★ Welcome to The Guardian God · V Classroom, website address: http://v.huweishen.com
★ Guardian God · V Classroom is a Web site dedicated to providing server instructional video for the Guardian God, updated weekly video.
★ This section we will lead you: Manually create a secure site
• Each site is set up with an independent IIS anonymous account, which prevents cross-site intrusions and greatly increases security.
1. Create an anonymous account
• Account One: Site1_iis, belonging to the Guests group; This account is used for website anonymous account, which is the identity of ASP and PHP running.
• Account two: Site1_apppool, belonging to Iis_iusrs; This account is used for the program pool, which is the running identity of ASP.
2. Create a Site Directory
• We put in d:\wwwroot\site1\, add Site1_iis and Site1_apppool Modify permissions to this directory.
3. Create a site
• We bind domain name test.huweishen.com
• Note that each site must have a separate program pool.
4. Configure the site
• Anonymous authentication, using Site1_iis
• Program pool account settings, using Site1_apppool
5. Script Cross-site test
ASP, PHP, and ASP. NET can be accessed normally.
· D:\wwwroot\discuz is the path to another site that is fully independent, and we use him for cross-site testing.
。
ASP can not cross station
ASP. NET can not cross station
PHP can not cross-site
If you need to create additional sites, repeat steps 1, 2, 3, and 4.
6. Other Safety Instructions
Individual anonymous accounts for each site are only part of the solution to security-necessary operations, but there may also be cross-site intrusions for other reasons.
• System security Be sure to do a good job, or the hacker may invade; security guards provide system safety reinforcement services
We test run C:\windows\system32\cmd.exe, if it can run, the hacker to invade the system is not difficult.
Result: You can run
· PHP5.3 and above, the need to give the site directory to add anonymous account execution permissions; But this will lead to hackers to power, suggest
Using the Guardian God. Intrusion Prevention System Limitations
We test upload a cmd.exe to the site directory and then execute the Cmd.exe
Result: You can run
I will now go through the other security settings and test again.
Now I've done it: system security and the intrusion prevention system installed, we'll test the intrusion just now.
The results are not compromised.
Therefore, only by doing a good job of each security detail, can effectively defend the invasion.
Now that this section is over, please visit the Guardian God website (www.huweishen.com) for more instructional videos.
Reprint please indicate the source (http://v.huweishen.com/video/22.html) Thank you!
[Windows Server 2012] Manually create a secure Web site