Abashinzwe imiyoboro, hejuru, ni "abakozi ba tekiniki" gusa bubaka, batezimbere, kandi bakemura ibibazo, ariko mubyukuri, turi "umurongo wambere wo kwirwanaho" mumutekano wa interineti. Raporo ya CrowdStrike yo mu 2024 yerekanye ko ibitero by’ikoranabuhanga ku isi byiyongereyeho 30%, aho amasosiyete y’Abashinwa yagize igihombo kirenga miliyari 50 z'amadorari kubera ibibazo by’umutekano wa interineti. Abakiriya ntibitaye niba uri ibikorwa cyangwa inzobere mu by'umutekano; iyo habaye urusobe, injeniyeri niwe wambere wikoreye amakosa. Tutibagiwe no gukwirakwiza kwinshi kwa AI, 5G, hamwe numuyoboro wibicu, byatumye uburyo bwibitero bya hackers bugenda bugorana. Hano hari inyandiko izwi cyane kuri Zhihu mu Bushinwa: "Abashakashatsi b'urusobe batiga umutekano barimo guca inzira yabo yo guhunga!" Aya magambo, nubwo akaze, afite ukuri.
Muri iki kiganiro, nzatanga isesengura rirambuye ryibitero umunani byibasiye urusobe, uhereye kumahame yabo nubushakashatsi bwakozwe kugeza ingamba zo kwirwanaho, nkabigira mubikorwa bishoboka. Waba uri mushya cyangwa umukambwe w'inararibonye ushaka guteza imbere ubuhanga bwawe, ubu bumenyi buzaguha kurushaho kugenzura imishinga yawe. Reka dutangire!
No.1 Igitero cya DDoS
Ikwirakwizwa rya Denial-of-Service (DDoS) ryibasiye seriveri cyangwa imiyoboro hamwe ninzira nini yimodoka yimpimbano, bigatuma bidashoboka kubakoresha byemewe. Ubuhanga busanzwe burimo umwuzure wa SYN numwuzure wa UDP. Muri 2024, raporo ya Cloudflare yerekanye ko ibitero bya DDoS byagize 40% byibitero byose byurusobe.
Mu 2022, urubuga rwa e-ubucuruzi rwibasiwe na DDoS mbere yumunsi w’abaseribateri, aho imodoka nyinshi zigeze kuri 1Tbps, bituma urubuga rugwa mu masaha abiri bikaviramo igihombo cya miliyoni icumi. Inshuti yanjye yari ishinzwe gutabara byihutirwa kandi yari hafi gusara kubera igitutu.
Nigute twakwirinda?
○Isuku ry'amazi:Kohereza CDN cyangwa DDoS serivisi zo gukingira (nka Alibaba Cloud Shield) kugirango ushungure traffic mbi.
○Umuyoboro mugari:Wibike 20% -30% yumurongo mugari kugirango uhangane numuvuduko utunguranye.
○Ikimenyetso cyo gukurikirana:Koresha ibikoresho (nka Zabbix) kugirango ukurikirane traffic mugihe nyacyo kandi witondere ibintu bidasanzwe.
○Gahunda yihutirwa: Gufatanya na ISP guhindura byihuse imirongo cyangwa guhagarika inkomoko yibitero.
No.2 Gutera inshinge SQL
Hackers binjiza kode mbi ya SQL mumwanya winjiza kurubuga cyangwa URL kugirango bibe amakuru yububiko cyangwa sisitemu yangiza. Mu 2023, raporo ya OWASP yavuze ko inshinge za SQL zagumye kuba kimwe mu bitero bitatu bya mbere by’urubuga.
Urubuga ruciriritse-ruciriritse rwurubuga rwumushinga wabangamiwe numusambo wateye imvugo "1 = 1", byoroshye kubona ijambo ryibanga ryumuyobozi, kubera ko urubuga rwananiwe gushungura abakoresha. Nyuma byaje kugaragara ko itsinda ryiterambere ritashyize mubikorwa kwemeza na gato.
Nigute twakwirinda?
○Ikibazo cya Parameterized:Abashinzwe iterambere inyuma bagomba gukoresha amagambo yateguwe kugirango birinde guhuza SQL mu buryo butaziguye.
○Ishami rya WAF:Urubuga rwa firewall (nka ModSecurity) rushobora guhagarika ibyifuzo bibi.
○Ubugenzuzi busanzwe:Koresha ibikoresho (nka SQLMap) kugirango usuzume intege nke hanyuma usubize ububiko bwububiko mbere yo gutobora.
○Igenzura:Abakoresha Ububikoshingiro bagomba guhabwa gusa amahirwe make yo gukumira igihombo cyuzuye cyo kugenzura.
No.3 Igitero cyambukiranya urubuga (XSS) Igitero
Inyandiko zambukiranya urubuga (XSS) yibye kwiba kuki zikoresha, indangamuntu zamasomo, nizindi nyandiko mbi mubitera mumapaji y'urubuga. Bashyizwe mubice byibasiwe, bibitswe, na DOM ishingiye. Muri 2024, XSS yagize 25% yibitero byose byurubuga.
Ihuriro ryananiwe gushungura ibitekerezo byabakoresha, ryemerera hackers gushyiramo kode yinyandiko no kwiba amakuru yinjira mubihumbi byabakoresha. Nabonye imanza aho abakiriya basabwaga kuri CNY 500.000 kubera iyi.
Nigute twakwirinda?
○Iyinjiza: Hunga abakoresha binjiza (nka kodegisi ya HTML).
○Ingamba za CSP:Emera politiki yumutekano yibirimo kugirango ugabanye inkomoko yinyandiko.
○Kurinda mushakisha:Shiraho imitwe ya HTTP (nka X-XSS-Kurinda) kugirango uhagarike inyandiko mbi.
○Gusikana ibikoresho:Koresha Burp Suite kugirango ugenzure buri gihe intege nke za XSS.
No.4 Kumena ijambo ryibanga
Hackers babona ijambo ryibanga ryumukoresha cyangwa umuyobozi binyuze mubitero bya brute-force, ibitero byamagambo, cyangwa injeniyeri. Raporo ya 2023 ya Verizon yerekanye ko 80% byinjira kuri cyber byari bifitanye isano nijambobanga ridakomeye.
Router ya societe, ikoresheje ijambo ryibanga risanzwe "admin," yinjiye byoroshye na hackers washyizeho inyuma. Injeniyeri wabigizemo uruhare yaje kwirukanwa, umuyobozi nawe arabazwa.
Nigute twakwirinda?
○Ijambobanga rigoye:Imbaraga 12 cyangwa nyinshi, inyuguti zivanze, imibare, nibimenyetso.
○Kwemeza ibintu byinshi:Gushoboza MFA (nka kode yo kugenzura SMS) kubikoresho bikomeye.
○Gucunga ijambo ryibanga:Koresha ibikoresho (nka LastPass) kugirango ucunge hagati kandi ubihindure buri gihe.
○Kugerageza Kugerageza:Aderesi ya IP ifunze nyuma yinshuro eshatu zananiwe kugerageza gukumira ibitero byubugome.
No.5 Umuntu-hagati-Igitero cyo hagati (MITM)
Hackers yivanga hagati yabakoresha na seriveri, guhagarika cyangwa guhindura amakuru. Ibi birasanzwe muri Wi-Fi rusange cyangwa itumanaho ridafite ibanga. Muri 2024, ibitero bya MITM byagize 20% byo guhumeka.
Wi-Fi yo mu iduka rya kawa yabangamiwe na ba hackers, bituma abakoresha batakaza ibihumbi icumi by’amadolari igihe amakuru yabo yafatwaga igihe binjiraga ku rubuga rwa banki. Ba injeniyeri nyuma bavumbuye ko HTTPS idashyirwa mubikorwa.
Nigute twakwirinda?
○Imbaraga HTTPS:Urubuga na API byanditseho TLS, kandi HTTP irahagarikwa.
○Kugenzura Icyemezo:Koresha HPKP cyangwa CAA kugirango wemeze ko icyemezo cyizewe.
○Kurinda VPN:Ibikorwa byunvikana bigomba gukoresha VPN kugirango uhishe traffic.
○Kurinda ARP:Kurikirana imbonerahamwe ya ARP kugirango wirinde kwangirika kwa ARP.
No.6 Igitero cyo kuroba
Hackers bakoresha imeri itemewe, imbuga za interineti, cyangwa ubutumwa bugufi kugirango bashuke abakoresha guhishura amakuru cyangwa gukanda kumurongo mubi. Mu 2023, ibitero by’uburobyi byagize 35% by’umutekano mucye.
Umukozi w'ikigo yakiriye imeri yumuntu uvuga ko ari shobuja, asaba kohererezanya amafaranga, arangije atakaza miliyoni. Nyuma byaje kugaragara ko imeri imeri ari impimbano; umukozi ntabwo yari yabigenzuye.
Nigute twakwirinda?
○Amahugurwa y'abakozi:Buri gihe kora amahugurwa yo kumenyekanisha umutekano wa cyber kugirango wigishe kumenya imeri imeri.
○Kurungurura imeri:Kohereza amarembo arwanya amafi (nka Barracuda).
○Kugenzura Imiterere:Reba indangarubuga yoherejwe hanyuma ushoboze politiki ya DMARC.
○Kwemeza kabiri:Ibikorwa byunvikana bisaba kugenzurwa kuri terefone cyangwa kumuntu.
No.7 Incungu
Ransomware ihishe amakuru y'abahohotewe kandi isaba incungu yo kubanga. Raporo ya Sophos 2024 yerekanaga ko 50% byubucuruzi ku isi hose byibasiwe nincungu.
Umuyoboro wibitaro wabangamiwe na LockBit incansomware, bitera ubumuga bwa sisitemu no guhagarika kubaga. Ba injeniyeri bamaranye icyumweru bagarura amakuru, bafite igihombo gikomeye.
Nigute twakwirinda?
○Ububiko busanzwe:Kurubuga hanze yububiko bwamakuru akomeye no kugerageza inzira yo kugarura.
○Gucunga ibice:Kuvugurura sisitemu na software byihuse kugirango ucomeke intege nke.
○Gukurikirana imyitwarire:Koresha ibikoresho bya EDR (nka CrowdStrike) kugirango umenye imyitwarire idasanzwe.
○Umuyoboro wo kwigunga:Gutandukanya sisitemu yoroheje kugirango ikumire virusi.
No.8 Igitero cyumunsi
Ibitero bya zeru bikoresha intege nke za software zitamenyekana, bikabagora cyane kubikumira. Mu 2023, Google yatangaje ko havumbuwe intege nke 20 z’umunsi wa zeru, inyinshi muri zo zikaba zarakoreshejwe mu kugaba ibitero.
Isosiyete ikoresha porogaramu ya SolarWinds yahungabanijwe n’intege nke zumunsi, bigira ingaruka kumurongo wose utanga. Ba injeniyeri ntibashoboye kandi bashoboraga gutegereza gusa.
Nigute twakwirinda?
○Kumenya kwinjira:Kohereza IDS / IPS (nka Snort) kugirango ukurikirane traffic idasanzwe.
○Isesengura rya Sandbox:Koresha sandbox kugirango utandukanye dosiye ziteye inkeke kandi usesengure imyitwarire yabo.
○Iterabwoba ryubwenge:Iyandikishe kuri serivisi (nka FireEye) kugirango ubone amakuru yanyuma yibibazo.
○Uburenganzira buke:Gabanya uruhushya rwa software kugirango ugabanye ubuso bwibitero.
Basangirangendo basangirangendo, ni ubuhe bwoko bw'ibitero wahuye nabyo? Kandi wabifashe ute? Reka tubiganireho kandi dukorere hamwe kugirango imiyoboro yacu irusheho gukomera!
Igihe cyo kohereza: Ugushyingo-05-2025
