Hiya! Merion Metrics our call stats (CDR) application for Asterisk, it shows the most important diagrams and call graphs as well as call history in an easy and convenient format. Showing call stats this way makes them easy to understand for everyone - from CEO to an office manager About Merion Metrics Short description of Merion Metrics: Full statistics - the most important info only: date, time, source and destination of a call, as well as it’s recording; Free trial - try the whole spectrum of these features - completely for free; Easy and quick installation - we are always here to help you; Cross-platform - developed in Java. Compatible with any UNIX platform; For supervisors - Got tired of heavy and awkward CDR interface in FreePBX? Or maybe you experienced something similar with CDR Viewer? we know that feeling; Easy to export in PDF and CSV - export all your calls into PDF and send it over to your colleagues in an easy readable format; Try Merion Metrics for free: Try Merion Metrics Merion Metrics Installation Attention! You should to have a license key from our support team at this point. You can get it by follow link: https://asterisk.merionet.ru/merionmetrics Of course for your convenience we have a step by step video guide. Enjoy :) Installation video - guide Installation guide by plain text System Requirements RAM: 256 MB min CPU: Pentium 2 266 ÌÃö + ìèíèìóì Java Runtime Environment (JRE): version 8+ Browser: Internet Explorer 9+ Preparation Firstly, connect to your Asterisk via SSH using user root. Directory creation for the app Run the following commands: mkdir /home/merionstat Upload app distro MerionMonitoring-*.*.*.jar into the directory you’ve just created: /home/merionstat. You can do that using WinSCP, for example. Important: App distro will have a certain version number. Here, in the installation guide, we always put version number as MerionMonitoring-*.*.*.jar. In your case it will be something like MerionMonitoring-1.1.9.jar. SQL user creation Follow the link that will generate an uncrackable password and right it down on save it somewhere. After that, execute the following command sequence: mysql CREATE USER 'interface'@'localhost' IDENTIFIED BY 'your_password'; GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'localhost' IDENTIFIED BY 'your_password'; Where your_password - some freshly generated password from the link above ïàðîëü. For example: mysql CREATE USER 'interface'@'localhost' IDENTIFIED BY '6nzB0sOWzz'; GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'localhost' IDENTIFIED BY '6nzB0sOWzz'; And yet another reminder – save your password somewhere else. Call recordings directory For sake of playing call recordings through our app, you have to do the following: Generate another password via our password generator and save it;. Execute the following commands: mkdir /var/www/html/generated_password chown asterisk:asterisk /var/www/html/generated_password chmod 775 /var/www/html/generated_password For example: mkdir /var/www/html/5v9MpbtUA8 chown asterisk:asterisk /var/www/html/5v9MpbtUA8 chmod 775 /var/www/html/5v9MpbtUA8 Open file /etc/fstab and add there the following sequence: /var/spool/asterisk/monitor/ /var/www/html/generated_password/ none rbind 0 0 For example: /var/spool/asterisk/monitor/ /var/www/html/5v9MpbtUA8/ none rbind 0 0 Save all the changes in fstab file. After that, execute the following command in CLI: mount -a Start Application launch Run the following commands: cd /home/merionstat nohup java -jar MerionMonitoring-*.*.*.jar & Right after command’s execution press Enter. Application setup The first connection After launching .jar archive, please open the following address in your web-browser: http://your_IP_address:7070/#!/config (You can use any browser, we recommend using Google Chrome). Once it opened, enter your license key – you can get it from our support engineer. Click “Check the license”. If you encounter any kind of a problem during that phase, please address it to our technical support team: helpdesk@merionet.ru. After that you have to pass the initial authorization, and to do that, you need to use the following credentials: admin/IEJu1uh32 On the next step you’ll need to configure database connection. If you are using Asterisk IP - PBX, just follow the guide: Database - mysql or mariadb; DB host: If your DB installed on the same server as our application - localhost; If your DB installed on some kind of external server - IP_address_of_your_database; DB port - is being set up automatically, so please change it only if your DB is listening for requests on another port; DB connection string - leave this without changes; Table name - In case of Asterisk it’s cdr; Scheme - that should be the name of database, for Asterisk it’s asteriskcdrdb; User - You created the user some time ago in “SQL user creation” part of this guide. If you copied all the commands without any changes – that would be interface; Password - the one you’ve probably generated using our password generator; Voice recordings host - link like http://your_ip_address/generated_password/, where generated_password is a sequence you created on a previous stage Call recordings directory. So, it’s gonna be something like http://192.168.1.7/5v9MpbtUA8/; Station type - Asterisk; After you finish all the above, click “Connect”. If something went wrong, address the issue to our support team helpdesk@merionet.ru. On the next step, you have to match field name in the table with it’s actual meaning. In case of Asterisk you can leave everything as it is. At the bottom of this page click the button “Set the matches” and “Launch the Application”. Our app will redirect you to the application’s initial page. By default, administrator’s login and password are: admin/admin Known issues Application is already launched If you can’t open the app using the default link http://IP_ADDRESS:7070/#!/config, please check if it wasn’t launched before. To do so, please run the command below: ps aux | grep Merion Analyze the command output: root 4919 0.1 13.1 2120384 801784 ? Sl Dec11 19:12 java -jar MerionMonitoring-*.*.*.jar If you see something similar, you have to kill the process using it’s PID (marked with orange in output example above). So execute the following command: kill -9 4919 Check the output again: ps aux | grep Merion If the one you’ve seen before is gone, then you can try to lauch it again: cd /home/merionstat nohup java -jar MerionMonitoring-*.*.*.jar & Database on the external server If you are connecting to an external data base, you need to add some additional configuration for MySQL settings, that you’ve done in “SQL user creation”. You might need it if you install call stats app on a different server, not the one you have Asterisk installed on. In this case you need to run the following commands on the server where you have your DB (usually it’s your Asterisk server): mysql GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'IP_àäðåñ_èíòåðôåéñà' IDENTIFIED BY ''your_password'; Where: your_password - password generated with our our tool; Call_stats_app_IP_ADDRESS - IP-address of the server where you decided to install our Call Stats Application. For example: mysql GRANT SELECT, CREATE, INSERT ON asteriskcdrdb.* TO 'interface'@'192.168.1.78' IDENTIFIED BY '6nzB0sOWzz'; Also, please check that the following ports are open: 3306 - for MySQL and MariaDB; 5432 - for PostgreSQL. Slow data loading If you are experiencing some issues with data download – it might be related to the big size of your database. We recommend to launch our app (.jar file) with some additional keys. According to the “Application launch”, run the following command: cd /home/merionstat nohup java -jar MerionMonitoring-*.*.*.jar -Xms128m -Xmx256m & Where: -Xms128m - minimal amount of RAM available for the app. In our example – it’s 128 Megabytes. -Xmx256m - maximum amount of RAM available for the app. In our example – it’s 256 Megabytes; How to send a request to our support team? If you are experiencing any technical issues with configuration of our app – we will definitely help you. We’ll need the files from /home/merionstat directory – the one where you’ve put our distro MerionMonitoring-*.*.*.jar, according to step “Directory creation for the app”. Depending on the phase where you’ve encountered any technical issues, you might have the following files there: columns_mapping.cfg configuration.properties nohup.out Please send us those files and description of your issue – we’ll try to help you. Telegram - @merion_support_bot Email - helpdesk@merionet.ru

Óäàëåííûé äîñòóï ê ñèñòåìàì äàâíî ñòàë íåîáõîäèìîñòüþ, è ñåé÷àñ ñ òðóäîì ìîæíî ïðåäñòàâèòü, ÷òî áûëî áû, åñëè áû ìû íå ìîãëè óïðàâëÿòü êîìïüþòåðàìè óäàëåííî. Ñóùåñòâóåò ìíîæåñòâî ñïîñîáîâ óñòàíîâèòü ñîåäèíåíèå ñ óäàëåííûì êîìïüþòåðîì â çàâèñèìîñòè îò èñïîëüçóåìîé îïåðàöèîííîé ñèñòåìû, íî ÷àùå âñåãî èñïîëüçóþò äâà ïðîòîêîëà: Secure Shell (SHH) äëÿ êîìïüþòåðîâ íà áàçå Linux Ïðîòîêîë óäàëåííîãî ðàáî÷åãî ñòîëà (RDP - Remote Desktop Protocol) äëÿ êîìïüþòåðîâ ïîä óïðàâëåíèåì Windows Ýòè äâà ïðîòîêîëà èñïîëüçóþò êëèåíòñêîå è ñåðâåðíîå ïðèëîæåíèÿ äëÿ óñòàíîâëåíèÿ óäàëåííîãî ñîåäèíåíèÿ. Ýòè èíñòðóìåíòû ïîçâîëÿþò âàì ïîëó÷àòü óäàëåííûé äîñòóï è óïðàâëÿòü äðóãèìè êîìïüþòåðàìè, ïåðåäàâàòü ôàéëû è äåëàòü ïðàêòè÷åñêè âñå, ÷òî âû ìîãëè áû ñäåëàòü, ôèçè÷åñêè ñèäÿ ïåðåä êîìïüþòåðîì. Ïðåäâàðèòåëüíûå òðåáîâàíèÿ Ïðåæäå ÷åì âû ñìîæåòå óñòàíîâèòü áåçîïàñíûé ïðîòîêîë óäàëåííîãî ðàáî÷åãî ñòîëà ñ óäàëåííûì êîìïüþòåðîì, íåîáõîäèìî âûïîëíèòü íåñêîëüêî îñíîâíûõ òðåáîâàíèé: Óäàëåííûé êîìïüþòåð äîëæåí áûòü ïîñòîÿííî âêëþ÷åí è áûòü ïîäêëþ÷åííûì ê ñåòè Êëèåíòñêèå è ñåðâåðíûå ïðèëîæåíèÿ äîëæíû áûòü óñòàíîâëåíû è àêòèâèðîâàíû Âàì íóæíî çíàòü IP-àäðåñ èëè èìÿ óäàëåííîãî êîìïüþòåðà, ê êîòîðîìó âû õîòèòå ïîäêëþ÷èòüñÿ Ó âàñ äîëæíû áûòü íåîáõîäèìûå ïîëíîìî÷èÿ äëÿ äîñòóïà ê óäàëåííîìó êîìïüþòåðó Íàñòðîéêè ìåæñåòåâîãî ýêðàíà äîëæíû ðàçðåøàòü óäàëåííîå ïîäêëþ÷åíèå ×òî òàêîå SHH? Secure Shell, èíîãäà íàçûâàåìûé Secure Socket Shell, - ýòî ïðîòîêîë, êîòîðûé ïîçâîëÿåò áåçîïàñíî ïîäêëþ÷àòüñÿ ê óäàëåííîìó êîìïüþòåðó èëè ñåðâåðó ïðè ïîìîùè òåêñòîâîãî èíòåðôåéñà. Êîãäà áåçîïàñíîå ñîåäèíåíèå SSH áóäåò óñòàíîâëåíî, òî çàïóñòèòñÿ ñåàíñ îáîëî÷êè, è âû ñìîæåòå óïðàâëÿòü ñåðâåðîì, ââîäÿ êîìàíäû íà êëèåíòñêîé ñòîðîíå íà âàøåì ëîêàëüíîì êîìïüþòåðå. ×àùå âñåãî ýòîò ïðîòîêîë èñïîëüçóþò ñèñòåìíûå è ñåòåâûå àäìèíèñòðàòîðû, à òàêæå âñå, êîìó íåîáõîäèìî óäàëåííî óïðàâëÿòü êîìïüþòåðîì è ïðè ýòîì èìåòü âûñîêèé óðîâåíü çàùèòû. Êàê ðàáîòàåò SSH? Äëÿ òîãî, ÷òîáû óñòàíîâèòü SSH-ñîåäèíåíèå, íåîáõîäèìî èìåòü äâà êîìïîíåíòà: êëèåíòñêóþ ÷àñòü è ñîîòâåòñòâóþùèé êîìïîíåíò íà ñòîðîíå ñåðâåðà. Êëèåíòñêàÿ ÷àñòü, èëè êëèåíò, SSH – ýòî ïðèëîæåíèå, êîòîðîå óñòàíàâëèâàåòñÿ íà êîìïüþòåð, êîòîðûé âû áóäåòå èñïîëüçîâàòü äëÿ ïîäêëþ÷åíèÿ ê äðóãîìó êîìïüþòåðó èëè ñåðâåðó. Êëèåíò, ÷òîáû èíèöèèðîâàòü ñîåäèíåíèå, èñïîëüçóåò ïðåäîñòàâëåííóþ èíôîðìàöèþ îá óäàëåííîì õîñòå è óñòàíàâëèâàåò çàøèôðîâàííîå ñîåäèíåíèå, åñëè ó÷åòíûå äàííûå áûëè ïðîâåðåíû. Íà ñòîðîíå ñåðâåðà åñòü êîìïîíåíò, íàçûâàåìûé äåìîíîì SSH (SSH daemon - sshd). Îí ïîñòîÿííî ïðîñëóøèâàåò îïðåäåëåííûé ïîðò TCP/IP äëÿ âîçìîæíûõ êëèåíòñêèõ çàïðîñîâ íà ïîäêëþ÷åíèå. Êàê òîëüêî êëèåíò èíèöèèðóåò ñîåäèíåíèå, äåìîí SSH îòâåòèò ñîîáùåíèåì î ïðîãðàììíîì îáåñïå÷åíèè è âåðñèÿõ ïðîòîêîëà, êîòîðûå îí ïîääåðæèâàåò, è îíè îáìåíÿþòñÿ ñâîèìè èäåíòèôèêàöèîííûìè äàííûìè. Âåðñèÿ ïðîòîêîëà SSH ïî óìîë÷àíèþ äëÿ ñâÿçè ñåðâåðà SSH è êëèåíòà SSH – 2. Êàê óñòàíîâèòü SSH-ñîåäèíåíèå Òàê êàê äëÿ óñòàíîâêè SSH-ñîåäèíåíèÿ òðåáóþòñÿ êàê êëèåíòñêèé, òàê è ñåðâåðíûé êîìïîíåíòû, íåîáõîäèìî óáåäèòüñÿ, òî îíè óñòàíîâëåíû íà ëîêàëüíîì è óäàëåííîì êîìïüþòåðàõ ñîîòâåòñòâåííî. OpenSSH – ýòî èíñòðóìåíò SSH ñ îòêðûòûì èñõîäíûì êîäîì, êîòîðûé øèðîêî èñïîëüçóåòñÿ äëÿ äèñòðèáóòèâîâ Linux. Óñòàíîâêà OpenSSH îòíîñèòåëüíî ïðîñòà. Äëÿ ýòîãî òðåáóåòñÿ äîñòóï ê òåðìèíàëó íà ñåðâåðå è ê êîìïüþòåðó, êîòîðûé âû èñïîëüçóåòå äëÿ ïîäêëþ÷åíèÿ. Îòìåòèì, ÷òî â Ubuntu SSH-ñåðâåð ïî óìîë÷àíèþ íå óñòàíîâëåí. Êàê óñòàíîâèòü êëèåíòñêóþ ÷àñòü OpenSSH Ïðåæäå ÷åì óñòàíàâëèâàòü êëèåíòà SSH, óáåäèòåñü â òîì, ÷òî îí åùå íå óñòàíîâëåí. Âî ìíîãèõ äèñòðèáóòèâàõ Linux îí óæå åñòü. Äëÿ êîìïüþòåðîâ ñ Windows âû ìîæåòå óñòàíîâèòü PuTTY èëè ëþáîé äðóãîé êëèåíò ïî âàøåìó âûáîðó, ÷òîáû ïîëó÷èòü äîñòóï ê ñåðâåðó. Äëÿ òîãî, ÷òîáû ïðîâåðèòü åñòü ëè êëèåíò â âàøåé ñèñòåìå íà áàçå Linux, âàì íåîáõîäèìî ñäåëàòü ñëåäóþùåå: Çàãðóçèòü òåðìèíàë SSH. Âû ìîæåòå âûïîëíèòü ïîèñê ïî ñëîâó «òåðìèíàë» èëè íàæàòü CTRL+ALT+T íà êëàâèàòóðå. Ââåäèòå ssh è íàæìèòå Enter. Åñëè êëèåíò óñòàíîâëåí, òî âû ïîëó÷èòå âîò òàêîé îòâåò: username@host:~$ ssh usage: ssh [-1246AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-Q query_option] [-R address] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] username@host:~$ Ýòî îçíà÷àåò, ÷òî âû ãîòîâû óäàëåííî ïîäêëþ÷èòüñÿê ôèçè÷åñêîìó êîìïüþòåðó èëè âèðòóàëüíîé ìàøèíå.  ïðîòèâíîì ñëó÷àå âàì ïðèäåòñÿ óñòàíîâèòü êëèåíòñêóþ ÷àñòü OpenSSH: Âûïîëíèòå ñëåäóþùóþ êîìàíäó, ÷òîáû óñòàíîâèòü êëèåíò OpenSSH íà ñâîé êîìïüþòåð: sudo apt-get install openssh-client Ââåäèòå ïàðîëü ïðèâèëåãèðîâàííîãî ïîëüçîâàòåëÿ ïî çàïðîñó Íàæìèòå Enter, ÷òîáû çàâåðøèòü óñòàíîâêó. Òåïåðü âû ìîæåòå ïîäêëþ÷èòüñÿ ïî SSH ê ëþáîìó êîìïüþòåðó ñ óñòàíîâëåííûì ñåðâåðíûì ïðèëîæåíèåì ïðè óñëîâèè, ÷òî ó âàñ åñòü íåîáõîäèìûå ïðèâèëåãèè äëÿ ïîëó÷åíèÿ äîñòóïà, à òàêæå èìÿ õîñòà èëè IP-àäðåñ. Êàê óñòàíîâèòü ñåðâåðíóþ ÷àñòü OpenSSH Äëÿ òîãî, ÷òîáû ïðèíèìàòü SSH-ïîäêëþ÷åíèÿ, íà êîìïüþòåðå äîëæíà áûòü óñòàíîâëåíà ñåðâåðíàÿ ÷àñòü ïðîãðàììíîãî èíñòðóìåíòàðèÿ SSH. Åñëè âû õîòèòå ñíà÷àëà ïðîâåðèòü, åñòü ëè ñåðâåð OpenSSH â ñèñòåìå Ubuntu óäàëåííîãî êîìïüþòåðà, êîòîðûé áóäåò ïðèíèìàòü SSH-ïîäêëþ÷åíèÿ, âû ìîæåòå ïîïðîáîâàòü ïîäêëþ÷èòüñÿ ê ëîêàëüíîìó õîñòó: Îòêðîéòå òåðìèíàë íà ñåðâåðå. Âû ìîæåòå âûïîëíèòü ïîèñê ïî ñëîâó «òåðìèíàë» èëè íàæàòü CTRL+ALT+T íà êëàâèàòóðå. Ââåäèòå ssh localhost è íàæìèòå Enter. Äëÿ ñèñòåì, â êîòîðûõ íå óñòàíîâëåí SSH-ñåðâåð, îòâåò áóäåò âûãëÿäåòü âîò òàê: username@host:~$ ssh localhost ssh: connect to host localhost port 22: Connection refused username@host:~$ Åñëè ýòî òàê, ÷òî âàì íåîáõîäèìî óñòðàíîâèòü ñåðâåð OpenSSH. Íå çàêðûâàéòå òåðìèíàë è: Âûïîëíèòå ñëåäóþùóþ êîìàíäó, ÷òîáû óñòàíîâèòü ñåðâåð SSH:sudo apt-get install openssh-server ii Ââåäèòå ïàðîëü ïðèâèëåãèðîâàííîãî ïîëüçîâàòåëÿ ïî çàïðîñó. Íàæìèòå Enter èëè ââåäèòå Y, ÷òîáû ïðîäîëæèòü óñòàíîâêó ïîñëå çàïðîñà íà ñâîáîäíîå ìåñòî íà äèñêå. Íåîáõîäèìûå âñïîìîãàòåëüíûå ôàéëû áóäóò óñòàíîâëåíû, à çàòåì âû ñìîæåòå ïðîâåðèòü, ðàáîòàåò ëè SSH-ñåðâåðà íà êîìïüþòåðå, ââåäÿ ñëåäóþùóþ êîìàíäó: sudo service ssh status Îòâåò â òåðìèíàëå äîëæåí âûãëÿäåòü ïðèìåðíî òàê, åñëè ñëóæáà SSH ðàáîòàåò ïðàâèëüíî: username@host:-$ sudo service ssh status • ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab Active: active (running) since Fr 2018-03-12 10:53:44 CET; 1min 22s ago Process: 1174 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCES Main PID: 3165 (sshd) Åùå îäèí ñïîñîá ïðîâåðèòü, ïðàâèëüíî ëè óñòàíîâëåí ñåðâåð OpenSSH è áóäåò ëè îí ïðèíèìàòü ïîäêëþ÷åíèÿ, — ýòî ïîïðîáîâàòü ñíîâà çàïóñòèòü êîìàíäó ssh localhost â êîìàíäíîé ñòðîêå òåðìèíàëà. Îòâåò ïðè ïåðâîì çàïóñêå êîìàíäû áóäåò ïðèìåðíî ñëåäóþùèé: username@host:~$ ssh localhost The authenticity of host 'localhost (127.0.0.1)' can't be established. ECDSA key fingerprint is SHA256:9jqmhko9Yo1EQAS1QeNy9xKceHFG5F8W6kp7EX9U3Rs. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts. username@host:~$ Ââåäèòå yes èëè y, ÷òîáû ïðîäîëæèòü. Ïîçäðàâëÿåì! Âû íàñòðîèëè ñâîé ñåðâåð äëÿ ïðèåìà çàïðîñîâ íà SSH- ïîäêëþ÷åíèå îò äðóãîãî êîìïüþòåðà ïðè ïîìîùè êëèåíòà SSH. Òåïåðü âû ìîæåòå ðåäàêòèðîâàòü ôàéë êîíôèãóðàöèè äåìîíà SSH. Íàïðèìåð, âû ìîæåòå èçìåíèòü ïîðò ïî óìîë÷àíèþ äëÿ SSH-ñîåäèíåíèé. Äëÿ ýòîãî â êîìàíäíîé ñòðîêå òåðìèíàëà âûïîëíèòå ýòó êîìàíäó: sudo nano /etc/ssh/sshd_config Ôàéë êîíôèãóðàöèè îòêðîåòñÿ â ðåäàêòîðå, êîòîðûé âû âûáåðåòå.  äàííîì ñëó÷àå ìû èñïîëüçîâàëè Nano. Åñëè âàì òîæå íóæíî óñòàíîâèòü Nano, âûïîëíèòå ýòó êîìàíäó: sudo apt-get install nano Îáðàòèòå âíèìàíèå, ÷òî ñëóæáó SSH íåîáõîäèìî ïåðåçàïóñêàòü êàæäûé ðàç, êîãäà âû âíîñèòå êàêèå-ëèáî èçìåíåíèÿ â ôàéë sshd_config. Ýòî ìîæíî ñäåëàòü, âûïîëíèâ ýòó êîìàíäó: sudo service ssh restart Êàê ïîäêëþ÷èòüñÿ ÷åðåç SSH Òåïåðü, êîãäà ó âàñ åñòü êëèåíò è ñåðâåð OpenSSH, óñòàíîâëåííûå íà îáîèõ êîìïüþòåðàõ, âû ìîæåòå óñòàíîâèòü áåçîïàñíîå óäàëåííîå ñîåäèíåíèå ñî ñâîèìè ñåðâåðàìè. Äëÿ ýòîãî: Îòêðîéòå SSH-òåðìèíàë íà ñâîåì êîìïüþòåðå è âûïîëíèòå ñëåäóþùóþ êîìàíäó: ssh your_username@host_ip_address. Åñëè èìÿ ïîëüçîâàòåëÿ íà âàøåì ëîêàëüíîì êîìïüþòåðå ñîâïàäàåò ñ èìåíåì íà ñåðâåðå, ê êîòîðîìó âû ïûòàåòåñü ïîäêëþ÷èòüñÿ, âû ìîæåòå ïðîñòî ââåñòè: ssh host_ip_address è íàæàòü Enter. Ââåäèòå ñâîé ïàðîëü è íàæìèòå Enter. Îáðàòèòå âíèìàíèå, ÷òî âû íå ïîëó÷èòå íèêàêîé îáðàòíîé ñâÿçè íà ýêðàíå âî âðåìÿ íàáîðà òåêñòà. Åñëè âû âñòàâëÿåòå ñâîé ïàðîëü, óáåäèòåñü, ÷òî îí õðàíèòñÿ â áåçîïàñíîì ìåñòå, à íå â òåêñòîâîì ôàéëå. Êîãäà âû ïîäêëþ÷àåòåñü ê ñåðâåðó â ïåðâûé ðàç, îí ñïðîñèò âàñ, õîòèòå ëè âû ïðîäîëæèòü ïîäêëþ÷åíèå. Ïðîñòî ââåäèòå yes è íàæìèòå Enter. Ýòî ñîîáùåíèå ïîÿâëÿåòñÿ òîëüêî îäèí ðàç (â ïåðâûé ðàç), òàê êàê óäàëåííûé ñåðâåð åùå íå èäåíòèôèöèðîâàí íà âàøåì ëîêàëüíîì êîìïüþòåðå. Òåïåðü îòïå÷àòîê êëþ÷à ECDSA äîáàâëåí, è âû ïîäêëþ÷åíû ê óäàëåííîìó ñåðâåðó. Åñëè êîìïüþòåð, ê êîòîðîìó âû ïûòàåòåñü óäàëåííî ïîäêëþ÷èòüñÿ, íàõîäèòñÿ â òîé æå ñåòè, ÷òî è ëîêàëüíûé êîìïüþåòð, òî ëó÷øå èñïîëüçîâàòü ÷àñòíûé IP-àäðåñ âìåñòî îáùåäîñòóïíîãî IP-àäðåñà.  ïðîòèâíîì ñëó÷àå âàì ïðèäåòñÿ èñïîëüçîâàòü òîëüêî îáùåäîñòóïíûé IP-àäðåñ. Êðîìå òîãî, óáåäèòåñü, ÷òî âû çíàåòå ïðàâèëüíûé TCP-ïîðò, êîòîðûé OpenSSH ïðîñëóøèâàåò äëÿ çàïðîñîâ íà ïîäêëþ÷åíèå, è ÷òî ïàðàìåòðû ïåðåàäðåñàöèè ïîðòîâ âåðíû. Ïîðò ïî óìîë÷àíèþ — 22, åñëè íèêòî íå ìåíÿë êîíôèãóðàöèþ â ôàéëå sshd_config. Âû òàêæå ìîæåòå ïðîñòî äîáàâèòü íîìåð ïîðòà ïîñëå IP-àäðåñà õîñòà. Âîò ïðèìåð çàïðîñà íà ïîäêëþ÷åíèå ñ èñïîëüçîâàíèåì êëèåíòà OpenSSH ñ óêàçàíèåì íîìåðà ïîðòà: username@machine:~$ ssh phoenixnap@185.52.53.222 –p7654 phoenixnap@185.52.53.222’s password: The authenticity of host '185.52.53.222 (185.52.53.222)' can't be established. ECDSA key fingerprint is SHA256:9lyrpzo5Yo1EQAS2QeHy9xKceHFH8F8W6kp7EX2O3Ps. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added ' 185.52.53.222' (ECDSA) to the list of known hosts. username@host:~$ Òåïåðü âû ìîæåòå óïðàâëÿòü óäàëåííûì êîìïüþòåðîì ïðè ïîìîùè ñâîåãî òåðìèíàëà. Åñëè ó âàñ âîçíèêëè ïðîáëåìû ñ ïîäêëþ÷åíèåì ê óäàëåííîìó ñåðâåðó, óáåäèòåñü, ÷òî: IP-àäðåñ óäàëåííîãî êîìïüþòåðà óêàçàí âåðíî Ïîðò, êîòîðûé ïðîñëóøèâàåò äåìîí SSH, íå çàáëîêèðîâàí ìåæñåòåâûì ýêðàíîì è ïðàâèëüíî ïåðåàäðåñîâûâàåòñÿ Âàøå èìÿ ïîëüçîâàòåëÿ è ïàðîëü óêàçàíû âåðíî Ïðîãðàììíîå îáåñïå÷åíèå SSH óñòàíîâëåíî âåðíî Äàëüíåéøèå äåéñòâèÿ ïî SSH Òåïåðü, êîãäà âû ìîæåòå óñòàíîâèòü ñîåäèíåíèå ñî ñâîèì ñåðâåðîì ñ ïîìîùüþ SSH, ìû íàñòîÿòåëüíî ðåêîìåíäóåì âûïîëíèòü åùå íåñêîëüêî øàãîâ äëÿ ïîâûøåíèÿ áåçîïàñíîñòè SSH. Åñëè âû îñòàâèòå íàñòðîéêó ñî çíà÷åíèÿìè ïî óìîë÷àíèþ, îíà ñ áîëüøåé âåðîÿòíîñòüþ áóäåò âçëîìàíà, è âàø ñåðâåð ìîæåò ëåãêî áûòü àòàêîâàí. Âîò íåêîòîðûå èç ïðåäëîæåíèé ïî óñèëåíèþ áåçîïàñíîñòè SSH ïóòåì ðåäàêòèðîâàíèÿ ôàéëà êîíôèãóðàöèè sshd: Èçìåíèòå TCP-ïîðò ïî óìîë÷àíèþ, êîòîðûé ïðîñëóøèâàåò äåìîí SSH. Èçìåíèòå åãî ñ 22 íà âàðèàíò ïîáîëüøå, íàïðèìåð, 24596. Íå èñïîëüçóéòå íîìåð ïîðòà, êîòîðûé ëåãêî óãàäàòü, íàïðèìåð, 222, 2222 èëè 22222. Èñïîëüçóéòå ïàðû êëþ÷åé SSH äëÿ àóòåíòèôèêàöèè ïðè âõîäå â SSH áåç ïàðîëÿ. Îíè è áåçîïàñíåå, è ïîçâîëÿþò âõîäèòü â ñèñòåìó áåç íåîáõîäèìîñòè èñïîëüçîâàòü ïàðîëü. Ýòî áûñòðåå è óäîáíåå. Îòêëþ÷èòå âõîä â ñèñòåìó íà îñíîâå ïàðîëÿ íà âàøåì ñåðâåðå. Åñëè âàø ïàðîëü áóäåò âçëîìàí, ýòî èñêëþ÷èò âîçìîæíîñòü åãî èñïîëüçîâàíèÿ äëÿ âõîäà íà âàøè ñåðâåðû. Ïðåæäå ÷åì îòêëþ÷èòü âîçìîæíîñòü âõîäà ñ èñïîëüçîâàíèåì ïàðîëåé, âàæíî óáåäèòüñÿ, ÷òî àóòåíòèôèêàöèÿ ñ èñïîëüçîâàíèåì ïàð êëþ÷åé ðàáîòàåò êîððåêòíî. Îòêëþ÷èòå root-äîñòóï ê âàøåìó ñåðâåðó è èñïîëüçóéòå îáû÷íóþ ó÷åòíóþ çàïèñü ñ ïîìîùüþ êîìàíäû su – êîìàíäû äëÿ ïåðåêëþ÷åíèÿ íà root-ïîëüçîâàòåëÿ. Âû òàêæå ìîæåòå èñïîëüçîâàòü TCP Wrappers äëÿ îãðàíè÷åíèÿ äîñòóïà ê îïðåäåëåííûì IP-àäðåñàì èëè èìåíàì õîñòîâ. Íàñòðîéòå, êàêîé õîñò ìîæåò ïîäêëþ÷àòüñÿ ñ ïîìîùüþ TCP Wrappers, îòðåäàêòèðîâàâ ôàéëû /etc/hosts.allow è etc/hosts.deny. Îáðàòèòå âíèìàíèå, ÷òî ðàçðåøåííûå õîñòû îïðåäåëÿþòñÿ ÷åðåç çàïðåùåííûå õîñòû. Íàïðèìåð, ÷òîáû ðàçðåøèòü SSH-äîñòóï ê îäíîìó õîñòó, âàì ñíà÷àëà íóæíî çàïðåòèòü âñå õîñòû, äîáàâèâ ñëåäóþùèå äâå ñòðîêè â ôàéë etc/hosts.deny: sshd : ALL ALL : ALL Çàòåì â ôàéëå etc/hosts.allow âàì íåîáõîäèìî äîáàâèòü ñòðîêó ñ ðàçðåøåííûìè õîñòàìè äëÿ ñëóæáû SSH. Ýòî ìîæåò áûòü îäèí IP-àäðåñ, äèàïàçîí IP-àäðåñîâ èëè èìÿ õîñòà: sshd: 10.10.0.5, LOCAL. Óáåäèòåñü, ÷òî âàøà èíôîðìàöèÿ äëÿ âõîäà â ñèñòåìó âñåãäà çàùèùåíà, è ïðèìåíÿéòå ìåðû áåçîïàñíîñòü íà íåñêîëüêèõ óðîâíÿõ. Èñïîëüçóéòå ðàçëè÷íûå ìåòîäû, ÷òîáû îãðàíè÷èòü äîñòóï SSH ê âàøèì ñåðâåðàì, èëè èñïîëüçóéòå ñåðâèñû, êîòîðûå áóäóò áëîêèðîâàòü ëþáîãî, êòî ïîïûòàåòñÿ èñïîëüçîâàòü ãðóáóþ ñèëó, ÷òîáû ïîëó÷èòü äîñòóï ê âàøèì ñåðâåðàì. Îäèí èç ïðèìåðîâ òàêîé ñëóæáû - Fail2ban. VNC ÷åðåç SSH Äëÿ ïîëüçîâàòåëåé, ïðèâûêøèõ ðàáîòàòü â ãðàôè÷åñêîé ñðåäå ðàáî÷åãî ñòîëà ñ ñèñòåìîé óïðàâëåíèÿ óäàëåííûì êîìïüþòåðîì (VNC - Virtual Network Computing), åñòü âîçìîæíîñòü ïîëíîñòüþ çàøèôðîâàòü ñîåäèíåíèÿ ñ ïîìîùüþ òóííåëèðîâàíèÿ SSH. ×òîáû òóííåëèðîâàòü ñîåäèíåíèÿ VNC ÷åðåç SSH, âàì íóæíî áóäåò çàïóñòèòü ýòó êîìàíäó â òåðìèíàëå íà âàøåì êîìïüþòåðå ñ Linux èëè UNIX: $ ssh -L 5901:localhost:5901 -N -f -l username hostname_or_IP Âîò ðàçáîð êîìàíäû âûøå: ssh: çàïóñêàåò êëèåíòñêóþ ïðîãðàììó SSH íà âàøåì ëîêàëüíîì êîìïüþòåðå è îáåñïå÷èâàåò áåçîïàñíîå ïîäêëþ÷åíèå ê ñåðâåðó SSH íà óäàëåííîì êîìïüþòåðå. -L 5901:localhost:5901: óêàçûâàåò, ÷òî ëîêàëüíûé ïîðò äëÿ êëèåíòà íà ëîêàëüíîì êîìïüþòåðå äîëæåí áûòü ïåðåàäðåñîâàí íà óêàçàííûé õîñò è ïîðò óäàëåííîãî êîìïüþòåðà.  ýòîì ñëó÷àå ëîêàëüíûé ïîðò 5901 íà ëîêàëüíîì êëèåíòå ïåðåíàïðàâëÿåòñÿ íà òîò æå ïîðò óäàëåííîãî ñåðâåðà. -N: óêàçûâàåò ïåðåñëàòü ïîðòû, íî íå âûïîëíÿòü óäàëåííóþ êîìàíäó. -f: îòïðàâëÿåò SSH â ôîíîâûé ðåæèì ïîñëå ââîäà ïàðîëÿ, íåïîñðåäñòâåííî ïåðåä âûïîëíåíèåì êîìàíäû. Çàòåì âû ìîæåòå ñâîáîäíî èñïîëüçîâàòü òåðìèíàë äëÿ ââîäà êîìàíä íà ëîêàëüíîì êîìïüþòåðå. -l username: ââåäåííîå çäåñü èìÿ ïîëüçîâàòåëÿ áóäåò èñïîëüçîâàòüñÿ äëÿ âõîäà íà óêàçàííûé âàìè óäàëåííûé ñåðâåð. hostname_or_IP: ýòî óäàëåííàÿ ñèñòåìà ñ ñåðâåðîì VNC. Ïðèìåðîì IP-àäðåñà ìîæåò áûòü 172.16.0.5, à ïðèìåðîì èìåíè õîñòà ìîæåò áûòü myserver.somedomain.com. Âû òàêæå ìîæåòå ïîäêëþ÷èòüñÿ ê óäàëåííîìó ñåðâåðó ÷åðåç SSH- òóííåëü ñ êîìïüþòåðà ñ Windows, èñïîëüçóÿ PuTTY.  îêíå êîíôèãóðàöèè PuTTY âûïîëíèòå ñëåäóþùåå: Ïåðåéäèòå â Connections (Ñîåäèíåíèÿ) -> SSH -> Tunnels (Òóííåëè)  ïîëå Source port (Ïîðò èñòî÷íèêà) ââåäèòå 5901  ïîëå Destination (Àäðåñàò) ââåäèòå localhost:5901 Çàïóñòèòå ñåàíñ SSH êàê îáû÷íî Ïîäêëþ÷èòåñü ê ñåðâåðó ñ ïîìîùüþ êëèåíòà VNC ïî âàøåìó âûáîðó ×òî òàêîå RDP? Ïðîòîêîë óäàëåííîãî ðàáî÷åãî ñòîëà (RDP - Remote Desktop Protocol) — ýòî ïðîòîêîë, ðàçðàáîòàííûé Microsoft. Îí èñïîëüçóåòñÿ äëÿ óäàëåííîãî êîíòðîëÿ è óïðàâëåíèÿ êîìïüþòåðàìè ñ îïåðàöèîííîé ñèñòåìîé Windows.  îòëè÷èå îò Secure Shell, ñîåäèíåíèÿ, óñòàíîâëåííûå ñ ïîìîùüþ RDP-êëèåíòà, ïðåäîñòàâëÿþò ïîëüçîâàòåëþ ãðàôè÷åñêèé èíòåðôåéñ, ÷åðåç êîòîðûé îí ìîæåò ïîëó÷èòü äîñòóï ê óäàëåííîìó êîìïüþòåðó è óïðàâëÿòü èì òàê æå, êàê è ñâîèì ëîêàëüíûì êîìïüþòåðîì. Èñïîëüçîâàíèå ñëóæá óäàëåííîãî ðàáî÷åãî ñòîëà, ðàíåå èçâåñòíûõ êàê ñëóæáû òåðìèíàëîâ, ïîçâîëÿåò ñèñòåìíûì àäìèíèñòðàòîðàì è ñèñòåìíûì èíæåíåðàì ëåãêî óïðàâëÿòü óäàëåííûìè êîìïüþòåðàìè, ïîäêëþ÷åííûìè ê ëîêàëüíîé ñåòè èëè Èíòåðíåòó. Íî ó âñåãî åñòü ñâîÿ öåíà. Åñëè âû íå èñïîëüçóåòå âèðòóàëüíóþ çàùèùåííóþ ñåòü (VPN - virtual private network), ïîäêëþ÷åíèå ÷åðåç RDP áóäåò ãîðàçäî ìåíåå áåçîïàñíî, ÷åì SSH, ïîòîìó ÷òî âû íàïðÿìóþ ïîäêëþ÷àåòåñü ê Èíòåðíåòó. Ñóùåñòâóåò ìíîæåñòâî àâòîìàòèçèðîâàííûõ ñöåíàðèåâ, êîòîðûå ïîñòîÿííî èùóò ñëàáûå ìåñòà â âàøåì ñîåäèíåíèè, îñîáåííî ýòî êàñàåòñÿ îòêðûòûõ ïîðòîâ, êîòîðûå èñïîëüçóþò ïîäêëþ÷åíèÿ ê óäàëåííîìó ðàáî÷åìó ñòîëó Windows.  ýòîì ñëó÷àå íàñòîÿòåëüíî ðåêîìåíäóåòñÿ èìåòü ñëîæíûå è íàäåæíûå ïàðîëè è ðåãóëÿðíî èõ ìåíÿòü. Ýòî íå äåëàåò ñîåäèíåíèÿ RDP áîëåå áåçîïàñíûìè, íî âñå æå äåëàåò èõ ìåíåå óÿçâèìûìè. Êàê ðàáîòàåò ïðîòîêîë óäàëåííîãî ðàáî÷åãî ñòîëà? Ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó Windows îñíîâàíî íà äîâîëüíî ïðîñòîé ìîäåëè êëèåíò-ñåðâåð ñ èñïîëüçîâàíèåì ïðîòîêîëà óäàëåííîãî ðàáî÷åãî ñòîëà (RDP). Ïîñëå åãî âêëþ÷åíèÿ ñåðâåðíàÿ ñëóæáà óäàëåííîãî ðàáî÷åãî ñòîëà Windows íà÷èíàåò ïðîñëóøèâàòü çàïðîñû íà ïîäêëþ÷åíèå ÷åðåç ïîðò 3389. Âñÿêèé ðàç, êîãäà âû ïûòàåòåñü ïîäêëþ÷èòüñÿ ê ñåðâåðó Windows, âàì íóæíî áóäåò óêàçàòü äåéñòâèòåëüíîå èìÿ ïîëüçîâàòåëÿ äëÿ ó÷åòíîé çàïèñè, êîòîðóþ âû èñïîëüçóåòå äëÿ óäàëåííîãî äîñòóïà. Ïîëó÷èâ äîñòóï ê ñåðâåðó, âû ñìîæåòå óïðàâëÿòü ïðèëîæåíèÿìè, ïåðåäàâàòü ôàéëû ìåæäó äâóìÿ êîìïüþòåðàìè è ïðàêòè÷åñêè âûïîëíÿòü ëþáûå çàäà÷è, êîòîðûå âû ìîæåòå âûïîëíÿòü ëîêàëüíî ñ ñîîòâåòñòâóþùåé ó÷åòíîé çàïèñüþ. Íåçàâèñèìî îò òîãî, êàêàÿ ó âàñ âåðñèÿ îïåðàöèîííîé ñèñòåìû Windows, âû ñìîæåòå óñòàíîâèòü áåçîïàñíîå óäàëåííîå ïîäêëþ÷åíèå ê äðóãîìó êîìïüþòåðó, ïîñêîëüêó êëèåíò óäàëåííîãî ðàáî÷åãî ñòîëà äîñòóïåí ïî óìîë÷àíèþ. Òåì íå ìåíåå, óäàëåííûé äîñòóï ê êîìïüþòåðó âîçìîæåí òîëüêî â òîì ñëó÷àå, åñëè îí ðàáîòàåò ïîä óïðàâëåíèåì Pro, Enterprise èëè Server âåðñèè îïåðàöèîííîé ñèñòåìû Windows. Òàêèì îáðàçîì, ìîæíî ñäåëàòü âûâîä, ÷òî RDP-ñîåäèíåíèÿ âîçìîæíû òîëüêî ìåæäó êîìïüþòåðàìè ñ óñòàíîâëåííîé íà íèõ ÎÑ Windows. Êàê óñòàíîâèòü RDP-ñîåäèíåíèå Äëÿ óñòàíîâëåíèÿ ïîäêëþ÷åíèÿ ê óäàëåííîìó ðàáî÷åìó ñòîëó ñ äðóãèì êîìïüþòåðîì ïî ñåòè íåîáõîäèìî âêëþ÷èòü ñëóæáó ñåðâåðà óäàëåííîãî ðàáî÷åãî ñòîëà Windows. Êëèåíò óäàëåííîãî ðàáî÷åãî ñòîëà èíòåãðèðîâàí â ñèñòåìû Windows, ãîòîâ ê ðàáîòå ïî óìîë÷àíèþ è íå òðåáóåò ñïåöèàëüíîé íàñòðîéêè, ïðåæäå ÷åì âû ñìîæåòå ïîäêëþ÷èòüñÿ ê äðóãîìó êîìïüþòåðó ïîä óïðàâëåíèåì Windows. Îäíàêî ïðèåì ïîäêëþ÷åíèé ê óäàëåííîìó ðàáî÷åìó ñòîëó ñ äðóãèõ êîìïüþòåðîâ ïî óìîë÷àíèþ îòêëþ÷åí âî âñåõ âåðñèÿõ ÎÑ Windows. Åñëè âû õîòèòå óäàëåííî ïîäêëþ÷èòüñÿ ê ñåðâåðó ÷åðåç Èíòåðíåò, à íå ÷åðåç ëîêàëüíóþ ñåòü, âàì íåîáõîäèìî ïðèíÿòü âî âíèìàíèå íåñêîëüêî âåùåé, ïðåæäå ÷åì âêëþ÷àòü ýòó ñëóæáó: Ïåðåàäðåñàöèÿ ïîðòà. Åñëè âû íå èñïîëüçóåòå VPN, òî âàì íåîáõîäèìî óáåäèòüñÿ, ÷òî ïîðòû ïðàâèëüíî ïåðåàäðåñîâàíû íà IP-àäðåñ óäàëåííîãî õîñòà. Ïðîâåðüòå íàñòðîéêè ìàðøðóòèçàòîðà, ÷òîáû óçíàòü, íàïðàâëÿåòñÿ ëè òðàôèê TCP-ïîðòà ïî óìîë÷àíèþ äëÿ ïðîòîêîëà óäàëåííîãî ðàáî÷åãî ñòîëà (ïîðò 3389) íà IP-àäðåñ ñåðâåðà, ñ êîòîðûì âû õîòèòå óñòàíîâèòü ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó. Îáðàòèòå âíèìàíèå, ÷òî â ýòîì ñëó÷àå âàø ñåðâåð Windows íàïðÿìóþ ïîäêëþ÷åí ê Èíòåðíåòó è óÿçâèì. Èñïîëüçîâàíèå VPN. Ýòî ãîðàçäî áîëåå áåçîïàñíûé âàðèàíò ïîäêëþ÷åíèÿ ê óäàëåííîìó ðàáî÷åìó ñòîëó. Ïðè ñîçäàíèè âèðòóàëüíîé çàùèùåííîé ñåòè íà êëèåíòñêîì êîìïüþòåðå âû ñìîæåòå ïîëó÷èòü äîñòóï êî âñåì ñëóæáàì, êîòîðûå äîñòóïíû òîëüêî ïðè èñïîëüçîâàíèè ëîêàëüíîãî ïîäêëþ÷åíèÿ. Íàñòðîéêè ìåæñåòåâîãî ýêðàíà. Óáåäèòåñü, ÷òî ìåæñåòåâîé ýêðàí, êîòîðûé âû èñïîëüçóåòå äëÿ óäàëåííîãî êîìïüþòåðà, íå áëîêèðóåò ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó. Âàì íóæíî îòêðûòü ëîêàëüíûé ïîðò äëÿ RDP, áóäü òî íîìåð ïîðòà ïî óìîë÷àíèþ èëè íàñòðàèâàåìûé. Ïîäêëþ÷åíèå óäàëåííîãî äîñòóïà â âåðñèÿõ Windows 7, 8, 10 è Windows Server Ïðîöåäóðà íàñòðîéêè óäàëåííîãî ðàáî÷åãî ñòîëà è ðàçðåøåíèÿ áåçîïàñíûõ óäàëåííûõ ïîäêëþ÷åíèé ê ñåðâåðó èëè ÏÊ ñ äðóãîãî êîìïüþòåðà îäèíàêîâà äëÿ âñåõ âåðñèé îïåðàöèîííûõ ñèñòåì Windows. ß ïåðå÷èñëþ îñíîâíûå øàãè äëÿ ïîäêëþ÷åíèÿ óäàëåííîãî äîñòóïà ê íóæíîìó êîìïüþòåðó. Ïðåæäå ÷åì íà÷àòü, óáåäèòåñü, ÷òî âû ó÷ëè ïðèâåäåííûå âûøå çàìå÷àíèÿ, êîòîðûå êàñàþòñÿ ïåðåàäðåñàöèè ïîðòîâ, íàñòðîåê VPN è ìåæñåòåâîãî ýêðàíà. Øàã 1. Ðàçðåøèòå óäàëåííûå ïîäêëþ÷åíèÿ Ïåðåéäèòå â ðàçäåë èíôîðìàöèè î êîìïüþòåðå íà òîì êîìïüþòåðå, íà êîòîðîì âû õîòèòå ðàçðåøèòü óäàëåííûå ïîäêëþ÷åíèÿ: Ùåëêíèòå ïðàâîé êíîïêîé ìûøè Computer (Ìîé êîìïüþòåð) èëè This PC (Ýòîò êîìïüþòåð) â çàâèñèìîñòè îò âåðñèè ÎÑ Windows. Ùåëêíèòå Properties (Ñâîéñòâà). Íàæìèòå Remote settings (Íàñòðîéêè óäàëåííîãî äîñòóïà) â ëåâîé ÷àñòè îêíà. Ùåëêíèòå Allow remote connections to this computer (Ðàçðåøèòü óäàëåííûå ïîäêëþ÷åíèÿ ê ýòîìó êîìïüþòåðó). Ýòî äîëæíî àâòîìàòè÷åñêè äîáàâèòü èñêëþ÷åíèå ìåæñåòåâîãî ýêðàíà óäàëåííîãî ðàáî÷åãî ñòîëà. Êðîìå òîãî, âû ìîæåòå ñíÿòü ôëàæîê “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)” («Ðàçðåøèòü ïîäêëþ÷åíèÿ òîëüêî ñ êîìïüþòåðîâ, íà êîòîðûõ çàïóùåí óäàëåííûé ðàáî÷èé ñòîë ñ ïðîâåðêîé ïîäëèííîñòè íà óðîâíå ñåòè (ðåêîìåíäóåòñÿ)») äëÿ äîïîëíèòåëüíîé áåçîïàñíîñòè ñåàíñîâ RDP. Íàæìèòå Apply (Ïðèìåíèòü), åñëè âû õîòèòå îñòàòüñÿ íà âêëàäêå, èëè ÎÊ, ÷òîáû çàêðûòü åå. Øàã 2. Äîáàâüòå ïîëüçîâàòåëåé â ñïèñîê óäàëåííûõ ïîëüçîâàòåëåé. Âàì íåîáõîäèìî âûïîëíèòü ýòîò øàã, òîëüêî åñëè âû õîòèòå ðàçðåøèòü äðóãèì ïîëüçîâàòåëÿì, êðîìå àäìèíèñòðàòîðîâ, äîñòóï ê êîìïüþòåðó. Åñëè âû ÿâëÿåòåñü àäìèíèñòðàòîðîì, âàøà ó÷åòíàÿ çàïèñü àâòîìàòè÷åñêè âêëþ÷àåòñÿ â ñïèñîê ðàçðåøåííûõ ïîëüçîâàòåëåé, íî âû åå íå óâèäèòå. ×òîáû äîáàâèòü áîëüøå ïîëüçîâàòåëåé: Íà ýêðàíå Remote Settings (Íàñòðîéêè óäàëåííîãî äîñòóïà), ïîêàçàííîì âûøå, ùåëêíèòå Select Users (Âûáðàòü ïîëüçîâàòåëåé) Íàæìèòå Add (Äîáàâèòü) â ïîëå Remote Desktop Users (Ïîëüçîâàòåëè óäàëåííîãî ðàáî÷åãî ñòîëà). Ïîÿâèòñÿ îêíî Select users (Âûáðàòü ïîëüçîâàòåëåé). Âû ìîæåòå âûáðàòü ìåñòîïîëîæåíèå, êîòîðîå õîòèòå íàéòè, íàæàâ Locations (Ìåñòîïîëîæåíèÿ).  ïîëå Enter the Object Names to Select (Ââåäèòå èìåíà îáúåêòîâ äëÿ âûáîðà) ââåäèòå èìÿ ïîëüçîâàòåëÿ è íàæìèòå Check Names (Ïðîâåðèòü èìåíà). Êîãäà âû íàéäåòå ñîâïàäåíèå, âûáåðèòå ó÷åòíóþ çàïèñü ïîëüçîâàòåëÿ è íàæìèòå OK. Çàêðîéòå îêíî System Properties (Ñâîéñòâà ñèñòåìû), åùå ðàç íàæàâ êíîïêó ÎÊ. Ñóùåñòâóåò íå òàê ìíîãî ïàðàìåòðîâ, êîòîðûå íóæíî èçìåíèòü äëÿ íàñòðîéêè óäàëåííîãî ðàáî÷åãî ñòîëà. Åñëè äðóãèå íàñòðîéêè íå ìåøàþò âàøåìó ïîäêëþ÷åíèþ ê óäàëåííîìó ðàáî÷åìó ñòîëó, òî òåïåðü âû ìîæåòå óäàëåííî ïîäêëþ÷àòüñÿ è óïðàâëÿòü ýòèì êîìïüþòåðîì. Êàê èñïîëüçîâàòü êëèåíòñêóþ ÷àñòü óäàëåííîãî ïîäêëþ÷åíèÿ ê ðàáî÷åìó ñòîëó Èñïîëüçîâàòü êëèåíòñêóþ ÷àñòü óäàëåííîãî ðàáî÷åãî ñòîëà ïðîñòî, è âàì íå íóæíî ñïåöèàëüíî íàñòðàèâàòü óäàëåííûé ðàáî÷èé ñòîë íà ëîêàëüíîì êîìïüþòåðå. Ñëåäóþùèå øàãè áóäóò ðàáîòàòü äëÿ âñåõ âåðñèé Windows, íà÷èíàÿ ñ Windows 7. Øàã 1: Çàïóñòèòå ìîäóëü ïîäêëþ÷åíèÿ ê ðàáî÷åìó ñòîëó Íà ëîêàëüíîì êîìïüþòåðå ñ ÎÑ Windows íàéäèòå ïðèëîæåíèå Remote Deskrop Connection (Ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó). Åãî ìîæíî íàéòè íåñêîëüêèìè ñïîñîáàìè: Äëÿ Windows 7 íàæìèòå Start (Ïóñê) -> All Programs (Âñå ïðîãðàììû), ïåðåéäèòå â ïàïêó Accessories (Ñòàíäàðòíûå) è íàæìèòå Remote Desktop Connection (Ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó). Äëÿ Windows 10 íàæìèòå Start (Ïóñê) è íàéäèòå ïàïêó Windows Accessories (Ñòàíäàðòíûå äëÿ Windows), ãäå âû òàêæå ìîæåòå íàéòè ïðèëîæåíèå Remote Desktop Connection (Ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó). Íàæìèòå Start (Ïóñê) è ââåäèòå Remote Desktop Connection (Ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó) â ñòðîêå ïîèñêà. Âû ïîëó÷èòå ðåçóëüòàòû ïîèñêà, êàê òîëüêî íà÷íåòå ïå÷àòàòü. Íàæìèòå íà ïðèëîæåíèå, êîãäà îíî ïîÿâèòñÿ â ñïèñêå. Íàæìèòå êëàâèøè Windows + R íà êëàâèàòóðå, ÷òîáû îòêðûòü îêíî Run (Âûïîëíèòü). Ââåäèòå mstsc â ïîëå Open (Îòêðûòü) è íàæìèòå Enter, ÷òîáû çàïóñòèòü êëèåíò óäàëåííîãî ðàáî÷åãî ñòîëà. Øàã 2. Ââåäèòå IP-àäðåñ èëè èìÿ óäàëåííîãî õîñòà. Ïîñëå çàïóñêà ïðèëîæåíèÿ Remote Desktop Connection (Ïîäêëþ÷åíèå ê óäàëåííîìó ðàáî÷åìó ñòîëó) îòêðîåòñÿ îêíî, â êîòîðîì âû ìîæåòå ââåñòè èìÿ èëè IP-àäðåñ óäàëåííîãî êîìïüþòåðà, ê êîòîðîìó âû õîòèòå ïîëó÷èòü äîñòóï.  ïîëå Computer (Êîìïüþòåð) ââåäèòå ñîîòâåòñòâóþùåå èìÿ èëè IP-àäðåñ è íàæìèòå Connect (Ïîäêëþ÷èòüñÿ). Ïðèìå÷àíèå. Åñëè ïîðò ïðîñëóøèâàíèÿ ïî óìîë÷àíèþ äëÿ ïîäêëþ÷åíèÿ ê óäàëåííîìó ðàáî÷åìó ñòîëó (ïîðò 3389) áûë èçìåíåí íà óäàëåííîì óçëå íà äðóãîå çíà÷åíèå, âàì íóæíî óêàçàòü åãî ïîñëå IP-àäðåñà.Ïðèìåð: 174.163.152.141:6200  çàâèñèìîñòè îò ñèòóàöèè âàì íóæíî áóäåò ââåñòè ÷àñòíûé èëè îáùåäîñòóïíûé IP-àäðåñ óäàëåííîãî õîñòà. Âîò âîçìîæíûå ñöåíàðèè: Åñëè êëèåíòñêèé êîìïüþòåð è óäàëåííûé õîñò ïîäêëþ÷åíû ê îäíîé è òîé æå ëîêàëüíîé ñåòè, âû áóäåòå èñïîëüçîâàòü ÷àñòíûé IP-àäðåñ õîñòà äëÿ ïîäêëþ÷åíèÿ ê óäàëåííîìó ðàáî÷åìó ñòîëó. Åñëè âû èñïîëüçóåòå âèðòóàëüíóþ çàùèùåííóþ ñåòü (VPN) íà êëèåíòñêîì êîìïüþòåðå äëÿ äîñòóïà ê óäàëåííîìó õîñòó, âû áóäåòå èñïîëüçîâàòü ÷àñòíûé IP-àäðåñ õîñòà äëÿ ïîäêëþ÷åíèÿ ê óäàëåííîìó ðàáî÷åìó ñòîëó. Åñëè êëèåíòñêèé êîìïüþòåð ïîäêëþ÷àåòñÿ ê óäàëåííîìó õîñòó èç äðóãîé ñåòè ÷åðåç Èíòåðíåò áåç VPN, âû áóäåòå èñïîëüçîâàòü îáùåäîñòóïíûé IP-àäðåñ. Êàê íàéòè IP-àäðåñ è èìÿ õîñòà Ñóùåñòâóåò ìíîãî ñïîñîáîâ íàéòè èìÿ, îáùåäîñòóïíûé èëè ÷àñòíûé IP-àäðåñ êîìïüþòåðà, íà êîòîðîì âû õîòèòå íàñòðîèòü ñëóæáó óäàëåííîãî ðàáî÷åãî ñòîëà. Âîò ñàìûå áûñòðûå è ïðîñòûå ñïîñîáû: ×òîáû îïðåäåëèòü ÷àñòíûé IP-àäðåñ êîìïüþòåðà: Íàéäèòå CMD â ìåíþ «Ïóñê» (start) èëè íàæìèòå Windows + R íà êëàâèàòóðå, íàáåðèòå íà êëàâèàòóðå CMD è íàæìèòå Enter, ÷òîáû çàïóñòèòü êîìàíäíóþ ñòðîêó. Ââåäèòå ipconfig â êîìàíäíîé ñòðîêå è íàæìèòå Enter. Âû óâèäèòå ÷àñòíûé IP-àäðåñ âàøåãî êîìïüþòåðà â ñòðîêå IPv4 Address. ×òîáû îïðåäåëèòü îáùåäîñòóïíûé IP-àäðåñ êîìïüþòåðà:  âåá-áðàóçåðå ïåðåéäèòå íà ñàéò google.com èëè âîñïîëüçóéòåñü åãî ïàíåëüþ ïîèñêà. Ââåäèòå what is my IP (êàêîé ó ìåíÿ IP) èëè ïðîñòî my IP (ìîé IP) è íàæìèòå Enter.  âåðõíåé ÷àñòè ñòðàíèöû Google ïîêàæåò âàì îáùåäîñòóïíûé IP-àäðåñ, êîòîðûé èñïîëüçóåò âàø êîìïüþòåð. Åñëè ýòî íå ðàáîòàåò äëÿ âàøåãî ðåãèîíà, âû ìîæåòå ïîñåòèòü ïåðâóþ âåá-ñòðàíèöó â ðåçóëüòàòàõ ïîèñêà, è îíà ïîêàæåò âàì IP-àäðåñ. Èëè ìîæíî óçíàòü àäðåñ íà íàøåé ñòðàíè÷êå. ×òîáû íàéòè èìÿ êîìïüþòåðà: Ùåëêíèòå ïðàâîé êíîïêîé ìûøè Computer (Ìîé êîìïüþòåð) èëè This PC (Ýòîò êîìïüþòåð), â çàâèñèìîñòè îò èñïîëüçóåìîé âåðñèè ÎÑ Windows. Íàæìèòå Ñâîéñòâà Âû íàéäåòå ñâîå ïîëíîå èìÿ êîìïüþòåðà â ðàçäåëå Computer name, domain, and workgroup settings (Èìÿ êîìïüþòåðà, äîìåí è íàñòðîéêè ðàáî÷åé ãðóïïû). Øàã 3. Ââîä ó÷åòíûõ äàííûõ RDP è çàâåðøåíèå ïîäêëþ÷åíèÿ Ïîñëå òîãî, êàê âû íàæìåòå Connect (Ïîäêëþ÷èòüñÿ), ïîÿâèòñÿ ïîëîñà çàãðóçêè. Êîãäà êîìïüþòåð çàâåðøèò èíèöèàöèþ è íàñòðîéêó óäàëåííîãî ñåàíñà, âû ïîëó÷èòå âñïëûâàþùåå îêíî, êîòîðîå áóäåò âûãëÿäåòü ïðèìåðíî âîò òàê: Ââåäèòå ïàðîëü äëÿ âûáðàííîãî èìåíè ïîëüçîâàòåëÿ. Ïðè íåîáõîäèìîñòè âû ìîæåòå èñïîëüçîâàòü äðóãóþ ó÷åòíóþ çàïèñü è óêàçàòü äðóãîå èìÿ ïîëüçîâàòåëÿ è ïàðîëü. Íàæìèòå OK, êîãäà áóäåòå ãîòîâû, è âû ïîëó÷èòå ïðåäóïðåæäåíèå î ñåðòèôèêàòå áåçîïàñíîñòè. Íàæìèòå Yes (Äà), ÷òîáû ïðîäîëæèòü. Ïðèìå÷àíèå. Íà êîìïüþòåðå ñ ÎÑ Windows îäíîâðåìåííî ìîæåò áûòü çàðåãèñòðèðîâàí òîëüêî îäèí ïîëüçîâàòåëü. Åñëè êòî-òî äðóãîé èñïîëüçóåò êîìïüþòåð, ê êîòîðîìó âû ïûòàåòåñü ïîëó÷èòü óäàëåííûé äîñòóï, ýòîò ïîëüçîâàòåëü äîëæåí îòêëþ÷èòüñÿ.  òàêèõ ñëó÷àÿõ ïîÿâèòñÿ ïðåäóïðåæäàþùåå ñîîáùåíèå î âõîäå â ñèñòåìó. Âû íå óâèäèòå ðàáî÷èé ñòîë óäàëåííîãî êîìïüþòåðà.  çàâèñèìîñòè îò íàñòðîåê ðàçðåøåíèé ó÷åòíîé çàïèñè ïîëüçîâàòåëÿ âû ìîæåòå âûïîëíÿòü ëþáóþ îïåðàöèþ, êîòîðóþ âû ìîãëè áû âûïîëíèòü íåïîñðåäñòâåííî ïåðåä êîìïüþòåðîì. Äàëüíåéøèå øàãè ïî ïðîòîêîëó óäàëåííîãî ðàáî÷åãî ñòîëà Ïðè íàñòðîéêå óäàëåííîãî ñåðâåðà èëè êîìïüþòåðà äëÿ ïðèåìà ïîäêëþ÷åíèé ê óäàëåííîìó ðàáî÷åìó ñòîëó âàæíî ïðèíÿòü ìåðû áåçîïàñíîñòè â îòíîøåíèè çàùèòû RDP. Âàø ñåðâåð îñîáåííî óÿçâèì, åñëè âû îáðàùàåòåñü ê íåìó ÷åðåç Èíòåðíåò. Âîò íåñêîëüêî ðåêîìåíäàöèé, î êîòîðûõ ñëåäóåò ïîìíèòü, åñëè âû èñïîëüçóåòå ïðîòîêîë óäàëåííîãî ðàáî÷åãî ñòîëà äëÿ óäàëåííîãî ïîäêëþ÷åíèÿ ê ñâîèì êîìïüþòåðàì: Èñïîëüçóéòå âñòðîåííûé VPN-ñåðâåð íà âàøåì êîìïüþòåðå ñ Windows äëÿ äîïîëíèòåëüíîé çàùèòû âàøåãî òðàôèêà. Ýòî îáåñïå÷èò áîëåå áåçîïàñíûé äîñòóï ê âàøåìó ñåðâåðó è ñëóæáàì Windows. Óñòàíîâèòå øèôðîâàíèå êëèåíòñêîãî ñîåäèíåíèÿ. Ïî óìîë÷àíèþ äëÿ ýòîãî ïàðàìåòðà óñòàíîâëåíî çíà÷åíèå Not configured (Íå íàñòðîåíî). Âû ìîæåòå âêëþ÷èòü åãî è óñòàíîâèòü âûñîêèé óðîâåíü øèôðîâàíèÿ äëÿ âñåõ âçàèìîäåéñòâèé ìåæäó êëèåíòàìè è ñåðâåðàìè õîñòà ñåàíñîâ óäàëåííûõ ðàáî÷èõ ñòîëîâ. Ìû íå ðåêîìåíäóåì èñïîëüçîâàòü íàñòðîéêó óðîâíÿ øèôðîâàíèÿ Client Compatible (Ñîâìåñòèìûé ñ êëèåíòîì). Åñëè îñòàâèòü íàñòðîéêó óðîâíÿ øèôðîâàíèÿ ïî óìîë÷àíèþ High (Âûñîêèé), ïðèíóäèòåëüíî áóäåò èñïîëüçîâàòüñÿ íàäåæíîå 128-áèòíîå øèôðîâàíèå äëÿ äàííûõ, îòïðàâëÿåìûõ ñ êëèåíòà íà ñåðâåð è íàîáîðîò. Âû ìîæåòå èçìåíèòü ýòó êîíôèãóðàöèþ ñ ïîìîùüþ ðåäàêòîðà ëîêàëüíîé ãðóïïîâîé ïîëèòèêè. Èñïîëüçóéòå äâóõôàêòîðíóþ àóòåíòèôèêàöèþ ñ ïîìîùüþ ñòîðîííèõ èíñòðóìåíòîâ. Ïðèìåíÿéòå ïðàâèëà ìåæñåòåâîãî ýêðàíà, ÷òîáû îãðàíè÷èòü äîñòóï îòêðûòûõ ïîðòîâ RDP ê Èíòåðíåòó, îñîáåííî åñëè âû èñïîëüçóåòå TCP-ïîðò RDP 3389, óñòàíîâëåííûé ïî óìîë÷àíèþ.  Windows åñòü âñòðîåííûé ìåæñåòåâîé ýêðàí, ê êîòîðîìó âû ìîæåòå ïîëó÷èòü äîñòóï èç ïàíåëè óïðàâëåíèÿ è äîïîëíèòåëüíî íàñòðîèòü åãî äëÿ îãðàíè÷åíèÿ òðàôèêà íà îïðåäåëåííûå ïîðòû è IP-àäðåñà Ýòè ðåêîìåíäàöèè ïî äîïîëíèòåëüíîé çàùèòå RDP ïîìîãóò âàì ñîêðàòèòü äîñòóï ê óäàëåííîìó ðàáî÷åìó ñòîëó. Âû èçáåæèòå áîëüøèíñòâà íåñàíêöèîíèðîâàííûõ ïîïûòîê âõîäà â ñèñòåìó, íå òðàòÿ ñëèøêîì ìíîãî âðåìåíè íà èçìåíåíèå êîíôèãóðàöèè ñâîèõ êîìïüþòåðîâ. Çàêëþ÷åíèå Øàãè è ïðîöåññû, ïåðå÷èñëåííûå â ýòîì ðóêîâîäñòâå, áóäóò ðàáîòàòü äëÿ áîëüøèíñòâà ïîëüçîâàòåëåé è áîëüøèíñòâà âåðñèé îïåðàöèîííûõ ñèñòåì Linux è Windows. Òåïåðü âû ñìîæåòå ïîäêëþ÷èòüñÿ ê óäàëåííîìó ñåðâåðó ñ Linux èëè Windows. Êîíå÷íî, ñóùåñòâóåò ìíîãî äðóãèõ ñïîñîáîâ óñòàíîâèòü ñîåäèíåíèå ìåæäó äâóìÿ óäàëåííûìè êîìïüþòåðàìè, íî çäåñü îïèñàíû íàèáîëåå ðàñïðîñòðàíåíûå.

Ñòðàøíî ñåêðåòíî: ÷åì çàíèìàåòñÿ ñïåöèàëèñò ïî èíôîðìàöèîííîé áåçîïàñíîñòè, ñêîëüêî çàðàáàòûâàåò è êàê èì ñòàòü Ïî äàííûì èññëåäîâàíèÿ ñàéòà «Ðàáîòà.ðó» íà ðûíêå òðóäà ñðåäè âîñòðåáîâàííûõ IT-âàêàíñèé çà 2023 ãîä ñîõðàíÿåòñÿ âûñîêèé ñïðîñ íà ñïåöèàëèñòîâ ïî èíôîðìàöèîííîé áåçîïàñíîñòè (ÈÁ). Ýòî âîñòðåáîâàííàÿ è ïåðñïåêòèâíàÿ IT-ïðîôåññèÿ, îáó÷èòüñÿ êîòîðîé ñëîæíî, íî âïîëíå ðåàëüíî. Ðàáîòà â ñôåðå ÈÁ ïðåäóñìàòðèâàåò èíòåðåñíûå çàäà÷è, ïîñòîÿííîå ðàçâèòèå â ñôåðå, âûñîêèé äîõîä è êàðüåðíûå âîçìîæíîñòè.  ýòîì ìàòåðèàëå ìû ïîäåëèìñÿ ñ âàìè, êòî òàêîé ñïåöèàëèñò ïî ÈÁ, ÷òî îí äåëàåò, êàêèå êëþ÷åâûå íàâûêè íóæíû äëÿ âõîäà â ïðîôåññèþ è êàê èì ñòàòü. Ñïåöèàëèñò ïî èíôîðìàöèîííîé áåçîïàñíîñòè îáåñïå÷èâàåò çàùèòó äàííûõ êîìïàíèè è îòäåëüíûõ ïîëüçîâàòåëåé, ïðåäîòâðàùàåò êðàæè è óòå÷êó äàííûõ, à òàêæå ðàáîòàåò íà îïåðåæåíèå: òåñòèðóåò ñèñòåìó íà âîçìîæíûå áàãè è óÿçâèìîñòè. Êàêèå áûâàþò ñïåöèàëèñòû ïî êèáåðáåçîïàñíîñòè Îáëàñòü êèáåðáåçîïàñíîñòè íàñòîëüêî äèíàìè÷íî ðàçâèâàåòñÿ: çäåñü êàæäûé ãîä ïîÿâëÿþòñÿ íîâûå ñèñòåìû, ðÿäîì ñ êîòîðûìè âîçíèêàþò õàêåðû è ïûòàþòñÿ èõ âçëîìàòü. Âûäåëèëè íåñêîëüêî îñíîâíûõ íàïðàâëåíèé â ðàáîòå, êîòîðûå ïîìîãóò ñîðèåíòèðîâàòüñÿ ñðåäè íàèáîëåå âîñòðåáîâàííûõ ïðîôåññèé â îáëàñòè êèáåðáåçîïàñíîñòè. Àíàëèòèê IT-áåçîïàñíîñòè Ðàáîòà òàêîãî ñïåöèàëèñòà – ýòî, ïî ñóòè, ïîñòîÿííûé àíàëèç íåîáðàáîòàííûõ äàííûõ èç ðàçëè÷íûõ èñòî÷íèêîâ âîçìîæíûõ óãðîç ÈÁ. Îí èçó÷àåò ñèñòåìíûå äàííûå è ñåòåâîé òðàôèê, ÷òîáû íàéòè è óñòðàíèòü áðåøè â ñèñòåìå áåçîïàñíîñòè è ïðåäîòâðàòèòü áóäóùèå âîçìîæíûå êèáåðàòàêè. Èíæåíåð èëè àðõèòåêòîð ÈÁ Îòâå÷àåò çà ðàçðàáîòêó è âíåäðåíèå ñèñòåì îáåñïå÷åíèÿ èíôîðìàöèîííîé áåçîïàñíîñòè â êîìïàíèè. Àðõèòåêòîð íàëàæèâàåò ñèñòåìû àíòèâèðóñíîé çàùèòû, çàùèòû îò âçëîìà è ïðîãðàììû îáíàðóæåíèÿ âòîðæåíèé è ò.ä. Êîíñóëüòàíò ïî áåçîïàñíîñòè Òàêîé ñïåöèàëèñò-óíèâåðñàë îöåíèâàåò óãðîçû è ðèñêè, à òàêæå ïðåäîñòàâëÿåò âîçìîæíûå ðåøåíèÿ ïðîáëåì. Áîëåå òîãî, êîíñóëüòàíò ìîæåò îáó÷àòü ñîòðóäíèêîâ è ïåðåäàâàòü ñâîé îïûò. Ýòè÷íûé õàêåð (ïåíòåñòåð) Ýòî ëåãàëüíûé õàêåð, êîòîðûé ñ ðàçðåøåíèÿ çàêàç÷èêà âçëàìûâàåò èíôîðìàöèîííûå ñèñòåìû êîìïàíèè. Òàêàÿ ïðàêòèêà ïîìîãàåò íàéòè ëàçåéêè â ñèñòåìå äî òîãî, êàê ýòî ñäåëàëè çëîóìûøëåííèêè, è ïîäñâå÷èâàåò ñëàáûå ìåñòà çàùèòû. Êîìïüþòåðíûé êðèìèíàëèñò Èëè Øåðëîê Õîëìñ â îáëàñòè êèáåðïðåñòóïëåíèé. Ðàññëåäóåò ïðè÷èíû êèáåðàòàêè: êîãäà îíà áûëà ñîâåðøåíà, ïðè êàêèõ îáñòîÿòåëüñòâàõ è êàêèå äàííûå ïîñòðàäàëè. Ïðè íåîáõîäèìîñòè îí ìîæåò ðàáîòàòü â ñâÿçêå ñ ñîòðóäíèêàìè ïðàâîîõðàíèòåëüíûõ îðãàíîâ. Àäìèíèñòðàòîð ñèñòåì áåçîïàñíîñòè  îáÿçàííîñòè àäìèíèñòðàòîðà ñèñòåì áåçîïàñíîñòè âõîäèò òåõíè÷åñêàÿ ñòîðîíà îáåñïå÷åíèÿ ÈÁ. Íàïðèìåð, óñòàíîâêà, îáñëóæèâàíèå è íàñòðîéêà êîìïüþòåðîâ è ñåòåâîãî îáîðóäîâàíèÿ. Îõîòíèê çà ïðèâèäåíèÿìè îøèáêàìè (áàãõàíòåð) Äëÿ áàãõàíòåðà âàæíî áûñòðî âûÿâëÿòü îøèáêè è óÿçâèìîñòè â ïðîãðàììíîì îáåñïå÷åíèè. Ýòî ìîãóò áûòü íåçàâèñèìûå èññëåäîâàòåëè, êîòîðûå îáíàðóæèâàþò íåäî÷åòû â ðàáîòå ñèñòåì è ïîëó÷àþò çà ýòî âîçíàãðàæäåíèå. Äèðåêòîð ïî èíôîðìàöèîííîé áåçîïàñíîñòè (Chief Information Security Officer, CISO) Ñïåöèàëèñò êîîðäèíèðóåò âñþ ðàáîòó êîìïàíèè â ñôåðå êèáåðáåçîïàñíîñòè è íåñåò ëè÷íóþ îòâåòñòâåííîñòü ïðè âîçíèêíîâåíèè èíöèäåíòîâ. CISO ðàáîòàåò â òåñíîì ñîòðóäíè÷åñòâå ñ ðóêîâîäèòåëÿìè äðóãèõ íàïðàâëåíèé, ÷òîáû îõâàòèòü âñå òðåáîâàíèÿ ê âîïðîñàì èíôîðìàöèîííîé áåçîïàñíîñòè â êîìïàíèè. ×òîáû ñòàòü äèðåêòîðîì ïî ÈÁ, ñïåöèàëèñòó íåîáõîäèìî ïîëó÷èòü ñïåöèàëüíóþ ñåðòèôèêàöèþ. Îíà ïîêàçûâàåò, ÷òî îí äîñòèã îïðåäåëåííîãî óðîâíÿ êîìïåòåíòíîñòè. Îò íàñ õî÷åòñÿ äîáàâèòü íåáîëüøîé äèñêëåéìåð, ÷òî ýòî äàëåêî íå âåñü ñïèñîê ñóùåñòâóþùèõ âàêàíñèé â îáëàñòè êèáåðáåçîïàñíîñòè. Âîçìîæíî, ïîêà ìû ïèñàëè ýòó ñòàòüþ íà ðûíêå òðóäà âîçíèêëî åùå îäíî íàïðàâëåíèå Êàêèå çíàíèÿ è íàâûêè íóæíû äëÿ ñïåöèàëèñòà ïî èíôîðìàöèîííîé áåçîïàñíîñòè Êàê è â ëþáîé ïðîôåññèè, âñå íàâûêè ìîæíî óñëîâíî ðàçäåëèòü íà õàðä- è ñîôò. Ê ïåðâîé ãðóïïå íàâûêîâ îòíîñÿòñÿ: Âûñîêèé óðîâåíü ïðîãðàììèðîâàíèÿ. Òàêæå äëÿ ñïåöèàëèñòà â îáëàñòè ÈÁ âàæíî ïîíèìàíèå ïðèíöèïîâ áåçîïàñíîãî ïðîãðàììèðîâàíèÿ. Òðåíä ñòàë ïîïóëÿðíûì èç-çà óæåñòî÷åíèÿ òðåáîâàíèé â ñôåðå êèáåðáåçîïàñíîñòè è ìåíÿþùåãîñÿ çàêîíîäàòåëüñòâà. Óìåíèå ðàáîòàòü ñ áîëüøèìè ìàññèâàìè äàííûõ, ïîíèìàíèå ñïîñîáîâ çàùèòû èõ îò àòàê. Ðàáîòà ñ êîäîì, óìåíèå ïèñàòü íà îäíîì èëè íåñêîëüêèõ ÿçûêàõ. Íàïðèìåð, ýòî ìîãóò áûòü ÿçûêè ïðîãðàììèðîâàíèÿ Python, PHP èëè JavaScript. Áàçîâûå çíàíèÿ ðàáîòû îïåðàöèîííûõ ñèñòåì Windows è Linux. Îïûò ðàáîòû ñ ðàçíûìè âèäàìè àòàê. Óìåíèå íàõîäèòü ñêðûòûå èñòî÷íèêè êèáåðàòàê è çíàíèå âîçìîæíûõ ïóòåé çàùèòû îò íèõ. Ïîíèìàíèå ïðîôèëüíîãî çàêîíîäàòåëüñòâà â ñôåðå ÈÁ. Çàêîíîäàòåëüñòâî áûñòðî ìåíÿåòñÿ, ïîýòîìó ñïåöèàëèñòó âàæíî óìåòü îðèåíòèðîâàòüñÿ è îòñëåæèâàòü íîâîââåäåíèÿ. Âëàäåíèå àíãëèéñêèì ÿçûêîì. Çíàíèå ÿçûêà ìîæåò áûòü ïîëåçíûì íàâûêîì, ÷òîáû èçó÷àòü ïðîôèëüíóþ ëèòåðàòóðó è ñòàòüè, ïðîõîäèòü îáó÷åíèå èëè íàéòè âàêàíñèþ â äðóãîé ñòðàíå, ãäå îñíîâíûì ÿçûêîì îáùåíèÿ ñòàíåò àíãëèéñêèé. Ñïåöèàëèñò ïî ÈÁ äîëæåí îáëàäàòü òàêèìè ñîôò-ñêèëëàìè, êàê: Êîììóíèêàòèâíûå íàâûêè è íàâûêè ðàáîòû â êîìàíäå. Âàæíî óìåòü íàõîäèòü îáùèé ÿçûê ñ êîìàíäîé, äåëèòüñÿ çíàíèÿìè è îïûòîì, íå áîÿòüñÿ îáðàòèòüñÿ çà ïîìîùüþ. Àíàëèòè÷åñêîå ìûøëåíèå. Ñïîñîáíîñòü äóìàòü íà íåñêîëüêî øàãîâ âïåðåä êàê â øàõìàòíîé èãðå. Âåäü îñíîâíàÿ çàäà÷à ñïåöèàëèñòà ïî êèáåðáåçîïàñíîñòè ïðåäîòâðàòèòü áóäóùèå àòàêè. Êîìïëåêñíûé ïîäõîä ê óñòðàíåíèþ ïðîáëåì è íàâûêè ïðèíÿòèÿ ðåøåíèé. Íóæíî íå áîÿòüñÿ ïðèíèìàòü ðåøåíèÿ è íåñòè çà íèõ îòâåòñòâåííîñòü. Íàâûêè òàéì-ìåíåäæìåíòà. Çà÷àñòóþ ðàáîòà ïðåäïîëàãàåò ðåæèì ìíîãîçàäà÷íîñòè è îïåðàòèâíîå ïðèíÿòèå ðåøåíèé, ïîýòîìó ñïåöèàëèñòó âàæíî óìåòü ðàñïðåäåëÿòü ñâîè âðåìåííûå ðåñóðñû è âûñòðàèâàòü çàäà÷è ïî ìåðå ïðèîðèòåòà. Ñïîñîáíîñòü îïåðàòèâíî ïåðåêëþ÷àòüñÿ ìåæäó âñïëûâàþùèìè çàäà÷àìè. Õîðîøî ðàçâèòîå êðèòè÷åñêîå ìûøëåíèå. Ñêîëüêî çàðàáàòûâàåò IT-ñïåöèàëèñò â ñôåðå èíôîðìàöèîííîé áåçîïàñíîñòè â 2023 ãîäó Ñïðîñ íà ñïåöèàëèñòîâ â ñôåðå èíôîðìàöèîííîé áåçîïàñíîñòè ïîñòîÿííî ðàñòåò. Ñîãëàñíî àíàëèçó êàðüåðíîãî ïîðòàëà HeadHunter, íà êîíåö 2023 ãîäà íà ñàéòå îïóáëèêîâàíî ïî÷òè 8 òûñ. âàêàíñèé. Êàê è â ëþáîé ñïåöèàëüíîñòè, äîõîä ñîèñêàòåëÿ íàïðÿìóþ çàâèñèò îò åãî îïûòà è ñêèëëîâ. Òàêæå íà óðîâåíü îïëàòû âëèÿåò ðåãèîí è ñòðàíà ïîèñêà âàêàíñèè. Íîâè÷îê â ñôåðå ÈÁ ìîæåò ðàññ÷èòûâàòü íà âîçíàãðàæäåíèå îò 50 äî 90 òûñ. ðóáëåé. Çàðïëàòà ñïåöèàëèñòà ñ îïûòîì îò 1 ãîäà äî 3 ëåò íà÷èíàåòñÿ îò 100 òûñ. ðóáëåé. Ñîòðóäíèê ñî ñòàæåì îò 5 ëåò ìîæåò ðàññ÷èòûâàòü íà 250-350 òûñ. ðóáëåé â ìåñÿö. Ïëþñû è ìèíóñû ðàáîòû â ñôåðå ÈÁ Ïëþñû: Âîñòðåáîâàííîñòü ñïåöèàëèñòîâ íà ðûíêå òðóäà. Îáëàñòü íàñòîëüêî áûñòðî ìåíÿåòñÿ, ÷òî ãàðàíòèðóåò àêòóàëüíîñòü ïðîôåññèè. Íåïðåðûâíîå ðàçâèòèå â ñôåðå èíôîðìàöèîííîé áåçîïàñíîñòè. Ïîñòîÿííàÿ àêòóàëèçàöèÿ çíàíèé: ñïåöèàëèñò äîëæåí ñëåäèòü çà ïîñëåäíèìè òðåíäàìè â îáëàñòè èíôîðìàöèîííîé áåçîïàñíîñòè, îáíîâëÿòü ñâîè íàâûêè è çíàíèÿ. Óðîâåíü äîõîäà Ìèíóñû: Âûñîêèé óðîâåíü îòâåòñòâåííîñòè. Ðàáîòà â óñëîâèè ñòðåññîâûõ ñèòóàöèé òðåáóåò îò ñïåöèàëèñòà ìîìåíòàëüíûõ ðåøåíèé ïî âûõîäó èç êðèòè÷åñêîãî ïîëîæåíèÿ. Êàê ñòàòü ñïåöèàëèñòîì ïî èíôîðìàöèîííîé áåçîïàñíîñòè Ïóòü ê ñòàíîâëåíèþ ñïåöèàëèñòîì â îáëàñòè èíôîðìàöèîííîé áåçîïàñíîñòè òðåáóåò òåðïåíèÿ, ïîñòîÿííîãî îáó÷åíèÿ è ïðèìåíåíèÿ ïîëó÷åííûõ çíàíèé íà ïðàêòèêå. Ìîæåì ïðåäëîæèòü ðàçëè÷íûå ïóòè âõîäà â ïðîôåññèþ: Ïîëó÷èòü ïðîôèëüíîå âûñøåå îáðàçîâàíèå. Ýòî ìîæåò áûòü ñòåïåíü áàêàëàâðà èëè ìàãèñòðà â îáëàñòè èíôîðìàöèîííîé áåçîïàñíîñòè, êîìïüþòåðíûõ íàóê, èíôîðìàöèîííûõ òåõíîëîãèé èëè ñìåæíîé îáëàñòè. Îäíàêî ñåé÷àñ íà ðûíêå îáðàçîâàíèÿ ïðåäñòàâëåíî ìíîæåñòâî îíëàéí-êóðñîâ, êîòîðûå ïîìîãàþò îñâîèòü ïðîôåññèþ ñ íóëÿ. Ìîæíî ó÷èòüñÿ ñàìîñòîÿòåëüíî, íî ýòî äîëãî è òðåáóåò áîëüøåé ìîòèâàöèè. Áûñòðûé ñòàðò â IT – ïðîéòè ïðîôèëüíûé îíëàéí-êóðñ. Ê ïðèìåðó, íàø îíëàéí-êóðñ ïî êèáåðáåçîïàñíîñòè. Íà íåì âû íàó÷èòåñü ïîëüçîâàòüñÿ ‘õàêåðñêîé’ ÎÑ Kali Linux è äàæå ðàçâîðà÷èâàòü ñîáñòâåííóþ ïåñî÷íèöó äëÿ àíàëèçà âðåäîíîñíîãî êîäà! Îáðàòèòå âíèìàíèå, êóðñ òðåáóåò ìíîãî äèñöèïëèíû è ñàìîîðãàíèçàöèè. Ìû íå äàäèì âàì ñêó÷àòü è óâåðåíû, ÷òî âû ñïðàâèòåñü! Ïîñòîÿííîå îáó÷åíèå è ñàìîîáðàçîâàíèå: ñôåðà èíôîðìàöèîííîé áåçîïàñíîñòè ïîñòîÿííî ðàçâèâàåòñÿ, ïîýòîìó âàæíî ïðîäîëæàòü îáó÷åíèå. Íàïðèìåð, ìîæíî ó÷àñòâîâàòü â òðåíèíãàõ, ñåìèíàðàõ, êîíôåðåíöèÿõ è ÷òåíèè ëèòåðàòóðû. Ïðàêòèêà è îêðóæåíèå — ëó÷øèå ó÷èòåëÿ. Óñïåõîâ!