Ko ngā kaihangarau whatunga, i te tirohanga tuatahi, he "kaimahi hangarau" noa iho e hanga ana, e arotau ana, e rapu raruraru ana i ngā whatunga, engari ko te mea pono, ko tātou te "rārangi tuatahi o te parepare" i roto i te haumarutanga tukutuku. I whakaatuhia e te pūrongo CrowdStrike o te tau 2024 kua piki ake ngā whakaekenga ipurangi o te ao mā te 30%, ā, neke atu i te 50 piriona yuan te nui o ngā mate o ngā kamupene Haina nā ngā take haumarutanga tukutuku. Kāore he aha ki ngā kiritaki ahakoa he tohunga whakahaere koe, he tohunga haumarutanga rānei; ina puta he aituā whatunga, ko te kaihangarau te tuatahi ki te pikau i te he. Kāore e warewarehia te whānui o te whakamahi i te AI, 5G, me ngā whatunga kapua, kua nui haere te matatau o ngā tikanga whakaeke a ngā kaipahua. He pou rongonui kei runga i a Zhihu i Haina: "Ko ngā kaihangarau whatunga kāore e ako ana i te haumarutanga kei te tapahi i tā rātou ake ara mawhiti!" Ahakoa he kino tēnei kōrero, he pono tonu.
I roto i tēnei tuhinga, ka whakaratohia e au he tātaritanga taipitopito mō ngā whakaeke whatunga e waru e kitea whānuitia ana, mai i ō rātou mātāpono me ngā rangahau take ki ngā rautaki parepare, kia mau tonu ai te mahi whai hua. Ahakoa he tauhou koe, he toa tawhito rānei e hiahia ana ki te whakapakari i ō pūkenga, mā tēnei mōhiotanga koe e whai mana ake ai ki ō kaupapa. Me tīmata tātou!
Whakaeke DDoS Nama 1
Ka taupokina ngā tūmau, ngā whatunga rānei e ngā whakaekenga Whakakore-Ratonga Tohatoha (DDoS) me te nui o ngā waka rūpahu, ka kore e taea e ngā kaiwhakamahi tika te uru atu. Ko ngā tikanga noa ko te waipuke SYN me te waipuke UDP. I te tau 2024, i whakaatuhia e tētahi pūrongo Cloudflare ko ngā whakaekenga DDoS te 40% o ngā whakaekenga whatunga katoa.
I te tau 2022, i pāngia tētahi tūāpapa hokohoko ipurangi e te whakaekenga DDoS i mua i te Rā o ngā Takitahi, ā, i eke te nui o te hunga e toro atu ana ki te 1 Tbps, ā, i hinga te paetukutuku mō ngā haora e rua, ā, i mate ai ngā miriona yuan. Ko tētahi o ōku hoa te kaiwhakahaere o te urupare ohorere, ā, tata tonu ia ki te haurangi i te pēhanga.
Me pēhea te ārai?
○Te Horoi Rere:Whakatūria ngā ratonga tiaki CDN, DDoS rānei (me hiahia pea koe ki te Mylinking™ Inline Bypass Tap/Switch) hei tātari i ngā waka kino.
○Te Whakapūtanga o te Whānuitanga o te Aratuku:Whakapūmautia te 20%-30% o te whānui o te hononga hei whakatau i ngā pikinga ohorere o ngā waka.
○Pūrongo Aroturuki:Whakamahia ngā taputapu (tērā pea ka hiahia koe ki te Mylinking™ Network Packet Broker) hei aroturuki i ngā waka i te wā tonu, hei whakatūpato hoki i ngā āhuatanga rerekē.
○Mahere ĀwhinaMahi tahi me ngā kaiwhakarato ratonga ipurangi ki te whakawhiti tere i ngā raina, ki te aukati rānei i ngā pūtake whakaeke.
Werohanga SQL Nama 2
Ka werowerohia e ngā kaipahua te waehere SQL kino ki ngā āpure whakauru paetukutuku, ki ngā URL rānei, hei tahae i ngā mōhiohio pātengi raraunga, hei kino rānei i ngā pūnaha. I te tau 2023, i kī tētahi pūrongo a OWASP ko te werowero SQL tētahi o ngā whakaeke tukutuku matua e toru.
I takahia te paetukutuku o tētahi umanga iti-ki-waenga e tētahi kaipahua i whakauru i te tauākī "1=1", ā, i ngāwari te whiwhi i te kupuhipa a te kaiwhakahaere, nā te mea i rahua te paetukutuku ki te tātari i ngā tāurunga a te kaiwhakamahi. Nō muri mai ka kitea kāore te tīma whakawhanake i whakatinana i te whakamana tāuru.
Me pēhea te ārai?
○Uiui kua whakarārangihia:Me whakamahi ngā kaiwhakawhanake papamuri i ngā tauākī kua whakaritea kia kore ai e hono tika a SQL.
○Tari WAF:Ka taea e ngā pareārai taupānga tukutuku (pēnei i te ModSecurity) te aukati i ngā tono kino.
○Arotake Auau:Whakamahia ngā taputapu (pēnei i te SQLMap) hei matawai i ngā ngoikoretanga me te tārua i te pātengi raraunga i mua i te whakatikatika.
○Mana Whakauru:Me hoatu noa ki ngā kaiwhakamahi pātengi raraunga ngā mana iti rawa hei ārai i te ngaronga katoa o te mana whakahaere.
Whakaekenga XSS (XSS) Nama 3
Ka tahaetia e ngā whakaekenga tuhinga whakawhiti-pae (XSS) ngā pihikete kaiwhakamahi, ngā ID wātū, me ētahi atu tuhinga kino mā te werohanga i ēnei ki roto i ngā whārangi tukutuku. Ka whakarōpūtia ēnei ki ngā whakaeke whakaata, ngā whakaeke rongoa, me ngā whakaeke DOM. I te tau 2024, ko te XSS te 25% o ngā whakaeke tukutuku katoa.
I rahua te tātari a tētahi huihuinga i ngā kōrero a ngā kaiwhakamahi, ā, i taea ai e ngā kaipahua te whakauru i te waehere tuhinga me te tahae i ngā mōhiohio takiuru mai i ngā mano tini o ngā kaiwhakamahi. Kua kite ahau i ngā take i tangohia kinotia ai ngā kiritaki mō te CNY500,000 yuan nā tēnei.
Me pēhea te ārai?
○Tātari tāuru: Mawhiti i te tāuru a te kaiwhakamahi (pēnei i te whakawaehere HTML).
○Rautaki CSP:Whakahohehia ngā kaupapa here haumarutanga ihirangi hei whakawhāiti i ngā pūtake tuhinga.
○Te tiakitanga o te pūtirotiro:Tautuhia ngā pane HTTP (pēnei i te X-XSS-Protection) hei aukati i ngā hōtuhi kino.
○Matawai Taputapu:Whakamahia te Burp Suite hei tirotiro i ngā ngoikoretanga o te XSS i ia wā.
Nama 4 o te Pakaru Kupuhipa
Ka whiwhi ngā kaipahua i ngā kupuhipa a te kaiwhakamahi, a te kaiwhakahaere rānei mā roto i ngā whakaekenga kaha-kino, ngā whakaekenga papakupu, te hangarau pāpori rānei. I whakaatuhia e te pūrongo a Verizon i te tau 2023, e 80% o ngā takahi ipurangi i pā ki ngā kupuhipa ngoikore.
I ngāwari te takiuru o tētahi kaipahua ki te pouara a tētahi kamupene, e whakamahi ana i te kupuhipa taunoa "admin," nāwai rā i whakatō he tatau muri. I muri mai ka panaia te miihini i whai wāhi atu, ā, i whai kawenga anō hoki te kaiwhakahaere.
Me pēhea te ārai?
○Ngā Kupuhipa Uaua:Me whakamahi kia 12, neke atu rānei ngā pūāhua, me ngā reta, ngā tau, me ngā tohu whakauru.
○Motuhēhēnga Maha-wāhanga:Whakahohehia te MFA (pēnei i te waehere manatoko SMS) i runga i ngā taputapu nui.
○Whakahaere Kupuhipa:Whakamahia ngā taputapu (pēnei i a LastPass) hei whakahaere ā-pokapū, ā, hurihia i ia wā.
○Ngā Whakawhāiti Nganatanga:Ka raka te wāhitau IP i muri i ngā nganatanga takiuru e toru kāore i angitu hei ārai i ngā whakaekenga brute-force.
Whakaeke Tangata-i-Waenganui Nama 5 (MITM)
Ka wawao ngā kaipahua i waenga i ngā kaiwhakamahi me ngā tūmau, ka haukoti, ka whakarerekē rānei i ngā raraunga. He mea noa tēnei i roto i te Wi-Fi tūmatanui, i ngā whakawhitiwhiti kōrero kore-whakamuna rānei. I te tau 2024, ko ngā whakaeke MITM te 20% o te hongi whatunga.
I takahia te Wi-Fi o tētahi whare kawhe e ngā kaipahua, ā, i ngaro ngā mano tāra i ngā kaiwhakamahi i te wa i haukotia ai ā rātou raraunga i a rātou e takiuru ana ki te paetukutuku a te peeke. Nō muri mai ka kitea e ngā miihini kāore te HTTPS i te whakatinanahia.
Me pēhea te ārai?
○Whakahauhia te HTTPS:Kua whakamunahia te paetukutuku me te API ki te TLS, ā, kua monoa te HTTP.
○Manatoko Tiwhikete:Whakamahia te HPKP, te CAA rānei hei whakarite he pono te tiwhikete.
○Te Parenga VPN:Me whakamahi te VPN i ngā mahi tairongo hei whakamuna i ngā waka.
○Te tiakitanga ARP:Aroturukihia te ripanga ARP hei ārai i te tinihanga ARP.
Whakaekenga Hītinihanga Nama 6
Ka whakamahia e ngā kaipahua ngā īmēra, ngā paetukutuku, ngā karere kuputuhi rānei hei tinihanga i ngā kaiwhakamahi kia whakakitea ngā mōhiohio, kia pāwhiritia rānei ngā hononga kino. I te tau 2023, e 35% o ngā aituā haumarutanga tukutuku i puta mai i ngā whakaekenga hītinihanga.
I whiwhi īmēra tētahi kaimahi o tētahi kamupene mai i tētahi tangata e kī ana ko ia tōna rangatira, e tono ana kia tukuna he moni, ā, i ngaro miriona tāra i a ia. Nō muri mai ka kitea he rūpahu te rohe īmēra; kāore i manatokohia e te kaimahi.
Me pēhea te ārai?
○Whakangungu Kaimahi:Whakahaerehia he whakangungu mō te mōhiotanga ki te haumarutanga tukutuku i ia wā, hei ako me pēhea te tautuhi i ngā īmēra hītinihanga.
○Tātari Īmēra:Whakatūria he kēti ārai-phishing (pēnei i a Barracuda).
○Manatoko Rohe:Tirohia te rohe o te kaituku, ā, whakahohea te kaupapa here DMARC.
○Whakaū Takirua:Me manatoko mā te waea, mā te kanohi ki te kanohi rānei mō ngā mahi tairongo.
Nama 7 Ransomware
Ka whakamunatia e te Ransomware ngā raraunga a ngā tāngata i pāngia, ā, ka tono utu mō te wetewete. I whakaatuhia e te pūrongo a Sophos i te tau 2024, e 50% o ngā pakihi puta noa i te ao kua pāngia e ngā whakaekenga ransomware.
I pakaru te whatunga o tētahi hōhipera i te pūmanawa LockBit ransomware, ā, ka pāngia te pūnaha e te mate urutā, ka mutu hoki ngā mahi pokanga. Kotahi wiki te roa o te mahi a ngā kaihangarau ki te whakaora i ngā raraunga, ā, he nui ngā mate i pā mai.
Me pēhea te ārai?
○Tārua Auau:Te tārua i ngā raraunga matua i waho o te papaanga me te whakamātautau i te tukanga whakaora.
○Whakahaere Papaki:Whakahōu wawe tonu i ngā pūnaha me ngā pūmanawa hei whakakore i ngā ngoikoretanga.
○Te Aroturukitanga Whanoke:Whakamahia ngā taputapu EDR (pēnei i a CrowdStrike) hei kite i ngā whanonga rerekē.
○Whatunga Wehewehe:Te wehewehe i ngā pūnaha tairongo hei ārai i te horapa o ngā huaketo.
Nama 8 Whakaekenga Kore-Rā
Ka whakamahia e ngā whakaekenga Zero-day ngā ngoikoretanga pūmanawa kāore i whakaaturia, ā, ka tino uaua ki te ārai. I te tau 2023, i pūrongo a Google i te kitenga o ngā ngoikoretanga zero-day e 20, he nui te mōrearea, he maha i whakamahia mō ngā whakaekenga mekameka tuku.
I raru tētahi kamupene e whakamahi ana i te pūmanawa SolarWinds i tētahi ngoikoretanga zero-day, ā, i pāngia tana mekameka tuku katoa. Kāore i taea e ngā kaihangarau te āwhina, ā, ko te tatari anake mō tētahi whakatikatika.
Me pēhea te ārai?
○Te Kitenga o te Urupare:Whakatūria ngā IDS/IPS (pēnei i a Snort) hei aroturuki i ngā waka rererangi tauhou.
○Tātaritanga Pouaka Oneone:Whakamahia he pouaka onepū hei wehe i ngā kōnae whakapae me te tātari i ō rātou whanonga.
○Te Mātauranga mō te Tūkino:Ohauru ki ngā ratonga (pēnei i a FireEye) kia whiwhi ai i ngā mōhiohio hou mō ngā ngoikoretanga.
○Ngā Mana Motuhake:Whakawhāitihia ngā whakaaetanga pūmanawa hei whakaiti i te mata o te whakaeke.
E ngā mema whatunga, he aha ngā momo whakaeke kua tūtaki koutou? Ā, me pēhea tā koutou whakahaere i aua whakaeke? Me kōrero tahi tātou mō tēnei, me mahi tahi hoki kia kaha ake ai ā tātou whatunga!
Wā tuku: Whiringa-ā-rangi-05-2025
