- Hubi siyaasadaha (GPO), adeegyada, iyo dhegaystaha RDP ka hor inta aanad taaban dabka si aad u go'doomiso isha xannibaadda.
- Hubi dekedda 3389, sharciyo firfircoon iyo shahaadooyin; khilaaf ama shahaado jaban waxay ka hortagtaa dhageystaha inuu dhageysto.
- Khaladaadka aqoonsiga (CredSSP, NLA, ogolaanshaha) waxay u badan yihiin sida khaladaadka shabakada; la jaan qaada wararka iyo kooxaha.
- Haddii aadan furi karin dekedaha, isticmaal albaabka RDP oo leh MFA ama dallaal sugan oo ka fogaanaya soo bandhigida dekedda 3389.
Haddii isku xirka Desktop-ka fog uu si lama filaan ah u shaqeeyo, waxaa laga yaabaa inaad u maleyso inuu yahay firewall-ka ama in mishiinka uu dansan yahay. Laakiin RDP, dambiilaha dhabta ah badanaa waa... siyaasadaha shabakada, GPOs, ama adeegyada xannibaya dekedda 3389 Digniin la'aan. Akhbaarta wanaagsan: iyadoo la raacayo isku xigxig la dalbaday oo hubin ah, waxaad ku sooci kartaa qaladka daqiiqado gudahood.
Hagahan waxaad ka heli doontaa habab la taaban karo oo la xaqiijiyay oo lagu baadho laguna saxo siyaasadaha, qawaaniinta, iyo qaabaynta ka hortagaya RDP in Windows, labadaba qalabka maxaliga ah iyo kuwa fog, ee shabakada shirkadda, VPN iyo xataa daruuraha sida Google Daruur Waxa kale oo aad arki doontaa sida loola tacaalo khaladaadka aqoonsiga (CredSSP), shahaadooyinka, isku dhacyada dekedaha, DNS iyo waxqabadka, oo lagu daray waxyaabo kale marka aad u baahato wax shaqeeya adigoon furin dekedaha.
Sida loo ogaado haddii siyaasad ama shabakad ay xannibayso RDP
Kahor intaadan taaban diiwaanka ama firewall-ka, waa fikrad wanaagsan inaad xaqiijiso haddii dhibku ka jiro gaadhista shabakada, shaandhaynta, ama dheregistaDariiq gaaban oo faa'iido leh oo kombuyuutar kale ah ayaa ah in la tijaabiyo gelitaanka dekedda iyadoo la adeegsanayo adeegyada sida psping: psping -accepteula <IP-equipo>:3389. Haddaad aragto Ku xidhida… isku dayo aan miro dhalin, ama a Kumbuyuutarka fog ayaa diiday isku xirka shabakada, waxay muujinaysaa xannibaad dhexdhexaad ah ama adeeg la'aan.
Tijaabi ilo badan (subnet kale, VPN kale, shabakad guri, ama 4G) si aad u aragto haddii xannibaadu tahay lagu soo xulay qayb ama asal ahaanHaddii ay ka guuldarreysato dhammaan dhinacyada, waxay u badan tahay in uu xannibay dab-damis ku wareegsan ama Windows laftiisa. Haddii ay hal dhinac uun ka fashilanto, hubi liisaska oggolaanshaha. ACLs iyo xeerarka firewall dhexe.
Si dhakhso leh u hubi heerka RDP iyo adeegyadeeda
Ku billow in aad xaqiijiso in nidaamka fog-fog uu ogolyahay isku xirka Desktop Fog iyo in adeegyadu ay socdaan; Tani waxay meesha ka saaraysaa aasaaska laba ama saddex amarada.
Mashiinka maxaliga ah, awoodsiinta RDP waa mid fudud sida furitaanka Settings iyo hawlgelinta. Desktop fog (eeg adigoo isticmaalaya Windows 11 Remote DesktopSi loo xakameeyo fican (ama haddii UI-gu aanu ka jawaabin), ka hubi diiwaanka: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server y HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. Qiimaha fDenyTSConnections waa inay noqotaa 0 (qiimaha 1 macnaheedu waa RDP naafo ah).
Meel fog, ku xidh diiwaanka shabakada ee Tifaftiraha Diiwaanka (Faylka> Ku Xidhnow Diiwaanka Shabakadda), u gudub isla dariiqooyinka, oo xaqiiji in aanay jirin siyaasad ku qasbaysa xannibaadda; haddii ay muuqato fDenyTSConnections=1, u beddel 0 oo u fiirso haddii Waxay ku soo noqotaa 1 ka dib dhowr daqiiqo. (calaamadaha GPO ee baahsan).
Sidoo kale hubi in adeegyada lagama maarmaanka ah ay ka socdaan labada daraf: Adeegyada Desktop Fog (Service) y Dib u habeeyaha Dekadda Isticmaalaha Adeega Desktop-ka Fog (UmRdpService)Waxaad ku samayn kartaa adeegyada.msc ama la PowerShellHaddii aad u baahan tahay hagaha adeegyada tafatirka, la tasho Wax ka beddel adeegyada gudaha Windows 11Haddii qof la xidho, Bilow oo isku day markale.
Shayga Siyaasadda Kooxda (GPO): Sida loo xannibo iyo sida loo furo
Marka RDP aan lagu dhaqaajin karin interface-ka, ama qiimihii diiwaanka dib loo celiyay, waxaa hubaal ah in ay dhaqan galinayso siyaasad. Si loo aqoonsado siyaasaddan mishiinka ay saamaysay, ku wad taliska soo socda a CMD sare gpresult /H c:\gpresult.html oo furay warbixinta; hoostooda Habaynta Kombuyuutarka > Qaababka Maamulka > Qaybaha Windows dardaaranka ayaa raadinaya U oggolow isticmaalayaasha inay ku xidhmaan meel fog iyagoo isticmaalaya Adeegyada Desktop Fog.
Haddii aad u aragto sida NaafoLa tasho warbixinta si aad u ogaato waxa GPO ee ku guulaysta iyo baaxada ay khusayso (goobta, domain, ama OU). Sidoo kale dib u eeg sida Ku biirista domain gudaha Windows Haddii aad ka shakisan tahay dhibaatooyinka domainka, laga bilaabo Tifaftiraha Shayga Siyaasadda Kooxda (GPE) ee heerka ku habboon, u beddel siyaasadda Dareemi ama lama habeeyayiyo kooxaha ku lugta leh, waxay ku qasbeysaa codsiga gpupdate /force.
Haddii aad ku maamusho GPMC, waxaad sidoo kale ka saari kartaa isku xirka GPO-ga gudaha unugga ururka halkaas oo ay khusayso qalabka ay saameeyeen. Xusuusnow in haddii block ka yimid SOFTWARE\SiyaasadahaGPO ayaa dib u qori doona diiwaanka ilaa aad ka tirtirto ama aad wax ka beddesho siyaasadda.
Mashiinka fog, u soo saar warbixinta si la mid ah mashiinka maxalliga ah, adoo ku daraya cabbirka kumbuyuutarka: gpresult /S <nombre-equipo> /H c:\gpresult-<nombre-equipo>.htmlkaas oo ku siin doona xog isku mid ah si aad u baadho GPO-ga sababa.
Dhageyste, deked iyo colaadaha 3389
Xitaa dardaaranka saxda ah, haddii dhageystaha RDP uusan dhageysan, ma jiri doono fadhi. Kor u kaca PowerShell (maxali ah ama meel fog oo leh Enter-PSSession -ComputerName <equipo>), fuliya qwinsta oo xaqiiji in gelitaanka uu jiro rdp-tcp oo leh dawlad DhegaysoHaddii aanay muuqan, waxa laga yaabaa in dhegaystuhu dhaawacmo.
Habka la isku halayn karo waxa ka mid ah ka dhoofinta furaha dhegaystaha mishiin caafimaad qaba oo wata isla nooca Windows: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-TcpKumbiyuutarka ay saameysay, ku keydi koobiga xaaladda hadda jirta reg export "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp" C:\Rdp-tcp-backup.reg, waxa ay saartaa furahaRemove-Item -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-tcp' -Recurse -Force), Faylka wanaagsan .reg arrimaha iyo dib u bilaabaya Adeegga Term.
Intaa ka dib, hubi dekedda. RDP waa inay dhegaysato 3389. Baadhid HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\<listener> iyo qiimaha PortNumberHaddii aysan ahayn 3389 oo aadan haysan sabab ammaan oo aad ku beddesho, ku laabo 3389 oo dib u bilow adeegga.
Si aad u ogaato isku dhacyada, orod cmd /c 'netstat -ano | find "3389"' oo ogow PID-da ku jirta gobolka DhagaysiKadib, leh cmd /c 'tasklist /svc | find "<PID>"' Aqoonso habka. Haddaysan ahayn Adeegga MuddadaDib u habaynta adeegaas deked kale, ka saar haddi aan loo baahnayn, ama dariiqa ugu dambeeya beddelka dekedda RDP oo ku xidh adigoo cayimaya IP:port (kuma habboona maamulka caadiga ah).
Shahaadooyinka RDP iyo ogolaanshaha MachineKeys
Sababta kale ee caadiga ah ee isku xirnaanta aan dhameystirneyn waa a shahaado RDP jabtay ama aan dib loo abuurinU fur shahaadada MMC ee koontada kooxda, tag Desktop Fog> Shahaadooyin oo meesha ka saar shahaadadii RDP ee iskii u saxiixday. Dib u bilow adeega Desktop Fog oo dib u cusbooneesi: mid cusub waa in si toos ah loo abuuraa.
Haddii aysan muuqan, hubi oggolaanshaha C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys. Hubi taas BUILTIN\Maamulayaasha waxay leeyihiin xakameyn guud iyo Qof walba ku xisaabtan Akhris iyo qoraalACL-yadaan la'aantood, Windows ma soo saari karto furaha iyo shahaadada looga baahan yahay RDP.
Windows Firewall iyo tijaabinta kala duwan
Nidaamka macmiilka iyo server-ka, Windows Defender Dab-damiska wuxuu u baahan yahay xeerar gudaha u furan RDP. Hubi xeerka la dhisayKombiyuutarka Fog - Habka Isticmaalaha (TCP-In)“Iyadoo netsh advfirewall firewall show rule name="Remote Desktop - User Mode (TCP-In)"; waa in la dadajiyaa, lagu dabaqaa Profiles ku haboon, Protocol TCP iyo Dekadda Maxalliga ah 3389.
Haddii aad ku maamusho interface, aad Windows Defender Firewall> Oggolow abka ama sifada oo dooro "Remote Desktop" gudaha Primado (iyo Fagaaraha kaliya haddii aad leedahay sabab cad). Gudaha "Settings Advanced", xaqiiji in qaanuunka soo gelitaanka ee TCP 3389 uu firfircoon yahay. Talaabada cilad bixinta ahaan (maaha shabakadaha dadweynaha), waxaad si ku meel gaar ah u dami kartaa dab-darka si aad u hubiso in xidhiidhku socdo oo isla markaaba dib u dami.
Dibadda, habka ugu cad ee lagu xaqiijin karo imaatinka dekeddu waa psping: psping -accepteula <IP>:3389Hadii aad hesho 0% khasaareXirmada shabkada iyo dab-damiska ayaa oggol xidhiidhka. Haddii wax walba ay yihiin 100% khasaare o waa diidayWaa waqtigii loo gudbi lahaa shabakad dhexe/firewall ama dib loo eego NAT, VPN iyo filtarrada u dhexeeya qaybaha.
Xaqiijinta: shahaadooyinka, CredSSP iyo ogolaanshaha
Nooca khaladaadkaAqoonsigaagu ma shaqaynTheKoontada looma oggola soo gelid fogInta badan waa wax aan macquul ahayn in la hagaajiyo: hubi in magaca isticmaalaha/password si sax ah loo qaabeeyey (tusaale ahaan, DOMINIO\usuario), waxa uu tirtiraa wixii aqoonsi ee duugoobay ee ku jira Maamulaha aqoonsiga oo xaqiiji in akoonka aan la xannibin.
Iyadoo CredSSP, haddii qalabku aanu ahayn mid casri ah, ay adagtahay in la tarjumo xaqiijinta fashilantay. Hubi inaad haysato Daaqadaha waa la cusboonaysiiyay macmiilka iyo martigeliyaha labadaba. Jid gaaban ahaan deegaanadii hore, waxaad awood u siin kartaa GPO "Oggolow ergada aqoonsiga la badbaadiyey ee NTLM-keliya server-ka" ama, iyada oo loo marayo diiwaanka, dhigay AllowEncryptionOracle a 2 en HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System.
Ha iloobin xubinnimada kooxda: kooxaha aan domain ahayn, ku dar koontada Isticmaalayaasha Desktop Fog Laga soo bilaabo Maareynta Kumbuyuutarka> Isticmaalayaasha iyo Kooxaha Maxaliga ah. Gudaha domainka, ku xaqiiji in xubinimadu ay u hogaansanto Siyaasadda Tusaha Active dhaqan gal ka hor inta aanad taaban wax.
DNS, VPN, iyo doorsoomayaasha shabakadaha kale
Haddii aad magaca ku xidho oo ciwaanka IP-ga ee martida loo yahay uu is beddelay, macmiilku waxa laga yaabaa in uu weli tilmaamayo ciwaan hore oo kaydsan awgeed. Ku nadiifi ipconfig /flushdns iyo, haddii ay sii socoto, isticmaal IP toos ah Si aad meesha uga saarto dhibaatada xallinta, hubi in adaabtahu isticmaalo server DNS sax ah gudaha Control Panel> Xarunta Shabakadda> Beddel habaynta adabtarada.
VPN-yada, bixiyeyaasha qaarkood ayaa xannibaya ama dib u jiheeyay dekedda 3389, ama u soo koobay si ka hor imanaysa sirta RDP. Xidhiidhka ka saar VPN-ka oo tijaabi, ama habayso siyaasada si aad u ogolaato RDP. tunneling kala ama "ogolow apps". Haddii aad ogaato carqalado ama shaashado madow, hoos u dhig MTU hal dhibic: netsh interface ipv4 show subinterfaces si aad u aragto iyo netsh interface ipv4 set subinterface "Ethernet" mtu=1458 store=persistent si loo hagaajiyo.
Haddii macmiilku u muuqdo mid aan ka jawaabin laakiin fadhiga weli waa jiraa, waxay noqon kartaa arrin xallinta ama cabbirka daaqaddaMacmiil ku xidhidhiyaha Desktop-ka fog (mssc), dhagsii "Show Options" oo tabka Muujinta dhaqaaji slider-ka xallinta ama karti u geli shaashadda buuxda; "xidhiidho badan oo aan shaqaynayn" ayaa go'an. hagaajinta daaqada.
Arrimaha la yaqaan iyo adeegyada daruuraha: Windows 11 24H2 iyo Google Cloud
Kiisaska ayaa la soo sheegay halka lagu xidho RDP Windows 11 24H2 Kalfadhigu waxa uu qaboojiyaa bilowga, gaar ahaan gudaha mashiinada dalwaddu Marka la eego hypervisor-ka. Qaar ka mid ah balastar ku-meel-gaar ah ma xalin; nidaamkaaga si buuxda u cusboonaysii oo tijaabi darawalada fiidyaha/vGPU-ga hypervisor-ka, maadaama mararka qaarkood dhibku ka yimaado hypervisor-ka. Shaxda RDP ama rasoDib u bilaabista martida loo yahay waxay si ku meel gaar ah u soo celisaa isku xirnaanta, laakiin xalku wuxuu ku lug leeyahay cusboonaysiinta isugeynta iyo darawalada/firmware.
In Google Compute Engine, marka lagu daro erayga sirta ah ee Windows-ka (ka soo celi gcloud ama console-ka), hubi xeerka default-allow-rdpLiiska xeerarka leh gcloud compute firewall-rules list haddii ay maqan tahayna mid ku samee gcloud compute firewall-rules create allow-rdp --allow tcp:3389. Xaqiiji inaad isticmaalayso Ciwaanka IP-ga dibadeed sax con gcloud compute instances listHaddii OS si khaldan loo habeeyey, ku gal Console serial interactive oo fuliya:
• Adeeg: net start | find "Remote Desktop Services" (haddii aysan halkaas joogin, net start "Remote Desktop Services")
• Daar RDP: reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections (0 waa OK; haddii 1: reg add ... /d 0)
• Dabka: netsh advfirewall firewall show rule name="Remote Desktop - User Mode (TCP-In)" (laakiin, netsh firewall set service remotedesktop enable)
• Lakabka amniga: reg add "HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 1 /f
• NLA ugu tala galay: reg add ... /v UserAuthentication /t REG_DWORD /d 0 /f
Baadhitaano horumarsan: dhacdooyinka, shabakada iyo qalabka
Marka tan sare aysan cadeynin dhibaatada, waa waqtigii la fiirin lahaa dhacdooyinka iyo raadadkaFur Event Viewer oo iska hubi Windows Logs> Application and System, iyo ilaha Adeegyada Terminal-Maareeye Xiriirinta Fog y Adeegyada Microsoft-Windows-RemoteDesktopServices-RdpCoreTS khaladaad cad oo isku day kasta ah.
Shabakadda, ku qabso Wireshark oo ku shaandhee tcp.port==3389 Hubi calaamadaha SYN/SYN-ACK, dib-u-dejinta, ama dhibcaha isku xidhka dhexe. Haddii aysan jirin wax taraafig ah, xannibaadda ayaa soo socota; haddii uu gaadiid jiro oo uu hoos u dhaco inta lagu jiro gorgortanka amniga, shaki... encryption/NLA isma dhigmaSida tijaabada degdega ah ee furnaanta dekeda, telnet <IP> 3389 (Haddii ay isku xirto, dekeddu waa la heli karaa.) Waxaad sidoo kale isticmaali kartaa adeegyada kale sida adoo isticmaalaya ntttcp gudaha Windows si loogu tijaabiyo waxqabadka iyo saturation.
Microsoft waxay ku bixisaa Kormeere/Analyzer Protocol RDP, iyo gudaha Windows Server 2012/2012 R2, Qalabka ogaanshaha ee Adeegyada Desktop Fog Si loo garto caqabadaha. Haddii aadan waqti u hibayn karin arrin kasta oo soo noqnoqota, diyaarso qoraallada: netsh int ip reset && netsh winsock reset shabakada, iyo taskkill /F /IM mstsc.exe && net stop termservice && net start termservice si loo nadiifiyo fadhiyada RDP oo dib loo bilaabo adeegyada (digniin: soo gaabin fadhiyada firfircoon).
"RDP - khalad gudaha ah ayaa dhacay" ee caanka ah
Fariintan guud waxay inta badan qarisaa a khalkhalka badbaadada dhexeeya macmiilka iyo server. Hubi in heerka sirta ah iyo lakabka ammaanku ay iswaafaqayaan (guda GPO: Ammaanka Martigeliyaha Kulanka> "Waxay u baahan tahay isticmaalka lakab ammaan oo gaar ah" oo dooro RDP (haddii TLS ay ku guuldareysato). Haddii serfkarku u baahan yahay NLA oo macmiilku aanu awoodi karin, si ku meel gaadh ah uga saar NLA gudaha System Properties> Remote si aad u hubiso inay tani tahay sababta.
Qodobo kale: macaamiisha RDP ee duugoobay iyo server-yada cusub, arrimaha kalsoonida domain (Ku biirista bogga mararka qaarkood waxay xallisaa tan), ama profiles-ka amniga ee xoojiya siraynta oo dhinaca kale aanu taageerin. Waayo-aragnimada Macmiilka, karti dib u xirid toos ah iyo khariidadda qariirada joogtada ah ee fadhiyada adkeysiga badan
Markii qaladku soo muuqday ka dib cusboonaysiinta Windows oo midna kor ku xusan aysan macno samaynayn, tixgeli inaad soo celiso balastarkaas gaarka ah (Guddiga> Cusbooneysiin Windows > Taariikhda > Cusboonaysiinta ka saar), ka dib marka la tashado golayaasha farsamada (tusaale, dunta Patch Talaado) waa haddii ay dhacdo dhibaato la og yahay.
Waxqabadka, kartida iyo warbaahinta badan
Haddii cabashadu aysan ahayn "iskuma xidhi doono" balse "waa mid go'an," ku billow adiga oo yaraynaya culayska macmiilka RDP: hoos xallinta iyo qoto dheeraanta midabkaDami asalka, qaababka muuqaalka, iyo fududaynta farta ku jirta tabka khibradda. Tallaabooyinkani waxay yareeyaan isticmaalka xadhkaha goosashada waxayna hagaajiyaan daahitaanka.
Seerfarka, ka hubi CPU/RAM/Disk gudaha ku jira Maareeyaha HawshaHaddi ay xadkeeda gaadho, fadhi kasta oo RDP ah wuu fashilmi doonaa. Xasuusnoow in Windows Desktop uu ogolyahay kaliya fadhi isku mar ahWindows Server-ku waxa uu leeyahay laba shati maamul oo caadi ah oo u baahan shatiyo dheeraad ah oo RDS CAL ah.
Maqalka, u habbee macmiilka RDP> Khayraadka Maxaliga ah> Maqalka fog si aad "kugu ciyaarto kombayutarkan", oo hubi in adeegyada Daaqadaha Maqalka iyo "Windows Audio Endpoint Generator" ayaa shaqaynaya. Fiidiyowga culus, RDP had iyo jeer kuma habboona; Deegaannada qadiimka ah qaarkood waxay sheegaan RemoteFX, laakiin maanta way fiicantahay in la doorto Koodhka la qabsiga iyo dardargelinta casriga ah ama qiimee qalabka loogu talagalay Streaming jaantus
Kiisaska degdega ah iyo xalalka cad
Haddii difaaca Windows uu xannibayo isku xirka gudaha Windows 10/11, aad Windows Defender Firewall> Oggolow codsi oo dhaqaaji "Remote Desktop" adiga oo calaamadeynaya sanduuqyada Gaarka ah (iyo Dadweynaha kaliya haddii ay khuseyso), taabo aqbalaan iyo tijaabi. Dhacdooyin badan oo dunida dhabta ah, kuwan saddex gujis Waxay ahaayeen farqiga u dhexeeya niyad-jabka iyo guusha.
Haddii aad u baahan tahay inaad beddesho dekedda sababtoo ah adeeg kale ayaa isticmaalaya 3389, wax ka beddel HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp > Port NumberTusaale ahaan, geli 3390, dib u bilow adeegga oo ku xidh sida IP:3390Xasuusnoow inaad hagaajiso firewall iyo NAT dekeddaas cusub.
Beddelka iyo albaabbada marka aadan furi karin dekedaha
Shabakadaha halka furitaanka 3389 aanu macquul ahayn (ama aadan rabin inaad soo bandhigto), ka fiirso xalalka dhexdhexaadiyaha daruuraha ka fogaada xeerarka gacanta iyo dhibka DNS: RealVNC Connect waxay bixisaa SSO iyo maamulka dhexe; Muuqaal Qalabka ah ee Chrome Waa bilaash oo fudud haddii aad hore u isticmaashay Chrome; TeamViewer iyo AnyDesk Waxay mudnaan siinayaan fududaynta isticmaalka iyo xawaaraha isdhaafsiga. Waxa kale oo jira suites sida TSplus, loogu talagalay xoojinta amniga iyo fududaynta gelitaanka fog ee cabbirka.
Haddii aad rabto inaad sii joogto RDP, ikhtiyaarka badbaadada leh waa inaad dejiso a Kadinka Matoorka Fog ee (RD Gateway)U baahan NLA iyo MFA, oo xaddid gelitaanka VPN ama IPSec. Tani waa habka caadiga ah ee lagu bixiyo marinka iyada oo aan la furin dekedda 3389 adduunka.
Nabadgelyo wanaagsan iyo dhaqamada u hoggaansanaanta
Xooji RDP adoo dhaqaajinaya NLAIsticmaalka hab-maamuuska sirta ah ee casriga ah iyo, haddii qaab-dhismeedkaagu u baahan yahay (GDPR/HIPAA), awood u siinaya siyaasadaha qarsoodiga ah ee xooggan (tusaale, FIPS) iyo shahaadooyin sax ah oo ay bixisay CA la aaminsan yahay. Jooji soo-gaadhista dadweynaha, xaddid shabakadaha gaarka ah/VPN-yada, oo dhaqan geli Laamaha iridka ama dallaalka.
Ugu dambeyntii, isha ku hay abuseCodso balastar joogto ah oo samee xisaabin xilliyeed. Inta badan dhibaatooyinka RDP waa la iska ilaalin karaa marka la isku daro tallaabooyinkan. siyaasado wanaagsanxeerarka firewall cad iyo la socodka.
Qora xamaasad leh oo ku saabsan adduunka bytes iyo farsamada guud ahaan. Waxaan jeclahay inaan aqoontayda ku wadaago qoraal, taasina waa waxa aan ku samayn doono blog-gan, ku tusi doona dhammaan waxyaabaha ugu xiisaha badan ee ku saabsan qalabka, software-ka, qalabka, isbeddellada tignoolajiyada, iyo in ka badan. Hadafkaygu waa inaan kaa caawiyo inaad u dhex marato adduunka dhijitaalka ah si fudud oo madadaalo leh.