- Iziseko (i-CIS, i-STIG kunye ne-Microsoft) zikhokela ukuqina okungaguqukiyo kunye nokulinganiswayo.
- Indawo encinci: faka kuphela oko kubalulekile, ukunciphisa izibuko kunye namalungelo.
- Ukuchwetheza, ukubeka iliso, kunye noguqulelo oluntsonkothileyo lugcina ukhuseleko ngokuhamba kwexesha.
- Zizenzele ngee-GPO kunye nezixhobo zokugcina ukhuseleko lwakho.
Ukuba ulawula iiseva okanye iikhompyuter zomsebenzisi, mhlawumbi ukhe wazibuza lo mbuzo: ndiyenza njani iWindows ikhuseleke ngokwaneleyo ukuba ilale kamnandi? ukuqina kwiWindows Akusiyo iqhinga elilodwa, kodwa isethi yezigqibo kunye nohlengahlengiso lokunciphisa indawo yokuhlaselwa, ukunciphisa ukufikelela, kunye nokugcina inkqubo phantsi kolawulo.
Kwimeko yoshishino, iiseva zisisiseko semisebenzi: zigcina idatha, zibonelela ngeenkonzo, kwaye zidibanisa amacandelo abalulekileyo oshishino; yiyo loo nto bejolise kubo nawuphi na umhlaseli. Ngokomeleza iiWindows ngezona ndlela zilungileyo kunye neziseko, Unciphisa ukusilela, unciphisa imingcipheko kwaye uthintele isiganeko ngexesha elinye ekubeni sinyuke siye kwezinye izakhiwo.
Yintoni enzima kwiWindows kwaye kutheni ingundoqo?
Ukuqina okanye ukomeleza kubandakanya qwalasela, susa okanye uthintele amalungu yenkqubo yokusebenza, iinkonzo, kunye nezicelo zokuvala iindawo zokungena ezinokubakho. IiWindows zisebenza ngeendlela ezininzi kwaye ziyahambelana, ewe, kodwa ukuba "isebenza phantse kuyo yonke into" ithetha ukuba iza nemisebenzi evulekileyo ongasoloko uyidinga.
Okukhona imisebenzi engafunekiyo, amazibuko, okanye iprothokholi oyigcinayo isebenza, kokukhona ubuthathaka bakho. Injongo yokuqina ukunciphisa indawo yokuhlaselwaNciphisa amalungelo kwaye ushiye kuphela oko kubalulekile, kunye namaphetshana ahlaziyiweyo, uphicotho olusebenzayo, kunye nemigaqo-nkqubo ecacileyo.
Le ndlela yokusebenza ayiphelelanga nje kwiiWindows; isebenza kuyo nayiphi na inkqubo yangoku: ifakwe ilungele ukujongana newaka leemeko ezahlukeneyo. Yiyo loo nto kucetyiswa Vala into ongayisebenzisiyo.Kuba xa ungayisebenzisi, omnye umntu unokuzama ukuyisebenzisela yona.
Iziseko kunye nemigangatho ebonisa ikhosi
Ukwenza lukhuni kwiWindows, kukho iibenchmarks ezinje CIS (Iziko loKhuseleko lwe-Intanethi) kunye nezikhokelo ze-DoD STIG, ukongeza kwi Iziseko zoKhuseleko zikaMicrosoft (Iziseko zoKhuseleko zikaMicrosoft). Ezi ngqinisiso zigubungela ulungelelwaniso olucetyiswayo, amaxabiso omgaqo-nkqubo, kunye nolawulo lweendima ezahlukeneyo kunye neenguqulelo zeWindows.
Ukusebenzisa isiseko kukhawulezisa kakhulu iprojekthi: kunciphisa izikhewu phakathi koqwalaselo olungagqibekanga kunye nezenzo ezigqwesileyo, kuthintelwe "izithuba" eziqhelekileyo zokusasazwa ngokukhawuleza. Nangona kunjalo, yonke indawo engqongileyo yahlukile kwaye kuyacetyiswa ukuba vavanya utshintsho phambi kokuba zisiwe kwimveliso.
Ukuqina kweWindows Inyathelo ngeNyathelo
Ukulungiselela kunye nokhuseleko lomzimba
Ukuqina kwiWindows kuqala phambi kokuba kufakwe inkqubo. Gcina i gqibezela uluhlu lwempahla yesevaUkwahlula amatsha kwi-traffic de abe lukhuni, khusela i-BIOS / UEFI ngephasiwedi, khubaza qala kwimidiya yangaphandle kwaye inqanda i-autologon kwii-consoles zokubuyisela.
Ukuba usebenzisa i-hardware yakho, beka izixhobo kwiindawo nge ulawulo lokufikelela ngokwasemzimbeniUbushushu obufanelekileyo kunye nokubeka iliso kubalulekile. Ukunciphisa ukufikelela ngokwasemzimbeni kubaluleke kakhulu njengokufikelela okunengqiqo, kuba ukuvula i-chassis okanye ukubhuthwa kwi-USB kunokubeka yonke into esichengeni.
Iiakhawunti, iziqinisekiso, kunye nomgaqo-nkqubo wegama lokugqitha
Qala ngokususa ubuthathaka obucacileyo: khubaza iakhawunti yeendwendwe kwaye, apho kunokwenzeka, ikhubaza okanye ithiya ngokutsha uMlawuli wendawoYenza i-akhawunti yolawulo ngegama elingenamsebenzi (umbuzo Uyenza njani iakhawunti yendawo ngaphakathi Windows 11 ngaphandle kweintanethi) kwaye isebenzisa iiakhawunti ezingafanelekanga kwimisebenzi yemihla ngemihla, ephakamisa amalungelo ngokusebenzisa "Baleka njenge" kuphela xa kuyimfuneko.
Yomeleza umgaqo-nkqubo wakho wephasiwedi: qinisekisa ubunzima obufanelekileyo kunye nobude. ukuphelelwa ngamaxeshaImbali yokuthintela ukusetyenziswa kwakhona kunye nokuvalwa kweakhawunti emva kwemizamo engaphumelelanga. Ukuba ulawula amaqela amaninzi, qwalasela izisombululo ezifana ne-LAPS ukujikelezisa iziqinisekiso zasekhaya; eyona nto ibalulekileyo ziphephe iziqinisekiso ezimileyo kwaye kulula ukuqikelela.
Hlaziya ubulungu beqela (Abalawuli, Abasebenzisi beDesktop ekude, abaSebenzi be-Backup, njl.) kwaye ususe naziphi na ezingeyomfuneko. Umgaqo we ilungelo elincinci Lelona qabane lilungileyo lokuthintela iintshukumo ezisecaleni.
Inethiwekhi, iDNS kunye nongqamaniso lwexesha (NTP)
Iseva yemveliso kufuneka ibe nayo I-Static IP, zibekwe kumacandelo akhuselweyo ngasemva komlilo (kwaye yazi Uluvala njani uqhagamshelo lwenethiwekhi olukrokrelayo kwi-CMD (xa kukho imfuneko), kwaye ube neeseva ezimbini ze-DNS ezichazwe ngokuphinda-phinda. Qinisekisa ukuba iirekhodi ze-A kunye ne-PTR zikhona; khumbula ukuba ukusasazwa kweDNS... ingathatha Kwaye kuyacetyiswa ukuba ucwangcise.
Qwalasela i-NTP: ukutenxa kwimizuzu nje yophula i-Kerberos kwaye kubangela ukusilela ekuqinisekiseni okunqabileyo. Chaza isibali-xesha esithembekileyo kwaye usilungelelanise. yonke inqanawa ngokuchasene nayo. Ukuba awufuni ukwenza njalo, khubaza iiprothokholi zelifa elifana ne-NetBIOS ngaphezulu kwe-TCP/IP okanye ukukhangela kwe-LMHosts ukunciphisa ingxolo kunye nomboniso.
Iindima, iimpawu kunye neenkonzo: ngaphantsi kungaphezulu
Faka kuphela iindima kunye neempawu ozifunayo ngenjongo yomncedisi (IIS, .NET kwinguqulo yayo efunekayo, njl.). Iphakheji nganye eyongezelelweyo indawo eyongezelelweyo kubuthathaka kunye noqwalaselo. Khipha okumiselweyo okanye usetyenziso olongezelelweyo olungazukusetyenziswa (bona I-Winaero Tweaker: Uhlengahlengiso oluluncedo noluKhuselekileyo).
Ukuphonononga iinkonzo: eziyimfuneko, ngokuzenzekelayo; abo baxhomekeke kwabanye, ku Ngokuzenzekelayo (ukuqalisa ukulibaziseka) okanye ngokuxhomekeka okuchazwe kakuhle; nantoni na engongezi ixabiso, ivaliwe. Kwaye kwiinkonzo zesicelo, sebenzisa iiakhawunti zenkonzo ethile ngeemvume ezincinci, hayi iNkqubo yeNdawo ukuba ungayinqanda.
I-Firewall kunye nokuncitshiswa kokuvezwa
Umgaqo jikelele: ibhloko ngokungagqibekanga kwaye uvule kuphela oko kuyimfuneko. Ukuba yiseva yewebhu, veza I-HTTP / HTTPS Kwaye yiloo nto; ulawulo (RDP, WinRM, SSH) kufuneka lwenziwe nge-VPN kwaye, ukuba kunokwenzeka, luthintelwe yidilesi ye-IP. I-firewall yeWindows inika ulawulo olulungileyo ngeeprofayili (i-Domain, Private, Public) kunye nemithetho yegranular.
I-firewall yeperimeter ezinikeleyo ihlala idibanisa, kuba ikhupha iseva kwaye yongeza iinketho eziphambili (ukuhlolwa, IPS, ukwahlulahlula). Kwimeko nayiphi na into, indlela iyafana: izibuko ezimbalwa ezivulekileyo, indawo yokuhlaselwa engaphantsi kokusetyenziswa.
Ukufikelela kude kunye neeprothokholi ezingakhuselekanga
I-RDP kuphela xa kuyimfuneko, nge I-NLA, i-encryption ephezuluI-MFA ukuba kuyenzeka, kwaye ithintele ukufikelela kumaqela athile kunye nothungelwano. Gwema i-telnet kunye ne-FTP; ukuba ufuna ukudluliselwa, sebenzisa i-SFTP/SSH, kwaye ngcono, ukusuka kwiVPNI-PowerShell Remoting kunye ne-SSH kufuneka ilawulwe: umda ngubani onokufikelela kuzo kwaye ukusuka phi. Njengenye indlela ekhuselekileyo yolawulo olukude, funda ukwenza Vula kwaye uqwalasele iDesktop ekude yeChrome kwiWindows.
Ukuba awuyifuni, khubaza inkonzo yoBhaliso olukude. Phonononga kwaye uvimbele NullSessionPipes y NullSessionShares ukuthintela ukufikelela ngokungaziwa kwimithombo. Kwaye ukuba i-IPv6 ayisetyenziswanga kwimeko yakho, cinga ukuyivala emva kokuvavanya impembelelo.
Ukuchwetheza, uhlaziyo, kunye nolawulo lokutshintsha
Gcina iWindows isexesheni nge Amabala okhuseleko Uvavanyo lwemihla ngemihla kwindawo elawulwayo ngaphambi kokufudukela kwimveliso. I-WSUS okanye i-SCCM ngamahlakani okulawula umjikelo wepatch. Ungalibali isoftware yomntu wesithathu, ehlala ilikhonkco elibuthathaka: uhlaziyo lweshedyuli kunye nokulungisa ubuthathaka ngokukhawuleza.
Los abaqhubi Abaqhubi badlala indima ekuqiniseni iiWindows: abaqhubi besixhobo esiphelelwe lixesha banokubangela iingozi kunye nobuthathaka. Ukuseka inkqubo yokuhlaziya umqhubi rhoqo, ukubeka phambili uzinzo kunye nokhuseleko kwiimpawu ezintsha.
Ukugawulwa kweziganeko, uphicotho, kunye nokubeka iliso
Qwalasela uphicotho lokhuseleko kwaye wandise ubungakanani belog ukuze bangajikelezi rhoqo ngeentsuku ezimbini. Yenza imicimbi kwindawo enye kumjongi wenkampani okanye i-SIEM, kuba ukuphonononga iseva nganye ngabanye akunakwenzeka njengoko inkqubo yakho ikhula. esweni rhoqo Ngeziseko zokusebenza kunye nemida yesilumkiso, kunqande "ukudubula ngokungaboniyo".
I-File Integrity Monitoring (FIM) ubuchwepheshe kunye noqwalaselo lokulandela umkhondo lunceda ukubona ukutenxa kwesiseko. Izixhobo ezifana I-Netwrix yoTshintsho Tracker Benza ukuba kube lula ukufumanisa nokuchaza oko kutshintshile, ngubani na nini, ukukhawuleza impendulo kunye nokunceda ukuthotyelwa (NIST, PCI DSS, CMMC, STIG, NERC CIP).
Uguqulelo oluntsonkothileyo lwedatha xa uphumle kwaye usendleleni
Kwiiseva, Bitlocker Sele iyimfuno esisiseko kuzo zonke iidrive ezinedatha ebuthathaka. Ukuba ufuna igranularity yenqanaba lefayile, sebenzisa... EFSPhakathi kweeseva, i-IPsec ivumela i-traffic ukuba ibhalwe ngokufihlakeleyo ukuze kugcinwe ubumfihlo kunye nengqibelelo, into ebalulekileyo iinethiwekhi ezicandiweyo okanye ngamanyathelo angathembekanga kangako. Oku kubalulekile xa uxoxa ngokuqina kwiWindows.
Ulawulo lokufikelela kunye nemigaqo-nkqubo ebalulekileyo
Sebenzisa umgaqo welona lungelo lincinci kubasebenzisi kunye neenkonzo. Kuphephe ukugcina iiheshi ze Umphathi weLAN kwaye uvale i-NTLMv1 ngaphandle kokuxhomekeka kwilifa. Qwalasela iintlobo zoguqulelo oluntsonkothileyo lwe-Kerberos kunye nokunciphisa ifayile kunye nokwabelana ngomshicileli apho kungafunekiyo.
UValora Nciphisa okanye uvale imidiya esusekayo (USB) ukunciphisa ukukhutshelwa okanye ukungena kwi-malware. Ibonisa isaziso esisemthethweni phambi kokungena ("Ukusetyenziswa okungagunyaziswanga akuvumelekanga"), kwaye ifuna Ctrl + Alt Del + kwaye iphelisa ngokuzenzekelayo iiseshoni ezingasebenziyo. Le yimilinganiselo elula eyandisa ukuxhathisa komhlaseli.
Izixhobo kunye ne-automation ukufumana i-traction
Ukusebenzisa iziseko ngobuninzi, sebenzisa GPO kunye neMigaqo yoKhuseleko yeMicrosoft. Izikhokelo zeCIS, kunye nezixhobo zovavanyo, zinceda ukulinganisa umsantsa phakathi kwemeko yakho yangoku kunye noko kujoliswe kuko. Apho isikali sifuna, izisombululo ezifana I-CalCom Hardening Suite (CHS) Banceda ukufunda malunga nokusingqongileyo, baqikelele iimpembelelo, kwaye basebenzise imigaqo-nkqubo embindini, ukugcina ukuqina ngokuhamba kwexesha.
Kwiinkqubo zabathengi, kukho izinto eziluncedo zasimahla ezenza lula "ukuqina" okuyimfuneko. I-Syshardener Inika useto kwiinkonzo, i-firewall kunye nesoftware eqhelekileyo; Hardentools ikhubaza imisebenzi enokusebenziseka (macros, ActiveX, Windows Script Host, PowerShell/ISE kumkhangeli zincwadi ngamnye); kwaye Nzima_Ubumbeko Ikuvumela ukuba udlale nge-SRP, i-whitelists ngendlela okanye i-hash, i-SmartScreen kwiifayile zendawo, ukuvinjelwa kwemithombo engathembekanga kunye nokuphunyezwa ngokuzenzekelayo kwi-USB / DVD.
I-Firewall kunye nokufikelela: imithetho esebenzayo esebenzayo
Soloko usebenzisa i-firewall yeWindows, qwalasela zonke iiprofayili ezintathu ezinezithintelo ezingenayo ngokuzenzekelayo, kwaye uvule. kuphela amazibuko abalulekileyo kwinkonzo (kunye nomda we-IP ukuba uyasebenza). Ulawulo olukude lwenziwa ngcono ngeVPN kunye nokufikelela okuthintelweyo. Hlaziya imithetho yelifa kwaye uvale nantoni na engasafunekiyo.
Ungalibali ukuba ukuqina kwiWindows ayisiwo umfanekiso omileyo: yinkqubo eguqukayo. Bhala isiseko sakho. ijonga ukunxaxhaHlaziya utshintsho emva kwepatch nganye kwaye ulungelelanise imilinganiselo kumsebenzi wangempela wesixhobo. Uqeqesho oluncinci lobugcisa, ukuthintela ukuzenzekelayo, kunye novavanyo olucacileyo lomngcipheko kwenza iWindows ibe yinkqubo enzima kakhulu ukuyiqhawula ngaphandle kokuncama ukuguquguquka kwayo.
Umhleli okhethekileyo kwitekhnoloji nakwimiba ye-intanethi eneminyaka engaphezu kweshumi yamava kumajelo osasazo edijithali. Ndisebenze njengomhleli kunye nomdali womxholo we-e-commerce, unxibelelwano, ukuthengisa kwi-intanethi kunye neenkampani zentengiso. Ndibhale kwakhona kwiiwebhusayithi zezoqoqosho, ezemali kunye namanye amacandelo. Umsebenzi wam ukwangumnqweno wam. Ngoku, ngamanqaku am kwi Tecnobits, Ndizama ukuhlola zonke iindaba kunye namathuba amatsha ukuba ihlabathi lobuchwepheshe lisinika yonke imihla ukuphucula ubomi bethu.