黑客攻击IIS的主要发式演示和安全防范措施.pptVIP

TechEd 2002 黑客攻击IIS的主要发式演示及安全防范措施 胡 雪美国微软公司顾问咨询部 高级顾问 日程： 怎样黑的: The Internet Information Server (IIS) Unicode exploit 为什么有Code Red 和 Nimda? 微软的应对措施： STPP New security features in IIS 6.0 怎样加固 IIS? 网络管理员 程序开发员 How It WorksCanonicalization A rose Windows 2000 是一个安全的平台吗？ 是的！ YES! Security is built-in Winner of eWeek OpenHack challenge Customers who survived Code Red and Nimda Current on service packs and security patches “Locked down” systems so that vulnerabilities were not exposed Withstand attacks even without applying patches Did both for “defense in depth” Microsoft’s commitment Security Response Center STPP Windows? Security Push 7000 engineers Dedicated Security Personal STPP And IIS Strategic Technology Protection Program Sustained campaign for Windows NT? 4.0 and Windows 2000 Get secure Free Windows Security Resource Toolkit CD Hotfix Rollup IIS Lockdown HFNetCHK URLScan Support 1-866-PCSafety, free security issue support Stay secure Bundle all security fixes since most recent Service Pack Windows 2000 Service Pack (SP3) Windows Update Corporate Edition Auto update – Scheduled install 重要提示 Install new IIS Security Rollup Package SRP /technet/treeview/default.asp?url=/technet/security/bulletin/ms02-018.asp URLSCAN /Downloads/Release.asp?ReleaseID=37756 IIS 6.0 安全方面的新设计： Reduced attack surface IIS is not installed by default Server Lockdown: Static files only Secure defaults Code security Buffer overflow checks Automated in the Windows build environment VC++ compiler supported (/Gs) Revised canonicalization Removed old legacy code Low privilege accounts Security through Isolation Great patch management story New authentication and authorization schemes 实用措施 Best Practices Run IIS Lockdown wizard and URLScan Lock down your network with IPSec Do not use FAT! Have your content on a separate partition Use authentication Disable unneeded system services Stay InformedSecurity: A way of life Check for new security hot fixes Subscribe to th