{"id":571,"date":"2020-11-16T10:12:07","date_gmt":"2020-11-16T09:12:07","guid":{"rendered":"https:\/\/nsix.pl\/blog\/?p=571"},"modified":"2022-11-15T11:32:02","modified_gmt":"2022-11-15T10:32:02","slug":"zabezpieczenie-windows-server-zerologon-cve-2020-1472","status":"publish","type":"post","link":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/","title":{"rendered":"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472"},"content":{"rendered":"

W ostatnich dniach obserwujemy wzmo\u017cone skanowanie port\u00f3w RDP na naszych serwerach. Powodem zaistnia\u0142ej sytuacji jest krytyczna luka w systemach Windows oznaczona CVE 2020 1472, nazywana r\u00f3wnie\u017c zerologon. Podatno\u015b\u0107 dotyczy protoko\u0142u uwierzytelniania Windows Netlogon, kt\u00f3ra umo\u017cliwia przej\u0119cie kontroli nad ca\u0142\u0105 domen\u0105 Active Directory.<\/p>\n

W celu zminimalizowania zagro\u017cenia rekomendujemy zastosowanie jednego z rozwi\u0105za\u0144:<\/p>\n

1. Wykonanie aktualizacji serwer\u00f3w z systemem operacyjnym Windows Server, przed aktualizacj\u0105 zalecamy wykonanie migawki kontrolnej serwera, aby przy ewentualnym niepowodzeniu aktualizacji przywr\u00f3ci\u0107 serwer do stanu sprzed aktualizacji. Instalacj\u0119 zalecamy bez wzgl\u0119du na to, czy na serwerze zainstalowana jest rola Active Directory.<\/p>\n

2. Je\u017celi serwer musi by\u0107 dost\u0119pny z sieci publicznej zalecamy zmian\u0119 portu RDP<\/a> na losowy, utworzenie dodatkowego konta administracyjnego i zablokowanie kont domy\u015blnych. Polecamy generowa\u0107 skomplikowane has\u0142a dla u\u017cytkownik\u00f3w, minimum 12 znakowe wraz z znakami specjalnymi, cyframi, du\u017cymi i ma\u0142ymi literami. Dodatkowo przy publicznie dost\u0119pnym serwerze wysoce zalecane jest ograniczenie dost\u0119pu do RDP na poziomie zapory ogniowej tylko dla konkretnych ustalonych adres\u00f3w IP.<\/p>\n

3. Kolejnym rozwi\u0105zaniem, kt\u00f3re warto zastosowa\u0107 to tunel VPN. W ofercie NSIX dost\u0119pne s\u0105 certyfikaty<\/a>, kt\u00f3re mo\u017cna zainstalowa\u0107 na serwerze oraz ko\u0144c\u00f3wkach klienckich. Po instalacji nale\u017cy zablokowa\u0107 dost\u0119p do RDP oraz innych wra\u017cliwych us\u0142ug, kt\u00f3re nie powinny by\u0107 dost\u0119pne z poziomu sieci publicznej. Mo\u017cliwe jest r\u00f3wnie\u017c uruchomienie w\u0142asnego serwera VPN, kt\u00f3ry b\u0119dzie umo\u017cliwia\u0142 dost\u0119p do serwera prywatnym szyfrowanym tunelem.<\/p>\n

4. Alternatyw\u0105 dla certyfikat\u00f3w jest uruchomienie wirtualnego routera<\/a>, kt\u00f3ry daje mo\u017cliwo\u015b\u0107 kontroli po\u0142\u0105cze\u0144, \u015bledzenia podejrzanego ruchu, konfiguracj\u0119 routingu oraz uruchomienia us\u0142ugi VPN. Jest to dro\u017csza opcja w stosunku do certyfikat\u00f3w VPN ale daj\u0105ca zdecydowanie wi\u0119cej mo\u017cliwo\u015bci.<\/p>\n

5. Pami\u0119tajmy o wykonywaniu i sprawdzaniu kopii zapasowych, w sytuacji gdy kto\u015b uzyska nieuprawniony dost\u0119p do naszego serwera niejednokrotnie jedyn\u0105 opcj\u0105 jest odzyskanie kopii zapasowej. W NSIX Data Center kopie serwer\u00f3w wirtualnych wykonywane s\u0105 codziennie. Do 3 dni wstecz s\u0105 wykonywane zupe\u0142nie bezp\u0142atnie, dla Klient\u00f3w wymagaj\u0105cych d\u0142u\u017cszej retencji danych w ofercie mamy rozszerzenie harmonogramu kopii zapasowej do 14 dni<\/a>.<\/p>\n

Podsumowuj\u0105c, zagro\u017cenie jest bardzo du\u017ce a mo\u017cliwo\u015bci zabezpieczenia jest co najmniej kilka. Je\u017celi nie wiesz jakie zabezpieczenie wybra\u0107 lub wolisz zleci\u0107 to profesjonalistom zapraszamy do kontaktu z naszym wsparciem<\/a> technicznym. Oszacujemy jakie rozwi\u0105zanie jest najlepsze, zabezpieczymy system oraz dobierzemy us\u0142ugi minimalizuj\u0105ce podobne zagro\u017cenia w przysz\u0142o\u015bci.<\/p>\n","protected":false},"excerpt":{"rendered":"

W ostatnich dniach obserwujemy wzmo\u017cone skanowanie port\u00f3w RDP na naszych serwerach. Powodem zaistnia\u0142ej sytuacji jest krytyczna luka w systemach Windows oznaczona CVE 2020 1472, nazywana r\u00f3wnie\u017c zerologon. Podatno\u015b\u0107 dotyczy protoko\u0142u uwierzytelniania Windows Netlogon, kt\u00f3ra umo\u017cliwia przej\u0119cie kontroli nad ca\u0142\u0105 domen\u0105 Active Directory.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[160,163,158,161,159,3,9,36,79,162,63,34,157],"class_list":["post-571","post","type-post","status-publish","format-standard","hentry","category-bez-kategorii","tag-active-directory","tag-certyfikat-vpn","tag-cve-2020-1472","tag-logowanie","tag-netlogon","tag-serwer-wirtualny","tag-vps","tag-windows-server","tag-wirtualny-router","tag-wlamanie","tag-wsparcie-techniczne","tag-zabezpieczenia","tag-zerologon"],"yoast_head":"\nZabezpieczenie Windows Server \/ Zerologon CVE 2020 1472 - NSIX Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/\" \/>\n<meta property=\"og:locale\" content=\"pl_PL\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472 - NSIX Blog\" \/>\n<meta property=\"og:description\" content=\"W ostatnich dniach obserwujemy wzmo\u017cone skanowanie port\u00f3w RDP na naszych serwerach. Powodem zaistnia\u0142ej sytuacji jest krytyczna luka w systemach Windows oznaczona CVE 2020 1472, nazywana r\u00f3wnie\u017c zerologon. Podatno\u015b\u0107 dotyczy protoko\u0142u uwierzytelniania Windows Netlogon, kt\u00f3ra umo\u017cliwia przej\u0119cie kontroli nad ca\u0142\u0105 domen\u0105 Active Directory.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/\" \/>\n<meta property=\"og:site_name\" content=\"NSIX Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/NSIXpl\" \/>\n<meta property=\"article:published_time\" content=\"2020-11-16T09:12:07+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-11-15T10:32:02+00:00\" \/>\n<meta name=\"author\" content=\"NSIX Data Center\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napisane przez\" \/>\n\t<meta name=\"twitter:data1\" content=\"NSIX Data Center\" \/>\n\t<meta name=\"twitter:label2\" content=\"Szacowany czas czytania\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuty\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/\"},\"author\":{\"name\":\"NSIX Data Center\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#\\\/schema\\\/person\\\/045e2f5bd92a142d6c9d3e2d74d2c514\"},\"headline\":\"Zabezpieczenie Windows Server \\\/ Zerologon CVE 2020 1472\",\"datePublished\":\"2020-11-16T09:12:07+00:00\",\"dateModified\":\"2022-11-15T10:32:02+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/\"},\"wordCount\":425,\"publisher\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#organization\"},\"keywords\":[\"active directory\",\"certyfikat vpn\",\"cve 2020 1472\",\"logowanie\",\"netlogon\",\"serwer wirtualny\",\"vps\",\"windows server\",\"wirtualny router\",\"w\u0142amanie\",\"wsparcie techniczne\",\"zabezpieczenia\",\"zerologon\"],\"inLanguage\":\"pl-PL\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/\",\"url\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/\",\"name\":\"Zabezpieczenie Windows Server \\\/ Zerologon CVE 2020 1472 - NSIX Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#website\"},\"datePublished\":\"2020-11-16T09:12:07+00:00\",\"dateModified\":\"2022-11-15T10:32:02+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/#breadcrumb\"},\"inLanguage\":\"pl-PL\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Strona g\u0142\u00f3wna\",\"item\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Zabezpieczenie Windows Server \\\/ Zerologon CVE 2020 1472\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/\",\"name\":\"NSIX Blog\",\"description\":\"Aktualno\u015bci ze \u015bwiata IT\",\"publisher\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"pl-PL\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#organization\",\"name\":\"NSIX Data Center\",\"url\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"pl-PL\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/nsix_logo.png\",\"contentUrl\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/nsix_logo.png\",\"width\":247,\"height\":48,\"caption\":\"NSIX Data Center\"},\"image\":{\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/NSIXpl\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/nsix.pl\\\/blog\\\/#\\\/schema\\\/person\\\/045e2f5bd92a142d6c9d3e2d74d2c514\",\"name\":\"NSIX Data Center\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472 - NSIX Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/","og_locale":"pl_PL","og_type":"article","og_title":"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472 - NSIX Blog","og_description":"W ostatnich dniach obserwujemy wzmo\u017cone skanowanie port\u00f3w RDP na naszych serwerach. Powodem zaistnia\u0142ej sytuacji jest krytyczna luka w systemach Windows oznaczona CVE 2020 1472, nazywana r\u00f3wnie\u017c zerologon. Podatno\u015b\u0107 dotyczy protoko\u0142u uwierzytelniania Windows Netlogon, kt\u00f3ra umo\u017cliwia przej\u0119cie kontroli nad ca\u0142\u0105 domen\u0105 Active Directory.","og_url":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/","og_site_name":"NSIX Blog","article_publisher":"https:\/\/www.facebook.com\/NSIXpl","article_published_time":"2020-11-16T09:12:07+00:00","article_modified_time":"2022-11-15T10:32:02+00:00","author":"NSIX Data Center","twitter_card":"summary_large_image","twitter_misc":{"Napisane przez":"NSIX Data Center","Szacowany czas czytania":"2 minuty"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/#article","isPartOf":{"@id":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/"},"author":{"name":"NSIX Data Center","@id":"https:\/\/nsix.pl\/blog\/#\/schema\/person\/045e2f5bd92a142d6c9d3e2d74d2c514"},"headline":"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472","datePublished":"2020-11-16T09:12:07+00:00","dateModified":"2022-11-15T10:32:02+00:00","mainEntityOfPage":{"@id":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/"},"wordCount":425,"publisher":{"@id":"https:\/\/nsix.pl\/blog\/#organization"},"keywords":["active directory","certyfikat vpn","cve 2020 1472","logowanie","netlogon","serwer wirtualny","vps","windows server","wirtualny router","w\u0142amanie","wsparcie techniczne","zabezpieczenia","zerologon"],"inLanguage":"pl-PL"},{"@type":"WebPage","@id":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/","url":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/","name":"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472 - NSIX Blog","isPartOf":{"@id":"https:\/\/nsix.pl\/blog\/#website"},"datePublished":"2020-11-16T09:12:07+00:00","dateModified":"2022-11-15T10:32:02+00:00","breadcrumb":{"@id":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/#breadcrumb"},"inLanguage":"pl-PL","potentialAction":[{"@type":"ReadAction","target":["https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/nsix.pl\/blog\/zabezpieczenie-windows-server-zerologon-cve-2020-1472\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Strona g\u0142\u00f3wna","item":"https:\/\/nsix.pl\/blog\/"},{"@type":"ListItem","position":2,"name":"Zabezpieczenie Windows Server \/ Zerologon CVE 2020 1472"}]},{"@type":"WebSite","@id":"https:\/\/nsix.pl\/blog\/#website","url":"https:\/\/nsix.pl\/blog\/","name":"NSIX Blog","description":"Aktualno\u015bci ze \u015bwiata IT","publisher":{"@id":"https:\/\/nsix.pl\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/nsix.pl\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"pl-PL"},{"@type":"Organization","@id":"https:\/\/nsix.pl\/blog\/#organization","name":"NSIX Data Center","url":"https:\/\/nsix.pl\/blog\/","logo":{"@type":"ImageObject","inLanguage":"pl-PL","@id":"https:\/\/nsix.pl\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/nsix.pl\/blog\/wp-content\/uploads\/2019\/04\/nsix_logo.png","contentUrl":"https:\/\/nsix.pl\/blog\/wp-content\/uploads\/2019\/04\/nsix_logo.png","width":247,"height":48,"caption":"NSIX Data Center"},"image":{"@id":"https:\/\/nsix.pl\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/NSIXpl"]},{"@type":"Person","@id":"https:\/\/nsix.pl\/blog\/#\/schema\/person\/045e2f5bd92a142d6c9d3e2d74d2c514","name":"NSIX Data Center"}]}},"_links":{"self":[{"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/posts\/571","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/comments?post=571"}],"version-history":[{"count":5,"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/posts\/571\/revisions"}],"predecessor-version":[{"id":576,"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/posts\/571\/revisions\/576"}],"wp:attachment":[{"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/media?parent=571"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/categories?post=571"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsix.pl\/blog\/wp-json\/wp\/v2\/tags?post=571"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}