Windwos server security-common security check list
Recently, a security check was conducted on the website server, and the following lists were checked separately to prevent unburned attacks.
Serial number
Regular check
1
Port Check (disable unnecessary ports)
2
NTFS permission management (file
First, why is there a sticky security MAC address? The reason is that although the static security MAC address can make an interface of the switch to allow only a fixed computer access, but need to do is to find the MAC address of the computer, so, at this time with a sticky security MAC address this problemSW1 (config-if) #swSW1 (config-if) #switchport mo acSW1
Tags: An Huaqin and database security data leakage preventionabsrtact: This article will analyze the technology of SQL injection attack and the principle of database encryption technology and the protection effect, in order to discriminate database security technology misunderstanding "database encryption can solve SQL injection", and this paper also gives the protection method of SQL injection.1. Database
For most enterprise LAN, routers have become one of the most important security devices in use. Generally, most networks have a primary access point. This is the "virtual border router" that is usually used with a dedicated firewall ".
After proper configuration, the edge router can block almost all the most stubborn bad elements out of the network. If you want to, this type of router also allows good people to access the network. However, a vro witho
The security group upgrade rule failed error: Rule "Security Group Sid (Security Identifier)" failed was reported in the forum today. This error occurs because the Windows Local Group Sid information created by SQL Server does not match the SID in the registry. You need to use whoami/groups to find the correct Sid and replace the error Sid in the registry, the pr
How to set destoon security? Common security setting methods for destoon
Common security setting methods for destoonAfter the destoon system is installed, it is best to set the security of the system for the sake of website security.The destoon system usually has the following steps to perform
Some time ago, the security vulnerability of Google's input method in Windows Vista was booming. Many users have such questions from csdn, Microsoft and Chinese colleagues I know? Is this a Google input method implementation problem or a Windows Vista system vulnerability?
We know that in windows, Applications
Program All must be run under the corresponding user account. For example, if you log on as a common user and execute an application, the ru
Improve PHP security: Eight default PHP configurations that must be modified to improve php security
Obviously, PHP + Mysql + Apache is a popular web technology. This combination is powerful, scalable, and free of charge. However, the default PHP settings are not suitable for websites that have already been launched. Modify the default configuration file to enhance the PHP
PHP Security ramble on Apache server security settings
1, to nobody users to run
In general, Apache is installed and run by root. If the Apache server process has root user privileges, it poses a significant threat to the security of the system and should ensure that the Apache server process runs with the most likely low-privileged users. By modifying the follo
3 Demonstration Verification scheme and result analysis3.1 Demonstration Validation Scenarios3.1.1 Verifying targetsThis scheme is mainly used to verify the system protection process and the corresponding protection principle of selinux implemented by flask architecture.3.1.2 Verifying the environmentOperating system: centos6.3 with SELinux enabledKernel version: 2.6.32-279.e16.i686Policy type: TargetedPolicy version: policy.24Necessary packages: Setools, Policycoreutil3.1.3 Technical principleB
Talking about security, such as now on the market some OAuth2 \ Oidc-openid Connect, identity authentication, authorization, and so on, the following first Java SecurityThis piece of stuff is a lot more complicated than spring Security or. Netcore Security, 1.1-point comparison noteSpring SecurityPart:Securitycontextholder provides several ways to access the Secu
10 common security vulnerabilities-increasingly difficult to cope with network security attacks
As we all know, hacker intrusion, network attacks, and other digital security vulnerabilities have never been compromised. One industry's troubles may be another industry's nightmare-if you read Veracode's software security
What is micro-separation? Fine Granularity teaches you how to improve network security and fine-grained network security
Micro-segmentation (or micro-isolation) is a method for creating a global security in the data center and cloud deployment. It can isolate the workload and implement individual protection, the goal is to achieve more fine-grained network
Comments: The following describes the Common Omissions in the TEN network security settings, no matter how much effort we make, end users, or even enterprise IT departments, security omissions that are easily corrected will still be ignored. This article will discuss with you 10 Security omissions that can be avoided and tell you how to correct such negligence.1:
Security Settings for WindowsServer2003 + IIS6.0 + ASP servers-component Security Settings A. Uninstall WScript. shell and Shell. application Component, save the following code as. BAT file execution (in 2000 and 2003 systems) windows2000.bat
Copy codeThe Code is as follows: regsvr32/u C:/WINNT/System32/wshom. ocx
Del C:/WINNT/System32/wshom. ocx
Regsvr32/u C:/WINNT/system32/shell32.dll
Del C:/WINNT/system3
Delete the following registry primary key:
Wscript.Shell
Wscript.shell.1
Shell.Application
Shell.application.1
Wscript.Network
Wscript.network.1
regsvr32/u wshom.ocx carriage return, regsvr32/u wshext.dll carriage return
Windows 2003 hard Drive security settings
C:\
Administrators All
System All
IIS_WPG only This folder
List Folder/Read data
Read properties
Read Extended Properties
Read permissions
C:\inetpub\mailroot
Administrators All
System All
Se
Command:Vim/etc/login.defsDefault settings:# Password Aging controls:## Pass_max_days Maximum Number of days a password is used.# pass_min_days Minimum number of days allowed bet Ween password changes.# pass_min_len Minimum acceptable password length.# pass_warn_age number of Days warning given before a password expires. #PASS_MAX_DAYS 99999pass_min_days 0 Pass_min_len 5 pass_warn_age 7Analytical:Pass_max_days---Password valid days, maximum how long to change
Original address: Webapi using token+ signature verification
first, not to verify the way
API Query Interface:
Client invocation: http://api.XXX.com/getproduct?id=value1
As above, this way is simple and rough, in the browser directly input "Http://api." Xxx.com/getproduct?id=value1 ", you can get product list information, but this way there will be a very serious security problems, without any verification, you can get to the product list, resulti
Step One: Open the Conf folder under the ACTIVEMQ installation directory, open the Conf/jetty.xml,
Value value = "false" for property name authenticate, modified to value = "true". The implication is: Launch login security authentication mechanism
Step Two: Configure ACTIVEMQ secure login account and password
Control ACTIVEMQ Security login account and password information is in the Conf/jetty-real.proper
Mobile phone lost QQ Security Center how to solve the tie?
The first step: you can in the QQ token page Click to bind, the following figure:
You can also click the "Bind" button on the Secret Protection Toolbox page, as shown below:
The second step: into the Untied QQ token page, to determine the binding QQ token on the use of the user business impact, if you determine no problem, please click to determine the unified
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.