Zvese zvinoda munhu anorwisa inguva uye kukurudzira kuti apinde munetiweki yako. Asi basa redu nderekumudzivisa kuita izvi, kana kuti kuita kuti basa iri rive rakaoma sezvinobvira. Iwe unofanirwa kutanga nekuona kusasimba muActive Directory (inozonzi AD) inogona kushandiswa nemunhu anorwisa kuwana uye kufamba-famba pa network pasina kuonekwa. Nhasi munyaya ino tichatarisa zviratidzo zvengozi zvinoratidza kusasimba kuripo mukuchengetedzwa kwecyber yesangano rako, tichishandisa AD Varonis dashboard semuenzaniso.
Vanorwisa vanoshandisa zvimwe zvigadziriso mudura
Vapanduki vanoshandisa nzira dzakasiyana-siyana dzakangwara uye kusasimba kupinda mukati memakambani network uye kuwedzera maropafadzo. Zvimwe zvezvisizvo izvi zvigadziriso zvedomasi zvinogona kushandurwa zviri nyore kana zvangoonekwa.
Iyo AD dashibhodhi ichakurumidza kukuzivisa iwe kana iwe (kana masystem administrator) usati wachinja password yeKRBTGT mumwedzi wapfuura, kana kana mumwe munhu akatendeseka neiyo default yakavakirwa-mukati Administrator account. Aya maakaunti maviri anopa mukana usingaperi kunetiweki yako: vanorwisa vanoedza kuwana mukana kwavari kuti vapfuure nyore chero zvirambidzo muropafadzo uye mvumo yekuwana. Uye, semhedzisiro, ivo vanowana mukana kune chero data inovafarira.
Ehe, iwe unogona kuzvionera wega kusazvibata uku: semuenzaniso, isa chiyeuchidzo chekarenda kuti utarise kana kumhanyisa PowerShell script kuti utore ruzivo urwu.
Varonis dashboard iri kuvandudzwa otomatiki kupa kuoneka nekukurumidza uye kuongororwa kweakakosha metrics anosimbisa zvinogona kuitika kuti iwe utore chiito nekukasira kuzvigadzirisa.
3 Key Domain Level Risk Indicators
Pazasi pane huwandu hwemajeti anowanikwa paVaronis dashboard, kushandiswa kwayo kuchawedzera zvakanyanya kuchengetedzwa kweiyo corporate network uye IT zvivakwa zvakazara.
1. Nhamba yemadomasi ayo password yeakaundi yeKerberos isina kuchinjirwa kwenguva yakakosha
Iyo KRBTGT account iaccount yakakosha muAD inosaina zvese . Vanorwisa vanowana mukana wekutonga domain (DC) vanogona kushandisa iyi account kugadzira , izvo zvinovapa mukana usingagumi kune chero system pane network yemakambani. Takasangana nemamiriro ezvinhu apo, mushure mekubudirira kuwana Golden Ticket, munhu anorwisa aikwanisa kuwana network yesangano kwemakore maviri. Kana iyo KRBTGT account password mukambani yako isina kuchinjwa mumazuva makumi mana apfuura, iyo widget ichakuzivisa iwe nezve izvi.
Mazuva makumi mana anopfuura nguva yakakwana yekuti anorwisa awane mukana kune network. Nekudaro, kana iwe ukamanikidza uye nekumisa maitiro ekuchinja password iyi nguva nenguva, zvinozoita kuti zvinyanye kuomera munhu anorwisa kupaza network yako yekambani.
Rangarira kuti zvinoenderana nekushandiswa kweMicrosoft kweKerberos protocol, unofanirwa KRBTGT.
Mune ramangwana, iyi AD widget ichakuyeuchidza kana yave nguva yekuchinja password yeKRBTGT zvakare kune ese madomasi panetiweki yako.
2. Nhamba yemadomasi uko yakavakirwa-mukati Administrator account yakashandiswa nguva pfupi yadarika
Maererano ne - vatariri vehurongwa vanopihwa maakaundi maviri: yekutanga account yekushandiswa kwemazuva ese, uye yechipiri ndeyebasa rakarongwa rekutonga. Izvi zvinoreva kuti hapana munhu anofanirwa kushandisa iyo default administrator account.
Iyo yakavakirwa-mukati maneja account inowanzo shandiswa kurerutsa maitiro ekutonga system. Izvi zvinogona kuita tsika yakaipa, zvichiguma nekubira. Kana izvi zvikaitika musangano rako, uchanetseka kusiyanisa pakati pemashandisiro akanaka eakaundi ino uye kuwana kwakaipa.
Kana iyo widget ichiratidza chimwe chinhu kunze kwe zero, saka mumwe munhu haasi kushanda nemazvo nemaaccount account. Muchiitiko ichi, iwe unofanirwa kutora matanho ekugadzirisa uye kudzikisira kupinda kune yakavakirwa-mukati maneja account.
Kana uchinge wawana kukosha kwewidget ye zero uye vatariri vehurongwa havachashandise iyi account pabasa ravo, zvino mune ramangwana, chero shanduko pairi inoratidza inogona kuitika cyber kurwiswa.
3. Nhamba yenzvimbo dzisina boka reVashandi Vanodzivirirwa
Shanduro dzekare dzeAD dzakatsigira rudzi rusina kusimba rwekunyorera - RC4. Matsotsi akagera RC4 makore mazhinji apfuura, uye iko zvino ibasa diki kuti munhu anorwisa abhambe account ichiri kushandisa RC4. Iyo vhezheni yeActive Directory yakaunzwa muWindows Server 2012 yakaunza rudzi rutsva rweboka revashandisi rainzi Protected Users Group. Inopa mamwe maturusi ekuchengetedza uye inodzivirira kuvimbiswa kwemushandisi uchishandisa RC4 encryption.
Widget iyi icharatidza kana chero domain iri musangano irikushaikwa neboka rakadaro kuti iwe ugone kuzvigadzirisa, i.e. gonesa boka revashandisi vakachengetedzwa uye vashandise kuchengetedza zvivakwa.
Zvinangwa zviri nyore zvevanorwisa
Maakaunti emushandisi ndiyo nhamba yekutanga kunangwa kune vanorwisa, kubva pakuedza kwekutanga kupinda kuenda kuenderera mberi nekukwira kweropafadzo uye kuvanzika kwezviitiko zvavo. Vanorwisa vanotsvaga zvibodzwa zviri nyore panetiweki yako vachishandisa mirairo yePowerShell iyo inowanzonetsa kuona. Bvisa zvakawanda zveizvi zviri nyore zvinangwa kubva kuAD sezvinobvira.
Vanorwisa vari kutsvaga vashandisi vane mapassword asingapere nguva (kana vasingade mapassword), maakaundi ehunyanzvi ari mamaneja, uye maakaundi anoshandisa legacy RC4 encryption.
Chero yeaya maakaundi anogona kunge ari madiki kuwana kana kazhinji kusatariswa. Vanorwisa vanogona kutora aya maakaundi uye kufamba vakasununguka mukati mezvivakwa zvako.
Kana varwisi vangopinda munzvimbo yekuchengetedza, vangangowana mukana weinenge account imwe. Unogona here kuvamisa kuti vasvike kune yakavanzika data kurwiswa kusati kwaonekwa uye kurimo?
Iyo Varonis AD dashboard inonongedza ari panjodzi mushandisi maakaundi kuitira kuti ugone kugadzirisa matambudziko nekusimba. Kunyanya kuoma kupinda kunetiweki yako, zviri nani mikana yako yekumisa munhu anorwisa asati akonzera kukuvara kwakanyanya.
4 Key Risk Indicators for User Accounts
Pazasi pane mienzaniso yeVaronis AD dashboard majeti anosimbisa iyo inonyanya kunetseka mushandisi maakaundi.
1. Nhamba yevashandisi vanoshanda vane mapassword asina kupera nguva
Kune chero anorwisa kuti awane mukana weiyo account inogara iri budiriro huru. Sezvo password isati yapera, munhu anorwisa ane nzvimbo yekusingaperi mukati metiweki, iyo inogona kushandiswa kana mafambiro mukati mezvivakwa.
Vanorwisa vane rondedzero yemamirioni emushandisi-password musanganiswa wavanoshandisa mukurovedzera kurwisa, uye mukana ndewekuti.
kuti musanganiswa wemushandisi ane "ekusingaperi" password iri mune imwe yeaya rondedzero, yakakura kudarika zero.
Maakaundi ane mapassword asiri kupera ari nyore kubata, asi haana kuchengeteka. Shandisa widget iyi kuwana maakaundi ese ane mapassword akadaro. Chinja iyi kuseta uye gadzirisa password yako.
Kana kukosha kwewidget iyi kwaiswa zero, chero maakaundi matsva akagadzirwa nepassword iyoyo anozoonekwa mudhibhodhi.
2. Nhamba yeakaunti yekutonga neSPN
SPN (Service Principal Name) chiziviso chakasiyana chechiitiko chesevhisi. Iyi widget inoratidza kuti mangani maakaundi masevhisi ane kodzero dzakakwana dzemaneja. Kukosha kwewidget kunofanirwa kuve zero. SPN ine kodzero dzekutonga inoitika nekuti kupa kodzero dzakadaro kwakanakira vatengesi vesoftware uye maneja ekushandisa, asi zvinoisa njodzi yekuchengetedza.
Kupa mvumo yekutonga account yesevhisi kunobvumira munhu anorwisa kuti awane mukana wakazara kuakaundi isiri kushandiswa. Izvi zvinoreva kuti vanorwisa vane mukana wekupinda maakaundi eSPN vanogona kushanda vakasununguka mukati mezvivakwa pasina kuita kuti mabasa avo atariswe.
Unogona kugadzirisa nyaya iyi nekushandura mvumo pamaakaundi ebasa. Maakaunti akadaro anofanirwa kuve ari pasi pemusimboti werunako rudiki uye kuve nekuwana chete kunonyanya kudiwa pakushanda kwavo.
Uchishandisa iyi widget, unogona kuona ese maSPN ane kodzero dzekutonga, bvisa rombo rakadaro, uye wozoongorora maSPN uchishandisa iwo musimboti wekuwana rombo rakanaka.
Iyo ichangobva kuoneka SPN icharatidzwa pane dashboard, uye iwe unozogona kutarisa maitiro aya.
3. Nhamba yevashandisi vasingade Kerberos pre-authentication
Sezvineiwo, Kerberos encrypt tikiti rechokwadi uchishandisa AES-256 encryption, iyo inoramba isingatyoke kusvika nhasi.
Nekudaro, shanduro dzekare dzeKerberos dzakashandisa RC4 encryption, iyo inogona kuputswa mumaminitsi. Iyi widget inoratidza kuti ndeapi maakaundi emushandisi achiri kushandisa RC4. Microsoft ichiri kutsigira RC4 yekudzokera kumashure, asi hazvireve kuti unofanira kuishandisa muAD yako.
Kana uchinge waona maakaundi akadaro, unofanirwa kusatarisa "hazvidi Kerberos pre-mvumo" cheki bhokisi muAD kumanikidza maakaundi kuti ashandise yakanyanyisa encryption.
Kutsvaga aya maakaunti iwe pachako, pasina iyo Varonis AD dashboard, inotora nguva yakawanda. Muchokwadi, kuziva maakaundi ese akagadziridzwa kuti ashandise RC4 encryption ibasa rakatooma.
Kana kukosha kwewidget kuchichinja, izvi zvinogona kuratidza chiitiko chisiri pamutemo.
4. Nhamba yevashandisi vasina password
Vanorwisa vanoshandisa mirairo yePowerShell yakakosha kuverenga iyo "PASSWD_NOTREQD" mureza kubva kuAD mune account zvivakwa. Kushandiswa kwemureza uyu kunoratidza kuti hapana pasiwedhi zvinodiwa kana kuomarara zvinodiwa.
Zviri nyore sei kuba account nepassword iri nyore kana isina? Zvino fungidzira kuti imwe yemaakaundi aya maneja.
Ko kana imwe yezviuru zvemafaira ezvakavanzika akavhurirwa munhu wese iri kuuya rondedzero yemari?
Kuregeredza iyo inosungirwa password inodiwa ndeimwe nzira yekudimbudzira system yaiwanzo shandiswa kare, asi isingagamuchirwe kana kuchengetedzeka nhasi.
Gadzirisa nyaya iyi nekuvandudza mapassword emaakaundi aya.
Kuongorora iyi widget mune ramangwana kuchakubatsira kudzivirira maakaundi pasina password.
Varonis inokanganisa mikana
Kare, basa rekuunganidza nekuongorora ma metrics anotsanangurwa muchinyorwa ichi raitora maawa akawanda uye raida ruzivo rwakadzama rwePowerShell, richida kuti zvikwata zvekuchengetedza zvigovere zviwanikwa kumabasa akadaro svondo rega rega kana mwedzi. Asi kuunganidzwa kwemanyorerwo uye kugadzirisa ruzivo urwu kunopa vanorwisa musoro kutanga kupinza uye kuba data.
Π‘ Iwe unozopedza zuva rimwe chete kuendesa iyo AD dashibhodhi uye zvimwe zvikamu, unganidza kusagadzikana kwese kwakakurukurwa uye zvimwe zvakawanda. Mune ramangwana, panguva yekushanda, iyo yekutarisa pani ichagadziridzwa otomatiki sezvo mamiriro ezvivakwa zvinoshanduka.
Kuita cyber kurwiswa kunogara kuri mujaho pakati pevanorwisa nevadziviriri, chishuwo cheanorwisa chekuba data nyanzvi dzezvekuchengetedza dzisati dzavharisa kupinda kwairi. Kuonekwa kwekutanga kwevanorwisa uye zviitiko zvavo zvisiri pamutemo, pamwe nekudzivirira kwakasimba kwecyber, ndiyo kiyi yekuchengetedza data rako.
Source: www.habr.com