Three tools for securing Web servers _win Server

such as the author Enterprise, the OA system, the entrance of the mailbox system are bundled on the Web server. Therefore, the Web server security is the author of many work in the most important.

There are a number of ways to improve the security of your Web server. Here, I want to recommend to you the main three kinds of methods. If you only want to secure your Web server by using these three methods, of course, it is far from enough. However, if the enterprise information management personnel negligence of these three aspects of content, the Web server security is difficult to protect.

Tool One: Create a separate server for Web applications.

Because the Web server may be vulnerable to attacks, than the ERP system, office automation system, such as the probability of application server is much higher. Therefore, if these applications are placed on the same server as the Web application, then the weak Web server will be vulnerable to the critical applications such as ERP.

Although the interface of OA system is bound to the Web server in the author enterprise, OA system and Web application are still on different application servers. This is mainly to facilitate employees from outside the enterprise access to the OA system. The advantage is that when a Web service suffers an attack that is not available, most employees are unable to access the OA system from outside the enterprise, without affecting the normal access of employees within the enterprise.

However, I have made a similar mistake before. At that time, the enterprise because of funds tight, the Web server and the ERP system server deployed on the same server. Suddenly one day the corporate Web server was attacked by unidentified people. They're probably just out of fun, and they don't do much harm to the Web server. Only CPU and memory usage is high. When you disconnect the Web server from the extranet, you are back to normal. However, this makes it impossible for ERP applications on the same server to function. Enterprise employees Enter a sales order each time, from the original 3 minutes into the current 30 minutes. It's obviously very difficult to accept such a slow pace. From this incident, let the author understand a truth, put the enterprise internal application on the Web server is a very unwise way. Because the Web server is oriented to the Internet, it is vulnerable to malicious attacks from others. Implicating, after the attack, even the enterprise internal application services will be implicated.

So, the first thing I would like to remind you is that when deploying a server, make the Internet-facing application services such as web and other internal-oriented application services deployed on different servers. This ensures the security of the Web server while also improving the security of other application services in the enterprise.

Two: The transaction log, so that you know the status of the Web running at your fingertips.

In fact, as long as the Web server to take a certain measure of protection, then the attack requires a process, not to say in a short period of time can be completed. Often, the process of this attack leaves a trail in the transaction log of the Web server. If the illegal attacker view uses the password dictionary to crack the tool and tries the webmaster's password and password, it will leave a record in the Web server's log. If we set the maximum number of errors in the user's password in the transaction audit, the server will record the message in its own log when it exceeds this max. At this point, if the site managers can see this message, they can take timely measures, such as the change of complex passwords and other means to improve the security of the server.

Therefore, the management of each Web server must pay attention to the importance of the transaction log. At the same time, auditing is often required to enable the transaction log to play a greater role. By combining audit events with system logs, you can allow the log server to record some common attacks. So as to provide reference for enterprise security personnel. Otherwise, the enterprise security personnel do not know that there is an attack, then they can not be a timely response.

However, in the words, some experts attack the enterprise Web services, the transaction log will not leave any traces. This is not to say that the transaction log doesn't work. It is because they modify the transaction log information after they combine the attack. If an attacker steals confidential information from the corporate Web site after the administrator user and password are stolen. Typically, this access record is displayed in the transaction log. However, some experts will change the transaction log before the launch. Delete the access information, or change the visitor. Let the enterprise safety management personnel to check up. In order for them to be unable to change the transaction log files, the best approach is to change the path of the transaction log file and make a timely backup of it. Because do not know the true location of the path, so the timely wrongful attackers want to attack to modify the log to hide their traces, are impossible.

The author's current practice is to change the default path of the Web server's log. and offsite backups of the transaction log every three hours. At the same time, with the event audit function, when the log server catches some exception information, such as a user has been trying to log on to the Web server's management station, it will be like enterprise management personnel to submit this exception information. Through the management of the log, the Web server can be a number of security risks in a timely manner to inform the management personnel.

So the author here to recommend to you the second weapon is the Web server log management. To improve the security of the log, the administrator modifies the default path for the server log and makes a scheduled offsite backup. At the same time, with other functions, such as security audits, account security policies and other tools, combined use, can play a multiplier effect.

Three: Code, the biggest killer that affects Web server security.

For a Web server, code is one of the biggest killers of its security. Many Web servers have been compromised, mostly due to improper code design. Therefore, the management of the Code of the Web server is the first task to ensure the security of the Web server.

In order to improve the security of the code, Web developers have to develop some good code writing habits.

First, do not directly use the code on the network.

Some developers, for the convenience of work, will directly copy the code provided by other users. But, unfortunately, there is no free lunch. Some people provide these codes for free, often with unspeakable secrets. If there are some E-commerce platform and web forum code available on the network, the code provider will probably reserve a backdoor in the code. When he felt it was necessary, he could easily use the backdoor to attack it. Therefore, if the enterprise to implement some key applications on the Web server, such as customers online orders and so on, it is best not to use the existing network coding. Can only learn from, can not be copied. The best words to develop yourself.

The second is to add new features not in the Web service.

Enterprises in the development of Web applications are gradually improving. The enterprise market will put forward some new demand. When developers are developing a feature, it is best not to test directly on the Web server. A qualified enterprise, preferably a test server, to facilitate program developers to test new features. In particular, if the development of the program outsourced to the outside enterprise, can not for the sake of convenience, directly to the other side in the current Web server to test. As the saying goes, it is not intimate to know one's face. It's possible that the other person could have implanted a Trojan horse without your knowledge. Therefore, the prevention of human heart must not be. It is better to be careful in the development testing of new features.

Third, try not to use unsafe controls.

Enterprise Web applications are different from entertainment websites. The Enterprise Portal emphasizes fast, stable and safe, while the entertainment website emphasizes beauty, beautiful and special effects. In order to attract attention, improve the click rate, entertainment sites tend to use more special effects. To do this, they will use more controls on the Web service to achieve this effect. However, these controls tend to have security vulnerabilities that run counter to the security of the Web server. such as flash controls, and so on. Attacks on this type of control can occur on the Internet every day. Maybe one day it will fall on the head of the enterprise. Therefore, the company's Web site only to pursue stability, security, there is no need to use too many controls to achieve special effects.

I recommend to you the third weapon is to do a good job of code security design, minimize the use of unsafe controls. Corporate websites should pursue stability, reflect speed and so on. And too much of the use of control, with these two goals are the opposite.