Samu Demo
Shiga

Kun Bayyana Kanku Kwanan nan?

by Sep 14, 2023BI/Analytics0 comments

 

Muna magana ne game da tsaro a cikin gajimare

Fiye da Bayyanawa

Bari mu sanya shi haka, me kuke damuwa da fallasa? Menene mafi kyawun kadarorinku? Lambar Tsaron Ku? Bayanin asusun ajiyar ku na banki? Takardun sirri, ko hotuna? Maganar zuriyar ku ta crypto? Idan kuna sarrafa kamfani, ko kuma ke da alhakin adana bayanai, kuna iya damuwa game da nau'ikan bayanan da aka lalata, amma akan ab.roade sikelin. Abokan cinikin ku sun ba ku amanar kare bayanansu.

A matsayinmu na masu amfani, muna ɗaukar tsaron bayanan mu a banza. Sau da yawa a kwanakin nan ana adana bayanai a cikin gajimare. Yawancin dillalai suna ba da sabis waɗanda ke ba abokan ciniki damar adana bayanai daga kwamfutocin gida zuwa ga gajimare. Yi la'akari da shi azaman rumbun kwamfyuta mai kama-da-wane a sararin sama. Ana tallata wannan azaman hanya mai aminci da dacewa don kare bayananku. Dace, i. Kuna iya dawo da fayil ɗin da kuka goge bisa kuskure. Za ka iya mayar da gaba ɗaya rumbun kwamfutarka wanda bayanai suka lalace.

Amma lafiya? An ba ku makulli da maɓalli. Makullin shine, yawanci, sunan mai amfani da kalmar sirri. An rufaffen shi kuma a gare ku kaɗai aka sani. Shi ya sa masana tsaro ke ba da shawarar kiyaye kalmar sirri ta sirri. Idan wani ya sami damar yin amfani da kalmar wucewa ta ku, suna da maɓallin kama-da-wane na gidan kama-da-wane.

Kun san duk wannan. Kalmar wucewar ku zuwa sabis ɗin girgije mai tsayi tsawon haruffa 16, ya ƙunshi manyan haruffa da ƙananan haruffa, lambobi da wasu haruffa na musamman ma'aurata. Kuna canza shi duk bayan wata shida saboda kun san hakan yana sa ya zama mai wahala ga hacker. Ya bambanta da sauran kalmomin shiga - ba kwa amfani da kalmar sirri iri ɗaya don shafuka masu yawa. Me zai iya faruwa ba daidai ba?

Wasu kamfanoni suna ba da abin da suka yi wa alama a matsayin "Personal Cloud." Yamma Digital yana ɗaya daga cikin waɗannan kamfanoni waɗanda ke ba da hanya mai sauƙi don adana bayanan ku zuwa sararin samaniya na ku a cikin gajimare. Akwai ma'ajiyar hanyar sadarwa ta intanet. Yana shigar da na'ura mai ba da hanya tsakanin hanyoyin sadarwa na Wi-Fi don ku iya samun dama ga shi daga ko'ina cikin hanyar sadarwar ku. A saukake, saboda shima yana da haɗin Intanet, zaku iya samun damar bayanan sirri daga ko'ina cikin intanit. Tare da dacewa yana zuwa haɗari.

Matsayi Mai Raɗaɗi

A farkon wannan shekarar, masu kutse sun shiga kasashen Yamma Digital's tsarin kuma sun sami damar zazzage kusan Tb na bayanai 10. Masu aika wasiƙar baƙi sun riƙe bayanan don fansa kuma sun yi ƙoƙarin yin shawarwari a arewacin dalar Amurka 10,000,000 don dawo da bayanan lafiya. Data kamar mai. Ko watakila zinari shine mafi kyawun kwatance. Daya daga cikin masu satar bayanan yayi magana akan sharadin boye sunansa. Ha! TechCrunch ya yi hira da shi a lokacin da yake cikin wannan yarjejeniya ta kasuwanci. Abin da ke da ban sha'awa shi ne cewa bayanan da aka lalata sun haɗa da Yammacin Turai Digital's code-signing certificate. Wannan shine daidai fasaha na duban ido. An yi nufin takaddun shaida don tabbatar da gano mai shi ko mai ɗauka. Tare da wannan kama-da-wane na duban ido, ba a buƙatar kalmar sirri don samun damar samun bayanan “amintattu”. A takaice dai, tare da wannan takardar shaidar wannan ɗan kasuwan baƙar hula zai iya tafiya daidai a ƙofar gaban gidan digital fadar.

Western Digital ya ki yin tsokaci dangane da ikirarin mai satar cewa har yanzu suna cikin hanyar sadarwar WD. Dan kutsen da ba a bayyana sunansa ba ya nuna rashin jin dadinsa ga wakilan kasashen yamma Digital ba zai dawo kiransa ba. A hukumance, a cikin a latsa release, Yamma Digital ya sanar da cewa, "Bisa binciken har zuwa yau, Kamfanin ya yi imanin cewa ƙungiyar da ba ta da izini ta sami wasu bayanai daga tsarinta kuma tana aiki don fahimtar yanayi da iyakokin wannan bayanan." Don haka, Western Digital inna ce, amma hacker yana ta zage-zage. Dangane da yadda suka yi, dan damfara ya bayyana yadda suka yi amfani da raunin da aka sani kuma suka sami damar yin amfani da bayanai a cikin gajimare a matsayin mai gudanarwa na duniya.

Mai gudanarwa na duniya, ta yanayin rawar, yana da damar yin amfani da komai. Ba ya buƙatar kalmar sirrinku. Yana da babban maɓalli.

Western Digital Ba Shi kaɗai ba

A binciken shekarar da ta gabata ta gano cewa kashi 83% na kamfanonin da aka yi binciken sun samu fiye da ɗaya keta bayanan, 45% na tushen girgije ne. The matsakaita kudaden da aka kashe na karya bayanai a Amurka ya kai dalar Amurka miliyan 9.44. An rarraba farashi zuwa nau'ikan farashi guda huɗu - kasuwancin da ya ɓace, ganowa da haɓakawa, sanarwa da martanin warwarewa. (Ban tabbatar da wane nau'in fansa na bayanan yake ciki ba. Ba a bayyana ko ɗaya daga cikin waɗanda aka amsa ya biya buƙatun fansa ba.) Matsakaicin lokacin da ƙungiyar ke ɗauka don ganowa da kuma amsa wani saɓawar bayanai shine kusan watanni 9. Ba abin mamaki ba ne cewa watanni da yawa bayan Yammacin Turai Digital da farko sun amince da keta bayanan, har yanzu suna kan bincike.

Yana da wuya a faɗi ainihin kamfanoni nawa ne suka sami saɓawar bayanai. Na san babban kamfani mai zaman kansa wanda ransomware ya kai hari. Masu su sun ki yin shawarwari kuma ba su biya ba. Wannan yana nufin, a maimakon haka, batattu imel da fayilolin bayanai. Sun zaɓi sake gina komai daga madadin da ba su da cuta da sake shigar da software. Akwai gagarumin raguwa-lokaci da asarar yawan aiki. Wannan taron bai taɓa kasancewa a cikin kafofin watsa labarai ba. Wannan kamfani ya yi sa'a saboda 66% na kanana zuwa matsakaitan kamfanoni waɗanda ransomware suka kai wa hari suna ƙarewa daga kasuwanci cikin watanni 6.

  • Shafukan yanar gizo 30,000 ne hacked kullum
  • 4 miliyan fayiloli ne sata kowace rana
  • 22 biliyan records sun kasance an warware a 2021

Idan kun taɓa yin kasuwanci da, ko amfani da sabis ɗin Capital One, Marriott, Equifax, Target ko Uber, yana yiwuwa an lalata kalmar sirrinku. Kowanne daga cikin waɗannan manyan kamfanoni ya sha fama da keta bayanai.

 

  • Capital One: Dan damfara ya sami dama ga kwastomomi miliyan 100 da masu nema ta hanyar amfani da rauni a cikin ababen more rayuwa na girgijen kamfanin.
  • Marriott: Wani keta bayanai ya fallasa bayanai kan abokan ciniki miliyan 500 (wannan laifin ya kasance ba a gano shi ba tsawon shekaru 4).
  • Equifax: Bayanan sirri a cikin gajimare akan abokan ciniki miliyan 147 an fallasa su.
  • Manufa: Masu laifin yanar gizo sun sami damar lambobin katin kiredit miliyan 40.
  • Uber: Masu kutse sun lalata kwamfutar tafi-da-gidanka tare da samun damar masu amfani da miliyan 57 da direbobi 600,000.
  • LastPass[1]: Masu satar bayanai sun saci bayanan abokan ciniki miliyan 33 a cikin karyar ajiyar girgije na wannan kamfanin sarrafa kalmar sirri. Maharin ya sami damar yin amfani da ma'ajiyar girgije ta Lastpass ta amfani da "maɓallin samun damar ajiyar girgije da maɓallan ɓarna ma'ajiyar ajiya guda biyu" da aka sace daga mahallin haɓakarsa.

Kuna iya bincika don ganin ko an fallasa ku a cikin keta bayanan da aka yi a wannan gidan yanar gizon: An yi mani sata? Buga adreshin imel ɗin ku kuma zai nuna maka adadin saɓanin bayanai nawa aka sami adireshin imel ɗin a ciki. Misali, na buga ɗaya daga cikin adiresoshin imel ɗina na gano cewa ya kasance wani sashe na 25 na keta bayanai daban-daban, gami da Evite. , Dropbox, Adobe, LinkedIn da Twitter.

Rinjaye Marasa Soyayya

Wataƙila ba za a taɓa samun amincewar jama'a daga Yammacin Turai ba Digital na ainihin abin da ya faru. Lamarin ya kwatanta abubuwa guda biyu: bayanai a cikin gajimare suna da tsaro kawai kamar yadda masu kiyaye shi kuma masu kiyaye maɓallan suna buƙatar yin taka tsantsan. Don fassara ƙa'idar Peter Parker, tare da samun tushen tushen yana da nauyi mai girma.

Don zama daidai, tushen mai amfani da mai gudanarwa na duniya ba daidai suke ba. Dukansu suna da iko da yawa amma yakamata su kasance asusu daban. Tushen mai amfani ya mallaki kuma yana da damar yin amfani da asusun gajimare na kamfani a matakin mafi ƙanƙanci. Don haka, wannan asusun zai iya share duk bayanai, VMs, bayanan abokin ciniki - duk abin da kasuwanci ya amintu a cikin gajimare. A cikin AWS, akwai kawai 10 ayyuka, gami da kafawa da rufe asusun ku na AWS, wanda ke buƙatar samun tushen tushen gaske.

Ya kamata a ƙirƙiri asusun gudanarwa don yin ayyukan gudanarwa (duh). Yawanci akwai asusun Gudanarwa da yawa waɗanda galibi na mutum ne, sabanin tushen asusun guda ɗaya. Saboda an haɗa asusun Gudanarwa da mutum, zaka iya saka idanu cikin sauƙi wanda ya canza canjin yanayi.

Mafi Karancin Gata don Matsakaicin Tsaro

Binciken keta bayanan ya yi nazarin tasirin abubuwa 28 akan tsananin keta bayanan. Yin amfani da tsaro na AI, tsarin DevSecOps, horar da ma'aikata, ganewar asali da kuma samun dama, MFA, nazarin tsaro duk sunyi tasiri mai kyau wajen rage yawan adadin dala da aka rasa a cikin wani lamari. Ganin cewa, gazawar yarda, tsarin tsarin tsaro, ƙarancin ƙwarewar tsaro, da ƙaurawar girgije sune abubuwan da suka ba da gudummawar haɓakar haɓakar madaidaicin ƙimar satar bayanai.

Yayin da kuke yin ƙaura zuwa gajimare, kuna buƙatar zama a faɗake fiye da kowane lokaci wajen kare bayananku. Anan akwai ƙarin hanyoyi don rage haɗarin ku da gudanar da yanayi mafi aminci daga a tsaro ra'ayi:

1. Tabbatar da Muli-factor: tilasta MFA don tushen da duk asusun Gudanarwa. Ko mafi kyau, yi amfani da na'urar MFA ta zahiri. Mai yuwuwar hacker ba zai buƙaci sunan asusun da kalmar sirri kaɗai ba, har ma da MFA na zahiri wanda ke haifar da lambar aiki tare.

2. Ƙarfi a ƙananan lambobi: Iyakance wanda ke da damar zuwa tushen. Wasu masana tsaro sun ba da shawarar cewa ba za su wuce masu amfani da 3 ba. Sarrafa tushen samun damar mai amfani ba da gangan ba. Idan kun aiwatar da gudanarwar ainihi da kuma kashe-kashe babu inda kuma, yi a nan. Idan daya a cikin da'irar amana ya bar kungiyar, canza tushen kalmar sirri. Mai da na'urar MFA.

3. Gatan Asusun Tsohuwar: Lokacin samar da sababbin asusun mai amfani ko matsayi, tabbatar da cewa an ba su mafi ƙarancin gata ta tsohuwa. Fara da ƙaƙƙarfan tsarin shiga sannan ba da ƙarin izini kamar yadda ake buƙata. Ka'idar samar da mafi ƙarancin tsaro don cim ma ɗawainiya shine samfurin da zai wuce ƙa'idodin kiyaye tsaro na SOC2. Manufar ita ce kowane mai amfani ko aikace-aikacen yakamata ya sami mafi ƙarancin tsaro da ake buƙata don yin aikin da ake buƙata. Mafi girman gata da aka lalata, mafi girman haɗarin. Akasin haka, ƙananan gata da aka fallasa, ƙananan haɗarin.

4. Abubuwan Gata: Yi nazari akai-akai da sake duba gatan da aka ba masu amfani, ayyuka, da asusu a cikin yanayin girgijen ku. Wannan yana tabbatar da cewa mutane suna da izini kawai don yin ayyukan da aka keɓe.

5. Gudanar da Identity da Gata na Lokaci-lokaci: Gano da soke duk wani gata da ya wuce kima ko mara amfani don rage haɗarin shiga mara izini. Bayar da haƙƙin samun dama ga masu amfani kawai lokacin da suke buƙatar su don takamaiman aiki ko ƙayyadadden lokaci. Wannan yana rage girman harin kuma yana rage taga dama don barazanar tsaro. https://www.cnbc.com/2022/10/20/former-hacker-kevin-mitnick-tips-to-protect-your-personal-info-online.html

6. Abubuwan da aka haɗa: Hana hard-coding na ingantacciyar shaida (sunan mai amfani, kalmar sirri, maɓallan shiga) a cikin rubutun, ayyuka, ko wata lamba. A maimakon haka duba cikin a mai sarrafa sirri wanda za ku iya amfani da shi don maido da takaddun shaida ta shirye-shirye.

7. Ƙimar-as-Code (IaC) Kanfigareshan: Rike mafi kyawun ayyuka na tsaro lokacin daidaita kayan aikin girgije ta amfani da kayan aikin IaC kamar AWS CloudFormation ko Terraform. Guji ba da damar jama'a ta tsohuwa kuma iyakance damar samun albarkatu zuwa amintattun cibiyoyin sadarwa, masu amfani, ko adiresoshin IP kawai. Yi amfani da ingantaccen izini da hanyoyin sarrafawa don aiwatar da ƙa'idar mafi ƙarancin gata.

8. Shiga Ayyukan Ayyuka: Ba da damar shigar da cikakkun bayanai da lura da ayyuka da abubuwan da suka faru a cikin yanayin girgijen ku. Ɗauki da bincika rajistan ayyukan don kowane sabon abu ko mai yuwuwar ayyuka na mugunta. Aiwatar da ingantaccen log log da bayanan tsaro da hanyoyin sarrafa taron (SIEM) don ganowa da ba da amsa ga abubuwan tsaro da sauri.

9. Gwaje-gwajen Lalacewar Na Yau da kullum: Yi kimanta rashin ƙarfi na yau da kullun da gwajin shiga don gano raunin tsaro a cikin yanayin girgijen ku. Faci da gyara duk wani lahani da aka gano da sauri. Ci gaba da bin diddigin sabuntawar tsaro da facin da aka saki daga mai samar da girgijen ku kuma tabbatar an yi amfani da su da sauri don kariya daga sanannun barazanar.

10. Ilimi da Training: Haɓaka al'adar wayar da kan tsaro da ba da horo na yau da kullun ga ma'aikata game da mahimmancin ƙa'idar mafi ƙarancin gata. Ilimantar da su game da yuwuwar haɗarin da ke da alaƙa da gata da yawa da mafi kyawun ayyuka da za a bi yayin samun dama da sarrafa albarkatu a cikin yanayin girgije.

11. Faci da Sabuntawa: Rage lahani ta hanyar sabunta duk software na uwar garken akai-akai. Kiyaye kayan aikin girgijen ku da aikace-aikacen da ke da alaƙa har zuwa yau don karewa daga sanannun lahani. Masu samar da girgije galibi suna sakin facin tsaro da sabuntawa, don haka kasancewa tare da shawarwarin su yana da mahimmanci.

Trust

Ya zo ƙasa don amincewa - samar da kawai waɗanda ke cikin ƙungiyar ku amana don cim ma ayyukan da suke buƙatar yi don samun aikinsu. Masana tsaro sun ba da shawarar Zero Dogara. Tsarin tsaro na Zero Trust ya dogara ne akan mahimman ka'idoji guda uku:

  • Tabbatarwa a sarari - Yi amfani da duk abubuwan da ake samu don tabbatar da ainihin mai amfani da samun dama.
  • Yi amfani da mafi ƙarancin gata - a cikin lokaci da isasshen tsaro.
  • Ɗauki ƙetare - ɓoye komai, yi amfani da nazari mai fa'ida kuma sami martanin gaggawa a wurin.

A matsayin mabukaci na gajimare da sabis na gajimare, ya kuma sauko don dogara. Dole ne ku tambayi kanku, "Shin na amince da mai siyarwa na ya adana bayanana masu tamani a cikin gajimare?" Dogara, a wannan yanayin, yana nufin cewa ka dogara ga wannan kamfani, ko mai kama da shi, don sarrafa tsaro kamar yadda muka bayyana a sama. A madadin, idan kun amsa a cikin mara kyau, kuna shirye don yin nau'ikan ayyukan sarrafa tsaro iri ɗaya a cikin gidan ku. Shin kun amince da kanku?

A matsayin kamfani da ke ba da sabis a cikin gajimare, abokan ciniki sun sanya amanarsu a gare ku don kiyaye bayanan su a cikin kayan aikin girgijen ku. Tsari ne mai gudana. Kasance da masaniya game da barazanar da ke fitowa, daidaita matakan tsaro daidai da haka, kuma haɗa kai tare da ƙwararrun ƙwararru ko masu ba da shawara kan tsaro don tabbatar da cikakkiyar kariya ga kasuwancin ku a cikin yanayin girgije mai tasowa koyaushe.

 

  1. https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/

 

load More