目录
电子商务网站平安加固报告............................................................................................................1
目录............................................................................................................................................2
一、加固主机列表....................................................................................................................3
二、加固实施............................................................................................................................4
操作系统加固....................................................................................................................4
2.1.1 补丁安装........................................................................................................4
2.1.2 帐号、口令策略修改....................................................................................4
2.1.3 网络与效劳加固............................................................................................4
2.1.4 文件系统加固................................................................................................5
2.1.5 日志审核增强................................................................................................6
2.1.6 平安性增强....................................................................................................7
2.1.7 推荐安装平安工具........................................................................................8
2.2 IIS 效劳加固.............................................................................................................8
2.2.1 补丁安装........................................................................................................8
2.2.2 网站实例权限分配........................................................................................8
2.2.3 IIS 配置平安增强.........................................................................................9
2.2.4 平安控件加固................................................................................................9
2.3 代码审核加固..........................................................................................................10
2.3.1 去除 WebShell 代码....................................................................................10
2.3.2 去除 SQL 注入漏洞......................................................................................10
2.3.3 修正权限认证缺陷......................................................................................10
2.3.4 减少上传风险威胁......................................................................................11
2.3.5 正确处理数据库文件..................................................................................11
三、推荐平安考前须知..........................................................................................................12
为新增网站实例分配权限..............................................................................................12
3.2 使用 SSL 加密 FTP 传输..........................................................................................12
3.3 加强管理员平安习惯..............................................................................................12
四、签字确认..........................................................................................................................13
附录:......................................................................................................................................14
后台访问用户认证分配一览表......................................................................................14
代码加固修改一览表......................................................................................................14
