Rules of defense for network security engineers

0x01 white hat Art of WarThe core of internet security is data security. In an Internet company, assets are classified, that is, data is classified. Some companies are most concerned with customer data, and some are their own employee data, because their respective businesses are different. IDC is related to the customer's data security. The customer's security is the company's security, and whether a company can win the customer's trust. When the data is well planned, we have a rough understanding of the importance of the data. Next we will divide the trust domains and boundaries. Place High-level important data in the security trust domain, and other data outside the trust domain.0x02 Hazard AnalysisHow can we determine where the risk comes from when the data is placed in a hierarchical plan? The source of danger is what we call a threat. In the face of possible losses, we say it is a risk. Many white hats confuse this. · Threat analysis has to propose Microsoft's STRIDE model. STRIDE = Spoofing + Tampering + Repudiation + InformationDisclosure + Denial of Servce + Elevation of Privilege camouflage + Tampering + skin damage + leakage + Denial of Service + Elevation of Privilege = STRIDE 1. disguise: by impersonating the identities of others. Solution: add an authentication 2. Tampering: By modifying data or code. Corresponding solution: modify the code integrity 3. Trust: do not admit what you have done. Corresponding solution: Non-Repudiation policy 4. leakage: All information secrets have leaked smecta. Solution: encryption 5. Denial of Service (DoS): Enhanced availability 6. Elevation of Privilege: A permission is not obtained through a management license. Solution: it takes a lot of time to authorize white hats to complete the security solution. The only difference is that hackers initiate attacks by exploiting vulnerabilities that were not noticed by white hats. The reason is simple, white hats are not comprehensive enough to identify attacks. Just as if a school leads a surprise inspection, our school puts the scenery in front of the yard, but the leaders come in from the back door, causing the incident to be revealed. 0x03 hazard analysis is to determine the damage to the system caused by the vulnerability, just like the 360 database with Plan platform, the vulnerability type is also low, medium, and high. I will introduce you to a DREAD model proposed by Microsoft, which is also the abbreviation. Level 1 high medium low Damage Potential to obtain full authentication permissions; perform administrator operations; illegal upload of arbitrary files leaks sensitive data information leaks other information data is not too important Reproduciblility hackers can initiate a second attack hackers can repeatedly attack hackers within a specific period of time it is difficult to initiate a second attack Exploitability hackers can experienced hackers who have mastered attack methods in a short period of time can exploit this vulnerability to block all users of Affected users, by default, some users do not have the default configuration. The Discoverability vulnerability exposed by a very small number of anonymous users is very conspicuous. The attack is so easy in a specific area, which can be viewed by some users, in this model, it is difficult to discover vulnerabilities in depth. All factors can be divided into three levels: low, medium, and high. Let's just say, you are hiding in a yard. The enemy comes in from the door and directly hits the highest level of risk we define, while the backdoors are very small. They come in with a low level of threat to us, we can put it in a single place. High risk means they rush in from the gate, and low risk means they come in from the backdoor. Because the backdoor is small, it is not a big threat to us, and it is also very hidden. Therefore, we need to defend the front door.0x04 our tactics-SBD principlesSBD is the Default security of Secure By Default.0x04x01 blacklist whitelistIf a website is generated on the server, software installation should be restricted and a unified software version should be customized. This provision can use the white list idea, you should list one that is allowed and not allowed. For example, if our server provides web Services and port 80 and port 21 are used, we can shield other unused ports. If we use a blacklist, there may be problems. If you are a linux System and the blacklist policy is not to allow the ssh port to be opened to net, the audit should start from ssh default port 22, however, in some cases, our administrator may change the default ssh port to bypass the security policy. 0x04x02 Flash cross-origin whitelist example: Flash cross-origin request access, which is to verify whether hackers are allowed to initiate flash cross-origin requests by checking the crossdomain. xml file on the server. The http://www.hao123.com/crossdomain.xml specifies that requests can only be initiated from Flash in these domains.

<Cross-domain-pokicy> <allow-access-from domain = "*"> This allows all domains to initiate requests, which is obviously insecure. </Cross-domain-pokicy>

 

  0x04x03 SBD minimum PermissionsSBD also has the minimum permission. Only the necessary permissions are granted to the subject. Excessive authorization increases the error rate. In Linux systems, common accounts are generally used to log on. When the root operation is required, the sudo command is used to complete the operation, which can reduce the risk of some operations, if the common account is stolen by another user and the root account is stolen, the two accounts have different consequences. 0x05 data code separation principle buffer overflow can also be said to be the consequence of programs violating the data code separation principle. obfuscation of data and code boundary leads to serious consequences, in WEB security, problems caused by Injection are everywhere, such as XSS, SQL Injection, and CRLF Injection. XSS: the XSS generated by html injection and javascript injection. See the following page.

 
Ps: $ var is a variable that the user can control. The execution segment of this Code is
 
$ Var is the user data segment of the program. If you interpret and execute this clip, security issues may occur. If the value of $ var is: <script src = http://bbs.lfssi.org> </script>, user data is injected into the code snippet, parse the script and execute, use <script> as the code. According to the separation principle of data code, this should safely process the user's data segment $ var, such as filtering, and clear all data that may cause code confusion, is to process <>.
 
In this case, <script> is also a part of the code snippet. User data can only be controlled by $ var0. 0x06 what you cannot predict is that the vast majority of Windows users survive in the pain of buffer overflow all the year round. Therefore, Microsoft has added many features to combat buffer overflow when updating windows, however, Microsoft cannot prevent any software running on windows from being vulnerable. Therefore, this method is ineffective. In practice, DEP ensures that the stack cannot be executed, and ASLR is used to randomly change the stack base address, so that the attack program cannot accurately guess the memory address, thus increasing the attack obstacle. Microsoft's ideas are indeed useful. Even if the Code cannot be restored, if there is a defense that can invalidate the attack method, it is the correct and effective defense. If the document numbers of our website are sorted in ascending or descending order of numbers, id = 100, id = 102 ...... If hackers want to delete these articles, they only need to write code:
For (a=0;a<10000;a++){       Deletel(url+”?id=”+a);}
 
Then del will be ready soon. What if you can't guess how to change these id values? Id = bbslfssiorg, id = fuckbaiducom, id = fuckscanvcom ....... If the Id value is changed, you can't guess what the rule is. hackers want to delete the article again. They can only crawl all the pages through the sitemap bug, and then calculate them slowly, it effectively prevents hackers from attacking with patience.