Zonse zomwe wowukira amafunikira ndi nthawi komanso chilimbikitso kuti alowe mu netiweki yanu. Koma ntchito yathu ndikumuletsa kuchita izi, kapena kuti ntchitoyo ikhale yovuta momwe tingathere. Muyenera kuyamba ndi kuzindikira zofooka mu Active Directory (zotchedwa AD) zomwe wowukira angagwiritse ntchito kuti alowe ndikuyenda mozungulira maukonde osazindikirika. Lero m'nkhaniyi tiwona zizindikiro zowopsa zomwe zikuwonetsa zofooka zomwe zilipo kale pachitetezo cha cyber cha gulu lanu, pogwiritsa ntchito dashboard ya AD Varonis monga chitsanzo.
Owukira amagwiritsa ntchito masinthidwe ena mu domain
Zigawenga zimagwiritsa ntchito njira zosiyanasiyana zanzeru ndi zofooka kuti zilowe m'magulu amakampani ndikukulitsa mwayi. Zina mwazovutazi ndi zosintha za domain zomwe zitha kusinthidwa mosavuta zikadziwika.
Dashboard ya AD idzakuchenjezani nthawi yomweyo ngati inu (kapena oyang'anira makina anu) simunasinthe mawu achinsinsi a KRBTGT m'mwezi watha, kapena ngati wina watsimikizira ndi akaunti ya Administrator yokhazikika. Maakaunti awiriwa amapereka mwayi wopezeka pa netiweki yanu: owukira amayesa kuwapeza kuti alambalale zoletsa zilizonse zamwayi ndi zilolezo zofikira. Ndipo, chifukwa chake, amapeza chidziwitso chilichonse chomwe chimawasangalatsa.
Zachidziwikire, mutha kudzipezera nokha zovuta izi: mwachitsanzo, ikani chikumbutso cha kalendala kuti muwone kapena kuyendetsa script ya PowerShell kuti mutenge izi.
Dashboard ya Varonis ikusinthidwa basi kuti mupereke mawonekedwe ofulumira ndi kusanthula ma metrics ofunikira omwe amawunikira zovuta zomwe zingatheke kuti mutha kuchitapo kanthu mwachangu kuthana nazo.
3 Zowonetsa Zowopsa za Domain Domain
Pansipa pali ma widget angapo omwe akupezeka pa dashboard ya Varonis, kugwiritsidwa ntchito kwake kudzalimbikitsa kwambiri chitetezo chamagulu amakampani ndi zomangamanga za IT zonse.
1. Nambala ya madambwe omwe chinsinsi cha akaunti ya Kerberos sichinasinthidwe kwanthawi yayitali
Akaunti ya KRBTGT ndi akaunti yapadera mu AD yomwe imasaina chilichonse . Zigawenga zomwe zimapeza mwayi wowongolera domeni (DC) zitha kugwiritsa ntchito akauntiyi kupanga , zomwe zidzawapatse mwayi wopanda malire pafupifupi machitidwe aliwonse pa intaneti yamakampani. Tidakumana ndi vuto pomwe, titapeza bwino Tikiti ya Golide, wowukirayo adakhala ndi mwayi wolumikizana ndi gulu kwa zaka ziwiri. Ngati chinsinsi cha akaunti ya KRBTGT mu kampani yanu sichinasinthidwe m'masiku makumi anayi apitawa, widget idzakudziwitsani za izi.
Masiku XNUMX ndi nthawi yokwanira kuti wowukira azitha kugwiritsa ntchito intaneti. Komabe, ngati mukakamiza ndikusintha njira yosinthira mawu achinsinsiwa pafupipafupi, zipangitsa kuti zikhale zovuta kuti woukira alowe mumgwirizano wamakampani anu.
Kumbukirani kuti malinga ndi Microsoft kukhazikitsa Kerberos protocol, muyenera Mtengo wa KRBTGT.
M'tsogolomu, widget iyi ya AD idzakukumbutsani nthawi yoti musinthe mawu achinsinsi a KRBTGT pamadomeni onse pa netiweki yanu.
2. Nambala ya madambwe pomwe akaunti ya Administrator yomangidwa idagwiritsidwa ntchito posachedwa
Malingana ndi - Oyang'anira dongosolo amapatsidwa maakaunti awiri: yoyamba ndi akaunti yogwiritsidwa ntchito tsiku ndi tsiku, ndipo yachiwiri ndi ya ntchito yoyang'anira yokonzekera. Izi zikutanthauza kuti palibe amene akuyenera kugwiritsa ntchito akaunti ya woyang'anira.
Akaunti yoyang'anira yomwe idamangidwa nthawi zambiri imagwiritsidwa ntchito kupeputsa kasamalidwe ka dongosolo. Izi zitha kukhala chizoloΕ΅ezi choipa, zomwe zimachititsa kuti azibera. Izi zikachitika m'gulu lanu, mudzakhala ndi zovuta kusiyanitsa pakati pa kugwiritsa ntchito bwino akauntiyi ndi mwayi woyipa.
Ngati widget ikuwonetsa china chilichonse kupatula ziro, ndiye kuti wina sakugwira ntchito moyenera ndi maakaunti oyang'anira. Pankhaniyi, muyenera kuchitapo kanthu kukonza ndikuchepetsa mwayi wopezeka muakaunti yoyang'anira yomangidwa.
Mukapeza mtengo wa widget wa zero ndipo oyang'anira dongosolo sagwiritsanso ntchito akauntiyi pantchito yawo, ndiye kuti m'tsogolomu, kusintha kulikonse kudzawonetsa kuukira kwa cyber.
3. Chiwerengero cha madambwe omwe alibe gulu la Ogwiritsa Ntchito Otetezedwa
Matembenuzidwe akale a AD adathandizira mtundu wofooka wachinsinsi - RC4. Ma hacker adabera RC4 zaka zambiri zapitazo, ndipo tsopano ndi ntchito yaing'ono kuti wowukira atseke akaunti yomwe ikugwiritsabe ntchito RC4. Mtundu wa Active Directory womwe unayambitsidwa mu Windows Server 2012 unayambitsa mtundu watsopano wa gulu lotchedwa Protected Users Group. Imapereka zida zowonjezera zotetezera ndikuletsa kutsimikizika kwa ogwiritsa ntchito pogwiritsa ntchito RC4 encryption.
Widget iyi iwonetsa ngati dera lililonse m'bungwe likusowa gulu lotere kuti mutha kukonza, mwachitsanzo. thandizirani gulu la ogwiritsa ntchito otetezedwa ndikuligwiritsa ntchito kuteteza zomangamanga.
Zosavuta zolimbana nazo
Maakaunti a ogwiritsa ntchito ndiye chandamale choyambirira cha omwe akuwukira, kuyambira pakuyesa koyambirira mpaka kupitiliza kukwera kwa mwayi ndi kubisidwa kwa zomwe akuchita. Zigawenga zimayang'ana zosavuta pamaneti anu pogwiritsa ntchito malamulo oyambira a PowerShell omwe nthawi zambiri amakhala ovuta kuwazindikira. Chotsani zambiri mwazosavuta izi kuchokera ku AD momwe mungathere.
Zigawenga zikuyang'ana ogwiritsa ntchito omwe ali ndi mawu achinsinsi osatha (kapena omwe safuna mawu achinsinsi), maakaunti aukadaulo omwe ndi oyang'anira, ndi maakaunti omwe amagwiritsa ntchito chinsinsi cha RC4.
Iliyonse mwa maakaunti awa ndi yaing'ono kuyipeza kapena nthawi zambiri siyimayang'aniridwa. Zigawenga zitha kutenga maakaunti awa ndikuyenda momasuka mkati mwazomangamanga zanu.
Owukira akalowa m'malire achitetezo, atha kupeza akaunti imodzi. Kodi mungawalepheretse kupeza zidziwitso zodziwika bwino kuukirako kusanazindikirike ndikusungidwa?
Dashboard ya Varonis AD iwonetsa maakaunti omwe ali pachiwopsezo kuti mutha kuthana ndi mavuto mwachangu. Kumakhala kovuta kwambiri kulowa mu netiweki yanu, m'pamenenso mumakhala ndi mwayi wolepheretsa woukirayo asanawononge kwambiri.
4 Zowonetsa Zowopsa Zamaakaunti Ogwiritsa Ntchito
Pansipa pali zitsanzo za ma widget a Varonis AD omwe amawonetsa maakaunti omwe ali pachiwopsezo kwambiri.
1. Chiwerengero cha ogwiritsa ntchito omwe ali ndi mawu achinsinsi omwe satha ntchito
Kwa wowukira aliyense kuti apeze akaunti yotere nthawi zonse amakhala wopambana. Popeza mawu achinsinsi satha ntchito, wowukirayo amakhala ndi malo okhazikika mkati mwamaneti, omwe amatha kugwiritsidwa ntchito kapena mayendedwe mkati mwa zomangamanga.
Zigawenga zili ndi mindandanda yazophatikizira mamiliyoni ambiri achinsinsi omwe amagwiritsa ntchito pakuwukira kotsimikizika, ndipo mwayi ndi wakuti.
kuti kuphatikiza kwa wogwiritsa ndi mawu achinsinsi "amuyaya" kuli m'gulu limodzi mwa mindandanda iyi, yokulirapo kuposa ziro.
Maakaunti okhala ndi mawu achinsinsi osatha ndi osavuta kuwongolera, koma ndiotetezedwa. Gwiritsani ntchito widget iyi kuti mupeze maakaunti onse omwe ali ndi mawu achinsinsi otere. Sinthani izi ndikusintha mawu anu achinsinsi.
Mtengo wa widget iyi ukakhazikitsidwa paziro, maakaunti aliwonse atsopano opangidwa ndi mawu achinsinsiwa aziwonekera padashboard.
2. Chiwerengero cha maakaunti oyang'anira omwe ali ndi SPN
SPN (Dzina Likulu la Utumiki) ndi chizindikiritso chapadera cha zochitika zautumiki. Widget iyi ikuwonetsa kuchuluka kwa maakaunti amautumiki omwe ali ndi ufulu wowongolera. Mtengo wa widget uyenera kukhala ziro. SPN yokhala ndi ufulu woyang'anira imachitika chifukwa kupereka maufulu otere ndikosavuta kwa ogulitsa mapulogalamu ndi oyang'anira mapulogalamu, koma kumabweretsa chiwopsezo chachitetezo.
Kupereka ufulu woyang'anira akaunti ya ntchito kumalola wowukirayo kuti azitha kulowa muakaunti yomwe siikugwiritsidwa ntchito. Izi zikutanthauza kuti owukira omwe ali ndi mwayi wopeza maakaunti a SPN amatha kugwira ntchito momasuka mkati mwazomangamanga popanda kuyang'aniridwa ndi zomwe akuchita.
Mutha kuthetsa vutoli posintha zilolezo zamaakaunti a ntchito. Maakaunti oterowo akuyenera kutsatiridwa ndi mfundo yamwayi wocheperako ndikukhala ndi mwayi wokhawo womwe uli wofunikira pakugwira ntchito kwawo.
Pogwiritsa ntchito widget iyi, mutha kuzindikira ma SPN onse omwe ali ndi ufulu woyang'anira, kuchotsa mwayi wotere, ndikuwunika ma SPN pogwiritsa ntchito mfundo yomweyi yopezera mwayi.
SPN yomwe yangowoneka kumene idzawonetsedwa pa dashboard, ndipo mudzatha kuyang'anira izi.
3. Chiwerengero cha ogwiritsa ntchito omwe safuna kuti Kerberos atsimikiziretu
Moyenera, Kerberos amasunga tikiti yotsimikizira pogwiritsa ntchito encryption ya AES-256, yomwe imakhala yosasweka mpaka lero.
Komabe, mitundu yakale ya Kerberos idagwiritsa ntchito RC4 encryption, yomwe imatha kusweka mumphindi. Widget iyi ikuwonetsa maakaunti a ogwiritsa ntchito omwe akugwiritsabe ntchito RC4. Microsoft imathandizirabe RC4 kuti igwirizane ndi kumbuyo, koma sizikutanthauza kuti muyenera kuigwiritsa ntchito mu AD yanu.
Mukazindikira maakaunti oterowo, muyenera kusayang'ana bokosi la "Sizikufuna kuti Kerberos pre-authorization" mu AD kukakamiza maakaunti kugwiritsa ntchito kubisa kwaukadaulo.
Kupeza maakaunti awa nokha, popanda dashboard ya Varonis AD, kumatenga nthawi yambiri. M'malo mwake, kudziwa maakaunti onse omwe amasinthidwa kuti agwiritse ntchito kubisa kwa RC4 ndi ntchito yovuta kwambiri.
Ngati mtengo wa widget ukusintha, izi zitha kuwonetsa zochitika zosaloledwa.
4. Chiwerengero cha ogwiritsa ntchito opanda mawu achinsinsi
Owukira amagwiritsa ntchito malamulo a PowerShell kuti awerenge mbendera ya "PASSWD_NOTREQD" kuchokera ku AD muakaunti. Kugwiritsa ntchito mbendera iyi kukuwonetsa kuti palibe zofunikira zachinsinsi kapena zovuta.
Ndikosavuta bwanji kuba akaunti ndi mawu achinsinsi osavuta kapena opanda kanthu? Tsopano yerekezani kuti imodzi mwa maakauntiwa ndi woyang'anira.
Nanga bwanji ngati imodzi mwamafayilo achinsinsi masauzande ambiri omwe aliyense atsegulidwira ndi lipoti lazachuma lomwe likubwera?
Kunyalanyaza zofunikira zachinsinsi ndi njira ina yachidule ya kasamalidwe kachitidwe yomwe nthawi zambiri inkagwiritsidwa ntchito m'mbuyomu, koma sizovomerezeka kapena zotetezeka masiku ano.
Konzani vutoli pokonzanso mawu achinsinsi a maakauntiwa.
Kuyang'anira widget iyi m'tsogolomu kudzakuthandizani kupewa akaunti popanda mawu achinsinsi.
Varonis amawonjezera zovuta
M'mbuyomu, ntchito yosonkhanitsa ndi kusanthula ma metric omwe afotokozedwa m'nkhaniyi idatenga maola ambiri ndipo idafunikira chidziwitso chozama cha PowerShell, zomwe zimafuna kuti magulu achitetezo azipereka zothandizira pantchito zotere sabata iliyonse kapena mwezi uliwonse. Koma kusonkhanitsa pamanja ndi kukonza chidziwitsochi kumapatsa oukirawo mwayi wolowera ndikuba zambiri.
Π‘ Mukhala tsiku limodzi kuti mutumize dashboard ya AD ndi zina zowonjezera, sonkhanitsani zofooka zonse zomwe zafotokozedwa ndi zina zambiri. M'tsogolomu, panthawi yogwira ntchito, gulu loyang'anira lidzakhala losinthidwa pamene kusintha kwa zomangamanga kumasintha.
Kuchita ziwopsezo za cyber nthawi zonse kumakhala mpikisano pakati pa owukira ndi oteteza, chikhumbo cha wowukirayo kuti aba data akatswiri azachitetezo asanatsekereze. Kuzindikira koyambirira kwa omwe akuwukira ndi zochita zawo zosaloledwa, kuphatikiza chitetezo champhamvu pa intaneti, ndiye mfungulo yosungira deta yanu.
Source: www.habr.com