Pali njira zingapo zothandiza zotsegulira zotseguka kuwonjezera pa mayankho achitetezo omwe makampani amtambo amapereka.
Nazi zitsanzo za matekinoloje asanu ndi atatu odziwika bwino a chitetezo chamtambo.
AWS, Microsoft, ndi Google ndi makampani ochepa chabe amtambo omwe amapereka mawonekedwe osiyanasiyana achitetezo. Ngakhale kuti matekinolojewa ndi othandiza mosakayikira, sangathe kukwaniritsa zosowa za aliyense. Magulu a IT nthawi zambiri amapeza mipata pa kuthekera kwawo kupanga ndi kusunga ntchito zochulukira pamapulatifomu onsewa pamene chitukuko cha mtambo chikupita patsogolo. Pamapeto pake, zili kwa wogwiritsa ntchito kutseka mipata imeneyi. Matekinoloje a Open source cloud security ndi othandiza pazochitika ngati izi.
Matekinoloje achitetezo amtambo omwe amagwiritsidwa ntchito kwambiri nthawi zambiri amapangidwa ndi mabungwe monga Netflix, Capital One, ndi Lyft omwe ali ndi magulu akuluakulu a IT omwe ali ndi ukatswiri wambiri pamtambo. Magulu amayamba mapulojekitiwa kuti athetse zofunika zina zomwe sizikukwaniritsidwa ndi zida ndi ntchito zomwe zilipo kale, ndipo amatsegula mapulogalamuwa ndi chiyembekezo kuti athandizanso mabizinesi ena. Ngakhale siziphatikizidwe, mndandanda wa mayankho omwe amakonda kwambiri otseguka pamtambo pa GitHub ndi malo abwino kuyamba. Ambiri aiwo amagwirizana ndi makonda ena amtambo, pomwe ena amamangidwa momveka bwino kuti agwire ntchito ndi AWS, mtambo wodziwika kwambiri wa anthu. Yang'anani pa matekinoloje achitetezo awa pakuyankhira zochitika, kuyesa mwachidwi, komanso kuwonekera.
Cloud Custodian
Kasamalidwe ka malo a AWS, Microsoft Azure, ndi Google Cloud Platform (GCP) amachitidwa mothandizidwa ndi Cloud Custodian, injini ya malamulo yopanda malire. Ndi malipoti ophatikizidwa ndi kusanthula, kumaphatikiza njira zingapo zotsatirira zomwe mabizinesi amagwiritsa ntchito papulatifomu imodzi. Mutha kukhazikitsa malamulo pogwiritsa ntchito Cloud Custodian omwe amafananiza chilengedwe ndi chitetezo ndi zofunikira pakutsata komanso njira zowongolerera mtengo. Mtundu ndi gulu lazinthu zoyenera kuyang'ana, komanso zochita zomwe zikuyenera kuchitidwa pazithandizozi, zimafotokozedwa mu mfundo za Cloud Custodian, zomwe zimafotokozedwa mu YAML. Mutha, mwachitsanzo, kukhazikitsa ndondomeko yomwe imapangitsa kuti kubisa kwa ndowa kupezeke pa ndowa zonse za Amazon S3. Kuti muthane ndi malamulo, mutha kuphatikizira Cloud Custodian ndi nthawi yothamanga yopanda seva komanso ntchito zamtambo. Poyamba adapangidwa ndikuperekedwa ngati gwero laulere ndi
Kujambula mapu
Chojambula chachikulu apa ndi mamapu a Infrastructure omwe amapangidwa ndi zojambulajambula. Chida ichi chojambula chodziwikiratu chimapereka chithunzithunzi cha kulumikizana pakati pa zida zanu zamtambo. Izi zitha kuwonjezera kuwonekera kwachitetezo cha gulu lonse. Gwiritsani ntchito chida ichi popanga malipoti azinthu, kuzindikira zomwe zingawukire, ndikuwonetsa mwayi wowongolera chitetezo. Akatswiri a ku Lyft adapanga zojambulajambula, zomwe zimagwiritsa ntchito database ya Neo4j. Imathandizira ntchito zosiyanasiyana za AWS, G Suite, ndi Google Cloud Platform.
Diffy
Chida chodziwika kwambiri chowerengera zaukadaulo wa digito ndi kuyankha zochitika kumatchedwa Diffy (DFIR). Udindo wa gulu lanu la DFIR ndikufufuza zomwe muli nazo kuti muwone umboni uliwonse womwe wakubayo adasiyidwa pomwe malo anu adawukiridwa kale kapena kubedwa. Izi zingafunike ntchito yowawa yamanja. Injini yosiyana yoperekedwa ndi Diffy imawulula zochitika zosasangalatsa, makina enieni, ndi zina zothandizira. Pofuna kuthandiza gulu la DFIR kudziwa komwe akuwukira, Diffy iwauza zomwe zikuchita modabwitsa. Diffy akadali koyambirira kwachitukuko ndipo tsopano akungothandizira zochitika za Linux pa AWS, komabe mapangidwe ake a plugin angathandize mitambo ina. Gulu la Security Intelligence and Response Team la Netflix linapanga Diffy, lomwe linalembedwa mu Python.
Git-zinsinsi
Chida ichi chachitetezo chachitukuko chotchedwa Git-chinsinsi chimakuletsani kusunga zinsinsi komanso zinsinsi zina zomwe zili munkhokwe yanu ya Git. Kupanga kapena kutumiza mauthenga omwe akugwirizana ndi chimodzi mwazomwe mwafotokozedweratu, mawu oletsedwa amakanidwa pambuyo pofufuzidwa. Zinsinsi za Git zidapangidwa ndi AWS m'malingaliro. Idapangidwa ndi AWS Labs, yomwe imayang'anira ntchito yokonza projekiti.
Mtengo wa OSSEC
OSSEC ndi nsanja yachitetezo yomwe imaphatikiza kuwunika kwa chipika, chitetezo mudziwe ndi kasamalidwe ka zochitika, ndi kuzindikiritsa kulowetsedwa kwa wolandira. Mutha kugwiritsa ntchito izi pa ma VM ozikidwa pamtambo ngakhale kuti zidapangidwa kuti zitetezedwe pamalopo. Kusinthasintha kwa nsanja ndi chimodzi mwazabwino zake. Malo omwe ali pa AWS, Azure, ndi GCP atha kugwiritsa ntchito. Kuphatikiza apo, imathandizira ma OS osiyanasiyana, kuphatikiza Windows, Linux, Mac OS X, ndi Solaris. Kuphatikiza pa kuwunika kwa wothandizira komanso wopanda wothandizira, OSSEC imapereka seva yapakati yoyang'anira kuti isunge malamulo pamapulatifomu angapo. Makhalidwe apamwamba a OSSEC ndi awa: Fayilo kapena chikwatu chilichonse chomwe chikusintha pamakina anu chizindikirika ndi kuyang'anira kukhulupirika kwa fayilo, zomwe zidzakudziwitsani. Kuwunika kwamitengo kumasonkhanitsa, kusanthula, ndikukudziwitsani zamtundu uliwonse wachilendo kuchokera pamalogi onse mudongosolo.
Kuzindikira kwa Rootkit, komwe kumakudziwitsani ngati dongosolo lanu likusintha ngati rootkit. Zolowera zina zikapezeka, OSSEC imatha kuyankha mwachangu ndikuchitapo kanthu nthawi yomweyo. OSSEC Foundation imayang'anira kusungidwa kwa OSSEC.
GoPhish
pakuti phish kuyezetsa kayeseleledwe, Gophish ndi pulogalamu yotseguka yomwe imathandizira kutumiza maimelo, kuwatsata, ndikuzindikira kuti ndi angati olandila adadina maulalo mumaimelo anu achinyengo. Ndipo mutha kuyang'ana ziwerengero zawo zonse. Zimapatsa gulu lofiira njira zingapo zowukira kuphatikiza maimelo okhazikika, maimelo okhala ndi zomata, komanso RubberDuckies kuyesa chitetezo chakuthupi ndi digito. Panopa aposa 36 phishing ma templates akupezeka kwa anthu ammudzi. Kugawa kochokera ku AWS komwe kumadzaza ndi ma tempuleti ndikutetezedwa ku miyezo ya CIS kumasungidwa ndi HailBytes. Pano.
woyendetsa
Prowler ndi chida cholamula cha AWS chomwe chimayesa zomangamanga zanu poyerekeza ndi miyezo yokhazikitsidwa ndi AWS ndi Center for Internet Security komanso kuyendera kwa GDPR ndi HIPAA. Muli ndi mwayi wowonanso zamtundu wanu wathunthu kapena mbiri ya AWS kapena dera. Prowler ali ndi kuthekera kopereka ndemanga zambiri nthawi imodzi ndikupereka malipoti m'mawonekedwe kuphatikiza CSV, JSON, ndi HTML. Kuphatikiza apo, AWS Security Hub ikuphatikizidwa. Toni de la Fuente, katswiri wa zachitetezo ku Amazon yemwe akugwirabe ntchito yokonza pulojekitiyi, adapanga Prowler.
Security Monkey
M'makonzedwe a AWS, GCP, ndi OpenStack, Security Monkey ndi chida choyang'anira chomwe chimayang'anitsitsa kusintha kwa mfundo ndi kuyika kofooka. Mwachitsanzo, Security Monkey mu AWS imakudziwitsani nthawi iliyonse chidebe cha S3 komanso gulu lachitetezo likapangidwa kapena kuchotsedwa, imayang'anira makiyi anu a AWS Identity & Access Management, ndikuchita ntchito zina zingapo. Netflix idapanga Security Monkey, ngakhale imangopereka zosintha zazing'ono pompano. AWS Config ndi Google Cloud Assets Inventory ndi zolowa m'malo mwa ogulitsa.
Kuti muwone zida zowonjezera zotseguka pa AWS, onani wathu HailBytes' Zopereka zamsika za AWS pano.
