Ua heluhelu pinepine au i ka manaʻo ʻo ka mālama ʻana i kahi awa RDP (Remote Desktop Protocol) i wehe ʻia i ka Pūnaewele he palekana loa a ʻaʻole pono e hana ʻia. Akā, pono ʻoe e hāʻawi i ke komo i ka RDP ma o ka VPN, a i ʻole mai kekahi mau helu IP "keʻokeʻo".
Hoʻokele au i kekahi mau Windows Servers no nā ʻoihana liʻiliʻi kahi i hāʻawi ʻia iaʻu i ka hāʻawi ʻana i kahi mamao mamao i ka Windows Server no nā mea helu. ʻO kēia ke ʻano hou - hana mai ka home. ʻO ka wikiwiki, ʻike wau ʻo ka hōʻeha ʻana i nā mea helu VPN he hana mahalo ʻole, a ʻo ka hōʻiliʻili ʻana i nā IP āpau no ka papa inoa keʻokeʻo ʻaʻole e hana, no ka mea he ikaika nā helu IP o nā kānaka.
No laila, lawe au i ke ala maʻalahi loa - hoʻouna i ke awa RDP i waho. No ka loaʻa ʻana, pono nā mea helu kālā e holo i ka RDP a komo i ka inoa host (me ke awa), inoa inoa a me ka ʻōlelo huna.
Ma kēia ʻatikala e hōʻike wau i kaʻu ʻike (maikaʻi a ʻaʻole maikaʻi loa) a me nā ʻōlelo paipai.
Nā Risks
He aha kāu pilikia ma ka wehe ʻana i ke awa RDP?
1) ʻAʻohe ʻae ʻia i ka ʻikepili koʻikoʻi
Inā manaʻo kekahi i ka ʻōlelo huna RDP, hiki iā lākou ke loaʻa ka ʻikepili āu e makemake ai e mālama pilikino: ke kūlana moʻokāki, ke kaulike, ka ʻikepili o ka mea kūʻai aku, ...
2) Pohō ʻikepili
No ka laʻana, ma muli o ka ransomware virus.
A i ʻole he hana i manaʻo ʻia e ka mea hoʻouka.
3) Nalo o ka hale hana
Pono nā mea hana e hana, akā ua hoʻopilikia ʻia ka ʻōnaehana a pono e hoʻokomo hou / hoʻihoʻi / hoʻonohonoho.
4) Hoʻololi i ka pūnaewele kūloko
Inā loaʻa i kahi mea hoʻouka ke komo i kahi kamepiula Windows, a laila mai kēia kamepiula e hiki iā ia ke komo i nā ʻōnaehana hiki ʻole ke loaʻa mai waho, mai ka Pūnaewele. No ka laʻana, e waiho i nā ʻāpana, i nā mea paʻi pūnaewele, etc.
Ua loaʻa iaʻu kahi hihia kahi i loaʻa ai iā Windows Server kahi ransomware
a ua hoʻopili mua kēia ransomware i ka hapa nui o nā faila ma ka C: drive a laila hoʻomaka e hoʻopili i nā faila ma ka NAS ma luna o ka pūnaewele. ʻOiai ʻo ka NAS ʻo Synology, me nā kiʻi paʻi i hoʻonohonoho ʻia, hoʻihoʻi au i ka NAS i 5 mau minuke, a hoʻokomo hou i ka Windows Server mai ka wā ʻōpala.
Nā Nānā a me nā Manaʻo
Nānā wau i nā Windows Servers e hoʻohana ana
ʻAʻole pale ka nānā ʻana iā ia iho, akā kōkua ia e hoʻoholo i nā mea e pono ai.
Eia kekahi mau ʻike.
a) E hoʻoikaika ʻia ka RDP.
Ma kekahi o nā kikowaena, ua hoʻokomo wau i ka RDP ʻaʻole ma ke awa maʻamau 3389, akā ma 443 - maikaʻi, e hoʻololi wau iaʻu iho he HTTPS. Pono paha e hoʻololi i ke awa mai ka mea maʻamau, akā ʻaʻole ia e hana maikaʻi. Eia nā ʻikepili mai kēia kikowaena:
Hiki ke ʻike ʻia i loko o hoʻokahi pule ma kahi o 400 mau hoʻāʻo kūleʻa e komo ma o RDP.
Hiki ke ʻike ʻia aia nā hoʻāʻo e komo mai 55 IP address (ua pāpā ʻia kekahi mau IP address e aʻu).
Hōʻike pololei kēia i ka hopena e pono ai ʻoe e hoʻonohonoho i fail2ban, akā
ʻAʻohe mea hoʻohana like no Windows.
Aia kekahi mau papahana i haʻalele ʻia ma Github e hana nei i kēia, akā ʻaʻole wau i hoʻāʻo e hoʻokomo iā lākou:
Aia kekahi mau pono uku, akā ʻaʻole wau i noʻonoʻo iā lākou.
Inā ʻike ʻoe i kahi hāmeʻa open source no kēia kumu, e ʻoluʻolu e kaʻana like ma nā manaʻo.
Kiʻi hou: Ua manaʻo nā manaʻo he koho maikaʻi ʻole ke awa 443, a ʻoi aku ka maikaʻi o ke koho ʻana i nā awa kiʻekiʻe (32000+), no ka mea, ʻoi aku ka nānā ʻana o 443, a ʻo ka ʻike ʻana iā RDP ma kēia awa ʻaʻole ia he pilikia.
Kiʻi hou: Ua hōʻike ʻia nā manaʻo e loaʻa ana kēia mea pono:
b) Aia kekahi mau inoa inoa i makemake ʻia e nā mea hoʻouka
Hiki ke ʻike ʻia ke hana ʻia ka ʻimi ʻana ma ka puke wehewehe ʻōlelo me nā inoa like ʻole.
Eia naʻe kaʻu mea i ʻike ai: he helu nui o nā hoʻāʻo e hoʻohana ana i ka inoa kikowaena ma ke ʻano he komo. Manaʻo: Mai hoʻohana i ka inoa like no ka kamepiula a me ka mea hoʻohana. Eia kekahi, ʻike ʻia i kekahi manawa ke hoʻāʻo nei lākou e hoʻokaʻawale i ka inoa kikowaena: no ka laʻana, no kahi ʻōnaehana me ka inoa DESKTOP-DFTHD7C, ʻo ka nui o nā hoʻāʻo e komo me ka inoa DFTHD7C:
No laila, inā loaʻa iā ʻoe kahi kamepiula DESKTOP-MARIA, e hoʻāʻo paha ʻoe e komo ma ke ʻano he mea hoʻohana MARIA.
ʻO kekahi mea aʻu i ʻike ai mai nā lāʻau: ma ka hapa nui o nā ʻōnaehana, ʻo ka hapa nui o nā hoʻāʻo e hoʻopaʻa inoa me ka inoa "administrator". ʻAʻole kēia me ke kumu ʻole, no ka mea ma nā ʻano he nui o Windows, aia kēia mea hoʻohana. Eia kekahi, ʻaʻole hiki ke holoi ʻia. Hoʻomaʻamaʻa kēia i ka hana no nā mea hoʻouka: ma kahi o ka koho ʻana i kahi inoa a me ka ʻōlelo huna, pono ʻoe e koho wale i ka ʻōlelo huna.
Ma ke ala, ʻo ka ʻōnaehana i hopu i ka ransomware ka mea hoʻohana Administrator a me ka ʻōlelo huna Murmansk#9. ʻAʻole maopopo iaʻu pehea ka hacked ʻana o kēlā ʻōnaehana, no ka mea, hoʻomaka wau e nānā ma hope o kēlā hanana, akā manaʻo wau ua hiki ke overkill.
No laila inā ʻaʻole hiki ke hoʻopau ʻia ka mea hoʻohana Administrator, a laila he aha kāu e hana ai? Hiki iā ʻoe ke hoʻololi i ka inoa!
Manaʻo manaʻo mai kēia paukū:
- mai hoʻohana i ka inoa inoa ma ka inoa kamepiula
- e hōʻoia ʻaʻohe mea hoʻohana Administrator ma ka ʻōnaehana
- hoʻohana i nā ʻōlelo huna ikaika
No laila, ke nānā nei au i kekahi mau Windows Servers ma lalo o koʻu mana e hoʻomāinoino ʻia no kahi mau makahiki ʻelua i kēia manawa, a ʻaʻohe kūleʻa.
Pehea wau e ʻike ai ʻaʻole i kūleʻa?
No ka mea ma nā kiʻi paʻi kiʻi ma luna hiki iā ʻoe ke ʻike aia nā lāʻau o nā kelepona RDP kūleʻa, aia ka ʻike:
- mai kahi IP
- mai kahi kamepiula (hostname)
- Inoa mea hoʻohana
- ʻIke GeoIP
A ke nānā mau nei au ma laila - ʻaʻohe mea i ʻike ʻia.
Ma ke ala, inā ʻoi aku ka paʻakikī o kahi IP, a laila hiki iā ʻoe ke kāohi i nā IP pilikino (a i ʻole subnets) e like me kēia ma PowerShell:
New-NetFirewallRule -Direction Inbound -DisplayName "fail2ban" -Name "fail2ban" -RemoteAddress ("185.143.0.0/16", "185.153.0.0/16", "193.188.0.0/16") -Action Block
Ma ke ala, loaʻa iā Elastic, ma kahi o Winlogbeat
ʻAe, nā ʻōlelo aʻoaʻo hope:
- E hana i nā waihona ʻakomi maʻamau.
- e hoʻouka i nā mea hou palekana i ka manawa kūpono
Bonus: papa inoa o nā mea hoʻohana 50 i hoʻohana pinepine ʻia no ka hoʻāʻo ʻana i ka RDP
"user.name: Ke iho nei"
Helu
dfthd7c (inoa hookipa)
842941
winsrv1 (inoa hookipa)
266525
LUNA HOOPONOPONO
180678
luna hoʻomalu
163842
luna
53541
Michael
23101
kikowaena
21983
Steve
21936
Ioane
21927
paul
21913
? eaia
21909
Mike
21899
oihana
21888
polokalamu uila
21887
scan NineManga.com
21867
ʻo Dāvida
21865
Chris
21860
ka mea nāna
21855
manakia
21852
luna hoʻomalu
21841
Beriana
21839
luna hoʻomalu
21837
mark
21824
koʻokoʻo
21806
ADMIN
12748
aa
7772
LUNAHOOPONOPONO
7325
kokua
5577
MEDIUM
5418
Mea hoʻohana
4558
Keʻena Luna
2832
KEKAHI
1928
MySql
1664
Keʻena Luna
1652
KA MANUHU
1322
Mea hoʻohana1
1179
PALAPALA
1121
SCAN
1032
LUNAHOOPONOPONO
842
ADMIN1
525
KANAKA
518
MySqlAdmin
518
ʻĀPAU
490
Mea hoʻohana2
466
TEMP
452
SQLADMIN
450
Mea hoʻohana3
441
1
422
LUNA
418
ʻona
410
Source: www.habr.com