<noframes id="vfxvr">

    <track id="vfxvr"></track>

      <span id="vfxvr"></span>

          ATT&CK-CN V1.01 Last Update: 2019-11 [返回索引頁]

          譯者: 林妙倩(清華大學網絡研究院網絡空間安全實習生)、戴亦侖(賽寧網安) 原創翻譯作品,如果需要轉載請取得翻譯作者同意。

          數據來源:ATT&CK Matrices

          原文: https://attack.mitre.org/techniques/T1530

          術語表: /attack/glossary

          云存儲對象的數據

          攻擊者可能會從安全保護不當的云存儲中訪問數據對象。

          許多云服務提供商都提供在線數據存儲解決方案,例如Amazon S3,Azure存儲和Google Cloud Storage。這些解決方案與其他存儲解決方案(例如SQL或Elasticsearch)的不同之處在于,沒有總體應用程序。這些解決方案中的數據可以使用云提供商的API直接檢索。解決方案提供商通常會提供安全指南,以幫助最終用戶配置系統。

          最終用戶的配置錯誤是一個普遍的問題。發生過很多事件,云存儲的保護不當(通常是無意中允許未經身份驗證的用戶進行公共訪問,或者所有用戶都過分訪問),從而允許對信用卡,個人身份信息,病歷和其他敏感信息的開放訪問。攻擊者還可以在源存儲庫,日志或其他方式中獲取泄漏的憑據,以獲取對具有訪問權限控制的云存儲對象的訪問權。

          Data from Cloud Storage Object

          Adversaries may access data objects from improperly secured cloud storage.

          Many cloud service providers offer solutions for online data storage such as Amazon S3, Azure Storage, and Google Cloud Storage. These solutions differ from other storage solutions (such as SQL or Elasticsearch) in that there is no overarching application. Data from these solutions can be retrieved directly using the cloud provider's APIs. Solution providers typically offer security guides to help end users configure systems.[1][2][3]

          Misconfiguration by end users is a common problem. There have been numerous incidents where cloud storage has been improperly secured (typically by unintentionally allowing public access by unauthenticated users or overly-broad access by all users), allowing open access to credit cards, personally identifiable information, medical records, and other sensitive information.[4][5][6] Adversaries may also obtain leaked credentials in source repositories, logs, or other means as a way to gain access to cloud storage objects that have access permission controls.

          標簽

          ID編號: T1530

          策略: 收集

          平臺: AWS,GCP,Azure

          所需權限: user

          數據源: Stackdriver日志,Azure活動日志,AWS CloudTrail日志

          緩解措施

          減輕 描述
          審計(M1047) 經常檢查對云存儲的權限,以確保將正確的權限設置為拒絕對資源的開放或非特權訪問。
          加密敏感信息(M1041) 加密靜態存儲在云存儲中的數據。大多數提供商可以輪流管理加密密鑰。至少要確保針對存儲違規的事件響應計劃包括旋轉密鑰并測試對客戶端應用程序的影響。
          過濾網絡流量(M1037) 云服務提供商在訪問云資源時支持基于IP的限制??紤]將IP白名單與用戶帳戶管理一起使用,以確保數據訪問不僅限于有效用戶,而且僅限于預期的IP范圍,以減少使用竊取的憑據訪問數據。
          多因素認證(M1032) 考慮使用多因素身份驗證來限制對資源和云存儲API的訪問。
          限制文件和目錄權限(M1022) 在存儲系統和對象上使用訪問控制列表。
          用戶帳號管理(M1018) 配置用戶權限組和角色以訪問云存儲。實施嚴格的身份和訪問管理(IAM)控件,以防止訪問除需要訪問的應用程序,用戶和服務以外的存儲解決方案。確保發出臨時訪問令牌,而不是頒發永久證書,尤其是在授予內部安全邊界之外的實體訪問權限時。
          Mitigation Description
          Audit (M1047) Frequently check permissions on cloud storage to ensure proper permissions are set to deny open or unprivileged access to resources.
          Encrypt Sensitive Information(M1041) Encrypt data stored at rest in cloud storage. Managed encryption keys can be rotated by most providers. At a minimum, ensure an incident response plan to storage breach includes rotating the keys and test for impact on client applications.
          Filter Network Traffic (M1037) Cloud service providers support IP-based restrictions when accessing cloud resources. Consider using IP whitelisting along with user account management to ensure that data access is restricted not only to valid users but only from expected IP ranges to mitigate the use of stolen credentials to access data.
          Multi-factor Authentication(M1032) Consider using multi-factor authentication to restrict access to resources and cloud storage APIs.
          Restrict File and Directory Permissions (M1022) Use access control lists on storage systems and objects.
          User Account Management(M1018) Configure user permissions groups and roles for access to cloud storage. Implement strict Identity and Access Management (IAM) controls to prevent access to storage solutions except for the applications, users, and services that require access. Ensure that temporary access tokens are issued rather than permanent credentials, especially when access is being granted to entities outside of the internal security boundary.

          檢測

          監視對云提供商的存儲服務的異常查詢。來自意外來源的活動可能表明設置了不正確的權限,從而允許訪問數據。另外,檢測到用戶針對某個對象的失敗嘗試,然后檢測到同一用戶的特權提升以及對同一對象的訪問,可能表示可疑活動。

          Monitor for unusual queries to the cloud provider's storage service. Activity originating from unexpected sources may indicate improper permissions are set that is allowing access to data. Additionally, detecting failed attempts by a user for a certain object, followed by escalation of privileges by the same user, and access to the same object may be an indication of suspicious activity.

          欧美日韩国产亚洲,天天射影院,大芭蕉天天视频在线观看,欧美肥老太牲交大片,奇米色888,黄三级高清在线播放,国产卡一卡二卡三卡四,亚洲第一黄色视频 日韩中文字幕中文有码,日本A级作爱片一,奇米第四,三级片短片视频免费在线观看,奇米网狠狠网,影音先锋色AV男人资源网,日本丰满熟妇hd 日本日韩中文字幕无区码,涩 色 爱 性,天天射影视,中文字幕制服丝袜第57页,777米奇影院奇米网狠狠,尤物TV国产精品看片在线,欧洲女同牲恋牲交视频 久久AV天堂日日综合,亚洲性爱影院色yeye,日韩亚洲欧美Av精品,十八禁全身裸露全彩漫画,奇米网影视,人人爽人人澡人人人妻,动漫AV专区,天天色综合影院 日韩精品中文字幕,特级无码毛片免费视频,人妻少妇不卡无码视频,制服丝袜有码中文字幕在线,深爱激动情网婷婷,影音先锋全部色先锋,香港三级日本三级韩级人妇 日韩欧美亚洲综合久久在线视频,2021XX性影院,玖玖资源站最稳定网址,日韩亚洲制服丝袜中文字幕,国产超碰人人模人人爽人人喊,先锋色熟女丝袜资源 很黄特别刺激又免费的视频,2021一本久道在线线观看,色中娱乐黄色大片,日本高清不卡在线观看播放,97国产自在现线免费视频,国产在线精品亚洲第一区 免费中文字幕精品一区二区 视频,狠狠爱俺也色,天天好逼网,日韩制服丝袜,国产女人大象蕉视频在线观看,国产 精品 自在 线免费,午夜时刻在线观看