A cikin kamfaninmu, kamar yadda yake a cikin sauran IT kuma ba haka ba kamfanonin IT, yiwuwar samun damar nesa ya wanzu na dogon lokaci, kuma ma'aikata da yawa sun yi amfani da shi saboda larura. Tare da yaduwar COVID-19 a duniya, sashinmu na IT, ta hanyar yanke shawara na gudanarwar kamfanin, ya fara canja wurin ma'aikatan da ke dawowa daga balaguron balaguro zuwa ƙasashen waje zuwa aiki mai nisa. Ee, mun fara aiwatar da ware kai daga gida tun farkon Maris, tun ma kafin ya zama na yau da kullun. Ya zuwa tsakiyar Maris, an riga an ƙaddamar da maganin zuwa ga ɗaukacin kamfanin, kuma a ƙarshen Maris duk kusan mun canza ba tare da wata matsala ba zuwa wani sabon yanayin babban aikin nesa ga kowa.
A fasaha, don aiwatar da shiga nesa zuwa cibiyar sadarwar, muna amfani da Microsoft VPN (RRAS) - a matsayin ɗayan ayyukan Windows Server. Lokacin da kuka haɗa zuwa hanyar sadarwar, ana samun albarkatun cikin gida daban-daban, daga wuraren rabawa, sabis na raba fayil, masu bin diddigi zuwa tsarin CRM; ga mutane da yawa, wannan shine kawai abin da suke buƙata don aikinsu. Ga waɗanda har yanzu suna da wuraren aiki a ofis, ana saita damar RDP ta hanyar ƙofar RDG.
Me ya sa kuka zaɓi wannan shawarar ko me yasa ya cancanci zaɓar? Domin idan kun riga kuna da yanki da sauran abubuwan more rayuwa daga Microsoft, to, amsar a bayyane take, zai fi sauƙi, da sauri da rahusa ga sashen IT ɗin ku don aiwatar da shi. Kuna buƙatar ƙara ƴan fasali. Kuma zai kasance da sauƙi ga ma'aikata su daidaita abubuwan Windows fiye da zazzagewa da daidaita ƙarin abokan ciniki.
Lokacin samun dama ga ƙofar VPN kanta kuma daga baya, lokacin haɗawa zuwa wuraren aiki da mahimman albarkatun yanar gizo, muna amfani da ingantaccen abu biyu. Lallai, zai zama abin mamaki idan mu, a matsayinmu na masana'anta na hanyoyin tabbatar da abubuwa biyu, ba mu yi amfani da samfuranmu da kanmu ba. Wannan shine ma'auni na haɗin gwiwarmu; kowane ma'aikaci yana da alama tare da takardar shaidar sirri, wanda ake amfani da shi don tantancewa a ofishin ofishin zuwa yanki da kuma albarkatun cikin kamfanin.
Bisa kididdigar da aka yi, fiye da kashi 80% na al'amuran tsaro na bayanai suna amfani da kalmomin shiga marasa ƙarfi ko sata. Don haka, shigar da tantance abubuwa biyu yana ƙara haɓaka matakin tsaro na kamfani da albarkatunsa, yana ba ka damar rage haɗarin sata ko kalmar sirri zuwa kusan sifili, sannan tabbatar da cewa sadarwa ta faru tare da ingantaccen mai amfani. Lokacin aiwatar da ababen more rayuwa na PKI, ana iya kashe amincin kalmar sirri gaba ɗaya.
Daga ra'ayi na UI ga mai amfani, wannan makirci ya fi sauƙi fiye da shigar da shiga da kalmar sirri. Dalili kuwa shi ne, hadadden kalmar sirri baya bukatar a tuna da ita, babu bukatar sanya lambobi a karkashin maballin (ketare duk tsare-tsaren tsaro da za a iya zato), kalmar ma ba ta bukatar canza kalmar sirri sau daya a kowace kwanaki 90 (ko da yake wannan ba haka bane). An yi la'akari da mafi kyawun aiki, amma a wurare da yawa har yanzu ana aiwatar da su). Mai amfani zai buƙaci kawai ya fito da lambar PIN mara rikitarwa kuma kada ya rasa alamar. Alamar kanta za a iya yin ta a cikin nau'i na kati mai wayo, wanda za'a iya ɗauka da kyau a cikin jaka. Ana iya shigar da alamun RFID cikin alama da katin wayo don samun damar shiga harabar ofis.
Ana amfani da lambar PIN don tantancewa, don ba da dama ga mahimman bayanai da yin sauye-sauye da bincike.Rasa alamar ba abin tsoro bane, tunda ba zai yuwu a iya tantance lambar PIN ba, bayan ƴan ƙoƙari, za a toshe shi. A lokaci guda kuma, guntu katin wayo yana kare mahimman bayanai daga hakar, cloning da sauran hare-hare.
Me kuma?
Idan mafita ga batun samun nisa daga Microsoft bai dace da wasu dalilai ba, to zaku iya aiwatar da kayan aikin PKI kuma ku saita ingantaccen abu biyu ta amfani da katunan mu masu wayo a cikin kayan aikin VDI daban-daban (Citrix Virtual Apps and Desktops, Citrix ADC, VMware) Horizon, VMware Unified Gateway, Huawei Fusion) da tsarin tsaro na hardware (PaloAlto, CheckPoint, Cisco) da sauran samfurori.
An tattauna wasu misalan a cikin talifofinmu da suka gabata.
A cikin labarin na gaba za mu yi magana game da kafa OpenVPN tare da tabbatarwa ta amfani da takaddun shaida daga MSCA.
Ba kawai takardar shaida ba
Idan aiwatar da kayan aikin PKI da siyan na'urorin kayan masarufi ga kowane ma'aikaci ya yi kama da rikitarwa ko, alal misali, babu yuwuwar fasaha ta haɗa katin wayo, to akwai mafita tare da kalmomin shiga lokaci ɗaya dangane da uwar garken amincin mu na JAS. A matsayin masu tantancewa, zaku iya amfani da software (Google Authenticator, Yandex Key), hardware (kowane RFC mai dacewa, misali, JaCarta WebPass). Kusan duk mafita iri ɗaya ana tallafawa kamar na katunan wayo/alamu. Mun kuma yi magana game da wasu misalan daidaitawa a cikin rubutunmu na baya.
Ana iya haɗa hanyoyin tabbatarwa, wato ta hanyar OTP - alal misali, masu amfani da wayar hannu kawai za a iya ba da izinin shiga, kuma ana iya tantance kwamfyutocin kwamfyutoci na al'ada kawai ta amfani da takaddun shaida akan alamar.
Saboda ƙayyadaddun yanayin aikina, abokai da yawa waɗanda ba fasaha ba kwanan nan sun tuntube ni da kaina don neman taimako wajen kafa hanyar shiga nesa. Don haka mun sami damar dan leka dan ganin wanene ke fita daga halin da kuma yadda. Akwai abubuwan ban mamaki masu daɗi lokacin da manyan kamfanoni ba su yi amfani da shahararrun samfuran ba, gami da hanyoyin tabbatar da abubuwa biyu. Har ila yau, akwai lokuta, abin mamaki a cikin akasin shugabanci, lokacin da gaske manya da sanannun kamfanoni (ba IT) sun ba da shawarar shigar da TeamViewer kawai akan kwamfutocin ofishin su.
A halin yanzu halin da ake ciki, kwararru daga kamfanin "Aladdin R.D." ba da shawarar ɗaukar hanyar da ta dace don magance matsalolin samun dama ga abubuwan haɗin gwiwar ku. A wannan karon, a farkon tsarin keɓe kai, mun ƙaddamar da shi .
source: www.habr.com