Based on loophole scanner main engine security policy |http://www.cshu.net




                               About us 
                               Commercial cooperation 
                               Copyright declaration 
                               Contacts with us 



            Returns to the home pageArticle browsingOther columnsLands the forum


            |   The absolute &#21019;   |   |   hacker file   |   |   is newest 
            dynamically   |   
                  |  Hacker file>>invasion analysis>> based on loophole scanner 
                  main engine security policy  Printing

            Based on loophole scanner main engine security policy
            Www.cshu.net  2002-9-30  fog rain village 

              1. introductions 
              Obtains the strong main engine security, is each system manager's 
              ideal. But, the system manager in replied when own main engine 
              system whether security this problem, after must use the loophole 
              scanner actual measure system to be able accurately to respond. 
              Laboriously revises in the system manager 
              After main engine system disposition, also must use the effect 
              which the loophole scanner appraises revises. The author thought 
              the loophole scanner is the verification and an appraisal main 
              engine secure important tool. This article first introduced the 
              loophole scanner concept and the principle of work, then proposed 
              from the network system manager's angle based on the loophole 
              scanner main engine security policy.
              2. loopholes scanners
              2.1 concepts
              In the Internet security domain, in the hacker eye, the loophole 
              scanner may say is the most basic weapon, they thought "a good TCP 
              port scanner is equal to several hundred legitimate users' 
              passwords". But in in system manager's field of vision, the 
              loophole scanner may say is the best assistant, can discover on 
              own initiative the Web server main engine system the loophole, 
              fights in the main engine system safety and security achieves 
              "with a clear goal", promptly patches the loophole, constructs the 
              firm security Great Wall.
              The loophole scanner is one kind of automatic detection 
              long-distance or the local main engine secure weakness procedure. 
              Through the use loophole scanner, the system manager can discover 
              maintains Web the server each kind of TCP port assignment, 
              provides the service, the Web service software edition and these 
              services and software present on Internet the security loophole. 
              At the same time, the loophole scanner also can from the main 
              engine system interior examination system disposition flaw, the 
              analogous system manager carry on the system interior verification 
              the entire process, discovered can dispose by mistake by hacker 
              use all sorts. We are called former the loophole scanner exterior 
              scanning, is because it is the Web server which maintains to the 
              system manager carries on exterior characteristic scanning under 
              the actual Internet environment through the network; Is called the 
              loophole scanner latter internal scanning, is because it is to the 
              Web server which maintains carries on the internal characteristic 
              scanning by system manager's status. In fact, can from the main 
              engine system interior examination system disposition flaw, be 
              between the loophole scanner which system manager's loophole 
              scanner and the hacker has in the technical biggest difference. 
              The hacker in the scanning goal main engine loophole stage, namely 
              in the attack preparatory stage, is is impossible to carry on the 
              goal main engine system interior examination.
              2.2 principles of work
              Regarding exterior scans said that, it through the long-distance 
              examination goal main engine TCP/IP different port service, the 
              reply which the recording goal gives. Through this method, may 
              collect to very many goals main engine each kind of information 
              (for example: Whether can anonymous use to land, whether has the 
              FTP table of contents which may write, whether can use TELNET, 
              HTTPD whether are is moving with root). After obtains the goal 
              main engine TCP/IP port and its corresponding network visit 
              service related information, provides with the loophole sweeping 
              system leaks the storage cavern to carry on the match, satisfies 
              the matched condition to regard as the loophole. In addition, 
              through simulates hacker's attack technique, carries on the 
              aggressive to the goal main engine system security loophole to 
              scan, like test &#21183;password and so on, also implements one of 
              exterior scanning methods. If simulated strike successfully, then 
              visible exists for the loophole.
              Scans regarding the interior said that, it through registers the 
              goal main engine by the root status, recording system disposition 
              each main parameter, the analysis disposition loophole. Through 
              this method, may collect to the very many goals main engine 
              disposition information. In obtains the goal main engine 
              disposition information in the situation, will carry on the 
              comparison and the match with the safe disposition standard 
              storehouse, every satisfying namely will not regard as the 
              loophole.
              3. based on loophole scanner main engine security policy
              3.1 loopholes scanners right of use
              The loophole scanner right of use belongs to root to possess. 
              Regarding the average consumer, in, outside scans the loophole 
              data which obtains to be supposed to be the security. The hacker 
              often comes from the website in, their threat also is biggest. 
              From essentially analyzes, the loophole scanner is the system 
              administration auxiliary means.
              At present, on Internet each kind of scanning software emerges one 
              after another incessantly, although the majority of functions sole 
              are obsolete, the loophole searches for the accuracy not to be 
              high, but everybody may obtain and use, has formed the certain 
              threat to the Web server. Regarding the strict system 
              administration, the non- system administration use loophole scans 
              may regard as the unfriendly action, should forbid the average 
              consumer use loophole scanner to scan this website interior main 
              engine as well as other websites main engines.
              3.2 loopholes scanners own security
              The loophole scanner should move in the website exterior net, also 
              places after the firewall, may incorporate into to "the 
              demilitarization area" in. At the same time, the movement loophole 
              scanner computer should forbid from the Internet exterior visit. 
              In brief, avoids the loophole scanner encountering hacker's 
attack.
              Moreover, loophole scanner software and it produces the loophole 
              report file read-write and carries out the jurisdiction to be 
              supposed only to belong to root. Avoids the average consumer 
              contact loophole report file. Loophole scanner software and leaks 
              the storage cavern the promotion work certainly personally to 
              complete by the root user.
              3.3 loopholes scanners application method
              (1) formulates the scanning periodic table
              The loophole scans the work is one of system manager's routine 
              work, should formulate the science scanning cycle. Regarding a 
              scale bigger website, the loophole scans consumes when greatly, 
              the daily cycle take a week as is suitable. Formulation scanning 
              periodic table induced body presently following principle:
              * With system disposition revision suspension hook, when the 
              disposition revision finished namely carries out the loophole to 
              scan;
              * With leaks the storage cavern and the loophole scanner software 
              promotion suspension hook, when promotes finished namely carries 
              out the loophole to scan;
              * With loophole patch work suspension hook, when the patch work 
              finished namely carries out the loophole to scan.
              (2) formulates the loophole to patch the measure
              The loophole scans the work is the main engine system security 
              initial period work, is discovers the loophole the process. If the 
              discovery loophole actually does not patch, the loophole scans 
              meanless. The loophole patches the measure the principle is:
              * The loophole reports the analysis, mainly distinguishes clearly 
              the reason, the system manager which the loophole produces 
              disposes, the system and the software own flaw, the hacker 
              behavior by mistake (for example wooden horse procedure);
              * Disposes by mistake regarding the system manager, should 
              promptly refer to the related handbook, obtains the correct 
              disposition plan and to disposes by mistake carries on the 
              correction;
              * Regarding the operating system and the application software own 
              flaw, should seek the promotion edition or the related patch to 
              the developer (patch);
              * Regarding the hacker behavior, the key must &#28165; the wooden horse 
              or the back door which it stays behind (Back Door) principle and 
              position, and prompt elimination.
              3.4 loopholes scanners maintenance
              The loophole scanner maintenance work core is leaks the storage 
              cavern and the system disposition standard rule promotion. This 
              and PC &#26432;Ը software is similar. Long-term has not obtained the 
              promotion regarding the loophole storehouse the loophole scanner, 
              the examination result confidence level greatly reduces. Famous 
              scanner satan is an example, has been born since 1995, the 
              promotion number of times are not many. At present looked its 
              function has revealed frailly, the king position of already 
              yielded to promising youth and so on ISS.
              Leaks the storage cavern and the system disposition standard rule 
              promotion mainly comes from three aspects:
              * Regarding the commercial software, may gain the promotion 
              information from the developer hand;
              * The system manager directly from such as security website and so 
              on the www.cert.org downloads the loophole information, own carry 
              on the promotion;
              * The system manager acts according to own work experience 
              specially is the experience lesson which disputes with the hacker 
              obtains, own establish leaks the storage cavern to carry on the 
              promotion.
              4. concluding remark
              The loophole scanner is the verification and the appraisal main 
              engine secure important tool, but in the concrete application, the 
              loophole scanner must unify with the effective network security 
              management, like this can maximum limit display its potency, 
              protects the main engine system the security. Therefore, the 
              formulation effective and is reasonable based on the loophole 
              scanner main engine security policy is extremely essential. 





              Original author: Pheonix 
              Origin: Safechina 
              Altogether has 91 readers to read this article 

              [Tells friend] 
            Previous article:Microsoft will be Windows XP increases the blue 
            tooth technology 

            Next article:The network attack rampant enterprise guards against 
            the black necessary five big strategies day after day 

            - this week popular article - related article 
            On-line startled presently "the monster" the viral harm degree 
            presses up to "seeks employment the letter"
            Based on loophole scanner main engine security policy
            Celebrated a holiday has delivered everybody the free proxy 
            springboard
            The win98 loophole uses again
            World top-quality hacker Mitnick {myself idol}
            Teaches you the first invasion 
            Network invasion method and general step 



      CSHU 
