ProHoster > He pōʻino paha ka wehe ʻana o RDP ma ka pūnaewele?

He pōʻino paha ka wehe ʻana o RDP ma ka pūnaewele?

Ua heluhelu pinepine au i ka manaʻo ʻo ka mālama ʻana i kahi awa RDP (Remote Desktop Protocol) i wehe ʻia i ka Pūnaewele he palekana loa a ʻaʻole pono e hana ʻia. Akā, pono ʻoe e hāʻawi i ke komo i ka RDP ma o ka VPN, a i ʻole mai kekahi mau helu IP "keʻokeʻo".

Ke hoʻokele nei au i kekahi mau Windows Server no nā ʻoihana liʻiliʻi kahi i hāʻawi ʻia mai iaʻu ke kuleana e hāʻawi i ke komo mamao i Windows Server No nā mea helu kālā. ʻO ia ke ʻano o kēia au—ʻo ka hana ʻana mai ka home. Ua ʻike koke wau he hana mahalo ʻole ka hoʻoluhi ʻana i nā mea helu kālā me ka VPN, a ʻo ka hōʻiliʻili ʻana i nā helu wahi IP āpau no kahi papa inoa keʻokeʻo he mea hiki ʻole no ka mea he mau helu wahi IP ko ka lehulehu.

No laila, lawe au i ke ala maʻalahi loa - hoʻouna i ke awa RDP i waho. No ka loaʻa ʻana, pono nā mea helu kālā e holo i ka RDP a komo i ka inoa host (me ke awa), inoa inoa a me ka ʻōlelo huna.

Ma kēia ʻatikala e hōʻike wau i kaʻu ʻike (maikaʻi a ʻaʻole maikaʻi loa) a me nā ʻōlelo paipai.

Nā Risks

He aha kāu pilikia ma ka wehe ʻana i ke awa RDP?

1) ʻAʻohe ʻae ʻia i ka ʻikepili koʻikoʻi
Inā manaʻo kekahi i ka ʻōlelo huna RDP, hiki iā lākou ke loaʻa ka ʻikepili āu e makemake ai e mālama pilikino: ke kūlana moʻokāki, ke kaulike, ka ʻikepili o ka mea kūʻai aku, ...

2) Pohō ʻikepili
No ka laʻana, ma muli o ka ransomware virus.
A i ʻole he hana i manaʻo ʻia e ka mea hoʻouka.

3) Nalo o ka hale hana
Pono nā mea hana e hana, akā ua hoʻopilikia ʻia ka ʻōnaehana a pono e hoʻokomo hou / hoʻihoʻi / hoʻonohonoho.

4) Hoʻololi i ka pūnaewele kūloko
Inā ua loaʻa i kahi mea hoʻouka ke komo i Windows-kamepiula, a laila mai kēia kamepiula e hiki iā lākou ke komo i nā ʻōnaehana i hiki ʻole ke komo ʻia ma waho, ma o ka pūnaewele. No ka laʻana, nā kaʻana like faila, nā mīkini paʻi pūnaewele, a pēlā aku.

Ua loaʻa iaʻu kahi hihia i ka wā Windows Server ua hopu i ka mea kākau moʻolelo huna

Ua hoʻopāʻālua mua kēia ransomware i ka hapa nui o nā faila ma ka drive C:, a laila hoʻomaka i ka hoʻopāʻālua ʻana i nā faila ma ka NAS ma luna o ka pūnaewele. ʻOiai ʻo ka NAS he Synology, me nā kiʻi paʻi i hoʻonohonoho ʻia, ua hoʻihoʻi au i ka NAS i loko o 5 mau minuke, a Windows Server hoʻouka hou ʻia mai ka wā ʻole.

Nā Nānā a me nā Manaʻo

Ke nānā nei au Windows Serverme ke kōkua o Winlogbeat, e hoʻouna i nā lāʻau i ElasticSearch. He nui nā hiʻohiʻona o Kibana, a ua hoʻonohonoho pū wau i kahi dashboard maʻamau.
ʻAʻole pale ka nānā ʻana iā ia iho, akā kōkua ia e hoʻoholo i nā mea e pono ai.

Eia kekahi mau ʻike.
a) E hoʻoikaika ʻia ka RDP.
Ma kekahi o nā kikowaena, ua hoʻokomo wau i ka RDP ʻaʻole ma ke awa maʻamau 3389, akā ma 443 - maikaʻi, e hoʻololi wau iaʻu iho he HTTPS. Pono paha e hoʻololi i ke awa mai ka mea maʻamau, akā ʻaʻole ia e hana maikaʻi. Eia nā ʻikepili mai kēia kikowaena:

He pōʻino paha ka wehe ʻana o RDP ma ka pūnaewele?

Hiki ke ʻike ʻia i loko o hoʻokahi pule ma kahi o 400 mau hoʻāʻo kūleʻa e komo ma o RDP.
Hiki ke ʻike ʻia aia nā hoʻāʻo e komo mai 55 IP address (ua pāpā ʻia kekahi mau IP address e aʻu).

Hōʻike pololei kēia i ka hopena e pono ai ʻoe e hoʻonohonoho i fail2ban, akā

no ka mea, Windows ʻAʻohe pono o ia ʻano.

Aia kekahi mau papahana i haʻalele ʻia ma Github e hana nei i kēia, akā ʻaʻole wau i hoʻāʻo e hoʻokomo iā lākou:
https://github.com/glasnt/wail2ban
https://github.com/EvanAnderson/ts_block

Aia kekahi mau pono uku, akā ʻaʻole wau i noʻonoʻo iā lākou.

Inā ʻike ʻoe i kahi hāmeʻa open source no kēia kumu, e ʻoluʻolu e kaʻana like ma nā manaʻo.

Kiʻi hou: Ua manaʻo nā manaʻo he koho maikaʻi ʻole ke awa 443, a ʻoi aku ka maikaʻi o ke koho ʻana i nā awa kiʻekiʻe (32000+), no ka mea, ʻoi aku ka nānā ʻana o 443, a ʻo ka ʻike ʻana iā RDP ma kēia awa ʻaʻole ia he pilikia.

Kiʻi hou: Ua hōʻike ʻia nā manaʻo e loaʻa ana kēia mea pono:
https://github.com/digitalruby/ipban

b) Aia kekahi mau inoa inoa i makemake ʻia e nā mea hoʻouka
Hiki ke ʻike ʻia ke hana ʻia ka ʻimi ʻana ma ka puke wehewehe ʻōlelo me nā inoa like ʻole.
Eia naʻe kaʻu mea i ʻike ai: he helu nui o nā hoʻāʻo e hoʻohana ana i ka inoa kikowaena ma ke ʻano he komo. Manaʻo: Mai hoʻohana i ka inoa like no ka kamepiula a me ka mea hoʻohana. Eia kekahi, ʻike ʻia i kekahi manawa ke hoʻāʻo nei lākou e hoʻokaʻawale i ka inoa kikowaena: no ka laʻana, no kahi ʻōnaehana me ka inoa DESKTOP-DFTHD7C, ʻo ka nui o nā hoʻāʻo e komo me ka inoa DFTHD7C:

He pōʻino paha ka wehe ʻana o RDP ma ka pūnaewele?

No laila, inā loaʻa iā ʻoe kahi kamepiula DESKTOP-MARIA, e hoʻāʻo paha ʻoe e komo ma ke ʻano he mea hoʻohana MARIA.

ʻO kekahi mea aʻu i ʻike ai mai nā log: ma ka hapa nui o nā ʻōnaehana, hana ʻia ka hapa nui o nā hoʻāʻo komo me ka inoa inoa "luna hoʻomalu." ʻAʻole kēia he ulia, no ka mea, ma nā mana he nui Windows, aia kēia mea hoʻohana. Eia kekahi, ʻaʻole hiki ke holoi ʻia. Hoʻomaʻalahi kēia i ka hana no nā mea hoʻouka: ma kahi o ke kuhi ʻana i ka inoa inoa a me ka ʻōlelo huna, pono lākou e kuhi wale i ka ʻōlelo huna.
Ma ke ala, ʻo ka ʻōnaehana i hopu i ka ransomware ka mea hoʻohana Administrator a me ka ʻōlelo huna Murmansk#9. ʻAʻole maopopo iaʻu pehea ka hacked ʻana o kēlā ʻōnaehana, no ka mea, hoʻomaka wau e nānā ma hope o kēlā hanana, akā manaʻo wau ua hiki ke overkill.
No laila inā ʻaʻole hiki ke hoʻopau ʻia ka mea hoʻohana Administrator, a laila he aha kāu e hana ai? Hiki iā ʻoe ke hoʻololi i ka inoa!

Manaʻo manaʻo mai kēia paukū:

  • mai hoʻohana i ka inoa inoa ma ka inoa kamepiula
  • e hōʻoia ʻaʻohe mea hoʻohana Administrator ma ka ʻōnaehana
  • hoʻohana i nā ʻōlelo huna ikaika

Penei kaʻu ʻike ʻana i ke ʻano o kekahi mau Windows Server Ma lalo o koʻu mana, ua hana ʻia ka hoʻokau wale ʻana no kekahi mau makahiki i kēia manawa, a ʻaʻohe holomua.

Pehea wau e ʻike ai ʻaʻole i kūleʻa?
No ka mea ma nā kiʻi paʻi kiʻi ma luna hiki iā ʻoe ke ʻike aia nā lāʻau o nā kelepona RDP kūleʻa, aia ka ʻike:

  • mai kahi IP
  • mai kahi kamepiula (hostname)
  • Inoa mea hoʻohana
  • ʻIke GeoIP

A ke nānā mau nei au ma laila - ʻaʻohe mea i ʻike ʻia.

Ma ke ala, inā ʻoi aku ka paʻakikī o kahi IP, a laila hiki iā ʻoe ke kāohi i nā IP pilikino (a i ʻole subnets) e like me kēia ma PowerShell:

New-NetFirewallRule -Direction Inbound -DisplayName "fail2ban" -Name "fail2ban" -RemoteAddress ("185.143.0.0/16", "185.153.0.0/16", "193.188.0.0/16") -Action Block

Ma ke ala, loaʻa iā Elastic, ma kahi o Winlogbeat Hoʻoponopono, hiki ke nānā i nā faila a me nā kaʻina hana ma ka ʻōnaehana. Aia kekahi polokalamu SIEM (Security Information & Event Management) ma Kibana. Ua hoʻāʻo wau i nā mea ʻelua, akā ʻaʻole i ʻike i ka pōmaikaʻi nui—me he mea lā e ʻoi aku ka pono o Auditbeat no Linux nā ʻōnaehana, akā ʻaʻole i hōʻike mai ʻo SIEM iaʻu i kekahi mea hiki ke hoʻomaopopo ʻia.

ʻAe, nā ʻōlelo aʻoaʻo hope:

  • E hana i nā waihona ʻakomi maʻamau.
  • e hoʻouka i nā mea hou palekana i ka manawa kūpono

Bonus: papa inoa o nā mea hoʻohana 50 i hoʻohana pinepine ʻia no ka hoʻāʻo ʻana i ka RDP

"inoa mea hoʻohana: Ke iho nei"
Helu

dfthd7c (inoa hookipa)
842941

winsrv1 (inoa hookipa)
266525

LUNA HOOPONOPONO
180678

luna hoʻomalu
163842

luna
53541

Michael
23101

kikowaena
21983

Steve
21936

Ioane
21927

paul
21913

? eaia
21909

Mike
21899

oihana
21888

polokalamu uila
21887

scan NineManga.com
21867

ʻo Dāvida
21865

Chris
21860

ka mea nāna
21855

manakia
21852

luna hoʻomalu
21841

Beriana
21839

luna hoʻomalu
21837

mark
21824

koʻokoʻo
21806

ADMIN
12748

aa
7772

LUNAHOOPONOPONO
7325

kokua
5577

MEDIUM
5418

Mea hoʻohana
4558

Keʻena Luna
2832

KEKAHI
1928

MySql
1664

Keʻena Luna
1652

KA MANUHU
1322

Mea hoʻohana1
1179

PALAPALA
1121

SCAN
1032

LUNAHOOPONOPONO
842

ADMIN1
525

KANAKA
518

MySqlAdmin
518

ʻĀPAU
490

Mea hoʻohana2
466

TEMP
452

SQLADMIN
450

Mea hoʻohana3
441

1
422

LUNA
418

ʻona
410

Source: www.habr.com

E kūʻai i ka hoʻokipa hilinaʻi no nā pūnaewele me ka pale DDoS, nā kikowaena VPS VDS 🔥 E kūʻai i ka hoʻokipa pūnaewele hilinaʻi me ka pale DDoS, nā kikowaena VPS VDS | ProHoster