security hardening standards

;/etc/issueCp-f/etc/issue/etc/issue.netEcho >>/etc/issue2) for Apache configuration file, find Servertokens and serversignature two directive, modify its default properties as follows, use no echo version number:Servertokens PRODServersignature OFFVi. iptables Firewall Rules:Iptables-a input-p--dport 22-j ACCEPTIptables-a input-i eth0-p TCP--dport 80-j ACCEPTIptables-a input-m State--state established,related-j ACCEPTIptables-a input-j DROPThe above rule will block TCP active pick-up from the in

1. Update system PatchesUpdating patches is the most important step in security hardening.2. Disable services that you do not needThe following services must be disabled: Server, Workstation, Print Spooler, Remote Registry, Routing and remote Access, TCP/IP NetBIOS Helper, computer Browser3. System Permission settingsBecause there are so many places to set up the system permissions, we can only publish the

2Database Security Hardening... -2.1 Modify The root user default password, delete the empty password ... -2.2 Delete the default database and non-essential database users ... to2.3 run MSYQL with an independent user 2.4 About The management of non- root database users ... -2.5 about the default administrator user name management ... the2.6 User Directory permission limits ... *2.7 Command Histor

Tags: assigning ISO grub.con an unload performing read-write associated HIDAbout "Security hardening"Safety is relative.Reinforcement may involve all aspects of the system: (1) hardware. For example: Intel X86 Hardware vulnerability; (2) operating system. Run from installation to installation and (3) system services. The service itself installs the configuration, the system resources involved in the service

The United States Cloud (MOS) provides the Windows Server 2008 R2 and the Windows Server R2 Data Center version of the cloud host server. Windows Server security issues require extra attention because of the high market share of Windows servers, more malware such as virus Trojans for Windows servers, easy access, and low technology thresholds. To safely use Windows cloud hosts, it is recommended that you apply the following simple

those modules.Locate the code that contains loadmodule in the Httpd.conf. To close these modules, simply add a # sign before the line of Code. To find a module that is running, you can use the following statement:grep loadmodule httpd.confThe following modules are usually activated and are not large: mod_imap, mod_include, mod_info, mod_userdir, mod_status, mod_cgi, mod_autoindex13. Clear the default annotations from httpd.confThe default httpd.conf file in Apache 2.2.4 has more than 400 lines.

System Performancevm.bdflush = + 1884, Improve virtual memory performancevm. Buffermem = 60# increases the size of the socket queue (effectively, q0). Net.ipv4.tcp_max_syn_backlog = 1024# Increa SE the maximum total tcp buffer-space Allocatablenet.ipv4.tcp_mem = 57344 57344 65536# increase the maximum TCP Write-buff Er-space Allocatablenet.ipv4.tcp_wmem = 32768 65536 52428815# increase the maximum TCP Read-buffer space Allocatablenet.ip V4.tcp_rmem = 98304 196608 1572864# increase the maximum a

Usage: When implementing a login system, two people are required to be authorized to log in.Vi/etc/security/userChange the following:Sjhadmin = FalseRlogin = Trueauth1 = System;sjh,system;sam -- just add the line.Next time Use SJH User name login will require you to enter SJH and the Sam password is entered correctly before you can log into the systemThis article from "Technology bo" blog, declined reprint!AIX series------

http://www.nagain.com/appscan/http://bbs.pediy.com/forumdisplay.php?f=166Http://jaq.alibaba.comHttp://www.cocoachina.com/ios/20141118/10245.htmlSecurity test Report for the online Banking app on the iOS platformHttp://www.freebuf.com/articles/terminal/102396.htmlAutomated testing for Android app detection: Comparison of five app security online detection platformshttp://safe.ijiami.cnHttps://mqc.aliyun.com/?spm=0.0.0.0.EI7ecOHttp://wetest.qq.com/?from

/profile/etc/profile.bakecho export tmout=600 >>/etc/profile #增加10分钟超时退出echo export histtimeformat=\ '%F% T ' WhoAmI ' >>/etc/profile #记录操作历史记录的时间echo export histfilesize=10000 >>/etc/profileecho export hists ize=10000 >>/etc/profilesource/etc/profileNote: Historical command history can effectively record the behavior of the user, on the one hand can be easily found, but also to see when the user did what action. This article is from the "Ljohn" blog, make sure to keep this source http://ljohn.b

★ Welcome to The Guardian God · V Classroom, website address: http://v.huweishen.com★ Guardian God · V Classroom is a Web site dedicated to providing server instructional video for the Guardian God, updated weekly video.★ This section we will lead you: Server Security Hardening• Due to the wide variety of security factors and different server settings, this secti

Overview This chapter provides information about working with Microsoft? Windows Server? Recommendations and resources for security hardening on Internet Authentication Service (IAS) servers above 2003. IAS is a Remote Authentication Dial-In User Service (RADIUS) server that implements the functions of user authentication, authorization, and centralized management of accounts. IAS can be used to authenticat

member server hardening procedures." The following table lists all the IPSEC filters that can be created on the IIS server in the Advanced Security environment defined in this guidance. Service Agreement Source Port Target Port Source Address Destination Address Operation Mirror Terminal Services Tcp All 3389 All ME Allow Is HTTP Server Tcp All 80 All ME Allow Is HTTPS Server Tcp All 443 All ME Allow Is Wh

Linux server security is important for protecting user data and intellectual property, while also reducing the time you face hackers. At work, the system administrator is usually responsible for the security of Linux, and in this article, 20 recommendations for hardening Linux systems are described. All of the recommendations in this article are based on the rele

Write in front: Blog Writing in mind 5w 1 H law: w hat,w hy,w hen,w here,w ho,h ow. The main content of this article:Authority authenticationSELinux operating mode/startup modeSecurity Context View and modification Brief introduction:SELinux is all called security Enhanced Linux, which means secure hardening of Linux.It is designed to prevent "misuse of internal staff resources". It

The following configuration is used for my formal environment. More than Apache before, now basically not. Now share it.1. 2. Use rewrite to harden Apache # # # # # # # # # #APACHE url keyword Hardening Strategy # # # # # #请自行添加删减关键字 #并做好测试 Examples are as follows: Rewriteengineonrewritecond%{request_uri}xwork|java|redirect|passwd|hosts|windows|script | SCRIPT|LOCATION|PROMPT|PROC\/SELF\/ENVIRON|MOSCONFIG_[A-ZA-Z_]{1,21} (=|%3d) |base64_encode.* (.

unnecessary ports, timely patching loopholes and other technologies to increase the security of the system. From this, I have compiled a short Linux reinforcement article, only for Linux beginners, I hope to be able to help you. Network security has always been the most important and the biggest gap in the Internet, and it is imperative to ensure the security of