Pakampani yathu, monganso m'makampani ena ambiri a IT osati makampani a IT, kuthekera kofikira kutali kwakhalapo kwa nthawi yayitali, ndipo antchito ambiri adagwiritsa ntchito chifukwa chosowa. Ndi kufalikira kwa COVID-19 padziko lapansi, dipatimenti yathu ya IT, malinga ndi ganizo la oyang'anira kampaniyo, idayamba kusamutsa ogwira ntchito omwe akuchokera kumaulendo akunja kupita kuntchito zakutali. Inde, tinayamba kuyesera kudzipatula kuyambira koyambirira kwa Marichi, ngakhale zisanachitike. Pofika pakati pa Marichi, yankho linali litayikidwa kale ku kampani yonse, ndipo kumapeto kwa Marichi tonsefe pafupifupi tidasinthiratu njira yatsopano yogwirira ntchito yakutali kwa aliyense.
Mwaukadaulo, kuti tigwiritse ntchito mwayi wofikira pa intaneti, timagwiritsa ntchito Microsoft VPN (RRAS) - ngati imodzi mwamaudindo a Windows Server. Mukalumikizana ndi netiweki, zida zosiyanasiyana zamkati zimapezeka, kuchokera kumagawo, ntchito zogawana mafayilo, otsata ma bug kupita ku CRM system; kwa ambiri, izi ndizomwe amafunikira pantchito yawo. Kwa iwo omwe akadali ndi malo ogwirira ntchito muofesi, mwayi wa RDP umakonzedwa kudzera pachipata cha RDG.
Nβchifukwa chiyani mwasankha zimenezi kapena nβchifukwa chiyani zili zoyenera kusankha? Chifukwa ngati muli ndi domain ndi zida zina zochokera ku Microsoft, ndiye kuti yankho ndi lodziwikiratu, zitha kukhala zosavuta, mwachangu komanso zotsika mtengo kuti dipatimenti yanu ya IT ikwaniritse. Mukungoyenera kuwonjezera zinthu zingapo. Ndipo zidzakhala zosavuta kwa ogwira ntchito kukonza zigawo za Windows kusiyana ndi kutsitsa ndi kukonza makasitomala owonjezera.
Mukalowa pachipata cha VPN chokha komanso pambuyo pake, polumikizana ndi malo ogwirira ntchito ndi zofunikira zapaintaneti, timagwiritsa ntchito kutsimikizika kwazinthu ziwiri. Zowonadi, zingakhale zachilendo ngati ife, monga opanga njira zotsimikizira zinthu ziwiri, sitinagwiritse ntchito zinthu zathu tokha. Uwu ndiye mulingo wathu wamakampani; wogwira ntchito aliyense ali ndi chizindikiro chokhala ndi satifiketi yake, yomwe imagwiritsidwa ntchito kutsimikizira kuofesi yogwirira ntchito kuderali komanso kuzinthu zamkati zakampani.
Malinga ndi ziwerengero, zopitilira 80% zachitetezo chazidziwitso zimagwiritsa ntchito mawu achinsinsi ofooka kapena kubedwa. Chifukwa chake, kukhazikitsidwa kwa kutsimikizika kwazinthu ziwiri kumawonjezera kwambiri chitetezo cha kampaniyo ndi zinthu zake, kumakupatsani mwayi wochepetsera chiwopsezo cha kuba kapena kuneneratu mawu achinsinsi mpaka pafupifupi ziro, ndikuwonetsetsanso kuti kulumikizana kumachitika ndi wogwiritsa ntchito. Mukakhazikitsa maziko a PKI, kutsimikizika kwachinsinsi kumatha kuyimitsidwa kwathunthu.
Kuchokera pakuwona kwa UI kwa wogwiritsa ntchito, dongosololi ndilosavuta kuposa kulowa malowedwe ndi mawu achinsinsi. Chifukwa chake ndikuti mawu achinsinsi ovuta sakufunikanso kukumbukiridwa, palibe chifukwa choyika zomata pansi pa kiyibodi (kuphwanya malamulo onse otetezedwa), mawu achinsinsi safunikiranso kusinthidwa kamodzi masiku 90 aliwonse (ngakhale izi sizili choncho). amaonedwa kuti ndi njira yabwino kwambiri, koma m'malo ambiri amachitidwabe). Wogwiritsa amangofunika kubwera ndi nambala ya PIN yovuta kwambiri ndipo osataya chizindikirocho. Chizindikiro chokhacho chikhoza kupangidwa mwa mawonekedwe a khadi lanzeru, lomwe lingathe kunyamulidwa mosavuta mu chikwama. Ma tag a RFID amatha kuyikidwa mu tokeni ndi makadi anzeru kuti mufike kuofesi.
Nambala ya PIN imagwiritsidwa ntchito potsimikizira, kupereka mwayi wopeza zidziwitso zazikulu komanso kupanga masinthidwe achinsinsi ndi macheke.Kutaya chizindikiro sikowopsa, chifukwa ndizosatheka kuganiza PIN code; mutayesa pang'ono, idzatsekedwa. Nthawi yomweyo, smart card chip imateteza zidziwitso zofunika kuzichotsa, kupanga ma cloning ndi zina.
China ndi chiyani?
Ngati yankho la nkhani yofikira kutali kuchokera ku Microsoft silili loyenera pazifukwa zina, ndiye kuti mutha kukhazikitsa maziko a PKI ndikukonzekera kutsimikizika kwazinthu ziwiri pogwiritsa ntchito makhadi athu anzeru pamapangidwe osiyanasiyana a VDI (Citrix Virtual Apps ndi Desktops, Citrix ADC, VMware). Horizon, VMware Unified Gateway, Huawei Fusion) ndi machitidwe achitetezo a hardware (PaloAlto, CheckPoint, Cisco) ndi zinthu zina.
Zina mwa zitsanzozo zinakambidwa mβnkhani zathu zapitazo.
M'nkhani yotsatira tikambirana za kukhazikitsa OpenVPN ndi kutsimikizika pogwiritsa ntchito satifiketi kuchokera ku MSCA.
Palibe satifiketi imodzi
Ngati kukhazikitsa maziko a PKI ndikugula zida za Hardware kwa wogwira ntchito aliyense zikuwoneka zovuta kwambiri kapena, mwachitsanzo, palibe kuthekera kwaukadaulo kulumikiza khadi yanzeru, ndiye kuti pali yankho lokhala ndi mapasiwedi anthawi imodzi kutengera seva yathu yotsimikizika ya JAS. Monga otsimikizira, mungagwiritse ntchito mapulogalamu (Google Authenticator, Yandex Key), hardware (RFC iliyonse yogwirizana, mwachitsanzo, JaCarta WebPass). Pafupifupi mayankho onse omwewo amathandizidwa ngati makadi / ma tokeni anzeru. Tidalankhulanso za zitsanzo zina zamasinthidwe muzolemba zathu zam'mbuyomu.
Njira zotsimikizira zitha kuphatikizidwa, ndiko kuti, ndi OTP - mwachitsanzo, ogwiritsa ntchito mafoni okha ndi omwe angaloledwe kulowa, ndipo ma laputopu/makompyuta akale amatha kutsimikiziridwa pogwiritsa ntchito satifiketi pa chizindikiro.
Chifukwa cha mawonekedwe enieni a ntchito yanga, anzanga ambiri omwe si aukadaulo abwera kwa ine ndekha kuti andithandize kukhazikitsa njira zakutali. Kotero ife tinatha kuyang'ana pang'ono kuti ndani akutuluka mu mkhalidwewo ndi momwemo. Panali zodabwitsa zodabwitsa pamene si makampani aakulu kwambiri amagwiritsa ntchito mitundu yotchuka, kuphatikizapo ndi njira ziwiri zotsimikizira. Panalinso zochitika, zodabwitsa kumbali ina, pomwe makampani akuluakulu komanso odziwika bwino (osati IT) adalimbikitsa kungoyika TeamViewer pamakompyuta awo akuofesi.
Pakali pano, akatswiri a kampani "Aladdin R.D." limbikitsani kutenga njira yodalirika yothetsera mavuto akutali kuzinthu zamabizinesi anu. Pa nthawiyi, kumayambiriro kwa ulamuliro wakudzipatula, tinayambitsa .
Source: www.habr.com