Web Ranger: Is your security product secure?

Source: Internet
Author: User

I have seen many articles on security product vulnerabilities on several portals over the past few days. I 'd like to say a few words:

One of the top five firewalls in China was passed in a certain evaluation due to security issues.
A buddy once scanned the default password of one of the top three firewalls in China, and then directly opened the FTP
Rising Overflow Vulnerability and accidental File Deletion
Kingsoft drug overlord overflow vulnerability, accidental File Deletion
Kaspersky Overflow Vulnerability and accidental File Deletion
McAfee accidentally deletes a file
Symantec Norton Overflow Vulnerability
......

I met a user who received a call a few years ago and asked for help. The server was unable to access the system. I suspected it was a problem with the security audit client and asked for help. Later, I conducted a simple analysis. The security audit client only used behavior auditing and did not control files. Based on the performance of the server at that time, I felt that a system file was deleted. What was done before the final start? The user said he had upgraded rising ...... Then I came to the rising website to see such a description and found a solution. The problem was solved smoothly.

In many cases, the hardware firewall is used as a gateway and does not change the default user name and password. I don't know how to submit the delivery documents during implementation by the manufacturer?

In a security attack and defense activity, we used a security gateway with VPN for remote access. During the early stage of the activity, the device was frequently disconnected and thought it was a performance problem. Later, a member of the team told me that they directly obtained the root permission by exploiting the security vulnerability of the security gateway, then modify the route information of the other account ...... The other party in the activity is always unable to dial in to the platform ......

In fact, as long as you pay attention to it, you will find that many security devices have many security problems. You have also met several times, but it is also a "hardware device", a streamlined operating system ", and a" Secure Linux "...... They are all the same. Even some security devices have weak root passwords!

If you see this article, you want to test the security of the security device on hand, the simplest: X-Scan or Nessus, upgrade to the latest X-Scan can also be imported into the Nessus library upgrade, is slow.) scan ...... Or weak passwords such as traffic and light may be discovered sometimes!

Why ?! Why ?!

This article from the "Web Ranger Zhang baichuan)" blog, please be sure to keep this source http://youxia.blog.51cto.com/45281/554260

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.