Zuwa yanzu ban tsammanin na taba ɗayan waƙoƙin da na fi so ba, tsaro kwamfuta, kuma na yi imanin cewa wannan zai zama batun da zan gaya muku game da yau hope Ina fatan cewa bayan wannan ɗan gajeren labarin za ku iya samun kyakkyawar fahimtar abin da zai iya taimaka muku don samun kyakkyawan iko game da haɗarinku da kuma yadda don rage yawanci a lokaci guda.
Risks ko'ina
Babu makawa, a cikin wannan shekara kawai, mun riga mun sami raunin sama da 15000 da aka gano da kuma sanya su ta wata hanya jama'a. Ta yaya zan sani? Saboda wani ɓangare na aikina shi ne bincika CVEs a cikin shirye-shiryen da muke amfani da su a cikin Gentoo don ganin idan muna gudanar da software mai rauni, ta wannan hanyar zamu iya sabunta shi kuma mu tabbatar da cewa duk wanda ke cikin rarrabawar yana da kayan aiki masu aminci.
CVE
Ulwaƙwalwar gama gari da Bayyananniyar Don karancin sa a Turanci, su ne ainihin abubuwan ganowa waɗanda aka sanya wa kowane yanayin rauni. Zan iya cewa da farin ciki da yawa cewa Gentwararrun oowararrun Al'umma da yawa suna tallafawa nagartar ɗan adam, yin bincike da buga sakamakon bincikensu don a gyara su kuma a daidaita su. Daya daga cikin shari'o'in karshe da naji dadin karantawa shine Zaɓuɓɓuka wani rauni wanda ya shafi sabobin Apache a duk duniya. Me yasa nace ina alfahari da wannan? Saboda suna yiwa duniya kyau, ɓoye ɓarnatar da sirrin asirin kawai tana amfanar aan kaɗan, kuma sakamakon wannan na iya zama bala'i dangane da makasudin.
CNA
CNAs ƙungiyoyi ne waɗanda ke kula da nema da / ko sanya CVEs, alal misali, muna da CNA na Microsoft, mai kula da haɗar raunin su, warware su da sanya musu a CVE don rajista daga baya akan lokaci.
Nau'in matakan
Bari mu fara da bayyana cewa babu wani kayan aiki wanda zai iya zama mai aminci 100%, kuma azaman magana ce gama gari wacce aka saba cewa:
Kwamfuta mai amintaccen 100% ita ce wacce take kulle a cikin taska, an cire ta daga intanet kuma an kashe ta.
Saboda gaskiya ne, haɗarin zai kasance koyaushe, sananne ko ba a sani ba, lokaci ne kawai don haka yayin fuskantar haɗari zamu iya yin waɗannan abubuwa:
Rage shi
Rage haɗari ba komai bane face rage shi (NO soke shi). Wannan abu ne mai mahimmanci kuma mai mahimmanci duka a fagen kasuwanci da na sirri, mutum baya son a “yi masa fyade”, amma faɗi gaskiya mafi raunin magana a cikin sarkar ba kayan aiki bane, ba kuma shirin bane, har ma da aikin , shi ne mutum.
Dukanmu muna da ɗabi'ar zargi wasu, mutane ne ko abubuwa, amma a cikin tsaro na kwamfuta, alhakin shine kuma zai kasance na ɗan adam ne, ƙila ba ku kai tsaye ba, amma idan ba ku bi madaidaiciyar hanya ba, za ku zama wani ɓangare na matsalar. Daga baya zan baku wata 'yar dabarar da zata zauna dan ta sami tsaro 😉
Canja wurin shi
Wannan sanannen ƙa'ida ne, dole ne muyi tunanin sa a matsayin Banco. Lokacin da kake buƙatar kula da kuɗin ka (Ina nufin a zahiri), abu mafi aminci shi ne barin shi tare da wani wanda ke da ikon kare shi da kyau fiye da ku. Ba kwa buƙatar samun taskar ku (duk da cewa zai fi kyau) don iya kula da abubuwa, kawai kuna buƙatar samun wani (wanda kuka amince da shi) don kiyaye wani abu da ya fi ku.
Yarda da shi
Amma lokacin da na farko da na biyu basu yi aiki ba, to anan shine ainihin mahimmancin tambaya ta shigo. Nawa ne darajar wannan albarkatun / bayanan / sauransu? Idan amsar tana da yawa, to yakamata kayi tunani game da biyun farko. Amma idan amsar itace ba sosaiWataƙila kawai ku yarda da haɗarin
Dole ne ku fuskance shi, ba duk abin da za'a iya cirewa ba ne, kuma wasu abubuwa masu sauki zasu iya biyan kuɗi da yawa ta yadda zai zama da wuya a yi amfani da ainihin mafita ba tare da canzawa da saka kuɗi da yawa ba. Amma idan zaku iya tantance abin da kuke kokarin karewa, kuma bai sami matsayinsa a mataki na farko ko na biyu ba, to kawai a ɗauke shi a mataki na uku ta hanya mafi kyau, kar a ba shi ƙima fiye da yadda yake da shi, kuma kar a hada shi da abubuwan da suke da daraja.
Don ci gaba da zamani
Wannan gaskiya ce wacce ta tsere wa ɗaruruwan mutane da kasuwanci. Tsaron kwamfuta ba batun bin ƙa'idodin binciken ku sau 3 a shekara ba da tsammanin babu abin da zai faru a cikin sauran kwanakin 350. Kuma wannan gaskiya ne ga yawancin masu gudanar da tsarin. A ƙarshe na sami damar tabbatar da kaina kamar Farashin LFCS (Na bar muku ku nemo inda nayi shi 🙂) kuma wannan mahimmin lokaci ne yayin karatun. Adana kayan aikin ku da shirye-shiryen ku na yau da kullun yana da mahimmanci, muhimmanci, don kauce wa mafi yawan haɗari. Tabbas da yawa a nan zasu gaya mani, amma shirin da muke amfani da shi baya aiki a fasali na gaba ko wani abu makamancin haka, saboda gaskiyar ita ce cewa shirinku bam ne na lokaci idan ba ya aiki a cikin sabuwar sigar. Kuma wannan ya kawo mu ga sashin da ya gabata, Shin za ku iya rage shi?, Za ku iya canza shi?, Shin za ku iya karɓa? ...
Gaskiyar magana, don kawai a tuna, a kididdiga kashi 75% na hare-haren tsaron kwamfuta sun samo asali ne daga ciki. Wannan na iya zama saboda kuna da marasa amfani ko masu amfani a cikin kamfanin. Ko kuma cewa tsarin tsaro nasu bai sanya wahala a gwanin kwamfuta kutsa kai cikin gidajen ka ko hanyoyin sadarwar ka. Kuma kusan fiye da 90% na hare-haren ana haifar da su ne da tsufa software, babu saboda rauni na rana sifili.
Yi tunani kamar inji, ba kamar ɗan adam ba
Wannan zai zama karamar shawara da zan bar muku daga nan:
Yi tunani kamar inji
Ga wadanda ba su fahimta ba, yanzu na ba ku misali.
Na gabatar muku Yahaya. Daga cikin masoyan tsaro yana daya daga cikin mafi kyawun wuraren farawa idan ka fara a duniyar ethicla shiga ba tare da izini ba. John yana samun kyakkyawan mu'amala tare da abokinmu crunch. Kuma asali yana riƙe jerin da aka miƙa masa kuma ya fara gwada abubuwan haɗuwa har sai ya sami maɓallin da zai warware kalmar sirri da yake nema.
Mawuyacin janareta ne na haduwa. wannan yana nufin cewa zaku iya gaya wa crunch cewa kuna son kalmar sirri wacce haruffa 6 ne tsayi, mai ɗauke da manyan haruffa manya da andarami kuma crunch zai fara gwajin ɗaya bayan ɗaya ... wani abu kamar:
aaaaaa,aaaaab,aaaaac,aaaaad,....
Kuma kuna mamakin tsawon lokacin da za a ɗauka cikin jerin duka tabbas ... ba ya ɗauki fiye da fewan kaɗan mintuna. Ga wadanda aka bari da bakinsu a bude, bari in yi bayani. Kamar yadda muka tattauna a baya, mafi rauni mahada a sarkar shine mutum, da kuma hanyar tunanin sa. Ga kwamfuta ba abu ne mai wahala a gwada haduwa ba, tana yawan maimaitata, kuma tsawon shekaru masu sarrafawa sun zama masu karfi ta yadda ba za a dauki sama da dakika daya ba a yi yunkurin dubu, ko ma fiye da haka ba.
Amma yanzu abu mai kyau, misalin da ya gabata yana tare da tunanin mutum, yanzu zamu tafi dashi tunanin inji:
Idan muka gaya ma crunch don fara samar da kalmar sirri da kawai 8 lambobi, a ƙarƙashin buƙatun da suka gabata, mun wuce daga mintoci zuwa awowi. Kuma tsammani me zai faru idan muka gaya muku kuyi amfani da fiye da 10, sun zama kwana. Fiye da 12 mun riga mun shiga watanniBaya ga gaskiyar cewa jeren zai kasance na rabbai waɗanda ba za a iya adana su a kan kwamfuta ta yau da kullun ba. Idan muka kai 20 zamuyi magana game da abubuwan da kwamfyuta ba zata iya ganowa ba a cikin ɗaruruwan shekaru (tare da masu sarrafa su a halin yanzu). Wannan yana da bayanin ilmin lissafi, amma saboda dalilai na sarari ba zan bayyana shi anan ba, amma ga mafi yawan sha'awar abin yana da alaƙa da ambaliya, las mai hadewa da kuma haduwa. Don zama mafi daidai, tare da gaskiyar cewa ga kowane harafi da muka ƙara zuwa tsawon muna da kusan 50 dama, don haka zamu sami wani abu kamar:
20^50 yiwuwar haɗuwa don kalmar sirri ta ƙarshe. Shigar da wannan lambar a cikin kalkuleta don ganin iyawa da yawa tare da maɓallin mabuɗan alamun 20.
Ta yaya zan iya yin tunani kamar inji?
Ba abu ne mai sauki ba, fiye da mutum daya zai gaya mani in yi tunanin kalmar sirri na haruffa 20 a jere, musamman tare da tsohon tunanin cewa kalmomin shiga sune kalmomi mabuɗi Amma bari mu ga misali:
dXfwHd
Wannan yana da wahala dan adam ya iya tunawa, amma yana da matukar sauki ga inji.
caballoconpatasdehormiga
Wannan a wani bangaren yana da matukar sauki dan adam ya tuna (koda mai ban dariya ne) amma yana da wuta crunch. Kuma yanzu fiye da ɗaya zasu gaya mani, amma shin ba shawara bane a canza maɓallan a jere? Haka ne, ana bada shawara, don haka yanzu zamu iya kashe tsuntsaye biyu da dutse daya. A ce wannan watan na karantawa Don Quixote de la Mancha, juz'i na I. A cikin kalmar sirri zan sanya wani abu kamar:
ElQuijoteDeLaMancha1
Alamu 20, wani abu mai wahalar ganowa ba tare da sanina ba, kuma mafi kyawun abu shine idan na gama littafin (a zatonsu koyaushe suna karantawa they) zasu san cewa dole ne su canza kalmar shigarsu, harma da canzawa zuwa:
ElQuijoteDeLaMancha2
Ya riga ya ci gaba 🙂 kuma tabbas hakan zai taimaka muku kiyaye lambobin sirrinku kuma a lokaci guda ku tunatar da ku gama littafinku.
Abin da na rubuta ya isa, kuma duk da cewa ina son in sami damar yin magana game da ƙarin lamuran tsaro da yawa, za mu bar shi zuwa wani lokaci 🙂 Gaisuwa
Abin sha'awa sosai !!
Ina fatan za ku iya loda koyarwar kan hardening a kan Linux, zai zama abin ban mamaki.
Na gode!
Barka dai 🙂 da kyau, kuna iya bani lokaci, amma kuma nima na raba kayan aikin da na sami sha'awa extremely
https://wiki.gentoo.org/wiki/Security_Handbook
Wannan ba a fassara shi zuwa yaren Mutanen Espanya 🙁 amma idan aka ƙarfafa wani don ya ba da hannu da wannan kuma ya taimaka zai zama mai kyau 🙂
gaisuwa
Abin sha'awa ne matuka, amma daga ganina hare-haren wuce gona da iri sun zama tsofaffi, kuma ƙarni na kalmomin shiga kamar "ElQuijoteDeLaMancha1" ba ze zama mai yuwuwa ba, wannan saboda saboda tare da ɗan aikin injiniya na zamantakewa yana yiwuwa a sami kalmomin shiga na wannan nau'in, kawai yana da girma tare da bincika mutum kuma ita da kanta za ta bayyana mana, ko dai a cikin hanyoyin sadarwarta, ga ƙawayenta ko kuma a wajen aiki, ɓangare ne na halin ɗan adam.
A nawa ra’ayi, mafificin mafita ita ce a yi amfani da kalmar sirri, domin ya fi aminci a yi amfani da lambar lambobi 100 fiye da lamba 20, bugu da kari, akwai fa’idar tunda tunda kalmar sirri ce kawai aka sani, ba zai yiwu a bayyana ba ko ta yamma kalmomin shiga da aka kirkira saboda ba a san su ba.
Wannan shine mai sarrafa kalmar sirri na, tushen budewa ne kuma ta hanyar kwaikwayon maballin, ba shi da kariya ga maballin shiga.
https://www.themooltipass.com
Da kyau, banyi kamar na bayar da cikakkiyar mafita ba (tuna cewa babu wani abu da za'a iya hana shi 100%) a cikin kalmomi 1500 kawai 🙂 (Bana son rubuta sama da hakan sai dai in ya zama dole) amma kamar yadda kuka faɗi hakan 100 yafi 20, da kyau 20 tabbas yafi 8 🙂 kuma da kyau, kamar yadda muka fada a farko, mafi raunin mahada shine namiji, don haka shine koyaushe hankali zai kasance. Na san "injiniyoyin zamantakewar al'umma" da yawa waɗanda ba su da masaniya game da fasaha, amma sun isa su yi aikin tuntuɓar lafiya. Mafi wahalarwa shine gano masu fashin gaskiya waɗanda suka sami kuskuren shirye-shirye (sanannen baƙon-rana).
Idan muna maganar mafita "mafi kyau" tuni mun riga mun shiga batun ga mutane masu ƙwarewa a fagen, kuma ina raba tare da kowane nau'in mai amfani 🙂 amma idan kuna so zamu iya magana game da hanyoyin "mafi kyau" a wani lokaci. Kuma godiya ga hanyar haɗin yanar gizon, tabbatar da fa'ida da rashin fa'ida, amma hakan ba zai yi wa mai sarrafa kalmar sirri yawa ba, za ku yi mamakin sauƙi da sha'awar da suke kai musu hari, bayan duk ... nasara guda ɗaya tana nuna maɓallan da yawa saukar.
gaisuwa
Labari mai ban sha'awa, ChrisADR. A matsayinka na mai gudanar da tsarin Linux, wannan abin tunatarwa ne mai kyau kada ka afka cikin rashin ba shi muhimmiyar mahimmancin da ake buƙata a yau don kiyaye lambobin sirri har zuwa yau kuma tare da tsaron da ake buƙata a yau. Ko da wannan labarin ne wanda zai taimaka wa talakawa sosai waɗanda suke tunanin cewa kalmar sirri ba ita ce sababin kashi 90% na ciwon kai ba. Ina so in ga ƙarin labarai game da tsaro na kwamfuta da kuma yadda za a kula da tsaro mafi girma tsakanin ƙaunataccen tsarin aikin mu. Na yi imanin cewa koyaushe akwai abin da za a koya fiye da ilimin da mutum ke samu ta hanyar kwasa-kwasai da horo.
Bayan wannan kuma koyaushe nakan nemi wannan rukunin yanar gizon don sanin wani sabon shiri na Gnu Linux don sa hannuna a kai.
Na gode!
Shin zaku iya yin bayani dalla-dalla dalla-dalla, tare da lambobi da yawa, me yasa "DonQuijoteDeLaMancha1" ("DonQuijote de La Mancha" ba ya wanzu; p) ya fi aminci fiye da "• M¡ ¢ 0nt®a $ 3Ñ @ •"?
Ban san komai game da lissafin lissafi ba, amma har yanzu ba ni gamsuwa da ra'ayin da ake yawan maimaitawa cewa dogon kalmar sirri tare da saitin halayyar da ta fi sauki fiye da wanda ya fi guntu tare da mafi girman halayyar halayya. Shin yawan haɗuwa da gaske ya fi girma ta amfani da haruffan Latin da lambobi fiye da amfani da duk UTF-8?
Na gode.
Barka dai Dani, bari mu shiga cikin sassa don bayyanawa… shin kun taɓa samun ɗayan waɗannan akwatunan akwatinan masu tarin lambobi a matsayin makulli? Bari mu ga shari'ar da ke gaba ... idan har sun kai tara muna da wani abu kamar:
| 10 | | 10 | | 10 |
Kowane ɗayan yana da damar yin magana, don haka idan kuna son sanin adadin abubuwan haɗuwa, kawai kuna yin sauƙin sauƙaƙe, 10³ ya zama daidai ko 1000.
Tebur na ASCII ya ƙunshi haruffa 255 masu mahimmanci, wanda yawanci muke amfani da lambobi, ƙaramin ƙarami, babba da wasu alamun rubutu. A ce yanzu za mu sami kalmar sirri lamba 6 tare da kusan zaɓuɓɓuka 70 (babban, ƙaramin ƙarami, lambobi da wasu alamu)
| 70 | | 70 | | 70 | | 70 | | 70 | | 70 |
Kamar yadda zaku iya tunanin, wannan babban adadi ne, 117 ya zama daidai. Kuma waɗannan sune dukkanin haɗuwa waɗanda suka kasance don sararin maɓallin lamba 649. Yanzu zamu rage yawan damarmu da yawa, bari mu ci gaba da cewa zamuyi amfani da 000 ne kawai (ƙananan haruffa, lambobi da alamar lokaci-lokaci wataƙila) amma tare da kalmar wucewa mafi tsayi, bari mu ce wataƙila lambobi 000 (Wannan misali yana da kamar 6).
| 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 | | 45 |
Adadin damar ya zama 1 159 445 329 576 199 417 209 625 244 140 625 0… Ban san yadda ake kirga wannan lambar ba, amma a gare ni ya fi tsayi :), amma za mu rage shi sosai , kawai zamuyi amfani da lambobi 9 zuwa XNUMX, kuma bari muga me zai faru da yawa
| 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 | | 10 |
Da wannan saukakakkiyar doka zaka iya zuwa da hadadden haduwa 100 :). Wannan saboda kowane lambar da aka ƙara zuwa lissafin yana ƙaruwa da damar da yawa ta hanyar ɓarna, yayin daɗa yiwuwar a cikin akwati ɗaya yana ƙaruwa shi da layi.
Amma yanzu mun tafi ga abin da "mafi kyau" a gare mu mutane.
Yaya tsawon lokacin da za ku ɗauka don rubuta "• M¡ ¢ 0nt®a $ 3Ñ @ •" a cikin lamuran aiki? Bari mu ɗauka a karo na biyu cewa dole ne ku rubutashi a kowace rana, saboda ba kwa son adana shi zuwa kwamfutar. Wannan ya zama aiki mai wahala idan kuna yin ƙuntatawa ta hannu ta hanyoyi daban-daban. Mafi sauri (a ra'ayina) shine rubuta kalmomin da zaku iya rubutawa ta ɗabi'a, tunda wani mahimmin mahimmanci shine canza maɓallan akai-akai.
Kuma ƙarshe amma ba mafi ƙaranci ba ... Ya dogara sosai da yanayin mutumin da ya haɓaka tsarinku, aikace-aikacenku, shirye-shiryenku, da ikon nutsuwa yayi amfani da DUK halayen UTF-8, a wasu lokuta ma yana iya hana amfani. na Yana counidaya saboda aikace-aikacen "ya canza" wasu kalmarka ta sirri kuma ya mayar dashi mara amfani ... Don haka watakila zai fi kyau a kunna shi lafiya tare da haruffan da koyaushe kuke san akwai.
Da fatan wannan zai taimaka tare da shakku 🙂 Gaisuwa