Although it is said that the damage caused by the Trojan back door can be minimized, the best method is obviously to prevent it.
1. Backdoor basic protection
First of all, you must turn off the port that is not used by the machine or allow only the designated port to access; secondly, use the software to kill the Trojan, in order to effectively prevent the back door of the Trojan; The third is to learn to operate on the process, always pay attention to the system running status, to see if there are some unknown processes running and to terminate the unknown process in time.
2. Securely configure the web server
If the company or company has established a home page, how can you ensure the security of your web server?
First, turn off unnecessary services; second, establish secure account policies and security logs; third, set up secure IIS, remove unnecessary IIS components, and perform IIS security configuration.
When configuring IIS security, pay attention to modify the default "Inetpub" directory path. You can delete the "Inetpub" directory of the C drive, then rebuild an "Inetpub" on the D drive, and then point the home directory to the newly created "Inetpub" path in the IIS Manager. In addition, you need to delete the default "scripts", "print" and other virtual directories, and then delete unnecessary mappings in the IIS Manager, in general, keep ASP, ASA.
The specific method is to right click on the host name in the "IIS Information Service" manager, select the "Properties" → "Home Directory" tab, click the "Advanced" button, you can delete in the "Map" tab. The necessary mapping is done. In addition, in the Properties window, select the "Website" tab, then check "Enable Log", and select the "Use W3C Extended Log File Format" item to record the customer IP address, user name, server port, method, URI root, HTTP status, user agent, etc., and the logs should be reviewed every day.
After the basic work above, you also need to set the access permissions of the Web site directory.
Under normal circumstances, do not give the directory to write and allow directory browsing permissions, only given. The ASP file directory has the permissions of the script, not the execute permission. In the "IIS Information Service" manager, expand the virtual directory of the website, then right-click on a virtual directory, select the "Properties" → "Virtual Directory" tab, under "Local Path" you can set the permissions for the directory to read "or "directory browsing" and so on. In addition, the user directory permissions can be strictly set through the NTFS partition format.
For the most core data in the enterprise, it is necessary to strengthen the protection against Access database download.
When using Access as a back-end database, if someone knows or guesses the path and database name of the server's Access database through various methods, you can download the Access database file, which is very dangerous. Therefore, in general, you need to change the default database file name, create a complex unconventional name for your database file name, and put it in a deeper file directory. In addition, you can add an open password to the Access database file.
Open the IIS Website Properties Settings dialog window, select the "Home Directory" tab, and click the "Configure" button to open the "Application Configuration" dialog window. Then, click the "Add" button, enter "asp.dll" in the "Executable File", enter ".mdb" in the "Extension", check the "Restricted to" item, and enter "Forbidden" to determine the application. After completing the settings, you can. Later, when an intruder attempts to download data, it will prompt to prohibit access.
Finally, configure a secure SQL server
SQL Server is the most used database system in various website systems. Once attacked, the consequences are very serious. Although the default SA user has full access to the SQL Server database operation, the SA account is set to a null password, so be sure to set a complex password for the SA account. Moreover, it is necessary to strictly control the permissions of database users, and it is easy to not directly query, change, insert, and delete permissions for users, and only give users access to views and execute stored procedures.
Be sure to pay attention to security when choosing to build a web application for your website. Although many website systems are powerful, due to the security awareness of programmers, there are some serious security vulnerabilities, such as common SQL injection vulnerabilities, scams, etc., which may be exploited by hackers. At the same time, we should also do a good job of backing up the data of the web server in time to recover data in case of an accident.
Increasingly junk spam has become a cancer on the Internet. Although most email a
Microsoft provides SSL encryption for Terminal Services in Windows Server 2003 SP1, which can implem
When deploying the WCF server in the IIS server in Windows Server 2008, the following error is repor
Recently, some netizens reported that when Windows XP comes with the “Remote Desk
Eliminate hidden dangers from the root cause of server virus removal
Ten ways to protect DNS servers
Lenovo T168 G6 external PCI-E graphics card in the BIOS setting method
How to unlock the automatic lock of Win2003?
Apache SSL Certificate Installation Guide
Apache and virtual directory configuration in Windows environment
The rookie can also set up an FTP server
Why is data center management getting harder and harder?
The most complete in history! Proxy server settings method highlights
Win7 system JPG picture can not open how to solve?
Novice articles: Please look at the advanced system before reinstalling the system (1)
Win8 developer account registration graphic process
Win10 system optimizes desktop startup speed skills
Win7 system IE browser temporary folder detailed path open method
After Winxp installed SP2 patch, the system restarted and solved
How to improve the startup speed of Windows7 under dual-core CPU
How to view the sector size in Linux
How to solve Win8 broadband connection prompt error 651 problem