Security Protection for a system is a very important task. To be a qualified system administrator, you must have knowledge about Linux security protection. Linux security protection is essential for administrators. We can start from some aspects:
1. Add a boot password for LILO
Add options to the/etc/lilo. conf file so that LILO requires a password when starting
Save the SQL Server Default trace file for more than half a year based on the level of protection Project SQL Server audit requirements. Solution Solutionsfor users, Default Trace you can only turn off or turn on the trace, and you cannot modify any parameters. Therefore, we only have to synchronize the trace files to save. Plan to synchronize the *.trc files of
Security Protection for a system is a very important task. To be a qualified system administrator, you must have knowledge about Linux security protection. Linux security protection is essential for administrators. We can start from some aspects:
1. Add a boot password for LILO
Add options to the/etc/lilo. conf file so that LILO requires a password when starting
requests logging in with a blank password. Use the following code to check the empty password:
Select
Password ,*
From syslogins
Where password is null
Order by name
17. Check the access process and extended storage process permissions of all non-sa users. Use the following query to regularly query which process has the public storage permission:
Use master
Select sysobjects. name
From sysobjects, sysprotects
Where sysprotects. uid = 0
AND xtype in ('x', 'P ')
AND sysobjects. id = sysprotects
Apache has always been the top three Web server software in the world. Enterprises need to comprehensively consider the security of their Web applications to ensure they can respond to network threats such as denial of service (DoS) attacks, traffic eavesdropping, and data leakage, this ensures the security of enterprise portal websites.
In addition to the industry's popular firewalls, IDS/IPS Intrusion Detection Systems/intrusion defense systems), WA
Detailed explanation of Web server security attacks and protection mechanisms (1)
Web Server attacks often use Web server software and configuration vulnerabilities. The best practice for these vulnerabilities is to follow some methods to build and run Web servers. This article describes some methods to protect Web se
①, applicable customers. Applicable to: Legendary class of dragon-like Adventure Island and other personal tourPlay, can also be applied to * * *, the vast number of corporate websites, data interchange②, domestic record "three high" server. Server free test 2-3 hours, dissatisfied without paymentHigh defense (single-line, double-wire, high-protection)High bandwi
" + err.getmessage () + "File:" +j+ "on line 251"; //out.println ("Error in Upload" +err.getmessage ()); //Allright=false; //return;} out.print (Wrongmessage+ "num:" +j); }3, prompt error, serialversionuid conflict.
class class Serialversionuid = 8915824483106432775Serialversionuid Detailed Description: http://www.cnblogs.com/guanghuiqq/archive/2012/07/18/2597036.htmlWorkaround:If you don't want to define it, you can also turn it off in Eclipse settings as follows:Window ==> Preferences ==> Jav
Application protection level for IIS:
A. Low (IIS Process): Web applications run in the Inetinfo.exe process with the highest performance, but with the greatest risk, when an application error occurs, the entire IIS server may be unavailable.
B. In (common): All applications at this level share a DLLHost.exe process, which has the lowest performance, but saves resources and application errors do not aff
Download Link: http://pan.baidu.com/s/1hrL6w52 Password: 5AHVInstructions for use:① is detected every 15 seconds and shuts down when the host in the list fails to ping② supports 4 modes of shutdown, ideally the first way to be compatible ("shutdown-s-T 15")③ perform a task before shutting down, such as a batch or EXE (waiting for execution to complete)Place the software on the server, fill in the list with key network devices such as gateway address o
.
This step is just to understand the situation
Step 3: Check the network connection
Because network connection is one of the most important functions of the server and one of the directions that intruders must possess. Proposed separately
Get started
This parameter is used to modify, delete, and delete the attribute.
++
Note that. If you are using remote control, you must be careful. You may not be able to see it when the machine is shut down or res
SQL Server 2000 Injection Protection Encyclopedia (ii)
Traditional query constructs:SELECT * FROM news where id= ... and topic= ... And .....Admin ' and 1= (select COUNT (*) from [user] where username= ' victim ' and right (left (userpass,01), 1) = ' 1 ') and Userpass Select 123;--; Use master;--: A ' or name like ' fff% ';--shows a user named FFFF.' And 1; Update [users] set email= (select top 1 name from
SQL Server 2000 Injection Protection
SQL Injection originated from 'or '1' = '1
The most important table name:
Select * From sysobjectsSysobjects ncsysobjectsSysindexes tsysindexesSyscolumnsPolicypesSysusersSysdatabasesSysxloginsSysprocesses
The most important user names (the default SQL database exists)
PublicDBOGuest (generally forbidden or not authorized)Db_sercurityadminAB _dlladmin
Some default exten
SQL Server 2000 Injection Protection Encyclopedia (i)
SQL injection early from ' or ' 1 ' = ' 1
Most important table name:
SELECT * from sysobjects
sysobjects ncsysobjects
sysindexes tsysindexes
syscolumns
Systypes
sysusers
sysdatabases
sysxlogins
sysprocesses
Some of the most important user names (existing in the default SQL database)
Public
Dbo
Guest (generally prohibited, or not authorized)
Db_se
I. Summary this article will discuss the security of ApacheWEB server installation and configuration on the UNIX platform. We assume that the system administrator who has read this article has selected the relevant modules for his site, and can configure, create, and troubleshoot the faults. The main purpose of this article is to help you resume a secure Apache web: P server. In numerous Web services EN ""
SQL Server 2000 Injection Protection (2)
Traditional query structure:Select * FROM news where id =... AND topic =... AND .....Admin 'and 1 = (select count (*) from [user] where username = 'victime' and right (left (userpass, 01), 1) = '1 ') and userpass Select 123 ;--; Use master ;--: A' or name like 'fff % '; -- a user named ffff is displayed.'And 1 ; Update [users] set email = (select top 1 name from syso
.
Other security Tools
Using TCP wrappers and tripwire can provide additional protection for your system. You can use the TCP wrappers to control Telnet or FTP access rights. Tripwire is a data integrity detection tool that can help system administrators monitor whether the system has been altered, and you can set up a specific policy in the Tripwire configuration file to monitor whether the Web server's configuration files, data, and CGI files have
attacker has some means of denying the server the answer to HTTP. This will increase the demand for system resources (CPU time and memory) in Apache, eventually causing the system to become slow or even completely paralyzed.
Buffer overflow
The attacker uses some of the bugs written by the program to deflect the program from its normal process. The program uses statically allocated memory to hold the request data, and an attacker can send an extra lo
Server
SQL Server 2000 Injection Protection Encyclopedia (i)
SQL injection early from ' or ' 1 ' = ' 1
Most important table name:
SELECT * from sysobjectssysobjects ncsysobjectssysindexes tsysindexessyscolumnsSystypessysuserssysdatabasessysxloginssysprocessesSome of the most important user names (existing in the default SQL database)PublicDboGuest (generally proh
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.