LFCA: Tukwici na Tsaron Tsaro don Kare Tsarin Linux - Sashe na 17


Yanzu fiye da kowane lokaci, muna rayuwa ne a cikin duniyar da ƙungiyoyi ke ta fama da rikice-rikicen tsaro koyaushe ta hanyar karɓar bayanan sirri masu ƙima da sirri waɗanda suke da matukar mahimmanci kuma suke haifar da lada mai tsoka.

Abin birgewa shi ne cewa duk da kasancewa cikin babban haɗarin wahala daga mummunar tasirin yanar gizo, yawancin kamfanoni ba su da shiri sosai ko kuma kawai kau da kai game da tutar ja, sau da yawa tare da mummunan sakamako.

A cikin 2016, Equifax ya gamu da mummunar lalacewar bayanai inda aka saci miliyoyin bayanan abokan ciniki masu sirri bayan jerin lamuran tsaro. Cikakken rahoto ya nuna cewa an hana rigakafin ne idan har jami'an tsaro a Equifax suka aiwatar da matakan tsaron da suka dace.

A zahiri, 'yan watanni kafin keta haddin, an gargadi Equifax game da yiwuwar rauni a cikin gidan yanar gizon su wanda zai kawo cikas ga tsaron su, amma abin bakin ciki, ba a saurari gargaɗin ba tare da mummunan sakamako. Yawancin manyan kamfanoni da yawa sun fada cikin hare-hare, wanda ke ci gaba da haɓaka cikin mawuyacin hali kowane lokaci.

Ba za mu iya ƙarfafa isasshen yadda muhimmancin tsaron tsarin Linux yake ba. Wataƙila ba ku kasance babban ma'aikatar harkokin kuɗi ba wanda ke da maƙasudin cin zarafi amma hakan ba yana nufin ya kamata ku bar tsare kanku ba.

Tsaro ya kasance a saman zuciyar ka yayin saita sabar Linux ɗinka musamman idan za a haɗa ta da intanet kuma a sami dama ta nesa. Samun ƙwarewar tsaro na asali yana da mahimmanci a kiyaye sabar uwar garken Linux.

A cikin wannan jagorar, muna mai da hankali kan wasu matakan tsaro na asali waɗanda zaku iya ɗauka don kare tsarinku daga masu kutse.

Yanayin Haɓakar Cyber

Masu kutse za su yi amfani da dabarun kai hari iri-iri don samun damar sabarku ta Linux. Kafin mu tsunduma cikin wasu matakan da zaku iya ɗauka don kiyaye tsarin ku, bari muyi amfani da waɗansu daga cikin magungunan haɗarin da maharan zai iya amfani dasu don kutsa kai cikin tsarin.

Harin ƙarfi-ƙarfi hari ne inda ɗan fashin gwanin kwamfuta ke amfani da gwaji da kuskure don ƙididdigar takardun shaidar mai amfani. Yawancin lokaci, mai kutse zaiyi amfani da rubutun atomatik don ci gaba da samun damar shiga har sai an sami haɗin haɗin sunan mai amfani da kalmar wucewa daidai. Irin wannan harin ya fi tasiri inda ake amfani da kalmomin sirri masu rauni da sauƙi.

Kamar yadda aka yi ishara da shi a baya, takaddun shaida masu rauni irin su gajerun kalmomin sirri masu sauki da sauƙi kamar su password1234 suna haifar da haɗari ga tsarinku. Mafi gajarta da ƙaramar hadaddiyar kalmar sirri ita ce, mafi girman damar da tsarinka zai samu matsala.

Fashin kai wata fasahar injiniya ce ta zamantakewar al'umma inda maharin ya aika wa wanda aka azabtar da imel ɗin da ya fito daga wata ƙungiya ta halal ko wani wanda ka sani ko kasuwanci da shi.

Yawancin lokaci, imel ɗin yana ƙunshe da umarnin da ke sa wanda aka azabtar ya faɗi m bayanai ko kuma yana iya ƙunsar hanyar haɗin yanar gizon da ke jagorantar su zuwa shafin karya wanda ya zama shafin kamfanin. Da zarar wanda aka azabtar ya yi yunkurin shiga, maharin ya kama takardun shaidarsa.

Malware takaice don mummunan software. Ya ƙunshi manyan nau'ikan aikace-aikace masu banƙyama kamar ƙwayoyin cuta, trojans, tsutsotsi, da kuma kayan fansho waɗanda aka tsara don yaɗuwa cikin sauri da kuma riƙe tsarin wanda aka azabtar ya yi garkuwa da shi don fansa.

Irin waɗannan hare-hare na iya zama masu rauni kuma suna iya gurgunta kasuwancin ƙungiyar. Wasu malware ana iya allurar su cikin takardu kamar su hotuna, bidiyo, kalma, ko takaddun PowerPoint kuma a saka su cikin imel mai leƙan asirri.

Harin DoS hari ne da ke iyakance ko tasirin tasirin sabar ko tsarin kwamfuta. Dan gwanin kwamfuta ya ambaliyar uwar garken tare da zirga-zirga ko fakitin ping wanda zai baiwa uwar garken damar isa ga sabar tsawon lokaci.

Harin DDoS (Rarraba Ba da Sabis) wani nau'i ne na DoS wanda ke amfani da tsarin da yawa waɗanda ke ambaliya wata manufa tare da zirga-zirgar da aka ba ta.

Har ila yau, gajerun kalmomi don Tsarin Harshen Tambaya, SQL yare ne da ake amfani dashi don sadarwa tare da bayanai. Yana bawa masu amfani damar ƙirƙirar, sharewa da sabunta bayanai a cikin rumbun adana bayanan. Yawancin sabobin suna adana bayanai a cikin ɗakunan bayanai waɗanda suke amfani da SQL don yin hulɗa tare da bayanan.

Wani harin allurar SQL yana amfani da sananniyar yanayin SQL wanda ke sa sabar ta bayyana bayanan bayanan sirri wanda in ba haka ba ba zai yi amfani da allurar ƙirar SQL ba. Wannan yana da babban haɗari idan rumbun adana bayanan yana adana bayanan da za a iya gano su kamar lambobin katin kiredit, lambobin tsaro na zamantakewa, da kalmomin shiga.

Abun da aka fi sani da MITM, harin na cikin-tsakiya ya haɗa da wani maƙiyi da ke karɓar bayanai tsakanin maki biyu da nufin sauraro ko gyaggyara zirga-zirga tsakanin ɓangarorin biyu. Manufar ita ce yin leken asiri ga wanda aka azabtar, lalata bayanan ko satar bayanan sirri.

Basic Tips don kullawa your Linux Server

Bayan mun duba hanyoyin da mai kawo hari zai iya amfani dasu wajen keta tsarin ka, bari mu wuce wasu daga cikin muhimman hanyoyin da zaka iya kiyaye tsarin ka.

Ba a ba da tunani mai yawa ga yanayin jiki da amincin sabar ku ba, duk da haka, Idan zaku sami sabarku a cikin yanayin yanayin wannan yawanci inda zaku fara.

Yana da mahimmanci don tabbatar da cewa an amintar da sabar ku a cikin cibiyar bayanai tare da ikon ajiya, haɗin yanar gizo mara aiki, da wadataccen sanyaya. Samun dama ga cibiyar bayanai ya kamata a iyakance ga ma'aikatan izini kawai.

Da zarar an saita sabar, matakin farko da za a ɗauka shine sabunta wuraren ajiya da kayan aikin software kamar haka. Theaukaka kunshin yana facin kowane rami da zai gabatar a cikin sifofin aikace-aikacen da ake dasu.

Don rarraba Ubuntu/Debian:

$ sudo apt update -y
$ sudo apt upgrade -y

Don RHEL/CentOS rarrabawa:

$ sudo yum upgrade -y

Tacewar zaɓi aikace-aikace ne wanda yake tace zirga-zirga mai shigowa da mai fita. Kuna buƙatar girka katangar mai ƙarfi kamar ta UwW ta bango kuma a ba ta damar ba da izinin ayyukan da ake buƙata da tashoshin su kawai.

Misali, zaka iya girka shi akan Ubuntu ta amfani da umarnin:

$ sudo apt install ufw

Da zarar an shigar, kunna shi kamar haka:

$ sudo ufw enable

Don ba da izinin sabis kamar HTTPS, gudanar da umurnin;

$ sudo ufw allow https

A madadin, zaku iya ba da izinin tashar ta daidai wanda shine 443.

$ sudo ufw allow 443/tcp

Sannan sake loda wa canje-canje don aiwatarwa.

$ sudo ufw reload

Don bincika matsayin Firewall ɗinku gami da sabis ɗin da aka yarda da su da buɗe tashoshin jiragen ruwa, gudu

$ sudo ufw status

Allyari, yi la'akari da kashe duk wani sabis da ba a amfani da shi ko kuma tashar da ke tashar wuta. Samun tashoshin jiragen ruwa da yawa waɗanda ba a amfani da su kawai ke ƙara faɗin harin.

Tsoffin saitunan SSH ba amintattu bane, sabili da haka ana buƙatar wasu gyare-gyare. Tabbatar tabbatar da saitunan masu zuwa:

  • Kashe tushen mai amfani daga shiga nesa.
  • Enable kalmar wucewa ta SSH mara kalmar sirri ta amfani da maɓallan jama'a/masu zaman kansu na SSH.

Don ma'anar farko, shirya fayil ɗin/sauransu/ssh/sshd_config kuma gyara waɗannan sigogi don bayyana kamar yadda aka nuna.

PermitRootLogin no

Da zarar kun dakatar da mai amfani daga shiga nesa, ƙirƙirar mai amfani na yau da kullun kuma sanya gatan sudo. Misali.

$ sudo adduser user 
$ sudo usermod -aG sudo user 

Don ba da damar tabbatar da kalmar sirri, fara zuwa wani Linux PC - zai fi dacewa kwamfutarka kuma samar da maɓallan maɓallin SSH.

$ ssh-keygen

Sannan kwafa mabuɗin jama'a zuwa sabarku

$ ssh-copy-id [email 

Da zarar ka shiga, ka tabbata ka kashe ingancin kalmar wucewa ta hanyar gyara fayil ɗin/etc/ssh/sshd_config da kuma gyara sigar da aka nuna.

PasswordAuthentication no

Kiyaye kar a rasa maɓallin keɓaɓɓe na ssh saboda wannan ita ce hanya kaɗai da zaku iya amfani da ita don shiga. Ajiye shi kuma zai fi dacewa a ajiye shi a cikin gajimare.

A ƙarshe, sake kunna SSH don aiwatar da canje-canje

$ sudo systemctl restart sshd

A cikin duniyar da ke barazanar barazanar yanar gizo, tsaro ya zama babban fifiko yayin da kuka hau kan kafa sabar Linux ɗinku. A cikin wannan jagorar, mun haskaka wasu daga cikin matakan tsaro na yau da kullun da zaku iya ɗauka don ƙarfafa sabarku. A cikin batun na gaba, zamu zurfafa kuma duba ƙarin matakan da zaku iya ɗauka don taurara sabarku.