{"id":5818,"date":"2018-09-05T09:20:56","date_gmt":"2018-09-05T07:20:56","guid":{"rendered":"http:\/\/catchthemes.com\/demo\/audioman-pro\/?p=5818"},"modified":"2022-03-28T01:37:21","modified_gmt":"2022-03-27T23:37:21","slug":"adgzintro","status":"publish","type":"post","link":"https:\/\/dcg420.org\/en\/adgzintro\/","title":{"rendered":"Active Defense Gray Zone – Intro"},"content":{"rendered":"

Na ot\u00e1zky, co je vlastn\u011b active cyber defense (ACD, aktivn\u00ed kybernetick\u00e1 obrana) a co je active cyber defense Gray zone (ADGZ, \u0161ed\u00e1 z\u00f3na aktivn\u00ed kybernetick\u00e9 obrany) a jak se d\u00e1 vyu\u017e\u00edvat by v\u00e1m m\u011bl odpov\u011bd\u011bt tento \u010dl\u00e1nek.<\/p>\n

Definic\u00ed pojmu aktivn\u00ed kybernetick\u00e9 obrany se v\u00a0minulosti zab\u00fdvala nap\u0159\u00edklad Washingtonsk\u00e1 universita, kter\u00e1 pojem definovala jako \u0161k\u00e1lu technik (za n\u00e1s sp\u00ed\u0161e TTP), kter\u00e9 je vhodn\u00e9 realizovat za \u00fa\u010delem zv\u00fd\u0161en\u00ed odolnosti prost\u0159ed\u00ed p\u0159i jeho obran\u011b, kdy \u010del\u00edme sou\u010dasn\u00fdm modern\u00edm kybernetick\u00fdm hrozb\u00e1m. D\u016fle\u017eit\u00e9 je zd\u016fraznit, \u017ee p\u0159i obran\u011b vlastn\u00edho prost\u0159ed\u00ed v\u00a0kontextu nov\u00fdch hrozeb, jejich komplexnosti a kriti\u010dnosti mus\u00edme i my obr\u00e1nci p\u0159istupovat ke\u00a0st\u00e1le nov\u00fdm TTP, kter\u00e9 mohou b\u00fdt na hran\u011b toho co je a co nen\u00ed je\u0161t\u011b leg\u00e1ln\u00ed. P\u0159edpokladem t\u00e9to realizace je pak spolupr\u00e1ce mezi soukrom\u00fdm a ve\u0159ejn\u00fdm sektorem (upozor\u0148ujeme, \u017ee publikace byla vytvo\u0159ena pro org\u00e1ny a jednotliv\u00e9 st\u00e1ty USA), proto\u017ee ka\u017ed\u00fd sektor m\u00e1 jin\u00e9 mo\u017enosti (legislativn\u00ed) pou\u017eit\u00ed n\u00e1stroj\u016f etc.<\/p>\n

Zat\u00edmco autorsk\u00fd t\u00fdm definuje v\u00a0p\u0159ekladu ADGZ jako \u201c\u2026term\u00edn, kter\u00fd zahrnuje spektrum proaktivn\u00edch opat\u0159en\u00ed v oblasti kybernetick\u00e9 bezpe\u010dnosti, kter\u00e1 se nach\u00e1zej\u00ed mezi tradi\u010dn\u00ed pasivn\u00ed obranou a obranou ofenzivn\u00ed. Tyto \u010dinnosti se d\u011bl\u00ed do dvou obecn\u00fdch kategori\u00ed, z nich\u017e prvn\u00ed zahrnuje technick\u00e9 interakce mezi obr\u00e1ncem a \u00fato\u010dn\u00edkem. Druh\u00e1 kategorie aktivn\u00ed kybernetick\u00e9 obrany zahrnuje ty operace, kter\u00e9 obr\u00e1nc\u016fm umo\u017e\u0148uj\u00ed shroma\u017e\u010fovat zpravodajsk\u00e9 informace o akt\u00e9rech hrozeb a indik\u00e1torech na internetu, jako\u017e i dal\u0161\u00ed politick\u00e9 n\u00e1stroje (nap\u0159. sankce, obvin\u011bn\u00ed, obchodn\u00ed n\u00e1pravn\u00e1 opat\u0159en\u00ed), kter\u00e9 mohou zm\u011bnit chov\u00e1n\u00ed \u0161kodliv\u00fdch akt\u00e9r\u016f. Term\u00edn aktivn\u00ed obrana nen\u00ed synonymem pro „hacking back“ a tyto dva pojmy by nem\u011bly b\u00fdt pou\u017e\u00edv\u00e1ny zam\u011bniteln\u011b\u2026<\/em>\u201d a sleduje sv\u016fj c\u00edl, kdy chce zd\u016fraznit nutnost spolupr\u00e1ce mezi ve\u0159ejn\u00fdm a soukrom\u00fdm sektorem a mo\u017enosti vyu\u017e\u00edv\u00e1n\u00ed jednotliv\u00fdch TTP ve vz\u00e1jemn\u00e9 spolupr\u00e1ci, tak my na ADGZ nahl\u00ed\u017e\u00edme jako na \u0161k\u00e1lu mo\u017enost\u00ed, jak se postavit k bezpe\u010dnosti vlastn\u00edho prost\u0159ed\u00ed, jak je vyu\u017e\u00edt bez p\u0159ekro\u010den\u00ed hranice, kterou n\u00e1m ADGZ nazna\u010duje.<\/p>\n

 <\/p>\n

P\u016fvodn\u00ed definice ADGZ<\/strong><\/h3>\n

\"\"<\/strong><\/p>\n

Zdroj:\u00a0Into the Gray Zone: Active Defense by the Private Sector against Cyber Threats<\/p>\n

\u00a0<\/strong>\u00a0<\/strong><\/p>\n

ADGZ by DCG420 v1.0<\/strong><\/h3>\n

Na\u0161e definice ADGZ vych\u00e1z\u00ed logicky z\u00a0Washington university. Ale upravili jsme a sjednotili n\u011bkter\u00e9 TTP s\u00a0ohledem na jejich vyu\u017eit\u00ed a p\u0159\u00edstup.<\/p>\n

Jak vn\u00edmat ADGZ<\/strong><\/h4>\n

V\u016fbec k pochopen\u00ed a zn\u00e1zorn\u011bn\u00ed \u0161ed\u00e9 z\u00f3ny je nezbytn\u00e1 znalost klasick\u00e9ho cyber killchain<\/strong><\/a>, kter\u00fd akce \u00fato\u010dn\u00edka rozd\u011bluje do jednotliv\u00fdch f\u00e1z\u00ed. Z tohoto konceptu je mo\u017en\u00e9 pot\u00e9 odvodit v podstat\u011b t\u0159i z\u00e1kladn\u00ed f\u00e1ze \u00fatoku, pod nimi\u017e se nach\u00e1zej\u00ed jednotliv\u00e9 kroky killchainu.<\/p>\n

Tyto f\u00e1ze jsou:<\/p>\n

F\u00e1ze 1<\/strong>:\u00a0Extern\u00ed p\u0159\u00edprava \u00fato\u010dn\u00edka:<\/em>\u00a0(I. Pr\u016fzkum, II. Vytvo\u0159en\u00ed malware, III. Rozhodnut\u00ed o c\u00edli \u00fatoku)<\/p>\n

F\u00e1ze 2<\/strong>:\u00a0Naru\u0161en\u00ed:<\/em>\u00a0(IV. Doru\u010den\u00ed, V. Z\u00edsk\u00e1n\u00ed opory)\u00a0<\/strong><\/p>\n

F\u00e1ze 3<\/strong>:\u00a0Aktivn\u00ed pr\u016fnik:<\/em>\u00a0(VI. Nav\u00e1z\u00e1n\u00ed spojen\u00ed s C2, VII. Roz\u0161\u00ed\u0159en\u00ed a p\u0159\u00edprava, VIII. \u010cinnosti ke spln\u011bn\u00ed c\u00edle\/\u016f)<\/p>\n

\"\"<\/strong><\/p>\n

 <\/p>\n

Tyto f\u00e1ze jsou d\u016fle\u017eit\u00e9 p\u0159edev\u0161\u00edm pro pochopen\u00ed akc\u00ed \u00fato\u010dn\u00edka. Ten nemus\u00ed nutn\u011b postupovat od jednoho kroku ke druh\u00e9mu, ale m\u016f\u017ee se vracet nebo jednotliv\u00e9 kroky p\u0159eskakovat. S jednotliv\u00fdmi kroky \u00fato\u010dn\u00edka se sna\u017e\u00ed vyrovnat sou\u010dasn\u00e9 obrana (defense in depth), bohu\u017eel dle statistik se j\u00ed to moc neda\u0159\u00ed. Proto je nutn\u00e9 tuto defenzivn\u00ed obranu doplnit o proaktivn\u00ed a aktivn\u00ed prvky obrany tak, aby nep\u0159e\u0161ly do f\u00e1ze ofenzivn\u00ed operace. C\u00edlem je tak z\u00edskat co nejv\u00edce informac\u00ed o \u00fato\u010dn\u00edkovi a pot\u00e9 jeho pozornost obr\u00e1tit k c\u00edl\u016fm, kter\u00e9 jsou v \u0159\u00edzen\u00e9m deceptive prost\u0159ed\u00ed. Tam je mo\u017en\u00e9 vy\u010derpat zdroje \u00fato\u010dn\u00edka a t\u00edm jej od \u00fatoku zcela odradit nebo jej kontrolovat.<\/p>\n

 <\/p>\n

ADGZ by DCG420 v1.0\"\"<\/strong><\/h3>\n

 <\/p>\n

Zm\u011bny:<\/strong><\/p>\n

    \n
  • Vznik kategorie Detterence<\/li>\n
  • Vznik kategorie Intelligence sharing<\/li>\n
  • Vznik kategorie Red teaming<\/li>\n
  • Slou\u010den\u00ed kategori\u00ed Beacons<\/li>\n<\/ul>\n

    Zjednodu\u0161en\u00e9 ozna\u010den\u00ed kategori\u00ed s\u00a0vysokou m\u00edrou dopadu (oran\u017eov\u011b) \u2013 tyto TTP m\u016f\u017ee vykon\u00e1vat pouze legislativou k\u00a0tomu ur\u010den\u00fd org\u00e1n.<\/strong><\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"

    Na ot\u00e1zky, co je vlastn\u011b active cyber defense (ACD, aktivn\u00ed kybernetick\u00e1 obrana) a co je active cyber defense Gray zone (ADGZ, \u0161ed\u00e1 z\u00f3na aktivn\u00ed kybernetick\u00e9 obrany) a jak se d\u00e1 vyu\u017e\u00edvat by v\u00e1m m\u011bl odpov\u011bd\u011bt tento \u010dl\u00e1nek.<\/p>","protected":false},"author":2,"featured_media":6580,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[88,89],"tags":[91,90,94,92,93],"_links":{"self":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts\/5818"}],"collection":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/comments?post=5818"}],"version-history":[{"count":5,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts\/5818\/revisions"}],"predecessor-version":[{"id":6600,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/posts\/5818\/revisions\/6600"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/media\/6580"}],"wp:attachment":[{"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/media?parent=5818"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/categories?post=5818"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dcg420.org\/en\/wp-json\/wp\/v2\/tags?post=5818"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}