Zhou Min Yao Jin Li Yang Qi Shou
(School of Manufacturing Science and Engineering, Sichuan University, Chengdu 610065)
Pick
To:: Focus on the security configuration of the system and SQL INJECTION for data,
Key words: network security; SQL INJECTION; system; data
One.
introduction
With the popularity and development of the network, all types of Internet-based systems have also played an increasingly important role in all walks of life. However, due to the characteristics of the computer network has a diversity of connection, the terminal distribution unevenness and the network of openness, interconnection, such as hackers, malware, and other habitats. Moreover, it is especially important to improve network security when it involves privacy information about personal identity, or the sensitive data of various groups such as companies, and even commercial data. This article will focus on the typical configuration in the web system (Win2000 Server SQL IIS5.0), focusing on the system security settings of the Web server and SQL Injection security policies.
two.
Network security hazard analysis and safety technology
Usually, the network security we said is that the data in the network system, software and its systems are protected, and it will not be destroyed, change, leak, and the system can be continuous, reliable, normal due to accidental or malicious attacks. Franc, online service is not interrupted. Therefore, usually network security includes two parts of system security and data security. Similarly, malicious attacks on networks can also be roughly divided into systematic attacks and data type attacks. In network security, various hardware facilities, firewalls are essential. In addition, the system security settings and code data security is also part of it in which this is in-depth discussion. The specific analysis is as follows:
1. System security settings
Take Windows 2000 Server SQL Server 2000 IIS5.0 as an example: relatively, this is our most common network server configuration. But Microsoft's vulnerability is endless, and a patch is one. Therefore, the security of the reinforcement system is extremely important.
First, you should choose a dedicated Web Server server to disconnect the server's network connection when installing the system, and install the Patch of Service Pack 3 on this basis.
Modify the registry after finishing the patch, first prohibit the default sharing. In Windows 2000, there is a "default share", which is automatically shared when the server installation partition is installed, although it is necessary to access the password of the superuser, but this is a potential security hazard, from the server Safety consideration, it is best to close this "default share" to ensure system security. Put the key value:
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / Services / Lanmanserver / Parameters / AutoShareserver modified to 0.
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / SERVICES / LANMANSERVER / Parameters / AutoShaRewKs are modified to 0. If there is no two key values, new will be created. Note that "Dual Number Value" is selected when new.
Also prohibit IPC $ empty connection, set the key value
HKEY_LOCAL_MACHINE / SYSTEM / CURRENTCONTROLSET / CONTROL / LSA / RESTRICTANONYMOUS is modified to 1. IPC $ (Internet Process Connection) is a named pipe that is open to inter-process communication, you can use the corresponding permissions by verifying the username and password, using the remote management computer and the shared resource of the computer to view the computer. With IPC $, the connectors can even create an empty connection with the target host without the username and password (of course, the host must open IPC $ sharing, otherwise it is not connected), and use this empty connection, the connection You can also get the list of users on the target host.
Second, for IIS, try to avoid installing IIS on the main domain controller in the network. Because after IIS is installed, an anonymous account for IUSR_Computername will be generated on the installed computer. This account will be added to the domain user group, providing access to domain user groups to each anonymous user accessing the web server, which not only guarantees the security of IIS, but also threatens the main domain controller. After installation, IISLOCKD.EXE should be run, which is software used to fill IIS vulnerabilities in Microsoft. But this is not enough to guarantee the security of IIS, and should be further reinforced by IIS:
a. Delete and deactivate IIS's demonstration procedures and directories, this is the procedures and files comes with IIS, but also a way to attack the web system.
entry
position
IIS
? / INETPUB / IISSAMPLES
Admin Scripts
? / Inetpub / adminsscripts
Iis Documentation
% SystemRoot% / Help / Iishelp
Data Access
? / Program files / componfiles / system / msadc
b. In order to prevent the attacker from using the server's FTP settings and send mail to the website content to modify the website content, if the server does not need FTP and send mail, you can delete the ftProot and mailroot two folders and turn off the relevant service.
c. To avoid log files to be modified or overwritten, you need to set access control permissions for IIS log files: By default, IIS's logs will under "% systemroot% / system32 / logfiles" directory. If possible, you can change the path of the log into a place. Recommended Access Control Permissions: Administrators; System (Full Control); Everyone (RWC). This step will prevent some malicious users from covering his records by deleting log information.
d. Delete the dangerous script image:
For example: the map of the .htr file, request processing presence orbital vulnerability, remote attacker can use this vulnerability to get the host local ordinary user access. For idq.dll, there is an unchecked buffer when handling some URL requests. If an attacker provides a URL in a special format, it may cause a buffer overflow. By sending data by carefully constructing, an attacker can change the program execution process and perform any code. Successfully use this vulnerability, an attacker can get "local system" permissions remotely. Therefore, deleting some script images that do not need, can minimize the possibility of using the vulnerability attack:
Script type
Mapping
Web-based Password Reset
.htr
Internet Database Connector
.idcser-side incrudes
.stm .shtml .shtm
Internet Printing, INTERNET
.printer
INDEX Server
.ida .idq .hta
2. Data attack
The following mainly summarizes security policies for SQL INJECTION and settings to SQL Server. The so-called SQL INJECTION means that the user data is inserted into the actual database operation language using some of the external interfaces of some databases, thereby achieving the purpose of invasive database or even operating systems. In the WEB Scripting Language (ASP, PHP), the front desk database is made in the background Web system, in order to achieve the purpose of interacting with the user, there is inevitable information from the information from the user, such as the user's login information, inquiry String, or user can modify remotely, etc.. This information is often possible to be utilized by an attacker, tampering with the SQL statement into other combined statements to achieve its attack purposes.
Here, we will give a simple example:
text </ title></p>
<p></ hEAD></p>
<p><body></p>
<p><%</p>
<p>DIM Conn</p>
<p>DIM RST</p>
<p>UserName = Request.QueryString ("UserName")</p>
<p>Password = request.QueryString ("password")</p>
<p>Set conn = server.createObject ("adoDb.connection")</p>
<p>Conn.open strconn 'database connection string</p>
<p>SET RST = Conn.execute ("Select * from login where username = '" & username & "' and password = '"</p>
<p>& password "'")</p>
<p>IF not rst.eof then</p>
<p>Response.write "log in"</p>
<p>Else</p>
<p>Response.write "failed"</p>
<p>END IF</p>
<p>Rst.Close</p>
<p>Conn.close</p>
<p>%></p>
<p></ body></p>
<p></ html></p>
<p>Among them, the key code to implement SQL INJECTION is as follows:</p>
<p>SET RST = Conn.execute ("Select * from login where username = '" & username & "' and password = '" & password "'")</p>
<p>In the database, we define username = user, password = PWD in the table login. If you enter the correct input in the login interface, UserName, Password embeds into the SQL statement, the consisting of the URL:</p>
<p>H t t p: / / localhost / test.asp? username = usrname & password = password</p>
<p>What will happen if the invader submits such a URL?</p>
<p>H t t p: / / localhost / test.asp? username = username & password = any 'OR 1 = 1 -</p>
<p>As a result, the composition of SQL is:</p>
<p>Select * from login where username = 'username' and password = 'any' OR 1 = 1 - 'and 1 = 1 is always established, - the following things will be ignored. So, regardless of the correct password, this statement will return to login.</p>
<p>This is the most typical SQL INJECTION, is also a simple one. The threat of SQL INJECTION is not limited, and there is, such as: getting the background database information, reading data in the database, even obtaining system information, modifying the registry, etc.</p>
<p>According to the above characteristics, we have proposed the following prevention measures:</p>
<p>First, SQL INJECTION is usually happening when interacting with the user, then strict filtration of the user's input is very important, especially for single quotes, double quotes, and "-". Moreover, not only the filtering of the query_string environment variable, but also the data submitted by all forms and the user can filter all the interactions such as the drop-down menu, buttons, etc., buttons. At the same time, considering that a number of malicious attacks may combine some of the data to wind this filtering method. Therefore, a safer method can be used for some security replacement, and the like. For example: replace single quotes with two single quotes</p>
<p>INPUT = Replace (Input, "'", "'")</p>
<p>However, it is not enough to filter only from the perspective of the program.</p>
<p>In addition, you have to make the necessary security configuration for SQL Server, delete some stored procedures:</p>
<p>1. The stored procedure of directly running system commands: XP_cmdshell. XP_cmdshell is the best shortcut to enter the operating system, which is a large back door to the operating system.</p>
<p>2. Delete the stored procedure for accessing the registry, some registry stored procedures can even read the password of the operating system administrator: XP_regaddMultiTRING, XP_REGDELETEKEY, XP_REGDELETEKEY, XP_REGDELETEVALUE, XP_REGENUMVALUES, XP_REGREAD, XP_REGREMOVEMULTISTRING, XP_REGWRITE.</p>
<p>3. OLE stored procedure: sp_oacreate, sp_oadestroy, sp_oageterrorinfo, sp_oagetproperty, sp_oamethod, sp_oasetproperty, sp_oastop</p>
<p>4. Other certain security risks stored procedure: The xp_servicecontrol, xp_stopmail, xp_startmail, xp_perfmonitor, xp_unc_to_drive, xp_perfend, sp_sdidebug, xp_availablemedia, xp_deletemail, xp_dirtree, xp_dropwebtask, xp_dsninfo, and the like.</p>
<p>In fact, how many system stored processes are not used in most applications, and so many system stored procedures for SQL Server are only used to adapt to the user needs, so please delete unnecessary stored procedures, because some system stored processes can be very It is easy to use to improve permissions or destruction. Back up before deleting these stored procedures. If the system does not function properly, it will restore it.</p>
<p>three.</p>
<p>Conclusion:</p>
<p>Network security technology is an important part of network security management, reasonable system and IIS configuration enhance network security. At the same time, the reasonable configuration of the code's security and firewall is also an ignored content. The techniques mentioned in the article have been applied in the employment management system of some universities. Practice has proven that these techniques are feasible and effective. At the same time, although this paper is a discussion for Win2000 Server SQL IIS5.0, it is also possible to selectively apply to other server configurations. references</p>
<p>1. Joel Scambray, Stuart McClure, George Kurtz. Hacker large stiffness: network security confidentiality and solution.</p>
<p>Version 2. Zhong Tun, Yang Ji Zhang. Beijing: Tsinghua University Press, 2002</p>
<p>2. Ning Zhang. Computer and Network Security and Protection Basis. Beijing: Beijing University of Aeronautics and Astronautics Press, 1999</p>
<p>3. Li Haiquan, Li Jian. Computer system security technology. Beijing: People's Posts and Telecommunications Press. 2001</p>
<p>4. Union, Liu Xu, Yang Kang, etc. Network Black Cave Attack and Prevention Guide. Beijing: China Electric Press. 2002</p></div><div class="text-center mt-3 text-grey">
转载请注明原文地址:https://www.9cbs.com/read-87427.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>)
</div><div></div></div></div><ul class="postlist list-unstyled">
</ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="87427" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved
</div><div class="col text-right">Processed:
<b>0.053</b>, SQL:
<b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script>
var debug = DEBUG = 0;
var url_rewrite_on = 1;
var url_path = './';
var forumarr = {"1":"Tech"};
var fid = 1;
var uid = 0;
var gid = 0;
xn.options.water_image_url = 'view/img/water-small.png';
</script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script>
var forum_url = 'list-1.html';
var safe_token = '1L3Y_2FDhhnd_2B_2Bh1CxbHVtCuZy9sRapaSTfsUhVXHoR6H37iiKAd_2FEtssfqunGzBfdjZUkxwD_2BgdcVUNl_2BLdgWEg_3D_3D';
var body = $('body');
body.on('submit', '#form', function() {
var jthis = $(this);
var jsubmit = jthis.find('#submit');
jthis.reset();
jsubmit.button('loading');
var postdata = jthis.serializeObject();
$.xpost(jthis.attr('action'), postdata, function(code, message) {
if(code == 0) {
location.reload();
} else {
$.alert(message);
jsubmit.button('reset');
}
});
return false;
});
function resize_image() {
var jmessagelist = $('div.message');
var first_width = jmessagelist.width();
jmessagelist.each(function() {
var jdiv = $(this);
var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width();
var jmessage_width = Math.min(jdiv.width(), maxwidth);
jdiv.find('img, embed, iframe, video').each(function() {
var jimg = $(this);
var img_width = this.org_width;
var img_height = this.org_height;
if(!img_width) {
var img_width = jimg.attr('width');
var img_height = jimg.attr('height');
this.org_width = img_width;
this.org_height = img_height;
}
if(img_width > jmessage_width) {
if(this.tagName == 'IMG') {
jimg.width(jmessage_width);
jimg.css('height', 'auto');
jimg.css('cursor', 'pointer');
jimg.on('click', function() {
});
} else {
jimg.width(jmessage_width);
var height = (img_height / img_width) * jimg.width();
jimg.height(height);
}
}
});
});
}
function resize_table() {
$('div.message').each(function() {
var jdiv = $(this);
jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>');
});
}
$(function() {
resize_image();
resize_table();
$(window).on('resize', resize_image);
});
var jmessage = $('#message');
jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); });
jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); });
$('#nav li[data-active="fid-1"]').addClass('active');
</script>
