Argomenti
Documenti pubblicabili:1120
Scripts:1282
Documenti non pubblicabili:162
Categorie tematiche:68
.Net
|_C#
|_Visual basic.net
|_Asp.net
Active Server Pages
C++
Cascade Style Sheet
JavaScript
Mysql
Php
Xml
Java
|_Java 2 Micro Edition
|_Java server pages
|_Java Servlet
Oracle
|_PLSQL
PostgreSQL
Unix
Scripts:1282
Documenti non pubblicabili:162
Categorie tematiche:68
.Net
|_C#
|_Visual basic.net
|_Asp.net
Active Server Pages
C++
Cascade Style Sheet
JavaScript
Mysql
Php
Xml
Java
|_Java 2 Micro Edition
|_Java server pages
|_Java Servlet
Oracle
|_PLSQL
PostgreSQL
Unix
Oracle...
Script:
Loader
Unix...
Tip:
How remove a file named -r
PLSQL...
Script:
Compilazione automatica programmi plsql
Shell scripting...
Script:
while do loop
La rabbia è creativa, la depressione è senza utilità
Dyson, Freeman J.
Php Funzione mail()
Charles Babbage(1791-1871) nel 1823 ottenne dal governo 100 Sterline per la costruzione del calcolatore Different Engine.
La rabbia è creativa, la depressione è senza utilità
Dyson, Freeman J.
Documents
Home >Security > What general security precautions should I take?
If you are a Webmaster, system administrator, or are otherwise involved with the administration of a network, the single most important step you can take to increase your site's security is to create a written security policy. This security policy should succinctly lay out your organization's policies with regard to:
who is allowed to use the system
when they are allowed to use it
what they are allowed to do (different groups may be granted different levels of access)
procedures for granting access to the system
procedures for revoking access (e.g. when an employee leaves)
what constitutes acceptable use of the system
remote and local login methods
system monitoring procedures
protocols for responding to suspected security breaches
This policy need not be anything fancy. It need only be a succinct summary of how the information system work, reflecting your organization's technological and political realities. There are several benefits to having a written security policy:
You yourself will understand what is and is not permitted on the system. If you don't have a clear picture of what is permitted, you can never be sure when a violation has occurred.
Others in your organization will understand what the security policy is. The written policy raises the level of security consciousness, and provides a focal point for discussion.
The security policy serves as a requirements document against which technical solutions can be judged. This helps guard against the "buy first, ask questions later" syndrome.
The policy may help bolster your legal case should you ever need to prosecute for a security violation.
More suggestions for formulating a security policy can be found in the general Internet security reference works listed at the end of this document.
For Web servers running on Unix and NT systems, here are some general security precautions to take:
Limit the number of login accounts available on the machine. Delete inactive users.
Make sure that people with login privileges choose good passwords. The Crack program will help you detect poorly-chosen passwords:
http://www.users.dircon.co.uk/~crypto/download/c50-faq.html
Turn off unused services. For example, if you don't need to run FTP on the Web server host, get rid of the ftp software. Likewise for tftp, sendmail, gopher, NIS (network information services) clients, NFS (networked file system), finger, systat, and anything else that might be hanging around. Check the file /etc/inetd.conf (Unix) or Service Manager for a list of servers that may be lurking. Deactivate any that you don't use.
Remove shells and interpreters that you don't absolutely need. For example, if you don't run any Perl-based CGI scripts, remove the Perl interpreter.
Check both the system and Web logs regularly for suspicious activity. The program Tripwire (Unix), and Internet Security Scanner (Unix & NT) are helpful for detecting this type of activity:
Tripwire
ftp://ftp.cerias.purdue.edu/pub/tools/unix/ids/tripwire/
Internet Security Scanner
http://www.iss.net
More on scanning Web logs for suspicious activity below.
Make sure that permissions are set correctly on system files, to discourage tampering. On Unix systems, the program COPS is useful for this:
http://www.fish.com/cops/
On Windows NT, give Midwestern Commerce's Administrator Assistant Toolkit a try:
http://www.ntsecurity.com
Be alert to the possibility that a _local_ user can accidentally make a change to the Web server configuration file or the document tree that opens up a security hole. You should set file permissions in the document and server root directories such that only trusted local users can make changes. Many sites create a "www" group to which trusted Web authors are added. The document root is made writable only by members of this group. To increase security further, the server root where vital configuration files are kept, is made writable only by the official Web administrator. Many sites create a "www" user for this purpose.
Warning: include(ads/text468x15.html): failed to open stream: No such file or directory in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Warning: include(): Failed opening 'ads/text468x15.html' for inclusion (include_path='.;C:\php\pear') in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Marco Magnani marcomagnani@fishscript.com
If you are a Webmaster, system administrator, or are otherwise involved with the administration of a network, the single most important step you can take to increase your site's security is to create a written security policy. This security policy should succinctly lay out your organization's policies with regard to:
who is allowed to use the system
when they are allowed to use it
what they are allowed to do (different groups may be granted different levels of access)
procedures for granting access to the system
procedures for revoking access (e.g. when an employee leaves)
what constitutes acceptable use of the system
remote and local login methods
system monitoring procedures
protocols for responding to suspected security breaches
This policy need not be anything fancy. It need only be a succinct summary of how the information system work, reflecting your organization's technological and political realities. There are several benefits to having a written security policy:
You yourself will understand what is and is not permitted on the system. If you don't have a clear picture of what is permitted, you can never be sure when a violation has occurred.
Others in your organization will understand what the security policy is. The written policy raises the level of security consciousness, and provides a focal point for discussion.
The security policy serves as a requirements document against which technical solutions can be judged. This helps guard against the "buy first, ask questions later" syndrome.
The policy may help bolster your legal case should you ever need to prosecute for a security violation.
More suggestions for formulating a security policy can be found in the general Internet security reference works listed at the end of this document.
For Web servers running on Unix and NT systems, here are some general security precautions to take:
Limit the number of login accounts available on the machine. Delete inactive users.
Make sure that people with login privileges choose good passwords. The Crack program will help you detect poorly-chosen passwords:
http://www.users.dircon.co.uk/~crypto/download/c50-faq.html
Turn off unused services. For example, if you don't need to run FTP on the Web server host, get rid of the ftp software. Likewise for tftp, sendmail, gopher, NIS (network information services) clients, NFS (networked file system), finger, systat, and anything else that might be hanging around. Check the file /etc/inetd.conf (Unix) or Service Manager for a list of servers that may be lurking. Deactivate any that you don't use.
Remove shells and interpreters that you don't absolutely need. For example, if you don't run any Perl-based CGI scripts, remove the Perl interpreter.
Check both the system and Web logs regularly for suspicious activity. The program Tripwire (Unix), and Internet Security Scanner (Unix & NT) are helpful for detecting this type of activity:
Tripwire
ftp://ftp.cerias.purdue.edu/pub/tools/unix/ids/tripwire/
Internet Security Scanner
http://www.iss.net
More on scanning Web logs for suspicious activity below.
Make sure that permissions are set correctly on system files, to discourage tampering. On Unix systems, the program COPS is useful for this:
http://www.fish.com/cops/
On Windows NT, give Midwestern Commerce's Administrator Assistant Toolkit a try:
http://www.ntsecurity.com
Be alert to the possibility that a _local_ user can accidentally make a change to the Web server configuration file or the document tree that opens up a security hole. You should set file permissions in the document and server root directories such that only trusted local users can make changes. Many sites create a "www" group to which trusted Web authors are added. The document root is made writable only by members of this group. To increase security further, the server root where vital configuration files are kept, is made writable only by the official Web administrator. Many sites create a "www" user for this purpose.
Warning: include(ads/text468x15.html): failed to open stream: No such file or directory in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Warning: include(): Failed opening 'ads/text468x15.html' for inclusion (include_path='.;C:\php\pear') in D:\inetpub\webs\fishscriptcom\documents\view_document.php on line 131
Marco Magnani marcomagnani@fishscript.comCerca
Il web è un giovane media: infatti ha solo 10 anni di età.
Si pensi alla televisione o al cinema all'età di 10 anni. A quei tempi questi media erano primitivi, ancora alla ricerca della loro strada.
Venivano esplorati i limiti della nuova tecnologia, ma grandi progressi dovevano ancora essere raggiunti.
Oggi, i professionisti del web si trovano nella stessa fase. Sono pionieri che stanno ancora esplorando i limiti del nuovo media. Senza dubbio, i nostri nipoti, quando vedranno quello che abbiamo fatto pensaranno a qualcosa di elementare.
C'è ancora molto da scopire su quello che il Web può fare e suo come può essere utilizzato.
Jason Foss
Il web è un giovane media: infatti ha solo 10 anni di età.
Si pensi alla televisione o al cinema all'età di 10 anni. A quei tempi questi media erano primitivi, ancora alla ricerca della loro strada.
Venivano esplorati i limiti della nuova tecnologia, ma grandi progressi dovevano ancora essere raggiunti.
Oggi, i professionisti del web si trovano nella stessa fase. Sono pionieri che stanno ancora esplorando i limiti del nuovo media. Senza dubbio, i nostri nipoti, quando vedranno quello che abbiamo fatto pensaranno a qualcosa di elementare.
C'è ancora molto da scopire su quello che il Web può fare e suo come può essere utilizzato.
Jason Foss
Security...
Citazioni:
Sicurezza
Security...
Definizioni:
A secure hash
Oracle...
Definizioni:
Transazione
Shell scripting...
Script:
Array in do while construct
fishScript.Com is accessible by Mobile access technology
as mobile phones, Palm and Pocket PC .
Nicoleta e Marco Magnani tutorial, examples, courses, esempi, corsi, esercizi, appunti vari Dottoressa Nicoleta Dragu Formatrice Docente Insegnante Mediatrice Culturale Dott. Marco Magnani Universita La Sapienza Roma Master Computer Science Hunter College New York , Data Base Administrator DBA oracle System architect