Zitholele Ubungozi Obujwayelekile Nokuchayeka (ama-CVE) nokuthi asiza kanjani ukuvikela izinsongo zokuphepha zekhompyutha. Thola ukwaziswa ngezindlela zokuvikela zakamuva ukuze uhlale uvikelekile.
Ukuphepha kwe-Cybersecurity igcina amanethiwekhi, amasistimu, nezinhlelo zokusebenza ziphephile ekufinyeleleni okungagunyaziwe noma ekuhlaselweni okunonya. Ukuba sengozini Okujwayelekile Nokuchayeka (ama-CVE) asiza izinhlangano ukuthi zihlale ngaphambi kwejika ngokuhlonza izinsongo ezingaba khona futhi zinikeze izixazululo zokuzinciphisa. Funda kabanzi mayelana naleli thuluzi lokuvikela nokuthi lingasiza kanjani ukuvikela idatha yakho.
Iyini i-CVE?
I-CVE isifinyezo se-Common Vulnerabilities and Exposures. Lawa amaphutha e-cybersecurity adalulwe esidlangalaleni ashicilelwe ku I-National Institute of Standards and Technology’s (NIST) National Vulnerability Database (NVDB). I-CVE ngayinye iqukethe incazelo yosongo lwezokuphepha futhi inikezwa isihlonzi esiyingqayizivele. Le nombolo kamazisi isiza izinhlangano namabhizinisi ukulandelela iziphazamisi, ukuhlonza izingozi, nokusebenzisa izibuyekezo ezifanele ukuze kuncishiswe ubungozi.
Izinhlobo zama-CVE.
Ukuba sengozini Okujwayelekile Nokuchayeka kungahlukaniswa ngezigaba eziyisithupha eziyinhloko: Ukwenziwa Kwekhodi Ekude (RCE), I-Cross-Site Scripting (XSS), I-SQL Injection, Ukuhlasela kwe-DDoS, Ukuphathwa Kokuqinisekisa Okubuthakathaka, kanye Nesofthiwe Engapeshwanga/Engasekelwe. Ngakho-ke, kubalulekile ukukhomba ubungozi obuhlobene ne-CVE ngayinye futhi uthathe isinyathelo sokulungisa noma yibuphi ubungozi obungafihliwe ngokushesha ukuze uvimbele ukuhlasela.
Indlela Yokukhomba Nokunciphisa Ubungozi Kusistimu Yakho.
Ukuhlonza ubungozi ohlelweni lwakho kungaba umsebenzi onzima. Kungakho kubalulekile ukuthi ube nesu lokuvikela le-IT elisebenzayo elihlanganisa ukuskena ubungozi okuvamile, ukuchibiyela noma imaphi ama-CVE ahlonziwe, nokwengeza izendlalelo ezengeziwe zokuvikela ezifana nezindonga zokuvikela kanye nesofthiwe yokuvikela amagciwane. Kubalulekile futhi ukuqaphela izinyathelo zokuphepha zakamuva zokuvimbela amakhompyutha ekubeni yizisulu zabahlaseli.
Ingabe Ama-CVE Avuselelwa Kangaki?
Ama-CVE avuselelwa njalo ngobungozi bamuva obuhlonziwe. Inani lama-CVE likhula nsuku zonke, ngakho-ke iminyango ye-IT nezingcweti kufanele zihlale zinolwazi ngezinsongo zakamuva. Ngolwazi olunzulu ngobungozi besistimu obaziwayo, izinhlangano zingagwema ukuthatha imikhuba engavikelekile njengesofthiwe esiphelelwe yisikhathi, amagama ayimfihlo abuthakathaka, nokuvikeleka kwenethiwekhi okunganele okungazibeka engcupheni enkulu yokuphulwa kwezokuphepha.
Izinzuzo Zokusebenzisa Ithuluzi Lokuskena le-CVE noma Isizindalwazi.
Amathuluzi okuskena e-CVE noma izizindalwazi zikwenza kube lula ukuthi ochwepheshe be-IT baqaphe ukuqoqwa kobungozi obaziwa esidlangalaleni. Ngokusebenzisa isithwebuli se-CVE, izinhlangano zingakwazi ukuhlonza ubungozi bokuphepha futhi zisebenzise ukuvikela okudingekayo. Ukwengeza, lawa mathuluzi angase anikeze abasebenzisi iseluleko sokulungisa ukuze abasize balungise izinkinga ezikhonjiwe ngokushesha futhi banciphise ukuba nokwenzeka kokunye ukulimala. Ukusebenzisa imininingo egciniwe ye-CVE yakamuva futhi kuqinisekisa ukuthi ochwepheshe be-IT bangafinyelela ulwazi olusha kakhulu ngobuthakathaka besistimu nokuchayeka ukuze bavikele amanethiwekhi abo ngempumelelo.
Usongo Oluthulile: Ukwembula Ubungozi Okuvamile Nokuchayeka
Ezweni lanamuhla ledijithali, lapho ubuchwepheshe buhlala buvela njalo, akumangazi ukuthi izinsongo ze-cyber seziyinkimbinkimbi kakhulu futhi ziyingozi. Phakathi kwalezi zinsongo kukhona isitha esithulile esivame ukunganakwa kuze kube sekwephuzile kakhulu - ubungozi obujwayelekile kanye nokuchayeka (CVEs). Lawa ma-CVE awubuthakathaka kanye nezintuba ku-software, izingxenyekazi zekhompuyutha, nezinhlelo izigebengu ze-inthanethi ezingazisebenzisa ukuze zithole ukufinyelela okungagunyaziwe, zebe idatha ebucayi, noma zehlise wonke amanethiwekhi.
Lesi sihloko sicubungula emhlabeni wama-CVE, sikhanyisela ubungozi obuvame kakhulu obubeka abantu, amabhizinisi, nezinhlangano engcupheni. Ngokuqonda lobu bungozi, abasebenzisi bangahlala ngesinyathelo esisodwa ngaphambi kokuhlasela kwe-inthanethi okungaba khona futhi bathathe izinyathelo zokuphepha ezidingekayo ukuze bazivikele bona kanye nezimpahla zabo zedijithali.
Kusukela kuzinguqulo zesofthiwe eziphelelwe yisikhathi kuya kumagama-mfihlo abuthakathaka, sidalula amaphuzu abuthakathaka avame ukunganakwa futhi sinikeze amathiphu asebenzayo okunciphisa ubungozi. Kungakhathaliseki ukuthi uchwepheshe we-cybersecurity noma umsebenzisi we-inthanethi ovamile, lesi sihloko sizokunikeza ulwazi lokubona nokubhekana nosongo oluthulile lwama-CVEs ngqo.
Hlala ubukele ukuze ufunde kabanzi mayelana nalokhu kuba sengozini okuvamile nokudalulwa nokuthi ungazivikela kanjani emhlabeni oxhumene ngokwandayo.
Ukuqonda ukubaluleka kwama-CVE
Umhlaba wokuvikeleka ku-inthanethi uhlala ushintsha, futhi kubalulekile ukuthi uhlale unolwazi mayelana nezinsongo zakamuva kanye nokuba sengozini. Ukuba sengozini Okujwayelekile Nokuchayeka (ama-CVE) adlala indima ebalulekile kulo mkhakha. Ama-CVE ayizihlonzi ezijwayelekile zobungozi obaziwayo kanye nokuchayeka kusofthiwe nehadiwe. Bahlinzeka ngolimi olujwayelekile kochwepheshe be-cybersecurity ukuze baxhumane futhi baxhumanise imizamo yokunciphisa lezi zingozi.
Ama-CVE asebenza njengethuluzi elibalulekile lokulawula ubungozi bokuvikeleka ku-inthanethi. Izinhlangano nabantu bangawuqonda kangcono umthelela ongaba khona futhi bathathe izinyathelo ezifanele zokunciphisa usongo ngokuhlonza nokuhlukanisa ubungozi. Le ndlela yokusebenza inganciphisa kakhulu amathuba okuba yisisulu sokuhlaselwa ku-inthanethi futhi inciphise umonakalo ongaba khona.
Izinhlobo ezijwayelekile zobungozi kanye nokuchayeka
Ama-CVE angabonakala ngezindlela ezahlukahlukene, futhi ukuqonda izinhlobo ezijwayelekile kubalulekile ekuvikeleni kuzo. Obunye ubungozi obuvame kakhulu izinguqulo zesofthiwe eziphelelwe yisikhathi. Abathuthukisi be-software bavamise ukukhulula izibuyekezo ukuze bavale ubungozi bokuphepha futhi bathuthukise ukusebenza kwesistimu. Ukwehluleka ukubuyekeza isofthiwe kuvame ukudalula amasistimu ezingozini ezaziwayo izigebengu ze-inthanethi ezingazisebenzisa.
Amagama ayimfihlo abuthakathaka angobunye ubungozi obuvamile izigebengu ze-inthanethi ezivame ukuzisebenzisa. Abantu abaningi nezinhlangano zisasebenzisa amaphasiwedi aqageleka kalula noma zisebenzisa kabusha igama-mfihlo elifanayo kuwo wonke ama-akhawunti amaningi. Lo mkhuba ubeka engcupheni enkulu njengoba izigebengu ze-inthanethi zingasebenzisa amathuluzi azenzakalelayo ukuze ziqalise ukuhlasela kwe-brute-force futhi zithole ukufinyelela okungagunyaziwe.
Obunye ubungozi bulele kwihadiwe engashicilelwe noma i-firmware. Abakhiqizi bavamise ukukhipha izibuyekezo ukuze balungise ubuthakathaka bokuphepha kumadivayisi abo. Ukuziba lezi zibuyekezo kushiya amasistimu engcupheni yokuhlaselwa okusebenzisa ubungozi obaziwayo, okungase kuholele ekuphulweni kwedatha, ukuphahlazeka kwesistimu, noma ukufaka engozini ngokuphelele.
Umthelela wama-CVE kubantu ngabanye nakumabhizinisi
Umthelela wama-CVE ungafinyelela kude, uthinte abantu ngabanye namabhizinisi. Kubantu ngabanye, ukuba yisisulu sokuhlaselwa ku-inthanethi kungaholela ekwebiweni kobunikazi, ekulahlekeni kwezimali, nasekuhlaselweni kobumfihlo. Izigebengu ze-inthanethi zingasebenzisa ubungozi ukuze zifinyelele ulwazi lomuntu siqu, njengemininingwane yasebhange, izinombolo zokuphepha komphakathi, noma amarekhodi ezempilo, angasetshenziselwa izinjongo ezinonya.
Ngakolunye uhlangothi, amabhizinisi abhekana nezingozi ezinkulu nakakhulu. Ukuhlaselwa okuyimpumelelo ku-inthanethi kungaholela ekulahlekelweni okukhulu kwezimali, ukulimala kwesithunzi, nokulahlekelwa ukuthenjwa kwamakhasimende. Ukuphulwa kwedatha kungadalula ulwazi lwekhasimende olubucayi, izimfihlo zohwebo, kanye nempahla yobuhlakani, okuholela emiphumeleni yomthetho kanye nokuphazamiseka kwebhizinisi. Izindleko zokululama kusukela ekuhlaselweni, okuhlanganisa impendulo yesigameko, izindleko zomthetho, nokulungiswa kwesistimu, zingaba ngokwezinkanyezi.
Ungawahlonza kanjani futhi uwahlole kanjani ama-CVE
Ukuhlonza nokuhlola ama-CVE kuyisinyathelo esibalulekile ekulawuleni ubungozi bokuvikeleka ku-inthanethi. Izinsiza zingasiza abantu nezinhlangano ukuthi bahlale benolwazi mayelana nokuba sengozini kwakamuva nokudalulwa.
Imininingo egciniwe ye-CVE, njenge-National Vulnerability Database (NVD), ihlinzeka ngohlu olubanzi lobungozi obaziwayo, imininingwane ehambisanayo, nezilinganiso zobunzima. Izeluleko zokuphepha ezivela kubathengisi besofthiwe nezingxenyekazi zekhompuyutha nazo zinikeza imininingwane ebalulekile ezingozini ezingaba khona namapeshi atholakalayo noma izibuyekezo. Ukubhalisela ukuphakelwa kobuhlakani obuthile obuthile obusongela umkhakha kanye nokulandela izitolo zezindaba ze-cybersecurity kungathuthukisa ukuqwashisa ngezinsongo ezivelayo kanye nokuba sengozini.
Uma ubungozi bubonwa, ukuhlola umthelela wabo ongaba khona kubalulekile. Ukuqonda ukuthi ubungozi obuthile bungasetshenziswa kanjani kanye nemiphumela engaba khona kuvumela izinhlangano ukuthi zibeke phambili izinsiza futhi zithathe izinyathelo zokunciphisa ezifanele. Izikena zokuba sengozini nokuhlola ukungena kungasiza ekuhlonzeni ubuthakathaka futhi zilingise izimo zokuhlasela zomhlaba wangempela ukuze kukale ukusebenza kahle kwezilawuli zokuphepha ezikhona.
Izinyathelo zokuvimbela zokunciphisa ubungozi be-CVE
Ukunciphisa ubungozi be-CVE kudinga indlela enezici eziningi ezibandakanya izinyathelo zobuchwepheshe nezingezona ezobuchwephesha. Nazi ezinye zezinyathelo zokuvimbela abantu nezinhlangano abangazithatha ukunciphisa ukuba sengozini kwabo kuma-CVE:
1. Izibuyekezo zesofthiwe ezivamile: Ukugcina isofthiwe, amasistimu wokusebenza, kanye ne-firmware kusesikhathini kubalulekile ekuvikeleni ebuthakathakeni obaziwayo. Ukunika amandla izibuyekezo ezizenzakalelayo noma ukusebenzisa isistimu yokuphatha isichibi kuqinisekisa ukuthi izibuyekezo ezibalulekile zokuphepha zisetshenziswa ngokushesha.
2. Amagama ayimfihlo aqinile kanye nokuqinisekiswa kwezinto eziningi: Ukusebenzisa amagama ayimfihlo aqinile nokusebenzisa ukuqinisekiswa kwezinto eziningi kwengeza isendlalelo esengeziwe sokuvikela kuma-akhawunti omsebenzisi. Abaphathi bephasiwedi bangasiza ukukhiqiza nokugcina amaphasiwedi ayinkimbinkimbi ngokuphephile.
3. Ukuhlukaniswa kwenethiwekhi nezilawuli zokufinyelela: Ukuhlukanisa amanethiwekhi nokusebenzisa izilawuli zokufinyelela eziqinile zikhawulela umthelela ongaba khona wokuhlasela okuyimpumelelo. Le ndlela ivimbela ukunyakaza kwe-lateral ngaphakathi kwenethiwekhi futhi inciphisa ingozi yokufinyelela okungagunyaziwe ezinhlelweni ezibucayi.
4. Ukuqwashisa abasebenzisi nokuqeqeshwa: Ukufundisa abasebenzi nabasebenzisi mayelana nezingozi ezingaba khona, imikhuba ephephile yokuphequlula, kanye nendlela yokuhlonza imizamo yobugebengu bokweba imininingwane ebucayi kunganciphisa kakhulu amathuba okuba izisulu zama-CVE. Amaseshini okuqeqesha avamile kanye nokuzivocavoca okulingiswayo kobugebengu bokweba imininingwane ebucayi kungasiza ukuqinisa ukuqwashisa ngokuphepha.
5. Ukuskena ubungozi okuvamile nokuhlolwa kokungena: Ukuskena okujwayelekile kobungozi kanye nokuhlolwa kokungena kuvumela izinhlangano ukuthi zibone futhi zibhekane nobuthakathaka ngaphambi kokuthi busetshenziswe. Le ndlela yokusebenza isiza ukuqinisekisa ukuthi izilawuli zokuphepha ziyasebenza ekwehliseni ubungozi.
Ukubika nokulungisa ama-CVE
Uma kutholwa ubungozi, ukubikelwa izinhlangano ezifanele kubalulekile ukuze kube lula ukulungisa okufika ngesikhathi. Abathengisi besofthiwe nezingxenyekazi zekhompuyutha ngokuvamile baneziteshi ezinikelwe zokubika ubungozi, njengezeluleko zokuphepha noma izinhlelo zenzuzo yeziphazamisi. Ukubika ama-CVE ngokuzibophezela kuvumela abathengisi ukuthi bathuthukise amapheshi noma izibuyekezo futhi bazise abasebenzisi mayelana nezingozi ezingaba khona nezilungiso ezitholakalayo.
Lapho ukulungiswa sekukhishiwe, ukusebenzisa isichibi noma ukusibuyekeza ngokushesha kubalulekile. Ukulibazisa ukufakwa kwezibuyekezo zokuphepha ezibucayi kuveza amasistimu ebuthakathakeni obaziwayo futhi kukhulisa ubungozi bokuxhashazwa.
Iqhaza lokuphathwa kobungozi ekubhekaneni nama-CVE
Ukuphathwa kobungozi kudlala indima ebalulekile ekubhekaneni nama-CVE. Kubandakanya ukuhlonza, ukubeka phambili, kanye nokunciphisa ubungozi ngendlela ehlelekile. Ngokusebenzisa uhlelo lokulawula ubungozi, izinhlangano zingaqonda kangcono isimo sazo sobungozi, zibeke phambili imizamo yokunciphisa, futhi ziqhubeke ziqaphe futhi zithuthukise ukuma kwazo kokuvikeleka.
Uhlelo olubanzi lokuphatha ubungozi ngokuvamile luhlanganisa izinyathelo ezilandelayo:
1. Ukutholwa kwempahla nohlu lwamagama: Ukuhlonza zonke izimpahla ezingaphakathi kwenethiwekhi yenhlangano, okuhlanganisa izingxenyekazi zekhompuyutha, isofthiwe, nezisetshenziswa zamafu, isinyathelo sokuqala sokuphathwa kobungozi. Lesi sinyathelo siqinisekisa ukuthi ayikho isistimu noma idivayisi engabonwa, kunciphisa amathuba okunaka ubungozi obungaba khona.
2. Ukuskena kokuba sengozini: Amaskena avamile okuba sengozini avumela izinhlangano ukuthi zibone ubungozi obaziwayo phakathi kwenethiwekhi yazo. Amathuluzi okuskena okuba sengcupheni enza ngokuzenzakalelayo ubuthakathaka bokukhomba futhi anikeze imibiko enemininingwane ngobungozi obutholakele.
3. Ukuhlolwa kobungozi kanye nokubeka phambili: Uma ubungozi buphawuliwe, ukuhlola ubukhali babo kanye nomthelela ongaba khona kubalulekile ekubekeni eqhulwini imizamo yokunciphisa. Ukuba sengozini okudala ubungozi obukhulu kufanele kuxazululwe kuqala ukuze kuncishiswe amathuba okuxhashazwa.
4. Ukulungisa kanye nokunciphisa: Ukusebenzisa izilawuli ezifanele nokulungiswa ukuze kubhekwane nobuthakathaka kubalulekile ekulawuleni ukuba sengozini. Lokhu kungase kuhlanganise ukusebenzisa amapeshi, ukuvuselela izinguqulo zesofthiwe, noma ukulungisa kabusha amasistimu ukuze kuqedwe noma kuncishiswe ubungozi.
5. Ukuqapha kanye nokwenza ngcono okuqhubekayo: Ukuphathwa kobungozi kuyinqubo eqhubekayo edinga ukuqapha okuqhubekayo. Ukuskena okujwayelekile kokuba sengozini, izibuyekezo zesistimu, nokuhlolwa kokuvikeleka kusiza ukuqinisekisa ukuthi izilawuli zokuphepha zenhlangano zihlala zisebenza kahle ngokumelene nezinsongo ezivelayo nokuba sengozini.
Ukuhambisana nezibuyekezo zakamuva ze-CVE
Njengoba izinsongo ze-cybersecurity zivela ngokushesha, ukuhlala unolwazi kuma-CVE akamuva kubalulekile. Izinsiza ezimbalwa zingasiza abantu nezinhlangano ukuthi bahlale benolwazi mayelana nokuba sengozini okusha nokudalulwa:
1. Imininingo egciniwe ye-CVE: I-National Vulnerability Database (NVD) iwumthombo obanzi wobungozi obaziwayo. Inikeza ulwazi oluningiliziwe mayelana nama-CVE, okuhlanganisa izilinganiso zobunzima namapeshi atholakalayo noma ama-workaround.
2. Izeluleko Zokuvikela: Abathengisi besofthiwe nezingxenyekazi zekhompuyutha bavame ukukhulula izeluleko zokuphepha ezigqamisa ubungozi emikhiqizweni yabo futhi zinikeze imiyalelo yokulungisa. Ukubhalisela uhlu lwamakheli abathengisi noma ukulandela amabhulogi abo okuphepha kunganikeza izibuyekezo ezifika ngesikhathi kuma-CVE amasha.
3. Okuphakelayo kobuhlakani obusongelayo: Ukubhalisela izifunzo zobuhlakani eziqondene nemboni kunganikeza imininingwane ebalulekile ezinsongweni ezivelayo kanye nokuba sengozini. Lokhu kudla kuvame ukufaka ulwazi mayelana nama-CVE amasha kanye nezinyathelo zokunciphisa ezinconyiwe.
4. Izitolo zezindaba ze-Cybersecurity: Ukulandela izitolo zezindaba ze-cybersecurity namabhulogi ahloniphekile kungasiza abantu nezinhlangano ukuthi bahlale benolwazi mayelana namathrendi akamuva, izinsongo, nokuba sengozini. Le mithombo ivame ukuhlinzeka ngokuhlaziywa kanye nemininingwane kuma-CVE amasha kanye nomthelela wawo ongaba khona.
Isiphetho: Ukubaluleka kokuhlala uqaphile ngokumelene nama-CVE
Emhlabeni oxhumeka ngokuya, ubungozi obujwayelekile kanye nokuchayeka (ama-CVE) abeka usongo olukhulu kubantu ngabanye nasezinhlanganweni. Ukuqonda izinhlobo ezahlukene zobungozi kanye nokuchayeka nokusebenzisa izinyathelo zokuvimbela kubalulekile ekwehliseni ubungozi obuhambisana nama-CVE.
Izibuyekezo zesofthiwe ezivamile, amagama ayimfihlo aqinile, ukuhlukaniswa kwenethiwekhi, ukuqeqeshwa kokuqwashisa abasebenzisi, nokuphathwa kobungozi konke kuyizingxenye ezibalulekile zesu eliqinile lokuphepha ku-inthanethi. Ngokuhlala unolwazi mayelana nama-CVE akamuva nokuthatha izinyathelo zokubhekana sengozini, abantu ngabanye nezinhlangano bangazivikela ekuhlaselweni ku-inthanethi futhi baqinisekise ukuvikeleka kwempahla yabo yedijithali.
Ukuhlala uqaphile nokuthatha indlela esheshayo ekuvikelekeni kwe-inthanethi kuyisihluthulelo sokuhlala isinyathelo esisodwa ngaphambi kwezinsongo ezingaba khona. Ngokubona kanye nokubhekana nengozi ethule yama-CVE ngqo, abantu ngabanye nezinhlangano bangazulazula endaweni yedijithali ngokuzethemba nokuthula kwengqondo.
Amazwana kwakamuva