{"id":4974,"date":"2026-02-11T16:56:42","date_gmt":"2026-02-11T13:56:42","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/vpn-ve-bastion-host-ile-hosting-panellerine-guvenli-uzaktan-erisim-mimarisi\/"},"modified":"2026-02-11T16:56:42","modified_gmt":"2026-02-11T13:56:42","slug":"vpn-ve-bastion-host-ile-hosting-panellerine-guvenli-uzaktan-erisim-mimarisi","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/vpn-ve-bastion-host-ile-hosting-panellerine-guvenli-uzaktan-erisim-mimarisi\/","title":{"rendered":"VPN ve Bastion Host ile Hosting Panellerine G\u00fcvenli Uzaktan Eri\u015fim Mimarisi"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>Hosting paneliniz (cPanel, DirectAdmin, Plesk vb.) do\u011frudan internete a\u00e7\u0131k oldu\u011funda, asl\u0131nda t\u00fcm altyap\u0131n\u0131z\u0131n kalbini herkesin g\u00f6rebilece\u011fi bir kap\u0131ya d\u00f6n\u00fc\u015ft\u00fcrm\u00fc\u015f oluyorsunuz. G\u00fcvenlik denetimi yapt\u0131\u011f\u0131m\u0131z pek \u00e7ok projede, g\u00fc\u00e7l\u00fc \u015fifreler, 2FA ve WAF kural setleri kurulmu\u015f olsa bile, panel portlar\u0131n\u0131n herkese a\u00e7\u0131k kald\u0131\u011f\u0131n\u0131 ve botlar taraf\u0131ndan s\u00fcrekli tarand\u0131\u011f\u0131n\u0131 g\u00f6r\u00fcyoruz. \u00d6zellikle ajanslar, SaaS ekipleri ve \u00e7oklu sunucu y\u00f6neten DevOps ekipleri i\u00e7in bu durum hem operasyonel hem de hukuki ciddi riskler bar\u0131nd\u0131r\u0131yor.<\/p>\n<p>Bu yaz\u0131da, panel eri\u015fimini tamamen internette g\u00f6r\u00fcnmez hale getirip, yaln\u0131zca yetkili ki\u015filerin, kay\u0131t alt\u0131na al\u0131nm\u0131\u015f ve kontrol edilebilir bir kanaldan ba\u011flanabildi\u011fi bir mimariyi konu\u015faca\u011f\u0131z: <strong>VPN + bastion host<\/strong> kombinasyonu. Amac\u0131m\u0131z, teoride kalan kavramlar yerine, DCHost \u00fczerinde \u00e7al\u0131\u015fan tipik bir <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a> altyap\u0131s\u0131nda ad\u0131m ad\u0131m uygulanabilir bir model kurmak. E\u011fer Zero Trust, SSH anahtar y\u00f6netimi, mTLS gibi kavramlara a\u015finaysan\u0131z burada onlar\u0131 bir \u00fcst seviyeye ta\u015f\u0131yaca\u011f\u0131z; de\u011filseniz de sade bir dille g\u00fcvenlik mimarinizi nas\u0131l olgunla\u015ft\u0131rabilece\u011finizi netle\u015ftirece\u011fiz.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Neden_Hosting_Panel_Erisimi_En_Kritik_Saldiri_Yuzeylerinizden_Biri\"><span class=\"toc_number toc_depth_1\">1<\/span> Neden Hosting Panel Eri\u015fimi En Kritik Sald\u0131r\u0131 Y\u00fczeylerinizden Biri?<\/a><\/li><li><a href=\"#Temel_Bilesenler_VPN_Bastion_Host_ve_Yonetim_Agi\"><span class=\"toc_number toc_depth_1\">2<\/span> Temel Bile\u015fenler: VPN, Bastion Host ve Y\u00f6netim A\u011f\u0131<\/a><ul><li><a href=\"#VPN_ile_kapali_bir_yonetim_agi_kurmak\"><span class=\"toc_number toc_depth_2\">2.1<\/span> VPN ile kapal\u0131 bir y\u00f6netim a\u011f\u0131 kurmak<\/a><\/li><li><a href=\"#Bastion_host_jump_server_nedir\"><span class=\"toc_number toc_depth_2\">2.2<\/span> Bastion host (jump server) nedir?<\/a><\/li><li><a href=\"#Hosting_panelleri_icin_tipik_erisim_akisi\"><span class=\"toc_number toc_depth_2\">2.3<\/span> Hosting panelleri i\u00e7in tipik eri\u015fim ak\u0131\u015f\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Ornek_Mimari_DCHost_Uzerindeki_cPanelPlesk_Sunucularini_Koruma\"><span class=\"toc_number toc_depth_1\">3<\/span> \u00d6rnek Mimari: DCHost \u00dczerindeki cPanel\/Plesk Sunucular\u0131n\u0131 Koruma<\/a><ul><li><a href=\"#Ag_ve_firewall_tasarimi\"><span class=\"toc_number toc_depth_2\">3.1<\/span> A\u011f ve firewall tasar\u0131m\u0131<\/a><\/li><li><a href=\"#Kucuk_ekipler_icin_tek_VPN_bastion_host_senaryosu\"><span class=\"toc_number toc_depth_2\">3.2<\/span> K\u00fc\u00e7\u00fck ekipler i\u00e7in tek VPN + bastion host senaryosu<\/a><\/li><li><a href=\"#Ajanslar_ve_coklu_musteri_panelleri_icin_katmanli_mimari\"><span class=\"toc_number toc_depth_2\">3.3<\/span> Ajanslar ve \u00e7oklu m\u00fc\u015fteri panelleri i\u00e7in katmanl\u0131 mimari<\/a><\/li><\/ul><\/li><li><a href=\"#Uygulama_Adimlari_Sifirdan_Guvenli_Erisim_Kurulumu\"><span class=\"toc_number toc_depth_1\">4<\/span> Uygulama Ad\u0131mlar\u0131: S\u0131f\u0131rdan G\u00fcvenli Eri\u015fim Kurulumu<\/a><ul><li><a href=\"#1_Yonetim_agi_ve_IP_planini_netlestirin\"><span class=\"toc_number toc_depth_2\">4.1<\/span> 1. Y\u00f6netim a\u011f\u0131 ve IP plan\u0131n\u0131 netle\u015ftirin<\/a><\/li><li><a href=\"#2_VPN_sunucusunu_kurun_ve_istemci_profillerini_olusturun\"><span class=\"toc_number toc_depth_2\">4.2<\/span> 2. VPN sunucusunu kurun ve istemci profillerini olu\u015fturun<\/a><\/li><li><a href=\"#3_Bastion_hostu_sertlestirin\"><span class=\"toc_number toc_depth_2\">4.3<\/span> 3. Bastion host\u2019u sertle\u015ftirin<\/a><\/li><li><a href=\"#4_Panel_sunucularinda_firewall_ve_servis_erisim_kurallari\"><span class=\"toc_number toc_depth_2\">4.4<\/span> 4. Panel sunucular\u0131nda firewall ve servis eri\u015fim kurallar\u0131<\/a><\/li><li><a href=\"#5_Kullanici_erisim_politikalari_ve_on-boarding_off-boarding\"><span class=\"toc_number toc_depth_2\">4.5<\/span> 5. Kullan\u0131c\u0131 eri\u015fim politikalar\u0131 ve on-boarding \/ off-boarding<\/a><\/li><\/ul><\/li><li><a href=\"#Gelismis_Guvenlik_Katmanlari_Zero_Trust_mTLS_ve_Port_Acmadan_Yonetim\"><span class=\"toc_number toc_depth_1\">5<\/span> Geli\u015fmi\u015f G\u00fcvenlik Katmanlar\u0131: Zero Trust, mTLS ve Port A\u00e7madan Y\u00f6netim<\/a><ul><li><a href=\"#Zero_Trust_prensiplerini_uygulamak\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Zero Trust prensiplerini uygulamak<\/a><\/li><li><a href=\"#mTLS_ile_yonetim_trafigini_karsilikli_kimlik_dogrulama_ile_korumak\"><span class=\"toc_number toc_depth_2\">5.2<\/span> mTLS ile y\u00f6netim trafi\u011fini kar\u015f\u0131l\u0131kl\u0131 kimlik do\u011frulama ile korumak<\/a><\/li><li><a href=\"#Port_acmadan_yonetim_Tunel_tabanli_erisim_cozumleri\"><span class=\"toc_number toc_depth_2\">5.3<\/span> Port a\u00e7madan y\u00f6netim: T\u00fcnel tabanl\u0131 eri\u015fim \u00e7\u00f6z\u00fcmleri<\/a><\/li><\/ul><\/li><li><a href=\"#Operasyonel_En_Iyi_Uygulamalar_Loglama_Izleme_ve_Erisim_Denetimleri\"><span class=\"toc_number toc_depth_1\">6<\/span> Operasyonel En \u0130yi Uygulamalar: Loglama, \u0130zleme ve Eri\u015fim Denetimleri<\/a><ul><li><a href=\"#Merkezi_loglama_ve_saklama_sureleri\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Merkezi loglama ve saklama s\u00fcreleri<\/a><\/li><li><a href=\"#Duzenli_erisim_gozden_gecirme_access_review\"><span class=\"toc_number toc_depth_2\">6.2<\/span> D\u00fczenli eri\u015fim g\u00f6zden ge\u00e7irme (access review)<\/a><\/li><li><a href=\"#Felaket_senaryolari_ve_acil_durum_erisim_plani\"><span class=\"toc_number toc_depth_2\">6.3<\/span> Felaket senaryolar\u0131 ve acil durum eri\u015fim plan\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Sonuc_Panel_Erisimini_Internetten_Cekmek_En_Kolay_Kazanc\"><span class=\"toc_number toc_depth_1\">7<\/span> Sonu\u00e7: Panel Eri\u015fimini \u0130nternetten \u00c7ekmek En Kolay Kazan\u00e7<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Neden_Hosting_Panel_Erisimi_En_Kritik_Saldiri_Yuzeylerinizden_Biri\">Neden Hosting Panel Eri\u015fimi En Kritik Sald\u0131r\u0131 Y\u00fczeylerinizden Biri?<\/span><\/h2>\n<p>Web siteniz hacklendi\u011finde genellikle uygulama seviyesindeki a\u00e7\u0131klar konu\u015fulur: eski bir eklenti, zay\u0131f bir admin parolas\u0131 veya SQL injection. Ancak tecr\u00fcbede g\u00f6rd\u00fc\u011f\u00fcm\u00fcz \u015fu ki; b\u00fcy\u00fck hasarlar\u0131n \u00f6nemli k\u0131sm\u0131 do\u011frudan hosting paneli veya sunucuya yetkisiz eri\u015fimle ba\u015fl\u0131yor.<\/p>\n<p>Panel eri\u015fimi neden bu kadar kritik?<\/p>\n<ul>\n<li><strong>Tek noktadan tam yetki:<\/strong> cPanel, Plesk veya DirectAdmin kullan\u0131yorsan\u0131z; dosyalar, veritabanlar\u0131, e-posta hesaplar\u0131, DNS, SSL, FTP hepsi tek aray\u00fczde. Panelin ele ge\u00e7irilmesi, t\u00fcm hesab\u0131n veya hatta t\u00fcm sunucunun ele ge\u00e7irilmesi demek.<\/li>\n<li><strong>Brute-force ve parola tahmin sald\u0131r\u0131lar\u0131:<\/strong> \u0130nternete a\u00e7\u0131k her panel login ekran\u0131, botnet\u2019lerin s\u00fcrekli tarad\u0131\u011f\u0131, kullan\u0131c\u0131 ad\u0131\/parola denedi\u011fi klasik hedeflerdir.<\/li>\n<li><strong>0-day ve panel yaz\u0131l\u0131m\u0131 a\u00e7\u0131klar\u0131:<\/strong> Panel yaz\u0131l\u0131mlar\u0131nda zaman zaman kritik g\u00fcvenlik a\u00e7\u0131klar\u0131 \u00e7\u0131k\u0131yor. Siz g\u00fcncelleme yapana kadar, internete a\u00e7\u0131k her paneliniz potansiyel hedef.<\/li>\n<li><strong>IP payla\u015f\u0131m\u0131 ve ajanslar:<\/strong> Ajans veya ekip olarak ayn\u0131 panel bilgilerini birden fazla ki\u015fiyle payla\u015f\u0131yorsan\u0131z, kim, ne zaman, nereden ba\u011fland\u0131 sorusunun cevab\u0131 bulan\u0131kla\u015f\u0131yor.<\/li>\n<\/ul>\n<p>Bu y\u00fczden modern g\u00fcvenlik yakla\u015f\u0131m\u0131nda ilk yap\u0131lacak i\u015flerden biri, <strong>y\u00f6netim aray\u00fczlerini do\u011frudan internete a\u00e7mamak<\/strong>. Zaten Zero Trust yakla\u015f\u0131m\u0131n\u0131 detayl\u0131ca anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/zero-trust-ile-hosting-ve-sunucu-erisimini-guvenceye-almak\/\">Zero Trust ile hosting ve sunucu eri\u015fimini g\u00fcvenceye alma rehberinde<\/a> de vurgulad\u0131\u011f\u0131m\u0131z gibi, &#8220;g\u00fcvenli i\u00e7 a\u011f&#8221; varsay\u0131m\u0131n\u0131 terk edip, her eri\u015fimi do\u011frulamak gerekiyor.<\/p>\n<h2><span id=\"Temel_Bilesenler_VPN_Bastion_Host_ve_Yonetim_Agi\">Temel Bile\u015fenler: VPN, Bastion Host ve Y\u00f6netim A\u011f\u0131<\/span><\/h2>\n<h3><span id=\"VPN_ile_kapali_bir_yonetim_agi_kurmak\">VPN ile kapal\u0131 bir y\u00f6netim a\u011f\u0131 kurmak<\/span><\/h3>\n<p><strong>VPN (Sanal \u00d6zel A\u011f)<\/strong>, istemci cihaz\u0131n\u0131z ile sunucular\u0131n\u0131z aras\u0131nda \u015fifreli bir t\u00fcnel kurar ve sizi sanki ayn\u0131 yerel a\u011fdaym\u0131\u015fs\u0131n\u0131z gibi davran\u0131r. Panel portlar\u0131n\u0131 (2083, 8443, 2222 vb.) herkese a\u00e7mak yerine, yaln\u0131zca bu VPN a\u011f\u0131 i\u00e7inden eri\u015filebilir hale getirerek \u00e7ok b\u00fcy\u00fck bir sald\u0131r\u0131 y\u00fczeyini devreden \u00e7\u0131karm\u0131\u015f olursunuz.<\/p>\n<p>VPN\u2019in faydalar\u0131n\u0131 k\u0131saca \u00f6zetleyelim:<\/p>\n<ul>\n<li>T\u00fcm trafik (panel, SSH, RDP) internet \u00fczerinden \u015fifreli akar.<\/li>\n<li>Panel portlar\u0131 sadece VPN i\u00e7 IP\u2019lerinden eri\u015filebilir; d\u0131\u015far\u0131dan bak\u0131nca &#8220;kapal\u0131&#8221; g\u00f6r\u00fcn\u00fcr.<\/li>\n<li>Eri\u015fim IP\u2019si kullan\u0131c\u0131 cihaz\u0131na g\u00f6re de\u011fil, VPN sunucusuna g\u00f6re sabitlenir; firewall y\u00f6netimi basitle\u015fir.<\/li>\n<li>Kullan\u0131c\u0131 ayr\u0131nt\u0131lar\u0131n\u0131 (kim ba\u011fland\u0131, ne zaman ba\u011fland\u0131) VPN seviyesinde loglayabilirsiniz.<\/li>\n<\/ul>\n<p>VPN kavram\u0131na yabanc\u0131ysan\u0131z, temel mant\u0131\u011f\u0131 ve senaryolar\u0131 <a href=\"https:\/\/www.dchost.com\/blog\/sanal-ozel-ag-vpn-nedir-guvenli-internet-kullanimi-icin-onemi\/\">VPN nedir ve neden \u00f6nemlidir<\/a> yaz\u0131m\u0131zda daha geni\u015f bir \u00e7er\u00e7evede anlatt\u0131k; bu makalede ise oda\u011f\u0131 tamamen panel eri\u015fimine \u00e7ekiyoruz.<\/p>\n<h3><span id=\"Bastion_host_jump_server_nedir\">Bastion host (jump server) nedir?<\/span><\/h3>\n<p><strong>Bastion host<\/strong>, di\u011fer sunuculara eri\u015fmek i\u00e7in &#8220;atlama ta\u015f\u0131&#8221; olarak kulland\u0131\u011f\u0131n\u0131z, g\u00fcvenli\u011fi ekstra s\u0131k\u0131la\u015ft\u0131r\u0131lm\u0131\u015f \u00f6zel bir sunucudur. Genellikle \u015fu ama\u00e7la kullan\u0131l\u0131r:<\/p>\n<ul>\n<li>SSH veya RDP ba\u011flant\u0131lar\u0131n\u0131n tek bir noktadan ge\u00e7mesini sa\u011flamak<\/li>\n<li>Ekip \u00fcyelerinin do\u011frudan \u00fcretim sunucular\u0131na de\u011fil, \u00f6nce bastion\u2019a ba\u011flanmas\u0131n\u0131 zorunlu k\u0131lmak<\/li>\n<li>Komut ge\u00e7mi\u015fini, oturumlar\u0131 ve aktiviteleri daha kolay loglayabilmek<\/li>\n<\/ul>\n<p>VPN ve bastion host\u2019u birlikte d\u00fc\u015f\u00fcnd\u00fc\u011f\u00fcn\u00fczde tipik ak\u0131\u015f \u015f\u00f6yle olur:<\/p>\n<ol>\n<li>Kullan\u0131c\u0131 \u015firket bilgisayar\u0131ndan VPN\u2019e ba\u011flan\u0131r.<\/li>\n<li>VPN a\u011f\u0131 \u00fczerinden bastion host\u2019a SSH ile ba\u011flan\u0131r.<\/li>\n<li>Bastion host \u00fczerinden hedef panele (\u00f6rne\u011fin https:\/\/panel_ic_ip:2083) veya hedef sunucuya SSH t\u00fcneli a\u00e7ar.<\/li>\n<\/ol>\n<p>B\u00f6ylece paneliniz ve sunucular\u0131n\u0131z hi\u00e7bir zaman do\u011frudan internete a\u00e7\u0131lmaz; sadece VPN ve bastion \u00fczerinden eri\u015filebilir.<\/p>\n<h3><span id=\"Hosting_panelleri_icin_tipik_erisim_akisi\">Hosting panelleri i\u00e7in tipik eri\u015fim ak\u0131\u015f\u0131<\/span><\/h3>\n<p>Pratikte, DCHost \u00fczerinde bir VPS veya dedicated sunucu kullan\u0131yorsan\u0131z \u015fu yap\u0131y\u0131 hedefleyebilirsiniz:<\/p>\n<ul>\n<li>Panel y\u00fckl\u00fc sunucular\u0131n y\u00f6netim portlar\u0131 (cPanel, Plesk, phpMyAdmin, SSH) yaln\u0131zca <strong>VPN a\u011f\u0131<\/strong> veya <strong>bastion host IP\u2019si<\/strong> \u00fczerinden eri\u015filebilir.<\/li>\n<li>SSH ba\u011flant\u0131lar\u0131 do\u011frudan sunuculara de\u011fil, bastion host \u00fczerinden ge\u00e7er.<\/li>\n<li>Her ekip \u00fcyesi i\u00e7in ayr\u0131 SSH anahtar\u0131 ve kullan\u0131c\u0131 hesab\u0131 kullan\u0131l\u0131r; \u015fifre ile giri\u015f kapal\u0131d\u0131r.<\/li>\n<li>T\u00fcm bu eri\u015fimler hem bastion\u2019da hem de panel loglar\u0131nda tutulur.<\/li>\n<\/ul>\n<p>SSH anahtarlar\u0131 ve \u00e7ok kullan\u0131c\u0131l\u0131 eri\u015fim tasar\u0131m\u0131 konusunda daha \u00f6nce haz\u0131rlad\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/ssh-anahtar-yonetimi-ve-yetki-paylasimi-kucuk-ekipler-icin-guvenli-vps-erisimi\/\">SSH anahtar y\u00f6netimi ve yetki payla\u015f\u0131m\u0131 rehberi<\/a> bu mimarinin \u00f6nemli tamamlay\u0131c\u0131lar\u0131ndan biridir.<\/p>\n<h2><span id=\"Ornek_Mimari_DCHost_Uzerindeki_cPanelPlesk_Sunucularini_Koruma\">\u00d6rnek Mimari: DCHost \u00dczerindeki cPanel\/Plesk Sunucular\u0131n\u0131 Koruma<\/span><\/h2>\n<p>\u015eimdi teoriyi somutla\u015ft\u0131ral\u0131m ve DCHost altyap\u0131s\u0131nda \u00e7al\u0131\u015fan bir senaryoyu ele alal\u0131m. Varsayal\u0131m ki:<\/p>\n<ul>\n<li>1 adet VPN + bastion host olarak kullanaca\u011f\u0131n\u0131z DCHost VPS\u2019iniz var.<\/li>\n<li>2 adet de cPanel veya Plesk kurulu <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">web hosting<\/a> sunucunuz var.<\/li>\n<\/ul>\n<p>Hedefimiz \u015fu olsun: Bu iki panel sunucusuna yaln\u0131zca VPN\u2019e ba\u011flanm\u0131\u015f kullan\u0131c\u0131lar ve bastion host \u00fczerinden eri\u015filebilsin; internette rastgele bir IP panel login sayfas\u0131n\u0131 g\u00f6remesin.<\/p>\n<h3><span id=\"Ag_ve_firewall_tasarimi\">A\u011f ve firewall tasar\u0131m\u0131<\/span><\/h3>\n<p>Basitle\u015ftirilmi\u015f bir IP plan\u0131 d\u00fc\u015f\u00fcnelim:<\/p>\n<ul>\n<li>VPN + bastion VPS: 10.0.0.10 (\u00f6zel VPN i\u00e7 IP\u2019si)<\/li>\n<li>Web sunucusu 1 (cPanel): 10.0.1.10<\/li>\n<li>Web sunucusu 2 (Plesk): 10.0.1.11<\/li>\n<\/ul>\n<p>G\u00fcvenlik kurallar\u0131:<\/p>\n<ul>\n<li>Web sunucular\u0131nda panel portlar\u0131 (\u00f6rne\u011fin 2083, 2087, 8443) sadece 10.0.0.0\/24 VPN a\u011f\u0131na izin verir.<\/li>\n<li>SSH portu sadece 10.0.0.10 (bastion host) IP\u2019sine izin verir.<\/li>\n<li>HTTP\/HTTPS (80, 443) t\u00fcm d\u00fcnyaya a\u00e7\u0131kt\u0131r; \u00e7\u00fcnk\u00fc sitelerin ziyaret edilebilir olmas\u0131 gerekir.<\/li>\n<\/ul>\n<p>Bunu DCHost VPS veya dedicated sunucular\u0131n\u0131zda iptables, nftables, ufw veya firewalld ile uygulayabilirsiniz. G\u00fcvenlik duvar\u0131 taraf\u0131nda daha detayl\u0131 bir sertle\u015ftirme yapmak isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/vps-guvenlik-sertlestirme-kontrol-listesi-sshd_config-fail2ban-ve-root-erisimini-kapatmak\/\">VPS g\u00fcvenlik sertle\u015ftirme kontrol listesi<\/a> yaz\u0131s\u0131ndaki ad\u0131mlar g\u00fczel bir ba\u015flang\u0131\u00e7 olur.<\/p>\n<h3><span id=\"Kucuk_ekipler_icin_tek_VPN_bastion_host_senaryosu\">K\u00fc\u00e7\u00fck ekipler i\u00e7in tek VPN + bastion host senaryosu<\/span><\/h3>\n<p>3\u20135 ki\u015filik bir ekip i\u00e7in mimariyi \u00e7ok karma\u015f\u0131kla\u015ft\u0131rman\u0131za gerek yok. \u015eu yap\u0131 \u00e7o\u011fu zaman yeterli ve s\u00fcrd\u00fcr\u00fclebilir oluyor:<\/p>\n<ul>\n<li>Tek bir DCHost VPS \u00fczerine VPN sunucusu (\u00f6rne\u011fin WireGuard veya OpenVPN) kurulumu<\/li>\n<li>Ayn\u0131 VPS\u2019i bastion host olarak konumland\u0131rma (SSH, mosh vb. sadece bu sunucuda a\u00e7\u0131k)<\/li>\n<li>Her ekip \u00fcyesi i\u00e7in ayr\u0131 VPN hesab\u0131 ve ayr\u0131 SSH anahtar\u0131<\/li>\n<li>Panel sunucular\u0131n\u0131n y\u00f6netim portlar\u0131n\u0131 sadece VPN a\u011f\u0131na a\u00e7ma<\/li>\n<\/ul>\n<p>Bu yap\u0131da g\u00fcvenli\u011finizin k\u0131r\u0131lma noktas\u0131, VPN sunucunuz ve bastion host\u2019unuz oluyor. Dolay\u0131s\u0131yla:<\/p>\n<ul>\n<li>Bastion\u2019da root ile do\u011frudan giri\u015f kapal\u0131 olmal\u0131.<\/li>\n<li>T\u00fcm kullan\u0131c\u0131lar sudoers \u00fczerinden yetkili olmal\u0131; kimin ne yapt\u0131\u011f\u0131 loglanmal\u0131.<\/li>\n<li>Fail2ban gibi ara\u00e7larla yanl\u0131\u015f parola denemeleri ve brute-force sald\u0131r\u0131lar\u0131 engellenmeli.<\/li>\n<\/ul>\n<h3><span id=\"Ajanslar_ve_coklu_musteri_panelleri_icin_katmanli_mimari\">Ajanslar ve \u00e7oklu m\u00fc\u015fteri panelleri i\u00e7in katmanl\u0131 mimari<\/span><\/h3>\n<p>10\u2019larca m\u00fc\u015fteri paneli y\u00f6neten ajans ve freelancer ekipleri i\u00e7in bir \u00fcst seviye mimari gerekiyor. \u00c7\u00fcnk\u00fc hem eri\u015fim payla\u015f\u0131m\u0131 hem de &#8220;kimin neye yetkisi var&#8221; sorusu daha karma\u015f\u0131k hale geliyor.<\/p>\n<p>Bu senaryoda \u00f6nerdi\u011fimiz yakla\u015f\u0131m:<\/p>\n<ul>\n<li>VPN eri\u015fimini \u015firket i\u00e7i kimlik y\u00f6netimi (\u00f6rne\u011fin kurumsal e-posta, SSO) ile entegre etmek.<\/li>\n<li>Belli m\u00fc\u015fteri gruplar\u0131 i\u00e7in farkl\u0131 VPN profilleri ve farkl\u0131 yetki seviyeleri olu\u015fturmak.<\/li>\n<li>Stajyer, d\u0131\u015f ajans, freelance geli\u015ftirici gibi d\u0131\u015f rolleri <strong>sadece bastion \u00fczerinden<\/strong> ve zaman s\u0131n\u0131rl\u0131 yetkilerle i\u00e7eri almak.<\/li>\n<\/ul>\n<p>Ajans bak\u0131\u015f a\u00e7\u0131s\u0131ndan panel eri\u015fim y\u00f6netimini daha geni\u015f \u00e7er\u00e7evede ele ald\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/ajanslar-icin-hosting-paneli-erisim-yonetimi-uygulanabilir-rehber\/\">ajanslar i\u00e7in hosting paneli eri\u015fim y\u00f6netimi rehberi<\/a> bu mimariyle olduk\u00e7a uyumludur. Oradaki kullan\u0131c\u0131\/rol tasar\u0131m\u0131n\u0131 VPN + bastion host katman\u0131na uyarlad\u0131\u011f\u0131n\u0131zda, hem teknik hem operasyonel olarak s\u00fcrd\u00fcr\u00fclebilir bir yap\u0131 elde edersiniz.<\/p>\n<h2><span id=\"Uygulama_Adimlari_Sifirdan_Guvenli_Erisim_Kurulumu\">Uygulama Ad\u0131mlar\u0131: S\u0131f\u0131rdan G\u00fcvenli Eri\u015fim Kurulumu<\/span><\/h2>\n<p>Konseptleri konu\u015ftuk, \u015fimdi ad\u0131m ad\u0131m nas\u0131l uygulanaca\u011f\u0131na bakal\u0131m. Buradaki ad\u0131mlar, DCHost \u00fczerindeki tipik bir Linux VPS\/dedicated senaryosuna g\u00f6re anlat\u0131l\u0131yor; kendi altyap\u0131n\u0131za uyarlarken portlar ve IP bloklar\u0131n\u0131 ihtiya\u00e7lar\u0131n\u0131za g\u00f6re de\u011fi\u015ftirebilirsiniz.<\/p>\n<h3><span id=\"1_Yonetim_agi_ve_IP_planini_netlestirin\">1. Y\u00f6netim a\u011f\u0131 ve IP plan\u0131n\u0131 netle\u015ftirin<\/span><\/h3>\n<p>\u0130lk i\u015f, ka\u011f\u0131t \u00fczerinde de olsa k\u00fc\u00e7\u00fck bir topoloji \u00e7izmek:<\/p>\n<ul>\n<li>VPN a\u011f\u0131 i\u00e7in kullanaca\u011f\u0131n\u0131z \u00f6zel IP blo\u011fu (\u00f6rne\u011fin 10.8.0.0\/24)<\/li>\n<li>Bastion host\u2019un hem VPN i\u00e7 IP\u2019si hem de d\u0131\u015f IP\u2019si<\/li>\n<li>Her panel sunucusunun i\u00e7 (varsa) ve d\u0131\u015f IP\u2019leri<\/li>\n<\/ul>\n<p>Daha sonra \u015fu karar\u0131 verin: Panel eri\u015fimi tamamen VPN a\u011f\u0131 \u00fczerinden mi olacak, yoksa bastion host \u00fczerinden SSH t\u00fcneli de kullanacak m\u0131s\u0131n\u0131z? K\u00fc\u00e7\u00fck ekiplerde do\u011frudan VPN a\u011f\u0131 \u00fczerinden panel a\u00e7mak pratik olurken, daha reg\u00fcle sekt\u00f6rlerde bastion \u00fczerinden zorunlu t\u00fcnel tercih ediliyor.<\/p>\n<h3><span id=\"2_VPN_sunucusunu_kurun_ve_istemci_profillerini_olusturun\">2. VPN sunucusunu kurun ve istemci profillerini olu\u015fturun<\/span><\/h3>\n<p>Se\u00e7ti\u011finiz protokole (WireGuard\/OpenVPN\/IPsec vb.) g\u00f6re bir VPN sunucusu kurup, her kullan\u0131c\u0131 i\u00e7in ayr\u0131 bir profil olu\u015fturun. Dikkat etmeniz gerekenler:<\/p>\n<ul>\n<li>Her kullan\u0131c\u0131ya benzersiz sertifika\/anahtar; payla\u015f\u0131ml\u0131 hesap yok.<\/li>\n<li>VPN \u00fczerinde split-tunnel m\u0131 (sadece belirli a\u011flara giden trafik) full-tunnel m\u0131 (t\u00fcm trafik) kullanaca\u011f\u0131n\u0131za karar verin.<\/li>\n<li>VPN loglar\u0131n\u0131 saklama s\u00fcresi, KVKK\/GDPR gereklilikleri ile uyumlu olsun.<\/li>\n<\/ul>\n<p>\u0130leride Zero Trust mimarilerine ge\u00e7mek isterseniz, VPN\u2019i sadece bir &#8220;ilk bariyer&#8221; olarak konumlay\u0131p, uygulama katman\u0131nda ek do\u011frulamalar ekleyebilirsiniz.<\/p>\n<h3><span id=\"3_Bastion_hostu_sertlestirin\">3. Bastion host\u2019u sertle\u015ftirin<\/span><\/h3>\n<p>Bastion host, t\u00fcm SSH ba\u011flant\u0131lar\u0131n\u0131z\u0131n ge\u00e7ti\u011fi tek nokta oldu\u011fu i\u00e7in ekstra \u00f6zen ister:<\/p>\n<ul>\n<li>\u015eifre ile giri\u015f tamamen kapal\u0131 olmal\u0131; sadece SSH anahtar\u0131 kabul edilmeli.<\/li>\n<li>Her ki\u015fi i\u00e7in ayr\u0131 kullan\u0131c\u0131 hesab\u0131 ve ayr\u0131 SSH anahtar\u0131 olmal\u0131.<\/li>\n<li>sudoers dosyas\u0131nda kimin hangi komutlar\u0131 \u00e7al\u0131\u015ft\u0131rabilece\u011fi net tan\u0131mlanmal\u0131.<\/li>\n<li>Fail2ban veya benzeri ara\u00e7larla ba\u015far\u0131s\u0131z giri\u015f denemeleri engellenmeli.<\/li>\n<li>SSH portu m\u00fcmk\u00fcnse varsay\u0131lan 22 d\u0131\u015f\u0131nda bir porta ta\u015f\u0131nmal\u0131 (tek ba\u015f\u0131na \u00e7\u00f6z\u00fcm de\u011fil ama g\u00fcr\u00fclt\u00fcy\u00fc azalt\u0131r).<\/li>\n<\/ul>\n<p>Bu noktada bastion host, sadece i\u00e7eriye ge\u00e7i\u015f noktas\u0131d\u0131r; \u00fczerinde uygulama veya panel bar\u0131nd\u0131rmamak, sadece y\u00f6netim i\u00e7in kullanmak iyi bir pratiktir.<\/p>\n<h3><span id=\"4_Panel_sunucularinda_firewall_ve_servis_erisim_kurallari\">4. Panel sunucular\u0131nda firewall ve servis eri\u015fim kurallar\u0131<\/span><\/h3>\n<p>\u015eimdi i\u015fin kritik k\u0131sm\u0131na geliyoruz: Panel sunucular\u0131n\u0131 internette g\u00f6r\u00fcnmez hale getirmek.<\/p>\n<ul>\n<li>cPanel kullan\u0131yorsan\u0131z 2083, 2087; Plesk kullan\u0131yorsan\u0131z 8443 gibi panel portlar\u0131n\u0131 sadece VPN a\u011f\u0131na (\u00f6rne\u011fin 10.8.0.0\/24) ve\/veya bastion IP\u2019sine a\u00e7\u0131n.<\/li>\n<li>SSH eri\u015fimini do\u011frudan d\u0131\u015f IP\u2019den kapat\u0131p, sadece bastion i\u00e7 IP\u2019sinden eri\u015filebilir hale getirin.<\/li>\n<li>phpMyAdmin, adminer vb. veritaban\u0131 aray\u00fczlerini de ayn\u0131 prensiple sadece VPN \u00fczerinden eri\u015filebilir yap\u0131n.<\/li>\n<\/ul>\n<p>B\u00f6ylece sald\u0131rganlar port taramas\u0131 yapt\u0131\u011f\u0131nda, yaln\u0131zca 80\/443 gibi herkese a\u00e7\u0131k olmas\u0131 gereken servisleri g\u00f6r\u00fcr; panel giri\u015f ekranlar\u0131 ve sunucu y\u00f6netim portlar\u0131 tamamen saklanm\u0131\u015f olur.<\/p>\n<h3><span id=\"5_Kullanici_erisim_politikalari_ve_on-boarding_off-boarding\">5. Kullan\u0131c\u0131 eri\u015fim politikalar\u0131 ve on-boarding \/ off-boarding<\/span><\/h3>\n<p>Teknik kurgu kadar \u00f6nemli bir nokta da insan fakt\u00f6r\u00fcd\u00fcr. \u00d6zellikle ajanslar, yaz\u0131l\u0131m ekipleri ve d\u0131\u015f kaynaklarla \u00e7al\u0131\u015fan \u015firketlerde \u015fu s\u00fcre\u00e7leri oturtmak \u00e7ok kritik:<\/p>\n<ul>\n<li>Yeni bir ekip \u00fcyesi geldi\u011finde; VPN hesab\u0131, bastion kullan\u0131c\u0131 hesab\u0131 ve panel yetkileri tek bir s\u00fcre\u00e7te tan\u0131mlanmal\u0131.<\/li>\n<li>Ekipten ayr\u0131lan biri oldu\u011funda; VPN, bastion ve panel eri\u015fimleri ayn\u0131 g\u00fcn kapat\u0131lmal\u0131.<\/li>\n<li>Ge\u00e7ici yetkiler (\u00f6rne\u011fin freelancer geli\u015ftirici) i\u00e7in biti\u015f tarihi olan eri\u015fimler tan\u0131mlanmal\u0131.<\/li>\n<\/ul>\n<p>Bunlar\u0131 otomasyona ba\u011flad\u0131\u011f\u0131n\u0131zda, mimariniz sadece g\u00fcvenli de\u011fil, ayn\u0131 zamanda y\u00f6netilebilir hale gelir.<\/p>\n<h2><span id=\"Gelismis_Guvenlik_Katmanlari_Zero_Trust_mTLS_ve_Port_Acmadan_Yonetim\">Geli\u015fmi\u015f G\u00fcvenlik Katmanlar\u0131: Zero Trust, mTLS ve Port A\u00e7madan Y\u00f6netim<\/span><\/h2>\n<p>VPN + bastion host yap\u0131s\u0131 sizi klasik sald\u0131r\u0131lar\u0131n \u00f6nemli k\u0131sm\u0131ndan korur. Ancak reg\u00fclasyonlar\u0131n s\u0131k\u0131 oldu\u011fu sekt\u00f6rlerde (finans, sa\u011fl\u0131k, hukuk vb.) veya \u00e7ok kritik SaaS altyap\u0131lar\u0131nda, bir ad\u0131m daha ileri gitmek isteyebilirsiniz.<\/p>\n<h3><span id=\"Zero_Trust_prensiplerini_uygulamak\">Zero Trust prensiplerini uygulamak<\/span><\/h3>\n<p>Zero Trust yakla\u015f\u0131m\u0131nda temel fikir, hi\u00e7bir a\u011fa do\u011fu\u015ftan g\u00fcvenmemektir; VPN a\u011f\u0131 da buna dahildir. Yani:<\/p>\n<ul>\n<li>VPN\u2019e ba\u011fl\u0131 olmak tek ba\u015f\u0131na yeterli olmaz; panel seviyesinde ek do\u011frulamalar (2FA, IP k\u0131s\u0131tlama, cihaz kontrol\u00fc) uygulan\u0131r.<\/li>\n<li>Her istekte kimlik ve ba\u011flam tekrar de\u011ferlendirilir.<\/li>\n<li>Uygulama bazl\u0131 eri\u015fim verilir (sadece ilgili panele, sadece ilgili siteye vb.).<\/li>\n<\/ul>\n<p>Bunu ad\u0131m ad\u0131m uygulamak i\u00e7in, bahsetti\u011fimiz <a href=\"https:\/\/www.dchost.com\/blog\/zero-trust-ile-hosting-ve-sunucu-erisimini-guvenceye-almak\/\">Zero Trust ile hosting ve sunucu eri\u015fimini g\u00fcvenceye alma<\/a> yaz\u0131s\u0131ndaki prensipleri panel eri\u015fimi \u00f6zelinde yeniden yorumlayabilirsiniz.<\/p>\n<h3><span id=\"mTLS_ile_yonetim_trafigini_karsilikli_kimlik_dogrulama_ile_korumak\">mTLS ile y\u00f6netim trafi\u011fini kar\u015f\u0131l\u0131kl\u0131 kimlik do\u011frulama ile korumak<\/span><\/h3>\n<p>Bir \u00fcst seviye olarak, bastion host ile panel sunucular\u0131 aras\u0131ndaki trafi\u011fi <strong>mTLS (kar\u015f\u0131l\u0131kl\u0131 TLS)<\/strong> ile koruyabilirsiniz. Bu modelde, sadece sunucu de\u011fil, istemci (bastion) de sertifika sunar ve kar\u015f\u0131l\u0131kl\u0131 do\u011frulama yap\u0131l\u0131r. B\u00f6ylece:<\/p>\n<ul>\n<li>Yanl\u0131\u015f bir bastion host\u2019tan gelen trafik i\u00e7eri al\u0131nmaz.<\/li>\n<li>Panel veya y\u00f6netim aray\u00fczlerine eri\u015fen her ba\u011flant\u0131n\u0131n ger\u00e7ekten sizin kontrol\u00fcn\u00fczdeki bir makineden geldi\u011finden emin olursunuz.<\/li>\n<\/ul>\n<p>Y\u00f6netim panellerini mTLS ile koruman\u0131n ad\u0131mlar\u0131n\u0131 ayr\u0131 bir yaz\u0131da detayl\u0131ca anlatt\u0131k; <a href=\"https:\/\/www.dchost.com\/blog\/yonetim-panellerini-mtls-ile-nasil-kale-gibi-korursun-nginxte-istemci-sertifikalari-adim-adim\/\">y\u00f6netim panellerini mTLS ile kale gibi koruma rehberi<\/a> bu makalede anlatt\u0131\u011f\u0131m\u0131z VPN + bastion mimarisinin \u00fczerine kurulabilecek g\u00fc\u00e7l\u00fc bir ikinci katmand\u0131r.<\/p>\n<h3><span id=\"Port_acmadan_yonetim_Tunel_tabanli_erisim_cozumleri\">Port a\u00e7madan y\u00f6netim: T\u00fcnel tabanl\u0131 eri\u015fim \u00e7\u00f6z\u00fcmleri<\/span><\/h3>\n<p>Baz\u0131 yap\u0131larda, DCHost \u00fczerindeki VPS veya dedicated sunucular\u0131n\u0131za hi\u00e7bir y\u00f6netim portunun internete a\u00e7\u0131lmamas\u0131 tercih edilebilir. Bu durumda:<\/p>\n<ul>\n<li>VPN veya ajan tabanl\u0131 t\u00fcnel \u00e7\u00f6z\u00fcmleriyle, i\u00e7eriden d\u0131\u015far\u0131ya kurulan ba\u011flant\u0131lar \u00fczerinden y\u00f6netim eri\u015fimi sa\u011flan\u0131r.<\/li>\n<li>Firewall\u2019da inbound port a\u00e7ma ihtiyac\u0131 minimuma iner.<\/li>\n<\/ul>\n<p>Bu yakla\u015f\u0131m\u0131, \u00f6zellikle &#8220;port a\u00e7madan yay\u0131n&#8221; konusunu anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/port-acmadan-yayin-nasil-mumkun-cloudflare-tunnel-zero-trust-mtls-ve-accessi-adim-adim\/\">port a\u00e7madan yay\u0131n ve Zero Trust t\u00fcnel mimarisi<\/a> yaz\u0131m\u0131zla birlikte d\u00fc\u015f\u00fcn\u00fcrseniz, panel eri\u015fimini neredeyse tamamen kapal\u0131 bir kutuya \u00e7evirebilirsiniz.<\/p>\n<h2><span id=\"Operasyonel_En_Iyi_Uygulamalar_Loglama_Izleme_ve_Erisim_Denetimleri\">Operasyonel En \u0130yi Uygulamalar: Loglama, \u0130zleme ve Eri\u015fim Denetimleri<\/span><\/h2>\n<p>Sadece mimariyi kurmak yetmez; bu yap\u0131n\u0131n s\u00fcrekli do\u011fru ve sa\u011fl\u0131kl\u0131 \u00e7al\u0131\u015ft\u0131\u011f\u0131ndan emin olman\u0131z gerekir. Bunun i\u00e7in pratikte \u015fu ba\u015fl\u0131klara odaklanman\u0131z\u0131 \u00f6neririz:<\/p>\n<h3><span id=\"Merkezi_loglama_ve_saklama_sureleri\">Merkezi loglama ve saklama s\u00fcreleri<\/span><\/h3>\n<p>VPN, bastion host ve panel sunucular\u0131 \u00fczerindeki eri\u015fim loglar\u0131n\u0131 merkezi bir yerde toplamak, olay an\u0131nda hayat kurtar\u0131r:<\/p>\n<ul>\n<li>VPN ba\u011flant\u0131 loglar\u0131: Kim, ne zaman, hangi IP\u2019den ba\u011fland\u0131?<\/li>\n<li>Bastion SSH loglar\u0131: Hangi kullan\u0131c\u0131 hangi sunucuya eri\u015fti, hangi komutlar\u0131 \u00e7al\u0131\u015ft\u0131rd\u0131?<\/li>\n<li>Panel eri\u015fim loglar\u0131: Hangi panel hesab\u0131, hangi IP\u2019den, ne zaman giri\u015f yapt\u0131?<\/li>\n<\/ul>\n<p>Bu loglar i\u00e7in saklama s\u00fcrelerini belirlerken hem KVKK\/GDPR hem de i\u00e7 denetim ihtiya\u00e7lar\u0131n\u0131z\u0131 dengeleyin. Gerekiyorsa belirli alanlar\u0131 (IP adresi gibi) anonimle\u015ftirme y\u00f6ntemleriyle saklayabilirsiniz.<\/p>\n<h3><span id=\"Duzenli_erisim_gozden_gecirme_access_review\">D\u00fczenli eri\u015fim g\u00f6zden ge\u00e7irme (access review)<\/span><\/h3>\n<p>Zamanla VPN profilleri, bastion kullan\u0131c\u0131lar\u0131 ve panel hesaplar\u0131 birikir. \u00dc\u00e7 ayda bir yap\u0131lacak basit bir eri\u015fim g\u00f6zden ge\u00e7irme bile ciddi riskleri ortadan kald\u0131r\u0131r:<\/p>\n<ul>\n<li>Art\u0131k \u015firkette olmayanlar h\u00e2l\u00e2 VPN\/bastion eri\u015fimine sahip mi?<\/li>\n<li>Ge\u00e7ici olarak a\u00e7\u0131lan eri\u015fimler (freelancer, dan\u0131\u015fman) kapat\u0131ld\u0131 m\u0131?<\/li>\n<li>Yetki seviyesi gereksiz yere y\u00fcksek olan kullan\u0131c\u0131lar var m\u0131?<\/li>\n<\/ul>\n<p>Bu s\u00fcreci ticket veya g\u00f6rev y\u00f6netim sisteminizle entegre etmek, denetlenebilirlik a\u00e7\u0131s\u0131ndan art\u0131 puan kazand\u0131r\u0131r.<\/p>\n<h3><span id=\"Felaket_senaryolari_ve_acil_durum_erisim_plani\">Felaket senaryolar\u0131 ve acil durum eri\u015fim plan\u0131<\/span><\/h3>\n<p>VPN sunucusu veya bastion host\u2019un devre d\u0131\u015f\u0131 kalmas\u0131 durumunda panele eri\u015fememek, acil durumda i\u015fleri zorla\u015ft\u0131rabilir. Bu y\u00fczden:<\/p>\n<ul>\n<li>\u0130kincil bir VPN veya bastion host i\u00e7in haz\u0131r bir plan\u0131n\u0131z olsun.<\/li>\n<li>&#8220;Break-glass&#8221; dedi\u011fimiz, sadece acil durumda kullan\u0131lan \u00f6zel bir eri\u015fim mekanizmas\u0131n\u0131 tan\u0131mlay\u0131n; bu hesap normalde kilitli olsun.<\/li>\n<li>Bu senaryolar\u0131 y\u0131lda en az bir kez tatbikat \u015feklinde test edin.<\/li>\n<\/ul>\n<p>B\u00f6ylece g\u00fcvenlik u\u011fruna eri\u015filebilirli\u011fi tamamen feda etmemi\u015f olursunuz; iki u\u00e7 aras\u0131nda dengeli bir mimari kurars\u0131n\u0131z.<\/p>\n<h2><span id=\"Sonuc_Panel_Erisimini_Internetten_Cekmek_En_Kolay_Kazanc\">Sonu\u00e7: Panel Eri\u015fimini \u0130nternetten \u00c7ekmek En Kolay Kazan\u00e7<\/span><\/h2>\n<p>Bug\u00fcnk\u00fc sald\u0131r\u0131 ortam\u0131nda, hosting panellerini do\u011frudan internete a\u00e7\u0131k b\u0131rakmak, sald\u0131rganlara gereksiz konfor sunmak anlam\u0131na geliyor. \u015eifreleri g\u00fc\u00e7lendirmek, 2FA a\u00e7mak, WAF kurmak elbette \u00f6nemli; ancak en b\u00fcy\u00fck kazan\u0131m\u0131, panel eri\u015fimini sald\u0131rganlar\u0131n g\u00f6remeyece\u011fi bir katmana ta\u015f\u0131makla elde ediyorsunuz. <strong>VPN + bastion host<\/strong> mimarisi, tam da bu noktada d\u00fc\u015f\u00fck maliyetle y\u00fcksek g\u00fcvenlik sa\u011flayan, pratik ve denenmi\u015f bir \u00e7\u00f6z\u00fcm.<\/p>\n<p>DCHost \u00fczerinde kulland\u0131\u011f\u0131n\u0131z VPS, dedicated sunucu veya colocation altyap\u0131n\u0131zda; panel portlar\u0131n\u0131 yaln\u0131zca VPN a\u011f\u0131na a\u00e7arak, SSH eri\u015fimini sadece bastion \u00fczerinden vererek ve \u00fczerine Zero Trust ile mTLS gibi ileri seviye katmanlar ekleyerek, hem teknik hem hukuki a\u00e7\u0131dan i\u00e7inizin daha rahat oldu\u011fu bir ortam kurabilirsiniz. E\u011fer mimarinizi tasarlarken tak\u0131ld\u0131\u011f\u0131n\u0131z noktalar olursa, a\u011f ve g\u00fcvenlik odakl\u0131 di\u011fer rehberlerimize g\u00f6z atabilir veya DCHost teknik ekibinden yard\u0131m isteyebilirsiniz.<\/p>\n<p>\u00d6zetle: Panelinizi internete a\u00e7\u0131k b\u0131rakmak zorunda de\u011filsiniz. K\u00fc\u00e7\u00fck bir planlama, bir VPS \u00fczerinde kurulacak hafif bir VPN + bastion host ve disiplinli eri\u015fim y\u00f6netimiyle, bug\u00fcn en s\u0131k istismar edilen sald\u0131r\u0131 y\u00fczeylerinden birini g\u00f6r\u00fcnmez hale getirebilirsiniz.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Hosting paneliniz (cPanel, DirectAdmin, Plesk vb.) do\u011frudan internete a\u00e7\u0131k oldu\u011funda, asl\u0131nda t\u00fcm altyap\u0131n\u0131z\u0131n kalbini herkesin g\u00f6rebilece\u011fi bir kap\u0131ya d\u00f6n\u00fc\u015ft\u00fcrm\u00fc\u015f oluyorsunuz. G\u00fcvenlik denetimi yapt\u0131\u011f\u0131m\u0131z pek \u00e7ok projede, g\u00fc\u00e7l\u00fc \u015fifreler, 2FA ve WAF kural setleri kurulmu\u015f olsa bile, panel portlar\u0131n\u0131n herkese a\u00e7\u0131k kald\u0131\u011f\u0131n\u0131 ve botlar taraf\u0131ndan s\u00fcrekli tarand\u0131\u011f\u0131n\u0131 g\u00f6r\u00fcyoruz. \u00d6zellikle ajanslar, SaaS ekipleri ve \u00e7oklu sunucu y\u00f6neten [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":4975,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-4974","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4974","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=4974"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/4974\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/4975"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=4974"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=4974"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=4974"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}