Mmoa

Amansan mmoa

Dwumadie panee no ho nsem

Shadowserver Dwumadie panee no de nkontaabu a ekoron a ekyere ho nsem a Shadowserver boaboa ano na ekyekye wo ne da biara dwumadi mu wo amanneebo a eboro 100 da biara mu. Adansedie no ma kwan ma hu ohyee a wohyee no, Ahoohyee no, nhyehyee a emfata no, nkitahodie nkitahodie no ne ntua no no ho nsunsuanso. Dee wode di dwuma wo nkrataa mu no fa IP ho nsem pii a efa network anaa omantam bi ho. Shadowserver Dwumadie panee no mma kwan mma nketenkete yi. Mmom no, ede nkontaabu a ekoron a ekyere saa nnwuma yi. Eyi ma wonya nsunsuanso a eresisi nnansa yi ara, ahobammo, ne nsem a esisi a ema nnipa a wowo mpotam ho hu tebea no, na bere koro no ara nso, ema won a wofa mu no hu se obiara nnim won din.

Abodin ne nkrataa

Woahyehye nsem a wode ba ho nsem no wo abodin ne nkrataa. Nkyerekyeremu abodin no ye nkrataa ahorow a woakyekyere wo okwan bi so. Asoduro no nnyinaso ne honeypot, population, scan, sinkhole. Nnipakuw no ne nhwehwemu no nyinaa ye nhwehwemu a watwe adwene asi so, a nnipakuw no ye nkyerekyere a' yede kyere nkyerekyeremu no adi dwuma a' won nni ahobanbo/ahobanbo ho nhwehwemu. A 6 nkekaho no gyina ho ma IPv6 nkrataa (won a wonni nkekaho no nyinaa gyina ho ma IPv4 ho nsem).

Nkyerekyeremu tumi nya nnidisoo a efa ho a ema asem a wode ma no ho. Se nhweso no, nkrataa ma scan Wobehu nsunsuansoo ahorow a ewo hwehwe ho ankasa (sedee. asem/ahyehyeee a wohwehwe mu te se telnet, ftp ne rdp). Nkrataa ma no sinkhole na ebeda no adi se malware mmusua ankasa a wode won ho rehye sinkhole mu (sedee. afidie a wode malware abusua bi a te se adload, andromeda ne necurs).

Nkrataa ahodoo a etwa se yehyehye wo kasa ahodoo mu no nso wo ho.

Saa ara nso na ye de nkuraasee foforo nso rehye asee de akyere nsunsuansoo a ewo nnipa a won ho ye hu anaa won a won ho ye hu so - se nhwesoo no, http_vulnerable anaa compromised_website. Saa nnooma yi wo nkrataa a ekyere CVE ahobammo potee, won a woton no anaa nnwumakuo a won ho aka no anaa nsem a efa backdoors, webshells anaa implant ho. Nhwesoo bi http_vulnerable anka ebeye citrix anaa cve-2023-3519.

Awiei koraa no, se yede nneema pii ka yen nkrataa a yehyehye no ho a, ema yenya nkrataa pii. Wei kyere se, se yehwe mu a, yebetumi aka se nneema foforo wo ho a yebetumi apaw. Se nhweso no, ewom se snmp ye agyirahyede a ewo source so scan, wosan nso kyere se eye nsunsuansoo. Eyi ma yetumi de nsunsuanso a efi snmp hwehwe mu ba a ema yetumi hu nsunsuanso a efi snmp hwehwe mu a ene ahobammo te se cve-2017-6736.

Nkrataa nketewa a efa nsem ho: Akwankyere panee a ewo benkum

Wode data a woayi no adi no fa akwan ahodoo pii a wofa so nya no bi te se sinkholing, hwehwe ne honeypots. Saa nkyerekyeremu atitire yi a yede kyerewtoho ahorow no di dwuma wo Akwankyere panee a ewo benkum, wmu biara wo nsem a ekyerekyere se eye nsem foforo.

Botae no ne se ebeboa ama obi atumi ahome ntemntem wo baabi potee abodin nkyereso. Se nhweso no:

  • Sinkholes - ma adansedie a woakyekye no fa abodin so no ho nhyehyee sinkhole. Afei wobetumi ahwe sinkhole ho nsunsuanso bi denam agyirahyede anaa nkrataa akuw bi a wobepaw so.
  • Hwehwe - ma adansedie a woakyekye no fa abodin so no ho nhyehyee scan (Saa ofa yi wo nsunsuansoo a efiri sikan mu ma dwumadie bi a efa ahobanbo ho, wobetumi nso ahwe nkorofoo nsunsuansoo a efiri sikan mu denam abodin a wobepaw no so population mmom). Afei wobetumi ahwe sinkhole ho nsunsuanso bi denam agyirahyede anaa nkrataa akuw bi a wobepaw so.
  • Honeypots - ma adansedie a woakyekye no fa abodin so no ho nhyehyee honeypot. Afei, wobetumi ahwehwe aba bi a ewo honeypot mu denam agyiraehyede anaa agyiraehyede akuw bi a wobepaw so.
  • DDoS - ma adansedie a woakyekye no fa abodin so no ho nhyehyee honeypot_ddos_amp. Eyi ye hye DDoS atom den a won a won ani da so wo oman/mman potee bi mu no hu. Afei wobetumi ahu senea wohye dwumadie bi mu den denam agyiraehyede anaa agyiraehyede akuw bi a wobepaw so.
  • ICS - ma adansedie a woakyekye no fa abodin so no ho nhyehyee ics (ne nsunsuansoo a efiri hwehwe mu a efiri Adwumakuo a wohwe dwumadie so no nhyehyemu). Afei wobetumi ahwe amanne a wode di dwuma no denam agyiraehyede anaa agyiraehyede akuw bi a wobepaw so.
  • Web CVEs - ma adansedie a woakyekye mu wo akuw ahorow so no ho nsunsuanso http_vulnerable ne exchange. Saa nneema yi ye web dwumadi a eye hu a CVE na etaa hu wo yen nhwehwemu mu. Wobetumi ahwehwe CVE anaa nnwinnade a efa ho denam agyiraehyede anaa agyiraehyede akuw bi a wobepaw so.

Wobetumi ahyehye nkrataa a wode asisi ho no mu nsem wo aman, anaa aman akuw, nsasepon, ne nsasepon ahorow so.

Woakyere Adansedie biara mu nso wo “Saa nsem yi ho” mu.

Yesre se wohye no nsow se, wo wo adansedie pii a ewo ho a enni nea woaka ho asem no so. Se mfatoho no, beacon Wobetumi ahwehwe afidie C2 a yehu wͻ yen hwehwe mu no, na wanya compromised_website ebema woatumi ahwehwe web no awiei a woahwe ase wo yen nhwehwemu no mu..

Akwankyere panee a ewo soro

Akwankyere panee a ewo soro ema kwan ma akwan ahodoo a wofa so ye mfonini de kyere data mu, ene se wode behwe afiri a wode hu nnipa ne atoyerenkyem no ho nsem a wohwe so.

Amansan nkontaabuo

Amansan nkontaabuo bi ne tumi a wode behwe abodin ne agyirahyede denam eyi so:

  • Wiase nkrataa - Wiase nkrataa kyerekyere a wayi abodin ne nkrataa. Nkrataa ahodoo a etwa se yehyehye bi ne: tumi a wo de besesa kyerewsem no na ama watumi ada agyirahyede a etaa ba wo oman biara mu no adi, wo abusuakuw biara mu, wo GDP mu, wo won a wode di dwuma ho dwuma ho, ne nea ekeka ho. Wobetumi nso apaw nsenkyerene wo map no so de akyere aman biara so.
  • Mpotam nkrataa - oman biara so nkrataa a wokyekye wo amantam ne amantam mu.
  • Mfatoho nkrataa - Mfatoho nkrataa aman mmienu ntam.
  • Bere a wohyehyee no - kratafa a ekyere abodin ne agyirahyede nkyerekyeremu wo mmere mu. Hye no nso se, ema kwan ma wotumi hyehye nsem no wo akwan ahodoo so (enye oman biara so nko).
  • Susuw ho - Ode nsem a emu ye kese a wode beto dwa wo nkrataa a wode beto dwa no mu, a wode won a wode won adi dwuma bere bi mu ka ho. Ema kwan ma wode data di dwuma wo te se apon, Nkyekyem nkataho, Bubble ho mfoni ne nea ekeka ho.

IoT afidie ho nkontaabuo (nhyehyee a wode di dwuma ho akontaabu)

Saa adansedie yi ne nneema a efa ho a yehwe no da biara da no ma yehu nneema a wode di dwuma a won a woton nneema a wode di dwuma no ne won nneema a yehu wo yen nhwehwemu mu no ahyehye no. Woakyekye nsem no mu akuwakuw wo nea oton no, ne model ne afiri no. Saa nneema yi wo akwan pii so, a ebi ne websaet no mu nsem, SSL/TLS nkrataa, agyiraehyede a woda no adi, ne nea ekeka ho. Adansedie no fa nnipa dodow ho nko ara, ene se (wompe se wohwe se biribi wo ho a ebetumi asee nneema bi a ewo saa adansedie no mu http_vulnerable ase “Amansan nkontaabuo” mmom).

Senea nsem nkataho mfoni te se wo mu “Amansan nkontaabuo” nkyerekyeremu a yede di dwuma ene nsem a yede di dwuma abodin ne nkrataa wobetumi ahwe (na woahyehye) adwumayefo, nhwesodee ne afidie ahodoo mmom.

Atiridii ho nkontaabu: Ahoohyee

Saa Adansedie yi ne nneema a efa ho a wohwe no da biara da no ma yen ani so hu nsisi a yen honeypot sensor network no hu, a etwe adwene si ahobammo a wode di dwuma no so. Saa nneema yi bi ne tumi a wode behwe nneema a wotaa to hye so na woahwehwe okwan a wofa so to hye so (senea. faako a woto hye so, a ebetumi aka CVE potee a woto hye so). Wubetumi nso ahwe nkratafa a ekyere baabi a atoyerenkyem no fi ne baabi a eko.

Senea nsem nkataho mfoni te se wo mu “Amansan nkontaabuo” nkyerekyeremu a yede di dwuma ene nsem a yede di dwuma abodin ne nkrataa wobetumi ahwe (na woahyehye) Otonfoo, Yaree mu yaree ene se abodin ne beaee a woreko ne nnipa a wotow hye won so.

Woasan de ani a ehwe nneema so aka ho bio - Sendee a wohwe so:

Eyi ye da biara da ofa a wotaa de ye adwuma a wohyehye mu wo kasa ahodoo mu a wohyehye mu wo kasa ahodoo mu a wohwe mu se wosore (anaa wosore a wohwe mu se wosore, se woayi nkitahodi ho mmodenbo ho akontaabu mu a). Nsem no fi yen honeypot sensor network no mu. Woakyekye nsem mu akuwakuw wo ahohiahia a woadi ho dwuma no so. CISA a wonim no Exploited Vulnerability mappings nso wo mu (a ene se ebia ransomware kuo bi adi dwuma) ene se ebia otaa no fa IoT afidie bi ho mmom sen se ebefa dwumadie bi so.

Default so no, kyerewsem no kyere nsunsuansoo a wotaa de ye adwuma wo wiase nyinaa, nanso wobetumi nso afa oman potee bi anaa akuw bi so ahwehwe mu anaa woayi anomaly table adi mmom.

Atiridii ho nkontaabu: Nhyehyeee

Saa adansedie yi ne nneema a wode di dwuma no ma yenya nneema a yede tow hye won so a yen honeypot sensor network no hu no ho mfonini da biara da. Wode saa mfiri yi nsensanee so na eye nsensanee da biara da. Adansedie no ma kwan ma wotumi di Otoo no su, afidie no yefoo anaa nhwesoo potee bi akyi, na wotumi ye filter wo oman biara mu.

Mfonini ahorow a ete se nea ewo “Amansan nkontaabuo” wo ho, nsonsonoe a ewo mu ne se, se anka wode abodin and nkrataa wobetumi ahwe (na woahyehye) atoyerenkyem dwumadibea, afidie otonni anaa nhwesoo mmom.

Woasan de ani a ehwe nneema so aka ho bio - Sendee a wohwe so:

Eyi ye da biara da ofa a wohwe so se wotow hye afidie a wotaa hu no so a won a wohwe so se wotow hye won so (anaa atopae a woso hwee, se wo paw ntweasee a woso hwee no ho akontaabu kwan). Senea yehu wo nkrataa nyinaa a yede adi dwuma wo saa fekuw yi mu no, yehwe no fii yen honeypot sensor network no mu. Woakyekye no akuw wo otaa su a wohui, otonfoo ne nhwesoo (se ebi wo ho a). Yede IP a yeahu no ne nsunsuanso a yede senea yen afidie a yesee no da biara nsa ano nsunsuanso (hwe “IoT afidie ho nkontaabu” nkyekyemu) di dwuma de hu afidie a ᴐwᴐ so no.

Dee etaa si ne se, kyerewdua no kyere mfiri a wotaa bo ho dawuro no (senea won a wofiri mu ba no) a yehunu se wobo ho dawuro no (eha nsem a yerentumi nhu afiri bi anaa, se nhweso no, yehunu otonfoo bi nko ara). Wobetumi apaw se wobeyi nsem no agu oman potee bi anaa kuw potee bi so, anaa wobeyi ofa a enye ade a etee adi.

Shadowserver Dwumadibea no nya mmoa fii UK FCDO. IoT afidie nsensanee ho nkontaabuo ne asukotweaa ho atoyerenkyem ho akontaabu ofa a wotua ho ka Europe afidie a edi mu ka European Union ho (EU CEF VARIoT dwumadie).

Yebepe se yeda yen ayonkofoo nyinaa a woboa ma wode data di dwuma wo Shadowserver Dwumadie panee mu no ase, a nea eka ho ne (senea alfabet mu) APNIC Community Feeds, Bitsight, CISPA, if-is.net, Kryptos Logic, SecurityScorecard, Yokohama Oman Sukuupon ne won a wompe se wobo won din no nyinaa.

Shadowserver de nkuku di dwuma de boaboa nsem ano. Eyi ma yetumi susuw senea wode websaet no di dwuma, na yeboa ma won a wode di dwuma no ani gye. Se wope cookie ho nsem pii ne senea Shadowserver de di dwuma a, hwe yen ahobanbo ho mmara. Yehia wo kwan se yede cookies di dwuma wo okwan yi so wo wo afidie no so.