Information spying for web Security (Part 2)

Article 1: http://www.bkjia.com/Article/201206/134845.html

Brewed liquor tea: This product provides defense against the previous chapter's spying to obtain information, but does not provide specific methods for defense. This product is a Google click, so you can try it in the test environment first.
1. Ping to obtain the operating system information:
Defense method: PIng prohibited
2. Scan the port and telnet to the port to tell you what services. Or perform PD Based on the port number. This vulnerability may be exploited to launch illegal activities.
Defense method: Only public ports can be opened to the public. For example, only port 80 is opened, and the specified service must be connected to authorize VPN access.
3. whios Information Collection
Defense methods: After successful registration, this is generally not convenient to change, get rid of useless information and communicate with the Registrar, such as a special code or company seal, otherwise you have to change the password without authorization in any circumstances.
4. Check the sites or conduct
Defense method: this is a normal process, so there is no need to prevent it, and there is no way to prevent it.
5. view available information such as the web server version and php version in the HTtp header file.
Defense method: If no copyright is involved, it can be hidden and hidden. If it can be modified, it can be modified. There are many methods on Google.
6. query filing information
Defense method: this is a normal process, so there is no need to prevent it, and there is no way to prevent it.
7. Wait... Such as robots information and search backend
Defense method: robots information is intended to prevent spider from messing with PA, but you can leave the available information in robots. The safe way is to hide the information deeper and make the files more cumbersome. Specify the VPN access.
8. Social Engineering (this only enhances security awareness and prevents various unidentified persons from conducting unidentified Activities)
Defense methods: conduct regular security training for enterprise employees and talk more about useful and useless things.

Prepared liquor tea