Pulogalamu ya ProHoster > Kodi ndizowopsa kusunga RDP yotsegula pa intaneti?

Kodi ndizowopsa kusunga RDP yotsegula pa intaneti?

Nthawi zambiri ndawerengapo malingaliro akuti kusunga doko la RDP (Remote Desktop Protocol) lotseguka pa intaneti ndikowopsa ndipo sikuyenera kuchitika. Koma muyenera kupereka mwayi kwa RDP mwina kudzera mu VPN, kapena kuchokera ku ma adilesi "oyera" a IP.

Ndimayang'anira ma Seva angapo a Windows kwamakampani ang'onoang'ono komwe ndapatsidwa ntchito yopereka mwayi wofikira ku Windows Server kwa owerengera ndalama. Izi ndizochitika zamakono - kugwira ntchito kunyumba. Mwamsanga, ndinazindikira kuti kuzunza owerengera a VPN ndi ntchito yosayamika, ndipo kusonkhanitsa ma IP onse a mndandanda woyera sikungagwire ntchito, chifukwa maadiresi a IP a anthu ndi amphamvu.

Chifukwa chake, ndidatenga njira yosavuta kwambiri - kutumizira doko la RDP kunja. Kuti mupeze mwayi, owerengera ndalama tsopano akuyenera kuyendetsa RDP ndikulowetsa dzina la alendo (kuphatikiza doko), lolowera ndi mawu achinsinsi.

M'nkhaniyi ndigawana zomwe ndakumana nazo (zabwino komanso osati zabwino) ndi malingaliro.

Ngozi

Mukuika pachiwopsezo chanji potsegula doko la RDP?

1) Kufikira kosaloledwa kwa data tcheru
Ngati wina angoganiza zachinsinsi cha RDP, azitha kupeza zomwe mukufuna kukhala zachinsinsi: momwe akauntiyo ilili, zotsalira, zambiri zamakasitomala, ...

2) Kutayika kwa data
Mwachitsanzo, chifukwa cha kachilombo ka ransomware.
Kapena kuchita mwadala kochitidwa ndi wowukira.

3) Kutayika kwa ntchito
Ogwira ntchito akuyenera kugwira ntchito, koma dongosololi likuwonongeka ndipo likufunika kubwezeretsedwanso / kubwezeretsedwa / kukonzedwa.

4) Kusokoneza maukonde akomweko
Ngati wowukira wapeza mwayi wogwiritsa ntchito kompyuta ya Windows, ndiye kuti kuchokera pakompyuta iyi azitha kulumikizana ndi machitidwe omwe sapezeka kunja, kuchokera pa intaneti. Mwachitsanzo, kugawa magawo, kusindikiza ma network, ndi zina.

Ndinali ndi mlandu pomwe Windows Server idagwira chiwombolo

ndipo chiwombolochi chinayamba kubisa mafayilo ambiri pa C: drive kenako ndikuyamba kubisa mafayilo pa NAS pamaneti. Popeza NAS inali Synology, yokhala ndi zithunzi zojambulidwa, ndidabwezeretsa NAS mumphindi 5, ndikuyikanso Windows Server kuyambira poyambira.

Zowonera ndi Malangizo

Ndimayang'anira Windows Server pogwiritsa ntchito Winlogbeat, zomwe zimatumiza zipika ku ElasticSearch. Kibana ali ndi zowonera zingapo, ndipo ndimapanganso dashboard yokhazikika.
Kuwunika kokha sikuteteza, koma kumathandiza kudziwa zoyenera kuchita.

Nazi zina mwazowonera:
a) RDP idzakakamizidwa mwankhanza.
Pa imodzi mwa maseva, ndidayika RDP osati pa doko la 3389, koma pa 443 - chabwino, ndidzibisa ngati HTTPS. Ndikoyenera kusintha doko kuchokera pamtundu wokhazikika, koma sizingachite bwino. Nazi ziwerengero za seva iyi:

Kodi ndizowopsa kusunga RDP yotsegula pa intaneti?

Zitha kuwoneka kuti mu sabata panali pafupifupi 400 kuyesa kosatheka kulowa kudzera pa RDP.
Zitha kuwoneka kuti panali kuyesa kulowa kuchokera ku ma adilesi a IP a 55 (ma adilesi ena a IP anali atatsekedwa kale ndi ine).

Izi zikuwonetsa mwachindunji kuti muyenera kukhazikitsa fail2ban, koma

Palibe zida zotere za Windows.

Pali ma projekiti angapo osiyidwa pa Github omwe akuwoneka kuti akuchita izi, koma sindinayesepo kuwayika:
https://github.com/glasnt/wail2ban
https://github.com/EvanAnderson/ts_block

Palinso zothandizira zolipiridwa, koma sindinaziganizirepo.

Ngati mukudziwa pulogalamu yotseguka yopangira izi, chonde gawanani mu ndemanga.

Pezani: Ndemanga zimasonyeza kuti doko 443 ndi chisankho choipa, ndipo ndi bwino kusankha madoko apamwamba (32000+), chifukwa 443 imafufuzidwa nthawi zambiri, ndipo kuzindikira RDP pa doko ili si vuto.

pomwe: Ndemanga zikuwonetsa kuti chida chotere chilipo:
https://github.com/digitalruby/ipban

b) Pali ma usernames ena omwe otsutsa amakonda
Zitha kuwoneka kuti kufufuzaku kumachitika mudikishonale yokhala ndi mayina osiyanasiyana.
Koma izi ndi zomwe ndidazindikira: kuyesa kwakukulu kukugwiritsa ntchito dzina la seva ngati malowedwe. Malangizo: Osagwiritsa ntchito dzina lomwelo pakompyuta ndi wogwiritsa ntchito. Kuphatikiza apo, nthawi zina zimawoneka ngati akuyesera kuyika dzina la seva mwanjira ina: mwachitsanzo, pamakina omwe ali ndi dzina la DESKTOP-DFTHD7C, kuyesa kwambiri kulowa ndi dzina la DFTHD7C:

Kodi ndizowopsa kusunga RDP yotsegula pa intaneti?

Chifukwa chake, ngati muli ndi kompyuta ya DESKTOP-MARIA, mwina mukuyesera kulowa ngati wogwiritsa ntchito MARIA.

Chinthu china chimene ndinachiwona kuchokera ku zipika: pamakina ambiri, zoyesayesa zambiri zolowera zimakhala ndi dzina lakuti "woyang'anira". Ndipo izi sizopanda chifukwa, chifukwa m'mitundu yambiri ya Windows, wogwiritsa ntchitoyu alipo. Komanso, sizingachotsedwe. Izi zimathandizira kuti ntchitoyi ikhale yosavuta kwa omwe akuukira: m'malo mongoganizira dzina ndi mawu achinsinsi, muyenera kungoganizira mawu achinsinsi.
Mwa njira, makina omwe adagwira chiwombolo anali ndi Woyang'anira wogwiritsa ntchito ndi mawu achinsinsi a Murmansk #9. Sindikudziwa kuti dongosololi linabedwa bwanji, chifukwa ndidayamba kuyang'anira izi zitachitika, koma ndikuganiza kuti kuchulukirachulukira ndizotheka.
Ndiye ngati wogwiritsa ntchito Administrator sangathe kuchotsedwa, ndiye muyenera kuchita chiyani? Mutha kuyisinthanso!

Malingaliro ochokera ndimeyi:

  • musagwiritse ntchito dzina lolowera pakompyuta
  • onetsetsani kuti palibe wogwiritsa ntchito Administrator padongosolo
  • gwiritsani ntchito mawu achinsinsi amphamvu

Chifukwa chake, ndakhala ndikuwonera Ma seva angapo a Windows omwe ali pansi pa ulamuliro wanga akukakamizidwa mwankhanza kwa zaka zingapo tsopano, ndipo osachita bwino.

Kodi ndikudziwa bwanji kuti sizinaphule kanthu?
Chifukwa pazithunzi pamwambapa mutha kuwona kuti pali zipika zama foni opambana a RDP, omwe ali ndi chidziwitso:

  • kuchokera ku IP
  • kuchokera pa kompyuta (hostname)
  • Lolowera
  • Zambiri za GeoIP

Ndipo ndimayang'ana kumeneko pafupipafupi - palibe zolakwika zomwe zapezeka.

Mwa njira, ngati IP inayake ikukakamizidwa mwamphamvu kwambiri, ndiye kuti mutha kuletsa ma IP (kapena ma subnets) monga chonchi mu PowerShell:

New-NetFirewallRule -Direction Inbound -DisplayName "fail2ban" -Name "fail2ban" -RemoteAddress ("185.143.0.0/16", "185.153.0.0/16", "193.188.0.0/16") -Action Block

Mwa njira, Elastic, kuwonjezera pa Winlogbeat, ilinso Auditbeat, yomwe imatha kuyang'anira mafayilo ndi machitidwe pa dongosolo. Palinso pulogalamu ya SIEM (Security Information & Event Management) ku Kibana. Ndinayesa zonse ziwiri, koma sindinawone phindu lalikulu - zikuwoneka ngati Auditbeat ikhala yothandiza pamakina a Linux, ndipo SIEM sinandiwonetse chilichonse chomveka.

Chabwino, malingaliro omaliza:

  • Pangani zosunga zobwezeretsera nthawi zonse.
  • khazikitsani Zosintha Zachitetezo munthawi yake

Bonasi: mndandanda wa ogwiritsa ntchito 50 omwe amagwiritsidwa ntchito nthawi zambiri poyesa kulowa mu RDP

"user.name: Kutsika"
Chiwerengero

dfthd7c (dzina la alendo)
842941

winsrv1 (dzina la alendo)
266525

WOYANG'ANIRA
180678

mtsogoleri
163842

woyang'anira
53541

Michael
23101

seva
21983

steve
21936

Yohane
21927

paul
21913

phwando
21909

Mike
21899

ofesi
21888

chojambulira
21887

jambulani
21867

Davide
21865

Chris
21860

mwini
21855

bwana
21852

woyang'anira
21841

Brian
21839

mtsogoleri
21837

chilemba
21824

ogwira
21806

ADMIN
12748

muzu
7772

WOYANG’ANIRA
7325

MUZITHANDIZA
5577

MTHANDIZA
5418

USER
4558

boma
2832

KUYESERA
1928

MySQL
1664

boma
1652

GUZANI
1322

USER1
1179

Sikana
1121

SANKHA
1032

WOYANG’ANIRA
842

ADMIN1
525

KULUMA
518

MySqlAdmin
518

KULANDIRA
490

USER2
466

TEMP
452

SQLADMIN
450

USER3
441

1
422

WOYang'anira
418

mwini
410

Source: www.habr.com

Kuwonjezera ndemanga