Preventing website Trojans: focusing on auditing and monitoring

WebsiteAppearsTrojanThe main cause is system, firewall, or website application vulnerabilities. The Network Administrator is responsible for reviewing the website and maintaining the normal operation of the website. From the perspective of the network administrator, this article will talk about how to strengthen audit and monitoring to prevent website Trojans.

Strengthen website audits submitted by various departments

For network administrators in the network center, if they do not need to be infected with Trojans, they must first discover whether website applications have security vulnerabilities. Website applications are usually audited using manual detection, professional system detection, and security audit tools.

Manual code review in Form

Manual detection is mainly for network administrators. by reading the code in detail, they can find out whether website applications have security vulnerabilities. For example, the following code is found on a page: <iframe src = "http: // 127.0.0.1/test.htm "width =" 0 "height =" 0 "frameborder =" 0 "> </iframe>. At this time, the URL after the src parameter may be the webpage Trojan address. When we open the homepage of this website, the webpage Trojan page will pop up, which we cannot see, because we set the window width of the pop-up page to 0 in the code. At this time, the Trojan has been quietly downloaded to the local machine and run.

Manual detection requires that network administrators must be proficient in common dynamic website development languages, such as PHP and jsp. In addition, they must be aware of the vulnerability manifestations. In fact, few network administrators can reach this level. In addition, code review is performed for each webpage sentence. Because the webpage code is huge, it cannot be analyzed manually or completely eliminated. From a realistic perspective, many schools have stipulated that network administrators must perform manual review. However, due to the above reasons, web page auditing is often only a form of content-based auditing.

Professional detection system with good performance and high price

At present, many companies have launched professional website monitoring products, such as zhiheng Alliance's WebPecker V8 Professional Edition Website Security unified monitoring platform, and Xaar's national college enrollment security detection platform. These detection Platforms provide trojan detection, SQL Injection detection, XSS Cross-Site vulnerability detection, and sensitive information alerts. These tools usually use sandbox technology and client-side honeypot technology to detect and analyze submitted website Trojans.

The SQL injection vulnerability can steal, tamper with, and delete website database information, further causing the website to be infected with Trojans, and even attackers can obtain the website Server Management permissions. These tools detect SQL injection vulnerabilities on websites through penetration tests and other detection methods. As an auxiliary function, professional tools provide the sensitive information monitoring function, which analyzes sensitive fields of a website through crawling technology, and promptly discovers sensitive information on the website.

The advantage of these detection systems is that the detection results are good, but the price is expensive, which is a burden for many schools. In addition, due to the development of the Trojan technology, especially the recently launched Trojan, the anti-virtual machine code has been added. Therefore, the sandbox technology is completely used to detect trojans. The effect remains to be tested in practice. Therefore, I suggest using the above methods to prevent Trojans in the future.

Free security audit tools

Due to the increase in network attacks and lack of trust in audit tools, open-source Web security audit tools are favored by everyone for their open-source and free use. Nikto is recommended here. Nikto is an open-source Web Server scanner. The latest version is 2.1.1http: // cirt.net/nikto2. It can be used for a variety of Web Server projects (including 6100 potentially dangerous files, and more than 950 Server versions.

IBM Rational AppScan and HP WebInspect are essential to the introduction of Web security audit tools. Rational AppScan is easy to use and basically a black box testing tool. Testers do not need to understand the structure of the Web application. AppScan can successfully check cross-site scripts and inject vulnerabilities, and provides solutions to this vulnerability, helping developers quickly fix program security risks. For websites that use Web 2.0 technology, you can use HP's WebInspect to perform Web Application Security tests and evaluations on websites.