10招步驟保護IIS伺服器安全
問題
IIS(Internet Information Server)是黑客特別喜歡的目標。因此,對於管理IIS網頁伺服器的管理員來說,確保伺服器安全是一件至關重要的事。IIS 4.0和IIS 5.0的預設值安裝尤其容易受到攻擊。
解決方案
採取下面的10個步驟來確保IIS的安全:
1. 專門為IIS應用和資料設定一個NTFS磁碟驅動器。如果可能的話,不允許IUSER(或者無論什麼匿名使用者)存取任何其它的磁碟驅動器。如果應用遇到任何由於匿名使用者沒有許可權存取位於其它磁碟驅動器上的程式而造成的問題,那麼,使用Sysinternals的FileMon來尋找哪一個檔案該使用者不能存取,然後把該程式移至IIS磁碟驅動器上。如果這樣不可行的話,則允許IUSER僅可存取該檔案。
- 設定磁碟驅動器上的NTFS許可權:
Developers = Full
IUSER = Read and execute only
System and admin = Full
- 使用一個軟體防火牆確保沒有終端使用者(只有研發人員)可以存取IIS機器上除了port 80之外的其它埠。
- 使用微軟的工具來保護機器:IIS Lockdown和UrlScan。
- 啟動使用IIS的日誌檔案(logging)功能。除了IIS紀錄外,如果可能的話,同時也使用防火牆日誌檔案功能。
- 把記錄的日誌(log)從預設地點移開,並確保已經進行備份。為日誌檔案夾建立一個備份,這樣在另一個位置總是有一個可以使用的備份檔。
- 啟動機器上的Windows監督功能(auditing),因為在試圖反向追查攻擊者的行為的時候總會發現資料不足。利用監督日誌,你可藉著執行指令碼來檢查任何可疑的行為,然後傳送報告給管理員。這聽起來好像有一點極端,但是如果貴公司非常重視安全的話,這種作法可說十分值得鼓勵。建立監督功能來報告所有的失敗賬號登入事件。另外,就跟先前的IIS日誌一樣,請將預設值位置 (c:winntsystem32configsecevent.log)改變為另一個不同的位置,並且確保你有一個備份而且有一個複製的拷貝檔案。
- 經常多閱讀一些安全文章(各種來源的)。最好是儘可能多瞭解IIS,並進行全面的安全作法,而不僅僅是按照其它人(比如我)告訴你的經驗來實現。
- 加入IIS漏洞郵件清單(mailing list),並要確實加以閱讀以掌握最新狀態。這種列表有來自因特網安全系統的X-Force Alerts and Advisories。
- 最後,確保你經常執行Windows Update,並重複檢驗修補程式真的已經有安裝妥當。
下面是IIS工具
Log Parser is one cool tool. Created by Gabriele Giuseppini, a software engineer at Microsoft, the original Log Parser 1.0 was developed for Microsoft`s internal testing purposes. It proved so popular that a public version, Log Parser 2.0, was released in 2001, and it has gone through two iterations, the current version being 2.2 and available from the Microsoft Download Center.
Log Parser operates as a kind of data pipeline. Into this pipe you can send information from IIS logs, Windows Event logs, Active Directory information, file system data, Registry data, Network Monitor traces, and so on. Once the data is in the pipe, you can process it using SQL statements; for example, to select certain portions of the data by a
SELECT
query. Then, as the processed data comes out of the pipeline, you can output it to text files, HTML files, Excel-style charts, or a SQL database table, or simply to the console as raw output. Putting these into proper syntax, a typical Log Parser command looks something like this:
Things can get a bit more complicated, but that`s the basic idea.
Of course, the best way to learn about Log Parser is to actually use it, so let`s see what we can do, using the Windows Event logs as a data source. After installing Log Parser, open a command prompt and change to the C:Program FilesLog Parser directory, where the logparser.exe executable resides. Let`s begin with a simple query to select all records from the System log:
Since there`s no output format specified, Log Parser writes the output to the console. The result is a series of messy-looking records like this:
This event, for example, is an event of type
Information
that has an event ID of 7035
and an event source of Service Control Manager
. Log Parser will display these events ten at a time, prompting you for a keystroke to continue or Ctrl-C to abort.
Let`s focus in on events of type
Error
, as these are likely to be of some importance to us:
We still get messy-looking results, but now they`re all
Error
events:
What kinds of
Error
events are we getting in our machine`s System log? Let`s output only the event sources this time:
The screen output now looks like this:
What are the different kinds of
Error
events in our System log, and how many of each source type were recorded? Log Parser can easily tell us this:
And here`s what we get:
NETLOGON
errors may be important, so let`s key in on those and display the event IDs for these events plus the date and time they were generated (sorted in descending order):
The output now looks like this:
What`s the description for an event that has event ID
5719
? Let`s use Log Parser to find out:
This gives us:
Uh-oh, could be a problem. Was the network down? Did the domain controller go offline? We need to investigate this further, but if you want a good source of help for understanding events like this, search EventID.net for information on events with this event ID.
Additional Resources
This brief look at Log Parser only scratches the surface of what it can do. How can you learn how to do more with this tool?
First, you obviously need a good knowledge of SQL syntax to construct
SELECT
statements. A good resource for learning the basics is SQL Tutorial from FirstSQL.
Next, check out this Professor Windows article on Microsoft`s web site, which gives you an excellent bird`s-eye view of what Log Parser can do.
After that, you can familiarize yourself with the syntax of Log Parser by typing
logparser -h
and viewing the Help information displayed.
Once you`ve started to rock and roll with Log Parser, check out The Unofficial Log Parser Support Site, where you can find tons of resources and a thriving online community that can answer any questions you might have about using the tool.
Finally, pick up a copy of the Microsoft Log Parser Toolkit (Syngress) and kick your learning into high gear. You`ll soon be an expert and wonder how you ever managed your Windows systems before Log Parser came around.
Mitch Tulloch is the author of Windows 2000 Administration in a Nutshell, Windows Server 2003 in a Nutshell, and Windows Server Hacks.
Related Reading
|
本文轉自 張善友 51CTO部落格,原文連結:http://blog.51cto.com/shanyou/75267,如需轉載請自行聯絡原作者
相關文章
- 保護SQL Server的十個步驟(轉)SQLServer
- Win10如何取消豆沙綠保護_win10取消豆沙綠護眼色的步驟Win10
- win10桌面眼睛保護模式怎麼開啟_win10設定電腦眼睛保護模式步驟Win10模式
- 程式碼伺服器安全保護(二)伺服器
- 【步驟】如何辦理資訊系統安全等級保護備案證明?
- 資料安全保護 堅持5步走
- Win10系統怎樣關閉Windows檔案保護 win10關閉windows檔案保護的步驟Win10Windows
- [譯]如何通過7個簡單步驟保護您的Linux伺服器Linux伺服器
- win10家庭版iis配置步驟_win10iis配置的詳細教程Win10
- 九大步驟帶你瞭解如何透過路由器保護內網安全!路由器內網
- w10安全保護怎麼取消_win10自動取消安全保護操作方法Win10
- 維護伺服器的五大步驟伺服器
- 【DataGuard】調整Data Guard資料保護模式詳細步驟模式
- 代理伺服器可以保護資料安全嗎?伺服器
- 實戰:使用IPSec保護伺服器安全伺服器
- win10系統如何設定屏保_win10設定螢幕保護的步驟Win10
- iOS移動應用安全加固:保護您的App免受惡意攻擊的重要步驟iOSAPP
- 讓IIS支援PHP的配置步驟薦PHP
- 保護億萬資料安全,Spring有“宣告式事務”絕招Spring
- 保護企業網站安全,華為雲網站安全解決方案有絕招網站
- 代理伺服器是如何保護網路安全的?伺服器
- 用AI保護貨車司機安全,總共分幾步?AI
- 保護網站安全網站
- 保護工控系統網路安全的關鍵三步
- 保護Linux伺服器安全的四個要點!Linux伺服器
- 實戰:使用TCP/IP篩選保護伺服器安全TCP伺服器
- win10 bitlocker怎麼清除硬碟密碼保護_win10硬碟bitlocker解除密碼詳細步驟Win10硬碟密碼
- Win10安全特性之執行流保護Win10
- 保護大資料安全的10個要點大資料
- 【安全管理】伺服器漏洞評估的幾個步驟伺服器
- 電腦護眼設定win10方法_win10護眼色設定步驟Win10
- 恆訊科技分析:保護雲伺服器安全有哪些措施?伺服器
- Linux系統安全保護Linux
- .net程式混淆、安全、保護、加密加密
- 保護路由器的十四招必殺技路由器
- 確保Windows XP安全的“七招”(轉)Windows
- 你知道怎麼使用Google兩步驗證保護賬戶安全嗎?Go
- DNS伺服器保護方法:幾點保護DNS伺服器的有效方法小結DNS伺服器