{"id":1600,"date":"2019-03-15T10:25:54","date_gmt":"2019-03-15T10:25:54","guid":{"rendered":"https:\/\/codewk.com\/?p=1600"},"modified":"2019-03-15T11:34:19","modified_gmt":"2019-03-15T11:34:19","slug":"windows-sunucu-guvenligi-vds","status":"publish","type":"post","link":"https:\/\/codewk.com\/windows-sunucu-guvenligi-vds\/","title":{"rendered":"Windows Sunucu G\u00fcvenli\u011fi (VDS)"},"content":{"rendered":"\n

Virtual Dedicated Server \u2013 VDS Nedir?<\/strong><\/h3>\n\n\n\n
\"Windows<\/figure>\n\n\n\n

Virtual\n Hosting\u2019in bir di\u011fer ba\u015fl\u0131\u011f\u0131 olan VDS, Virtual Dedicated Server \nteriminin ba\u015f harflerinden olu\u015fmaktad\u0131r. VDS\u2019in her ne kadar T\u00fcrk\u00e7e\u2019de \nnet bir kar\u015f\u0131l\u0131\u011f\u0131 olmasa da Payla\u015f\u0131ml\u0131 Ayr\u0131lm\u0131\u015f \u00d6zel Sunucu olarak \ntan\u0131mlanabilir.<\/p>\n\n\n\n

Son d\u00f6nemin en pop\u00fcler bulut sunucu hizmetlerinden biri olan VDS;\n kullan\u0131c\u0131lar\u0131na kendi web uygulamalar\u0131n\u0131 geli\u015ftirmeleri, da\u011f\u0131tmalar\u0131 ve\n bar\u0131nd\u0131rmalar\u0131 i\u00e7in kullanabilecekleri bir sanal sunucuyu kiralama \nimk\u00e2n\u0131 verir.<\/strong> Yani VDS hosting\u2019i tercih eden bir \nkullan\u0131c\u0131 belirli bir alan\u0131 kiralad\u0131\u011f\u0131 zaman, o alan o kullan\u0131c\u0131n\u0131n \nd\u0131\u015f\u0131nda herkes i\u00e7in kullan\u0131ma kapal\u0131d\u0131r ve kullan\u0131c\u0131 kendi isteklerine \ng\u00f6re alan\u0131n\u0131 diledi\u011fi gibi kullanabilir.<\/strong><\/p>\n\n\n\n

Peki VDS G\u00fcveli\u011fi nas\u0131l sa\u011flan\u0131r ?<\/h3>\n\n\n\n
\"Windows<\/figure>\n\n\n\n

\u00d6ncelikle otomatik g\u00fcncelle\u015ftirme \u00f6zelliklerini aktif edin, m\u00fcmk\u00fcnse SSCM kullan\u0131n.<\/p>\n\n\n\n

Hiyerar\u015fiyi takip edecek listeler olu\u015fturun. (excel vb)<\/p>\n\n\n\n

M\u00fcmk\u00fcnse sunucular\u0131 yerel modda kullanmaya \u00f6zen g\u00f6sterin.<\/p>\n\n\n\n

Sunucular\u0131 m\u00fcmk\u00fcnse Active Directory \u00fczerine aktar\u0131n.<\/p>\n\n\n\n

Sunucular<\/a> aras\u0131nda ileti\u015fim kurulacaksa Ipsec gibi VPN teknolojileri kullan\u0131n.<\/p>\n\n\n\n

Parola g\u00fcvenli\u011fini sa\u011flamak amac\u0131 ile 90 g\u00fcnde bir parola de\u011fi\u015ftirmeye zorlay\u0131n.<\/p>\n\n\n\n

Parola uzunluklar\u0131n\u0131 minimum 12 karekter olacak \u015fekilde ayarlay\u0131nSunucularda 15 dakikada 2 kez ge\u00e7ersiz parola denemesi yap\u0131l\u0131rsa hesab\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131n.<\/p>\n\n\n\n

Logon eventlerini belirli aral\u0131klarla takip edin.<\/p>\n\n\n\n

Ataklara kar\u015f\u0131 koymak i\u00e7in sunuculara EMET <\/strong>kurulumunu ger\u00e7ekle\u015ftirin.<\/p>\n\n\n\n

.Sunucular \u00fczerinde kullan\u0131lan 3.parti yaz\u0131l\u0131mlar\u0131n g\u00fcvenlik g\u00fcncelle\u015ftirmelerini mutlaka ger\u00e7ekle\u015ftirin.<\/p>\n\n\n\n

Anti-vir\u00fcs uygulamalar\u0131 kullan\u0131m\u0131na \u00f6zen g\u00f6sterin. (Kaspersky, Sophos, Eset vb)<\/p>\n\n\n\n

Sistemde y\u00fckl\u00fc olan antivir\u00fcs uygulamas\u0131 ile belirli aral\u0131klarla tarama i\u015flemi ger\u00e7ekle\u015ftirin.<\/p>\n\n\n\n

Sistemde g\u00fcnl\u00fck tutmay\u0131 aktif hale getirin.<\/p>\n\n\n\n

G\u00fcvenlik duvar\u0131 kullan\u0131m\u0131na \u00f6zen g\u00f6sterin, ihtiyac\u0131n\u0131z olmasa bile g\u00fcvenlik duvar\u0131n\u0131 a\u00e7\u0131n (Tabiki kullan\u0131ma ve amaca ba\u011fl\u0131 olarak ! )<\/p>\n\n\n\n

Kullan\u0131lmayan portlara eri\u015fimleri kal\u0131c\u0131 olarak kapat\u0131n.<\/p>\n\n\n\n

Sunucuda kullan\u0131lmayan b\u00fct\u00fcn \u00f6zellikleri devre d\u0131\u015f\u0131 b\u0131rak\u0131n (yaz\u0131c\u0131 sunucusu, yaz\u0131c\u0131 payla\u015f\u0131m\u0131, dosya payla\u015f\u0131m\u0131).<\/p>\n\n\n\n

T\u00fcm \u0130nternet taray\u0131c\u0131lar\u0131n\u0131 kald\u0131r\u0131n veya devre d\u0131\u015f\u0131 b\u0131rak\u0131n. (Yine Kullan\u0131m amac\u0131n\u0131za ba\u011fl\u0131 olarak !)<\/p>\n\n\n\n

Kimlik av\u0131 sald\u0131r\u0131lar\u0131na kar\u015f\u0131 korumak i\u00e7in sunucudaki t\u00fcm e-posta istemcilerini kald\u0131r\u0131n.<\/p>\n\n\n\n

Web sunucusu \u00fczerinde kullan\u0131lacak b\u00fct\u00fcn web sitelerinde TLS kullan\u0131m\u0131na \u00f6zen g\u00f6sterin.<\/p>\n\n\n\n

Yedekleme i\u00e7in en az iki DNS sunucusu ve komut isteminden nslookup kullanarak \u00e7ift onay ad \u00e7\u00f6z\u00fcmlemesi yap\u0131land\u0131r\u0131n.<\/p>\n\n\n\n

Sunucunun, istedi\u011finiz adla birlikte DNS’de<\/strong> ge\u00e7erli bir A kayd\u0131n\u0131n yan\u0131 s\u0131ra geriye do\u011fru aramalar i\u00e7in bir PTR kayd\u0131n\u0131n oldu\u011fundan emin olun. <\/p>\n\n\n\n

Sunucuda e\u011fer IPv6<\/strong> kullan\u0131lmayacaksa interface \u00fczerinden kal\u0131c\u0131 olarak devre d\u0131\u015f\u0131 b\u0131rak\u0131n.<\/p>\n\n\n\n

ihtiyac\u0131n\u0131z olan her \u015feyin kurulu oldu\u011fundan emin olun.<\/p>\n\n\n\n

\u0130htiyac\u0131n\u0131z olmayan her \u015feyi kald\u0131r\u0131n. Sunucunun sald\u0131r\u0131 y\u00fczeyini gereksiz yere artt\u0131rmay\u0131n.<\/p>\n\n\n\n

Sunucuda varsay\u0131lan olarak y\u00fckl\u00fc gelen uygulamalar\u0131 kald\u0131r\u0131n.<\/p>\n\n\n\n

Windows oturum a\u00e7malar\u0131n\u0131 ve kerberos g\u00fcvenli\u011fine dayal\u0131 \u00e7e\u015fitli di\u011fer i\u015flevler tamamen aksayaca\u011f\u0131ndan dolay\u0131 NTP kullan\u0131m\u0131na \u00f6zen g\u00f6sterin.<\/p>\n\n\n\n

Powershell ve SSH gibi di\u011fer uzaktan eri\u015fim mekanizmalar\u0131 e\u011fer kullan\u0131lacaksa sadece VPN <\/strong>\u00fczerinden kullan\u0131lacak \u015fekilde ayarlay\u0131n.<\/p>\n\n\n\n

\u015eifrelenmemi\u015f protokolleri kullanmay\u0131n(telnet, FTP).<\/p>\n\n\n\n

M\u00fcmk\u00fcnse dosya y\u00fckleme i\u015flemlerini SFTP \u00fczerinden ger\u00e7ekle\u015ftirin.<\/p>\n\n\n\n

2008 ve 2003 gibi eski s\u00fcr\u00fcmlerde bulunan servisleri \u00f6zellikle kontrol edin, gerekli olmayanlar\u0131 kapat\u0131n.<\/p>\n\n\n\n

\u00d6nemli servisleri otomatik olarak ba\u015flayacak \u015fekilde ayarlay\u0131n.<\/p>\n\n\n\n

Kurtarma konsoluna otomatik y\u00f6netimsel oturum a\u00e7may\u0131 devre d\u0131\u015f\u0131 b\u0131rak.<\/p>\n\n\n\n

Alternatif medyadan izinsiz olarak \u00f6ny\u00fckleme yap\u0131lmas\u0131n\u0131 \u00f6nlemek i\u00e7in ayg\u0131t \u00f6ny\u00fckleme s\u0131ras\u0131n\u0131 yap\u0131land\u0131r\u0131n.<\/p>\n\n\n\n

Misafir hesaplar\u0131n\u0131 devre d\u0131\u015f\u0131 b\u0131rak.<\/p>\n\n\n\n

“everyone”<\/strong> olarak ge\u00e7en izinleri gerekmedik\u00e7e asla kullanmay\u0131n.<\/p>\n\n\n\n

Anonim SID ve Ad \u00e7eviri \u00f6zelli\u011fini devre d\u0131\u015f\u0131 b\u0131rak.<\/p>\n\n\n\n

Kullan\u0131lmayan kullan\u0131c\u0131 hesaplar\u0131n\u0131 derhal devre d\u0131\u015f\u0131 b\u0131rak\u0131n veya silin.<\/p>\n\n\n\n

Ncacn_ip_tcp <\/strong>kald\u0131r\u0131n.<\/p>\n\n\n\n

TCP \/ IP \u00fczerinden NetBIOS’u<\/strong> devre d\u0131\u015f\u0131 b\u0131rak.<\/p>\n\n\n\n

Herhangi bir payla\u015f\u0131m\u0131n anonim olarak eri\u015filmesine izin vermeyin.<\/p>\n\n\n\n

Yerel Sistemin NTLM i\u00e7in bilgisayar kimli\u011fini kullanmas\u0131na izin ver.<\/p>\n\n\n\n

LAN Manager kimlik do\u011frulama seviyesini sadece NTLMv2’ye izin vermek ve LM ile NTLM’yi reddetmek i\u00e7in ayarlay\u0131n.<\/p>\n\n\n\n

NTFS <\/strong>veya BitLocker ile yerle\u015fik dosya \u015fifrelemesini etkinle\u015ftirin.<\/p>\n\n\n\n

Windows Server 2016\/2012\/2008\/2003 lisans anahtalar\u0131n\u0131z\u0131 mutlaka girin.<\/p>\n\n\n\n

Gereksiz t\u00fcm y\u00fcr\u00fct\u00fclebilir dosyalar\u0131 ve kay\u0131t defteri arac\u0131l\u0131\u011f\u0131 ile kald\u0131r\u0131n.<\/p>\n\n\n\n

Fiziksel sunucu g\u00fcvenli\u011finizi mutlaka tamamlay\u0131n.<\/p>\n\n\n\n

\"Windows<\/figure>\n\n\n\n

Bu konumuzun da sonuna geldik umar\u0131m payla\u015f\u0131lan bilgiler i\u015finize yarar.. Buradan<\/a> di\u011fer Yaz\u0131lar\u0131ma da bakabilirsiniz. Bir sonraki konumda g\u00f6r\u00fc\u015fmek \u00fczere. \ud83d\ude42<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Virtual Hosting\u2019in bir di\u011fer ba\u015fl\u0131\u011f\u0131 olan VDS, Virtual Dedicated Server teriminin ba\u015f harflerinden olu\u015fmaktad\u0131r. VDS\u2019in her ne kadar T\u00fcrk\u00e7e\u2019de net bir kar\u015f\u0131l\u0131\u011f\u0131 olmasa da Payla\u015f\u0131ml\u0131 Ayr\u0131lm\u0131\u015f \u00d6zel Sunucu olarak tan\u0131mlanabilir.<\/p>\n","protected":false},"author":7,"featured_media":1604,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[24],"tags":[134,116,136,135,131,130,133,70],"_links":{"self":[{"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/posts\/1600"}],"collection":[{"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/comments?post=1600"}],"version-history":[{"count":3,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/posts\/1600\/revisions"}],"predecessor-version":[{"id":1626,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/posts\/1600\/revisions\/1626"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/media\/1604"}],"wp:attachment":[{"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/media?parent=1600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/categories?post=1600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codewk.com\/wp-json\/wp\/v2\/tags?post=1600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}