{"id":5853,"date":"2019-04-10T12:04:39","date_gmt":"2019-04-10T09:04:39","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5853"},"modified":"2019-11-15T14:30:32","modified_gmt":"2019-11-15T11:30:32","slug":"grand-theft-dns-rsa2019","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/grand-theft-dns-rsa2019\/5853\/","title":{"rendered":"RSAC 2019: DNS H\u0131rs\u0131zl\u0131\u011f\u0131"},"content":{"rendered":"<p>SANS Enstit\u00fcs\u00fc, 2019 RSAC Konferans\u0131\u2019nda son derece tehlikeli oldu\u011fu d\u00fc\u015f\u00fcn\u00fclen yeni sald\u0131r\u0131 t\u00fcrleri hakk\u0131nda bir rapor sundu. Bu makalede bu sald\u0131r\u0131 t\u00fcrlerinden birini ele alaca\u011f\u0131z.<\/p>\n<p>SANS \u00f6\u011fretim g\u00f6revlilerinden biri olan Ed Skoudis\u2019in vurgulad\u0131\u011f\u0131 bir sald\u0131r\u0131 t\u00fcr\u00fc, \u015firket BT altyap\u0131s\u0131n\u0131n tamam\u0131nda kontrol\u00fc ele ge\u00e7irmek i\u00e7in kullan\u0131labilir. \u00dcstelik bu sald\u0131r\u0131 i\u00e7in karma\u015f\u0131k ara\u00e7lar gerekmiyor, yaln\u0131zca nispeten daha basit say\u0131labilecek DNS manip\u00fclasyonlar\u0131 yeterli.<\/p>\n<h2>Kurumsal DNS altyap\u0131s\u0131n\u0131 kontrol etme<\/h2>\n<p>Sald\u0131r\u0131 \u015fu \u015fekilde ger\u00e7ekle\u015ftirilebiliyor:<\/p>\n<ol>\n<li>Siber su\u00e7lular, daha \u00f6nce ba\u015fka sald\u0131r\u0131larda ele ge\u00e7irilen hesaplar\u0131n kullan\u0131c\u0131 ad\u0131\/parola \u00e7iftlerini (herhangi bir y\u00f6ntemle) toplar. Yaln\u0131zca bizim bildi\u011fimiz veritabanlar\u0131nda bile \u015fu anda <a href=\"https:\/\/www.kaspersky.com.tr\/blog\/collection-numba-one\/5595\/\" target=\"_blank\" rel=\"noopener\">y\u00fcz milyonlarca, hatta belki milyarlarca<\/a> kullan\u0131c\u0131 ad\u0131\/\u015fifre \u00e7ifti bulunmaktad\u0131r.<\/li>\n<li>Su\u00e7lular, bu oturum a\u00e7ma bilgilerini kullanarak DNS sa\u011flay\u0131c\u0131lar\u0131n\u0131n ve etki alan\u0131 kay\u0131t \u015firketlerinin servislerinde oturum a\u00e7ar.<\/li>\n<li>Ard\u0131ndan, kurumsal etki alan\u0131 altyap\u0131lar\u0131n\u0131n yerine kendi altyap\u0131lar\u0131n\u0131 koyarak DNS kay\u0131tlar\u0131n\u0131 de\u011fi\u015ftirirler.<\/li>\n<li>\u00d6zellikle <a href=\"http:\/\/www.wikizero.biz\/index.php?q=aHR0cHM6Ly9lbi53aWtpcGVkaWEub3JnL3dpa2kvTVhfcmVjb3Jk\" target=\"_blank\" rel=\"noopener nofollow\">MX kayd\u0131n\u0131<\/a> de\u011fi\u015ftirip t\u00fcm kurumsal e-postalar\u0131 kendi posta sunucular\u0131na y\u00f6nlendirerek mesajlar\u0131 ele ge\u00e7irirler.<\/li>\n<li>Siber su\u00e7lular, \u00e7al\u0131nan etki alanlar\u0131 i\u00e7in TLS sertifikalar\u0131n\u0131 kaydederler. Bu a\u015famada sald\u0131rganlar, \u00e7oktan kurumsal e-postalar\u0131 ele ge\u00e7irebilecek ve etki alan\u0131na sahip olduklar\u0131na dair kan\u0131t sunabilecek seviyeye gelmi\u015ftir, \u00e7o\u011fu durumda bu kan\u0131t i\u00e7in bir sertifika d\u00fczenlenmesi yeterlidir.<\/li>\n<\/ol>\n<p>Art\u0131k sald\u0131rganlar, hedef kurulu\u015fun sunucular\u0131na gelen trafi\u011fi kendi makinelerine y\u00f6nlendirebilir. Bunun sonucunda \u015firket web sitesini ziyaret eden kullan\u0131c\u0131lar, t\u00fcm filtreler ve koruma sistemleri a\u00e7\u0131s\u0131ndan \u015firketin orijinal sitesi gibi g\u00f6r\u00fcnen sahte kaynaklara y\u00f6nlendirilir. Bu sald\u0131r\u0131 senaryosuyla ilk kez 2016 y\u0131l\u0131nda kar\u015f\u0131la\u015ft\u0131k. S\u00f6z konusu vakada, GReAT ekibimizin Brezilya kolundaki ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z sald\u0131rganlar\u0131n <a href=\"https:\/\/www.wired.com\/2017\/04\/hackers-hijacked-banks-entire-online-operation\/\" target=\"_blank\" rel=\"noopener nofollow\">b\u00fcy\u00fck bir bankan\u0131n altyap\u0131s\u0131n\u0131 ele ge\u00e7irmelerine<\/a> izin veren bir sald\u0131r\u0131y\u0131 ortaya \u00e7\u0131kard\u0131.<\/p>\n<p>Bu sald\u0131r\u0131n\u0131n en tehlikeli yan\u0131, sald\u0131rganlar\u0131n kurban\u0131 olan kurulu\u015fun d\u0131\u015f d\u00fcnyayla ileti\u015fiminin kesilmesidir. Sald\u0131r\u0131da e-posta ve genellikle telefon sistemleri de ele ge\u00e7irilir (\u015firketlerin \u00e7o\u011fu IP telefon santrali kullan\u0131r). Bu durum, \u015firket i\u00e7inde sald\u0131r\u0131ya yap\u0131lacak m\u00fcdahaleyi b\u00fcy\u00fck \u00f6l\u00e7\u00fcde g\u00fc\u00e7le\u015ftirirken DNS sa\u011flay\u0131c\u0131lar\u0131, sertifika kurulu\u015flar\u0131 ve emniyet birimleri gibi d\u0131\u015f kurulu\u015flarla ileti\u015fim kurulmas\u0131n\u0131 da zorla\u015ft\u0131r\u0131r. Bir de Brezilyal\u0131 bankada oldu\u011fu gibi bunlar\u0131n hepsinin bir hafta sonunda ger\u00e7ekle\u015fti\u011fini d\u00fc\u015f\u00fcn\u00fcn!<\/p>\n<h3>DNS manip\u00fclasyonu yoluyla BT altyap\u0131s\u0131n\u0131n ele ge\u00e7irilmesini nas\u0131l \u00f6nleyebilirsiniz?<\/h3>\n<p>2016 y\u0131l\u0131nda siber su\u00e7 d\u00fcnyas\u0131 a\u00e7\u0131s\u0131ndan yepyeni bir inovasyon say\u0131labilecek vaka, birka\u00e7 y\u0131l i\u00e7inde yayg\u0131n bir uygulama haline geldi; 2018 y\u0131l\u0131na kadar bu sald\u0131r\u0131n\u0131n kullan\u0131ld\u0131\u011f\u0131 pek \u00e7ok vaka lider \u015firketlerdeki BT g\u00fcvenli\u011fi uzmanlar\u0131n\u0131n kay\u0131tlar\u0131na ge\u00e7ti. Dolay\u0131s\u0131yla bu y\u00f6ntem, hayal \u00fcr\u00fcn\u00fc bir tehdit de\u011fil, BT altyap\u0131n\u0131z\u0131 ele ge\u00e7irmek i\u00e7in kullan\u0131labilecek \u00e7ok \u00f6zel bir sald\u0131r\u0131 t\u00fcr\u00fc.<\/p>\n<p>Ed Skoudis, etki alan\u0131 adlar\u0131n\u0131n altyap\u0131s\u0131n\u0131 manip\u00fcle etmeye y\u00f6nelik giri\u015fimlere kar\u015f\u0131 korunmak i\u00e7in a\u015fa\u011f\u0131daki \u00f6nerilerin faydal\u0131 olabilece\u011fini d\u00fc\u015f\u00fcn\u00fcyor:<\/p>\n<ol>\n<li>BT altyap\u0131 y\u00f6netim ara\u00e7lar\u0131nda \u00e7ok fakt\u00f6rl\u00fc do\u011frulama kullan\u0131n.<\/li>\n<li>Yaln\u0131zca DNS imzas\u0131n\u0131 de\u011fil, ayn\u0131 zamanda do\u011frulamay\u0131 da uygulayarak DNSSEC teknolojisini kullan\u0131n.<\/li>\n<li>\u015eirketinizin etki alan\u0131 adlar\u0131n\u0131 etkileyebilecek t\u00fcm DNS de\u011fi\u015fikliklerini takip edin; bunun i\u00e7in ayda 50 iste\u011fe kadar \u00fccretsiz olarak kullanabilece\u011finiz SecurityTrails se\u00e7ene\u011fini tercih edebilirsiniz.<\/li>\n<li>Etki alanlar\u0131n\u0131z\u0131 \u00e7o\u011faltan art\u0131k sertifikalar\u0131 takip edin ve bunlar\u0131 derhal iptal etmek i\u00e7in talep g\u00f6nderin. Bu i\u015flemi nas\u0131l yapabilece\u011finizi g\u00f6rmek i\u00e7in \u015fu g\u00f6nderiye bak\u0131n: Art\u0131k <a href=\"https:\/\/www.kaspersky.com\/blog\/residual-certificates-mitm-dos\/23661\/\" target=\"_blank\" rel=\"noopener nofollow\">sertifikalar\u0131n kullan\u0131lmas\u0131 yoluyla etki alanlar\u0131na MitM ve DoS sald\u0131r\u0131lar\u0131<\/a>.<\/li>\n<\/ol>\n<p>Kaspersky olarak biz de bu \u00f6nerilere, \u015fu tavsiyeyi ekleyebiliriz: Parolalar\u0131n\u0131z\u0131n g\u00fcvenli\u011fini sa\u011flay\u0131n. Parolalar\u0131n\u0131z, en az\u0131ndan bir s\u00f6zl\u00fck sald\u0131r\u0131s\u0131na dayanabilecek kadar benzersiz ve karma\u015f\u0131k olmal\u0131d\u0131r. Parola olu\u015fturmak ve olu\u015fturdu\u011funuz parolalar\u0131 g\u00fcvenli bir \u015fekilde saklamak i\u00e7in Kaspersky Small Office Security \u00e7\u00f6z\u00fcm\u00fcm\u00fcz\u00fcn bir par\u00e7as\u0131 olan <a href=\"https:\/\/kas.pr\/passman\" target=\"_blank\" rel=\"noopener\">Kaspersky Password Manager<\/a>\u2018\u0131 kullanabilirsiniz.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"ksos\">\n","protected":false},"excerpt":{"rendered":"<p>RSAC 2019 konferans\u0131nda SANS Enstit\u00fcs\u00fc \u00f6\u011fretim g\u00f6revlilerinden biri, kurumsal BT altyap\u0131s\u0131n\u0131 ele ge\u00e7irmek i\u00e7in DNS manip\u00fclasyonlar\u0131n\u0131n nas\u0131l kullan\u0131labilece\u011fi ile ilgili bir konu\u015fma yapt\u0131.<\/p>\n","protected":false},"author":421,"featured_media":5854,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1287,1194,1727],"tags":[1903,1904,1876,1905,815,1672,1666,1598],"class_list":{"0":"post-5853","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-news","8":"category-business","9":"category-smb","10":"tag-dns","11":"tag-domain","12":"tag-rsa-konferansi","13":"tag-rsa2019","14":"tag-rsac","15":"tag-sertifika","16":"tag-siber-saldirilar","17":"tag-tls"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/grand-theft-dns-rsa2019\/5853\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/grand-theft-dns-rsa2019\/15537\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/grand-theft-dns-rsa2019\/13082\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/grand-theft-dns-rsa2019\/17460\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/grand-theft-dns-rsa2019\/15609\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/grand-theft-dns-rsa2019\/14290\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/grand-theft-dns-rsa2019\/18155\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/grand-theft-dns-rsa2019\/17119\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/grand-theft-dns-rsa2019\/22528\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/grand-theft-dns-rsa2019\/26255\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/grand-theft-dns-rsa2019\/11655\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/grand-theft-dns-rsa2019\/10568\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/grand-theft-dns-rsa2019\/18904\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/grand-theft-dns-rsa2019\/22928\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/grand-theft-dns-rsa2019\/18188\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/grand-theft-dns-rsa2019\/22390\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/grand-theft-dns-rsa2019\/22326\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/rsac\/","name":"RSAC"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/421"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5853"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5853\/revisions"}],"predecessor-version":[{"id":6808,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5853\/revisions\/6808"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/5854"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}