Web Site Security Policy Solutions

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Web Security Policy Solutions

The first part of the web's security requirements

1.1 Web security architecture, including host security, network security and application security;

1.2 Web browser and server security requirements;

In a known web server (including hardware and software) vulnerability, the minimum number of attacks against this type of Web server;

Administrative operations on the server can only be performed by authorized users;

Deny Web access to content not publicly published on the Web server;

Prohibit unnecessary network services embedded in the OS or Web server software;

Ability to control access to all forms of. EXE programs;

Ability to log web operations for intrusion detection and intrusion attempt analysis;

With proper fault-tolerant function;

Security requirements for 1.3 Web transmissions

The Web server must be isolated from the internal network:

There are four implementations, and you should choose to use a high-performance Cisco firewall for Isolation

The Web server must be isolated from the database;

Maintain a secure copy of a Web site: A release from the developer's final release (content security);

Secondly, the storage location is safe (another independent host in the intranet after the firewall);

Also, regular backup should use tape, can erase the media such as CD-ROM;

1.4 Web threats: information leaks, denial of service, system crashes, Springboard.

Part two security policies for Web servers

Host operating system is the direct support of the Web, the host system must be properly configured to provide security support for the Web server:

Provide only the necessary services;

The attack of a service does not affect other services;

Use the accessibility tools running on other hosts and start the security log;

To set Web server access control rules:

Through IP, subnet, domain name to control;

by password control;

Use public key encryption algorithm;

Set Web server directory permissions;

Turn off security-vulnerable Web server features such as: Automatic catalog list function; symbolic connection

Carefully organize the content of your Web server:

Link checking;

CGI program detection (if this technique is used);

Regular security checks on the Web server;

Auxiliary tools: SSH;

File system integrity Detection tool;

Intrusion detection tools;

Log Audit tool;

Part III web attack and anti-attack

Intrusion detection methods:

Physical examination;

Emergency inspection;

to hunt for intruders;

Type of attack:

Denial of service;

Part IV security and constraint rules of source code

No backdoor procedures and vulnerabilities, including the reasonableness of the system architecture, compliance with security requirements assembly disassembly, virus anti-virus.

Finally, as for the security of cookies, encryption technology, web browser security, Web server security every company set rules are different, vary from person to person.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.