当前位置：网站首页>Anti leakage family photo in attack and defense drill

Anti leakage family photo in attack and defense drill

2022-06-30 21:48:00 【InfoQ】

Information collection is the first step for attackers in attack and defense drills , It's also a very important step . To prevent an attack from being detected , The attack team usually adopts the strategy of collecting peripheral information , And determine the subsequent attack methods or ideas according to the quality of the collected data . The main source of peripheral information collection is information leakage . Information leakage and its disposal methods are mainly divided into the following categories .

One 、 Prevent document information disclosure

Many developers 、 The safety awareness of operation and maintenance personnel is insufficient , for example , In order to facilitate or earn points, upload some UN desensitized files to the online disk 、 library 、 On public platforms such as the operation and maintenance group , Cause the disclosure of key document information . If the password 、 Interface information 、 Disclosure of network architecture and other document information , The attacker will bypass the security protection according to the leaked information , Make the safety protection useless . Attackers will generally search the information of the target company through the following websites or tools ：

Academic websites , Such as HowNet CNKI、Google academic 、 Baidu academic ;

Network disk class , Such as micro disk Vdisk、 Baidu SkyDrive 、360 Cloud disk, etc ;

Code hosting platform class , Such as GitHub、Bitbucket、GitLab、Gitee etc. ;

Bidding websites , Self built bidding website 、 Third party bidding websites ;

Library class , Such as Baidu Library 、 Douding net 、 Daoke Baba, etc ;

Social platform , Such as wechat group 、QQ Group 、 Forum 、 Post it and so on .

The most popular types of document information for attackers include the following .

User manual ：VPN System 、OA System 、 User manual of mailbox and other systems , The sensitive information may include the application access address 、 Default account information, etc .

Installation manual ： May include applying the default password 、 Internal and external network addresses of hardware devices .

Delivery documents ： It may contain application configuration information 、 Network topology 、 Network configuration information, etc .

Specific disposal suggestions are as follows .

1） The system clearly requires that sensitive documents shall not be uploaded to the online disk or library , And regularly review .

2） For third-party personnel, sensitive documents involving the unit are also required , It shall not be shared with irrelevant personnel of the project without the permission of the contract unit , Do not upload to the network disk 、 library 、QQ Group sharing and other public platforms . Once found , Take it seriously .

3） Regularly go to the various websites or tools mentioned above to search for the keywords of your company , If sensitive documents are found, the uploader or platform is required to delete them .

Two 、 Prevent code escrow leaks

Developers use social programming and code hosting sites , Make it easy for users to manage 、 Store and search program source code , These code hosting sites are loved by programmers . However , Programmers who lack security awareness may upload all or part of the source code of the organization or the client company to the code hosting website . After finding the source code of the target company, the attacker will directly conduct security audit on the source code , Exploit system vulnerabilities through white box testing , Make some defense measures invalid or precisely bypass the protection rules ; Or the sensitive information contained in the source code may involve the account and password of the application connection 、 Configuration information and other important information , It will be directly used after leakage .

Suggestions for preventing code escrow leaks are as follows ：

1） It is strictly prohibited to disclose the project source code to the code hosting website ;

2） Developers are prohibited from copying source code to uncontrollable computers without permission ;

3） Regular in GitHub、Bitbucket、GitLab、Gitee Search the keywords of your company on major code hosting websites , If you find the source code of your own company on it , Ask the uploader or platform to delete .

3、 ... and 、 Prevent historical vulnerability disclosure

Most attackers will search the vulnerability information of the target unit system or the system with the same fingerprint as the target unit system on the vulnerability platform , And test whether the vulnerability exists according to the vulnerability information , If the vulnerability is not fixed , Will directly use . The current mainstream vulnerability reporting platforms are as follows .

Sky mending platform

、

Loophole box

、

Dark clouds mirror

、

Hackerone

Disposal suggestions are as follows ：

1） Collect vulnerability information about the company on major vulnerability platforms , Verify the repair one by one ;

2） Collect vulnerability information of the same commercial system or open source system used by the company , Verify whether the system of the unit has vulnerabilities disclosed by the platform one by one .

Four 、 Prevent personnel information leakage

E-mail address of the personnel of the target company 、 Telephone 、 Information leakage such as address book will also bring a certain degree of security risks , Attackers can use this information to take targeted fishing against these people 、 Social workers and other means , Control their electronic devices , Thus further information collection and intrusion .

Disposal suggestions are as follows ：

1） Enhance personnel safety awareness , Don't open suspicious emails easily , Do not disclose sensitive information to unidentified personnel , It is forbidden to add unidentified personnel to the business group or other sensitive work groups ;

2） It is forbidden to put the administrator mailbox in the program source code 、 Sensitive information such as telephone .

5、 ... and 、 Prevent other information from being disclosed

In addition to the possible information leakage caused by the above , The attacker will also collect the supplier information of the target unit 、 Enterprise organization structure or subordinate enterprise information , And attack the target enterprise information system by attacking these targets . This is also a common attack method used by attackers .

Disposal suggestions are as follows ：

1） System interconnection with subordinate enterprises , Deploy security protection and detection equipment at the network level , Before access, subordinate enterprise systems shall issue code audit and penetration test reports , Ensure access security ;

2） Do not share passwords with other system companies or individuals , Dynamic password or key authentication can be added if conditions permit , Prevent hackers from hitting the library ;3） For systems hosted on the public cloud , Cloud providers are required to deploy separately , Do not share network segment with other enterprise systems 、 Server, storage and other components , Prevent bypass attacks .

原网站

版权声明
本文为[InfoQ]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/181/202206302115513047.html