Ngatitaurirei nyaya inotonhorera pamusoro pekuti "vechitatu mapato" vakaedza sei kukanganisa basa revatengi vedu, uye kuti dambudziko iri rakagadziriswa sei.
Zvakatanga sei
Zvose zvakatanga mangwanani aOctober 31, zuva rokupedzisira remwedzi, apo vakawanda vanoda chaizvo kuwana nguva yekugadzirisa nyaya dzinokurumidza uye dzinokosha.
Mumwe wevanobatirana navo, anochengeta akati wandei machina evatengi vaanoshandira mugore redu, akataura kuti kubva 9:10 kusvika 9:20 akati wandei Windows maseva anomhanya panzvimbo yedu yeUkraine saiti haana kugamuchira kubatana kune kure kure sevhisi , vashandisi havana kukwanisa. kupinda mumatafura avo, asi mushure memaminitsi mashoma dambudziko rakaita sekunge razvigadzirisa.
Isu takasimudza huwandu hwekushanda kwematanho ekutaurirana, asi hatina kuwana chero kukwira kwemotokari kana kutadza. Isu takatarisa huwandu hwemutoro pamakomputa zviwanikwa - hapana anomalies. Uye chaiva chii ichocho?
Zvino mumwe mubatsiri, anotambira mamwe maseva zana mugore redu, akataura matambudziko akafanana neakacherechedzwa nevamwe vatengi vavo, uye zvakazoitika kuti kazhinji maseva aiwanikwa (achipindura nenzira kwayo bvunzo yeping nezvimwe zvikumbiro), asi. iyo sevhisi yekuwana kure kune aya maseva inogamuchira mitsva yekubatanidza kana kuaramba, uye isu taitaura nezve maseva pane akasiyana saiti, iyo traffic inobva kune dzakasiyana nzira dzekufambisa data.
Ngatitarisei traffic iyi. Paketi ine chikumbiro chekubatanidza inosvika pane sevha:
xx:xx:xx.xxxxxx IP xxx.xxx.xxx.xxx.58355 > 192.168.xxx.xxx.3389: Flags [S], seq 467744439, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
Sevha inogamuchira pakiti iyi, asi inoramba kubatana:
xx:xx:xx.xxxxxx IP 192.168.xxx.xxx.3389 > xxx.xxx.xxx.xxx.58355: Flags [R.], seq 0, ack 467744440, win 0, length 0
Izvi zvinoreva kuti dambudziko racho harina kukonzerwa nematambudziko chero ipi zvayo mukushanda kwezvivakoti, asi nechimwe chinhu. Pamwe vese vashandisi vari kunetsa nerekure desktop rezinesi? Pamwe imwe mhando yemalware yakakwanisa kupinda muhurongwa hwavo, uye nhasi yakagadziriswa, sezvazvaive makore akati wandei apfuura. XData ΠΈ Petya?
Patakanga tichizvigadzirisa, takagamuchira zvikumbiro zvakafanana kubva kune vakati wandei vatengi uye vatinoshanda navo.
Chii chaizvo chinoitika pamichina iyi?
Iwo matanda echiitiko azere nemeseji nezve kuyedza kufungidzira password:
Kazhinji, kuedza kwakadaro kunonyoreswa pane ese maseva uko yakajairwa chiteshi (3389) inoshandiswa kune iri kure yekuwana sevhisi uye kuwana kunobvumidzwa kubva kwese kwese. IInternet yakazara mabhoti anogara achitarisa ese aripo ekubatanidza mapoinzi uye edza kufungidzira password (ndosaka isu tichikurudzira zvakasimba kushandisa mapassword akaoma pane "123"). Zvisinei, kusimba kwekuedza uku zuva iroro kwakanga kwakanyanyisa.
Kuenderera mberi sei?
Inokurudzira kuti vatengi vanopedza nguva yakawanda vachichinja marongero ehuwandu hukuru hwevashandisi vekupedzisira kuti vachinje kune imwe chiteshi? Kwete zano rakanaka, vatengi havangafari. Kurudzira kubvumidza kupinda chete kuburikidza neVPN? Nekukurumidza uye nekuvhunduka, kusimudza IPSec yekubatanidza kune avo vasina ivo vakasimudzwa - pamwe mufaro wakadaro haunyemwerere kune vatengi zvakare. Kunyangwe, ndinofanira kutaura, ichi chinhu chehumwari mune chero mamiriro ezvinhu, isu tinogara tichikurudzira kuviga sevha mune yakavanzika network uye takagadzirira kubatsira nezvirongwa, uye kune avo vanoda kuzvifungidzira ivo pachavo, tinogovera mirairo. yekumisikidza IPSec/L2TP mugore redu mune saiti-kune-saiti kana nzira-murwi, uye kana paine anoda kumisikidza VPN sevhisi paWindows server yavo, vanogara vakagadzirira kugovera matipi ekuti ungamisa sei yakajairwa RAS kana OpenVPN. Asi, zvisinei nekuti tainge tatonhorera zvakadii, iyi yanga isiri nguva yakanakisa yekuita basa rekudzidzisa pakati pevatengi, sezvo taifanira kugadzirisa dambudziko nekukurumidza nekunetseka kushoma kune vashandisi.
Mhinduro yatakaita yaive yakadai. Isu takagadzira ongororo yekupfuura traffic nenzira yekutarisa kuedza kwese kumisa TCP yekubatanidza kune port 3389 uye sarudza kubva mairi kero iyo, mukati me150 masekondi, kuyedza kumisikidza hukama neanopfuura 16 akasiyana maseva pane network yedu. - Aya ndiwo masosi ekurwiswa ( Ehe, kana mumwe wevatengi kana vadyidzani aine chinodikanwa chaicho chekumisikidza hukama nemaseva mazhinji kubva kune imwechete sosi, unogona kugara uchiwedzera masosi akadaro ku "white list." Uyezve, kana mune imwe kirasi C network kune aya 150 masekonzi, anopfuura 32 kero akaonekwa, zvine musoro kuvharira network yese.Kuvharira kunotarwa kwemazuva matatu, uye kana panguva iyi pasina kurwiswa kwakaitwa kubva kune imwe nzvimbo, iyi sosi inobviswa otomatiki kubva ku "black list." Rondedzero yezvakavharika zvinyorwa inovandudzwa masekonzi mazana matatu ega ega.
List iyi inowanikwa pakero iyi: , unogona kuvaka yako ACLs kwakavakirwa pazviri.
Isu takagadzirira kugovera iyo sosi kodhi yehurongwa hwakadaro; hapana chakanyanya kuomarara mairi (aya akati wandei manyoro akaunganidzwa mumaawa mashoma pamabvi), uye panguva imwe chete anogona kuchinjirwa uye kushandiswa kwete. kudzivirira chete kubva pakurwiswa kwakadaro, asiwo kuona uye kuvharidzira chero kuyedza kuongorora network:
Uye zvakare, isu takaita shanduko kune zvigadziriso zveiyo yekutarisa sisitimu, iyo ikozvino yakanyatso tarisisa maitiro eboka rekutonga remaseva ari mugore redu kuyedza kumisikidza RDP yekubatanidza: kana maitiro asingateveri mukati me chechipiri, ichi ndicho chikonzero chekuteerera.
Mhinduro yakazova inoshanda chaizvo: hapasisina zvichemo kubva kune vese vatengi uye vanobatana, uye kubva kune yekutarisa system. Kero nyowani uye network yese inogara ichiwedzerwa kune yakasviba, izvo zvinoratidza kuti kurwiswa kunoenderera, asi hakuchakanganisa basa revatengi vedu.
Kune kuchengeteka muhuwandu
Nhasi tadzidza kuti vamwe vashandisi vakasangana nedambudziko rakafanana. Mumwe munhu achiri kutenda kuti Microsoft yakaita shanduko kune kodhi yebasa rekusvika kure (kana uchirangarira, isu takafungidzira chinhu chimwe chete pazuva rekutanga, asi isu takakurumidza kuramba iyi vhezheni) uye inovimbisa kuita zvese zvinogoneka kuti tiwane mhinduro nekukurumidza. . Vamwe vanhu vanongofuratira dambudziko uye vanorayira vatengi kuti vazvidzivirire ivo pachavo (shandura chiteshi chekubatanidza, kuviga sevha mune yakavanzika network, zvichingodaro). Uye pazuva rekutanga, isu hatina kungogadzirisa dambudziko iri chete, asi zvakare takagadzira imwe hwaro hweimwe yepasirese yekutyisidzira system yatinoronga kugadzira.
Kutenda kwakakosha kune vatengi uye vadyidzani vasina kuramba vakanyarara uye vasina kugara pamahombekombe erwizi vakamirira chitunha chemuvengi kuti chiyangare pairi rimwe zuva, asi takabva takwevera pfungwa dzedu kudambudziko, iro rakatipa mukana wekubvisa. nezuva rimwe chetero.
Source: www.habr.com