Izinkampani eziningi namuhla zikhathazekile ngokuqinisekisa ukuphepha kolwazi lwengqalasizinda yazo, ezinye zenza lokhu ngesicelo semibhalo yokulawula, kanti ezinye zenza lokhu kusukela ngesikhathi kwenzeka isigameko sokuqala. Izitayela zakamuva zibonisa ukuthi inani lezehlakalo liyakhula, futhi ukuhlaselwa ngokwako kuba yinkimbinkimbi. Kodwa awudingi ukuya kude, ingozi iseduze kakhulu. Kulokhu ngingathanda ukuphakamisa isihloko sokuvikeleka komhlinzeki we-inthanethi. Kukhona okuthunyelwe ku-HabrΓ© okuxoxwe ngalesi sihloko ezingeni lesicelo. Lesi sihloko sizogxila ekuvikelekeni kunethiwekhi namaleveli okuxhumanisa idatha.
Konke kwaqala kanjani
Esikhathini esithile esidlule, i-intanethi yafakwa efulethini ivela kumhlinzeki omusha; ngaphambilini, izinsiza ze-inthanethi zazilethwa endlini kusetshenziswa ubuchwepheshe be-ADSL. Njengoba ngichitha isikhathi esincane ekhaya, i-Intanethi yeselula yayidingeka kakhulu kune-inthanethi yasekhaya. Ngokushintshela emsebenzini oqhelile, nginqume ukuthi ijubane lika-50-60 Mb/s le-Intanethi yasekhaya lalinganele futhi nganquma ukukhulisa isivinini. Ngobuchwepheshe be-ADSL, ngenxa yezizathu zobuchwepheshe, akunakwenzeka ukukhulisa isivinini esingaphezu kuka-60 Mb/s. Kunqunywe ukushintshela komunye umhlinzeki onesivinini esimenyezelwe esihlukile kanye nokuhlinzekwa kwezinsizakalo hhayi nge-ADSL.
Kwakungaba into ehlukile
Kuxhunywe omele umhlinzeki we-inthanethi. Abafakeli bafika, babhoboza imbobo endlini, bafaka intambo yesichibi ye-RJ-45. Banginikeze isivumelwano nemiyalo enezilungiselelo zenethiwekhi ezidinga ukusetha ku-router (i-IP ezinikezele, isango, imaski ye-subnet namakheli e-IP we-DNS yabo), bathatha inkokhelo yenyanga yokuqala yomsebenzi futhi bahamba. Lapho ngifaka izilungiselelo zenethiwekhi engizinikezwe kurutha yami yasekhaya, i-inthanethi yangena endlini. Inqubo yokungena kokuqala kobhalisile kunethiwekhi ibonakale ilula kakhulu kimi. Akukho ukugunyazwa okuyinhloko okwenziwe, futhi isihlonzi sami kwakuyikheli le-IP enginikezwe lona. I-inthanethi isebenze ngokushesha nangokuzinzile. Bekunerutha ye-wifi efulethini futhi ngodonga olulayishayo isivinini sokuxhuma sehle kancane. Ngolunye usuku, ngangidinga ukulanda ifayela elinganisa amagigabhayithi angamashumi amabili nambili. Ngacabanga, kungani ungaxhumi i-RJ-45 eya efulethini ngqo kwi-PC.
Yazi umakhelwane wakho
Ngemva kokulidawuniloda lonke ifayela, nginqume ukujwayelana kangcono nomakhelwane abasezikhondweni zokushintshwa.
Ezakhiweni zamafulethi, ukuxhumana kwe-inthanethi kuvame ukuvela kumhlinzeki nge-fiber optical, kungena ekhabetheni lezintambo libe kwelinye lamaswishi futhi kusatshalaliswa phakathi kokungena namafulethi ngezintambo ze-Ethernet, uma sibheka umdwebo wokuxhumana wakudala kakhulu. Yebo, sekuvele kukhona ubuchwepheshe lapho ama-optics aya ngqo efulethini (GPON), kodwa lokhu akukakasakazeki.
Uma sithatha i-topology eyenziwe lula kakhulu esikalini sendlu eyodwa, ibukeka kanjena:
Kuvela ukuthi amaklayenti alo mhlinzeki, amanye amafulethi angomakhelwane, asebenza kunethiwekhi yendawo efanayo kumishini efanayo yokushintsha.
Ngokuvumela ukulalela kusixhumi esibonakalayo esixhunywe ngokuqondile kunethiwekhi yomhlinzeki, ungabona ithrafikhi ye-ARP esakazwayo indiza ivela kubo bonke abasingathi kunethiwekhi.
Umhlinzeki unqume ukungazihluphi kakhulu ngokuhlukanisa inethiwekhi ibe izingxenye ezincane, ngakho-ke ithrafikhi yokusakaza evela kubasingathi be-253 ingageleza ngaphakathi kokushintsha okukodwa, ngaphandle kokubala labo abacishiwe, ngaleyo ndlela bavale umkhawulokudonsa wesiteshi.
Ngemva kokuskena inethiwekhi sisebenzisa i-nmap, sinqume inani labasingathi abasebenzayo kusukela kulo lonke iqoqo lamakheli, inguqulo yesofthiwe nezimbobo ezivulekile zokushintsha okukhulu:
Futhi iphi i-ARP lapho kanye ne-ARP-spoofing
Ukwenza ezinye izenzo, kwasetshenziswa insiza ye-ettercap-graphical; kukhona nama-analogue esimanjemanje, kodwa le softhiwe iheha ngesixhumi esibonakalayo sakudala kanye nokusebenziseka kalula.
Kukholomu yokuqala kukhona amakheli e-IP awo wonke ama-routers aphendule i-ping, kwesibili amakheli awo wendawo.
Ikheli lendawo lihlukile; lingasetshenziswa ukuqoqa ulwazi mayelana nendawo yerutha, njll., ngakho-ke lizofihlwa ngokwezinjongo zalesi sihloko.
Umgomo 1 wengeza isango elikhulu elinekheli elithi 192.168.xxx.1, umgomo 2 wengeza elinye lamakheli.
Sizethula esangweni njengomsingathi ngekheli elithi 192.168.xxx.204, kodwa ngekheli lethu le-MAC. Bese siziveza kumzila womsebenzisi njengesango elinekheli elithi 192.168.xxx.1 ne-MAC yalo. Imininingwane yalokhu kuba sengozini kwephrothokholi ye-ARP kuxoxwa ngayo ngokuningiliziwe kwezinye izindatshana ezilula ku-Google.
Njengomphumela wazo zonke izikhohlisi, sinethrafikhi evela kubabungazi abadlula kithi, njengoba sinikeze amandla ngaphambili ukudlulisela iphakethe:
Yebo, i-https isivele isetshenziswa cishe yonke indawo, kodwa inethiwekhi isagcwele amanye amaphrothokholi angavikelekile. Isibonelo, i-DNS efanayo ngokuhlaselwa kwe-DNS-spoofing. Lona kanye iqiniso lokuthi ukuhlaselwa kwe-MITM kungenziwa kubangela okunye ukuhlaselwa okuningi. Izinto ziba zimbi kakhulu uma kukhona abasingathi abasebenzayo abambalwa abatholakala kunethiwekhi. Kuyafaneleka ukucabangela ukuthi lena imboni ezimele, hhayi inethiwekhi yezinkampani, futhi akuwona wonke umuntu onezinyathelo zokuvikela ukuze athole futhi amelane nokuhlaselwa okuhlobene.
Ungakugwema kanjani
Umhlinzeki kufanele akhathazeke ngale nkinga; ukusetha isivikelo ekuhlaselweni okunjalo kulula kakhulu, esimweni sokushintshwa okufanayo kweCisco.
Ukunika amandla i-Dynamic ARP Inspection (DAI) kuzovimbela ikheli le-MAC lesango eliyinhloko ekubeni lonakale. Ukuhlukanisa isizinda sokusakaza sibe amasegimenti amancane kuvimbele okungenani ithrafikhi ye-ARP ukuthi ingasabalali kubo bonke abasingathi ilandelana futhi kwehlise inani labasingathi abangahlaselwa. Iklayenti, yona, lingazivikela kulokho kukhohlisa ngokumisa i-VPN ngqo kumzila walo wasekhaya; iningi lamadivayisi selivele lisekela lokhu kusebenza.
okutholakele
Ngokunokwenzeka, abahlinzeki abanandaba nalokhu; yonke imizamo ihloselwe ukwandisa inani lamakhasimende. Lokhu okuqukethwe akubhalelwanga ukubonisa ukuhlasela, kodwa ukukukhumbuza ukuthi nenethiwekhi yomhlinzeki wakho ingase ingavikeleki kakhulu ekudluliseleni idatha yakho. Nginesiqiniseko sokuthi kunabahlinzeki besevisi ye-inthanethi abaningi besifunda abangenzanga lutho olungaphezu kokudingekile ukusebenzisa imishini yenethiwekhi eyisisekelo.
Source: www.habr.com