How to control secure access to a LAN server

With the rapid development of Internet technology, Web technology has been widely used. Security issues have always been a weak link in the Internet, and any computer connected to the Internet or other networks could be attacked by hackers.

According to the statistics of the International WWW Security Group cert (Computer Emergency Response Team), the security incidents related to WWW in the Internet are on the rise every year. WWW security mainly includes three aspects: Web server security, host security and transmission security. Because of the security vulnerabilities of the server-side operating system, the problems of the WWW service software itself and the server-side error configuration, the Web server has some security problems. Network viruses, malicious code, and improper system configuration are security threats to hosts The Internet is a channel for connecting Web client and server communications, and an attacker can use the sniffer program to listen to the path for confidential information. These kinds of security threats cause great trouble to People's daily life and economic life.

Here is a discussion of how to enhance Web server security. There are many Web servers on the market, such as Apache, IIS, Zeus, IPlanet, Aolserver, and Jigsaw, among others.

I. Measures to enhance Web server security

Regardless of the type of Web server, the basic security issues are the same: Security configuration, identity authentication, and access control. The main measures to enhance Web server security are as follows:

(1) Reasonable configuration of the Web server

The main measures are: ① users with legitimate permissions to run the Web server; ② through an IP address, an IP address segment, or a domain, a request that is not allowed for an IP address, an IP address segment, or a domain is rejected; ③ is controlled by a username/password, only when the correct username/password is entered. To allow access.

(2) Set the Web server's permissions on the directory

(3) Review log files

A log file is a record of the Web server's work. It records the various situations that occur every day of the system, which can be used to check the cause of the failure or the traces left by the attacker. The main functions of the log are: Audit and monitoring. It can also monitor system status in real time, monitor and track intruders, and so on.

(4) To carry out the necessary data preparation

Regularly perform security checks on Web servers and securely manage Web servers. This article takes the Apache server as an example to introduce the specific implementation plan of the above security measures.

Second, set the Web server permissions on the directory

To better maintain Web server security, administrators should have strict access control over both the server root directory (log and profile storage directory) and the document root (the default customer document storage directory).

(1) The server root directory to store the configuration files, errors and log files, such as sensitive information, they are critical to the security of the system, can not be read or deleted at random.

(2) Typically, the Web server is started by the root user and then switched to the user specified by the users directive. When executing a command in the root directory, it is necessary to be aware that non-root does not operate on it. Not only the file itself, but the directory and its parent directory only has write permissions on root. If a non-root user is allowed to write permissions on files executed or read from by root, the system is compromised.

(3) The document root defines the path to a Web server's published hypertext document, and the URL requested by the client is mapped to a Web page file in this directory. Subdirectories in this directory, as well as files and directories indicated using symbolic connections, can be accessed by the browser, only using the same relative directory name on the URL.

Symbolic connections, although logically located under the root document directory, can actually be located in any directory on the computer, so that clients can access directories outside of the root document directory, which increases flexibility while reducing security. Apache provides the FollowSymLinks option in Directory Access control to turn on or off features that support symbolic connections.