The hacker sees the server security configuration to have to look!
Source: Internet
Author: User
KeywordsServer Security Configuration
Today, we mainly tell you about the security configuration of the server in reverse view since our prevention is from the intruder's perspective, then we first need to know the intruder's actual intrusion mode, the following is the description of the specific scenario, hope that in your future study will help. At present, the popular web intrusion method is to find the Webshell of the Web site first and then according to the server configuration to find the appropriate way to carry out the right, and then take the server permissions. So it is an effective method to set up the Webshell to prevent the server. Reverse observation hacker look at server Security Configuration reverse observation hacker look at server Security Configuration [2] Since our defenses are considered from an intruder's perspective, we first need to know the intruder's way of intrusion. At present, the popular web intrusion method is to find the Webshell of the Web site first and then according to the server configuration to find the appropriate way to carry out the right, and then take the server permissions. So it is an effective method to set up the Webshell to prevent the server. Prevent database from being illegally downloaded it should be said that a little network security Administrator, will be downloaded from the Web site program's default database path changes. Of course, some administrators are very careless, get the program directly on their own server to install, even the description file is not deleted, let alone change the database path. In this way, the hacker can download the website source program directly from the source site, then find the default database in the local test, and then read the user information and data through the download database (usually through MD5 encryption) to find the management entrance to obtain the Webshell. There is also a situation is due to the program error caused by the Web site database path, so how to prevent this happening? We can add an extension map of the MDB. As shown in the following illustration: Open IIS to add a map of an MDB and have the MDB parse into other files that cannot be downloaded: IIS Properties-Home Directory-Configuration-mappings-application extensions. MDB file application resolution, as for the file to parse it you can make their own choice, as long as access to the database file can not be accessed. The advantage of doing this is that 1 of the database files in the MDB suffix format are definitely not downloaded; 2 works for all MDB files on the server, which is useful for virtual host administrators. Prevent database from being illegally downloaded for the above configuration if the use of MSSQL database, as long as there is injection point, can still use the injection tool for guessing the database. If upload file does not have authentication at all, we can upload an ASP's Trojan horse to get the server Webshell. To deal with the upload, we can sum up as: can upload the directory does not give executive permission, can execute the directory does not give permission to upload. WEB program is run through IIS users, we just give IIS users a specific upload directory has write permission, and then the directory of the script to remove the permissions, you can prevent intruders by uploading to get Webshell. Server Security Configuration method: First in the Web directory of IIS, open the Permissions tab, read and list directory permissions only to IIS users, and then go to the directory where the uploaded files are saved and stored in the database, add write permissions to the IIS users, and finally the "Properties"-"Execute Permissions" option in both directories to "pure script" Change to "none". See the following figure to remind you that when you set the above permissions, you must be aware of the inheritance of the parent directory. Avoid the setup in vain. MSSQL injection for the MSSQL database defense, we say, first of all to start from the database connection account. Database does not use the SA account. Connecting to a database with the SA account is a disaster for the server. Generally, you can use the db_owner rights account to connect to the database, and if it works, it is safest to use the public user. Set to the DBO permission to connect to the database, the intruder can only guess the user name and password or differential backup to get Webshell, for the former, we can encrypt and modify the management background of the default login to defend. For differential backups, we know that it is conditional on having backup permissions and that you know the Web directory. Looking for a web directory we say it is usually done by traversing the directory or directly reading the registry. None of these two methods have been used in the Xp_regread and xp_dirtree two extended stored procedures, we just need to delete these two extended storage can, of course, the corresponding DLL file can also be deleted. But if it is due to the error of the program itself out of the web directory, there is no way. So we want to make the account less privileged to complete the backup operation. The specific operation is as follows: In this account's properties-database access options only need to select the corresponding database and give it the dbo permissions, for other databases do not operate. Then go to the database-attributes-permissions to remove the user's backup and backup log permissions, so that intruders cannot get webshell through differential backups. The above related content is the reverse observation hacker to see the server Security Configuration introduction, hope you can have the harvest.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.