Shulou(Shulou.com)05/31 Report--

This article introduces what to do when Web is attacked. The content is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

At present, web page tampering, information theft, illegal intrusion and denial of service are the most important and serious security threats faced by government and enterprise websites, and they are also important prevention objects to ensure the safe and normal operation of the website. In view of the security of website assets, Tide Cloud provides a continuous security guarantee scheme to prevent malicious attacks and protect network security.

Overall design of website security

According to the main security threats faced by the website, the website security protection system is constructed from three aspects: security protection, security monitoring and security response, so as to provide all-round security for users.

1. Build a website security protection mechanism. The platform-side security protection system can provide network layer boundary security protection capability, and deploy local Web protection or cloud Web protection and web page tamper prevention system to enhance website security protection capability.

2. Establish the website security monitoring mechanism, monitor the usability and health of the website in real time through the website real-time monitoring service, and notify the manager in time if the website service is interrupted or the page is tampered with. In addition, the website security penetration test is carried out regularly to find the security loophole and strengthen it in time.

3. Construct the security incident response system, through the combination of internal and external, establish a professional emergency response support team, standardize the process and methods of security incident handling, and respond to all kinds of security incidents timely and effectively.

Network security protection capability

Users build a website security in-depth protection system according to the three links of security protection, security monitoring and security response, which can greatly improve the security defense capability of cloud website assets through the in-depth protection system. to achieve the security capability of monitoring and early warning in advance, blocking defense in the event, and tracing the source attribution afterwards.

I. Security protection mechanism

Defense against high-traffic DDOS attacks: in order to defend against DDOS attacks from the Internet, network access traffic is directed to a protective node with a lot of bandwidth resources through DNS drainage, and then these traffic are securely detected in this node, cleaning abnormal traffic, blocking network attacks, discovering application layer attacks and crawlers, etc., and finally returning clean traffic to the source site to complete the normal access process. Reduce the risk of website external service anomalies caused by DDOS attacks.

Real-time protection of cloud Web websites: also use DNS drainage to deeply detect Web access traffic, clean and filter out attack traffic in the process of Web access, and reduce the risk of information disclosure, web page malicious tampering or further attacks on other business systems caused by SQL injection, cross-site, horse-hanging, tampering and other attacks on users' Web applications.

Local Web attack protection: through professional "event analysis engine" and "algorithm analysis engine" to detect and verify all kinds of requests from Web application client, effectively respond to SQL injection, cross-site scripting and its metamorphosis attacks, real-time detect web tampering, provide active diagnosis, provide fine-grained application layer DDoS attack protection, and ensure its security and legitimacy. Block illegal requests in real time, so as to effectively protect all kinds of websites, reduce the impact of attacks, and ensure the continuity and availability of the business system.

Page tamper-proof protection: the web page tamper-proof service monitors the properties of protected objects (static web pages, dynamic scripts, folders) in real time, blocks illegal tampering operations as soon as changes are found, prevents web page files from being modified, and notifies the management client in real time. In addition, the phenomenon of file tampering occurs when the website is subjected to extreme attacks, which will automatically recover effective files from the trusted side, which thoroughly ensures that the content of the web page will not be tampered with.

II. Safety monitoring mechanism

Real-time monitoring of website security: cloud-based Web security monitoring service provides 24-hour monitoring of website usability, content detection, horse-mounted monitoring, sensitive words monitoring, dark chain monitoring and vulnerability monitoring. In the event of service interruption, abnormal response time, DNS hijacking, illegal tampering of the page, etc., the website administrator is notified by SMS or email in time for processing.

Regular penetration testing: professional penetration engineers conduct security penetration tests on both the application and host levels of the website system, find loopholes in the host and application levels of the website system, and provide protection suggestions to fundamentally improve the security protection capability of the website.

III. Security response mechanism

Tamper recovery: through the web page tamper-proof recovery mechanism, once a website is detected to be illegally tampered, it immediately provides a website backup collection to restore the normal page of the website, and alerts the website administrator in order to find the attack source and attack path in time to respond.

Security incident emergency response: provide real-time emergency response service for users. Once a security incident occurs, emergency response personnel will respond at the first time to help users complete the following tasks: event scope loss control, forensics, event handling, external attack source traceability, internal vulnerability analysis, etc., and provide relevant documents to record the analysis and judgment process and results.

Network security protection package

So much for sharing about what to do when Web is attacked. I hope the above content can be helpful to everyone and learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.