Web Site Security Policy Solutions

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Web Security Policy Solutions

The first part of the web's security requirements

1.1 Web security architecture, including host security, network security and application security;

1.2 Web browser and server security requirements;

In a known web server (including hardware and software) vulnerability, the minimum number of attacks against this type of Web server;

Administrative operations on the server can only be performed by authorized users;

Deny Web access to content not publicly published on the Web server;

Prohibit unnecessary network services embedded in the OS or Web server software;

Ability to control access to all forms of. EXE programs;

Ability to log web operations for intrusion detection and intrusion attempt analysis;

With proper fault-tolerant function;

Security requirements for 1.3 Web transmissions

The Web server must be isolated from the internal network:

There are four implementations, and you should choose to use a high-performance Cisco firewall for Isolation

The Web server must be isolated from the database;

Maintain a secure copy of a Web site: A release from the developer's final release (content security);

Secondly, the storage location is safe (another independent host in the intranet after the firewall);

Also, regular backup should use tape, can erase the media such as CD-ROM;

1.4 Web threats: information leaks, denial of service, system crashes, Springboard.

Part two security policies for Web servers

Host operating system is the direct support of the Web, the host system must be properly configured to provide security support for the Web server:

Provide only the necessary services;

The attack of a service does not affect other services;

Use the accessibility tools running on other hosts and start the security log;

To set Web server access control rules:

Through IP, subnet, domain name to control;

by password control;

Use public key encryption algorithm;

Set Web server directory permissions;

Turn off security-vulnerable Web server features such as: Automatic catalog list function; symbolic connection

Carefully organize the content of your Web server:

Link checking;

CGI program detection (if this technique is used);

Regular security checks on the Web server;

Auxiliary tools: SSH;

File system integrity Detection tool;

Intrusion detection tools;

Log Audit tool;

Part III web attack and anti-attack

Intrusion detection methods:

Physical examination;

Emergency inspection;

to hunt for intruders;

Type of attack:

Denial of service;

Part IV security and constraint rules of source code

No backdoor procedures and vulnerabilities, including the reasonableness of the system architecture, compliance with security requirements assembly disassembly, virus anti-virus.

Finally, as for the security of cookies, encryption technology, web browser security, Web server security every company set rules are different, vary from person to person.