Sizokutshela indaba ethokozisayo mayelana nokuthi "izinkampani zangaphandle" zazama kanjani ukuphazamisa umsebenzi wamakhasimende ethu, nokuthi le nkinga yaxazululwa kanjani.
Kwaqala kanjani konke
Konke kwaqala ekuseni ngo-Okthoba 31, usuku lokugcina lwenyanga, lapho abaningi bedinga kakhulu ukuxazulula izindaba eziphuthumayo nezibalulekile.
Omunye wabalingani bethu, ophatha imishini eminingana ebonakalayo yamakhasimende awasebenzelayo efwini lethu, ubike ukuthi kusukela ngo-9:10 kuya ku-9:20 eziningana WindowsAmaseva asebenza kusayithi lethu lase-Ukraine ayengawamukeli uxhumano nesevisi yokufinyelela kude, futhi abasebenzisi babengenakukwazi ukufinyelela kuma-desktop abo. Kodwa-ke, ngemva kwemizuzu embalwa, inkinga yabonakala izixazulula.
Sihlole izibalo zesiteshi sokuxhumana kodwa asitholanga ukunyuka kwethrafikhi noma amadiphu. Siphinde sahlola izibalo zomthwalo wensiza yekhompyutha - akukho okudidayo. Kwakuyini-ke lokho?
Bese omunye uzakwethu, osingatha amaseva acishe abe yikhulu ngaphezulu kwefu lethu, ubike izinkinga ezifanayo nalezo amanye amakhasimende abo aziphawulile. Kuvele ukuthi amaseva ngokuvamile ayefinyeleleka (aphendule ngendlela efanele ekuhlolweni kwe-ping nezinye izicelo), kodwa isevisi yokufinyelela kude kulawa maseva ngezinye izikhathi yayamukela ukuxhumeka okusha, ngezinye izikhathi ikwenqaba. Lokhu kwakuhilela amaseva ezindaweni ezahlukene, nethrafikhi evela eziteshini ezihlukene zokudlulisa idatha.
Ake sibheke le traffic. Iphakethe lesicelo sokuxhuma lifika kuseva:
xx:xx:xx.xxxxxx IP xxx.xxx.xxx.xxx.58355 > 192.168.xxx.xxx.3389: Flags [S], seq 467744439, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
Iseva ithola leli phakethe kodwa yenqaba uxhumano:
xx:xx:xx.xxxxxx IP 192.168.xxx.xxx.3389 > xxx.xxx.xxx.xxx.58355: Flags [R.], seq 0, ack 467744440, win 0, length 0
Lokhu kusho ukuthi inkinga ngokusobala ayibangelwa yinoma yiziphi izinkinga zengqalasizinda, kodwa enye into. Mhlawumbe bonke abasebenzisi bahlangabezana nezinkinga ngokulayisensa kwedeskithophu ekude? Mhlawumbe uhlelo olungayilungele ikhompuyutha lukwazile ukungena ezinhlelweni zabo, futhi seluyasebenza namuhla, njengoba kwenzeka... eminyakeni embalwa edlule. I-XData и Petya?
Ngenkathi sisaphenya, sithole izicelo ezifanayo ezivela kwamanye amakhasimende ambalwa nozakwethu.
Kwenzakalani ngale mishini noma kunjalo?
Amalogi omcimbi agcwele imilayezo emayelana nemizamo yokuqagela iphasiwedi:
Ngokuvamile, imizamo enjalo ifakwe kuwo wonke amaseva asebenzisa imbobo evamile (3389) yokufinyelela okukude futhi evumela ukufinyelela noma yikuphi. I-inthanethi igcwele ama-bots ahlala ehlola konke ukuxhumana okutholakalayo futhi azame ukuqagela amagama ayimfihlo (ngalesi sizathu, sincoma ngokuqinile ukusebenzisa amagama ayimfihlo ayinkimbinkimbi esikhundleni sika-"123"). Nokho, umfutho wale mizamo ngalolo suku wawuphezulu kakhulu.
Ungaqhubeka kanjani?
Uncoma amaklayenti ukuthi achithe isikhathi esiningi eshintsha izilungiselelo zenani elikhulu labasebenzisi bokugcina ukuze nje ashintshele kwelinye ichweba? Akuyona into enhle; amaklayenti ngeke ajabule. Uncoma ukuvumela ukufinyelela kuphela nge-VPN? Ukushesha ukusetha ukuxhumana kwe-IPSec ngokwesaba lapho bengenakho ukusebenza - mhlawumbe bekungeke kube yindawo ejabulisayo kumakhasimende. Nakuba, kumele kushiwo, lokhu kuyinto enhle kunoma yikuphi. Sihlala sincoma ukufihla iseva kunethiwekhi yangasese futhi sikulungele ukusiza ngokucushwa. Kulabo abathanda ukuzixazululela izinto ngokwabo, sabelana ngemiyalelo yokusetha i-IPSec/L2TP efwini lethu ngemodi yesayithi kuya kwesayithi noma yempi yomgwaqo. Futhi uma kukhona ofuna ukusetha isevisi ye-VPN eyedwa, Windows-server – uhlale ekulungele ukwabelana ngamathiphu okuthi ungayiphakamisa kanjani i-RAS ejwayelekile noma OpenVPNKodwa kungakhathaliseki ukuthi sasijabule kangakanani, kwakungesona isikhathi esihle sokufundisa amakhasimende, njengoba kwakudingeka silungise inkinga ngokushesha ngangokunokwenzeka ngaphandle kokuphazamiseka okukhulu kubasebenzisi.
Isixazululo esisisebenzisile sibe kanje. Silungiselele ukuhlaziywa kwethrafikhi ukuze silandelele yonke imizamo yokuthola uxhumano lwe-TCP ku-port 3389 futhi sikhombe amakheli azama ukuxhuma kumaseva ahlukene angaphezu kwangu-16 kunethiwekhi yethu phakathi kwamasekhondi angu-150—lena imithombo yokuhlasela. (Impela, uma noma yimaphi amaklayenti ethu noma ozakwethu abanesidingo sangempela sokusungula ukuxhumana namaseva amaningi kangaka asuka emthonjeni ofanayo, singahlala sengeza imithombo enjalo ohlwini olugunyaziwe.) Ngaphezu kwalokho, uma kutholwa amakheli angaphezu kuka-32 kunethiwekhi ye-Class C eyodwa phakathi kwale mizuzwana engu-150, kunengqondo ukuvimba yonke inethiwekhi. Isikhathi sokuvimbela sisethelwe izinsuku ezingu-3, futhi uma kungekho ukuhlaselwa okuvela emthonjeni othile okwenziwayo ngalesi sikhathi, kukhishwa ngokuzenzakalelayo ohlwini lwabavinjelwe. Uhlu lwemithombo evinjiwe lubuyekezwa njalo ngemizuzwana engama-300.
Lolu hlu luyatholakala kuleli kheli elilandelayo: , ungazakhela awakho ama-ACL ngokususelwe kuwo.
Siyajabula ukwabelana ngekhodi yomthombo yale sistimu. Akuyona into eyinkimbinkimbi ngokweqile (imibhalo embalwa nje elula, ehlanganiswe emahoreni ambalwa nje), futhi ingashintshwa futhi isetshenziselwe ukuvikela ekuhlaselweni okunjalo kuphela, kodwa futhi ukuthola nokuvimba noma yimiphi imizamo yokuskena inethiwekhi:
Ukwengeza, senze izinguquko ezithile kuzilungiselelo zesistimu yethu yokuqapha, manje eqapha ngokuseduze impendulo yeqembu elilawulayo lamaseva abonakalayo efwini lethu emizamweni yokusungula uxhumano lwe-RDP: uma impendulo ingenzeki phakathi nomzuzwana, lokhu kuyimbangela yokukhathazeka.
Isixazululo sibonakale sisebenza kahle kakhulu: azisekho izikhalo ezivela kumakhasimende, ozakwethu, noma uhlelo lokuqapha. Amakheli amasha nawo wonke amanethiwekhi ngokuvamile engezwa ohlwini lwabavinjelwe, okubonisa ukuthi ukuhlasela kuyaqhubeka kodwa akusaphazamisi ukusebenza kwamakhasimende ethu.
Kukhona ukuphepha ngezinombolo
Namuhla, sifunde ukuthi abanye o-opharetha bahlangabezane nenkinga efanayo. Abanye basakholelwa ukuthi iMicrosoft yenza izinguquko ezithile kukhodi yesevisi yokufinyelela kude (uma ukhumbula, sasola into efanayo ngosuku lokuqala, kodwa sawuchitha ngokushesha lowo mbono) futhi sithembisa ukwenza konke okusemandleni ukuthola isisombululo ngokushesha ngangokunokwenzeka. Abanye bamane bangayinaki inkinga futhi beluleka amaklayenti ukuthi azivikele (shintsha imbobo yokuxhuma, fihla iseva kunethiwekhi yangasese, njalonjalo). Ngosuku lokuqala, asixazululanga le nkinga kuphela kodwa futhi sabeka isisekelo sohlelo olubanzi lokuthola izinsongo, esihlela ukulwenza.
Sibonga ngokukhethekile kumakhasimende ethu nozakwethu abangazange bathule noma bahlale eduze nosebe lomfula, balinde isidumbu sesitha ukuthi sintante phansi ngelinye ilanga. Kunalokho, ngokushesha basilethela inkinga, basivumela ukuba siyilungise ngalo lolo suku.
Source: www.habr.com
