ProHoster > Блог > Gudanarwa > Musanya Rashin lahani: Yadda ake Gano Girman Gata zuwa Mai Gudanarwa na Yanki

Musanya Rashin lahani: Yadda ake Gano Girman Gata zuwa Mai Gudanarwa na Yanki

An gano wannan shekara rauni a Exchange yana ba kowane mai amfani da yanki damar samun haƙƙin mai gudanarwa na yanki kuma ya daidaita Active Directory (AD) da sauran runduna da aka haɗa. A yau za mu gaya muku yadda wannan harin ke aiki da yadda ake gano shi.

Musanya Rashin lahani: Yadda ake Gano Girman Gata zuwa Mai Gudanarwa na Yanki

Ga yadda wannan harin ke aiki:

  1. Mai hari yana karɓar asusun kowane mai amfani da yanki tare da akwatin saƙo mai aiki don yin rajista ga fasalin sanarwar turawa daga Exchange.
  2. Maharin yana amfani da relay na NTLM don yaudarar uwar garken Exchange: a sakamakon haka, uwar garken Exchange tana haɗawa da kwamfutar mai amfani da aka daidaita ta amfani da NTLM akan hanyar HTTP, wanda maharin ke amfani da shi don tabbatarwa ga mai sarrafa yanki ta hanyar LDAP tare da bayanan asusun Exchange.
  3. Maharin ya ƙare yana amfani da waɗannan bayanan asusun musayar don haɓaka gatansu. Wannan mataki na ƙarshe kuma za a iya aiwatar da shi ta hanyar mai gudanarwa mai ƙiyayya wanda ya riga ya sami dama ta halal don yin canjin izini da ya dace. Ta hanyar ƙirƙirar ƙa'ida don gano wannan aikin, za a kiyaye ku daga wannan hari da makamantansu.

Daga baya, mai kai hari zai iya, misali, gudanar da DCSync don samun hashed kalmomin shiga na duk masu amfani a cikin yankin. Wannan zai ba shi damar aiwatar da nau'ikan hare-hare daban-daban - daga harin tikitin zinare zuwa watsa zanta.

Ƙungiyar bincike ta Varonis ta yi nazarin wannan harin dalla-dalla dalla-dalla kuma ta shirya jagora ga abokan cinikinmu don gano shi kuma a lokaci guda bincika ko an riga an yi musu lahani.

Gane Ƙarfafa Gatan Yanki

В DataAlert Ƙirƙirar ƙa'idar al'ada don bin canje-canje zuwa takamaiman izini akan abu. Za a jawo shi lokacin ƙara haƙƙoƙi da izini ga wani abu mai sha'awa a yankin:

  1. Ƙayyade sunan ƙa'idar
  2. Saita rukuni zuwa "Maɗaukakin Gata"
  3. Saita nau'in albarkatun zuwa "Duk nau'ikan albarkatun"
  4. Fayil Server = Sabis na Directory
  5. Ƙayyade yankin da kuke sha'awar, misali, ta suna
  6. Ƙara tacewa don ƙara izini akan abu AD
  7. Kuma kar a manta da barin zaɓin "Bincike a cikin abubuwan yara" mara zaɓi.

Musanya Rashin lahani: Yadda ake Gano Girman Gata zuwa Mai Gudanarwa na Yanki

Kuma yanzu rahoton: gano canje-canje a haƙƙin abu na yanki

Canje-canje ga izini akan abu AD ba kasafai ba ne, don haka duk wani abu da ya jawo wannan gargaɗin ya kamata kuma a bincika. Hakanan yana da kyau a gwada kamanni da abin da rahoton ya kunsa kafin a ƙaddamar da ƙa'idar kanta cikin yaƙi.

Wannan rahoton kuma zai nuna idan wannan harin ya riga ya yi maka rauni:

Musanya Rashin lahani: Yadda ake Gano Girman Gata zuwa Mai Gudanarwa na Yanki

Da zarar an kunna ƙa'idar, zaku iya bincika duk sauran abubuwan haɓaka gata ta amfani da mahaɗin yanar gizo na DatAlert:

Musanya Rashin lahani: Yadda ake Gano Girman Gata zuwa Mai Gudanarwa na Yanki

Da zarar kun saita wannan doka, zaku iya saka idanu da kariya daga waɗannan nau'ikan raunin tsaro iri ɗaya, bincika abubuwan da suka faru tare da abubuwan sabis na adireshi, kuma tantance idan kuna da saurin kamuwa da wannan mummunan rauni.

source: www.habr.com

Add a comment