1) injection attacks detect whether there are loopholes such as SQL injection, SSI injection, Ldap injection, Xpath injection, etc. If there are such loopholes, the attacker can easily gain the background management authority of the website and even the management authority of the website server by injecting the injection point.
2) XSS cross-site scripting detects whether there is XSS cross-site scripting vulnerability in the website. If this vulnerability exists, the website may be attacked by Cookie spoofing, web page hanging and so on.
3) The webpage hangs a horse to detect whether the website is illegally implanted with Trojan horse programs by hackers or malicious attackers.
4) Buffer overflow detection website server and server software, whether there is a buffer overflow vulnerability, if there is, the attacker can obtain the management authority of the website or server through this vulnerability.
5) Whether there are upload vulnerabilities in the upload function of the upload vulnerability detection website. If there is such a vulnerability, an attacker can directly upload a Trojan horse to obtain WebShell.
6) source code leakage detection whether there is a source code leakage vulnerability in the Web network. If there is such a loophole, the attacker can directly download the source code of the website.
7) The hidden directory leak detection website detects whether there are leaks in some hidden directories. If there is a loophole, the attacker can know the whole structure of the website.
8) Whether the database leak detection website leaks in the database. If this vulnerability exists, an attacker can illegally download the website database by exposing the database.
9) Weak password Check whether the backstage management users and foreground users of the website use weak passwords.
10) Manage whether the address leakage detection website has the function of managing address leakage. If this vulnerability exists, the attacker can easily obtain the backstage management address of the website. 1, structural security and network segment division
The service processing capacity of network equipment has redundant space to meet the needs of business peak period; According to the business characteristics of the organization, on the basis of meeting the peak business demand, reasonably design the network bandwidth;
2. Network access control
The common protocol of data band is not allowed to pass.
3, dial-up access control
Remote dial-up access functions (such as remote dial-up users or mobile VPN users) are not enabled.
4. Network security audit
Record the date and time, user, event type, whether the event was successful or not, and other information related to the audit, such as the running status of network equipment, network traffic, user behavior, etc.
5. Boundary integrity check
Be able to check the unauthorized device's unauthorized connection to the intranet, accurately determine the location and effectively block it; You can check the behavior of intranet users connecting to the external network privately, accurately judge the location, and effectively block it.
6, network intrusion prevention
Monitor the following attacks at the network boundary: port scanning, violent attack, Trojan backdoor attack, denial of service attack, buffer overflow attack, IP fragment attack, network worm attack and other intrusion events; When an intrusion event is detected, the source IP, attack type, attack purpose, attack time, etc. When serious intrusion occurs, it can provide alarm (such as real-time screen prompt, email alarm, sound alarm, etc.). ) and can automatically take corresponding actions.
7, malicious code prevention
Detect and remove malicious code at the network boundary; Maintain the upgrade of malicious code base and update the detection system.
8, network equipment protection
Authenticating the identity of the user who logs into the network device; Restrict the login address of network equipment manager; The main network equipment selects two or more combined authentication technologies for the same user to authenticate 1 and authenticate.
Identify and determine the users who log in to the operating system and database system;
2. Autonomous access control
Control the access of the subject to the object according to the security policy.
3. Mandatory access control
Sensitive marks should be set for important information resources and all subjects accessing important information resources; The coverage of compulsory access control should include all subjects and objects directly related to important information resources and their operations; The granularity of compulsory access control should reach the user level as the main body, and files, database tables/records and fields as the objects.
4. Trusted path
When the system authenticates the user, a secure information transmission path can be established between the system and the user.
5. Safety audit
The audit scope covers every operating system user and database user on the server and important clients; The audit content includes important security-related events in the system.
6, the remaining information protection
Ensure that the storage space where the authentication information of users of operating system and database management system is located is completely cleared before being released or redistributed to other users, regardless of whether the information is stored on hard disk or in memory; Ensure the storage space of files, directories, database records and other resources in the system.
It can detect the invasion of important servers, record the source IP of the invasion, the type of attack, the purpose of the attack, and the time of the attack, and give an alarm when a serious invasion occurs; Be able to detect the integrity of important programs, and have recovery measures after detecting that the integrity is destroyed; The operating system follows the principle of minimum installation, only installs the required components and applications, and keeps the system patches updated in time by setting up an upgrade server.
8, malicious code prevention
Install anti-malicious code software and update the anti-malicious code software version and malicious code base in time; Host anti-malicious code products and network anti-malicious code products have different malicious code bases; Support the unified management of anti-malicious code.
9. Resource control
Restrict terminal login by setting conditions such as terminal access mode and network address range; According to the security policy; Monitor the use of important servers, including CPU, hard disk, memory, network and other resources of the server; Limit the maximum or minimum usage of system resources by a single user; When the service level of the system drops to the pre-specified minimum level, it can detect and give an alarm. Authenticity: judge the source of information and identify the information from forged sources.
◆ Confidentiality: ensure that confidential information is not eavesdropped, otherwise eavesdroppers cannot understand the true meaning of the information.
◆ Integrity: ensure the consistency of data and prevent data from being tampered with by illegal users.
Availability: Ensure that legitimate users' use of information and resources will not be improperly denied.
Undeniability: It is extremely important to establish an effective responsibility mechanism to prevent users from denying their actions.
Controllability: the ability to control the dissemination and content of information. (1) Information leakage: information is leaked or disclosed to an unauthorized entity.
(2) Destruction of information integrity: data is added, deleted, modified or destroyed without authorization and suffers losses.
(3) Denial of service: Legal access to information or other resources is unconditionally blocked.
(4) Illegal use (unauthorized access): Resources are used by unauthorized persons or in an unauthorized way.
(5) Eavesdropping: stealing information resources and sensitive information in the system by all possible legal or illegal means. For example, monitoring the signals transmitted in communication lines, or intercepting useful information by using the electromagnetic leakage generated by communication equipment in the working process.
(6) Business flow analysis: By monitoring the system for a long time, the parameters such as communication frequency, communication information flow direction, and total communication volume change are studied by statistical analysis methods, and valuable information and rules are found.
(7) Impersonation: By deceiving communication systems (or users), illegal users can impersonate legitimate users, or users with less authority can impersonate users with greater authority. Most hackers use fake attacks.
(8) Bypass control: The attacker takes advantage of the security flaws or loopholes in the system to gain unauthorized rights or privileges. For example, the attacker found some system "features" that should be kept secret, but they were exposed. Using these "features", attackers can bypass the defenders of the defense line and invade the inside of the system.
(9) Authorization infringement: A person who is authorized to use a system or resource for a certain purpose uses this right for other unauthorized purposes, which is also called "internal attack".
(10) Trojan Horse: This software contains an imperceptible harmful program segment, which will destroy the safety of users when executed. This application is called Trojan Horse.
( 165438+
(12) Denial: This is an attack from users, for example, denying a message you posted, forging the other party's letter, etc.
(13) Replay: To copy and forward the intercepted legal communication data for illegal purposes.
(14) computer virus: a program that can realize the functions of infection and infringement during the operation of a computer system.
(15) Careless personnel: Authorized personnel disclose information to unauthorized personnel for some benefit or due to carelessness.
(16) Media Discarding: Get information from discarded disks or printed storage media.
(17) Physical intrusion: The intruder bypasses the physical control and enters the system.
(18) Theft: Important security items, such as tokens or ID cards, are stolen.
(19) Commercial deception: Fake systems or system components deceive legitimate users or systems to voluntarily give up sensitive information, and so on. ◆ Natural disasters and accidents;
◆ Computer crime;
◆ Human error, such as improper use and poor safety awareness;
◆ "hacker" behavior;
◆ Internal leakage;
◆ External leakage;
◆ Information loss;
Electronic espionage, such as information flow analysis, information theft, etc. ;
◆ Information warfare;
◆ Defects of network protocol itself, such as security issues of TCP/IP protocol.
◆ Sniff, sniff. A sniffer can eavesdrop on packets flowing through the network.