E ka mea heluhelu aloha, ʻo ka mea mua, makemake wau e kuhikuhi ma ke ʻano he kamaʻāina o Kelemania, ke wehewehe mua nei au i ke kūlana o kēia ʻāina. He ʻokoʻa loa paha ke kūlana o kou ʻāina.
Ma Kekemapa 17, 2019, ua paʻi ʻia ka ʻike ma ka ʻaoʻao Citrix Knowledge Center e pili ana i kahi nāwaliwali koʻikoʻi i ka Citrix Application Delivery Controller (NetScaler ADC) a me nā laina huahana Citrix Gateway, kaulana i kapa ʻia ʻo NetScaler Gateway. Ma hope mai, ua ʻike pū ʻia kahi nāwaliwali ma ka laina SD-WAN. Ua hoʻopilikia ka nāwaliwali i nā mana huahana a pau mai ka 10.5 a hiki i ka 13.0 o kēia manawa a ua ʻae i ka mea hoʻouka kaua ʻole e hoʻokō i nā code malicious ma ka ʻōnaehana, e hoʻohuli maoli iā NetScaler i kahua no ka hoʻouka hou ʻana i ka pūnaewele kūloko.
I ka manawa like me ka hoʻolaha ʻana o ka ʻike e pili ana i ka nāwaliwali, ua paʻi ʻo Citrix i nā manaʻo no ka hōʻemi ʻana i ka pilikia (Workaround). Ua hoʻohiki ʻia ka pani piha ʻana o ka nāwaliwali ma ka hopena o Ianuali 2020.
ʻO ka paʻakikī o kēia nāwaliwali (helu CVE-2019-19781) ... Wahi a Hoʻopilikia ka vulnerability ma mua o 80 mau ʻoihana a puni ka honua.
Hiki ke pane i ka nūhou
Ma ke ʻano he kanaka kuleana, manaʻo wau ua hana nā poʻe loea IT āpau me nā huahana NetScaler i kā lākou ʻoihana i kēia aʻe:
- hoʻokō koke i nā ʻōlelo aʻoaʻo no ka hōʻemi ʻana i ka pilikia i kuhikuhi ʻia ma ka ʻatikala CTX267679.
- nānā hou i nā hoʻonohonoho Firewall e pili ana i ka ʻae ʻia mai NetScaler i ka pūnaewele kūloko.
- Manaʻo nā luna hoʻomalu palekana IT i nā ho'āʻo "ʻokoʻa" e komo i ka NetScaler a, inā pono, e ālai iā lākou. E hoʻomanaʻo wau iā ʻoe aia ʻo NetScaler ma ka DMZ.
- loiloi i ka hiki ke hoʻokaʻawale iki iā NetScaler mai ka pūnaewele a hiki i ka loaʻa ʻana o ka ʻike kikoʻī e pili ana i ka pilikia. I nā lā hoʻomaha ma mua o ka Kalikimaka, nā hoʻomaha, a me nā mea ʻē aʻe, ʻaʻole e ʻeha loa kēia. Eia kekahi, nui nā ʻoihana i kahi koho koho ʻē aʻe ma o VPN.
He aha ka hope?
ʻO ka mea pōʻino, e like me ka mea e maopopo ai ma hope, ʻo nā ʻanuʻu i luna, ʻo ia ke ala maʻamau, ʻaʻole i mālama ʻia e ka hapa nui.
Ua aʻo ʻia nā loea he nui no ka ʻoihana Citrix e pili ana i ka nāwaliwali ma Ianuali 13.01.2020, XNUMX. . Ua ʻike lākou i ka wā i hoʻopili ʻia ai ka nui o nā ʻōnaehana ma lalo o kā lākou kuleana. ʻO ka absurdity o ke kūlana i hiki ke hoʻopau loa i nā hana e pono ai no kēia .
No kekahi kumu, ua manaʻo wau ua heluhelu nā loea IT i nā leka uila mai nā mea hana, nā ʻōnaehana i hāʻawi ʻia iā lākou, ʻike pehea e hoʻohana ai iā Twitter, e kākau inoa i nā alakaʻi alakaʻi i kā lākou kahua a koi ʻia e mālama i nā hanana o kēia manawa.
I ka ʻoiaʻiʻo, ʻoi aku ma mua o ʻekolu pule, nui nā mea kūʻai aku Citrix i nānā ʻole i nā ʻōlelo aʻoaʻo a ka mea hana. A ʻo nā mea kūʻai aku ʻo Citrix e pili ana i nā ʻoihana nui a me nā ʻoihana liʻiliʻi ma Kelemānia, a me nā ʻoihana aupuni āpau. ʻO ka mea mua, pili ka nāwaliwali i nā hale aupuni.
Akā aia kekahi mea e hana ai
ʻO ka poʻe i hoʻopili ʻia nā ʻōnaehana pono e hoʻokomo hou ʻia, me ka hoʻololi ʻana i nā palapala TSL. Malia paha ʻo kēlā mau mea kūʻai aku Citrix i manaʻo e hana ka mea hana i ka hana ikaika i ka hoʻopau ʻana i ka nāwaliwali koʻikoʻi e ʻimi koʻikoʻi i kahi koho. Pono mākou e ʻae ʻaʻole paipai ka pane a Citrix.
Nui aʻe nā nīnau ma mua o nā pane
Ke kū nei ka nīnau, he aha ka hana a nā hoa nui o Citrix, platinum a me gula? No ke aha i ʻike ʻia ai ka ʻike e pono ai ma nā ʻaoʻao o kekahi mau hoa Citrix wale nō i ka pule 3 o 2020? ʻIke ʻia ua hiamoe pū kekahi poʻe kūkākūkā waho i uku nui ʻia i kēia kūlana weliweli. ʻAʻole wau makemake e hōʻeha i kekahi, akā ʻo ka hana a ka hoa hana ka mea nui e pale i nā pilikia mai ka ala ʻana, a ʻaʻole e hāʻawi = kūʻai aku i ke kōkua i ka hoʻopau ʻana iā lākou.
ʻO kaʻoiaʻiʻo, ua hōʻike kēia kūlana i ke kūlana maoli o nā hihia ma ke kahua o ka palekana IT. Pono nā limahana ʻelua o nā keʻena IT o nā ʻoihana a me nā mea kūkākūkā o nā hui hoa Citrix e hoʻomaopopo i hoʻokahi ʻoiaʻiʻo: inā he nāwaliwali, pono e hoʻopau ʻia. ʻAe, pono e hoʻopau koke ʻia kahi nāwaliwali koʻikoʻi!
Source: www.habr.com