Mai karatu, da farko ina so in bayyana cewa a matsayina na dan kasar Jamus, da farko ina bayyana halin da kasar nan ke ciki. Wataƙila yanayin ƙasarku ya bambanta sosai.
A ranar 17 ga Disamba, 2019, an buga bayanai akan shafin Cibiyar Ilimi ta Citrix game da wani mummunan rauni a cikin Citrix Application Controller (NetScaler ADC) da layin samfurin Citrix Gateway, wanda aka fi sani da NetScaler Gateway. Daga baya, an kuma sami rauni a layin SD-WAN. Rashin lahani ya shafi duk nau'ikan samfuri daga 10.5 zuwa 13.0 na yanzu kuma ya ba da izini mara izini don aiwatar da lambar mugunta akan tsarin, a zahiri yana juya NetScaler zuwa dandamali don ƙarin hare-hare kan hanyar sadarwa na ciki.
A lokaci guda tare da buga bayanai game da rauni, Citrix ya buga shawarwari don rage haɗarin (Aiki). An yi alƙawarin rufewa gabaɗayan raunin ne kawai a ƙarshen Janairu 2020.
Tsananin wannan raunin (lamba CVE-2019-19781) ya kasance. ... Bisa lafazin Lalacewar ta shafi kamfanoni sama da 80 a duk duniya.
Yiwuwar martani ga labarai
A matsayina na mutum mai alhakin, na ɗauka cewa duk ƙwararrun IT tare da samfuran NetScaler a cikin kayan aikin su sun yi haka:
- nan da nan aiwatar da duk shawarwarin don rage haɗarin da aka ƙayyade a cikin labarin CTX267679.
- sake duba saitunan Firewall dangane da izinin zirga-zirga daga NetScaler zuwa cibiyar sadarwar ciki.
- sun ba da shawarar cewa masu kula da tsaro na IT su mai da hankali ga yunƙurin "sabon" na samun damar NetScaler kuma, idan ya cancanta, toshe su. Bari in tunatar da ku cewa NetScaler yawanci yana cikin DMZ.
- kimanta yiwuwar cire haɗin NetScaler na ɗan lokaci daga hanyar sadarwar har sai an sami ƙarin cikakkun bayanai game da matsalar. A lokacin bukukuwan kafin Kirsimeti, hutu, da sauransu, wannan ba zai zama mai zafi ba. Bugu da kari, kamfanoni da yawa suna da madadin samun dama ta hanyar VPN.
Me ya faru kuma?
Abin takaici, kamar yadda zai bayyana daga baya, matakan da ke sama, waɗanda suke daidaitattun tsarin, yawancin sun yi watsi da su.
Yawancin kwararru da ke da alhakin abubuwan citrix sun koyi game da raunin kawai a ranar 13.01.2020 ga Janairu, XNUMX . Sun gano lokacin da aka lalata adadi mai yawa na tsarin da ke ƙarƙashin alhakinsu. Rashin hankali na halin da ake ciki ya kai ga cewa cin gajiyar da ake bukata don wannan na iya zama gaba daya .
Don wasu dalilai, na yi imani cewa ƙwararrun IT suna karanta wasiku daga masana'anta, tsarin da aka ba su amana, san yadda ake amfani da Twitter, biyan kuɗi ga manyan masana a fagensu kuma suna da alhakin kula da abubuwan da ke faruwa a yanzu.
A zahiri, sama da makonni uku, yawancin abokan cinikin Citrix gaba ɗaya sun yi watsi da shawarwarin masana'anta. Kuma abokan cinikin Citrix sun haɗa da kusan dukkanin manyan kamfanoni da matsakaitan kamfanoni a Jamus, da kuma kusan dukkanin hukumomin gwamnati. Da farko, raunin ya shafi tsarin gwamnati.
Amma akwai abin yi
Wadanda aka lalata tsarin su suna buƙatar cikakken sake shigarwa, gami da maye gurbin takaddun shaida na TSL. Wataƙila waɗancan abokan cinikin Citrix waɗanda ke tsammanin masana'anta za su ɗauki ƙarin aiki don kawar da mummunan rauni za su nemi madadin. Dole ne mu yarda cewa amsawar Citrix ba ta da kwarin gwiwa.
Akwai tambayoyi fiye da amsoshi
Tambayar ta taso, menene yawancin abokan Citrix, platinum da zinariya, suke yi? Me yasa mahimman bayanan suka bayyana akan shafukan wasu abokan Citrix kawai a cikin sati na 3 na 2020? A bayyane yake cewa masu ba da shawara na waje masu biyan kuɗi ma sun yi barci cikin wannan yanayi mai haɗari. Ba na so in cutar da kowa, amma aikin abokin tarayya shine da farko don hana matsalolin tasowa, kuma ba bayar da = sayar da taimako a kawar da su ba.
A gaskiya ma, wannan yanayin ya nuna ainihin halin da ake ciki a fagen tsaro na IT. Duk ma'aikatan sassan IT na kamfanoni da masu ba da shawara na kamfanonin abokan hulɗar Citrix ya kamata su fahimci gaskiya guda ɗaya: idan akwai rauni, dole ne a kawar da shi. To, dole ne a kawar da mummunan rauni nan da nan!
source: www.habr.com