{"id":6456,"date":"2016-01-21T10:09:32","date_gmt":"2016-01-21T08:09:32","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=6456"},"modified":"2016-01-21T10:09:32","modified_gmt":"2016-01-21T08:09:32","slug":"dns-guvenligi-ile-veriyi-altyapiyi-korumanin-yollari","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/dns-guvenligi-ile-veriyi-altyapiyi-korumanin-yollari\/","title":{"rendered":"DNS G\u00fcvenli\u011fi \u0130le Veriyi ve Altyap\u0131y\u0131 Koruman\u0131n Yollar\u0131"},"content":{"rendered":"

A\u011f g\u00fcvenli\u011fi IT\u2019ler aras\u0131nda en \u00e7ok \u00f6nemsenen konudur ama alan ad\u0131 sistemi (DNS) de s\u0131k s\u0131k ihmal edilen bir zafiyettir. DNS a\u011f olu\u015fturma altyap\u0131lar\u0131n\u0131n en \u00f6nemli bile\u015fenlerinden birisidir ve internete ba\u011flanan t\u00fcm cihazlar i\u00e7in bir gerekliliktir \u00e7\u00fcnk\u00fc a\u011f kaynaklar\u0131 i\u00e7in hedef dizin hizmeti sunar.
\n<\/span><\/p>\n

Di\u011fer yandan, DNS bir kurumun siber g\u00fcvenlik savunmas\u0131ndaki arac\u0131da olabilir. A\u011f ge\u00e7idi i\u015flevini g\u00f6rd\u00fc\u011f\u00fc i\u00e7in yap\u0131s\u0131 gere\u011fi korunmas\u0131 zordur. 30 y\u0131l \u00f6nce ilk olarak kullan\u0131lmaya ba\u015fland\u0131\u011f\u0131nda g\u00fcvenlik kayg\u0131s\u0131 g\u00f6z \u00f6n\u00fcnde bulundurularak tasarlanmam\u0131\u015ft\u0131r \u00e7\u00fcnk\u00fc potansiyel bir hedef olabilece\u011fi kimsenin akl\u0131na gelmemi\u015ftir. G\u00fcn\u00fcm\u00fczde de bir\u00e7ok kurulu\u015f DNS\u2019in korunmas\u0131 gereken bir \u015fey oldu\u011funun fark\u0131nda de\u011fildir. Halbuki DNS hackleri giderek daha yayg\u0131nla\u015fmaktad\u0131r.<\/span><\/p>\n

2013 y\u0131l\u0131nda Ulusal Standart ve Teknoloji Enstit\u00fcs\u00fc<\/strong> (National Institute of Standarts and Technology\/NIST) yay\u0131nlam\u0131\u015f oldu\u011fu G\u00fcvenli Alan Ad\u0131 Sistemi Olu\u015fturma K\u0131lavuzu<\/a>\u2019nda ilk kez DNS\u2019in sald\u0131r\u0131 hedefi olabilece\u011finden bahsetmi\u015ftir: \u201cHostlar g\u00fcvenli\u011fin \u00f6nemini kavrad\u0131k\u00e7a ve uygulamalar a\u011f i\u015flemleri i\u00e7in DNS altyap\u0131s\u0131na ba\u011fl\u0131 olmaya ba\u015flad\u0131k\u00e7a, DNS altyap\u0131s\u0131 daha cazip bir hedef halini alacakt\u0131r.\u201d<\/span><\/p>\n

NIST\u2019in tahminleri do\u011fru \u00e7\u0131km\u0131\u015ft\u0131r. DNS bir\u00e7ok sald\u0131r\u0131 i\u00e7in kullan\u0131lan bir numaral\u0131 protokol halini alm\u0131\u015ft\u0131r ve art\u0131k uygulama katman\u0131 sald\u0131r\u0131larda en \u00e7ok hedef al\u0131nan hizmettir. Ayr\u0131ca DNS \u00fczerinden yap\u0131lan veri h\u0131rs\u0131zl\u0131klar\u0131 da giderek artmaktad\u0131r. Bir DNS korumas\u0131z olarak b\u0131rak\u0131l\u0131rsa sald\u0131rganlar bundan faydalanarak kurulu\u015flar\u0131n i\u015fleyi\u015fine m\u00fcdahale edebilirler.<\/span><\/p>\n

\u0130ki tip DNS sald\u0131r\u0131s\u0131 vard\u0131r. Birincisi DNS hizmetini aksatma sald\u0131r\u0131lar\u0131d\u0131r. Bu sald\u0131r\u0131lar belirli bir makineye ya da a\u011fa eri\u015fimi k\u0131s\u0131tlarlar ama kurulu\u015flara saatte 100.000 dolarl\u0131k zararlar verebilir ve bir a\u011f\u0131 tamamen \u00e7evrimd\u0131\u015f\u0131 hale getirebilirler. \u0130kinci tip sald\u0131r\u0131 ise veri h\u0131rs\u0131zl\u0131\u011f\u0131d\u0131r. Burada sald\u0131rganlar DNS\u2019i \u00f6nemli bilgileri, fikri m\u00fclkiyeti, ki\u015fisel bilgileri, e-postalar\u0131, gizli dosyalar\u0131 vs \u00e7almak i\u00e7in kullan\u0131rlar. Her iki sald\u0131r\u0131 tipi de kurulu\u015flar\u0131n i\u015fleyi\u015fini tamamen bozma potansiyeline sahiptir.<\/span><\/p>\n

\"dns<\/a><\/p>\n

DNS\u2019i korumak i\u00e7in ne yap\u0131labilir?<\/span><\/p>\n

DNS mutlaka korunmas\u0131 gerekecek kadar hassas bir sistemdir. NIST\u2019e g\u00f6re DNS g\u00fcvenli\u011fi i\u00e7in en \u00f6nemli iki husus veri b\u00fct\u00fcnl\u00fc\u011f\u00fc ve kaynaklar\u0131n kimli\u011finin do\u011frulanmas\u0131d\u0131r. Peki DNS sald\u0131r\u0131lar\u0131na kar\u015f\u0131 korunmak i\u00e7in ne gibi hedefler belirlenmelidir?<\/span><\/p>\n

Bir sald\u0131r\u0131 ger\u00e7ekle\u015fmeden \u00f6nce:<\/span><\/p>\n

Proaktif olun.<\/strong> DNS paketlerinizi s\u00fcrekli koruma alt\u0131nda tutarak sald\u0131r\u0131lara haz\u0131rl\u0131kl\u0131 olun. G\u00fcvenlik protokollerinin \u00e7o\u011funun DNS g\u00fcvenli\u011fi konusunda yetersiz oldu\u011funu unutmay\u0131n. En do\u011frusu DNS korumas\u0131n\u0131 farkl\u0131 g\u00fcvenlik teknolojilerine ba\u011flamak yerine bizzat DNS sunucusunun i\u00e7inde olu\u015fturmakt\u0131r.<\/span><\/p>\n

A\u011f\u0131n g\u00f6r\u00fcn\u00fcr olmas\u0131n\u0131 sa\u011flay\u0131n.<\/strong> Hangi cihazlar\u0131n a\u011fa ba\u011fl\u0131 oldu\u011funu ve bu cihazlar\u0131 kimin kulland\u0131\u011f\u0131n\u0131 bilmek DNS sald\u0131r\u0131lar\u0131n\u0131 tespit etmenin ve durdurman\u0131n ilk \u015fart\u0131d\u0131r. Bu bilgi IT ekiplerinin a\u011flara say\u0131s\u0131z cihazdan gelebilecek sald\u0131r\u0131 riskini u\u00e7 nokta yaz\u0131l\u0131mlara gerek kalmaks\u0131z\u0131n kontrol alt\u0131na al\u0131p ortadan kald\u0131rmas\u0131n\u0131 kolayla\u015ft\u0131r\u0131r. Davran\u0131\u015f analizlerine dayal\u0131 tehditleri tan\u0131mlamak ve g\u00fcn i\u00e7erisinde gelen ataklar\u0131 ve bilinen tehditleri tespit etmek i\u00e7in ger\u00e7ek zamanl\u0131 i\u015flemleri ve analizleri tercih etmelisiniz.<\/span><\/p>\n

Her t\u00fcr tehdide kar\u015f\u0131 \u00f6nlem al\u0131n.<\/strong> DNS g\u00fcvenli\u011fi DNS altyap\u0131s\u0131na yap\u0131lan sald\u0131r\u0131lar\u0131 engelleyerek, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m veya geli\u015fmi\u015f kal\u0131c\u0131 tehdit ileti\u015fimini bozarak ve DNS \u00fczerinden yap\u0131lan veri h\u0131rs\u0131zl\u0131\u011f\u0131n\u0131 durdurarak hem dahili hem de harici tehditlere kar\u015f\u0131 koruma sa\u011flamal\u0131d\u0131r.<\/span><\/p>\n

Tehdit tespit edildikten sonra:<\/span><\/p>\n

H\u0131zl\u0131 tepki verin.<\/strong> A\u011flar\u0131nda g\u00f6r\u00fcn\u00fcrl\u00fc\u011f\u00fc sa\u011flam\u0131\u015f olan kurulu\u015flar tehditleri h\u0131zl\u0131 bir \u015fekilde tespit edip h\u0131zl\u0131 tepkiler verebilir. IT y\u00f6neticileri de sald\u0131r\u0131lar\u0131 ve k\u00f6t\u00fc niyetli ileti\u015fim giri\u015fimlerini detayl\u0131 bir \u015fekilde g\u00f6rebilmeli ve drill-down analizlerle bu tehditleri h\u0131zla tespit edip a\u011flar\u0131n\u0131 koruyacak ad\u0131mlar\u0131 atabilmelidir.<\/span><\/p>\n

A\u011f\u0131 d\u00fczg\u00fcn ve sorunsuz \u00e7al\u0131\u015f\u0131r halde tutun.<\/strong> Hizmetler ve uygulamalar, a\u011f sald\u0131r\u0131 alt\u0131nda olsa bile \u00e7al\u0131\u015f\u0131r halde olmaya devam etmelidir. DNS koruma ara\u00e7lar\u0131n\u0131z\u0131n siz gayrime\u015fru aktiviteleri engellemeye \u00e7al\u0131\u015f\u0131rken me\u015fru trafi\u011fin aksamamas\u0131n\u0131 sa\u011flamas\u0131 gerekir.<\/span><\/p>\n

Uygun \u00e7\u00f6z\u00fcm\u00fc bulun.<\/strong> Kurulu\u015flar genellikle farkl\u0131 tehdit tipleri i\u00e7in bir\u00e7ok farkl\u0131 a\u011f g\u00fcvenli\u011fi \u00e7\u00f6z\u00fcm\u00fc kullan\u0131rlar. Bu ara\u00e7lar da genellikle bir arada \u00e7al\u0131\u015fmaz, yap\u0131lan harcaman\u0131n kar\u015f\u0131l\u0131\u011f\u0131n\u0131 vermez ve g\u00fcvenlik rand\u0131man\u0131n\u0131 d\u00fc\u015f\u00fcr\u00fcr. Kurulu\u015funuzun genel g\u00fcvenlik mimarisine uygun DNS \u00e7\u00f6z\u00fcmleri bulmaya \u00e7al\u0131\u015f\u0131n.<\/span><\/p>\n

G\u00fcn\u00fcm\u00fcz\u00fcn karma\u015f\u0131k tehdit ortam\u0131 da ba\u015fta DNS\u2019leri hedefleyenler olmak \u00fczere bir\u00e7ok farkl\u0131 sald\u0131r\u0131 tipine kar\u015f\u0131 ayn\u0131 anda koruma sa\u011flayacak farkl\u0131 g\u00fcvenlik \u00f6nlemleri bulunuyor.
\n<\/span><\/p>\n

Infoblox Kurumsal DNS Y\u00f6netimi<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

A\u011f g\u00fcvenli\u011fi IT\u2019ler aras\u0131nda en \u00e7ok \u00f6nemsenen konudur ama alan ad\u0131 sistemi (DNS) de s\u0131k s\u0131k ihmal edilen bir zafiyettir. DNS a\u011f…<\/p>\n","protected":false},"author":3,"featured_media":6459,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-6456","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6456","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=6456"}],"version-history":[{"count":3,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6456\/revisions"}],"predecessor-version":[{"id":6468,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/6456\/revisions\/6468"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/6459"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=6456"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=6456"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=6456"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}