Web server maintenance and security management skills (1)

Convert roles and treat yourself as a possible Attacker

Most of the time, if we only consider the problem from the perspective of the WEB administrator, we may not be able to find the Web Server Vulnerability. On the contrary, if we can change our perspective and take ourselves as possible attackers, starting from their roles, think about the means they may use and which Web server vulnerabilities they may launch attacks, we can detect possible security vulnerabilities on the Web server, so as to fix the Security Vulnerabilities earlier to prevent trojan or virus attacks.

Access your Web server from outside the company, perform positive detection, simulate attacks on your website, and see what results will be. This may be a good method for WEB security. For example, we can use a scanning tool to scan Web servers and check whether there are any services that can be attacked. Some services or vulnerabilities that may be exploited by hackers may not be valued at ordinary times.

For example, when the server is installed, the operating system will install and start unnecessary services by default. Or, some services need to be started when the server is configured, but they are not closed in time afterwards, thus, attackers are given an opportunity to attack. The most common is SNMP, also known as Simple Network Management Protocol. This service is enabled by default after the system is installed. However, this service can provide attackers with detailed information about the server system, such as the operating system used by the Web server, the services enabled on the server, and the corresponding ports. Attackers can launch attacks only when they understand the most basic information.

Our security management personnel may not find this problem at ordinary times, but if they can use a hacker's scanning tool to scan, they can find the problem. Therefore, when necessary, you need to consider the attack methods from the perspective of the attack role. In this case, we can avoid the "fans of the Board" error and ensure the security of Web servers.

Reasonable permission management

Sometimes, on a server, not only does the Web server run, but also other network services such as FTP servers. If multiple network services are applied on the same server, mutual infection between services may occur. That is to say, as long as attackers attack a service, they can use related technologies to break into another application. Attackers can use this service platform to attack other services from within the enterprise. In general, attacks from enterprise content are much more convenient than external attacks.

Some may say that different services can use different servers. In fact, this may be a waste for enterprises. In terms of performance, it is completely feasible to deploy both WEB services and FTP services on the current server without affecting the performance. To this end, enterprises take a server for cost consideration. But now we have a problem for our security administrators, that is, how to ensure their security when two or more services are deployed on one server at the same time, how can they prevent mutual infection?

For example, three services are running on the current Web server. One is traditional WEB services, the other is FTP services, and the third is OA (office automation) services. Because the service is in the WEB mode, you can directly access the OA server on the Internet, so he is deployed on this server. Because the configuration of this server is still relatively high, it is not difficult to run the three services, and the performance will not be affected. The problem is that, for example, to ensure their security, the security between FTP server, OA server, and Web server will not affect each other?

Currently, Windows Server is used. To meet this security requirement, all the hard disks on the server are converted into NTFS partitions. Generally, NTFS partitions are much more secure than FAT partitions. Use the functions provided by the NTFS partition to reasonably assign relevant permissions to them. For example, if you configure different administrator accounts for the three servers, different accounts can only access specific partitions and directories. In this case, even if an Administrator account is disclosed, the administrator can only access the storage space of a service, but cannot access other services.

For example, load the WEB service to partition D, and put the FTP service to partition E. If an FTP account is leaked, it is attacked and exploited. However, because the FTP account does not have the Read and Write rights to partition D, it will not perform any read/write operations on the content on the Web server. This ensures that, after the FTP server is captured in real time, it will not adversely affect the Web server.

Although Microsoft's operating systems are expensive and there are many security vulnerabilities, its achievements in NTFS partition are still not bad. On NTFS partitions, security management can be implemented to a large extent to ensure the security of services related to data. In the end, Microsoft's 2003 operating system was used as the server system instead of the Linux system.

The Web server maintenance and security management skills are not only described in this article, but will be further introduced in future articles.