Let us explain the website security protection method from many angles

First, security measures

In response to hacking threats, network security administrators take various measures to enhance the security of the server and ensure the normal operation of the WWW service. Like servers such as Email and ftp on the Internet, you can use the following methods to protect the WWW server:

Security configuration

To close unnecessary services, it is best to provide only WWW services, install the latest operating system patches, upgrade the WWW service to the latest version and install all patches, and configure the security recommendations based on WWW service providers. Great to provide security of the WWW server itself.

Firewall

Install the necessary firewalls to block the heuristics and information collection of various scan tools, even to block machine connections from certain specific IP address ranges based on security reports, add a layer of protection to the WWW server, and also to the network inside the firewall The environment is adjusted to eliminate security risks in the internal network.

Vulnerability scan

Use commercial or free vulnerability scanning and risk assessment tools to periodically scan the server for potential security issues and ensure that normal maintenance work such as upgrading or modifying configurations does not pose a security issue.

Intrusion Detection System

Using the real-time monitoring capabilities of the intrusion detection system (IDS), discover ongoing attacks and pre-attack temptations, and record the source and attack steps and methods of hackers.

These security measures will greatly provide WWW server security and reduce the possibility of being attacked.

Second, the website's special protection method

Although the various security measures adopted can prevent many hackers from attacking, due to continuous discovery of various operating system and server software vulnerabilities, attack methods emerge in endlessly. Highly skilled hackers can still break through the layers of protection and gain control of the system. To achieve the purpose of destroying the home page. In this case, some cyber security companies have launched protection software specifically for websites, which only protects the most important content of the website—the webpage. Once it detects a {non-normal} change in the protected file, it resumes. Under normal circumstances, the system first needs to back up the normal page file, and then start the detection mechanism to check whether the file is modified. If it is modified, it needs to be restored. We analyze and compare the following aspects of technology:

Monitoring method

Local and remote: Detection can be performed locally on one monitor side or on another host on the network. If it is local, the monitor side process needs enough permissions to read the protected directory or file. If the monitoring end is at a remote site, the WWW server needs to open some services and give the monitoring terminal corresponding rights. The more common way is to directly use the open WWW service of the server and use the HTTP protocol to monitor the protected files and directories. Other commonly used protocols can also be used to detect protected files and directories, such as FTP. The advantage of using local mode detection is high efficiency, while remote mode has platform independence, but it will increase network traffic and other burdens.

Timing and triggering: Most of the protection software is the timing detection method. Whether it is local or remote detection is based on the time set by the system, it can also be divided into different levels, and the level is high. The time interval can be set to be shorter for better real-time performance, and the detection interval for web pages with lower protection level is set to be longer to reduce the burden on the system. The trigger mode is to use some functions provided by the operating system to be notified when files are created, modified, or deleted. This method has the advantages of high efficiency, but it cannot achieve remote detection.

Comparison method

When judging whether the file is modified, the files in the protected directory and the backup database are often compared to compare the full text of the most common way. Using the full text comparison can directly and accurately determine whether the file has been modified. However, full-text comparison is very inefficient when the files are large, and some protection softwares use file attributes such as file size and creation modification time. This method is simple and efficient, but it also has serious defects: {malicious intruders} Can be carefully constructed, the replacement file's properties are set exactly the same as the original file, {so that maliciously changed files can not be detected}. Another solution is to compare digital signatures of files. The most common is the MD5 signature algorithm. Because of the unforgeability of digital signatures, digital signatures ensure that the files are the same.

Recovery method

The recovery method is directly related to the location of the backup inventory. If the backup inventory is located locally, the recovery process must have permission to write protected directories or files. If you need to do it remotely through file sharing or FTP, then you need a file sharing or FTP account, and the account has write permission to the protected directory or file.

Backup library security

When hackers find that their replacement homepage is quickly restored, they often inspire the desire for further destruction. At this time, the security of backup libraries is particularly important. The security of web pages is transformed into the security of backup libraries. One of the protections of backup libraries is through file hiding, which prevents hackers from finding a backup directory. Another method is to digitally sign the backup repository. If the hacker modifies the contents of the backup repository and the protection software can discover the signature, you can stop the WWW service or use a default page.

Through the above analysis and comparison, we found that various technologies have their own advantages and disadvantages. We need to combine the actual network environment to select the most suitable technical solution.

Third, the website protection flaw

Although website protection software can further improve the security of the system, there are still some flaws. First of all, these protection softwares are designed for static pages. Nowadays, dynamic pages occupy more and more areas. Although local monitoring methods can detect script files, they cannot do anything about the database used by script files.

In addition, some attacks are not directed against page files. The "Red Code" that was flooded in the past was the use of a dynamic library to modify IIS services to achieve the purpose of attacking pages. On the other hand, the website protection software itself will increase the load of the WWW server. In the case that the load of the WWW server itself is very heavy, it must be carefully planned.

Fourth, the conclusion

This article discusses the commonly used protection methods of the website, analyzes and compares various technical implementations, advantages and disadvantages of the dedicated website protection software in detail, and points out its defects. Although security can be solved without using a tool or tools, using these tools can help improve security and reduce security risks.

Other Seamless Steel Pipe/Tube

Carbon Steel Seamless Pipe,Carbon Steel Seamless Tube,Steel Seamless Tube

Xinpengyuan Metal Manufacturing Co., Ltd , http://www.lc-steelpipe.com