Scheme yekudonhedza data kuburikidza neWebhu Proxy Auto-Discovery (WPAD) nekuda kwemazita kudhumhana (munyaya iyi, kudhumhana kwenzvimbo yemukati ine zita reimwe gTLD itsva, asi essence yakafanana). Kwakabva: , 2016
Mike O'Connor, mumwe wevakuru vekudyara mumazita emazita, iyo ine ngozi zvakanyanya uye ine gakava muunganidzwa wayo: domain corp.com yemadhora miriyoni 1,7. Muna 1994, O'Connor akatenga akawanda akareruka mazita edomasi, akadai segrill.com, place.com, pub.com nemamwe. Pakati pavo paiva corp.com, iyo Mike akachengeta kwemakore 26. Muridzi akanga atova nemakore 70 uye akasarudza kuita mari mari yake yekare.
Dambudziko nderekuti corp.com inogona kuve nengozi kune angangoita 375 emakomputa emakambani nekuda kwekugadzika kwekugadziriswa kweActive Directory panguva yekuvakwa kwemakambani intranets mukutanga 000s zvichibva paWindows Server 2000, apo mudzi wemukati waingotsanangurwa se "corp. .β Kusvika kutanga kwe2010s, iyi yanga isiri nyaya, asi nekukwira kwemalaptops munzvimbo dzebhizinesi, vashandi vazhinji vakatanga kutamisa makomputa avo ebasa kunze kwetiweki yemakambani. Zvimiro zveActive Directory kuitiswa zvinotungamira kune chokwadi chekuti kunyangwe pasina yakananga mushandisi chikumbiro ku//corp, akati wandei maapplication (semuenzaniso, tsamba) anogogodza pane yaanoziva ari ega. Asi kana iri yekubatana kwekunze kune network mune yakajairwa cafe yakatenderedza pakona, izvi zvinotungamira kune rwizi rwe data uye zvikumbiro zvinodururira pa. corp.com.
Iye zvino O'Connor anotarisira chaizvo kuti Microsoft pachayo ichatenga iyo dura uye, mutsika dzakanakisa dzeGoogle, inoodza pane imwe nzvimbo ine rima uye isingasvikike kune vekunze, dambudziko nekusagadzikana kwakakosha kweWindows network richagadziriswa.
Active Directory uye kudhumhana kwezita
Makambani emakambani anomhanyisa Windows anoshandisa iyo Active Directory dhairekitori sevhisi. Inobvumira vatariri kushandisa marongero eboka kuti vaone kurongeka kwakafanana kwenzvimbo yebasa remushandisi, kuendesa software pamakomputa akawanda kuburikidza nemapoka emapoka, kuita mvumo, nezvimwe.
Active Directory inosanganiswa neDNS uye inomhanya pamusoro peTCP/IP. Kutsvaga mauto mukati metiweki, iyo Web Proxy Auto-Discovery (WAPD) protocol uye basa (yakavakwa muWindows DNS Client). Iyi ficha inoita kuti zvive nyore kutsvaga mamwe makomputa kana maseva pasina kupa zita rakazara rinonyatsokodzera.
Semuenzaniso, kana kambani ichishanda netiweki yemukati inonzi internalnetwork.example.com, uye mushandi anoda kuwana dhiraivha yakagoverwa inonzi drive1, hapana chikonzero chekupinda drive1.internalnetwork.example.com mu Explorer, ingonyora \ drive1 - uye Windows DNS mutengi anozadzisa zita racho pacharo.
Mune shanduro dzekare dzeActive Directory-semuenzaniso, Windows 2000 Server-iyo yakasarudzika yechikamu chechipiri chekambani domain yaive. corp. Uye makambani mazhinji akachengeta default kune yavo yemukati domain. Zvakatonyanya kuipa, vazhinji vatanga kuvaka network yakakura pamusoro peiyo isina kukanganisa setup.
Mumazuva emakomputa edesktop, iyi yanga isiri nyaya yekuchengetedza nekuti hapana akatora makomputa aya kunze kwekambani network. Asi chii chinoitika kana mushandi anoshanda mukambani ine network network corp mu Active Directory inotora laptop yekambani uye inoenda kune yemuno Starbucks? Ipapo iyo Web Proxy Auto-Discovery (WPAD) protocol uye DNS zita rekushandura basa rinotanga kushanda.
Pane mukana wakakura wekuti mamwe masevhisi ari palaptop acharamba achigogodza pane yemukati dura corp, asi hauzoiwana, uye panzvimbo pezvo zvikumbiro zvichagadziriswa kune corp.com domain kubva paInternet yakavhurika.
Mukuita, izvi zvinoreva kuti muridzi wecorp.com anogona kungobata zvikumbiro zvepachivande kubva kumazana ezviuru zvemakomputa anosiya netsaona munzvimbo yekambani vachishandisa zita. corp yenzvimbo yako muActive Directory.
Kubuda kweWPAD zvikumbiro muAmerican traffic. Kubva ku2016 University yeMichigan kudzidza,
Sei iyo domain isati yatengeswa?
Muna 2014, nyanzvi dzeICANN dzakaburitswa kudhumhana kwemazita muDNS. Chidzidzo ichi chakatsigirwa muchikamu neDhipatimendi reUnited States reHomeland Security nekuti ruzivo rwunodonha kubva kunetiweki dzemukati harutyisidzire makambani ekutengesa chete, asiwo masangano ehurumende, kusanganisira Secret Service, masangano ehungwaru uye matavi ehondo.
Mike aida kutengesa corp.com gore rapfuura, asi muongorori Jeff Schmidt akamukurudzira kuti anonoke kutengesa zvichibva pamushumo wambotaurwa. Chidzidzo ichi zvakare chakawana kuti makomputa mazana matatu nemakumi manomwe neshanu anoedza kubata corp.com zuva rega rega pasina ruzivo rwevaridzi vawo. Izvo zvikumbiro zvaive nekuedza kupinda mumatraneti emakambani, kuwana network kana mafaera.
Sechikamu chekuyedza kwake, Schmidt, pamwe neJAS Global, vakatevedzera pa corp.com nzira iyo Windows LAN inogadzirisa mafaera uye zvikumbiro. Nekuita izvi, ivo, chokwadi, vakavhura portal kugehena kune chero nyanzvi yekuchengetedza ruzivo:
Zvakanga zvakaipa. Takamisa kuyedza mushure memaminitsi gumi nemashanu uye takaparadza [ese akawanikwa] data. Muedzi anozivikanwa uyo akaraira JAS nezvenyaya iyi akataura kuti kuedza kwacho kwakafanana ne "mvura yeruzivo rwakavanzika" uye kuti akange asati amboona zvakadaro.
[Takaseta tsamba yekugamuchira tsamba pa corp.com] uye mushure meawa imwe takatambira maemail anopfuura mamirioni gumi nemaviri, mushure mezvo takamisa kuyedza. Kunyangwe maemail mazhinji aive otomatiki, takaona kuti mamwe aive [chengetedzo] anonzwa uye saka takaparadza iyo yese data yakaiswa pasina kumwe kuongorora.
Schmidt anotenda kuti vatungamiri pasi rose vanga vachigadzirira botnet ine ngozi zvikuru munhoroondo kwemakumi emakore. Mazana ezviuru zvemakomputa anoshanda akazara pasirese akagadzirira kwete kungoita chikamu che botnet, asiwo kupa zvakavanzika data nezvevaridzi vavo nemakambani. Zvese zvaunoda kuti uite kuti utore mukana pazviri control corp.com. Muchiitiko ichi, chero muchina wakambobatanidzwa kune network yekambani, iyo Active Directory yakagadziridzwa kuburikidza // corp, inova chikamu che botnet.
Microsoft yakasiya dambudziko 25 makore apfuura
Kana iwe uchifunga kuti MS yaisaziva nezve inoenderera bacchanalia kutenderera corp.com, saka wakarasika zvakanyanya. Iri ndiro peji rakamhara vashandisi vebeta vhezheni yeFrontPage '97, ine corp.com yakanyorwa seiyo default URL:
Mike paakaneta neizvi, corp.com yakatanga kuendesa vashandisi kune webhusaiti yekutengesa zvepabonde. Mukupindura, akagamuchira zviuru zvetsamba dzakashatirwa kubva kuvashandisi, iyo yaakaendesa zvakare kuburikidza nekopi kuna Bill Gates.
Nenzira, Mike pachake, nekuda kwekuda kuziva, akagadzira mail server uye akagamuchira tsamba dzakavanzika pa corp.com. Akaedza kugadzirisa matambudziko aya pachake nekubata makambani, asi havana kuziva nzira yekugadzirisa mamiriro acho ezvinhu:
Pakarepo, ndakatanga kugamuchira maemail akavanzika, kusanganisira yekutanga shanduro dzemakambani ezvemari kuUS Securities and Exchange Commission, mishumo yehupfumi hwevanhu uye zvimwe zvinhu zvinotyisa. Ndakamboedza kunyorerana tsamba nemakambani kwekanguva, asi mazhinji acho akanga asingazivi zvokuita nazvo. Saka ndakazongoidzima [sevha yetsamba].
MS haina kutora chero chiito chinoshanda, uye kambani inoramba kutaura nezvemamiriro ezvinhu. Ehe, Microsoft yakaburitsa akati wandei Active Directory inogadziridza mumakore ayo anogadzirisa zvishoma zita rezita rekudhumhana dambudziko, asi ivo vane akati wandei matambudziko. Iyo kambani yakagadzira zvakare mazano pakumisikidza mazita emadomasi emukati, kurudziro yekuve neyako yechipiri-level domain kudzivirira kunetsana, uye zvimwe zvidzidzo zvisingawanzo kuverengwa.
Asi chinhu chinonyanya kukosha chiri mukuvandudzwa. Kutanga: kuti uzvishandise, unofanirwa kuisa zvachose pasi intranet yekambani. Chechipiri: mushure mekuvandudzwa kwakadaro, mamwe maapplication anogona kutanga kushanda zvishoma nezvishoma, zvisizvo, kana kumira kushanda zvachose. Zviri pachena kuti makambani mazhinji ane akavakirwa-up corporate network haazotore njodzi dzakadaro munguva pfupi. Pamusoro pezvo, vazhinji vavo havatombozivi kuzara kwakazara kwekutyisidzira kuzere nekudzoreredzwa kwezvese ku corp.com kana muchina unotorwa kunze kwetiweki yemukati.
Maximum irony inowanikwa paunotarisa . Saka, maererano nedata rake, zvimwe zvikumbiro kune corp.com zvinobva kuMicrosoft's intranet.
Uye chii chichatevera kuitika?
Zvingaita sekuti mhinduro yemamiriro ezvinhu aya iri pamusoro uye yakatsanangurwa pakutanga kwechinyorwa: rega Microsoft itenge dhoma raMike kubva kwaari uye kumurambidza kumwe muwadhiropu iri kure zvachose.
Asi hazvisi nyore kudaro. Microsoft yakapa O'Connor kutenga nzvimbo yake ine muchetura kumakambani pasi rese makore akati wandei apfuura. Ndizvo chete Hofori yakapa madhora zviuru makumi maviri chete zvekuvhara gomba rakadai mumanetwork aro.
Ikozvino domain inopihwa $ 1,7 miriyoni.Uye kunyangwe Microsoft ikafunga kuitenga panguva yekupedzisira, vachave nenguva here?
Vashandisi vakanyoresa chete ndivo vanogona kutora chikamu muongororo. , Munogamuchirwa.
Waizoita sei dai wanga uri O'Connor?
-
59,6%Rega Microsoft itenge iyo domain nemadhora 1,7 miriyoni, kana kurega mumwe munhu achitenga.501
-
3,4%Ndaizoitengesa ne$20 thousand, handidi kupinda munhorondo semunhu akadurura dambarefu rakadaro kune mumwe munhu asingazivikanwe.29
-
3,3%Ini ndaizozviviga ini zvachose kana Microsoft ikatadza kuita sarudzo yakanaka.28
-
21,2%Ini ndaizonyatso tengesa iyo domain kune hackers pamusoro pekuti vanoparadza mukurumbira weMicrosoft munharaunda yekambani. Vanoziva nezvedambudziko kubva 1997!178
-
12,4%Ini ndaizogadzira botnet + mail server ini ndotanga kusarudza mafambiro enyika.104
840 vashandisi vakavhota. 131 mushandisi haana.
Source: www.habr.com