Web page Tamper-proofing technology tracking

The website plays an important role in the development of information, has infiltrated the various corners, according to the CNNIC survey report, as of January 2006, China's total number of internet users up to 110 million, the number of domestic sites up to 670,000, huge number of netizens and site groups for the rapid development of Internet applications laid a good foundation. The status of the Web page has also been an unprecedented improvement on a company to a government agency web page is tantamount to its own façade. Although there are already firewall, intrusion detection and other security measures, but the complexity and diversity of various Web application systems lead to endless gaps in the system, prevent hackers, hacking and tampering with the pages of the event from time to time. According to China's black site statistical system data analysis, as of July 25 10 o'clock, 2006, the number of registered tampering sites has reached 5,304 (many of which have been tampered with), on average, about 25 sites were tampered with and reported every day, according to cncert/ CC (National Computer network Emergency Technology Processing Coordination Center) statistics, March 2006, the world has been tampered with more than 30,000 sites, on average every 1.5 minutes, there is a website tampered with ... In view of these situations, the Web page tamper-proof system emerges. After years of development, the Web page tamper-proof system used by the technology is also constantly developing and updating, so far, the Web page tamper-proof technology has been developed to the third generation. Below, we will analyze the history of the Web page tamper-proofing technology, as well as the advantages and disadvantages of each generation of technology comparison. First, the Web page has been tampered with the reason and characteristics of the hackers strong desire to express, illegal organizations at home and abroad, malicious attacks, commercial competitors, disgruntled employees of the vent, etc. will lead to the Web page was "face." Web tampering attacks have the following characteristics: Tamper with the Web page spread faster, read more people, replication is easy, after the elimination of the impact of the difficult, proactive inspection and real-time prevention is difficult; Web page Tamper-proofing technology Development 1. (starting point) manual contrast detection, in fact, is a special network management personnel, manual monitoring of the need to protect the site, once found to be tampered with, and then the human to modify the means of restoration. Strictly speaking, manual contrast detection is not a kind of web page tamper-proof system used technology, but only a primitive way to deal with the Web page has been tampered with. However, there is a considerable time in the development of tamper-proof technology in Web pages, so here we take it as the starting point for the development of tamper-proof technology. This method is very original and ineffective, and does not say that the human cost is high, the most fatal flaw is that the human monitoring can not be instantaneous, that is, can not be found in the first time the Web page has been tampered with can not be restored in the first time, when managers found that the Web page was tampered with The tampered pages have been on the internet for some time and may have been browsed by a certain number of netizens. 2. (first generation) Time wheel patrol technologyOperation (also known as "outside the Wheel Patrol Technology"). Here we call it the first generation of tamper-proof technology for Web pages. From this generation, web-page anti-proliferation technology has emerged as an automated technology with the original means of human detection recovery as the mainstay. Time polling technology is to use a web-site detection program, the polling way to read the Web page to monitor, and the real page comparison, to judge the integrity of the content of the Web page, for tampering with the Web page alarm and recovery. However, the use of time-polling web tamper-proof system, for each Web page, polling scan there is a time interval, typically a few 10 minutes, in this 10-minute interval, hackers can attack the system and visitors to the tampered with the Web page. Such applications in the past, less web Access, the application of less specific Web pages, the current site page is usually less than hundreds of pages, detection wheel patrol time longer, and occupy a larger system of resources, the technology is gradually eliminated. 3. (second generation) event triggering technology & core Migration Embedding technology we put the event-triggering technology and the core embedded technology in the same generation, because the time gap between the two Web tamper-proofing technologies is small, and the two technologies are often used in combination. The so-called core embedded technology is the password watermark technology, initially the Web page content to take the asymmetric encryption stored, in the foreign access request will be encrypted authenticated, to decrypt the external release, if not validated, then refused to publish, call back to the Web site files for verification after the release. This technique usually combines the event triggering mechanism to compare some attributes of a file, such as size, page generation time, and so on, to judge other attributes more accurately. Its biggest characteristic is the security relative to the external wheel patrol technology security greatly enhances, but the insufficiency is the encryption computation will occupy the massive server resources, the system reflects slowly. The core embedded technology avoids the drawback of the round patrol interval of time wheel patrol technology. However, because this technique is a complete check for each outgoing Web page, it occupies a large amount of system resources, causing a heavy load on the server. and changes to the normal publishing process of the Web page, the entire site needs to be redesigned to add new publishers to replace the original server. With the development of technology and the increase of various applications on the Internet, the load resources of the server can be described as "harsh", and any part of the server resources will be eliminated to ensure the high access efficiency of the website, so that the embedded technology (ie Cryptography technology) would be eliminated eventually. 4. (third generation) file Filtering driver technology + Event trigger technology The first application of the technology to the military and the security system, as a document protection technology and various audit techniques, and even by some cunning good people to use "rogue software", the technology can be said to be a mixed blessing. In the Web page tamper-proofing technological innovation, this technology has found its development space. Combined with event triggering technology, today's third-generation Web page Tamper protection technology is formed. The principle is: the core of tamper monitoring program through the Microsoft file-driven technology to the Web server, throughEvent triggering mode for automatic monitoring, the folder of all file content, against its underlying file properties, through the built-in hashing fast algorithm, real-time monitoring, if found that the property changes, through the non-protocol, pure File security Copy Way folder content copy to the monitoring folder corresponding file location, Through the underlying file-driven technology, the entire file copy process millisecond level, so that the public can not see the tampered page, its performance and detection of real time to achieve the highest level. The page tamper-proof module uses the Web server bottom file filter Drive level protection technology, and the operating system close combination, the monitoring file type is not limited, can be an HTML file can also be a section of dynamic code, the execution accuracy rate is high. This does not only completely eliminate the polling scan page tamper-proof software in the scanning interval of the tampered content of the user access to the possibility, and its consumption of memory and CPU occupancy rate is far lower than the file polling scan or core embedded type of similar software. It can be said to be a simple, efficient, safe and extremely high level of tamper-proof technology. Beijing Heng Alliance Technology Co., Ltd. currently launched the WEBGURAD3.0 Web page tamper-proof technology, it is the third generation of tamper-proof technology, the application of all walks of life in the country, has been a lot of users, users reflect the use of the system, the server running more stable, has become a standard security system for all types of Web applications. Responsible Editor Zhao Zhaoyi#51cto.com TEL: (010) 68476636-8001 to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passed (0 Votes) The original text: Web page Tamper-proof technology tracking return to network security home