{"id":4806,"date":"2026-02-08T19:39:04","date_gmt":"2026-02-08T16:39:04","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/zero-trust-ile-hosting-ve-sunucu-erisimini-guvenceye-almak\/"},"modified":"2026-02-08T19:39:04","modified_gmt":"2026-02-08T16:39:04","slug":"zero-trust-ile-hosting-ve-sunucu-erisimini-guvenceye-almak","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/zero-trust-ile-hosting-ve-sunucu-erisimini-guvenceye-almak\/","title":{"rendered":"Zero Trust ile Hosting ve Sunucu Eri\u015fimini G\u00fcvenceye Almak"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Zero_Trust_Yaklasimiyla_Hosting_ve_Sunucu_Erisimine_Bakis\"><span class=\"toc_number toc_depth_1\">1<\/span> Zero Trust Yakla\u015f\u0131m\u0131yla Hosting ve Sunucu Eri\u015fimine Bak\u0131\u015f<\/a><\/li><li><a href=\"#Klasik_VPN_Yaklasiminin_Sinirlari_ve_Zero_Trustin_Temelleri\"><span class=\"toc_number toc_depth_1\">2<\/span> Klasik VPN Yakla\u015f\u0131m\u0131n\u0131n S\u0131n\u0131rlar\u0131 ve Zero Trust\u2019\u0131n Temelleri<\/a><\/li><li><a href=\"#Hosting_ve_Sunucu_Erisiminde_Sik_Gorulen_Riskler\"><span class=\"toc_number toc_depth_1\">3<\/span> Hosting ve Sunucu Eri\u015fiminde S\u0131k G\u00f6r\u00fclen Riskler<\/a><\/li><li><a href=\"#Zero_Trust_Mimarinin_Temel_Bilesenleri\"><span class=\"toc_number toc_depth_1\">4<\/span> Zero Trust Mimarinin Temel Bile\u015fenleri<\/a><\/li><li><a href=\"#VPNi_Zero_Trust_Mantigiyla_Yeniden_Tasarlamak\"><span class=\"toc_number toc_depth_1\">5<\/span> VPN\u2019i Zero Trust Mant\u0131\u011f\u0131yla Yeniden Tasarlamak<\/a><ul><li><a href=\"#Kullanici_ve_Cihaz_Bazli_VPN_Erisimi\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Kullan\u0131c\u0131 ve Cihaz Bazl\u0131 VPN Eri\u015fimi<\/a><\/li><li><a href=\"#Split_Tunnel_mi_Full_Tunnel_mi\"><span class=\"toc_number toc_depth_2\">5.2<\/span> Split Tunnel mi, Full Tunnel m\u0131?<\/a><\/li><li><a href=\"#Protokol_Secimi_IPsec_OpenVPN_WireGuard\"><span class=\"toc_number toc_depth_2\">5.3<\/span> Protokol Se\u00e7imi: IPsec, OpenVPN, WireGuard<\/a><\/li><\/ul><\/li><li><a href=\"#Bastion_Host_ile_SSH_ve_RDP_Erisimini_Merkezilestirmek\"><span class=\"toc_number toc_depth_1\">6<\/span> Bastion Host ile SSH ve RDP Eri\u015fimini Merkezile\u015ftirmek<\/a><ul><li><a href=\"#Neden_Bastion_Host_Kullanmalisiniz\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Neden Bastion Host Kullanmal\u0131s\u0131n\u0131z?<\/a><\/li><li><a href=\"#Guvenli_Bastion_Host_Tasarimi\"><span class=\"toc_number toc_depth_2\">6.2<\/span> G\u00fcvenli Bastion Host Tasar\u0131m\u0131<\/a><\/li><li><a href=\"#Ornek_SSH_Akisi\"><span class=\"toc_number toc_depth_2\">6.3<\/span> \u00d6rnek SSH Ak\u0131\u015f\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#SSO_ile_Panel_ve_Uygulamalara_Kimlik_Odakli_Erisim\"><span class=\"toc_number toc_depth_1\">7<\/span> SSO ile Panel ve Uygulamalara Kimlik Odakl\u0131 Eri\u015fim<\/a><ul><li><a href=\"#SAML_OpenID_Connect_ile_Entegrasyon\"><span class=\"toc_number toc_depth_2\">7.1<\/span> SAML \/ OpenID Connect ile Entegrasyon<\/a><\/li><li><a href=\"#WordPress_cPanel_ve_Ozel_Uygulamalarda_SSO\"><span class=\"toc_number toc_depth_2\">7.2<\/span> WordPress, cPanel ve \u00d6zel Uygulamalarda SSO<\/a><\/li><\/ul><\/li><li><a href=\"#Farkli_Olcekler_Icin_Zero_Trust_Mimarisi_Ornekleri\"><span class=\"toc_number toc_depth_1\">8<\/span> Farkl\u0131 \u00d6l\u00e7ekler \u0130\u00e7in Zero Trust Mimarisi \u00d6rnekleri<\/a><ul><li><a href=\"#1_Kucuk_Ekip_Tek_VPS_Senaryosu\"><span class=\"toc_number toc_depth_2\">8.1<\/span> 1) K\u00fc\u00e7\u00fck Ekip + Tek VPS Senaryosu<\/a><\/li><li><a href=\"#2_Ajans_Onlarca_Musteri_Sitesi_Senaryosu\"><span class=\"toc_number toc_depth_2\">8.2<\/span> 2) Ajans + Onlarca M\u00fc\u015fteri Sitesi Senaryosu<\/a><\/li><li><a href=\"#3_Kurumsal_Staging_Production_Ayrimi_Olan_Senaryo\"><span class=\"toc_number toc_depth_2\">8.3<\/span> 3) Kurumsal + Staging \/ Production Ayr\u0131m\u0131 Olan Senaryo<\/a><\/li><\/ul><\/li><li><a href=\"#Port_Acmadan_Yayin_ve_Zero_Trust_Kenar_Cozumleri\"><span class=\"toc_number toc_depth_1\">9<\/span> Port A\u00e7madan Yay\u0131n ve Zero Trust Kenar \u00c7\u00f6z\u00fcmleri<\/a><\/li><li><a href=\"#DCHost_Uzerinde_Zero_Trusta_Yaklasmak_Icin_Uygulanabilir_Adimlar\"><span class=\"toc_number toc_depth_1\">10<\/span> DCHost \u00dczerinde Zero Trust\u2019a Yakla\u015fmak \u0130\u00e7in Uygulanabilir Ad\u0131mlar<\/a><\/li><li><a href=\"#Ozet_ve_Yol_Haritasi\"><span class=\"toc_number toc_depth_1\">11<\/span> \u00d6zet ve Yol Haritas\u0131<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Zero_Trust_Yaklasimiyla_Hosting_ve_Sunucu_Erisimine_Bakis\">Zero Trust Yakla\u015f\u0131m\u0131yla Hosting ve Sunucu Eri\u015fimine Bak\u0131\u015f<\/span><\/h2>\n<p>Art\u0131k yaln\u0131zca a\u011f\u0131n \u00e7evresine g\u00fc\u00e7l\u00fc bir g\u00fcvenlik duvar\u0131 koyup i\u00e7erideki her \u015feye g\u00fcvenmek yeterli de\u011fil. Geli\u015ftiriciler, ajanslar, DevOps ekipleri ve kurumsal IT birimleri ayn\u0131 sunuculara; ofisten, evden, kafeden, VPN \u00fczerinden, mobil cihazlarla eri\u015fiyor. Bu kadar da\u011f\u0131n\u0131k bir eri\u015fim modelinde <strong>\u201cIP\u2019si tan\u0131d\u0131k olan\u0131 g\u00fcvenilir sayma\u201d<\/strong> d\u00f6nemi kapand\u0131. \u0130\u015fte Zero Trust tam bu noktada devreye giriyor.<\/p>\n<p>Zero Trust, \u00f6zetle \u015fu fikre dayan\u0131r: <strong>Hi\u00e7 kimseye ve hi\u00e7bir cihaza, varsay\u0131lan olarak g\u00fcvenme<\/strong>. Her istekte kimlik, cihaz durumu ve ba\u011flam\u0131 tekrar tekrar do\u011frula, en az yetkiyle eri\u015fim ver, t\u00fcm hareketleri kayda al. Bu yakla\u015f\u0131m\u0131 hosting ve sunucu eri\u015fimine uygulad\u0131\u011f\u0131n\u0131zda; cPanel, <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a>, dedicated veya colocation fark etmeksizin, y\u00f6netim y\u00fczeyinizi ciddi \u015fekilde daralt\u0131rs\u0131n\u0131z.<\/p>\n<p>Bu yaz\u0131da DCHost ekibi olarak; \u00f6zellikle <strong>VPN, bastion host (jump host) ve SSO<\/strong> bile\u015fenlerini kullanarak, Zero Trust mant\u0131\u011f\u0131n\u0131 pratikte nas\u0131l kurabilece\u011finizi anlataca\u011f\u0131z. Ama\u00e7, teoride kalmak de\u011fil; k\u00fc\u00e7\u00fck bir ekipten onlarca m\u00fc\u015fterili ajanslara ve kurumsal yap\u0131lara kadar uygulanabilir mimariler \u00f6nermek. Yaz\u0131y\u0131 bitirdi\u011finizde, mevcut hosting altyap\u0131n\u0131z\u0131 hangi ad\u0131mlarla Zero Trust y\u00f6n\u00fcne evirebilece\u011finizi net bir yol haritas\u0131 halinde g\u00f6rebiliyor olman\u0131z hedefimiz.<\/p>\n<h2><span id=\"Klasik_VPN_Yaklasiminin_Sinirlari_ve_Zero_Trustin_Temelleri\">Klasik VPN Yakla\u015f\u0131m\u0131n\u0131n S\u0131n\u0131rlar\u0131 ve Zero Trust\u2019\u0131n Temelleri<\/span><\/h2>\n<p>Bug\u00fcn bir\u00e7ok i\u015fletme i\u00e7in g\u00fcvenli eri\u015fim e\u015fittir VPN. Ofis d\u0131\u015f\u0131ndan ba\u011flanmak i\u00e7in tek \u015fart, VPN kullan\u0131c\u0131 ad\u0131\/parolas\u0131 ve belki basit bir 2FA. VPN\u2019e giren kullan\u0131c\u0131, \u00e7o\u011fu zaman t\u00fcm i\u00e7 a\u011fa yay\u0131lm\u0131\u015f durumda: t\u00fcm sunuculara SSH, t\u00fcm panellere HTTP(S) eri\u015fim, ortak veritaban\u0131 IP\u2019leri vb.<\/p>\n<p>Bu modelin ba\u015fl\u0131ca sorunlar\u0131:<\/p>\n<ul>\n<li><strong>A\u011f temelli g\u00fcven:<\/strong> Kim oldu\u011fundan ba\u011f\u0131ms\u0131z, VPN\u2019deysen \u201ci\u00e7eridesin\u201d.<\/li>\n<li><strong>Geni\u015f yetki alan\u0131:<\/strong> Tek VPN hesab\u0131yla birden \u00e7ok \u00fcretim sunucusuna ula\u015f\u0131labiliyor.<\/li>\n<li><strong>\u0130nce taneli politika yoklu\u011fu:<\/strong> Kullan\u0131c\u0131 bazl\u0131, uygulama bazl\u0131, zaman\/kaynak bazl\u0131 k\u0131s\u0131tlar nadiren uygulan\u0131yor.<\/li>\n<li><strong>G\u00f6zlemlenebilirlik zay\u0131fl\u0131\u011f\u0131:<\/strong> Hangi kullan\u0131c\u0131n\u0131n hangi sunucuya, ne zaman, ne yapt\u0131\u011f\u0131n\u0131 net \u00e7\u0131karamamak.<\/li>\n<\/ul>\n<p><strong>Zero Trust<\/strong> ise \u015fu prensipler \u00fczerine kurulu:<\/p>\n<ul>\n<li><strong>Kimlik odakl\u0131 eri\u015fim:<\/strong> IP veya a\u011f segmenti de\u011fil; kullan\u0131c\u0131, grup, rol ve cihaz durumu belirleyici olur.<\/li>\n<li><strong>En az yetki:<\/strong> Her kullan\u0131c\u0131 sadece ihtiyac\u0131 olan sunucuya, sadece gerekli port\/protokolle ula\u015f\u0131r.<\/li>\n<li><strong>S\u00fcrekli do\u011frulama:<\/strong> Bir kez giri\u015f yeterli de\u011fildir; oturum s\u00fcresi, cihaz sa\u011fl\u0131\u011f\u0131, lokasyon de\u011fi\u015fimi gibi sinyaller izlenir.<\/li>\n<li><strong>Mikro segmentasyon:<\/strong> Tek b\u00fcy\u00fck \u201ci\u00e7 a\u011f\u201d yerine, mant\u0131ksal olarak ayr\u0131lm\u0131\u015f k\u00fc\u00e7\u00fck a\u011f dilimleri tasarlan\u0131r.<\/li>\n<li><strong>Merkezi loglama ve denetim:<\/strong> Her eri\u015fim iste\u011fi; kim, hangi kayna\u011fa, hangi politikayla eri\u015fti \u015feklinde kaydedilir.<\/li>\n<\/ul>\n<p>Hosting taraf\u0131na uyarlad\u0131\u011f\u0131m\u0131zda; Zero Trust, \u201cher yerden 22 ve 443 a\u00e7al\u0131m, VPN\u2019le toparlar\u0131z\u201d yakla\u015f\u0131m\u0131n\u0131n yerine, <strong>VPN + bastion host + SSO<\/strong> \u00fc\u00e7l\u00fcs\u00fcn\u00fc mant\u0131kl\u0131 bir mimari i\u00e7inde konumland\u0131rmay\u0131 gerektirir.<\/p>\n<h2><span id=\"Hosting_ve_Sunucu_Erisiminde_Sik_Gorulen_Riskler\">Hosting ve Sunucu Eri\u015fiminde S\u0131k G\u00f6r\u00fclen Riskler<\/span><\/h2>\n<p>DCHost taraf\u0131nda m\u00fc\u015fterilerle yapt\u0131\u011f\u0131m\u0131z g\u00fcvenlik g\u00f6zden ge\u00e7irmelerinde en s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz sorunlar \u015f\u00f6yle:<\/p>\n<ul>\n<li><strong>Payla\u015f\u0131lan hesaplar:<\/strong> Tek root veya tek cPanel hesab\u0131, t\u00fcm ekiple ortak kullan\u0131l\u0131yor; kimin ne yapt\u0131\u011f\u0131n\u0131 takip etmek imk\u00e2ns\u0131z.<\/li>\n<li><strong>Herkese a\u00e7\u0131k SSH\/RDP portlar\u0131:<\/strong> T\u00fcm d\u00fcnyaya a\u00e7\u0131k 22 veya 3389 portlar\u0131; brute force ve bot trafi\u011finin ana hedefi.<\/li>\n<li><strong>Zay\u0131f parola ve 2FA eksikli\u011fi:<\/strong> Y\u00f6netim panellerinde karma\u015f\u0131k ama tekrar kullan\u0131lan parolalar ve \u00e7o\u011fu zaman 2FA yok.<\/li>\n<li><strong>Da\u011f\u0131n\u0131k IP eri\u015fim listeleri:<\/strong> \u201cBu IP de eklensin, \u015fu ofis de girsin\u201d derken kontrol d\u0131\u015f\u0131 b\u00fcy\u00fcyen allow-list\u2019ler.<\/li>\n<li><strong>SSH anahtar y\u00f6netimi eksikli\u011fi:<\/strong> Kimde hangi key var, ne zaman eklenmi\u015f, ne zaman kald\u0131r\u0131lmal\u0131 belli de\u011fil.<\/li>\n<\/ul>\n<p>\u00d6zellikle <a href=\"https:\/\/www.dchost.com\/blog\/ssh-anahtar-yonetimi-ve-yetki-paylasimi-kucuk-ekipler-icin-guvenli-vps-erisimi\/\">SSH anahtar y\u00f6netimi ve yetki payla\u015f\u0131m\u0131 rehberimizde<\/a> detayland\u0131rd\u0131\u011f\u0131m\u0131z gibi, anahtarlar\u0131n rastgele kopyalanmas\u0131, eski \u00e7al\u0131\u015fanlara ait eri\u015fimlerin kald\u0131r\u0131lmamas\u0131 gibi pratikler Zero Trust d\u00fc\u015f\u00fcncesiyle taban tabana z\u0131t.<\/p>\n<p>Benzer \u015fekilde, <a href=\"https:\/\/www.dchost.com\/blog\/vps-guvenlik-sertlestirme-kontrol-listesi-sshd_config-fail2ban-ve-root-erisimini-kapatmak\/\">VPS g\u00fcvenlik sertle\u015ftirme kontrol listesi<\/a> yaz\u0131m\u0131zda anlatt\u0131\u011f\u0131m\u0131z temel \u00f6nlemleri almadan, do\u011frudan internete a\u00e7\u0131k bir SSH portu b\u0131rakmak bug\u00fcn i\u00e7in gereksiz risk anlam\u0131na geliyor. Zero Trust, bu riskleri minimize etmek i\u00e7in eri\u015fimi katmanlara b\u00f6lerek y\u00f6netmeyi \u00f6neriyor.<\/p>\n<h2><span id=\"Zero_Trust_Mimarinin_Temel_Bilesenleri\">Zero Trust Mimarinin Temel Bile\u015fenleri<\/span><\/h2>\n<p>Hosting ve sunucu eri\u015fimi ba\u011flam\u0131nda pratik bir Zero Trust mimarisi kurmak istiyorsak, teoriyi birka\u00e7 somut bile\u015fene indirgemek gerekiyor:<\/p>\n<ul>\n<li><strong>Kimlik sa\u011flay\u0131c\u0131 (IdP):<\/strong> Kullan\u0131c\u0131lar\u0131n kimli\u011fini y\u00f6netti\u011finiz yer. Kurumsal dizin, bulut tabanl\u0131 kimlik servisi veya kendi OAuth2\/SAML sunucunuz olabilir.<\/li>\n<li><strong>SSO katman\u0131:<\/strong> Panel, dashboard, admin aray\u00fczleri ve baz\u0131 SSH\/RDP ak\u0131\u015flar\u0131n\u0131 tek oturum a\u00e7ma ile ba\u011flayan katman.<\/li>\n<li><strong>VPN ge\u00e7idi:<\/strong> Uygulama veya sunucu a\u011f\u0131na eri\u015fimin a\u011f taraf\u0131ndaki giri\u015f noktas\u0131. Zero Trust\u2019ta genellikle kullan\u0131c\u0131\/cihaz bazl\u0131 politikalarla entegre \u00e7al\u0131\u015f\u0131r.<\/li>\n<li><strong>Bastion host (jump host):<\/strong> SSH\/RDP gibi y\u00f6netim protokollerinin tek ge\u00e7ti\u011fi, s\u0131k\u0131 \u015fekilde izole ve loglanan u\u00e7 nokta.<\/li>\n<li><strong>Politika motoru:<\/strong> \u201cHangi kullan\u0131c\u0131, hangi grupta, hangi cihazdan, hangi sunucuya, hangi ko\u015fullarda eri\u015febilir\u201d kurallar\u0131n\u0131 y\u00f6neten beyin.<\/li>\n<li><strong>Merkezi loglama ve izleme:<\/strong> Her oturumun ve politikan\u0131n kaydedildi\u011fi, alarmlar\u0131n \u00fcretildi\u011fi g\u00f6z izleme katman\u0131.<\/li>\n<\/ul>\n<p>Daha \u00f6nce payla\u015ft\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/ajanslar-icin-hosting-paneli-erisim-yonetimi-uygulanabilir-rehber\/\">ajanslar i\u00e7in hosting paneli eri\u015fim y\u00f6netimi rehberi<\/a> de asl\u0131nda Zero Trust\u2019\u0131n kimlik ve yetkilendirme taraf\u0131n\u0131 ajans \u00f6l\u00e7e\u011finde somutla\u015ft\u0131r\u0131yor. Bu yaz\u0131da ise VPN ve bastion baca\u011f\u0131n\u0131 da bu resme ekleyece\u011fiz.<\/p>\n<h2><span id=\"VPNi_Zero_Trust_Mantigiyla_Yeniden_Tasarlamak\">VPN\u2019i Zero Trust Mant\u0131\u011f\u0131yla Yeniden Tasarlamak<\/span><\/h2>\n<p>Zero Trust, VPN\u2019i tamamen \u00e7\u00f6pe atmay\u0131 de\u011fil, <strong>VPN\u2019i daralt\u0131lm\u0131\u015f ve kimlik odakl\u0131<\/strong> bir eri\u015fim katman\u0131 olarak yeniden tasarlamay\u0131 \u00f6nerir.<\/p>\n<h3><span id=\"Kullanici_ve_Cihaz_Bazli_VPN_Erisimi\">Kullan\u0131c\u0131 ve Cihaz Bazl\u0131 VPN Eri\u015fimi<\/span><\/h3>\n<p>Basit kullan\u0131c\u0131 ad\u0131\/parola ile herkese ayn\u0131 a\u011f eri\u015fimini a\u00e7mak yerine, \u015fu mant\u0131\u011f\u0131 benimseyebilirsiniz:<\/p>\n<ul>\n<li>VPN kullan\u0131c\u0131lar\u0131 rol bazl\u0131 gruplara ayr\u0131l\u0131r (Dev, Ops, Destek, Ajans vb.).<\/li>\n<li>Her grup sadece kendi ihtiya\u00e7 duydu\u011fu VLAN veya sunucu IP havuzunu g\u00f6rebilir.<\/li>\n<li>M\u00fcmk\u00fcnse VPN istemcisi cihaz sertifikas\u0131 veya cihaz sa\u011fl\u0131\u011f\u0131 (antivir\u00fcs, disk \u015fifreleme, i\u015fletim sistemi versiyonu) gibi sinyalleri de do\u011frular.<\/li>\n<li>VPN oturum s\u00fcreleri k\u0131sad\u0131r; yeniden kimlik do\u011frulama zorlan\u0131r.<\/li>\n<\/ul>\n<p>Bu sayede bir geli\u015ftirici test ortamlar\u0131na, operasyon ekibi ise \u00fcretim sunucular\u0131na eri\u015febilir; ama tek bir VPN hesab\u0131 ele ge\u00e7irilse bile zarar alan\u0131 s\u0131n\u0131rlan\u0131r.<\/p>\n<h3><span id=\"Split_Tunnel_mi_Full_Tunnel_mi\">Split Tunnel mi, Full Tunnel m\u0131?<\/span><\/h3>\n<p>Zero Trust yakla\u015f\u0131m\u0131, her \u015feyi tek bir do\u011fruya indirgemez; ba\u011flama g\u00f6re karar verirsiniz:<\/p>\n<ul>\n<li><strong>Full tunnel:<\/strong> T\u00fcm trafi\u011fi VPN \u00fczerinden ge\u00e7irmek; \u00f6zellikle kritik y\u00f6netim i\u015flerinde (production veritaban\u0131 y\u00f6netimi gibi) tercih edilebilir. Trafik i\u00e7eride denetlenir, loglan\u0131r.<\/li>\n<li><strong>Split tunnel:<\/strong> Sadece belirli IP bloklar\u0131 veya domain\u2019ler VPN \u00fczerinden akar; geri kalan trafik do\u011frudan internete \u00e7\u0131kar. Geli\u015ftiriciler i\u00e7in daha pratik, bant geni\u015fli\u011fi a\u00e7\u0131s\u0131ndan daha verimlidir.<\/li>\n<\/ul>\n<p>Zero Trust bak\u0131\u015f a\u00e7\u0131s\u0131yla genelde <strong>y\u00f6netim ve eri\u015fim trafi\u011fini<\/strong> (SSH, RDP, panel) full tunnel veya denetimli bir gateway \u00fczerinden ge\u00e7irip, di\u011fer trafi\u011fi split tunnel ile y\u00f6netmek iyi bir denge sa\u011flar.<\/p>\n<h3><span id=\"Protokol_Secimi_IPsec_OpenVPN_WireGuard\">Protokol Se\u00e7imi: IPsec, OpenVPN, WireGuard<\/span><\/h3>\n<p>Hosting ortamlar\u0131nda en yayg\u0131n g\u00f6rd\u00fc\u011f\u00fcm\u00fcz \u00fc\u00e7 protokol: IPsec, OpenVPN ve WireGuard. Zero Trust a\u00e7\u0131s\u0131ndan hangi protokol\u00fc se\u00e7ti\u011finizden \u00e7ok, <strong>kimlik ve politika katman\u0131n\u0131 nas\u0131l entegre etti\u011finiz<\/strong> \u00f6nemlidir. \u00d6rne\u011fin:<\/p>\n<ul>\n<li>Kimlik do\u011frulamas\u0131n\u0131 sadece kullan\u0131c\u0131 ad\u0131\/parola ile de\u011fil, istemci sertifikas\u0131 veya SSO tabanl\u0131 token\u2019larla g\u00fc\u00e7lendirmek.<\/li>\n<li>Her VPN profilinin eri\u015febilece\u011fi IP aral\u0131\u011f\u0131n\u0131 minimize etmek.<\/li>\n<li>VPN\u2019in, bastion host ve sadece belirli y\u00f6netim portlar\u0131na eri\u015fmesine izin vermek.<\/li>\n<\/ul>\n<p>DCHost taraf\u0131nda, \u00f6zellikle y\u00f6netilen VPS veya dedicated \u00e7\u00f6z\u00fcmlerinde, m\u00fc\u015fterilerle birlikte bu t\u00fcr daralt\u0131lm\u0131\u015f VPN profilleri tasarlamak, sald\u0131r\u0131 y\u00fczeyini kayda de\u011fer oranda k\u00fc\u00e7\u00fclt\u00fcyor.<\/p>\n<h2><span id=\"Bastion_Host_ile_SSH_ve_RDP_Erisimini_Merkezilestirmek\">Bastion Host ile SSH ve RDP Eri\u015fimini Merkezile\u015ftirmek<\/span><\/h2>\n<p>Zero Trust mimarilerinin omurgalar\u0131ndan biri de <strong>bastion host<\/strong> (ya da jump host). Temel fikir basit: T\u00fcm SSH ve RDP eri\u015fimi \u00f6nce tek bir g\u00fcvenli sunucu \u00fczerinden ge\u00e7er; di\u011fer \u00fcretim sunucular\u0131na do\u011frudan d\u0131\u015far\u0131dan ba\u011flant\u0131 yoktur.<\/p>\n<h3><span id=\"Neden_Bastion_Host_Kullanmalisiniz\">Neden Bastion Host Kullanmal\u0131s\u0131n\u0131z?<\/span><\/h3>\n<p>Bastion host\u2019un sa\u011flad\u0131\u011f\u0131 ba\u015fl\u0131ca avantajlar:<\/p>\n<ul>\n<li><strong>Sald\u0131r\u0131 y\u00fczeyini azalt\u0131r:<\/strong> Sadece bastion sunucunun SSH\/RDP portu d\u0131\u015f d\u00fcnyaya a\u00e7\u0131kt\u0131r (veya sadece VPN\u2019den eri\u015filir).<\/li>\n<li><strong>Merkezi loglama sa\u011flar:<\/strong> T\u00fcm oturumlar bu sunucu \u00fczerinden ge\u00e7ti\u011fi i\u00e7in, kim nereye ba\u011flanm\u0131\u015f, hangi komutlar\u0131 \u00e7al\u0131\u015ft\u0131rm\u0131\u015f daha net izlenir.<\/li>\n<li><strong>\u0130zolasyon:<\/strong> Uygulama sunucular\u0131nda ekstra dinleme servisi, a\u00e7\u0131k port veya karma\u015f\u0131k firewall kural\u0131 b\u0131rakmadan eri\u015fim sa\u011flan\u0131r.<\/li>\n<li><strong>Yetki devri ve denetimi:<\/strong> Farkl\u0131 ekipler farkl\u0131 bastion kullan\u0131c\u0131lar\u0131 ile ayr\u0131\u015ft\u0131r\u0131labilir.<\/li>\n<\/ul>\n<p>Bu model, <a href=\"https:\/\/www.dchost.com\/blog\/vps-sunucu-guvenligi-nasil-saglanir-kapiyi-acik-birakmadan-yasamanin-sirri\/\">VPS sunucu g\u00fcvenli\u011fi \u00fczerine payla\u015ft\u0131\u011f\u0131m\u0131z pratik yakla\u015f\u0131mlar\u0131n<\/a> do\u011fal bir devam\u0131 olarak g\u00f6r\u00fclebilir.<\/p>\n<h3><span id=\"Guvenli_Bastion_Host_Tasarimi\">G\u00fcvenli Bastion Host Tasar\u0131m\u0131<\/span><\/h3>\n<p>Bir bastion sunucuyu Zero Trust mant\u0131\u011f\u0131na uygun kurmak i\u00e7in \u015fu ad\u0131mlar kritik:<\/p>\n<ul>\n<li><strong>Minimum servis:<\/strong> Sadece SSH (ve gerekiyorsa RDP gateway) \u00e7al\u0131\u015fmal\u0131. Web sunucusu, veritaban\u0131, mail daemon\u2019u gibi ekstra servisler olmamal\u0131.<\/li>\n<li><strong>G\u00fc\u00e7l\u00fc kimlik do\u011frulama:<\/strong> Parola yerine <strong>SSH anahtar\u0131<\/strong>, m\u00fcmk\u00fcnse FIDO2 tabanl\u0131 anahtarlar ve ek 2FA kullanmak.<\/li>\n<li><strong>IP k\u0131s\u0131tlama:<\/strong> Bastion\u2019a eri\u015fim sadece VPN a\u011f\u0131 veya belirli ofis IP\u2019lerinden olmal\u0131.<\/li>\n<li><strong>Kat\u0131 firewall:<\/strong> Bastion\u2019dan sadece y\u00f6netilecek sunuculara ve sadece gerekli portlara (22, 3306 gibi) \u00e7\u0131k\u0131\u015f izni verin.<\/li>\n<li><strong>Merkezi loglama:<\/strong> SSH oturum log\u2019lar\u0131n\u0131 ve auth log\u2019lar\u0131n\u0131 ayr\u0131 bir log sunucusuna g\u00f6nderin.<\/li>\n<li><strong>Periyodik sertle\u015ftirme:<\/strong> Paket g\u00fcncellemeleri, <code>sshd_config<\/code> sertle\u015ftirmesi, Fail2ban veya benzeri ara\u00e7larla brute force korumas\u0131.<\/li>\n<\/ul>\n<p>Bu noktada, bastion \u00fczerinde uygulayaca\u011f\u0131n\u0131z ayarlar\u0131n \u00e7o\u011fu, yine <a href=\"https:\/\/www.dchost.com\/blog\/vps-guvenlik-sertlestirme-kontrol-listesi-sshd_config-fail2ban-ve-root-erisimini-kapatmak\/\">VPS g\u00fcvenlik sertle\u015ftirme rehberimizde<\/a> anlatt\u0131klar\u0131m\u0131zla paraleldir.<\/p>\n<h3><span id=\"Ornek_SSH_Akisi\">\u00d6rnek SSH Ak\u0131\u015f\u0131<\/span><\/h3>\n<p>Zero Trust uyumlu tipik bir SSH ak\u0131\u015f\u0131 \u015f\u00f6yle olabilir:<\/p>\n<ol>\n<li>Kullan\u0131c\u0131, SSO \u00fczerinden kimlik do\u011frulamas\u0131 yapar ve VPN istemcisiyle i\u00e7 a\u011fa ba\u011flan\u0131r.<\/li>\n<li>Kullan\u0131c\u0131, SSH anahtar\u0131 ile bastion host\u2019a ba\u011flan\u0131r; bu oturum loglan\u0131r.<\/li>\n<li>Bastion \u00fczerinden sadece yetkili oldu\u011fu sunucuya <code>ssh app@10.0.5.12<\/code> gibi bir ba\u011flant\u0131 a\u00e7ar.<\/li>\n<li>Hedef sunucularda do\u011frudan root eri\u015fimi yoktur; <code>sudo<\/code> yetkileri rol bazl\u0131 tan\u0131mlanm\u0131\u015ft\u0131r.<\/li>\n<li>T\u00fcm komutlar ve ba\u011flant\u0131lar, merkezi loglama sistemi \u00fczerinden gerekti\u011finde denetlenebilir.<\/li>\n<\/ol>\n<p>Bu ak\u0131\u015f, hem geli\u015ftiricinin g\u00fcnl\u00fck i\u015fini \u00e7ok zorla\u015ft\u0131rmaz hem de Zero Trust\u2019\u0131n en az yetki ve s\u00fcrekli denetim prensiplerini kar\u015f\u0131lar.<\/p>\n<h2><span id=\"SSO_ile_Panel_ve_Uygulamalara_Kimlik_Odakli_Erisim\">SSO ile Panel ve Uygulamalara Kimlik Odakl\u0131 Eri\u015fim<\/span><\/h2>\n<p>Zero Trust\u2019\u0131n bir di\u011fer aya\u011f\u0131 da <strong>Single Sign-On (SSO)<\/strong>. Farkl\u0131 paneller, dashboard\u2019lar, admin aray\u00fczleri i\u00e7in ayr\u0131 ayr\u0131 hesap\/parola y\u00f6netmek hem operasyonel y\u00fck hem de g\u00fcvenlik riski anlam\u0131na geliyor.<\/p>\n<h3><span id=\"SAML_OpenID_Connect_ile_Entegrasyon\">SAML \/ OpenID Connect ile Entegrasyon<\/span><\/h3>\n<p>Modern uygulamalar\u0131n \u00e7o\u011fu SAML veya OpenID Connect (OIDC) destekliyor. Bunlar sayesinde:<\/p>\n<ul>\n<li>Kullan\u0131c\u0131lar tek bir merkezi kimlik sa\u011flay\u0131c\u0131yla oturum a\u00e7ar.<\/li>\n<li>Uygulama, kullan\u0131c\u0131 bilgilerini ve rollerini bu sa\u011flay\u0131c\u0131dan al\u0131r.<\/li>\n<li>Parola politikalar\u0131, 2FA zorunlulu\u011fu, cihaz kontrol\u00fc gibi politikalar merkezi olarak y\u00f6netilir.<\/li>\n<\/ul>\n<p>Hosting taraf\u0131nda; y\u00f6netim panelleri, m\u00fc\u015fteri portal\u0131, monitoring dashboard\u2019lar\u0131, hatta baz\u0131 SSH ge\u00e7itleri bile SSO ile entegre edilebilir. B\u00f6ylece \u201ceski \u00e7al\u0131\u015fan hesaplar\u0131 unutuldu mu, hangi panelde hangi parola var\u201d gibi dertler b\u00fcy\u00fck \u00f6l\u00e7\u00fcde ortadan kalkar.<\/p>\n<h3><span id=\"WordPress_cPanel_ve_Ozel_Uygulamalarda_SSO\">WordPress, cPanel ve \u00d6zel Uygulamalarda SSO<\/span><\/h3>\n<p>\u00d6zellikle ajanslar ve \u00fcr\u00fcn ekipleri i\u00e7in WordPress, Laravel tabanl\u0131 paneller, Node.js admin aray\u00fczleri gibi uygulamalarda SSO ciddi fark yarat\u0131yor. \u00d6rne\u011fin:<\/p>\n<ul>\n<li>WordPress\u2019te SSO ile giri\u015f, ek olarak <a href=\"https:\/\/www.dchost.com\/blog\/wordpress-guvenli-giris-mimarisi-2fa-ip-kisitlama-recaptcha-ve-xml-rpc-korumasi\/\">WordPress g\u00fcvenli giri\u015f mimarisi<\/a> yaz\u0131s\u0131nda anlatt\u0131\u011f\u0131m\u0131z 2FA ve IP k\u0131s\u0131tlama stratejileriyle birle\u015ftirilebilir.<\/li>\n<li>cPanel\/DirectAdmin gibi panellere eri\u015fim, ajans bazl\u0131 bir SSO ak\u0131\u015f\u0131yla geli\u015ftirme ekibine devredilip, parola payla\u015f\u0131m\u0131 minimize edilebilir.<\/li>\n<li>\u00d6zel geli\u015ftirilmi\u015f admin panellerinde OIDC entegrasyonu ile giri\u015fler tek noktadan y\u00f6netilebilir.<\/li>\n<\/ul>\n<p>Buradaki ana fikir: <strong>Kimlik ve yetki y\u00f6netimini da\u011f\u0131t\u0131k panellerde de\u011fil, merkezi bir yerde \u00e7\u00f6zmek<\/strong>. Zero Trust ilkeleriyle birle\u015ftirildi\u011finde, panellere do\u011frudan IP k\u0131s\u0131tlamas\u0131 + SSO + VPN \u00fc\u00e7l\u00fc kombinasyonu, pratikte olduk\u00e7a g\u00fc\u00e7l\u00fc bir bariyer olu\u015fturur.<\/p>\n<h2><span id=\"Farkli_Olcekler_Icin_Zero_Trust_Mimarisi_Ornekleri\">Farkl\u0131 \u00d6l\u00e7ekler \u0130\u00e7in Zero Trust Mimarisi \u00d6rnekleri<\/span><\/h2>\n<p>\u015eimdi teoriyi biraz daha somutla\u015ft\u0131ral\u0131m ve \u00fc\u00e7 tipik senaryo \u00fczerinden gidelim.<\/p>\n<h3><span id=\"1_Kucuk_Ekip_Tek_VPS_Senaryosu\">1) K\u00fc\u00e7\u00fck Ekip + Tek VPS Senaryosu<\/span><\/h3>\n<p>Elinizde DCHost \u00fczerinde \u00e7al\u0131\u015fan bir VPS var; Laravel veya WordPress bar\u0131nd\u0131r\u0131yorsunuz, ekip 3\u20135 ki\u015filik. Uygulanabilir Zero Trust ad\u0131mlar\u0131:<\/p>\n<ul>\n<li>Sunucuda parola ile SSH giri\u015fini kapat\u0131n, sadece SSH anahtarlar\u0131yla eri\u015fim verin.<\/li>\n<li>SSH portunu do\u011frudan internete a\u00e7mak yerine, k\u00fc\u00e7\u00fck bir VPN (WireGuard gibi) kurun; SSH sadece VPN a\u011f\u0131ndan eri\u015filebilsin.<\/li>\n<li>VPN eri\u015fimini ki\u015fisel hesaplarla ve k\u0131sa oturum s\u00fcreleriyle s\u0131n\u0131rland\u0131r\u0131n.<\/li>\n<li>cPanel veya y\u00f6netim paneli eri\u015fimlerini IP k\u0131s\u0131tlamas\u0131 + 2FA ile g\u00fc\u00e7lendirin.<\/li>\n<li>WordPress veya benzeri CMS\u2019lerde, yetkileri rol bazl\u0131 net ay\u0131r\u0131n; admin hesab\u0131n\u0131 payla\u015fmay\u0131n.<\/li>\n<\/ul>\n<p>Bu modelde ayr\u0131 bir bastion host \u015fart de\u011fil; tek VPS \u00fczerinde minimal bir Zero Trust katman\u0131 kurmu\u015f olursunuz. Zamanla trafik ve ekip b\u00fcy\u00fcd\u00fck\u00e7e bastion ve daha geli\u015fmi\u015f SSO\u2019yu devreye alabilirsiniz.<\/p>\n<h3><span id=\"2_Ajans_Onlarca_Musteri_Sitesi_Senaryosu\">2) Ajans + Onlarca M\u00fc\u015fteri Sitesi Senaryosu<\/span><\/h3>\n<p>Ajanslar i\u00e7in tablo biraz daha karma\u015f\u0131k: Onlarca m\u00fc\u015fteri, farkl\u0131 paneller, farkl\u0131 CMS\u2019ler ve s\u00fcrekli de\u011fi\u015fen ekip. Burada tavsiye etti\u011fimiz mimari \u015fu \u015fekilde:<\/p>\n<ul>\n<li>DCHost \u00fczerinde ajansa ait ayr\u0131 bir y\u00f6netim VPS\u2019i (bastion + ara\u00e7lar i\u00e7in) konumland\u0131r\u0131n.<\/li>\n<li>T\u00fcm m\u00fc\u015fteri VPS\/<a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>lar\u0131na SSH eri\u015fimini sadece bu bastion sunucudan gelecek ba\u011flant\u0131lara izin verecek \u015fekilde k\u0131s\u0131tlay\u0131n.<\/li>\n<li>Ajans i\u00e7i VPN kurup, bastion\u2019a sadece bu VPN\u2019den eri\u015fim verin.<\/li>\n<li>cPanel, DirectAdmin ve benzeri panellere eri\u015fim modelini, <a href=\"https:\/\/www.dchost.com\/blog\/ajanslar-icin-hosting-paneli-erisim-yonetimi-uygulanabilir-rehber\/\">ajanslar i\u00e7in panel eri\u015fim y\u00f6netimi rehberinde<\/a> anlatt\u0131\u011f\u0131m\u0131z gibi rol bazl\u0131 kurgulay\u0131n.<\/li>\n<li>M\u00fc\u015fteri WordPress sitelerinde, SSO veya en az\u0131ndan 2FA + IP k\u0131s\u0131tlamas\u0131 uygulay\u0131n.<\/li>\n<\/ul>\n<p>B\u00f6yle bir yap\u0131da; ekip de\u011fi\u015fse bile bastion ve VPN katmanlar\u0131 sayesinde, eri\u015fim h\u0131zl\u0131ca g\u00fcncellenebilir, eski \u00e7al\u0131\u015fanlar\u0131n eri\u015fimleri tek yerden iptal edilebilir.<\/p>\n<h3><span id=\"3_Kurumsal_Staging_Production_Ayrimi_Olan_Senaryo\">3) Kurumsal + Staging \/ Production Ayr\u0131m\u0131 Olan Senaryo<\/span><\/h3>\n<p>Staging, test ve production ortamlar\u0131 ayr\u0131 olan yap\u0131larda Zero Trust mimarisi daha da k\u0131ymetli hale gelir:<\/p>\n<ul>\n<li>Staging ortam\u0131na daha geni\u015f bir ekip eri\u015febilir; production ise sadece belirli rollere a\u00e7\u0131k tutulur.<\/li>\n<li>VPN profilleri staging ve production i\u00e7in ayr\u0131 tan\u0131mlan\u0131r; production VPN\u2019i ek g\u00fcvenlik kontrolleri (cihaz politikas\u0131, daha s\u0131k 2FA, k\u0131s\u0131tl\u0131 IP\u2019ler) i\u00e7erir.<\/li>\n<li>Production sunuculara eri\u015fim <strong>mutlaka bastion host<\/strong> \u00fczerinden yap\u0131l\u0131r; staging sunucular ise daha esnek olabilir.<\/li>\n<li>CI\/CD sistemleri (GitHub Actions, GitLab CI vb.) i\u00e7in ayr\u0131 servis hesaplar\u0131 tan\u0131mlan\u0131r; insan hesaplar\u0131yla kar\u0131\u015ft\u0131r\u0131lmaz.<\/li>\n<\/ul>\n<p>B\u00f6ylece staging ortamlar\u0131nda daha rahat deney yaparken, production taraf\u0131nda Zero Trust disiplinini tavizsiz s\u00fcrd\u00fcrebilirsiniz. DCHost altyap\u0131s\u0131nda \u00e7ok kirac\u0131l\u0131 ve \u00e7ok ortaml\u0131 VPS yap\u0131lar\u0131n\u0131 planlarken, bu ayr\u0131m\u0131 en ba\u015ftan tasarlaman\u0131z uzun vadede b\u00fcy\u00fck rahatl\u0131k sa\u011flar.<\/p>\n<h2><span id=\"Port_Acmadan_Yayin_ve_Zero_Trust_Kenar_Cozumleri\">Port A\u00e7madan Yay\u0131n ve Zero Trust Kenar \u00c7\u00f6z\u00fcmleri<\/span><\/h2>\n<p>Zero Trust d\u00fcnyas\u0131nda son y\u0131llarda \u00f6ne \u00e7\u0131kan pratiklerden biri de <strong>port a\u00e7madan yay\u0131n yapma<\/strong> yakla\u015f\u0131m\u0131. Yani sunucunuzda 80\/443 veya 22 gibi portlar\u0131 do\u011frudan internete a\u00e7mak yerine, <strong>ters t\u00fcnel<\/strong> veya edge proxy \u00e7\u00f6z\u00fcmleriyle d\u0131\u015f d\u00fcnyaya yaln\u0131zca do\u011frulanm\u0131\u015f istekleri iletmek.<\/p>\n<p>Bunu \u00f6zellikle Zero Trust edge hizmetleri, t\u00fcnel ve mTLS tabanl\u0131 sistemlerle kurmak m\u00fcmk\u00fcn. Bu konuyu daha derinlemesine ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/port-acmadan-yayin-nasil-mumkun-cloudflare-tunnel-zero-trust-mtls-ve-accessi-adim-adim\/\">port a\u00e7madan yay\u0131n ve Zero Trust t\u00fcnel mimarisi<\/a> yaz\u0131s\u0131na da mutlaka g\u00f6z atman\u0131z\u0131 \u00f6neririz.<\/p>\n<p>DCHost \u00fczerindeki VPS veya dedicated sunucular\u0131n\u0131zda; HTTP(S) trafi\u011fini bu t\u00fcr t\u00fcnel \u00e7\u00f6z\u00fcmlerinden ge\u00e7irerek, do\u011frudan IP\u2019ye port a\u00e7ma ihtiyac\u0131n\u0131 b\u00fcy\u00fck \u00f6l\u00e7\u00fcde azaltabilirsiniz. Bu da Zero Trust\u2019\u0131n \u201ca\u00e7\u0131k kap\u0131lar\u0131 kapat, do\u011frulanm\u0131\u015f ba\u011flant\u0131lar\u0131 i\u00e7eri al\u201d anlay\u0131\u015f\u0131yla bire bir \u00f6rt\u00fc\u015f\u00fcyor.<\/p>\n<h2><span id=\"DCHost_Uzerinde_Zero_Trusta_Yaklasmak_Icin_Uygulanabilir_Adimlar\">DCHost \u00dczerinde Zero Trust\u2019a Yakla\u015fmak \u0130\u00e7in Uygulanabilir Ad\u0131mlar<\/span><\/h2>\n<p>\u015eimdi t\u00fcm par\u00e7alar\u0131 birle\u015ftirelim ve DCHost \u00fczerinde bar\u0131nd\u0131rd\u0131\u011f\u0131n\u0131z altyap\u0131y\u0131 ad\u0131m ad\u0131m Zero Trust\u2019a yakla\u015ft\u0131racak bir kontrol listesi \u00e7\u0131karal\u0131m:<\/p>\n<ol>\n<li><strong>Varl\u0131klar\u0131 envanterleyin:<\/strong> Hangi VPS, dedicated veya colocation sunucular\u0131n\u0131z var, hangi paneller, hangi admin aray\u00fczleri kullan\u0131l\u0131yor; hepsini listeleyin.<\/li>\n<li><strong>Kimlik kayna\u011f\u0131n\u0131 netle\u015ftirin:<\/strong> Kullan\u0131c\u0131lar tek bir dizinde\/toplamda m\u0131? SSO sa\u011flay\u0131c\u0131n\u0131z var m\u0131? Yoksa hangi \u00e7\u00f6z\u00fcm\u00fc konumland\u0131racaks\u0131n\u0131z?<\/li>\n<li><strong>SSH ve panel eri\u015fimlerini ay\u0131r\u0131n:<\/strong> Y\u00f6netim eri\u015fimlerini; SSH\/bastion ve web panelleri olarak ikiye b\u00f6l\u00fcp, her biri i\u00e7in farkl\u0131 katmanlar (VPN, SSO, IP k\u0131s\u0131tlama) tan\u0131mlay\u0131n.<\/li>\n<li><strong>VPN\u2019i daralt\u0131n:<\/strong> Geni\u015f ofis VPN\u2019leri yerine; rol bazl\u0131, sadece gerekli sunuculara gidebilen, k\u0131sa \u00f6m\u00fcrl\u00fc VPN profillerine ge\u00e7in.<\/li>\n<li><strong>Bastion host kurun:<\/strong> \u00dcretim sunucular\u0131na do\u011frudan SSH eri\u015fimini kapat\u0131p, tek bir bastion \u00fczerinden eri\u015fim verin; burada anlatt\u0131\u011f\u0131m\u0131z sertle\u015ftirme ad\u0131mlar\u0131n\u0131 uygulay\u0131n.<\/li>\n<li><strong>SSO entegrasyonlar\u0131n\u0131 ba\u015flat\u0131n:<\/strong> M\u00fcmk\u00fcn olan panelleri ve admin aray\u00fczlerini SSO ile entegre edin; kullan\u0131c\u0131\/parola y\u00f6netimini merkezi h\u00e2le getirin.<\/li>\n<li><strong>Loglama ve alarm yap\u0131s\u0131n\u0131 g\u00f6zden ge\u00e7irin:<\/strong> Zero Trust\u2019\u0131n de\u011feri, bir ihlal an\u0131nda ne kadar h\u0131zl\u0131 g\u00f6rebildi\u011finizle \u00f6l\u00e7\u00fcl\u00fcr. Merkezi loglama ve alarm konusunu, <a href=\"https:\/\/www.dchost.com\/blog\/vps-log-yonetimi-nasil-rayina-oturur-grafana-loki-promtail-ile-merkezi-loglama-tutma-sureleri-ve-alarm-kurallari\/\">VPS log y\u00f6netimi rehberimiz<\/a> ile birlikte planlay\u0131n.<\/li>\n<li><strong>Periyodik eri\u015fim denetimi yap\u0131n:<\/strong> Hangi kullan\u0131c\u0131n\u0131n hangi sunucuya eri\u015fimi var, son 90 g\u00fcnde giri\u015f yapm\u0131\u015f m\u0131, h\u00e2l\u00e2 \u015firkette mi; bunlar\u0131 d\u00fczenli g\u00f6zden ge\u00e7irin.<\/li>\n<\/ol>\n<p>Bu ad\u0131mlar\u0131n tamam\u0131n\u0131 bir g\u00fcnde yapmak zorunda de\u011filsiniz. \u00d6nemli olan; her \u00e7eyrekte bir ad\u0131m\u0131 hayata ge\u00e7irmek ve ilerlemeyi somut olarak \u00f6l\u00e7mek. DCHost ekibi olarak, \u00f6zellikle VPS ve dedicated projelerinizde bu t\u00fcr mimari d\u00f6n\u00fc\u015f\u00fcmlerde teknik ekibimizle birlikte planlama yapmaya her zaman a\u00e7\u0131\u011f\u0131z.<\/p>\n<h2><span id=\"Ozet_ve_Yol_Haritasi\">\u00d6zet ve Yol Haritas\u0131<\/span><\/h2>\n<p>Zero Trust, tek bir \u00fcr\u00fcn veya kutu ile \u201csat\u0131n al\u0131nan\u201d bir \u015fey de\u011fil; <strong>bir d\u00fc\u015f\u00fcnce bi\u00e7imi ve bu d\u00fc\u015f\u00fcnceyi destekleyen mimari kararlar b\u00fct\u00fcn\u00fc<\/strong>. Hosting ve sunucu eri\u015fimi ba\u011flam\u0131nda VPN, bastion host ve SSO; bu yakla\u015f\u0131m\u0131n omurgas\u0131n\u0131 olu\u015fturuyor.<\/p>\n<p>VPN\u2019i sadece \u201cofis d\u0131\u015f\u0131ndan i\u00e7eri girmek\u201d i\u00e7in geni\u015f bir t\u00fcnel olmaktan \u00e7\u0131kar\u0131p, rol ve cihaz bazl\u0131 mikro eri\u015fim katman\u0131na d\u00f6n\u00fc\u015ft\u00fcrd\u00fc\u011f\u00fcn\u00fczde, bir hesab\u0131n ele ge\u00e7irilmesi halinde bile zarar\u0131 ciddi \u015fekilde s\u0131n\u0131rlayabiliyorsunuz. Bastion host ile SSH ve RDP eri\u015fimlerini tek bir g\u00fcvenli, loglanan, sertle\u015ftirilmi\u015f noktadan ge\u00e7irerek, hem sald\u0131r\u0131 y\u00fczeyini daralt\u0131yor hem de denetlenebilirli\u011fi art\u0131r\u0131yorsunuz. SSO ile de panellere ve admin aray\u00fczlerine da\u011f\u0131n\u0131k parola ve kullan\u0131c\u0131 y\u00f6netimi yerine, merkezi, politikalarla \u015fekillenen bir kimlik katman\u0131 kazand\u0131r\u0131yorsunuz.<\/p>\n<p>\u0130lk ad\u0131mda her \u015feyi m\u00fckemmel yapmak zorunda de\u011filsiniz. \u00d6rne\u011fin; sadece SSH\u2019\u0131 bastion \u00fczerinden ge\u00e7irmek, sadece y\u00f6netim panellerine 2FA eklemek veya sadece WordPress giri\u015f mimarinizi <a href=\"https:\/\/www.dchost.com\/blog\/wordpress-guvenlik-sertlestirme-kontrol-listesi-dosya-izinleri-salt-keys-xml-rpc-ufw-fail2ban-nasil-tatli-tatli-kurulur\/\">g\u00fcvenlik sertle\u015ftirme kontrol listemize<\/a> g\u00f6re elden ge\u00e7irmek bile \u00f6nemli ilerleme say\u0131l\u0131r. Buradan sonra VPN ve SSO ad\u0131mlar\u0131n\u0131 eklemek \u00e7ok daha kolay hale gelir.<\/p>\n<p>E\u011fer DCHost \u00fczerinde \u00e7al\u0131\u015fan mevcut VPS, dedicated veya colocation altyap\u0131n\u0131z varsa ve Zero Trust yakla\u015f\u0131m\u0131na ge\u00e7i\u015fi ad\u0131m ad\u0131m planlamak istiyorsan\u0131z, teknik ekibimizle beraber mimarinizi g\u00f6zden ge\u00e7irip uygulanabilir bir yol haritas\u0131 \u00e7\u0131karmaktan memnuniyet duyar\u0131z. B\u00f6ylece hem g\u00fcvenlik seviyenizi y\u00fckseltir hem de ekipleriniz i\u00e7in s\u00fcrd\u00fcr\u00fclebilir, denetlenebilir ve \u00f6l\u00e7eklenebilir bir eri\u015fim modeli kurmu\u015f olursunuz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 Zero Trust Yakla\u015f\u0131m\u0131yla Hosting ve Sunucu Eri\u015fimine Bak\u0131\u015f2 Klasik VPN Yakla\u015f\u0131m\u0131n\u0131n S\u0131n\u0131rlar\u0131 ve Zero Trust\u2019\u0131n Temelleri3 Hosting ve Sunucu Eri\u015fiminde S\u0131k G\u00f6r\u00fclen Riskler4 Zero Trust Mimarinin Temel Bile\u015fenleri5 VPN\u2019i Zero Trust Mant\u0131\u011f\u0131yla Yeniden Tasarlamak5.1 Kullan\u0131c\u0131 ve Cihaz Bazl\u0131 VPN Eri\u015fimi5.2 Split Tunnel mi, Full Tunnel m\u0131?5.3 Protokol Se\u00e7imi: IPsec, OpenVPN, WireGuard6 Bastion Host ile [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4807,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4806","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4806","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4806"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4806\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4807"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4806"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4806"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4806"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}