I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Indawo yokusebenza yomsebenzisi iyindawo engcupheni kakhulu yengqalasizinda ngokuya ngokuvikeleka kolwazi. Abasebenzisi bangase bathole incwadi eya ku-imeyili yabo yomsebenzi ebonakala ivela kumthombo ophephile, kodwa enesixhumanisi esiya kusayithi elithelelekile. Mhlawumbe othile uzolanda insiza ewusizo yomsebenzi endaweni engaziwa. Yebo, ungathola inqwaba yezimo zokuthi uhlelo olungayilungele ikhompuyutha lungangena kanjani kuzinsiza zangaphakathi zenkampani ngokusebenzisa abasebenzisi. Ngakho-ke, izindawo zokusebenza zidinga ukunakwa okwengeziwe, futhi kulesi sihloko sizokutshela ukuthi yiziphi izenzakalo okufanele uzithathe ukuze uqaphe ukuhlaselwa.

Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Ukuze kutholwe ukuhlasela ngokushesha okukhulu ngangokunokwenzeka, i-WIndows inemithombo yomcimbi emithathu ewusizo: Ilogi Yomcimbi Wokuvikela, Ilogi Yokuqapha Isistimu, kanye Namalogi Amandla Wesheli.

Irekhodi Lomcimbi Wokuphepha

Lena indawo yokugcina enkulu yamalogi okuvikela esistimu. Lokhu kufaka phakathi izehlakalo zokungena/ukuphuma komsebenzisi, ukufinyelela ezintweni, izinguquko zenqubomgomo, neminye imisebenzi ehlobene nokuvikeleka. Kunjalo, uma inqubomgomo efanele ilungiswa.

Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Ukubalwa kwabasebenzisi namaqembu (imicimbi 4798 kanye 4799). Ekuqaleni kokuhlasela, uhlelo olungayilungele ikhompuyutha ngokuvamile lusesha kuma-akhawunti omsebenzisi wendawo kanye namaqembu endawo endaweni yokusebenza ukuze kutholwe izifakazelo zokusebenzelana kwayo okunethunzi. Lezi zenzakalo zizosiza ukuthola ikhodi enonya ngaphambi kokuthi iqhubeke futhi, kusetshenziswa idatha eqoqiwe, isabalale kwamanye amasistimu.

Ukwakhiwa kwe-akhawunti yendawo kanye nezinguquko kumaqembu endawo (imicimbi 4720, 4722–4726, 4738, 4740, 4767, 4780, 4781, 4794, 5376 kanye no-5377). Ukuhlasela kungase futhi kuqale, isibonelo, ngokwengeza umsebenzisi omusha eqenjini labaphathi bendawo.

Imizamo yokungena nge-akhawunti yendawo (umcimbi 4624). Abasebenzisi abahloniphekile bangena nge-akhawunti yesizinda, futhi ukukhomba ukungena ngaphansi kwe-akhawunti yendawo kungasho ukuqala kokuhlasela. Umcimbi 4624 uhlanganisa nokungena ngaphansi kwe-akhawunti yesizinda, ngakho-ke lapho ucubungula imicimbi, udinga ukuhlunga imicimbi lapho isizinda sihlukile kunegama lendawo yokusebenza.

Umzamo wokungena nge-akhawunti eshiwo (umcimbi 4648). Lokhu kwenzeka uma inqubo isebenza kumodi ethi "run as". Lokhu akufanele kwenzeke ngesikhathi sokusebenza okuvamile kwezinhlelo, ngakho-ke izenzakalo ezinjalo kufanele zilawulwe.

Ukukhiya/ukuvula indawo yokusebenza (imicimbi 4800-4803). Isigaba sezehlakalo ezisolisayo sihlanganisa noma yiziphi izenzo ezenzeke endaweni yokusebenza ekhiyiwe.

Izinguquko zokucushwa kwe-Firewall (imicimbi 4944-4958). Ngokusobala, lapho ufaka isofthiwe entsha, izilungiselelo zokucushwa kwe-firewall zingashintsha, okuzokwenza kube nemibono engamanga. Ezimweni eziningi, asikho isidingo sokulawula izinguquko ezinjalo, kodwa ngeke neze kube buhlungu ukwazi ngazo.

Ixhuma amadivayisi we-Plug'n'play (umcimbi 6416 nowe-WIndows 10 kuphela). Kubalulekile ukubeka iso kulokhu uma abasebenzisi ngokuvamile bengaxhumi amadivaysi amasha endaweni yokusebenza, kodwa ngokuzumayo bayakwenza.

I-Windows ihlanganisa izigaba zokucwaninga ezingu-9 kanye nezigatshana ezingu-50 zokulungiswa kahle. Isethi encane yezigaba ezingezansi okufanele inikwe amandla kuzilungiselelo:

I-logon / i-Logoff

  • Ilogon;
  • Phuma ngemvume;
  • Ukuvalwa kwe-Akhawunti;
  • Eminye Imicimbi Yokungena/I-logoff.

Ukuphathwa kwe-Akhawunti

  • Ukuphathwa Kwe-akhawunti Yomsebenzisi;
  • Ukuphathwa Kweqembu Lokuphepha.

Ukuguqulwa Kwenqubomgomo

  • Ukuguqulwa Kwenqubomgomo Yokucwaningwa Kwamabhuku;
  • Ukushintsha Kwenqubomgomo Yokuqinisekisa;
  • Ukuguqulwa Kwenqubomgomo Yokugunyazwa.

I-System Monitor (Sysmon)

I-Sysmon iyinsiza eyakhelwe ku-Windows engaqopha imicimbi kulogi yesistimu. Ngokuvamile udinga ukuyifaka ngokwehlukana.

Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Le micimbi efanayo, empeleni, ingatholakala kulogi yezokuvikela (ngokunika amandla inqubomgomo yokucwaninga oyithandayo), kodwa i-Sysmon inikeza imininingwane eyengeziwe. Yiziphi izenzakalo ezingathathwa ku-Sysmon?

Ukudalwa kwenqubo (i-ID yomcimbi 1). Ilogi yomcimbi wokuphepha wesistimu ingakutshela nokuthi *.exe iqale nini futhi ibonise igama layo nendlela yokuqalisa. Kodwa ngokungafani ne-Sysmon, ngeke ikwazi ukukhombisa i-hashi yohlelo lokusebenza. I-software enonya ingase ibizwe ngokuthi ayinabungozi i-notepad.exe, kodwa iyona hashi ezoyiveza.

Ukuxhumana Kwenethiwekhi (I-ID yomcimbi 3). Ngokusobala, kukhona ukuxhumana okuningi kwenethiwekhi, futhi akunakwenzeka ukugcina umkhondo wakho wonke. Kodwa kubalulekile ukucabangela ukuthi i-Sysmon, ngokungafani ne-Security Log, ingahlanganisa uxhumano lwenethiwekhi kuzinkambu ze-ProcessID ne-ProcessGUID, futhi ibonise amakheli echweba nawe-IP omthombo nendawo oya kuyo.

Izinguquko ekubhalisweni kwesistimu (i-ID yomcimbi 12-14). Indlela elula yokuzengeza ku-autorun ukubhalisa kurejista. Irekhodi Lokuvikeleka lingenza lokhu, kodwa i-Sysmon ibonisa ukuthi ubani owenze izinguquko, nini, kusukela kuphi, i-ID yokucubungula kanye nenani lokhiye wangaphambilini.

Ukudalwa kwefayela (i-ID yomcimbi 11). I-Sysmon, ngokungafani ne-Security Log, izobonisa hhayi kuphela indawo yefayela, kodwa futhi negama layo. Kuyacaca ukuthi awukwazi ukulandelela yonke into, kodwa ungakwazi ukuhlola izinkomba ezithile.

Futhi manje yini engekho kuzinqubomgomo ze-Security Log, kodwa iku-Sysmon:

Ukushintsha isikhathi sokudala ifayela (I-ID yomcimbi 2). Olunye uhlelo olungayilungele ikhompuyutha lungaphazamisa idethi yokudalwa kwefayela ukuze ilifihle emibikweni yamafayela adalwe kamuva nje.

Ilayisha abashayeli nemitapo yolwazi (ama-ID omcimbi 6-7). Ukuqapha ukulayishwa kwama-DLL nezishayeli zedivayisi enkumbulweni, ukuhlola isiginesha yedijithali nokufaneleka kwayo.

Dala uchungechunge ngenqubo esebenzayo (i-ID yomcimbi 8). Olunye uhlobo lokuhlasela nalo oludinga ukugadwa.

I-RawAccessRead Events (I-ID yomcimbi 9). Imisebenzi yokufunda idiski usebenzisa ".". Ezimweni eziningi, umsebenzi onjalo kufanele ubhekwe njengongajwayelekile.

Dala ukusakaza kwefayela okuqanjwe igama (i-ID yomcimbi 15). Umcimbi ufakwa lapho kwakhiwa ukusakazwa kwefayela okunegama elikhipha imicimbi ene-hash yokuqukethwe kwefayela.

Ukudala ipayipi eliqanjwe igama kanye nokuxhuma (i-ID yomcimbi 17-18). Ukulandelela ikhodi enonya exhumana nezinye izingxenye ngepayipi eliqanjwe igama.

Umsebenzi we-WMI (i-ID yomcimbi 19). Ukubhaliswa kwemicimbi eyenziwayo lapho ufinyelela isistimu ngephrothokholi ye-WMI.

Ukuze uvikele i-Sysmon ngokwayo, udinga ukuqapha imicimbi nge-ID 4 (ukumiswa kwe-Sysmon nokuqala) kanye ne-ID 16 (izinguquko zokucushwa kwe-Sysmon).

Izingodo Zegobolondo Lamandla

I-Power Shell iyithuluzi elinamandla lokuphatha ingqalasizinda ye-Windows, ngakho-ke maningi amathuba okuthi umhlaseli ayikhethe. Kunemithombo emibili ongayisebenzisa ukuze uthole idatha yomcimbi we-Power Shell: ilogi ye-Windows PowerShell kanye ne-Microsoft-WindowsPowerShell/ilogi yokusebenza.

Ilogi yeWindows PowerShell

Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Umhlinzeki wedatha ulayishiwe (i-ID yomcimbi 600). Abahlinzeki be-PowerShell izinhlelo ezihlinzeka ngomthombo wedatha ukuze i-PowerShell ibukwe futhi ilawule. Isibonelo, abahlinzeki bakhelwe ngaphakathi bangaba okuguquguqukayo kwemvelo ye-Windows noma ukubhaliswa kwesistimu. Ukuvela kwabahlinzeki abasha kufanele kuqashelwe ukuze kutholwe izenzo ezinonya kusenesikhathi. Isibonelo, uma ubona i-WSMan ivela phakathi kwabahlinzeki, khona-ke iseshini ye-PowerShell ekude isiqalile.

I-Microsoft-WindowsPowerShell / ilogi yokusebenza (noma i-MicrosoftWindows-PowerShellCore / Isebenza ku-PowerShell 6)

Yiziphi izinto eziwusizo ezingakhishwa ezingodweni ze-Windows-based workstation?

Ukuloga kwemojuli (ID yomcimbi 4103). Imicimbi igcina ulwazi mayelana nomyalo ngamunye okhishiwe kanye namapharamitha obizwa ngawo.

Ukungena ngemvume kokuvimbela iskripthi (i-ID yomcimbi 4104). Ukungena ngemvume kokuvinjwa kweskripthi kubonisa yonke ibhulokhi yekhodi ye-PowerShell ekhishiwe. Ngisho noma umhlaseli ezama ukufihla umyalo, lolu hlobo lomcimbi luzobonisa umyalo we-PowerShell owenziwe ngempela. Lolu hlobo lomcimbi lungaphinda lufake amanye amakholi weleveli ephansi ye-API enziwayo, le micimbi ivamise ukurekhodwa njenge-Verbose, kodwa uma umyalo osolisayo noma iskripthi sisetshenziswa kubhulokhi yekhodi, izofakwa njengobucayi Besexwayiso.

Sicela uqaphele ukuthi uma ithuluzi selilungiselelwe ukuqoqa nokuhlaziya le micimbi, kuzodingeka isikhathi esengeziwe sokususa iphutha ukuze kuncishiswe inani lezinto ezingamanga.

Sitshele emazwaneni ukuthi yimaphi amalogi owaqoqayo ukuze ucwaninge ukuphepha kolwazi nokuthi yimaphi amathuluzi owasebenzisayo kulokhu. Enye yezindawo esigxile kuzo yizixazululo zokucwaninga imicimbi yokuphepha kolwazi. Ukuxazulula inkinga yokuqoqa nokuhlaziya amalogi, singaphakamisa ukuthi sibhekisise I-Quest InTrust, engaminyanisa idatha egciniwe ngesilinganiso esingu-20:1, futhi isibonelo sayo esisodwa esifakiwe singakwazi ukucubungula izehlakalo ezingafika kwezingu-60000 ngomzuzwana kusuka emithonjeni engu-10000.

Source: www.habr.com

Engeza amazwana