[{"data":1,"prerenderedAt":1431},["ShallowReactive",2],{"blog-kvkk-uyumlu-guvenlik-duvari-kurumsal-ag":3},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"readMin":11,"tags":12,"slug":18,"body":19,"_type":1425,"_id":1426,"_source":1427,"_file":1428,"_stem":1429,"_extension":1430},"\u002Fblog\u002Fkvkk-uyumlu-guvenlik-duvari-kurumsal-ag","blog",false,"","KVKK Uyumlu Güvenlik Duvarı Yapılandırması: Kurumsal Ağlarda Neler Yapılmalı?","KVKK kapsamında güvenlik duvarı (firewall) nasıl yapılandırılmalı? Kişisel veri akışlarının kontrolü, segment izolasyonu, log yükümlülüğü ve denetim için teknik adımlar.","2026-06-16",10,[13,14,15,16,17],"Siber Güvenlik","KVKK","Firewall","Ağ Güvenliği","Uyumluluk","kvkk-uyumlu-guvenlik-duvari-kurumsal-ag",{"type":20,"children":21,"toc":1407},"root",[22,30,35,42,47,72,77,81,87,92,99,109,114,120,303,306,312,325,331,479,485,497,687,690,696,708,713,741,747,837,913,930,933,939,944,1052,1062,1065,1071,1076,1084,1107,1161,1164,1170,1175,1183,1317,1320,1326,1331,1385,1388,1401],{"type":23,"tag":24,"props":25,"children":26},"element","p",{},[27],{"type":28,"value":29},"text","KVKK denetimlerinde en sık karşılaştığımız soru şu: \"Kişisel veriye erişimi nasıl kontrol ediyorsunuz?\" Birçok kurumun cevabı \"antivirüs var, firewall var\" oluyor — ancak bu yeterli değil.",{"type":23,"tag":24,"props":31,"children":32},{},[33],{"type":28,"value":34},"KVKK, teknik güvenlik önlemlerini somut olarak zorunlu kılar. Güvenlik duvarı yapılandırması bu önlemlerin merkezindedir. İşte teknik detaylar.",{"type":23,"tag":36,"props":37,"children":39},"h2",{"id":38},"kvkknın-teknik-yükümlülükleri",[40],{"type":28,"value":41},"KVKK'nın Teknik Yükümlülükleri",{"type":23,"tag":24,"props":43,"children":44},{},[45],{"type":28,"value":46},"6698 sayılı Kanun'un 12. maddesi ve Kişisel Veri Güvenliği Rehberi, kurumlara şunları zorunlu kılar:",{"type":23,"tag":48,"props":49,"children":50},"ul",{},[51,57,62,67],{"type":23,"tag":52,"props":53,"children":54},"li",{},[55],{"type":28,"value":56},"Kişisel veriye yetkisiz erişimi engelleme",{"type":23,"tag":52,"props":58,"children":59},{},[60],{"type":28,"value":61},"Veri akışlarını izleme ve kayıt altına alma",{"type":23,"tag":52,"props":63,"children":64},{},[65],{"type":28,"value":66},"Ağ segmentasyonu ile kritik verileri izole etme",{"type":23,"tag":52,"props":68,"children":69},{},[70],{"type":28,"value":71},"Güncel tehditlerle başa çıkabilecek teknik önlemler",{"type":23,"tag":24,"props":73,"children":74},{},[75],{"type":28,"value":76},"Güvenlik duvarı bu gereksinimlerin tamamında merkezi rol oynar.",{"type":23,"tag":78,"props":79,"children":80},"hr",{},[],{"type":23,"tag":36,"props":82,"children":84},{"id":83},"_1-ağ-segmentasyonu-veriyi-i̇zole-et",[85],{"type":28,"value":86},"1. Ağ Segmentasyonu: Veriyi İzole Et",{"type":23,"tag":24,"props":88,"children":89},{},[90],{"type":28,"value":91},"KVKK denetimlerinde en çok sorun yaşanan alan: kişisel veri barındıran sistemlerin (CRM, İK, muhasebe, veritabanları) kurumsal ağın geri kalanıyla aynı düzlemde olması.",{"type":23,"tag":93,"props":94,"children":96},"h3",{"id":95},"önerilen-segment-yapısı",[97],{"type":28,"value":98},"Önerilen Segment Yapısı",{"type":23,"tag":100,"props":101,"children":103},"pre",{"code":102},"[İnternet]\n    │\n[DMZ — Web Sunucuları, API Gateway]\n    │\n[Firewall Katmanı]\n    │\n    ├── [Kullanıcı Ağı] — ofis bilgisayarları, yazıcılar\n    ├── [Sunucu Ağı] — genel iş uygulamaları\n    ├── [KV Ağı (Kişisel Veri)] — CRM, İK, veritabanları ← izole\n    └── [OT Ağı] — varsa üretim sistemleri\n",[104],{"type":23,"tag":105,"props":106,"children":107},"code",{"__ignoreMap":7},[108],{"type":28,"value":102},{"type":23,"tag":24,"props":110,"children":111},{},[112],{"type":28,"value":113},"\"KV Ağı\" segmenti yalnızca yetkili sistemlerden ve yetkili portlardan erişime açık olmalıdır. Bir kullanıcı bilgisayarının doğrudan CRM veritabanına bağlanabilmesi, KVKK ihlali için yeterli bir zayıflıktır.",{"type":23,"tag":93,"props":115,"children":117},{"id":116},"firewall-kural-örneği-iptables-nftables",[118],{"type":28,"value":119},"Firewall Kural Örneği (iptables \u002F nftables)",{"type":23,"tag":100,"props":121,"children":125},{"code":122,"language":123,"meta":7,"className":124,"style":7},"# KV segmentine yalnızca uygulama sunucusundan erişim\niptables -A FORWARD -s 10.10.1.0\u002F24 -d 10.10.50.0\u002F24 -j DROP      # kullanıcı ağından engelle\niptables -A FORWARD -s 10.10.2.10 -d 10.10.50.5 -p tcp --dport 5432 -j ACCEPT  # app sunucusuna izin\niptables -A FORWARD -d 10.10.50.0\u002F24 -j DROP                        # geri kalan her şeyi engelle\n","bash","language-bash shiki shiki-themes github-dark",[126],{"type":23,"tag":105,"props":127,"children":128},{"__ignoreMap":7},[129,141,198,266],{"type":23,"tag":130,"props":131,"children":134},"span",{"class":132,"line":133},"line",1,[135],{"type":23,"tag":130,"props":136,"children":138},{"style":137},"--shiki-default:#6A737D",[139],{"type":28,"value":140},"# KV segmentine yalnızca uygulama sunucusundan erişim\n",{"type":23,"tag":130,"props":142,"children":144},{"class":132,"line":143},2,[145,151,157,163,168,173,178,183,188,193],{"type":23,"tag":130,"props":146,"children":148},{"style":147},"--shiki-default:#B392F0",[149],{"type":28,"value":150},"iptables",{"type":23,"tag":130,"props":152,"children":154},{"style":153},"--shiki-default:#79B8FF",[155],{"type":28,"value":156}," -A",{"type":23,"tag":130,"props":158,"children":160},{"style":159},"--shiki-default:#9ECBFF",[161],{"type":28,"value":162}," FORWARD",{"type":23,"tag":130,"props":164,"children":165},{"style":153},[166],{"type":28,"value":167}," -s",{"type":23,"tag":130,"props":169,"children":170},{"style":159},[171],{"type":28,"value":172}," 10.10.1.0\u002F24",{"type":23,"tag":130,"props":174,"children":175},{"style":153},[176],{"type":28,"value":177}," -d",{"type":23,"tag":130,"props":179,"children":180},{"style":159},[181],{"type":28,"value":182}," 10.10.50.0\u002F24",{"type":23,"tag":130,"props":184,"children":185},{"style":153},[186],{"type":28,"value":187}," -j",{"type":23,"tag":130,"props":189,"children":190},{"style":159},[191],{"type":28,"value":192}," DROP",{"type":23,"tag":130,"props":194,"children":195},{"style":137},[196],{"type":28,"value":197},"      # kullanıcı ağından engelle\n",{"type":23,"tag":130,"props":199,"children":201},{"class":132,"line":200},3,[202,206,210,214,218,223,227,232,237,242,247,252,256,261],{"type":23,"tag":130,"props":203,"children":204},{"style":147},[205],{"type":28,"value":150},{"type":23,"tag":130,"props":207,"children":208},{"style":153},[209],{"type":28,"value":156},{"type":23,"tag":130,"props":211,"children":212},{"style":159},[213],{"type":28,"value":162},{"type":23,"tag":130,"props":215,"children":216},{"style":153},[217],{"type":28,"value":167},{"type":23,"tag":130,"props":219,"children":220},{"style":153},[221],{"type":28,"value":222}," 10.10.2.10",{"type":23,"tag":130,"props":224,"children":225},{"style":153},[226],{"type":28,"value":177},{"type":23,"tag":130,"props":228,"children":229},{"style":153},[230],{"type":28,"value":231}," 10.10.50.5",{"type":23,"tag":130,"props":233,"children":234},{"style":153},[235],{"type":28,"value":236}," -p",{"type":23,"tag":130,"props":238,"children":239},{"style":159},[240],{"type":28,"value":241}," tcp",{"type":23,"tag":130,"props":243,"children":244},{"style":153},[245],{"type":28,"value":246}," --dport",{"type":23,"tag":130,"props":248,"children":249},{"style":153},[250],{"type":28,"value":251}," 5432",{"type":23,"tag":130,"props":253,"children":254},{"style":153},[255],{"type":28,"value":187},{"type":23,"tag":130,"props":257,"children":258},{"style":159},[259],{"type":28,"value":260}," ACCEPT",{"type":23,"tag":130,"props":262,"children":263},{"style":137},[264],{"type":28,"value":265},"  # app sunucusuna izin\n",{"type":23,"tag":130,"props":267,"children":269},{"class":132,"line":268},4,[270,274,278,282,286,290,294,298],{"type":23,"tag":130,"props":271,"children":272},{"style":147},[273],{"type":28,"value":150},{"type":23,"tag":130,"props":275,"children":276},{"style":153},[277],{"type":28,"value":156},{"type":23,"tag":130,"props":279,"children":280},{"style":159},[281],{"type":28,"value":162},{"type":23,"tag":130,"props":283,"children":284},{"style":153},[285],{"type":28,"value":177},{"type":23,"tag":130,"props":287,"children":288},{"style":159},[289],{"type":28,"value":182},{"type":23,"tag":130,"props":291,"children":292},{"style":153},[293],{"type":28,"value":187},{"type":23,"tag":130,"props":295,"children":296},{"style":159},[297],{"type":28,"value":192},{"type":23,"tag":130,"props":299,"children":300},{"style":137},[301],{"type":28,"value":302},"                        # geri kalan her şeyi engelle\n",{"type":23,"tag":78,"props":304,"children":305},{},[],{"type":23,"tag":36,"props":307,"children":309},{"id":308},"_2-erişim-kontrol-kuralları-en-az-yetki-prensibi",[310],{"type":28,"value":311},"2. Erişim Kontrol Kuralları: En Az Yetki Prensibi",{"type":23,"tag":24,"props":313,"children":314},{},[315,317,323],{"type":28,"value":316},"KVKK'da \"kişisel veriye erişimin kısıtlanması\" yükümlülüğü, teknik olarak şu anlama gelir: ",{"type":23,"tag":318,"props":319,"children":320},"strong",{},[321],{"type":28,"value":322},"yalnızca ihtiyacı olan sisteme, ihtiyacı olan port üzerinden, ihtiyacı olan zamanlarda",{"type":28,"value":324}," erişim verilmeli.",{"type":23,"tag":93,"props":326,"children":328},{"id":327},"uygulama-katmanı-firewall-kuralları",[329],{"type":28,"value":330},"Uygulama Katmanı Firewall Kuralları",{"type":23,"tag":332,"props":333,"children":334},"table",{},[335,364],{"type":23,"tag":336,"props":337,"children":338},"thead",{},[339],{"type":23,"tag":340,"props":341,"children":342},"tr",{},[343,349,354,359],{"type":23,"tag":344,"props":345,"children":346},"th",{},[347],{"type":28,"value":348},"Kaynak",{"type":23,"tag":344,"props":350,"children":351},{},[352],{"type":28,"value":353},"Hedef",{"type":23,"tag":344,"props":355,"children":356},{},[357],{"type":28,"value":358},"Port",{"type":23,"tag":344,"props":360,"children":361},{},[362],{"type":28,"value":363},"İzin",{"type":23,"tag":365,"props":366,"children":367},"tbody",{},[368,392,414,436,456],{"type":23,"tag":340,"props":369,"children":370},{},[371,377,382,387],{"type":23,"tag":372,"props":373,"children":374},"td",{},[375],{"type":28,"value":376},"App Sunucu (10.10.2.10)",{"type":23,"tag":372,"props":378,"children":379},{},[380],{"type":28,"value":381},"DB Sunucu (10.10.50.5)",{"type":23,"tag":372,"props":383,"children":384},{},[385],{"type":28,"value":386},"5432\u002Ftcp",{"type":23,"tag":372,"props":388,"children":389},{},[390],{"type":28,"value":391},"✅",{"type":23,"tag":340,"props":393,"children":394},{},[395,400,405,409],{"type":23,"tag":372,"props":396,"children":397},{},[398],{"type":28,"value":399},"Yönetim Terminali",{"type":23,"tag":372,"props":401,"children":402},{},[403],{"type":28,"value":404},"DB Sunucu",{"type":23,"tag":372,"props":406,"children":407},{},[408],{"type":28,"value":386},{"type":23,"tag":372,"props":410,"children":411},{},[412],{"type":28,"value":413},"✅ (belirli IP)",{"type":23,"tag":340,"props":415,"children":416},{},[417,422,426,431],{"type":23,"tag":372,"props":418,"children":419},{},[420],{"type":28,"value":421},"İnternet \u002F DMZ",{"type":23,"tag":372,"props":423,"children":424},{},[425],{"type":28,"value":404},{"type":23,"tag":372,"props":427,"children":428},{},[429],{"type":28,"value":430},"Herhangi",{"type":23,"tag":372,"props":432,"children":433},{},[434],{"type":28,"value":435},"❌",{"type":23,"tag":340,"props":437,"children":438},{},[439,444,448,452],{"type":23,"tag":372,"props":440,"children":441},{},[442],{"type":28,"value":443},"Kullanıcı ağı",{"type":23,"tag":372,"props":445,"children":446},{},[447],{"type":28,"value":404},{"type":23,"tag":372,"props":449,"children":450},{},[451],{"type":28,"value":430},{"type":23,"tag":372,"props":453,"children":454},{},[455],{"type":28,"value":435},{"type":23,"tag":340,"props":457,"children":458},{},[459,464,469,474],{"type":23,"tag":372,"props":460,"children":461},{},[462],{"type":28,"value":463},"App Sunucu",{"type":23,"tag":372,"props":465,"children":466},{},[467],{"type":28,"value":468},"İnternet (dışarı)",{"type":23,"tag":372,"props":470,"children":471},{},[472],{"type":28,"value":473},"80, 443",{"type":23,"tag":372,"props":475,"children":476},{},[477],{"type":28,"value":478},"Sadece beyaz liste",{"type":23,"tag":93,"props":480,"children":482},{"id":481},"beyaz-liste-whitelist-yaklaşımı",[483],{"type":28,"value":484},"Beyaz Liste (Whitelist) Yaklaşımı",{"type":23,"tag":24,"props":486,"children":487},{},[488,490,495],{"type":28,"value":489},"Varsayılan davranış: ",{"type":23,"tag":318,"props":491,"children":492},{},[493],{"type":28,"value":494},"her şeyi engelle, yalnızca izin verilen trafiği geçir.",{"type":28,"value":496}," Birçok kurum tersini uygular — her şeyi geçirir, sorunlu trafiği engeller. Bu KVKK açısından savunulamaz.",{"type":23,"tag":100,"props":498,"children":500},{"code":499,"language":123,"meta":7,"className":124,"style":7},"# Varsayılan politika: DROP\niptables -P INPUT DROP\niptables -P FORWARD DROP\niptables -P OUTPUT DROP\n\n# Yalnızca gerekenler açık\niptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\niptables -A INPUT -s 10.10.0.0\u002F16 -p tcp --dport 443 -j ACCEPT\n",[501],{"type":23,"tag":105,"props":502,"children":503},{"__ignoreMap":7},[504,512,534,553,573,583,592,637],{"type":23,"tag":130,"props":505,"children":506},{"class":132,"line":133},[507],{"type":23,"tag":130,"props":508,"children":509},{"style":137},[510],{"type":28,"value":511},"# Varsayılan politika: DROP\n",{"type":23,"tag":130,"props":513,"children":514},{"class":132,"line":143},[515,519,524,529],{"type":23,"tag":130,"props":516,"children":517},{"style":147},[518],{"type":28,"value":150},{"type":23,"tag":130,"props":520,"children":521},{"style":153},[522],{"type":28,"value":523}," -P",{"type":23,"tag":130,"props":525,"children":526},{"style":159},[527],{"type":28,"value":528}," INPUT",{"type":23,"tag":130,"props":530,"children":531},{"style":159},[532],{"type":28,"value":533}," DROP\n",{"type":23,"tag":130,"props":535,"children":536},{"class":132,"line":200},[537,541,545,549],{"type":23,"tag":130,"props":538,"children":539},{"style":147},[540],{"type":28,"value":150},{"type":23,"tag":130,"props":542,"children":543},{"style":153},[544],{"type":28,"value":523},{"type":23,"tag":130,"props":546,"children":547},{"style":159},[548],{"type":28,"value":162},{"type":23,"tag":130,"props":550,"children":551},{"style":159},[552],{"type":28,"value":533},{"type":23,"tag":130,"props":554,"children":555},{"class":132,"line":268},[556,560,564,569],{"type":23,"tag":130,"props":557,"children":558},{"style":147},[559],{"type":28,"value":150},{"type":23,"tag":130,"props":561,"children":562},{"style":153},[563],{"type":28,"value":523},{"type":23,"tag":130,"props":565,"children":566},{"style":159},[567],{"type":28,"value":568}," OUTPUT",{"type":23,"tag":130,"props":570,"children":571},{"style":159},[572],{"type":28,"value":533},{"type":23,"tag":130,"props":574,"children":576},{"class":132,"line":575},5,[577],{"type":23,"tag":130,"props":578,"children":580},{"emptyLinePlaceholder":579},true,[581],{"type":28,"value":582},"\n",{"type":23,"tag":130,"props":584,"children":586},{"class":132,"line":585},6,[587],{"type":23,"tag":130,"props":588,"children":589},{"style":137},[590],{"type":28,"value":591},"# Yalnızca gerekenler açık\n",{"type":23,"tag":130,"props":593,"children":595},{"class":132,"line":594},7,[596,600,604,608,613,618,623,628,632],{"type":23,"tag":130,"props":597,"children":598},{"style":147},[599],{"type":28,"value":150},{"type":23,"tag":130,"props":601,"children":602},{"style":153},[603],{"type":28,"value":156},{"type":23,"tag":130,"props":605,"children":606},{"style":159},[607],{"type":28,"value":528},{"type":23,"tag":130,"props":609,"children":610},{"style":153},[611],{"type":28,"value":612}," -m",{"type":23,"tag":130,"props":614,"children":615},{"style":159},[616],{"type":28,"value":617}," state",{"type":23,"tag":130,"props":619,"children":620},{"style":153},[621],{"type":28,"value":622}," --state",{"type":23,"tag":130,"props":624,"children":625},{"style":159},[626],{"type":28,"value":627}," ESTABLISHED,RELATED",{"type":23,"tag":130,"props":629,"children":630},{"style":153},[631],{"type":28,"value":187},{"type":23,"tag":130,"props":633,"children":634},{"style":159},[635],{"type":28,"value":636}," ACCEPT\n",{"type":23,"tag":130,"props":638,"children":640},{"class":132,"line":639},8,[641,645,649,653,657,662,666,670,674,679,683],{"type":23,"tag":130,"props":642,"children":643},{"style":147},[644],{"type":28,"value":150},{"type":23,"tag":130,"props":646,"children":647},{"style":153},[648],{"type":28,"value":156},{"type":23,"tag":130,"props":650,"children":651},{"style":159},[652],{"type":28,"value":528},{"type":23,"tag":130,"props":654,"children":655},{"style":153},[656],{"type":28,"value":167},{"type":23,"tag":130,"props":658,"children":659},{"style":159},[660],{"type":28,"value":661}," 10.10.0.0\u002F16",{"type":23,"tag":130,"props":663,"children":664},{"style":153},[665],{"type":28,"value":236},{"type":23,"tag":130,"props":667,"children":668},{"style":159},[669],{"type":28,"value":241},{"type":23,"tag":130,"props":671,"children":672},{"style":153},[673],{"type":28,"value":246},{"type":23,"tag":130,"props":675,"children":676},{"style":153},[677],{"type":28,"value":678}," 443",{"type":23,"tag":130,"props":680,"children":681},{"style":153},[682],{"type":28,"value":187},{"type":23,"tag":130,"props":684,"children":685},{"style":159},[686],{"type":28,"value":636},{"type":23,"tag":78,"props":688,"children":689},{},[],{"type":23,"tag":36,"props":691,"children":693},{"id":692},"_3-log-yükümlülüğü-kvkknın-gizli-şartı",[694],{"type":28,"value":695},"3. Log Yükümlülüğü: KVKK'nın Gizli Şartı",{"type":23,"tag":24,"props":697,"children":698},{},[699,701,706],{"type":28,"value":700},"Kişisel veri güvenliği rehberi açıkça belirtir: ",{"type":23,"tag":318,"props":702,"children":703},{},[704],{"type":28,"value":705},"erişim kayıtları tutulmalı ve belirli süre saklanmalıdır.",{"type":28,"value":707}," Bu kayıtlar denetimde somut kanıt olarak sunulur.",{"type":23,"tag":24,"props":709,"children":710},{},[711],{"type":28,"value":712},"Güvenlik duvarı logları ne içermeli:",{"type":23,"tag":48,"props":714,"children":715},{},[716,721,726,731,736],{"type":23,"tag":52,"props":717,"children":718},{},[719],{"type":28,"value":720},"Kaynak IP ve port",{"type":23,"tag":52,"props":722,"children":723},{},[724],{"type":28,"value":725},"Hedef IP ve port",{"type":23,"tag":52,"props":727,"children":728},{},[729],{"type":28,"value":730},"Zaman damgası (UTC)",{"type":23,"tag":52,"props":732,"children":733},{},[734],{"type":28,"value":735},"İzin\u002Fengel kararı",{"type":23,"tag":52,"props":737,"children":738},{},[739],{"type":28,"value":740},"Protokol",{"type":23,"tag":93,"props":742,"children":744},{"id":743},"firewall-log-yönlendirme-rsyslog",[745],{"type":28,"value":746},"Firewall Log Yönlendirme (rsyslog)",{"type":23,"tag":100,"props":748,"children":750},{"code":749,"language":123,"meta":7,"className":124,"style":7},"# \u002Fetc\u002Frsyslog.d\u002Ffirewall.conf\n:msg, contains, \"FIREWALL\" \u002Fvar\u002Flog\u002Ffirewall\u002Fkvkk.log\n& stop\n\n# Logları merkezi SIEM'e gönder\n*.* @@siem-sunucu:514\n",[751],{"type":23,"tag":105,"props":752,"children":753},{"__ignoreMap":7},[754,762,785,799,806,814],{"type":23,"tag":130,"props":755,"children":756},{"class":132,"line":133},[757],{"type":23,"tag":130,"props":758,"children":759},{"style":137},[760],{"type":28,"value":761},"# \u002Fetc\u002Frsyslog.d\u002Ffirewall.conf\n",{"type":23,"tag":130,"props":763,"children":764},{"class":132,"line":143},[765,770,775,780],{"type":23,"tag":130,"props":766,"children":767},{"style":147},[768],{"type":28,"value":769},":msg,",{"type":23,"tag":130,"props":771,"children":772},{"style":159},[773],{"type":28,"value":774}," contains,",{"type":23,"tag":130,"props":776,"children":777},{"style":159},[778],{"type":28,"value":779}," \"FIREWALL\"",{"type":23,"tag":130,"props":781,"children":782},{"style":159},[783],{"type":28,"value":784}," \u002Fvar\u002Flog\u002Ffirewall\u002Fkvkk.log\n",{"type":23,"tag":130,"props":786,"children":787},{"class":132,"line":200},[788,794],{"type":23,"tag":130,"props":789,"children":791},{"style":790},"--shiki-default:#E1E4E8",[792],{"type":28,"value":793},"& ",{"type":23,"tag":130,"props":795,"children":796},{"style":147},[797],{"type":28,"value":798},"stop\n",{"type":23,"tag":130,"props":800,"children":801},{"class":132,"line":268},[802],{"type":23,"tag":130,"props":803,"children":804},{"emptyLinePlaceholder":579},[805],{"type":28,"value":582},{"type":23,"tag":130,"props":807,"children":808},{"class":132,"line":575},[809],{"type":23,"tag":130,"props":810,"children":811},{"style":137},[812],{"type":28,"value":813},"# Logları merkezi SIEM'e gönder\n",{"type":23,"tag":130,"props":815,"children":816},{"class":132,"line":585},[817,823,828,832],{"type":23,"tag":130,"props":818,"children":820},{"style":819},"--shiki-default:#F97583",[821],{"type":28,"value":822},"*",{"type":23,"tag":130,"props":824,"children":825},{"style":790},[826],{"type":28,"value":827},".",{"type":23,"tag":130,"props":829,"children":830},{"style":819},[831],{"type":28,"value":822},{"type":23,"tag":130,"props":833,"children":834},{"style":790},[835],{"type":28,"value":836}," @@siem-sunucu:514\n",{"type":23,"tag":100,"props":838,"children":840},{"code":839,"language":123,"meta":7,"className":124,"style":7},"# iptables kuralına log ekle\niptables -A FORWARD -d 10.10.50.0\u002F24 \\\n  -j LOG --log-prefix \"FIREWALL-KV-ERISIM: \" --log-level 4\n",[841],{"type":23,"tag":105,"props":842,"children":843},{"__ignoreMap":7},[844,852,880],{"type":23,"tag":130,"props":845,"children":846},{"class":132,"line":133},[847],{"type":23,"tag":130,"props":848,"children":849},{"style":137},[850],{"type":28,"value":851},"# iptables kuralına log ekle\n",{"type":23,"tag":130,"props":853,"children":854},{"class":132,"line":143},[855,859,863,867,871,875],{"type":23,"tag":130,"props":856,"children":857},{"style":147},[858],{"type":28,"value":150},{"type":23,"tag":130,"props":860,"children":861},{"style":153},[862],{"type":28,"value":156},{"type":23,"tag":130,"props":864,"children":865},{"style":159},[866],{"type":28,"value":162},{"type":23,"tag":130,"props":868,"children":869},{"style":153},[870],{"type":28,"value":177},{"type":23,"tag":130,"props":872,"children":873},{"style":159},[874],{"type":28,"value":182},{"type":23,"tag":130,"props":876,"children":877},{"style":153},[878],{"type":28,"value":879}," \\\n",{"type":23,"tag":130,"props":881,"children":882},{"class":132,"line":200},[883,888,893,898,903,908],{"type":23,"tag":130,"props":884,"children":885},{"style":153},[886],{"type":28,"value":887},"  -j",{"type":23,"tag":130,"props":889,"children":890},{"style":159},[891],{"type":28,"value":892}," LOG",{"type":23,"tag":130,"props":894,"children":895},{"style":153},[896],{"type":28,"value":897}," --log-prefix",{"type":23,"tag":130,"props":899,"children":900},{"style":159},[901],{"type":28,"value":902}," \"FIREWALL-KV-ERISIM: \"",{"type":23,"tag":130,"props":904,"children":905},{"style":153},[906],{"type":28,"value":907}," --log-level",{"type":23,"tag":130,"props":909,"children":910},{"style":153},[911],{"type":28,"value":912}," 4\n",{"type":23,"tag":24,"props":914,"children":915},{},[916,921,923,928],{"type":23,"tag":318,"props":917,"children":918},{},[919],{"type":28,"value":920},"Saklama süresi:",{"type":28,"value":922}," KVKK ve ilgili mevzuat kapsamında en az ",{"type":23,"tag":318,"props":924,"children":925},{},[926],{"type":28,"value":927},"2 yıl",{"type":28,"value":929}," önerilen süre. Bazı sektörlerde (finans, sağlık) daha uzun.",{"type":23,"tag":78,"props":931,"children":932},{},[],{"type":23,"tag":36,"props":934,"children":936},{"id":935},"_4-dışarı-çıkan-trafik-veri-sızıntısını-önle",[937],{"type":28,"value":938},"4. Dışarı Çıkan Trafik: Veri Sızıntısını Önle",{"type":23,"tag":24,"props":940,"children":941},{},[942],{"type":28,"value":943},"KVKK, kişisel verinin yetkisiz yurt dışına çıkarılmasını da düzenler. Kurumsal ağdan dışarı çıkan trafik kontrol edilmeli.",{"type":23,"tag":100,"props":945,"children":947},{"code":946,"language":123,"meta":7,"className":124,"style":7},"# Veri sunucusundan dışarıya yalnızca belirli servislere izin\niptables -A OUTPUT -s 10.10.50.5 -d YEDEK_SUNUCU_IP -p tcp --dport 22 -j ACCEPT\niptables -A OUTPUT -s 10.10.50.5 -j DROP  # geri kalan dışarı trafiği engelle\n",[948],{"type":23,"tag":105,"props":949,"children":950},{"__ignoreMap":7},[951,959,1016],{"type":23,"tag":130,"props":952,"children":953},{"class":132,"line":133},[954],{"type":23,"tag":130,"props":955,"children":956},{"style":137},[957],{"type":28,"value":958},"# Veri sunucusundan dışarıya yalnızca belirli servislere izin\n",{"type":23,"tag":130,"props":960,"children":961},{"class":132,"line":143},[962,966,970,974,978,982,986,991,995,999,1003,1008,1012],{"type":23,"tag":130,"props":963,"children":964},{"style":147},[965],{"type":28,"value":150},{"type":23,"tag":130,"props":967,"children":968},{"style":153},[969],{"type":28,"value":156},{"type":23,"tag":130,"props":971,"children":972},{"style":159},[973],{"type":28,"value":568},{"type":23,"tag":130,"props":975,"children":976},{"style":153},[977],{"type":28,"value":167},{"type":23,"tag":130,"props":979,"children":980},{"style":153},[981],{"type":28,"value":231},{"type":23,"tag":130,"props":983,"children":984},{"style":153},[985],{"type":28,"value":177},{"type":23,"tag":130,"props":987,"children":988},{"style":159},[989],{"type":28,"value":990}," YEDEK_SUNUCU_IP",{"type":23,"tag":130,"props":992,"children":993},{"style":153},[994],{"type":28,"value":236},{"type":23,"tag":130,"props":996,"children":997},{"style":159},[998],{"type":28,"value":241},{"type":23,"tag":130,"props":1000,"children":1001},{"style":153},[1002],{"type":28,"value":246},{"type":23,"tag":130,"props":1004,"children":1005},{"style":153},[1006],{"type":28,"value":1007}," 22",{"type":23,"tag":130,"props":1009,"children":1010},{"style":153},[1011],{"type":28,"value":187},{"type":23,"tag":130,"props":1013,"children":1014},{"style":159},[1015],{"type":28,"value":636},{"type":23,"tag":130,"props":1017,"children":1018},{"class":132,"line":200},[1019,1023,1027,1031,1035,1039,1043,1047],{"type":23,"tag":130,"props":1020,"children":1021},{"style":147},[1022],{"type":28,"value":150},{"type":23,"tag":130,"props":1024,"children":1025},{"style":153},[1026],{"type":28,"value":156},{"type":23,"tag":130,"props":1028,"children":1029},{"style":159},[1030],{"type":28,"value":568},{"type":23,"tag":130,"props":1032,"children":1033},{"style":153},[1034],{"type":28,"value":167},{"type":23,"tag":130,"props":1036,"children":1037},{"style":153},[1038],{"type":28,"value":231},{"type":23,"tag":130,"props":1040,"children":1041},{"style":153},[1042],{"type":28,"value":187},{"type":23,"tag":130,"props":1044,"children":1045},{"style":159},[1046],{"type":28,"value":192},{"type":23,"tag":130,"props":1048,"children":1049},{"style":137},[1050],{"type":28,"value":1051},"  # geri kalan dışarı trafiği engelle\n",{"type":23,"tag":24,"props":1053,"children":1054},{},[1055,1060],{"type":23,"tag":318,"props":1056,"children":1057},{},[1058],{"type":28,"value":1059},"Next-Generation Firewall (NGFW)",{"type":28,"value":1061}," kullanıyorsanız, uygulama katmanı kontrolü (DPI) ile hangi uygulamanın hangi veriye eriştiğini de görebilirsiniz. Palo Alto, Fortinet, Cisco FTD bu alanda yaygın.",{"type":23,"tag":78,"props":1063,"children":1064},{},[],{"type":23,"tag":36,"props":1066,"children":1068},{"id":1067},"_5-uzaktan-erişim-vpn-ve-mfa-zorunluluğu",[1069],{"type":28,"value":1070},"5. Uzaktan Erişim: VPN ve MFA Zorunluluğu",{"type":23,"tag":24,"props":1072,"children":1073},{},[1074],{"type":28,"value":1075},"Uzaktan çalışma ile birlikte kişisel veri ağlarına uzaktan erişim yaygınlaştı. KVKK açısından uzaktan erişimin güvenliği kritik.",{"type":23,"tag":24,"props":1077,"children":1078},{},[1079],{"type":23,"tag":318,"props":1080,"children":1081},{},[1082],{"type":28,"value":1083},"Minimum gereksinimler:",{"type":23,"tag":48,"props":1085,"children":1086},{},[1087,1092,1097,1102],{"type":23,"tag":52,"props":1088,"children":1089},{},[1090],{"type":28,"value":1091},"Uzaktan erişim yalnızca VPN üzerinden",{"type":23,"tag":52,"props":1093,"children":1094},{},[1095],{"type":28,"value":1096},"VPN + MFA (çok faktörlü kimlik doğrulama) zorunlu",{"type":23,"tag":52,"props":1098,"children":1099},{},[1100],{"type":28,"value":1101},"Kullanıcıya minimum yetki (sadece ihtiyacı olan segmente erişim)",{"type":23,"tag":52,"props":1103,"children":1104},{},[1105],{"type":28,"value":1106},"Oturum süresi sınırlaması",{"type":23,"tag":100,"props":1108,"children":1110},{"code":1109,"language":123,"meta":7,"className":124,"style":7},"# OpenVPN'de belirli kullanıcıyı belirli ağa yönlendir\n# \u002Fetc\u002Fopenvpn\u002Fccd\u002Fkullanici_adi\niroute 10.10.50.0 255.255.255.0\npush \"route 10.10.50.0 255.255.255.0\"\n",[1111],{"type":23,"tag":105,"props":1112,"children":1113},{"__ignoreMap":7},[1114,1122,1130,1148],{"type":23,"tag":130,"props":1115,"children":1116},{"class":132,"line":133},[1117],{"type":23,"tag":130,"props":1118,"children":1119},{"style":137},[1120],{"type":28,"value":1121},"# OpenVPN'de belirli kullanıcıyı belirli ağa yönlendir\n",{"type":23,"tag":130,"props":1123,"children":1124},{"class":132,"line":143},[1125],{"type":23,"tag":130,"props":1126,"children":1127},{"style":137},[1128],{"type":28,"value":1129},"# \u002Fetc\u002Fopenvpn\u002Fccd\u002Fkullanici_adi\n",{"type":23,"tag":130,"props":1131,"children":1132},{"class":132,"line":200},[1133,1138,1143],{"type":23,"tag":130,"props":1134,"children":1135},{"style":147},[1136],{"type":28,"value":1137},"iroute",{"type":23,"tag":130,"props":1139,"children":1140},{"style":153},[1141],{"type":28,"value":1142}," 10.10.50.0",{"type":23,"tag":130,"props":1144,"children":1145},{"style":153},[1146],{"type":28,"value":1147}," 255.255.255.0\n",{"type":23,"tag":130,"props":1149,"children":1150},{"class":132,"line":268},[1151,1156],{"type":23,"tag":130,"props":1152,"children":1153},{"style":147},[1154],{"type":28,"value":1155},"push",{"type":23,"tag":130,"props":1157,"children":1158},{"style":159},[1159],{"type":28,"value":1160}," \"route 10.10.50.0 255.255.255.0\"\n",{"type":23,"tag":78,"props":1162,"children":1163},{},[],{"type":23,"tag":36,"props":1165,"children":1167},{"id":1166},"_6-periyodik-güvenlik-denetimi",[1168],{"type":28,"value":1169},"6. Periyodik Güvenlik Denetimi",{"type":23,"tag":24,"props":1171,"children":1172},{},[1173],{"type":28,"value":1174},"Firewall kuralları zamanla bozulur: geçici açılan portlar kalıcı hale gelir, eski sistemlere ait kurallar temizlenmez. KVKK uyumu statik değil, süreçtir.",{"type":23,"tag":24,"props":1176,"children":1177},{},[1178],{"type":23,"tag":318,"props":1179,"children":1180},{},[1181],{"type":28,"value":1182},"6 ayda bir kontrol edilmeli:",{"type":23,"tag":100,"props":1184,"children":1186},{"code":1185,"language":123,"meta":7,"className":124,"style":7},"# Tüm aktif kuralları listele ve incele\niptables -L -n -v --line-numbers\n\n# Kullanılmayan kuralları tespit et (0 paket\u002Fbyte olan)\niptables -L FORWARD -v | awk '$1 == 0 && $2 == 0'\n\n# Açık portları dışarıdan tara (izinli test ortamında)\nnmap -sS -O --open SUNUCU_IP\n",[1187],{"type":23,"tag":105,"props":1188,"children":1189},{"__ignoreMap":7},[1190,1198,1225,1232,1240,1274,1281,1289],{"type":23,"tag":130,"props":1191,"children":1192},{"class":132,"line":133},[1193],{"type":23,"tag":130,"props":1194,"children":1195},{"style":137},[1196],{"type":28,"value":1197},"# Tüm aktif kuralları listele ve incele\n",{"type":23,"tag":130,"props":1199,"children":1200},{"class":132,"line":143},[1201,1205,1210,1215,1220],{"type":23,"tag":130,"props":1202,"children":1203},{"style":147},[1204],{"type":28,"value":150},{"type":23,"tag":130,"props":1206,"children":1207},{"style":153},[1208],{"type":28,"value":1209}," -L",{"type":23,"tag":130,"props":1211,"children":1212},{"style":153},[1213],{"type":28,"value":1214}," -n",{"type":23,"tag":130,"props":1216,"children":1217},{"style":153},[1218],{"type":28,"value":1219}," -v",{"type":23,"tag":130,"props":1221,"children":1222},{"style":153},[1223],{"type":28,"value":1224}," --line-numbers\n",{"type":23,"tag":130,"props":1226,"children":1227},{"class":132,"line":200},[1228],{"type":23,"tag":130,"props":1229,"children":1230},{"emptyLinePlaceholder":579},[1231],{"type":28,"value":582},{"type":23,"tag":130,"props":1233,"children":1234},{"class":132,"line":268},[1235],{"type":23,"tag":130,"props":1236,"children":1237},{"style":137},[1238],{"type":28,"value":1239},"# Kullanılmayan kuralları tespit et (0 paket\u002Fbyte olan)\n",{"type":23,"tag":130,"props":1241,"children":1242},{"class":132,"line":575},[1243,1247,1251,1255,1259,1264,1269],{"type":23,"tag":130,"props":1244,"children":1245},{"style":147},[1246],{"type":28,"value":150},{"type":23,"tag":130,"props":1248,"children":1249},{"style":153},[1250],{"type":28,"value":1209},{"type":23,"tag":130,"props":1252,"children":1253},{"style":159},[1254],{"type":28,"value":162},{"type":23,"tag":130,"props":1256,"children":1257},{"style":153},[1258],{"type":28,"value":1219},{"type":23,"tag":130,"props":1260,"children":1261},{"style":819},[1262],{"type":28,"value":1263}," |",{"type":23,"tag":130,"props":1265,"children":1266},{"style":147},[1267],{"type":28,"value":1268}," awk",{"type":23,"tag":130,"props":1270,"children":1271},{"style":159},[1272],{"type":28,"value":1273}," '$1 == 0 && $2 == 0'\n",{"type":23,"tag":130,"props":1275,"children":1276},{"class":132,"line":585},[1277],{"type":23,"tag":130,"props":1278,"children":1279},{"emptyLinePlaceholder":579},[1280],{"type":28,"value":582},{"type":23,"tag":130,"props":1282,"children":1283},{"class":132,"line":594},[1284],{"type":23,"tag":130,"props":1285,"children":1286},{"style":137},[1287],{"type":28,"value":1288},"# Açık portları dışarıdan tara (izinli test ortamında)\n",{"type":23,"tag":130,"props":1290,"children":1291},{"class":132,"line":639},[1292,1297,1302,1307,1312],{"type":23,"tag":130,"props":1293,"children":1294},{"style":147},[1295],{"type":28,"value":1296},"nmap",{"type":23,"tag":130,"props":1298,"children":1299},{"style":153},[1300],{"type":28,"value":1301}," -sS",{"type":23,"tag":130,"props":1303,"children":1304},{"style":153},[1305],{"type":28,"value":1306}," -O",{"type":23,"tag":130,"props":1308,"children":1309},{"style":153},[1310],{"type":28,"value":1311}," --open",{"type":23,"tag":130,"props":1313,"children":1314},{"style":159},[1315],{"type":28,"value":1316}," SUNUCU_IP\n",{"type":23,"tag":78,"props":1318,"children":1319},{},[],{"type":23,"tag":36,"props":1321,"children":1323},{"id":1322},"kvkk-denetimi-i̇çin-belgeleme",[1324],{"type":28,"value":1325},"KVKK Denetimi İçin Belgeleme",{"type":23,"tag":24,"props":1327,"children":1328},{},[1329],{"type":28,"value":1330},"Teknik önlemler kadar belgeler de önemli. Denetimde sorulacaklar:",{"type":23,"tag":1332,"props":1333,"children":1334},"ol",{},[1335,1345,1355,1365,1375],{"type":23,"tag":52,"props":1336,"children":1337},{},[1338,1343],{"type":23,"tag":318,"props":1339,"children":1340},{},[1341],{"type":28,"value":1342},"Ağ topoloji diyagramı",{"type":28,"value":1344}," — hangi sistem nerede, nasıl izole?",{"type":23,"tag":52,"props":1346,"children":1347},{},[1348,1353],{"type":23,"tag":318,"props":1349,"children":1350},{},[1351],{"type":28,"value":1352},"Firewall kural seti",{"type":28,"value":1354}," — tarihli, onaylı",{"type":23,"tag":52,"props":1356,"children":1357},{},[1358,1363],{"type":23,"tag":318,"props":1359,"children":1360},{},[1361],{"type":28,"value":1362},"Erişim logları",{"type":28,"value":1364}," — kimler erişti, ne zaman?",{"type":23,"tag":52,"props":1366,"children":1367},{},[1368,1373],{"type":23,"tag":318,"props":1369,"children":1370},{},[1371],{"type":28,"value":1372},"Değişiklik kaydı",{"type":28,"value":1374}," — kural değişikliklerinin tarihi ve onaylayanı",{"type":23,"tag":52,"props":1376,"children":1377},{},[1378,1383],{"type":23,"tag":318,"props":1379,"children":1380},{},[1381],{"type":28,"value":1382},"Güvenlik açığı tarama raporları",{"type":28,"value":1384}," — periyodik tarama sonuçları",{"type":23,"tag":78,"props":1386,"children":1387},{},[],{"type":23,"tag":24,"props":1389,"children":1390},{},[1391,1393,1400],{"type":28,"value":1392},"Firewall yapılandırmanızın KVKK uygunluğunu değerlendirmek veya ağ segmentasyonu mimarisi oluşturmak için ",{"type":23,"tag":1394,"props":1395,"children":1397},"a",{"href":1396},"\u002Filetisim",[1398],{"type":28,"value":1399},"teknik görüşme talep edebilirsiniz",{"type":28,"value":827},{"type":23,"tag":1402,"props":1403,"children":1404},"style",{},[1405],{"type":28,"value":1406},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":7,"searchDepth":143,"depth":143,"links":1408},[1409,1410,1414,1418,1421,1422,1423,1424],{"id":38,"depth":143,"text":41},{"id":83,"depth":143,"text":86,"children":1411},[1412,1413],{"id":95,"depth":200,"text":98},{"id":116,"depth":200,"text":119},{"id":308,"depth":143,"text":311,"children":1415},[1416,1417],{"id":327,"depth":200,"text":330},{"id":481,"depth":200,"text":484},{"id":692,"depth":143,"text":695,"children":1419},[1420],{"id":743,"depth":200,"text":746},{"id":935,"depth":143,"text":938},{"id":1067,"depth":143,"text":1070},{"id":1166,"depth":143,"text":1169},{"id":1322,"depth":143,"text":1325},"markdown","content:blog:kvkk-uyumlu-guvenlik-duvari-kurumsal-ag.md","content","blog\u002Fkvkk-uyumlu-guvenlik-duvari-kurumsal-ag.md","blog\u002Fkvkk-uyumlu-guvenlik-duvari-kurumsal-ag","md",1781637768318]