Web site to "black" treatment of injury? Web server security should be a concern

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

With the frequent occurrence of data security incidents, the safety of Web sites has become the focus of the industry. Mengniu Company was caught in the "dairy quality door" and the hacker attacks by netizens ' extensive attention! According to the December 28, 2011 Evening Sina News, the Chinese dairy giant Mengniu Company official website was hacked at night, calling itself "sit group" hacker attack Mengniu official website, and change its homepage login page , causing a large number of netizens onlookers, so that their web site for a short time into a "paralyzed" state:

Mengniu Official Website screenshot

Web site by the phenomenon of black at home and abroad sometimes, can be retrieved: the second half of 2011, Bupt website was black, "the headmaster to become a pig", staged angry shoes farce. November 21, 2011, China's famous CSDN website 6 million users of information leakage, so set off a wave of Web site data leakage was a wave of leaks, after a spate of leaks and false leakage, but again to arouse people's attention to the security of the Web server. and "Peat peat", Mengniu company also because of "dairy quality door", so that angry people black its website, and is known as "the disgrace of the family", attracted an uproar in the industry!

Last year 35,000 websites in the territory were hacked

The attack on the Web site is really annoying, but in the anger of the Internet is also to comply with the moral standards, the invasion of black its website or should be condemned by all sides. Web server security has been seriously inadequate, is a variety of web sites are often the main reason for the black. The following summary of how to ensure the security of the Web server measures, I hope that those who are still vulnerable to the server to provide some help.

The article mainly takes the Windows Server operating system server as the target object, because the IIS Web Web site Server is more, the attack situation is more serious.

1. Physical Security

The server should be placed in the isolation room where the monitor is installed, and the monitor should keep the camera record for more than 15 days. In addition, the chassis, keyboard, computer desk drawer to be locked to ensure that others even enter the room can not use the computer, the key should be placed in another safe place.

2. Account Security

Rename Admin adminstrator User, enable password security policy, guarantee password length, enable password lock policy, prevent brute force, create new user, join Administrators group, prevent unique Admin user from being locked, deactivate guest user.

3. Stop unwanted services and suggest closing options:

Computer Browser: Maintaining network computer updates, disabling

Distributed file System: LAN management shared files, no need to disable

Distributed linktracking client: For LAN update connection information, no need to disable

Error Reporting Service: Prohibit sending errors report

Microsoft serch: Provides fast word search without the need to disable

Ntlmsecuritysupportprovide:telnet Service and Microsoft Serch, no need to disable

Printspooler: If there are no printers to disable

Remote Registry: Disable the registry from being modified remotely

Remote Desktop help session Manager: No distance assistance

3. Close unnecessary ports

Closing the port means reducing the functionality and requiring you to make a decision on security and functionality. If the server is behind a firewall, it will take less risk, but never think you can sit back and relax. Use the port scanner to scan the ports open by the system, and determine which services are open for the first step in preventing hackers from invading your system.

The following port refers to the TCP port:

Web services: HTTP port: 80,https port: 443, providing services for software IIS

Windows terminal (Remote Desktop) service: port: 3389.

SSH Service: port: 22.

Telnet Service: Port: 23.

MySQL database: Port 3306.

4. Audit strategy

Enter Gpedit.msc carriage return in run, open Group Policy Editor, select Computer Configuration reinstates settings-security Settings-Audit policy when creating an audit project, it should be noted that if there are too many items to be audited, the more events are generated, the more difficult it is to find a serious event. Of course, if the audit is too small, it will also affect your discovery of serious Events, you need to make a choice between the two depending on the situation.

The recommended items to audit are:

Logon event failed successfully

Account Logon event failed successfully

System Event failed successfully

Policy Change failed successfully

Object access failed

Directory Service access failed

Privilege usage failed

5. Open Password Policy

Policy settings

Password complexity requirements Enabled

Minimum password length 6 bits

Enforce password history 5 times

Enforce password history 42 days

6. Open Account Policy

Policy settings

Reset account lockout counter for 20 minutes

Account lockout time 20 minutes

Account lockout threshold 3 times

7. Set access rights for Security records

The security record is not protected by default and is set to only Administrator and system accounts for access.

8. Store sensitive files in another file server

Although the server's hard disk capacity is now large, you should also consider whether it is necessary to put some important user data (files, datasheets, project files, etc.) in another secure server, and often back up them.

9. Do not allow the system to display the last login username

By default, when Terminal Services is connected to the server, the Login dialog box displays the account that was last logged on, and the Local login dialog box is the same. This makes it easy for others to get some user names for the system and then make a password guess. Modify the registry to not allow the dialog to display the last logged in user name

10. Download the latest patches to Microsoft website

Many network administrators do not have the habit of accessing the security site, so that some vulnerabilities have been a long time, but also put the server's loopholes do not supply others as a target. No one can guarantee that millions of lines of code above the system is not a bit of security vulnerabilities, frequent access to Microsoft and some security sites, download the latest service pack and bug patches, is the only way to ensure the long-term security of the server.

11. Anti-Virus Software Installation

Rising, Jiangmin, Jinshan, Norton, Kaspersky always have an anti-virus software is what you need.

12. Prevent SQL injection

SQL database Services try to only allow native connections, rigorously check interactive data on the server side, filter illegal characters, and install IIS security tools.