesha ye-SCAD kanye nesiphathi sokhiye esixhunyiwe i-FKN vdToken isebenza ekamelweni elizinikele ngaphandle kokufinyelela kubasebenzi.
Uchwepheshe wezibalo uxhuma endaweni yokusebenza ye-CBD ngemodi yokufinyelela kude nge-RDP protocol.
Ukuhlasela
Abahlaseli babamba imininingwane, lapho uchwepheshe wezibalo axhuma futhi asebenze nendawo yokusebenzela ye-CBD (ngokwesibonelo, ngekhodi enonya kukhompyutha yakhe). Bese bexhuma egameni lakhe futhi bathumele umyalelo wokukhokha mbumbulu ohlelweni lokukhokha lweBhange LaseRussia.
Isimo 3. Isibonelo sokuqaliswa kokusongela U1.3.
Incazelo yento
Ake sicabangele enye yezinketho zokucabanga zokuqalisa amamojula wokuhlanganisa we-ABS-KBR wohlelo olusha (AWS KBR-N), lapho isiginesha ye-elekthronikhi yemibhalo ephumayo ivela ngasohlangothini lwe-ABS. Kulokhu, sizothatha ngokuthi i-ABS isebenza ngesisekelo sesistimu yokusebenza engasekelwe Isignesha ye-CIPF SKAD, futhi, ngokufanele, ukusebenza kwe-cryptographic kudluliselwa emshinini ohlukile we-virtual - ukuhlanganiswa kwe-"ABS-KBR" imojula.
Ithokheni ye-USB evamile esebenza kumodi yokhiye obuyisekayo isetshenziswa njengenkampani yenethiwekhi yokhiye. Lapho uxhuma imidiya eyisihluthulelo ku-hypervisor, kwavela ukuthi azikho izimbobo ze-USB zamahhala ohlelweni, ngakho-ke kwanqunywa ukuxhuma ithokheni ye-USB ngehabhu le-USB yenethiwekhi, futhi ufake iklayenti le-USB-over-IP ku-virtual. umshini, ozoxhumana nehabhu.
Ukuhlasela
Abahlaseli babambe ukhiye oyimfihlo wesiginisha ye-elekthronikhi esiteshini sokuxhumana phakathi kwehabhu le-USB ne-hypervisor (idatha idluliselwe ngombhalo ocacile). Njengoba benokhiye oyimfihlo, abahlaseli bakhiqize i-oda lokukhokha elingumgunyathi, balisayina ngesiginesha ye-elekthronikhi futhi balithumela endaweni yokusebenza ezenzakalelayo ye-KBR-N ukuze babulawe.
Isimo 4. Isibonelo sokuqaliswa kwezinsongo U5.5.
Incazelo yento
Ake sicabangele isifunda esifanayo naso esimweni sangaphambilini. Sizothatha ngokuthi imilayezo ye-elekthronikhi evela endaweni yokusebenzela ye-KBR-N igcina ikufolda ethi …SHAREIn, futhi leyo ethunyelwa esiteshini se-KBR-N nasendleleni yokukhokha yeBhange LaseRussia iya kokuthi …SHAREout.
Sizophinda sicabange ukuthi lapho sisebenzisa imojula yokuhlanganisa, uhlu lwezitifiketi ezihoxisiwe lubuyekezwa kuphela lapho okhiye be-cryptographic bephinda bakhishwa, futhi nokuthi imilayezo ye-elekthronikhi etholwe kufolda ethi …SHAREIn ihlolelwa kuphela ukulawula ubuqotho nokulawula ukwethenjwa kukhiye womphakathi we- isiginesha kagesi.
Ukuhlasela
Abahlaseli, besebenzisa okhiye abantshontshiwe esimeni sangaphambilini, basayine incwadi yokukhokha mbumbulu equkethe ulwazi mayelana nokutholwa kwemali ku-akhawunti yekhasimende eliwumgunyathi base beyingenisa esiteshini esivikelekile sokushintshana ngedatha. Njengoba kungekho ukuqinisekiswa kokuthi i-oda lokukhokha lisayinwe yiBhange LaseRussia, liyamukelwa ukuze lisetshenziswe.
Source: www.habr.com