Zhou minyao Jin Li Sheng Yang qishou (College of Manufacturing Science and Engineering, Sichuan University, Chengdu 610065, China)
Abstract
To:This article uses a variety of network security technologies to analyze the security risks of typical configurations (WIN 2000 SERVER + SQL + iis5.0) and propose corresponding countermeasures. Focuses on the security configuration of the system and the prevention of SQL injection against data,
Keywords:Network security; SQL injection; system; Data
I.
Introduction
With the popularization and development of networks, various Internet-based systems also play an increasingly important role in all walks of life. However, due to the diversity of Connection forms, unevenly distributed terminals, openness and interconnectivity of the computer network, the web system is vulnerable to attacks by hackers, malware, and other malformed behaviors. In addition, it is important to improve network security when it involves private information about personal identities, sensitive data of various groups such as companies and schools, or even commercial data. This article takes the typical configuration in the Web System (Win2000 Server + SQL + iis5.0) as an example to focus on the system security settings of the Web server and the security policies of SQL injection.
II.
Network Security Risk Analysis and Security Technology
In general, network security refers to the protection of hardware, software, and data in the network system, which will not be damaged, changed, or leaked by accidental or malicious attacks, the system can operate continuously, reliably, and normally without interrupting network services. Therefore, network security usually includes system security and data security. Likewise, malicious attacks on the Internet can be divided into system-type attacks and data-type attacks. In network security, various hardware facilities and firewalls are essential. In addition, the security settings of the system and the data security of the Code cannot be ignored. This article will discuss this in depth. The specific analysis is as follows: 1. Taking Windows 2000 Server + SQL Server 2000 + iis5.0 as an example: this is our most common network server configuration. However, Microsoft's vulnerabilities emerge one after another. Therefore, it is extremely important to reinforce system security. First, select a dedicated web server as much as possible, disconnect the network connection of the server when installing the system, and install the Service Pack 3 patch on this basis. After patching, modify the Registry. First, disable default sharing. In Windows 2000, there is a "default share", which means the system installation partition is automatically shared when the server is installed. Although the Super User Password is required to access the system, however, this is a potential security risk. We recommend that you disable the "default share" feature to ensure system security. Change the key value HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/LanmanServer/parameters/AutoShareServer to 0. HKEY_LOCAL_MACHINE/system/CurrentControlSet/services/LanmanServer/parameters/auto1_wks to 0. If you do not have these two key values, create a new one. Note: select "double byte value" when creating the instance ". In addition, the IPC $ null connection should be disabled, and the key value HKEY_LOCAL_MACHINE/system/CurrentControlSet/control/LSA/restrictanonymous should be modified to 1. IPC $ (Internet process connection) is a named pipe open for inter-process communication. You can obtain the relevant permissions by verifying the user name and password, used to remotely manage computers and view shared resources of computers. Using IPC $, the connector can even establish an empty connection with the target host without the user name and password (of course, the host must be shared with IPC $, otherwise it cannot be connected ), with this empty connection, the connector can also obtain a list of users on the target host. Next, for IIS, try to avoid installing IIS on the master Domain Controller in the network. After IIS is installed, an anonymous iusr_computername account is generated on the computer on which it is installed. This account will be added to the domain user group to grant the access permissions applied to the domain user group to each anonymous user accessing the Web server. This does not guarantee IIS security, it also threatens the master domain controller. After installation, run iislockd. EXE, a software released by Microsoft to fill in IIS vulnerabilities. However, this is not enough to ensure IIS security. Further reinforcement should be made for IIS:. delete and disable the demo programs and directories of IIS. This is the program and file that comes with IIS and a way for attackers to attack the web system.
Entries |
Location |
IIS |
? /Inetpub/iissamples |
Admin scripts |
? /Inetpub/adminscripts |
IIS documentation |
% SystemRoot %/help/IISHelp |
Data Access |
? /Program files/commonfiles/system/MSADC |
B. to prevent the attacker from modifying the website content by using the FTP settings and mail sending functions of the server, if the server does not need FTP or mail sending, you can delete the ftproot and mailroot folders, disable related services. C. to avoid modifying or overwriting log files, you must set the IIS Log File Access Control permission. By default, IIS logs are stored in the "% SystemRoot %/system32/logfiles" directory. If possible, you can change the Log Path to another location. Recommended access control permissions: Administrators (full control); System (full control); everyone (RWC ). this step prevents malicious users from hiding their records by deleting log information. D. Delete dangerous scripts. For example, a heap overflow vulnerability exists in request processing for. ing the. HTR file. Remote attackers can exploit this vulnerability to obtain access permissions of common users on the host. For idq. dll, there is an unchecked buffer when processing some URL requests. If an attacker provides a URL in a special format, a buffer overflow may occur. By carefully constructing and sending data, attackers can change the Program Execution Process and execute arbitrary code. Attackers can exploit this vulnerability to remotely obtain the "local system" permission. Therefore, deleting unnecessary scripts can minimize the possibility of exploiting vulnerabilities:
Script Type |
Ing |
Web-based Password Reset |
. Htr |
Internet Database Connector |
. Idc |
Server-side encryption DES |
. Stm. shtml. shtm |
Internet Printing |
. Printer |
Index Server |
. Ida. idq. HTA |
2. Data attacks the following mainly summarizes the security policies for SQL injection and the settings for SQL Server. The so-called SQL injection refers to the use of some external interfaces of the database to insert user data into the actual database operating language, so as to intrude into the database and even the operating system. In a web system that uses Web scripting language (Asp, PHP) as the front-end + database as the backend, in order to achieve the purpose of interacting with users, it is inevitable that some items are information submitted by the user, such as the user's login information, query strings, or information that the user can modify remotely. Attackers may exploit this information to tamper SQL statements into other combined statements for attack purposes. Here is a simple example: <HTML> III.
Conclusion:
Network security technology is an important part of network security management. Reasonable System and IIS configurations can enhance network security. At the same time, code security and reasonable firewall configuration cannot be ignored. The technologies mentioned in this article have been applied in employment management systems of some colleges and universities. Practice has proved that these technologies are feasible and effective. At the same time, although this article discusses Win2000 Server + SQL + iis5.0, it can also be applied to other server configurations.
References
1. joel scambray, Stuart McClure, George Kurtz. hacker exposure: network security secrets and solutions. version 2nd. zhong xiangqun, translated by Yang Ji Zhang. beijing: Tsinghua University Press, 20022. ning Zhang. computer and network security and protection basics. beijing: Beijing University of Aeronautics and Astronautics Press, 19993. li haiquan, Li Jian. computer system security technology. beijing: People's post and telecommunications press. 20014. shan Zheng, Liu Xu, Yang Kang, etc. network black hole attack and Prevention Guide. beijing: China Power Press. 2002