I'n Blog 之萬象真藏

現今的網絡，安全越來越受到大家的重視，在構建網絡安全環境時，在技術手段，管理制度等方面都逐步加強，設置防火牆，安裝入侵檢測系統等等。但網絡安全是個全方位的問題，忽略哪一點都會造成木桶效應，使得整個安全系統虛設。本文從分析Web服務器的logging記錄來找出漏洞，防範攻擊，從而加強Web 服務器安全。

Web服務是Internet所提供最多，最豐富的服務，各種Web服務器自然也是受到攻擊最多的，我們採用了很多措施來防止遭受攻擊和入侵，其中查看Web服務器的記錄是最直接，最常用，又比較有效的一種方法，但logging記錄很龐大，查看logging記錄是很繁瑣的事情，如果抓不住重點，攻擊線索就容易被忽略。下面就對最流行的兩類Web服務器：Apache和IIS做攻擊的實驗，然後在眾多的記錄中查到攻擊的蛛絲馬跡，從而採取適當的措施加強防範。

1.屏幕保護：

    在Windows中啟用了屏幕保護之後，只要我們離開計算機(或者不操作計算機)的時間達到預設的時間，系統就會自動啟動屏幕保護程序，而當用戶移動鼠標或敲擊鍵盤想返回正常工作狀態時，系統就會打開一個密碼確認框，只有輸入正確的密碼之後才能返回系統，不知道密碼的用戶將無法進入工作狀態，從而保護了數據的安全。

木馬是一種基於遠程控制的病毒程序，該程序具有很強的隱蔽性和危害性，它可以在人不知
鬼不覺的狀態下控制你或者監視你。有人說，既然木馬這麼厲害，那我離它遠一點不就可以
了！

安全隱患依然　三種系統漏洞至今無法解決
Web安全應用公司Watchire的安全研究總監Danny Allan總結到：這是幾年來第一次，人們走出黑客大會的主會場，搖頭聳肩表示無奈，因為有一些漏洞之今仍沒有解決方案。

Sophos added remote connection tools to its list of blocked devices on its Sophos Endpoint Security and Control, shutting a new window on threats, company officials said Sept. 25.

Remote connection tools like RealVNC and Radmin that allow employees to access remote-based PCs or laptops from any other computer via the Internet, though often unendorsed by IT management, are common tools used by staff and represent an end-run around corporate computer usage policies, Sophos contends.

世界上沒有絕對安全的系統，即使是普遍認為穩定的Linux系統，在管理和安全方面也存在不足之處。我們期望讓系統儘量在承擔低風險的情況下工作，這就要加強對系統安全的管理。

　　下面，我具體從兩個方面來闡述Linux存在的不足之處，並介紹如何加強Linux系統在安全方面的管理。

Microsoft is throttling a potentially evil paperclip this Patch Tuesday: Namely, a critical vulnerability in its Microsoft Agent—aka "Clippy"—that can open a system up to hijacking.

The security advisory for Microsoft Agent, MS07-051, is the only critical release out of four security advisories the company put out on Sept. 11. It addresses a vulnerability whereby Clippy can get hoodwinked by a malicious URL and can then be used to take over a targeted system without ever appearing to the user.

Clippy—officially known as Clippit—met its demise in Office 2007, but this vulnerability still affects the agent as it exists in Microsoft Windows 2000 SP4.

gY7X 一、三種技術 
$H(JHe\C8 　　 
7btkNA\z* 　　1. 外掛輪詢技術 

%F ^DVrL 訪談時間: 2007.8.31日,下午13:00-15:00  
  訪談主題: 關於中國網頁防篡改技術分析 f4Xh5V  
  訪談地點: 賽迪網技術社區-網絡安全版塊與賽迪網技術交流群 ']f*TL?!  

Microsoft is planning to release five security bulletins on September's Patch Tuesday.

While only one—a vulnerability in Windows—is deemed critical, three of the advisories address vulnerabilities that can lead to system takeover: the Windows flaw, flaws in MSN Messenger and Windows Live Messenger, and holes in Visual Studio.

The IM client vulnerability in particular should be given priority, experts say.

"If the Windows Messenger vulnerability lends itself to a chat-based attack vector, then organizations and users of the ubiquitous Microsoft Messenger should pay attention, because this would be a prime candidate for spreading malware and viruses," said Paul Zimski, senior director of market and product strategy for PatchLink, in a statement.

Robert Whiteley and Natalie Lambert have seen the future—and in it, traditional network security is dead. At least that is the message the two Forrester Research analysts delivered to a crowd at the Forrester Security Forum in Atlanta Sept. 6.
According to them, in the next five years the Internet will be the primary connectivity method for businesses, replacing their private network infrastructure as the number of mobile workers, contractors and other third-party users continues to grow. In this new world, which Whiteley and Lambert called "Internet Everywhere," corporations will have to redefine network security and focus on data encryption, managing risk at the endpoint and having strict data access controls, they said.

Some corporations, such as the energy giant BP, have already taken big steps towards deperimeterization—a term created by the Jericho Forum to describe a strategy that focuses on protecting data with tactics such as encryption rather than traditional efforts aimed at fending off attacks from intruders at the network's boundary. BP has taken some 18,000 of its 85,000 laptops off its LAN and allowed them to connect directly to the Internet, the two said.

I had just finished writing up this story of a European country with a defense agency site that's got its database dangling out for all the world to play with, when Exploit Prevention Labs Chief Technology Officer Roger Thompson pointed to about a dozen poisoned government sites that are hosting pages serving malware and porn.

Thompson says that he expects there are many more, which wouldn't surprise me—a quick Google search yesterday turned up plenty.

EPL reports that the hacked .gov sites are dishing out malware via drive-by download and social engineering. The front pages give off no clues of having been compromised, but they're hosting pages that serve junk. EPL has identified city governments such as lasalle, il and frenchsettlement-la as being compromised.

在網絡給我們的工作學習帶來極大方便的同時，病毒、木馬、後門以及黑客程序也嚴重影響著信息的安全。這些程序感染計算機的一個共同特點是在註冊表中 寫入信息，來達到如自動運行、破壞和傳播等目的。以下是筆者在網上收集的，通過修改註冊表來對付病毒、木馬、後門以及黑客程序，保證個人計算機的安全。

　　1.清理訪問「網絡鄰居」後留下的字句信息

　　在HEKY_CURRENT_USER\Network\Recent下，刪除下面的主鍵。

　　2.取消登陸時自動撥號

　　在HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Network\RealModeNet下修改右邊窗口中的「autologon」為「01 00 00 00 00」。