Web site security can not ignore the hidden dangers everywhere _it industry

Source: Internet
Author: User
Tags require sql injection sql injection attack web services domain name registration
According to the statistics of the network security events received and processed by CNCERT/CC in the first half of this year, the actual situation of Internet security in China is still not optimistic. Various cyber security incidents have increased markedly compared with the same period last year. Over the past six months, CNCERT/CC received phishing events and Web page malicious code events, which exceed 14.6% and 12.5% of the total number of years of the year. The host IP of the mainland's embedded Trojans is far more than 21 times times that of last year; the number of doctored websites in the mainland has increased by 4 times times from a year earlier, up nearly 16% from the year before.

From the first half of the cncert/cc grasp of the situation, the attacker's target is clear, targeted at different sites and users of different means of attack, and aggressive behavior of the characteristics of the trend of obvious performance.

L for the Government and security management related websites mainly use tampering with the form of the Web page, in order to achieve the purpose of anger and show off, also do not exclude the possibility of placing malicious code, resulting in government-class sites may have security risks.

L for small and medium-sized enterprises, especially the network as the core business enterprise, the use of organized distributed Denial-of-service Attack (DDoS) attacks and other means of extortion, thereby forcing enterprises to accept the corresponding conditions, affecting the normal business development.

L for individual users, attackers are more through the user identity theft and other means, steal the user's game account, bank accounts, passwords, etc., steal the user's private property. such as the use of phishing (Phishing) and web site grafting (pharming), such as financial institutions, online transactions and other sites for phishing, online embezzlement of user identities and passwords, through malicious Web pages, social engineering, e-mail and information systems vulnerabilities such as the spread of malicious code; use Spyware ( Spyware) and Trojan horse program to steal the user's private information, serious can lead to property losses.

In the first half of China's mainland was implanted Trojan host number of the phenomenon, reflecting the domestic network security situation in the Trojan horse industry chain rampant, is the leak, the network bank account theft incident frequently important reasons.

Recent problems with Web services for various agencies

First of all, let us focus on several recent web site operation events, are and website OperationMaintenance-related.

1. A domestic famous portal site was hanged horse incident

June 14, a domestic famous portal site in the early morning of June 14 was "Hanging horse" (the page was embedded malicious code) for several hours. CNCERT/CC received the report, immediately to monitor the incident, found that contains the site, including several domestic sites, in the early morning of June 15 again was hanging horse for several hours, and was linked to the horse site will be user access to http://6688.89111.cn/ M42.htm, causing users to download malicious code from multiple malicious links under domain 89111.cn. CNCERT/CC immediately contact the important website of the horse, inform its incident related details and analysis, recommend it to do a good job of security precautions. At the same time, because the 89111.cn domain name registrant registration information and contact methods are false information, CNCERT/CC and domain name registration units to get in touch with each other's active support and rapid response, in accordance with the relevant provisions of the state shut down the malicious domain name.

2. Beijing Lianzhong Distributed denial of service attack

With the assistance and support of CNCERT/CC, the Beijing Network Supervision Office has successfully cracked down on the distributed denial of service attacks by the company. May 11, Beijing joint Public Companies to Beijing Network Supervision Office reported: the company since April 26, hosted in Shanghai, Shijiazhuang IDC Room 13 servers were subjected to a large flow of DDoS denial of service attacks, attacks from April 26 continued to May 5, the highest flow of attacks to reach instantaneous 700m/ s, causing the server to be completely paralyzed, running on this server its operating network game was forced to stop service, the initial estimate of the economic loss of 34.6 million yuan. With the support and cooperation of CNCERT/CC, the Beijing Network Supervision Office has successfully acquired the evidence of DDoS attacks by criminal gangs and captured 4 suspects in a timely manner.

In addition, there are a number of civil society organizations, institutions reported security incidents, the following list:

August 9 Cloud Network main site is inaccessible, according to the analysis May and suffer from hacker attacks.

From August 15 to 16th, the personal banking services of a large domestic bank failed. It is said that "due to the 15th is the deposit interest tax reduction, system upgrading, the new fund issue and split, pension and wages of the distribution of business focus", the real reason is not disclosed.

The official website of a large online book-Shopping network in China is leaking the database account. It's shocking that the program error page even prints out the database connection string and password, which uses SQL Server.

August 11, a domestic network security organization found that the official website of a large Chinese home appliance enterprise was put on a Trojan horse, after a series of coordination and treatment, finally resolved.

As on the example there are many, the site's operation is a high-precision, high complexity of things, the machine can not solve all problems. Of course, similar things are not only domestic, Facebook also has a source code leakage accident.

Problems and solutions for government affairs website

In the first half of 2007, the number of sites tampered with in the mainland was significantly higher than in previous years, according to the CNCERT/CC2007 Network Security report in the first half of the year. CNCERT/CC monitored the number of sites tampered with in the mainland to 28,367, an increase of nearly 16% per cent over the whole year. Monthly statistics are shown in the figure below.

The main reason that the government website is easy to be tampered with is the website overall security is bad, lacks the necessary regular maintenance, some government website has been tampered with for a long time, and some websites have been able to recover after receiving the report, but have not eradicated the security hidden trouble, thus have been tampered with many times.

The maintenance of government website (operators, governments) focuses on two aspects: one is tampering with the page, the other is the provision of Web services, that is, to ensure the integrity and usability of the website.

1. Integrity Security Protection

As the window of the government Affairs project, the tamper-proof of the government affairs website is the first important, and the attack way of the website is also endless. According to the top ten Web security vulnerabilities released in 2007, implicit code attack based on injection technology (mainly refers to the type of attacks such as SQL injection) ranked second, is the main means of direct attack on the site (the first XSS is mainly passive attacks, to the Web page to add malicious code, so that visitors are attacked).

So, what is SQL injection? SQL injection is the ability to inject (malicious) SQL commands into the background database engine execution using existing applications, which is the standard interpretation of SQL injection.

As the B/S model is widely used, programmers who write applications in this mode are more and more, but because of the uneven level and experience of developers, a considerable number of developers in the code, no input data or the information on the page (such as cookies) Make the necessary legality judgment, cause the attacker can submit a section of database query code, according to the result of return of the program, obtain some data that wants.

SQL injection utilizes a normal HTTP service port that appears to be no different from normal Web access, and is highly covert and difficult to detect.

SQL injection attacks have the following notable features:

(1) Low initial attack privilege

Anyone with access to the Internet can launch an SQL injection attack, or even a web port.

(2) Harm, serious consequences

After SQL injection succeeds, the attacker will have the highest web privileges, can modify the page, can modify the data, can add malicious code to the Web page to implement XSS ...

(3) Attack characteristics are not unique

Arbitrary change attack submission parameters can be used to attack the web, and it is not possible to define a feature to enable full detection of SQL injection.

  

2. Usability Security Protection

Usability, the government web site is the interface to provide services, in the context of safeguarding information integrity, as far as possible does not affect the normal operation of the application, is the government web site security solutions to another focus. Ensuring web site availability also includes two factors, one that is normally accessed and one that is accessed under exceptional circumstances.

Under normal circumstances, ensuring that a site is available means that visitors can easily get the services they need, require access delay, day-clear intrusion prevention system adopts a performance optimization algorithm including poll, drive lock-free, adaptive CPU load balancing, etc., to ensure the forwarding delay of datagram in Microsecond unit, In the user's normal use of the process of basic feel no impact.

  

3. Practical Considerations

In addition to site integrity and availability requirements, the use of online equipment also need to consider the practicality of the product.

  

Iv. Summary

As the network continues to penetrate into the core applications of various industries, Web services increasingly become the main windows of various hacker attacks, the state of the network security requirements are increasingly stringent. The security authorities generally require that the networks and services of organizations and institutions follow the principle of "who benefits, who is responsible, who operates and who is responsible", so that the security of the Web services should be given sufficient attention by each agency.

In the 17 period, organizations and institutions should devote more manpower and material resources, use more advanced security means, perfect safety measures, implement management system, ensure a harmonious and upward network environment and atmosphere.

  As a kind of deep threat, SQL injection attack has been paid more and more attention by users, how to judge and defend this kind of deep attack behavior accurately and timely is the responsibility of intrusion defense system. This requires that the intrusion prevention system itself provide accurate detection of this type of non fixed representation and a wide range of attacks.
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.