Three powerful tools to protect web server security

For example, the author binds the portal of the OA and email systems to Web servers. Therefore, web server security is the top priority of my work.

There are many methods to improve the security of web servers. Here, I would like to recommend three methods. If you only want to use these three methods to protect the security of web servers, it is far from enough. However, if enterprise information management personnel neglect these three aspects, the security of web servers is very difficult to guarantee.

Tool 1: create independent servers for Web applications.

Web servers may be attacked, which is more likely than application servers such as ERP and office automation systems. Therefore, if these applications are deployed on the same server of the Web application, the weak web server may be attacked, and key applications such as ERP may be compromised.

Although the author binds the interface of the OA system to the Web server, the OA system and web application are still on different application servers. This is mainly to facilitate employees to access the OA system from outside the enterprise. The advantage is that when the web service is attacked and cannot be used, the employees cannot access the OA system from outside the enterprise, without affecting the normal access of employees within the enterprise.

However, I have made similar mistakes before. At that time, due to capital shortage, enterprises deployed Web servers and ERP system servers on the same server. One day, Enterprise Web servers were suddenly attacked by unidentified people. They may just be out of fun and do not do much harm to Web servers. However, the CPU and memory usage remains high. When the Web server is disconnected from the internet, it returns to normal. However, this makes the ERP application on the same server unable to operate. An enterprise employee enters a sales order every time, from the original 3 minutes to the current 30 minutes. Such a slow speed is obviously unacceptable. From this incident, it is unwise for the author to understand the truth and put internal enterprise applications on Web servers. Because Web servers target the internet, they are vulnerable to malicious attacks from others. After the attack, even the internal application services of the Enterprise will be affected.

Therefore, I would like to remind you that, when deploying servers, we should deploy Web and other Internet-oriented application services on different servers as well as other internal application services. This improves the security of other enterprise application services while ensuring the security of web servers.

Tip 2: transaction logs let you know the running status of the web.

In fact, as long as the Web server takes some protection measures, the attack requires a process, not to say that it can be completed in a short time. In general, this attack often leaves clues in the transaction logs of the Web server. If an attacker attempts to crack the password and password of a website administrator through a password dictionary, the attacker will keep a record in the web server logs. If we set the maximum number of incorrect user passwords in the transaction audit, the server will record this information in its own logs when the maximum number of user passwords is exceeded. At this point, if the website administrator can see this information, they can take timely measures, such as changing complex passwords, to improve server security.

Therefore, every web server administrator must pay attention to the importance of transaction logs. At the same time, in order to make the transaction log play a greater role, it is often necessary to enable the audit function. By combining audit events with system logs, the log server can record some common attacks. This provides a reference for enterprise security personnel. Otherwise, enterprise security personnel are unaware of the attack, so they cannot respond in a timely manner.

However, some experts will not leave any traces on transaction logs after attacking Enterprise Web Services. This does not mean that the transaction log is useless. They modify the transaction log information after combined attacks. If an attacker steals the administrator user and password, the attacker can access confidential information on the enterprise website. Generally, this access log is displayed in the transaction log. However, some experts will modify the transaction log before the release. Delete the access information or change the visitor. This makes it impossible for enterprise security management personnel to find out. To prevent them from changing the transaction log file, the best way is to change the path of the transaction log file and back up it in time. Because they do not know the true location of the path, it is impossible for an attacker to attack or modify the log to hide his or her own trace.

My current practice is to change the default Log Path of the Web server. The transaction logs are backed up remotely every three hours. At the same time, combined with the event audit function, when the log server captures some exception information, such as a user has been trying to log on to the web server's management site, the exception information will be submitted by enterprise management personnel. Through log management, You can promptly inform administrators of some security risks of web servers.

Therefore, the second powerful tool I would like to recommend to you here is the log management of web servers. To improve log security, administrators need to modify the default path of server logs and regularly back up logs in different regions. At the same time, it can be used with other functions, such as security review and account security policies, to get twice the result with half the effort.

Tip 3:Code, The biggest killer that affects web server security.

For Web servers, Code is one of the biggest killers of their security. Many Web servers have been cracked, most of which are caused by improper code design. Therefore, managing the Web server code is the first task to ensure the security of web servers.

To improve code security, website developers should develop some good coding habits.

First, do not directly use code on the network.

Some developers directly copy the Code provided by other netizens for convenience at work. However, unfortunately, there is no white lunch in the world. Some people provide the code for free, which often carries secrets. For example, for some e-commerce platforms and website forum codes provided on the Internet, the Code provider may reserve a backdoor in the code. If he thinks it is necessary, he can easily use this backdoor to attack him. Therefore, if enterprises want to implement some key applications on Web servers, such as online orders by customers, it is best not to use the ready-made code on the network. It can only be used for reference and cannot be copied. Develop your own.

Second, new features should not be added in Web servers.

Enterprises are developing and web applications are gradually improving. The enterprise market will put forward some new demands. When developing a function, developers are advised not to directly test it on the Web server. For qualified enterprises, it is best to configure a dedicated test server for convenienceProgramDevelopers test new features. In particular, if you outsource the program development to external enterprises, you cannot directly test the program on the current Web server for the convenience of the image. As the saying goes, people are not aware. The other party may be able to implant a trojan without your knowledge. Therefore, it is imperative to protect people. Enterprises must be careful when developing and testing new functions.

Third, try not to use insecure controls.

Enterprise Web applications are different from entertainment websites. Enterprise portal websites emphasize fast, stable, and secure, while entertainment websites emphasize beautiful, beautiful, and special effects. To attract attention and improve the click rate, entertainment websites often adopt many special effects. Therefore, they will use more controls on the Web service to achieve this effect. However, these controls often have security vulnerabilities, which are contrary to the security of web servers. Such as flash controls. Attacks against such controls may occur on the Internet every day. Maybe one day will be on the head of the enterprise. Therefore, enterprise websites only pursue stability and security, and there is no need to use too many controls to achieve stunt effects.

The third tool recommended by the author is to do a good job in code security design and minimize the use of insecure controls. Enterprise websites should pursue stability, speed of reflection, and so on. The excessive use of controls is contrary to these two goals.