{"id":3624,"date":"2023-12-20T10:56:27","date_gmt":"2023-12-20T09:56:27","guid":{"rendered":"https:\/\/adm-adria.si\/?p=3624"},"modified":"2023-12-21T08:09:50","modified_gmt":"2023-12-21T07:09:50","slug":"ransomware-quest","status":"publish","type":"post","link":"https:\/\/adm-adria.si\/en\/2023\/12\/ransomware-quest\/","title":{"rendered":"Ransomware Quest"},"content":{"rendered":"<h1 class=\"wp-block-heading has-luminous-vivid-orange-color has-text-color has-link-color wp-elements-c659ca57047d207150456634c344dda7\"><strong>Ste pripravljeni na napad izsiljevalske programske opreme (ransomware)?<\/strong><\/h1>\n\n\n\n<p style=\"font-size:16px\">Nedavni kibernetski napadi so lahko preventivno opozorilo, da nih\u010de ni varen.<\/p>\n\n\n\n<p style=\"font-size:16px\">Kako imate v podjetju poskrbljeno za kibernetsko varnost? Sledite pravilu 3-2-1? Tri varnostne kopije na dveh razli\u010dnih vrstah pomnilnika in vsaj eno varnostno kopijo na drugi lokaciji? Potem ste bolje pripravljeni kot ve\u010dina podjetij in se zavedate posledic uspe\u0161nega napada. Kak\u0161no strategijo pa imate za obnovitev aktivnega imenika (angl. Active Directory; AD)?<\/p>\n\n\n\n<p style=\"font-size:16px\">Kot veste, \u010de aktivni imenik odpove, je podjetje enako ladji brez kapitana, motorjev in posadke. Podjetje je slepo, zaposleni ne morejo dostopati do ni\u010desar v IT okolju, od enostavnega prijavljanja v ra\u010dunalnik, dostopa do podatkov do izvajanja aplikacij in vsega ostalega. Dokler aktivni imenik zopet ne deluje, je usoda podjetja vsako uro bolj mra\u010dna. <\/p>\n\n\n\n<p style=\"font-size:16px\">Najbolj\u0161i na\u010din za zmanj\u0161anje teh izpadov je celovita strategija za obnovitev aktivnega imenika, ki jo zagotavlja <a href=\"https:\/\/www.quest.com\/products\/recovery-manager-for-active-directory-disaster-recovery-edition\/\">Quest Recovery Manager for Active Directory \u00a0(RMAD).<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading has-luminous-vivid-orange-color has-text-color has-link-color wp-elements-d70d809d9b7283d514fdb0a66d5d9569\"><strong>Kako poteka obnova aktivnega imenika?<\/strong><\/h2>\n\n\n\n<p style=\"font-size:16px\">Aktivni imenik (AD) je klju\u010dna sestavina infrastrukture IT v \u0161tevilnih organizacijah, saj zagotavlja bistvene storitve, kot sta avtentikacija in avtorizacija. Ker je v tem primeru \u010das denar, kako lahko postopek opravite \u010dim hitreje? Za ponovno vzpostavitev sistemov je potrebno zagotoviti hitro obnovitev domenskih stre\u017enikov (angl. domain controllers; DC).<\/p>\n\n\n<style>.wp-block-kadence-iconlist.kt-svg-icon-list-items3624_9264ea-bf:not(.this-stops-third-party-issues){margin-top:0px;margin-bottom:0px;}.wp-block-kadence-iconlist.kt-svg-icon-list-items3624_9264ea-bf ul.kt-svg-icon-list:not(.this-prevents-issues):not(.this-stops-third-party-issues):not(.tijsloc){margin-top:0px;margin-right:0px;margin-bottom:var(--global-kb-spacing-sm, 1.5rem);margin-left:0px;}.wp-block-kadence-iconlist.kt-svg-icon-list-items3624_9264ea-bf ul.kt-svg-icon-list{grid-row-gap:5px;}.wp-block-kadence-iconlist.kt-svg-icon-list-items3624_9264ea-bf ul.kt-svg-icon-list .kt-svg-icon-list-item-wrap .kt-svg-icon-list-single{margin-right:10px;}.kt-svg-icon-list-items3624_9264ea-bf ul.kt-svg-icon-list .kt-svg-icon-list-item-wrap, .kt-svg-icon-list-items3624_9264ea-bf ul.kt-svg-icon-list .kt-svg-icon-list-item-wrap a{font-size:18px;}.kt-svg-icon-list-items3624_9264ea-bf ul.kt-svg-icon-list .kt-svg-icon-list-level-0 .kt-svg-icon-list-single svg{font-size:20px;}<\/style>\n<div class=\"wp-block-kadence-iconlist kt-svg-icon-list-items kt-svg-icon-list-items3624_9264ea-bf kt-svg-icon-list-columns-1 alignnone\"><ul class=\"kt-svg-icon-list\"><style>.kt-svg-icon-list-item-3624_dee6b2-c1 .kt-svg-icon-list-single{font-size:44px !important;color:#ff6900 !important;}.kt-svg-icon-list-item-3624_dee6b2-c1 .kt-svg-icon-list-text mark.kt-highlight{background-color:unset;font-style:normal;color:#f76a0c;-webkit-box-decoration-break:clone;box-decoration-break:clone;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;}<\/style>\n<li class=\"wp-block-kadence-listitem kt-svg-icon-list-item-wrap kt-svg-icon-list-item-3624_dee6b2-c1\"><span class=\"kb-svg-icon-wrap kb-svg-icon-fe_alertTriangle kt-svg-icon-list-single\"><svg viewbox=\"0 0 24 24\"  fill=\"none\" stroke=\"currentColor\" stroke-width=\"2\" stroke-linecap=\"round\" stroke-linejoin=\"round\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><path d=\"M10.29 3.86L1.82 18a2 2 0 0 0 1.71 3h16.94a2 2 0 0 0 1.71-3L13.71 3.86a2 2 0 0 0-3.42 0z\"\/><line x1=\"12\" y1=\"9\" x2=\"12\" y2=\"13\"\/><line x1=\"12\" y1=\"17\" x2=\"12\" y2=\"17\"\/><\/svg><\/span><span class=\"kt-svg-icon-list-text\"><strong>\u010ce je napad prizadel vse domenske stre\u017enike v eni domeni, vas \u010daka velik izziv. \u010ce pa je bil prizadet celoten gozd aktivnega imenika, vas \u010daka premagovanje Everesta.<\/strong><\/span><\/li>\n<\/ul><\/div>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full has-custom-border\"><img loading=\"lazy\" decoding=\"async\" width=\"933\" height=\"479\" src=\"https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika1.png\" alt=\"\" class=\"wp-image-3625\" style=\"border-width:1px;border-radius:10px\" srcset=\"https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika1.png 933w, https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika1-300x154.png 300w, https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika1-768x394.png 768w, https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika1-18x9.png 18w\" sizes=\"auto, (max-width: 933px) 100vw, 933px\" \/><\/figure>\n\n\n<style>.wp-block-kadence-column.kb-section-dir-horizontal > .kt-inside-inner-col > .kt-info-box3624_951069-18 .kt-blocks-info-box-link-wrap{max-width:unset;}.kt-info-box3624_951069-18 .kt-blocks-info-box-link-wrap{border-top:5px solid var(--global-palette7, #eeeeee);border-right:5px solid var(--global-palette7, #eeeeee);border-bottom:5px solid var(--global-palette7, #eeeeee);border-left:5px solid var(--global-palette7, #eeeeee);background:#ffffff;padding-top:var(--global-kb-spacing-sm, 1.5rem);padding-right:var(--global-kb-spacing-sm, 1.5rem);padding-bottom:var(--global-kb-spacing-sm, 1.5rem);padding-left:var(--global-kb-spacing-sm, 1.5rem);margin-top:50px;}.kt-info-box3624_951069-18 .kadence-info-box-icon-container .kt-info-svg-icon, .kt-info-box3624_951069-18 .kt-info-svg-icon-flip, .kt-info-box3624_951069-18 .kt-blocks-info-box-number{font-size:50px;}.kt-info-box3624_951069-18 .kt-blocks-info-box-media{color:#ff6900;background:#ffffff;border-color:var(--global-palette7, #eeeeee);border-top-width:5px;border-right-width:5px;border-bottom-width:5px;border-left-width:5px;padding-top:20px;padding-right:20px;padding-bottom:20px;padding-left:20px;}.kt-info-box3624_951069-18 .kt-blocks-info-box-media-container{margin-top:-75px;margin-right:0px;margin-bottom:20px;margin-left:0px;}.kt-info-box3624_951069-18 .kt-infobox-textcontent h2.kt-blocks-info-box-title{color:#ff6900;font-size:20px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;margin-top:5px;margin-right:0px;margin-bottom:10px;margin-left:0px;}.wp-block-kadence-infobox.kt-info-box3624_951069-18 .kt-blocks-info-box-text{font-size:16px;}.kt-info-box3624_951069-18 .kt-blocks-info-box-learnmore{background:transparent;border-width:0px 0px 0px 0px;padding-top:4px;padding-right:8px;padding-bottom:4px;padding-left:8px;margin-top:10px;margin-right:0px;margin-bottom:10px;margin-left:0px;}@media all and (max-width: 1024px){.kt-info-box3624_951069-18 .kt-blocks-info-box-link-wrap{border-top:5px solid var(--global-palette7, #eeeeee);border-right:5px solid var(--global-palette7, #eeeeee);border-bottom:5px solid var(--global-palette7, #eeeeee);border-left:5px solid var(--global-palette7, #eeeeee);}}@media all and (max-width: 767px){.kt-info-box3624_951069-18 .kt-blocks-info-box-link-wrap{border-top:5px solid var(--global-palette7, #eeeeee);border-right:5px solid var(--global-palette7, #eeeeee);border-bottom:5px solid var(--global-palette7, #eeeeee);border-left:5px solid var(--global-palette7, #eeeeee);}}<\/style>\n<div class=\"wp-block-kadence-infobox kt-info-box3624_951069-18\"><span class=\"kt-blocks-info-box-link-wrap info-box-link kt-blocks-info-box-media-align-top kt-info-halign-left\"><div class=\"kt-blocks-info-box-media-container\"><div class=\"kt-blocks-info-box-media kt-info-media-animate-none\"><div class=\"kadence-info-box-icon-container kt-info-icon-animate-none\"><div class=\"kadence-info-box-icon-inner-container\"><span class=\"kb-svg-icon-wrap kb-svg-icon-fas_info-circle kt-info-svg-icon\"><svg viewbox=\"0 0 512 512\"  fill=\"currentColor\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\"  aria-hidden=\"true\"><path d=\"M256 8C119.043 8 8 119.083 8 256c0 136.997 111.043 248 248 248s248-111.003 248-248C504 119.083 392.957 8 256 8zm0 110c23.196 0 42 18.804 42 42s-18.804 42-42 42-42-18.804-42-42 18.804-42 42-42zm56 254c0 6.627-5.373 12-12 12h-88c-6.627 0-12-5.373-12-12v-24c0-6.627 5.373-12 12-12h12v-64h-12c-6.627 0-12-5.373-12-12v-24c0-6.627 5.373-12 12-12h64c6.627 0 12 5.373 12 12v100h12c6.627 0 12 5.373 12 12v24z\"\/><\/svg><\/span><\/div><\/div><\/div><\/div><div class=\"kt-infobox-textcontent\"><h2 class=\"kt-blocks-info-box-title\"><strong>Najbolj\u0161a praksa za obnovitev aktivnega imenika, ki jo priporo\u010da tudi Microsoft, je postopen pristop.<\/strong><\/h2><p class=\"kt-blocks-info-box-text\"><strong>V prvi fazi<\/strong> obnovitve je cilj ponovno vzpostaviti delovanje enega klju\u010dnega domenskega stre\u017enika v vsaki domeni, da hitro povrnete podjetju vsaj delno funkcionalnost. Za\u010detni korak torej vklju\u010duje obnovitev izbranih domenskih stre\u017enikov iz varnostne kopije. Metoda obnove je odvisna od razpolo\u017eljivih orodij. Osnovne re\u0161itve lahko ponujajo obnovitev na ravni slike, kot na primer BRM obnovitev (angl. Bare Metal Recovery; BMR), kar vklju\u010duje tudi datoteke, ki niso del aktivnega imenika. Posledi\u010dno ima zlonamerna programska oprema ve\u010d mest, kamor se lahko skrije in zopet vrne po obnovitvi.<br\/><br\/>Poslovne re\u0161itve pa lahko zagotavljajo \u010disto obnovo operacijskega sistema, funkcijo, ki presega zmogljivosti osnovnih orodij. Ko so domenski stre\u017eniki obnovljeni, jih je treba ponovno konfigurirati, da komunicirajo in delujejo kot del gozda aktivnega imenika.<br\/><br\/><strong>V drugi fazi<\/strong> se lahko lotite \u0161e napredovanja ostalih domenskih krmilnikov. Microsoft priporo\u010da uporabo namestitve direktno z medija (IFM), ker uporablja manj prometa in tako pohitri postopek napredovanja krmilnikov.<\/p><\/div><\/span><\/div>\n\n\n\n<h3 class=\"wp-block-heading has-luminous-vivid-orange-color has-text-color has-link-color wp-elements-c69c5777ff9574aa579092457d839d76\"><strong>Quest Recovery Manager for Active Directory(\u00bbRMAD\u00ab) lahko dodatno pospe\u0161i obnovo<\/strong><\/h3>\n\n\n\n<p style=\"font-size:16px\">Vsebuje tudi namenski \u00bbSecure Storage\u00ab stre\u017enik, ki je popolnoma izoliran od domenskega okolja in dosegljiv samo prek &nbsp;IPSec protokola, ki ne omogo\u010da spreminjanja ali brisanja hranjenih varnostnih kopij. V najslab\u0161em scenariju, ki vklju\u010duje izgubo domenskih krmilnikov, kompromitirano shrambo &nbsp;varnostnih kopij in tudi sam stre\u017enik re\u0161itve Quest Recovery Manager, se \u0161e lahko vedno zanesete na varen stre\u017enik Secure Storage. Ta vam bo vedno omogo\u010dil hitro postavitev domene (tudi na prazne stre\u017enike prek BMR). V primeru, da pa sumite, da je izsiljevalska oprema v okolju \u017ee nekaj \u010dasa pa lahko najprej odprete Imenik v \u00bbIzoliranem na\u010dinu\u00ab in spremenite vsa gesla preden ga postavite v okolje.<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full has-custom-border\"><img loading=\"lazy\" decoding=\"async\" width=\"933\" height=\"478\" src=\"https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika2.png\" alt=\"\" class=\"wp-image-3626\" style=\"border-width:1px;border-radius:10px\" srcset=\"https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika2.png 933w, https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika2-300x154.png 300w, https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika2-768x393.png 768w, https:\/\/adm-adria.si\/wp-content\/uploads\/2023\/12\/Slika2-18x9.png 18w\" sizes=\"auto, (max-width: 933px) 100vw, 933px\" \/><\/figure>\n\n\n\n<p style=\"font-size:16px\">V postopku obnove je veliko ro\u010dnih procesov. Na primer, delegiranje enega stre\u017enika v domenski stre\u017enik lahko traja nekaj minut ali nekaj ur. Z uporabo re\u0161itve RMAD lahko avtomatizirate vsa ro\u010dna opravila in hkrati poskrbite, da so koraki opravljeni v pravilnem vrstnem redu in brez napak. Quest re\u0161itev vam lahko avtomatizira name\u0161\u010danje domenskih krmilnikov z IFM in hkrati vzpostavi tudi vzporedno name\u0161\u010daje ve\u010d domenskih krmilnikov, kar ob\u010dutno skraj\u0161a \u010das obnove.<\/p>\n\n\n\n<p style=\"font-size:16px\">Seveda obstaja tudi Powershell knji\u017enjica, ki omogo\u010da \u0161e dodaten nivo avtomatizacije \u00bbRMAD\u00ab.<\/p>\n\n\n\n<p style=\"font-size:16px\">Quest Recovery Manager lahko po incidentu obnovi tudi aktivni imenik Microsofta Azure, kar je pomembno za prepre\u010devanje te\u017eav s sinhronizacijo in zagotavljanje razpolo\u017eljivosti lokalnega in Azure aktivnega imenika. Preko enotne nadzorne plo\u0161\u010de lahko IT oddelek enostavneje razlikuje med hibridnimi in obla\u010dnimi objekti, primerja produkcijske varnostne kopije in kopije v realnem \u010dasu.<\/p>\n\n\n\n<p style=\"font-size:16px\">Zagotavlja tudi mo\u017enost granularne obnovitve, kar pomeni, da lahko ekipe IT obnovijo le dolo\u010dene objekte in atribute brez potrebe po ponovnem zagonu domenskega krmilnika. Po napadu z izsiljevalsko opremo bo Quest Recovery Manager avtomatiziral celoten postopek obnovitve, vklju\u010dno z ve\u010d kot 40 korakih, opisanimi v Microsoftovem dokumentu o obnovitvi gozda aktivnih imenikov.<\/p>\n\n\n\n<p style=\"font-size:16px\"><strong>Pripravite se na ransomware in ostale kibernetske napade z re\u0161itvijo <a href=\"https:\/\/www.quest.com\/products\/recovery-manager-for-active-directory-disaster-recovery-edition\/\">Quest Recovery Manager<\/a>, ki vam bo zagotovila najkraj\u0161i \u010das izpada in najhitrej\u0161o vrnitev na delo.<\/strong><\/p>","protected":false},"excerpt":{"rendered":"<p>Ste pripravljeni na napad izsiljevalske programske opreme (ransomware)? Nedavni kibernetski napadi so lahko preventivno opozorilo, da nih\u010de ni varen. Kako imate v podjetju poskrbljeno za kibernetsko varnost? Sledite pravilu 3-2-1? Tri varnostne kopije na dveh razli\u010dnih vrstah pomnilnika in vsaj eno varnostno kopijo na drugi lokaciji? Potem ste bolje pripravljeni kot ve\u010dina podjetij in se [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":3638,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"set","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3624","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-novice"],"_links":{"self":[{"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/posts\/3624","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/comments?post=3624"}],"version-history":[{"count":4,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/posts\/3624\/revisions"}],"predecessor-version":[{"id":3635,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/posts\/3624\/revisions\/3635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/media\/3638"}],"wp:attachment":[{"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/media?parent=3624"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/categories?post=3624"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adm-adria.si\/en\/wp-json\/wp\/v2\/tags?post=3624"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}