Create the best WEB security solution
Security challenge
With the acceleration of China's national economy and social informatization, the Internet has become an indispensable part of people's work and life. More and more government departments, banks, enterprises and other units in order to adapt to social development, establish their own good image, and expand social impact, improve work efficiency, have set up their own portal. However, because the site is in the Internet such a relatively open environment, the complexity of web application system and diversity lead system vulnerabilities and malicious code trojan virus emerge in an endless stream, the Internet security incident raging, hacking and tampering with the site have occurred, and even some tampering with the site event upgrade directly into a political event, seriously endanger the national security and the interests of the people.
Overall, the security situation does not match the importance of the site, and its security issues are currently very prominent, mainly facing the following four threats:
A, SQL injection attacks, resulting in a web page has been tampered or destroyed by using the SQL command into the Web form submission or enter the domain name or the page request query string, to deceive SQL orders a malicious server system or database administrator privileges, so as to achieve the purpose of web page tamper with or damage;
B, DOS, and DDOS attacks lead to business paralysis: attacks on online business, resulting in paralysis of services, seriously affecting the availability of the system;
C, cross site attack (XSS attack), leading to information theft: an attacker using a web application of user input filter input, can show the impact on other users in the HTML code on the page, an attack to steal user data, the user identity or some action of visitors for viruses;
D, the website linked to horse, causing the user image is destroyed: the attacker through the normal page (usually web page) insert a code online when you open the page, the code is executed, and then download and run the server-side program of a Trojan horse, then control the Internet host.
Solution
Security challenges for the web site, put forward "WEB security coordination act tough and talk soft, prevention solutions, site security scanning, server and database in advance of reinforcement, in WEB application security, site security monitoring, to post emergency response services, to achieve detection and control of the whole" the real effective protection of the safe operation of the site users.
The WEB security solution consists of the following:
A, WEB security scanning, server and database security reinforcement
Before the implementation of site safety protection, safety inspection service personnel use professional tools for WEB scan, the host operating system and database scanning, scanning and according to the assessment results of reinforcement of Web sites related to the host operating system, database, network equipment, security equipment, to ensure that the site is safe above the baseline;
B, WEB application security protection, website security monitoring
Through the pre assessment and analysis, we clearly focus on the protection of the site, in the process of running the site security protection as follows:
1) in the user network access boundary, use the firewall to carry on the corresponding security access control in the network layer;
2) the boundary in the WEB service area, using the WEB application firewall (WAF) comprehensive technical means of protocol analysis, the detection engine of pattern recognition, URL filtering technology, statistical threshold and traffic anomaly monitoring to determine the intrusion behavior, can accurately detect and block malicious network attacks, so as to realize the security protection, anti SQL injection the anti XSS attack;
3) install malicious code on the WEB server active defense system, by using the mechanism of the chain of trust in the system, all loaded executable code (such as EXE, DLL, COM etc.) to control all executable code in the loading operation between the need to be tested, only through the verification code can the loading, so as to effectively prevent malicious code from running.
4) install the webpage tamper proofing subsystem on the WEB server, and use the object related (Object - Specific) protection to protect the webpage from being tampered with. The site administrator can choose to protect the web page file is set to the controlled object, for each object to be protected, the administrator set an object related authorization code for the real-time security protection;
5) through the security management platform TopAnalyzer or purchased remote monitoring services, global monitoring and analysis, centralized and unified management. Such as: website security monitoring, trojan website security vulnerabilities, security monitoring, monitoring website content website security monitoring, public opinion analysis etc..
D, emergency response and recovery
Information security is dynamic, security risk is constantly changing, that is not 100% safe, how to protect our WEB security according to business needs, based on the construction safety at the same time, we should pay more attention to the possible event to have the corresponding emergency phase plan. From another point of view to improve the security of the site, and to ensure that timely detection and handling of security incidents, and constantly reduce the security risk of the site.
Following icon:
Figure 11 site security solutions schematic
Project advantage
A, before, during, after the event, full range of protection
The horse door website is a systematic project, must be from a life-cycle perspective to effectively prevent, the proposed solution is in before and after the three aspects combined, through the software and hardware management, monitoring and response to the whole process of website security, site security.
B, professional team and advanced technology
The company specialized defense laboratory through vendor and the authority of the state agency cooperation, continuous tracking, mining and analysis of the emergence of new vulnerabilities information, the research results will be directly applied to the products, to protect the site protection detection system comprehensively and accurately and timely and effective, and WEB Application Firewall Based on a new generation of advanced parallel processing architecture load balancing technology patent, built-in processor dynamic, real-time detection and defense of the network data stream with high performance. WEB application firewall adopts the flow detection engine based on target host, which can deal with IP fragmentation and TCP stream reorganization at once, and effectively block all kinds of attack means of escape detection.
C, four big weapon plus real-time monitoring
In the specific operation, four weapon website protection system (malicious code of active defense system, web tamper resistant system, firewall system, operation and monitoring), solve the website SQL injection, DDOS attacks, Trojan, XSS attack and so on four big threat, sufficient for the site to provide perfect protection. For when the main user security threats facing websites and compliance requirements, we provide monitoring services, using web site security monitoring platform, to improve the security of the site, and to ensure timely detection of security incidents, continuously reduce the site safety risk.
application area
Website protection WEB security solutions for government, finance, enterprises and institutions, from the foundation of the protection to the remote safety monitoring and maintenance, are to provide personal and customized service users, meet the security needs of the user, as follows:
Government: to solve the government website has been completely changed, to protect the government website information unique authority. Such as assisting Province Commission by letter to establish WEB security monitoring platform in e-government network, external network tampering, website content, network public opinion monitoring etc..
Finance: addressing SQL injection and DDOS attacks on financial sites, protecting high availability and data integrity of financial sites;
