Indlela yokuvikela iseva engaphethwe

Indlela yokuvikela iseva engaphethwe

Lesi sihloko sichaza izinyathelo ezimbalwa ongazithatha ukuze usize ukuvikela iseva engaphethwe

Ulwazi kulesi sihloko lusebenza kuphela emikhiqizweni esohlwini lwe-Athikili Yemininingwane yebha eseceleni. Kufanele ube nokufinyelela kwezimpande kuseva ukuze ulandele izinqubo ezichazwe ngezansi

Iseva engaphethwe ikunikeza ukuguquguquka okuphelele. Ngenxa yokuthi unokufinyelela kwezimpande kuseva, ungafaka noma yini oyifunayo, uyilungiselele ngendlela ofuna ngayo, bese uyiqhuba ngendlela ofuna ngayo.

Ngale nkululeko kuza imisebenzi eyengeziwe yokuphatha, nokho, futhi enye ebaluleke kakhulu kuyo ukuphepha. Uma ungathathi izinyathelo zokuvikela iseva yakho, uyishiya ivulekile ukuze ihlaselwe abadlali abanonya. Ukuhlasela okuncane kungase kube ukucasula, kuyilapho ukuhlasela okukhulu kungase kuphumele ekulahlekelweni yikho konke ukucushwa kweseva yakho kanye nedatha.

Ngakho-ke, kubaluleke kakhulu ukuthi uzame ukuvikela iseva yakho ngangokunokwenzeka. Izincomo ezilandelayo zingakusiza wenze lokhu

Amagama ayimfihlo abuthakathaka angabukela phansi iseva emiswe ngokucophelela kakhulu. Izinqubo zokuphepha ezinhle ziqala ngokusebenzisa amagama ayimfihlo aqinile. Ukuze uthole ulwazi mayelana nendlela yokukhetha amagama ayimfihlo aqinile, sicela ubheke lesi sihloko

I-akhawunti yempande inamandla onke, ngakho-ke enye yezinto zokuqala okufanele uzenze kuseva entsha engaphethwe ukudala i-akhawunti yomsebenzisi evamile futhi ukhubaze ukufinyelela kwezimpande ze-SSH. Ukuze uthole ulwazi mayelana nendlela yokwenza lokhu, sicela ubheke lesi sihloko

Ukusingathwa kwe-A2 kusebenzisa imbobo ye-SSH ehlukile (7822) kusuka embobeni yokuzenzakalelayo (22), esiza ukunciphisa inani lama-bots azama ukuskena nokufinyelela iseva yakho. Noma kunjalo, kuwumbono omuhle kakhulu ukukhubaza ukufinyelela kwe-SSH yezimpande

Ubungozi bokuphepha butholakala njalo futhi bupeshwa. (Isibonelo esisodwa esishicilelwe kahle âÂÂi-Heartbleedâ Ukuba sengozini kwe-OpenSSL okwadalulwa ngo-Ephreli 2014.) Ukugcina iseva esesikhathini samanje ngamapeshi nokulungiswa kwakamuva kubalulekile ukuze ulondoloze okwengeziwe. iseva evikelekile

Ukuze uthole ulwazi mayelana nendlela yokufaka izibuyekezo kuseva engaphethwe, sicela ubone lesi sihloko

I-firewall ikuvumela ukuthi ulawule amaphakethe enethiwekhi angenayo naphumayo. Isibonelo, ungacacisa imithetho evimbela wonke amaphakethe angenayo ku-port 25, noma wonke amaphakethe aphumayo embobeni ethile noma umsingathi.

⢠Ukuze uthole ulwazi mayelana nendlela yokusetha i-firewall usebenzisa ama-iptables, sicela ubheke lesi sihloko.

⢠Ukuze uthole ulwazi mayelana nendlela yokusetha i-firewall usebenzisa i-Advanced Policy Firewall, sicela ubheke lesi sihloko.


Uhlelo lwe-fail2ban lusiza ukuvikela iseva yakho emizamweni yokufinyelela engagunyaziwe ngokuqapha amafayela okungena emisebenzi esolisayo. Ngemva kwenombolo echazwe ngaphambilini yemizamo yokufinyelela ehlulekile ekhelini le-IP, i-fail2ban ivimba ngokuzenzakalelayo

Ukuze uthole ulwazi mayelana nendlela yokusetha i-fail2ban kuseva yakho, sicela ubheke lesi sihloko.