Abahanga mu by’ikoranabuhanga, mu buryo bw’ibanze, ni "abakozi ba tekiniki" bubaka, banonosora, kandi bagakemura ibibazo by’imiyoboro, ariko mu by’ukuri, turi "umurongo wa mbere w’ubwirinzi" mu mutekano w’ikoranabuhanga. Raporo ya CrowdStrike yo mu 2024 yagaragaje ko ibitero by’ikoranabuhanga ku isi byiyongereyeho 30%, aho ibigo by’Abashinwa byahombye birenga miliyari 50 z’amayuan bitewe n’ibibazo by’umutekano w’ikoranabuhanga. Abakiriya ntibareba niba uri umuhanga mu bikorwa cyangwa mu by’umutekano; iyo habayeho ikibazo cy’ikoranabuhanga, umuhanga ni we ubanza kugira icyo aryozwa. Tutibagiwe no gukoresha uburyo bwa AI, 5G, na cloud networks, byatumye uburyo bwo gutera bwa hackers burushaho kuba bwiza. Hari inyandiko ikunzwe kuri Zhihu mu Bushinwa igira iti: "Abahanga mu by’ikoranabuhanga batiga umutekano barimo guhagarika inzira yabo yo guhunga!" Iyi mvugo, nubwo ikaze, ni ukuri.
Muri iyi nkuru, ndatanga isesengura rirambuye ry’ibitero umunani bikunze kugaragara ku rubuga, kuva ku mahame yabyo n’inyigo z’ibyabaye kugeza ku ngamba zo kwirwanaho, kugira ngo bigerweho mu buryo bushoboka. Waba uri mushya cyangwa umusirikare w’inararibonye ushaka guteza imbere ubuhanga bwawe, ubu bumenyi buzaguha ububasha bwinshi ku mishinga yawe. Reka dutangire!
Igitero cya DDoS No.1
Ibitero bya Distributed Denial-of-Service (DDoS) birenza seriveri cyangwa imiyoboro y’amakuru menshi cyane, bigatuma abakoresha bemewe batabasha kubibona. Ubuhanga busanzwe burimo imyuzure ya SYN n’imyuzure ya UDP. Mu 2024, raporo ya Cloudflare yagaragaje ko ibitero bya DDoS byagize 40% by’ibitero byose bya interineti.
Mu 2022, urubuga rw’ubucuruzi rwo kuri interineti rwahuye n’igitero cya DDoS mbere y’umunsi w’abakiri bato, aho abantu benshi bagendaga bagera kuri 1 Tbps, bituma urubuga ruhagarara amasaha abiri ndetse binahomba miliyoni mirongo z’amayuan. Inshuti yanjye yari ishinzwe ubutabazi bw’ibanze kandi yari hafi gusara kubera icyo gitutu.
Ni gute wakwirinda?
○Gusukura amazi:Shyiraho serivisi zo kurinda CDN cyangwa DDoS (ushobora gukenera Mylinking™ Inline Bypass Tap/Switch) kugira ngo uhuze urujya n'uruza rw'abakoresha ikoranabuhanga babi.
○Ubunini bw'umuyoboro w'itumanaho (bandwidth reducation):Bika 20%-30% bya bandwidth kugira ngo uhangane n'ubwiyongere butunguranye bw'imodoka.
○Itangazo ryo kugenzura:Koresha ibikoresho (ushobora gukenera Mylinking™ Network Packet Broker) kugira ngo ukurikirane urujya n'uruza rw'abantu mu gihe nyacyo kandi umenyeshe niba hari ikibazo icyo ari cyo cyose.
○Gahunda y'Ingorane: Fatanya n'abatanga serivisi z'ikoranabuhanga kugira ngo uhindure vuba imirongo cyangwa uhagarike amasoko y'ibitero.
Inshinge ya SQL No.2
Abajura b’ikoranabuhanga bashyira kode mbi ya SQL mu mashini zinjira ku mbuga za interineti cyangwa kuri URL kugira ngo bibe amakuru y’ububiko bw’amakuru cyangwa sisitemu zo kwangiza. Mu 2023, raporo ya OWASP yavuze ko SQL injection ikomeje kuba imwe mu bitero bitatu bya mbere ku mbuga za interineti.
Urubuga rw'ikigo gito kugeza ku giciriritse rwahungabanyijwe n'umujura washyizemo itangazo rya "1=1", abona byoroshye ijambo ry'ibanga ry'umuyobozi, kuko urubuga rwananiwe gushungura ibitekerezo by'abakoresha. Nyuma byaje kugaragara ko itsinda ry'abashinzwe iterambere ritigeze rishyira mu bikorwa igenzura ry'ibyo abantu bashyizemo.
Ni gute wakwirinda?
○Ikibazo cyagenwe:Abakora porogaramu za backend bagomba gukoresha amagambo yateguwe kugira ngo birinde guhuza SQL mu buryo butaziguye.
○Ishami rya WAF:Inkuta z'umutekano za porogaramu za interineti (nka ModSecurity) zishobora gukumira ubusabe bubi.
○Igenzura risanzwe:Koresha ibikoresho (nka SQLMap) kugira ngo urebe niba hari intege nke kandi ukore kopi y'ububiko bw'amakuru mbere yo gupakira amakuru.
○Kugenzura uburyo bwo kwinjira:Abakoresha ububiko bw'amakuru bagomba guhabwa uburenganzira buke gusa kugira ngo birinde gutakaza burundu ubuyobozi.
Igitero cya No.3 cyo gusimbuza inyandiko (XSS)
Ibitero byo gukoresha ikoranabuhanga rya Cross-site scripting (XSS) byiba cookies z'abakoresha, session ID, n'izindi nyandiko mbi babishyira ku mbuga za interineti. Bishyirwa mu byiciro by'ibitero byagaragajwe, bibitswe, n'ibitero bishingiye kuri DOM. Mu 2024, XSS yari ifite 25% by'ibitero byose byo kuri interineti.
Urubuga rwananiwe gushungura ibitekerezo by'abakoresha, bituma abajura b'amayeri bashyiramo kode y'inyandiko no kwiba amakuru y'abakoresha ibihumbi. Nabonye aho abakiriya bambuwe CNY500.000 yuan kubera ibi.
Ni gute wakwirinda?
○Gushungura ibyinjijwe: Escape user input (nk'inyuguti za HTML).
○Ingamba za CSP:Koresha politiki z'umutekano w'ibirimo kugira ngo ubuze amasoko y'inyandiko.
○Uburinzi bwa mushakisha:Shyiraho imitwe ya HTTP (nk'iya X-XSS-Protection) kugira ngo ihagarike inyandiko mbi.
○Guskana Igikoresho:Koresha Burp Suite kugira ngo urebe buri gihe niba hari intege nke za XSS.
No.4 Guca ijambo ry'ibanga
Abajura babona amagambo y'ibanga y'abakoresha cyangwa ay'abayobozi binyuze mu bitero by'ingufu, ibitero by'inkoranyamagambo, cyangwa ikoranabuhanga ry'imibereho myiza y'abaturage. Raporo ya Verizon yo mu 2023 yagaragaje ko 80% by'ubwinjiracyaha mu ikoranabuhanga bwari bufitanye isano n'amagambo y'ibanga adakomeye.
Router y’ikigo, ikoresheje ijambo ry’ibanga risanzwe "admin," yoroshye kwinjiramo n’umujura washyizemo urugi rw’inyuma. Injeniyeri wabigizemo uruhare yaje kwirukanwa, maze umuyobozi nawe aryozwa ibyo yakoze.
Ni gute wakwirinda?
○Amagambo y'ibanga agoye:Shyira imbaraga ku nyuguti 12 cyangwa zirenga, inyuguti zivanze, imibare, n'ibimenyetso.
○Kwemeza ibintu byinshi:Koresha MFA (nk'ifishi yo kugenzura SMS) ku bikoresho by'ingenzi.
○Gucunga ijambo ry'ibanga:Koresha ibikoresho (nka LastPass) kugira ngo ubicunge neza kandi ubihindure buri gihe.
○Imipaka yo kugerageza:Aderesi ya IP irafunze nyuma y'uko abantu batatu bagerageje kwinjira mu buryo butunguranye kugira ngo babuze ibitero by'ubugizi bwa nabi.
Igitero cya 5-Umuntu uri hagati (MITM)
Abajura b’ikoranabuhanga binjira hagati y’abakoresha na seriveri, bakinjira cyangwa bagahindura amakuru. Ibi bikunze kugaragara mu itumanaho rya Wi-Fi rusange cyangwa mu buryo budafite uburyo bwo gushakisha amakuru. Mu 2024, ibitero bya MITM byagize uruhare rwa 20% by’abakoresha interineti bahusha amakuru.
Wi-Fi yo muri cafe yahungabanyijwe n'abajura b'amakuru, bituma abayikoresha batakaza ibihumbi byinshi by'amadolari ubwo amakuru yabo yafatwaga ubwo binjiraga ku rubuga rwa banki. Nyuma y'aho abahanga mu by'ikoranabuhanga bavumbuye ko HTTPS itarimo gushyirwa mu bikorwa.
Ni gute wakwirinda?
○Huza HTTPS:Urubuga na API byashyizwe mu buryo bwa "encrypted" hifashishijwe TLS, kandi HTTP irahagarikwa.
○Kugenzura icyemezo:Koresha HPKP cyangwa CAA kugira ngo urebe neza ko icyemezo ari icy'ukuri.
○Uburinzi bwa VPN:Ibikorwa by’ingenzi bigomba gukoresha VPN kugira ngo bihishe urujya n’uruza rw’abantu.
○Uburinzi bwa ARP:Genzura imbonerahamwe ya ARP kugira ngo wirinde ko ARP yakwiba.
Igitero cya 6 cya Phishing
Abajura bakoresha ubutumwa bwa email, imbuga za interineti, cyangwa ubutumwa bugufi bw’uburiganya kugira ngo bashuke abakoresha kugira ngo batange amakuru cyangwa bakanda kuri interineti mbi. Mu 2023, ibitero bya phishing byagize 35% by’ibibazo by’umutekano w’ikoranabuhanga.
Umukozi wo mu kigo kimwe yabonye ubutumwa bwa elegitoroniki buturutse ku muntu wiyitaga umuyobozi we, amusaba kohereza amafaranga, maze atakaza miliyoni. Nyuma byaje kugaragara ko ubwo butumwa bwa elegitoroniki bwari impimbano; umukozi ntiyari yabugenzuye.
Ni gute wakwirinda?
○Amahugurwa y'abakozi:Kora buri gihe amahugurwa yo kumenyekanisha umutekano w'ikoranabuhanga kugira ngo wigishe uburyo bwo kumenya ubutumwa bwa phishing.
○Gushungura imeri:Shyiraho uburyo bwo kurwanya ubujura bw'amakuru (nk'ubwa Barracuda).
○Igenzura ry'urubuga:Reba domaine y'uwohereje hanyuma ufungure politiki ya DMARC.
○Kwemeza kabiri:Ibikorwa by’ingenzi bisaba kugenzura hakoreshejwe terefone cyangwa imbonankubone.
Ransomware No.7
Ransomware ihisha amakuru y’abahohotewe kandi igasaba incungu yo gusiba amakuru ajyanye na yo. Raporo ya Sophos yo mu 2024 yagaragaje ko 50% by’ibigo by’ubucuruzi ku isi byahuye n’ibitero bya ransomware.
Umuyoboro w’ibitaro wahungabanyijwe na LockBit ransomware, bituma sisitemu idakora neza ndetse n’ihagarikwa ry’ibikorwa byo kubaga. Abahanga mu by’imashini bamaze icyumweru bagarura amakuru, batakaza igihombo gikomeye.
Ni gute wakwirinda?
○Ububiko bw'amakuru busanzwe:Gusubiza amakuru y'ingenzi hanze y'aho ukorera no gupima inzira yo kugarura amakuru.
○Gucunga Patch:Vugurura sisitemu na porogaramu vuba kugira ngo ushyireho intege nke.
○Igenzura ry'imyitwarire:Koresha ibikoresho bya EDR (nka CrowdStrike) kugira ngo umenye imyitwarire idahwitse.
○Urusobe rw'Imiterere y'Ingoboka:Gutandukanya sisitemu zisanzwe kugira ngo hirindwe ikwirakwira rya virusi.
Igitero cya No.8-day-Zero
Ibitero byo ku munsi ntarengwa byifashisha intege nke za porogaramu zitaramenyekana, bigatuma bigorana cyane kubikumira. Mu 2023, Google yatangaje ko havumbuwe intege nke 20 zo ku munsi ntarengwa zifite ibyago byinshi, nyinshi muri zo zikaba zarakoreshejwe mu bitero byo gutanga ibicuruzwa.
Isosiyete ikoresha porogaramu ya SolarWinds yahungabanyijwe n’ikibazo cyo kudakora neza ku munsi umwe, bigira ingaruka ku ruhererekane rw’ibikoresho byayo byose. Abahanga mu by’imashini nta cyo bashoboye kandi bategereje gusa igihe cyo kuyikoresha.
Ni gute wakwirinda?
○Gutahura ukwinjira:Shyiraho IDS/IPS (nka Snort) kugira ngo ukurikirane urujya n'uruza rw'abantu rudasanzwe.
○Isesengura ry'agasanduku k'umucanga:Koresha agasanduku k'umucanga kugira ngo uvange dosiye ziteye amakenga kandi usesengure imyitwarire yazo.
○Ubwenge bw'Ibibazo:Iyandikishe kuri serivisi (nka FireEye) kugira ngo ubone amakuru agezweho ku bibazo by’intege nke.
○Uburenganzira buke:Kubuza uburenganzira bwa porogaramu kugira ngo ugabanye ubuso bw'ibitero.
Banyamuryango b'urusobe rw'abantu, ni ubuhe bwoko bw'ibitero mwahuye nabyo? Kandi mwabyitwayemo mute? Reka tubiganireho hamwe kandi dufatanye kugira ngo urusobe rwacu rurusheho gukomera!
Igihe cyo kohereza: Ugushyingo-05-2025
