Tsare-tsare na zubewar bayanai ta hanyar Ganowar Proxy Auto-Gano (WPAD) saboda karon suna (a wannan yanayin, karon wani yanki na ciki tare da sunan ɗayan sabbin gTLDs, amma ainihin iri ɗaya ne). Source: , 2016
Mike O'Connor, ɗaya daga cikin tsofaffin masu saka hannun jari a cikin sunayen yanki, mafi yawan haɗari da jayayya a cikin tarinsa: yanki corp.com na dala miliyan 1,7. A cikin 1994, O'Connor ya sayi sunayen yanki masu sauƙi, irin su grill.com, place.com, pub.com da sauransu. Daga cikin su akwai corp.com, wanda Mike ya ajiye tsawon shekaru 26. Mai saka hannun jari ya riga ya shekara 70 kuma ya yanke shawarar yin monetize na tsohon jarin sa.
Matsalar ita ce, corp.com yana da haɗari ga aƙalla kwamfutocin kamfanoni 375 saboda rashin kulawa na Active Directory yayin gina intranet na kamfanoni a farkon 000s dangane da Windows Server 2000, lokacin da tushen cikin gida kawai aka ayyana shi azaman “corporation. .” Har zuwa farkon 2010s, wannan ba batun bane, amma tare da haɓakar kwamfyutocin tafi-da-gidanka a cikin wuraren kasuwanci, ƙarin ma'aikata sun fara motsa kwamfutocin aikin su a waje da hanyar sadarwar kamfanoni. Siffofin aiwatar da Active Directory suna haifar da gaskiyar cewa ko da ba tare da buƙatar mai amfani kai tsaye zuwa //corp ba, yawan aikace-aikacen (misali, wasiƙar) buga adireshin da aka saba da kansu. Amma game da haɗin waje zuwa cibiyar sadarwar a cikin cafe na al'ada a kusa da kusurwa, wannan yana haifar da rafi na bayanai da buƙatun da ke zubowa. corp.com.
Yanzu O'Connor da gaske yana fatan Microsoft da kanta za ta sayi yankin kuma, a cikin mafi kyawun al'adun Google, ɓata shi wani wuri mai duhu kuma ba zai iya isa ga waɗanda ke waje ba, za a magance matsalar tare da irin wannan lahani na cibiyoyin sadarwar Windows.
Active Directory da karo suna
Cibiyoyin sadarwa na kamfani da ke tafiyar da Windows suna amfani da sabis ɗin adireshi na Active. Yana ba masu gudanarwa damar amfani da manufofin rukuni don tabbatar da daidaita daidaitattun yanayin aikin mai amfani, tura software akan kwamfutoci da yawa ta hanyar manufofin rukuni, yin izini, da sauransu.
An haɗa Directory Active tare da DNS kuma yana gudana a saman TCP/IP. Don nemo runduna a cikin hanyar sadarwa, ƙa'idar Ganowar Auto-Discovery (WAPD) da kuma aikin. (wanda aka gina a cikin Abokin Ciniki na Windows DNS). Wannan fasalin yana sauƙaƙa nemo wasu kwamfutoci ko sabobin ba tare da samar da cikakken sunan yankin da ya cancanta ba.
Misali, idan kamfani yana aiki da hanyar sadarwa ta ciki mai suna internalnetwork.example.com, kuma ma'aikaci yana son samun dama ga hanyar da aka raba da ake kira drive1, babu bukatar shiga drive1.internalnetwork.example.com a cikin Explorer, kawai rubuta \drive1 - kuma abokin ciniki na Windows DNS zai kammala sunan da kansa.
A cikin sigogin farko na Active Directory - alal misali, Windows 2000 Server - tsoho don yankin kamfani na matakin na biyu ya kasance. corp. Kuma kamfanoni da yawa sun kiyaye tsoho don yankin su na ciki. Ko da mafi muni, da yawa sun fara gina manyan hanyoyin sadarwa a saman wannan saitin mara kyau.
A zamanin kwamfutar tafi-da-gidanka, wannan ba matsala ce mai yawa ta tsaro ba saboda babu wanda ya ɗauki waɗannan kwamfutocin a waje da cibiyar sadarwar kamfanoni. Amma abin da ke faruwa lokacin da ma'aikaci ke aiki a cikin kamfani tare da hanyar sadarwa corp a Active Directory yana ɗaukar kwamfutar tafi-da-gidanka na kamfani ya tafi Starbucks na gida? Sannan ka'idar Gano Auto-Discovery (WPAD) da kuma aikin raba sunan DNS sun fara aiki.
Akwai babban yuwuwar cewa wasu ayyuka akan kwamfutar tafi-da-gidanka za su ci gaba da buga yankin na ciki corp, amma ba zai same ta ba, kuma a maimakon haka za a warware buƙatun zuwa yankin corp.com daga buɗe Intanet.
A aikace, wannan yana nufin cewa mai corp.com zai iya shiga cikin buƙatun sirri daga dubban ɗaruruwan kwamfutoci waɗanda ba da gangan suka bar yanayin kamfani ta amfani da nadi ba. corp don yankinku a cikin Active Directory.
Fitar da buƙatun WPAD a cikin zirga-zirgar Amurka. Daga nazarin Jami'ar Michigan na 2016,
Me yasa ba a sayar da yankin ba tukuna?
A cikin 2014, masana ICANN sun buga suna karo a cikin DNS. Ma'aikatar Tsaron Cikin Gida ta Amurka ce ta dauki nauyin binciken a wani bangare saboda bayanan leken asiri daga hanyoyin sadarwa na cikin gida ba kamfanonin kasuwanci kadai ke barazana ba, har ma da kungiyoyin gwamnati da suka hada da Sabis na sirri, hukumomin leken asiri da kuma rassan soja.
Mike ya so ya sayar da corp.com a bara, amma mai bincike Jeff Schmidt ya shawo kansa ya jinkirta sayar da shi bisa ga rahoton da aka ambata. Binciken ya kuma nuna cewa kwamfutoci 375 ne ke kokarin tuntubar corp.com a kowace rana ba tare da sanin masu su ba. Buƙatun sun ƙunshi yunƙurin shiga cikin intranet na kamfani, samun damar cibiyoyin sadarwa ko hannun jari.
A matsayin wani ɓangare na gwajin nasa, Schmidt, tare da JAS Global, sun yi koyi da corp.com yadda Windows LAN ke sarrafa fayiloli da buƙatun. Ta yin hakan, a haƙiƙa, sun buɗe hanyar shiga jahannama ga kowane ƙwararrun tsaro na bayanai:
Yana da muni. Mun dakatar da gwajin bayan mintuna 15 kuma mun lalata bayanan [duk samu]. Wani fitaccen ma’aikacin gwajin da ya baiwa JAS shawara kan wannan batu ya lura cewa gwajin ya kasance tamkar ruwan sama ne na bayanan sirri kuma bai taba ganin irinsa ba.
[Mun kafa liyafar mail a corp.com] kuma bayan kusan awa daya mun sami imel sama da miliyan 12, bayan haka mun dakatar da gwajin. Kodayake yawancin imel ɗin an sarrafa su ta atomatik, mun gano cewa wasu suna da hankali [tsaro] don haka mun lalata duk bayanan da aka saita ba tare da ƙarin bincike ba.
Schmidt ya yi imanin cewa masu gudanarwa a duniya suna shirya botnet mafi haɗari a cikin shekaru da yawa ba tare da sani ba. Dubban dubban kwamfutoci masu cikakken aiki a duk duniya suna shirye ba kawai don zama wani ɓangare na botnet ba, har ma don samar da bayanan sirri game da masu su da kamfanoni. Duk abin da kuke buƙatar yi don amfani da shi shine Control corp.com. A wannan yanayin, duk wani injin da aka taɓa haɗa shi da cibiyar sadarwar kamfani, wanda aka saita Active Directory ta hanyar //corp, ya zama wani ɓangare na botnet.
Microsoft ya yi watsi da matsalar shekaru 25 da suka gabata
Idan kuna tunanin ko ta yaya MS bai san ci gaba da bacchanalia a kusa da corp.com ba, to kun yi kuskure sosai. Wannan shine shafin da masu amfani da sigar beta na FrontPage '97 suka sauka a kai, tare da corp.com da aka jera azaman adireshin tsoho:
Lokacin da Mike ya gaji da wannan, corp.com ya fara tura masu amfani zuwa gidan yanar gizon shagon jima'i. Dangane da martani, ya karɓi dubban wasiƙu na fushi daga masu amfani da su, waɗanda ya tura ta kwafin zuwa Bill Gates.
Af, Mike da kansa, saboda son sani, ya kafa sabar wasiku kuma ya karɓi wasiƙun sirri akan corp.com. Ya yi ƙoƙarin magance waɗannan matsalolin da kansa ta hanyar tuntuɓar kamfanoni, amma kawai ba su san yadda za a gyara lamarin ba:
Nan da nan, na fara karɓar imel na sirri, gami da nau'ikan farko na rahotannin kuɗi na kamfanoni zuwa Hukumar Tsaro da Musanya ta Amurka, rahoton albarkatun ɗan adam da sauran abubuwa masu ban tsoro. Na yi ƙoƙarin yin wasiƙa da kamfanoni na ɗan lokaci, amma yawancinsu ba su san abin da za su yi da shi ba. Don haka a ƙarshe na kashe shi [mail server].
MS bai dauki wani mataki mai aiki ba, kuma kamfanin ya ki yin tsokaci kan lamarin. Ee, Microsoft ya fitar da sabuntawa da yawa Active Directory a cikin shekaru da yawa waɗanda ke magance matsalar karon sunan yankin, amma suna da matsaloli da yawa. Kamfanin kuma ya samar shawarwarin akan kafa sunayen yanki na ciki, shawarwari akan mallakar yanki na mataki na biyu don gujewa rikice-rikice, da sauran koyarwar da yawanci ba a karanta su ba.
Amma abu mafi mahimmanci yana cikin sabuntawa. Na farko: don amfani da su, kuna buƙatar saukar da intranet ɗin kamfanin gaba ɗaya. Na biyu: bayan irin wannan sabuntawa, wasu aikace-aikacen na iya fara aiki a hankali, kuskure, ko daina aiki gaba ɗaya. A bayyane yake cewa yawancin kamfanonin da ke da haɗin gwiwar haɗin gwiwar haɗin gwiwar ba za su dauki irin wannan kasada a cikin gajeren lokaci ba. Bugu da ƙari, da yawa daga cikinsu ba su ma gane cikakken ma'auni na barazanar da ke tattare da mayar da komai zuwa corp.com lokacin da aka dauki na'ura a waje da hanyar sadarwa ta ciki.
Ana samun mafi girman baƙin ciki lokacin da kuke kallo . Don haka, a cewar bayanansa. wasu buƙatun zuwa corp.com sun fito ne daga intranet na Microsoft.
Kuma me zai faru a gaba?
Zai yi kama da cewa mafita ga wannan yanayin yana kan saman kuma an kwatanta shi a farkon labarin: bari Microsoft ya sayi yankin Mike daga gare shi kuma ya hana shi wani wuri a cikin kabad mai nisa har abada.
Amma ba haka ba ne mai sauki. Microsoft ya ba O'Connor don siyan yankinsa mai guba ga kamfanoni a duniya shekaru da yawa da suka gabata. Wannan kawai Giant ɗin ya ba da dala dubu 20 kawai don rufe irin wannan rami a cikin hanyoyin sadarwarsa.
Yanzu ana ba da yankin akan dala miliyan 1,7. Kuma ko da Microsoft ya yanke shawarar siyan shi a ƙarshe, shin za su sami lokaci?
Masu amfani da rajista kawai za su iya shiga cikin binciken. don Allah.
Me za ku yi idan kun kasance O'Connor?
-
59,6%Bari Microsoft ya sayi yankin akan dala miliyan 1,7, ko kuma bari wani ya saya.501
-
3,4%Zan sayar da shi kan dala dubu 20; Ba na so in shiga tarihi a matsayin wanda ya ba da irin wannan yanki ga wanda ba a san shi ba.29
-
3,3%Zan binne shi da kaina har abada idan Microsoft ba zai iya yanke shawara mai kyau ba.28
-
21,2%Zan sayar da yankin musamman ga masu satar bayanai a kan yanayin cewa sun lalata sunan Microsoft a cikin mahallin kamfani. Sun san matsalar tun 1997!178
-
12,4%Zan kafa sabar botnet + da kaina kuma in fara yanke shawarar makomar duniya.104
Masu amfani 840 sun kada kuri'a. 131 mai amfani ya ƙi.
source: www.habr.com