GRANDSTREAM GCC6000 Series Intrusion Detection UC Plus Networking Convergence Solutions

Zvigadzirwa Zvinotsanangurwa

• Mutengo: Grandstream Networks, Inc.
• Chigadzirwa Series: GCC6000 Series
• Zvimiro: IDS (Intrusion Detection System) uye IPS (Intrusion Prevention System)

Mirayiridzo Yekushandiswa Kwechigadzirwa

Nhanganyaya kuIDS uye IPS
Iyo GCC convergence mudziyo yakashongedzerwa neIDS uye IPS kuitira kuchengetedza. IDS inongotarisa traffic uye inozivisa vatariri nezve zvinogona kutyisidzira, nepo IPS inobata zviitiko zvinokuvadza nekukurumidza.

Kudzivirira SQL Injection Attacks
SQL jekiseni kurwisa chinangwa chekuisa kodhi ine hutsinye muSQL statement kuti utore ruzivo rusina mvumo kana kukuvadza dhatabhesi. Tevera matanho aya kudzivirira kurwiswa kwakadaro:

1. Enda kuFirewall Module> Kudzivirira Kupindira> Siginecha Raibhurari.
2. Dzvanya pane yekuvandudza icon kuti uve nechokwadi chekuti Siginecha Raibhurari Ruzivo rwazvino.
3. Seta iyo modhi yeKuzivisa & Kuvhara muFirewall Module> Kudzivirira Kupindira> IDS/IPS.
4. Sarudza Chengetedzo Yedziviriro Yenhanho (Yakaderera, Yepakati, Yepamusoro, Yakanyanya Kunyanya, kana Tsika) zvichienderana nezvaunoda.
5. Gadzirisa Chengetedzo Dziviriro Level zvinoenderana nezvaunoda.

IDS/IPS Security Logs
Mushure mekugadzirisa zvigadziriso, chero yakaedza SQL jekiseni kurwisa inotariswa uye kuvharwa neiyo GCC mudziyo. Mashoko anowirirana acharatidzwa mumatanda ekuchengetedza.

Mibvunzo Inowanzo bvunzwa (FAQ)

Q: Kangani dhatabhesi rekutyisidzira rinovandudzwa?
A: Iyo dhatabhesi yekutyisidzira inogara uye inogadziridzwa neGCC zvichienderana nehurongwa hwakatengwa. Zvigadziriso zvinogona kurongwa vhiki nevhiki kana pane yakatarwa zuva/nguva.

Q: Ndeapi marudzi ekurwiswa anotariswa mune yega yega Chengetedzo Dziviriro Level?
A: Matanho ekudzivirira akasiyana (Yakaderera, Yepakati, Yakakwirira, Yakanyanya Kunyanya, Tsika) tarisisa uye kuvhara kurwiswa kwakasiyana seInjection, Brute Force, Path Traversal, DoS, Trojan, Webshell, Vulnerability Exploit, File Upload, Hacking Tools, uye Phishing.

Nhanganyaya

Iyo GCC convergence mudziyo inouya yakashongedzerwa maviri makuru akakosha ekuchengetedza ayo IDS (Intrusion discovery System) uye IPS (Intrusion Prevention System), imwe neimwe inoshandisa chinangwa chakananga chekucherechedza nekudzivirira zviitiko zvakaipa nekuona nekuvharisa marudzi akasiyana siyana nematanho e. kutyisidzira munguva chaiyo.

• Intrusion Detection Systems (IDS): kungo tarisa traffic uye kuzivisa maneja nezve zvinogona kutyisidzira pasina kupindira kwakananga.
• Intrusion Prevention Systems (IPS): bvisa zviitiko zvinokuvadza nekukurumidza.

Mugwaro iri, isu tichagadzirisa yekuona intrusion uye kudzivirira kudzivirira kubva kune imwe yakajairika mhando ye web kurwiswa kunozivikanwa seSQL jekiseni.

Kudzivirira kurwiswa uchishandisa IDS/IPS
SQL jekiseni kurwisa, imhando yekurwiswa yakarongedzerwa kuisa yakashata kodhi mune SQL zvirevo, muchinangwa chekutora ruzivo rusina mvumo kubva web server's database, kana kutyora dhatabhesi nekuisa murairo unokuvadza kana kuisa.
Ndapota tevera matanho ari pasi apa kudzivirira kurwiswa kwejekiseni:

• Enda kuFirewall Module → Kudzivirira Kupindira → Siginecha Raibhurari.
• Tinya chiratidzo
• kuve nechokwadi chekuti Siginecha Raibhurari Ruzivo rwazvino.

Cherechedza

• Iyo dhatabhesi yekutyisidzira inogara uye inogadziridzwa otomatiki neGCC zvichienderana nehurongwa hwakatengwa.
• Iyo nguva yekuvandudza inogona kurongerwa kuti itange vhiki nevhiki, kana pane yakakwana zuva/nguva.

Enda kuFirewall Module → Kudzivirira Kupindira → IDS/IPS.
Seta iyo modhi yeKuzivisa & Kuvharira, izvi zvinotarisa kune chero chiitiko chekufungidzira uye chengetedza muchengetedzo logi, zvakare ichavhara kwainobva kurwiswa.

Sarudza iyo Chengetedzo Dziviriro Chikamu, akasiyana mazinga ekudzivirira anotsigirwa:

1. Pazasi: Kana dziviriro yaiswa ku “Pasi”, kurwiswa kunotevera kuchatariswa uye/ kana kuvharwa: Jekiseni, Brute Force, Path Traversal, DoS, Trojan, Webshell.
2. Pakati: Kana dziviriro yaiswa ku “Medium”, kurwiswa kunotevera kuchatariswa uye/kana kuvharwa: Jekiseni, Brute Force, Path Traversal, DoS, Trojan, Webshell, Vulnerability Exploit, File Upload, Hacking Tools, Phishing.
3. Kumusoro: Kana dziviriro yaiswa ku “Pamusoro”, kurwiswa kunotevera kuchatariswa uye/kana kuvharwa: Jekiseni, Brute Force, Path Traversal, DoS, Trojan, Webshell, Vulnerability Exploit, File Upload, Hacking Tools, Phishing.
4. Zvakanyanya Kukwirisa: Ese mavekita ekurwiswa achavharwa.
5. Tsika: iyo tsika yekudzivirira nhanho inobvumira mushandisi kusarudza chete chaiwo marudzi ekurwiswa kuti aonekwe uye avharwe neGCC mudziyo, ndapota tarisa kune [Attack Types Tsanangudzo] chikamu kuti uwane rumwe ruzivo, isu tichaisa Chengetedzo Yedziviriro kuCustom.

Kana iyo gadziriso yaiswa, Kana munhu anorwisa akaedza kuburitsa jekiseni reSQL, rinotariswa nekuvharwa neGCC mudziyo, uye ruzivo rwechiito rwunoenderana rucharatidzwa pamatanda ekuchengetedza sezvinoratidzwa pazasi:

To view rumwe ruzivo pane yega yega, unogona kudzvanya icon inoenderana neiyo log yekupinda:

Kurwisa Types Definitions

Iyo IDS/IPS chishandiso chine kugona kudzivirira kubva kune akasiyana kurwisa mavheji, isu tichatsanangura muchidimbu chimwe nechimwe chazvo pane iri pazasi tafura:

Attack Type	Tsanangudzo	Example
Jekiseni	Kurwiswa kwejekiseni kunoitika kana data risingavimbiki ratumirwa kumuturikiri sechikamu chemurairo kana mubvunzo, kunyepera muturikiri kuti aite mirairo isingatarisirwe kana kuwana data isina mvumo.	SQL Injection mune fomu rekupinda inogona kubvumira anorwisa kuti apfuure chokwadi.
Brute Force	Kurwiswa kwechisimba kwechisimba kunosanganisira kuedza akawanda mapassword kana mapassword uine tariro yekuzopedzisira wafembera nemazvo nekutarisa zvine hungwaru zvese zvinogoneka mapassword.	Kuedza akawanda password musanganiswa pane peji rekupinda.
Unserialize	Kurwiswa kweunserialization kunoitika kana data risingavimbiki radzikisirwa, zvichikonzera kuurayiwa kwekodhi kana kumwe kushandiswa.	Murwi achipa zvinhu zvine hutsinye.
Information	Kurwiswa kwekuzivisa ruzivo kune chinangwa chekuunganidza ruzivo nezve yakananga sisitimu yekufambisa kumwe kurwiswa.	Kushandisa kusazvibata kuti uverenge magadzirirwo akajeka files.

Path Traversal	Path traversal attack inovavarira kuwana files uye madhairekitori akachengetwa kunze kwe web root folder nekugadzirisa zvinosiyana zvinorehwa files ine “../” kutevedzana.	Kuwana /etc/passwd pane Unix system nekupfuura madhairekitori.
Kushandiswa Kwekusagadzikana	Kubiridzira kunosanganisira kutora advantage yekusagadzikana kwesoftware kukonzeresa hunhu husingafungirwe kana kuwana mukana usina mvumo.	Kushandisa bhifa yekufashukira kusagadzikana kuti uite zvisina tsarukano kodhi.
File Upload	File kurodha kurwiswa kunosanganisira kuisa zvine hutsinye files kune sevha yekuitisa kodhi kana mirairo.	Kuisa a web shell script kuti uwane kutonga pamusoro pe server.
Network Protocol	Kutarisisa uye kuona zvisizvo mumaprotocol etiweki kuona zvingangoitika mumigwagwa c.	Kusajairika kushandiswa kwemaprotocol akadai seICMP, ARP, nezvimwe.
DoS (Kuramba Sevhisi)	Kurwiswa kweDoS kunovavarira kuita kuti muchina kana netiweki zviwanikwa zvisawanikwe kune vavanoda kushandisa nekuzvikurira nemafashama einternet traffic c.	Kutumira huwandu hwezvikumbiro kune a web server kupedza zviwanikwa zvayo.
Phishing	Phishing inosanganisira kunyengedza vanhu kuti vaburitse ruzivo rwezvakavanzika kuburikidza nemaemail anonyengera kana webnzvimbo.	E-mail yekunyepera inoita seinobva kune anovimbwa nayo, ichiita kuti vashandisi vanyore magwaro avo.
Tunnel	Tunneling kurwiswa kunosanganisira kuvharidzira imwe mhando yetiweki traffic c mukati meimwe kunzvenga zvidzoreso zvekuchengetedza kana firewall.	Kushandisa HTTP tunneling kutumira isiri-HTTP traffic c kuburikidza neHTTP yekubatanidza.
IoT (Internet yezvinhu)	Kutarisa uye kuona zvinokanganisa muIoT zvishandiso kudzivirira zvinogona kurwiswa kunonangana nemidziyo iyi.	Zvisina kujairika kutaurirana mapatani kubva kuIoT zvishandiso zvichiratidza zvinogona kukanganisa.
Trojan	Trojan mabhiza mapurogiramu akaipa anotsausa vashandisi vechinangwa chavo chechokwadi, kazhinji achipa backdoor kune anorwisa.	Chirongwa chinoita sechisina kukuvadza chinopa anorwisa kupinda kune system kana aitwa.
CoinMiner	CoinMiners isoftware yakaipa yakagadzirirwa kuchera cryptocurrency uchishandisa zviwanikwa zvemuchina une hutachiona.	Chinyorwa chemigodhi chakavanzika chinoshandisa CPU/GPU simba kuchera cryptocurrency.
Worm	Makonye anozvidzokorora malware ayo anopararira pamanetiweki pasina kudiwa kwekupindira kwevanhu.	Gonye rinopararira network shares kuti ribate michina yakawanda.
Ransomware	Ransomware encrypts yemunhu akabatwa files uye inoda muripo werudzikinuro kudzoreredza kuwana iyo data.	Chirongwa chinovharidzira files uye inoratidza chinyorwa cherudzikinuro chinoda kubhadharwa mu cryptocurrency.
APT (Advanced Persistent Threat)	APTs inorebesa uye yakanangwa cyberattacks uko munhu anopindira anowana mukana kune network uye anoramba asingaonekwe kwenguva yakareba.	Kurwiswa kwakadzama kwakanangana nedata rakadzama resangano chairo.
Webshell	Web shells zvinyorwa zvinopa a web-yakavakirwa interface yevanorwisa kuti vaite mirairo pane yakakanganiswa web server.	A PHP script yakaiswa kune a web server inobvumira anorwisa kumhanya mirairo yegoko.
Hacking Tools	Zvishandiso zvekubhejera isoftware yakagadzirirwa kufambisa kusingatenderwe kuwana kune masisitimu.	Zvishandiso zvakaita seMetasploit kana Mimikatz zvinoshandiswa pakuyedza kupinda kana kubira kwakashata.

Inotsigirwa Devices

Device Model	Firmware Inodiwa
GCC6010W	1.0.1.7+
GCC6010	1.0.1.7+
GCC6011	1.0.1.7+

Vanoda Kutsigirwa?
Hausi kuwana mhinduro yauri kutsvaga? Usanetseke isu tiripano kuti tibatsire!

Zvinyorwa / Zvishandiso

GRANDSTREAM GCC6000 Series Intrusion Detection UC Plus Networking Convergence Solutions [pdf] Bhuku reMushandisi GCC6000, GCC6000 Series, GCC6000 Series Intrusion Detection UC Plus Networking Convergence Solutions, Intrusion Detection UC Plus Networking Convergence Solutions, Detection UC Plus Networking Convergence Solutions, Networking Convergence Solutions, Solutions

References

• User Manual