1. To create a secure virtual host, in the asp + SQL environment, we need to block ASP webshell. Block the serv-u Elevation of Privilege Vulnerability and the threat of SQL injection.
2. by default, the webshell function installed on the Windows host is very powerful. Which of the following functions should we block webshell? That is, we will not allow webshell to view system service information, execute cmd commands and preview file directories, the function we want to implement is that each user can only access his/her own directory, and can use ASP components such as FSO. Here I will take the Trojan horse and win200 as examples to show you. A lot of information is collected on the internet, and I would like to thank you.
3. Now we have set win's directory access permission to set all partitions to administrator SYSTEM. These two SYSTEM users have ownership and delete ERVERYONE.
Specific Operation Method: select the SYSTEM disk. Here we will select C-> right-click and select Properties-Add a administrator and all SYSTEM permissions to security and delete the ERVERYONE user.
I have already set them, so I will not repeat them. It is slow to set permissions. For details, refer to the instructions below.
4. Select reset permissions for all sub-objects and allow propagation to inherit permissions.
Procedure: Choose advanced> Reset the permissions of all sub-objects and allow propagation of inherited permissions. Click Apply. Then, the system prompts whether to continue with "yes ".
If any problem is found, click Continue.
5. Set the directory that everyone users can read (so that perl asp jmail can be executed)
[Set ASP to use] specific operation: Go to the C: \ promgram files directory and set the common files directory to the directory where everyone can read, run, and column.
C: \ Program Files \ Common Files are all system Files. If you have installed some other components, such as maill and php, you can set them as follows:
That's the directory. The system has a problem. It's very slow to set permissions.
6. Set to cancel inheritance. function: ASP can be used normally to prevent unauthorized deletion.
Specific Operation Method: Enter winnt \ system32 \ to select all directories. Do not select the two directories except inetsrv certsrv (Note: These two are the dll used by ASP)
Choose properties-> Security-> advanced-> permissions-> unhook the parent-level inheritance-> press copy
Go to the winnt directory and select all directories except web, temp, tasks, system32, and offine web pages,
Iis temporay compressed file, help, download promgram cancel inheritance above-> press copy
Choose winnt-> set security, and add everyone to read the list file directories.
Go to winnt-> select the temp attribute to set security. everyone has full control, click Advanced, edit, and remove the running permission.
The animation is broken. It's strange.
In this way, the 2000 directory permissions are basically set. For details about the 2003 directory settings, see the following. I just set the permissions. No problem occurs. If you have any questions, please contact me. It seems that the settings have not been completed yet, tired
Disk D is invisible.
|
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
