Izinsongo ze-GNU / Linux nobungozi: Yazi Isitha Sakho!

Izinsongo ze-GNU / Linux nobungozi: Yazi Isitha Sakho!

Kukhona isicaphuni esivela ku- Sun tzu (General, usomaqhinga wezempi kanye nefilosofi yaseChina yasendulokuthiwani: "Uma usazi isitha futhi uzazi ngokwakho, akufanele wesabe umphumela wamakhulu ezimpi. Uma uzazi wena, kodwa hhayi isitha, kukho konke ukunqoba okunqobayo nawe uzohlulwa. Uma ungasazi isitha noma isiqu sakho, uzonqotshwa kuzo zonke izimpi. "

Kule nkulumo singaphetha ngokuthi ulwazi lobuthakathaka bethu nobuthakathaka bezitha zethu, buzosiholela ngokuphepha kuJehova ukunqoba noma ukwehlulwa. Futhi uchaze lokhu kufayela le- IT, I-GNU / Linux, ezamanje amaqembu obugebengu futhi i ukuhlaselwa kwamakhompyutha, kucace ngokwengeziwe kithi, ukuthi kufanele sazi ngokuningiliziwe kokubili Izinhlelo ezisebenza mahhala futhi ezivulekile njengokukhubazeka okungasetshenziswa yizinkampani zangaphandle, ukuze nciphisa izingozi lokuhlaselwa okunjalo.

Ukuhlaselwa kwe-APT: Izinsongo Zokuqhubeka Ezithuthukile Zingayithinta I-Linux?

Futhi njengoba sisanda kwenza ukungena okuhlobene nesihloko esifanayo ne- Ukuphepha Kwe-IT futhi i Ukuphepha kwe-cyber cishe I-GNU / Linux, sizoncoma ukuthi uyihlole. Futhi ngalokhu sizoshiya ngokushesha isixhumanisi esingezansi ukuze sithintwe kalula ekugcineni kwalolu shicilelo:

“Ukuhlaselwa kwe-« APT Attack »noma i-Advanced Persistent Threat kungachazwa njenge-n ukuhlasela okuhlelekile futhi okuyinkimbinkimbi okuhlose ukuthola ukufinyelela isikhathi eside kohlelo lwamakhompyutha ngumuntu noma iqembu elingagunyaziwe. Isizathu sokuthi kungani, inhloso yayo enkulu imvamisa ukwebiwa kwedatha ngendlela enkulu noma ukugadwa (ukuqapha) komsebenzi wenethiwekhi yekhompyutha ehlaselwe." Ukuhlaselwa kwe-APT: Izinsongo Zokuqhubeka Ezithuthukile Zingayithinta I-Linux?

I-athikili ehlobene:

Ukuhlaselwa kwe-APT: Izinsongo Zokuqhubeka Ezithuthukile Zingayithinta I-Linux?

I-athikili ehlobene:

Amathiphu Wokuphepha Kwikhompyutha Wawo Wonke Umuntu Noma Kunini, Noma Kuphi

I-athikili ehlobene:

Amagciwane ku-GNU / Linux: Iqiniso noma Inganekwane?

Izinsongo eziphezulu ze-2021 kanye nobungozi be-GNU / Linux

Mayelana Nezinsongo nobungozi bekhompyutha

Ngaphambi kokungena ngokuphelele kufayela le- Izinsongo zekhompyutha kanye nokuba sengozini okuvela ku- ngonyaka we-2021 ukuze I-GNU / Linux, sizokwenza kucace kafushane ukuthi bayafana, nokuthi bahluke kanjani laba ababili. Futhi ngalokhu, sizocaphuna incazelo ye- Isikhungo Sikazwelonke Sokuphepha Kwezokuxhumana (INCIBE) kusuka eSpain:

• Una ubungozi ' . Lezi "zimbobo" zingaba nemvelaphi ehlukile, ngokwesibonelo: amaphutha wokuklama, amaphutha wokumisa noma ukuntuleka kwezinqubo.
• Ngokwengxenye yayo, a usongo Kunganoma yisiphi isenzo esisizakala ngokuba sengozini yokwehlisa ukuphepha kohlelo lolwazi. Ngamanye amagama, ingaba nomthelela omubi ongaba khona kokunye kwesistimu yethu. Izinsongo zingavela ekuhlaselweni (ukukhwabanisa, ukweba, amagciwane), izehlakalo zomzimba (umlilo, isikhukhula) noma ubudedengu nezinqumo zezikhungo (ukuphathwa kabi kwephasiwedi, ukungasebenzisi ukubethela). Ngokombono wenhlangano bangaba ngaphakathi nangaphandle.

"Ngakho-ke, ukuba sengozini kuyizimo nezici zezinhlelo zenhlangano ezenza ukuthi zisongelwe. Inkinga ukuthi emhlabeni wangempela, uma kukhona ukuba sengozini, kuyohlala kukhona umuntu ozozama ukuwusebenzisa, okungukuthi, asizakale ngokuba khona kwawo." Threat vs Vulnerability, uyazi ukuthi bahluke kanjani?

Umbiko weTrend Micro Linux 2021-1H Usongo

Manje ukungena ngokuphelele esihlokweni okukhulunywe ngaso, kufanelekile ukugqamisa lokho okuvezwe yinhlangano ebizwa Umkhuba Micro okwamanje Umbiko Wokusongela I-Linux 2021-1H:

"I-Linux ibhekwa ngabaningi njengohlelo lokusebenza oluyingqayizivele lokuzinza, ukuguquguquka kwemvelo, kanye nemvelo yomthombo ovulekile. Isithunzi sakhe sezinkanyezi sisekelwa impumelelo yakhe eminingi evelele eminyakeni yamuva.

Isibonelo, i-100% yabadlali abaphezulu be-500 abahamba phambili emhlabeni basebenzisa iLinux, kanti ama-50,5% amawebhusayithi aphezulu ayi-1.000 3 ayayisebenzisa, ngokusho kocwaningo olwenziwe yiW90Techs. I-Linux ibusa ifu, isebenza ku-2017% wemithwalo yomsebenzi wamafu womphakathi ngonyaka we-XNUMX. I-Linux futhi inokwesekwa okuhlukile kokulayishwa kwentengo / kokusebenza kwamafu okuphezulu kakhulu kusetshenziswa amaprosesa we-Advanced RISC Machines (ARM), njenge-AWS Graviton.

Ngaphezu kwalokho, isebenza kuma-96,3% wamaseva wewebhu aphezulu kakhulu ayisigidi emhlabeni, iLinux ibuye inike amandla amawashi ahlakaniphile, izitimela ezinejubane elikhulu, kanye nezinhlelo zesikhala esiphezulu zomhlaba. I-Linux inamandla, iyonke, futhi ithembekile, kepha ayinawo amaphutha ayo; njengezinye izinhlelo zokusebenza, kuhlala kungabanjwa ukuthi kuhlaselwe."

Okuphezulu okungu-15: Ukuba sengozini yokugenca Izinhlelo Zokusebenza ze-Linux

Futhi ngokwombiko wenkampani eshiwo, lawa yi Ukuba sengozini okuyinhloko okungu-15 esingabhekana nayo mayelana nesikhathi samanje Izinhlelo Zokusebenza ze-GNU / Linux online:

I-CVE-2017-5638

• Descripción: Ukuba sengozini kwe-Jakarta Multipart parser ku-Apache Struts
• Isikolo se-CVSS: 10.0 - Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2017-9805

• Descripción: Ukuba sengozini ku-REST Plugin ku-Apache
• Isikolo se-CVSS: 8.1 - Ephezulu / Ephakathi
• Imininingwane: NgesiNgisi / En Español

I-CVE-2018-7600

• Descripción: Ukuba sengozini kuDrupal
• Isikolo se-CVSS: 9.8 - Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2020-14750

• Descripción: Ukuba sengozini komkhiqizo we-Oracle WebLogic Server kusuka ku-Oracle Fusion Middleware
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2020-25213

• Descripción: Ukuba sengozini ku-plugin ye-WordPress File Manager (wp-file-manager)
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2020-17496

• Descripción: Ukuba sengozini kwedatha yama-subWidgets esicelweni se-ajax ku-vBulletin
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2020-11651

• Descripción: Ukuba sengozini ekufakweni kweqoqo le-galaxy engaphendulwa kahle enjinini enengqondo
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2017-12611

• Descripción: Ukuba sengozini kuma-Apache Struts kuzinguqulo 2.0.0 / 2.3.33 nezinguqulo 2.5 / 2.5.10.1
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2017-7657

• Descripción: Ukuba sengozini ku-Eclipse Jetty, kuzinguqulo 9.2.x nangaphambilini, izinhlobo 9.3.x / 9.4.x
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2021-29441

• DescripciónUkuba sengozini ekuqinisekisweni (-Dnacos.core.auth.enabled = true) kumaNacos
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2020-14179

• Descripción: Ukuba Sengozini Kokuveza Ulwazi ku-Atlassian Jira
• Isikolo se-CVSS: 5.3 - Isilinganiso
• Imininingwane: NgesiNgisi / En Español

I-CVE-2013-4547

• Descripción: Ukuba sengozini yokuphatha izintambo ze-Nginx URI nemikhawulo yokufinyelela
• Isikolo se-CVSS: 7.5 - Phezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2019-0230

• Descripción: Ukuba sengozini kokuhlolwa kwe-OGNL kuzimpawu zethegi ze-Apache Struts
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2018-11776

• Descripción: Ukuba sengozini kwe-RCE kusisho se-Apache Struts OGNL
• Isikolo se-CVSS: 8.1 - Phezulu
• Imininingwane: NgesiNgisi / En Español

I-CVE-2020-7961

• Descripción: Liferay Portal Engathembekile Ukwehliswa Kwezinto Zasemhlabeni Ukuba Sengozini
• Isikolo se-CVSS: 9.8 Okubalulekile / Okuphezulu
• Imininingwane: NgesiNgisi / En Español

Imininingwane engaphezulu ngobunye ubungozi

Ngemininingwane engaphezulu ngobunye ubungozi, ungafinyelela ngqo kulezi zixhumanisi ze-Vulnerability Databases:

1. Idathabheyisi Kazwelonke Yokuba Sengozini (i-USA)
2. Idathabheyisi Kazwelonke Yokuba Sengozini (Spain)
3. Isizindalwazi Somhlaba Wonke Esengozini
4. I-Trend Micro Attack Encyclopedia

Isifingqo

Kafushane, "Izinsongo nobungozi" Namuhla, zihlaselwa kaningi futhi ngakho-ke, akukho lutho okufanele luyekwe ku ukuqaliswa kwanoma iyiphi indlela yokuphepha cishe I-GNU / Linux nokunye Izinhlelo zokusebenza, ukuzigwema noma ukuzinciphisa. Futhi kulolo hlangothi, kubalulekile ukwazi ngokujula yonke i- Ukuba sengozini okwedlule nokwamanje, kanye nalezo ezingase zivele nsuku zonke, ukuqala ukulungisa okudingekayo ngokushesha okukhulu.

Siyethemba ukuthi le ncwadi izosiza kakhulu kuwo wonke umuntu «Comunidad de Software Libre y Código Abierto» kanye negalelo elikhulu ekuthuthukisweni, ekukhuleni nasekusakazweni kohlelo lokuphilayo lwezinhlelo zokusebenza ezitholakalayo «GNU/Linux». Futhi ungayeki ukuwabelana nabanye, kumawebhusayithi wakho owathandayo, iziteshi, amaqembu noma imiphakathi yokuxhumana nabantu noma amasistimu wokuthumela imiyalezo. Ekugcineni, vakashela ikhasi lethu lasekhaya ku- «DesdeLinux» ukuhlola ezinye izindaba, bese ujoyina isiteshi sethu esisemthethweni se- I-Telegram ye DesdeLinux.