Member
Hi all,
Network platform can quickly establish a good source of information can also be mounted up, but the attendant maintenance and security management is not the overnight thing. I need some help about network system maintenance in the apt to raise a security risks. Please help. Thanks in advance.
Member
The existing network operating system, security management all have a common feature, that is, must be entitled to a user's authorization in order to achieve the network login and maintenance. Especially the super-user, it has all the rights of the operating system, so one who has mastered it, grasps the lifeblood of the whole system. The process of routine maintenance, network management personnel to facilitate memory or simplify the operation, usually will have the right to set a very simple account password, or stored in a public place a very prominent position; In addition, the system often created out of several temporary have the right account, and failure to clean-up; plus pay no attention to change the password, and even multiple management account password is set to 1. Check and reply.
Member
Because UNIX is a very good network operating system, we now have a lot of information network systems using it as the basic platform. UNIX support network document management system (NFS), and in Group (Group) the concept of classification of network users. UNIX systems by default, allowing users within the same group to read and write with each other or at least read each other's files or system data, so once the system of the Group divided improperly, could result in normal users have the same rights with the super-user, it not only to understand the system configuration, increase or modify the system parameter file, and can replace the system of information content, and even destroy the whole system. To avoid this from happening, on the one hand, to ordinary user accounts set up groups of users is zero, is strictly prohibited to ordinary user accounts with high-level management accounts belong to the same group; the other hand, strict inspection system, an important configuration files (passwd, shadow, logon log files, etc.) read and write permissions, so that the sole ownership. All the best.
Member
As we all know, FTP software in order to share resources, user-friendly file download and file transfer protocol developed. Since it is in order to share, then there must be the right to read and write on the system, so it is also a weak link in the whole network system. At present, a number of online "hacker" is often used by FTP invasion and destruction of the system as a breakthrough. Sometimes they use FTP some of the monitoring program into the system in order to steal passwords management; sometimes use FTP access to the system passwd file, to understand the system user information; sometimes use FTP features of puts and gets, increasing the burden on the system, leading to the hard disk plug and even system crashes. Check and reply.
Member
In order to meet the needs of users, many systems had to open the FTP functions, then how to handle them? First, it should be properly configured FTP, to prevent the system files have been stolen, or the directory program process start-up; Secondly, there is the conditions where the FTP server and other applications on the network isolated, so that even if attacked, it will not affect the entire system; again, pay attention to regularly observe the FTP server's operation to check the size of the hard disk and make dealt with accordingly. Check and reply.
Member
Use CGI or Common Gateway Interface, its appearance will be rich in content across the network together and make an interactive access to WWW service implementation and enhance the system of data processing capabilities, it should be said that CGI is a very good field of WWW applications. However, it is this interactive application, so that some networks were ready to make an illegal, why is it so? The original, CGI programs have the power to the system can read and write, with this power, the hacker can try to control systems, read and write system data. Therefore, a non-robust CGI program, or from the Internet free access to the CGI program, normally used should be minimized, and in a timely manner on the system useless CGI programs removed, to avoid being exploited by hackers.
Posting Permissions
Reply With Quote
Bookmarks