Back to Question Center
0

I-Semalt Islamabad Iingcali: Indlela Yokugwema Ixesha Elifanayo Njenge TalkTalk

1 answers:

I-TalkTalk yayisezintloko kwinyanga ephelileyo njengoko abathengi abangaphezu kwe-150,000 bekhalaza ukuba zabo iinkcukacha zabo zabiwe. Oku kwakumangalisa kuba abagaxekile bebenokuphumelela ukuhlaselwa okunjalo njengeminyaka elishumi elinesihlanu, kwaye ukuphulaphula intetho kuthetha iNdlu engaphezu kwezigidi ezingama-40. Ngokumangalisa, umhlaseli wasebenzisa isilenze se-SQL ukwenza umsebenzi wakhe, kwaye ukuhlaselwa kwaxhaphaza ezinye iintlobo ezidumileyo kunye nezona zingcono zokungabikho kwi-intanethi.

Umphathi weNtengo kaMthengi uSemalt , uMichael Brown, uyaqinisekisa ukuba nangona sele sele ejikeleze iminyaka kwaye ebeka kwiindawo eziphezulu, ubungozi buye baqhubeka beveza amabhizinisi kwaye bathetha ngengozi yomonakalo - кровать чуча. Okugqithiseleyo, yayisetyenziswe kwi-cybercrime enkulu eRashiya, apho amagama angama-bhiliyoni angamawaka kunye namaphasiwedi, kunye nokudibanisa kwabo, bebiwe, kwaye ii-ID ze-imeyli ze-imeyli ezingaphezu kwezigidi ezingama-400 zachithwa.

I-Veracode ihlalutye idatha:

Kusuka kwi-app esekelwe kwifu kunye nenkonzo yokukhusela ngeenkqubo zee-enterprise ezingaphezu kwama-50,000, i-Veracode yowokuqala ukuhlalutya ingxaki. Yayihlola zonke izicelo ukusuka ngo-2012 ukuya ku-2014 kwaye yafumanisa ukuba i-injection ye-SQL yayiphazamisa yonke idatha kwi-intanethi. Oku kwakhokelela ezinye iinkampani zokhuseleko ukuba zibuze ukuba zanele ukuba zithembele kumanyathelo omgangatho wokhuselo lwe-cybersecurity okanye cha.

Khangela, kwaye uya kuyifumana:

Njengokuba ininzi imibutho kunye neenkampani ziqonda ukuba i-cybercrime iyingozi enkulu, abanye abakholelwa okanye bathathe amanyathelo ngokuchasene nabadlali be-cybercriminals. njenge-IDS, inkqubo ye-IPS kunye ne-firewalls.Nakuba kunjalo, bafuna iindlela ezifanelekileyo kunye nezithembekileyo zokunxibelelanisa inethiwekhi ukukhusela izithuthi ezingalunganga ukuhlaselwa okanye ukulimaza izicelo zabo zewebhu.Nakuba iisongelo ze-SQli zikhulu, akunakwenzeka.

Umfanekiso omkhulu:

Abaqhubi be-cybercriminals bahamba ngokusebenzisa i-nook kunye ne-granny yezicelo kunye nezibonelelo zenkampani ezahlukileyo ukufumana ubunzima obukhulu ngokukodwa kwi-SQLi. Akufanele uvumele ukukubetha. Ngoko, isisombululo kukuhlalutya amawaka eendawo zokuvelisa ngexesha elifanayo kwaye zichonge iiwebhusayithi ezingaziwayo okanye ezinokukrokra ngaphandle kwecandelo le-IP.

Kanye akalanele:

Xa ufumanisa ngokupheleleyo uluhlu olupheleleyo lwe-perimeters yewebhu, uvavanyo lwe-ad hoc kanye ngexesha elithile alanele. Ngoko, kufuneka ufumane iindlela ezizenzekelayo zefu eziza kukunceda ugcine i-web imimiselo ye-perimeters kwaye iza kujonga i-website yonke kuwe. Kubalulekile ukuba inkampani ikhusele idatha kunye neenkqubo ezivela kwiisongelo ezinjalo ngokuguqula imigaqo-nkqubo kwaye ziphepha zonke iindawo ezikhuselekileyo.

Yiba nobuhlungu:

Zonke iiwebhusayithi ezingahambelwanga kufuneka zivalwe ngokukhawuleza ukuba ufuna ukunciphisa izisongelo. Kule nto, kufuneka usebenzise i-intelligence yolwazi kwi-automated application security assessment ku-firewall yesicelo sewebhu (WAF). Oku kuya kukhusela inkampani yakho kwiingxaki kuze kubekho iikhowudi zilungiswa. Akukho nkampani okanye inkqubo ikhusenti yeepesenti ekhuselekileyo ize ifike kumakethi, kodwa ngokuzihlaselwa kwe-cyber ukuhlaselwa, unokuqinisekisa ukhuseleko lwakho kwi-intanethi. Ukungayithobeli izilumkiso akusisisisulu kunye nabani na abazange bathathe amanyathelo okufuneka bakwazi ukuzifumana kwisihlangu seTechTalk kwaye bangonakalise igama lakhe phambi kwabaxumi.

November 29, 2017