Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

More documents

Recommendations

Info

40 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ ÑÏÅÖ 02-07Ìîäóëü mod_securityÎÑ èëè ÿäðà êàêèå-òî ïàðàìåòðû ñòàíîâÿòñÿ ðåêîìåíäóåìûìèê èñïîëüçîâàíèþ, à êàêèå-òî, íàîáîðîò,âûõîäÿò èç îáðàùåíèÿ. Íåîáõîäèìî îòñëåæèâàòüòåíäåíöèè è êîíòðîëèðîâàòü êîíôèãóðàöèþ.áàçà äàííûõ. Ñëåäóþùèé óðîâåíü çàùèòû —ïðàâà äîñòóïà ê áàçå äàííûõ è ôàéëîâîé ñèñòåìå.Áàçà äàííûõ — îäíîâðåìåííî âàæíîå õðàíèëèùåè îñíîâíàÿ ëàçåéêà äëÿ àòàêè SQL Injection ïðè ïðîíèêíîâåíèèíà ñåðâåð è ñáîðå èíôîðìàöèè. Ïîýòîìóñöåíàðèè íå äîëæíû ðàáîòàòü îò èìåíè ïðèâèëåãèðîâàííîãîïîëüçîâàòåëÿ. Ó÷åòíàÿ çàïèñü äîëæíàèìåòü òîëüêî òå ïðàâà, êîòîðûå åé íåîáõîäèìûäëÿ ðàáîòû ñöåíàðèÿ, è íè ãðàììà áîëüøå.Ëþáîé íåñàíêöèîíèðîâàííûé äîñòóï ê ñèñòåìíîéèíôîðìàöèè äîëæåí çàïðåùàòüñÿ. Â 99%ñëó÷àåâ ïðè ðàáîòå ñ MySQL-ñöåíàðèÿì íå íóæåíäîñòóï ê ñèñòåìíîé áàçå MySQL, ãäå õðàíèòñÿ âñÿèíôîðìàöèÿ î ïîëüçîâàòåëÿõ, ïðàâàõ äîñòóïàõ èîáúåêòàõ ñåðâåðà áàç äàííûõ. Äîñòóïà íå äîëæíîáûòü íå òîëüêî íà çàïèñü èëè îáíîâëåíèå, íî è íàïðîñìîòð äàííûõ. Î÷åíü ÷àñòî äàæå ïðîñìîòð ñèñòåìíûõäàííûõ ìîæåò äàòü õàêåðó ìàññó âàæíîéäëÿ áåçîïàñíîñòè èíôîðìàöèè.Ïðè ðàáîòå ñ áàçîé äàííûõ MS SQL Serveráîëüøèíñòâî ïðîãðàììèñòîâ èñïîëüçóþò óæå ñóùåñòâóþùóþïî óìîë÷àíèþ ðîëü public. Â ýòîì èçàêëþ÷àåòñÿ îøèáêà, âåäü ýòîé ðîëè äîñòóïíî ìíîãîå.Ëó÷øåå ïðàâèëî — íèêîãäà íå èñïîëüçóé ãîòîâîå,à ñîçäàâàé ñîáñòâåííóþ ðîëü è ïîëüçîâàòåëÿ.ìîäóëè web-ñåðâåðà. Ñëåäóþùèé ýòàï îáåñïå÷åíèÿáåçîïàñíîñòè — ìîäóëè äëÿ Apache.Îíè ïîçâîëÿþò ïîñòðîèòü ýôôåêòèâíóþ çàùèòó îòàòàê òèïà SQL Injection, XSS è ìíîãèõ äðóãèõ.Íî ïðîñòî óñòàíîâèòü ìîäóëü — íå çíà÷èò ðåøèòüâñå ïðîáëåìû. Íóæíî ãðàìîòíîå êîíôèãóðèðîâàíèåè çàïðåò âñåãî, ÷òî ìîæåò íàíåñòè âðåä ñåðâåðó.mod_sequrity. Íåñìîòðÿ íà òî, ÷òî áåçîïàñíîñòüweb-ñåðâåðà â îñíîâíîì çàâèñèò îò ñöåíàðèåâ,êîòîðûå âûïîëíÿþòñÿ íà ñåðâåðå, è ïðîãðàììèñòîâ,êîòîðûå ïèøóò ýòè ñöåíàðèè, åñòü âîçìîæíîñòüçàùèòèòü ñåðâåð, íå îáðàùàÿ íà íèõ âíèìàíèÿ.Â ýòîì ïîìîæåò áåñïëàòíûé ìîäóëü äëÿ Apachemod_security. Ïðèíöèï ðàáîòû ìîäóëÿ ñõîæ ñ ñåòåâûìýêðàíîì, êîòîðûé âñòðîåí â ÎÑ, òîëüêî â äàííîìñëó÷àå îí ñïåöèàëüíî ðàçðàáîòàí äëÿ ðàáîòûñ ïðîòîêîëîì HTTP. Ìîäóëü àíàëèçèðóåò çàïðîñûïîëüçîâàòåëåé è âûíîñèò ñâîå ðåøåíèå î âîçìîæíîñòèïðîïóñòèòü çàïðîñ ê web-ñåðâåðó èëè îòêàçåíà îñíîâå ïðàâèë, êîòîðûå çàäàåò àäìèíèñòðàòîð.Ïðàâèëà îïðåäåëÿþò, ÷òî ìîæåò áûòü â çàïðîñå,à ÷òî íåò.Â çàïðîñàõ, êîòîðûå ïîëüçîâàòåëü îòïðàâëÿåòíà ñåðâåð, ñîäåðæèòñÿ URL-àäðåñ, ñ êîòîðîãî íåîáõîäèìîâçÿòü äîêóìåíò èëè ôàéë. ×òî ìîæíî çàäàòüâ ïðàâèëàõ ìîäóëÿ, ÷òîáû ñåðâåð ñòàë áåçîïàñíåå?Ðàññìîòðèì íåñêîëüêî íåñëîæíûõ ïðèìåðîâ.1 Â ÑÒÐÎÊÅ URL ÍÅ ÄÎËÆÍÎ ÁÛÒÜ ÍÈ-ÊÀÊÈÕ ÎÁÐÀÙÅÍÈÉ Ê ÔÀÉËÓ /ETC/PASS-WD, À ÇÍÀ×ÈÒ, ÏÓÒÈ Ê ÝÒÎÌÓ ÔÀÉËÓÍÅ ÄÎËÆÍÛ ÁÛÒÜ Â URL-ÀÄÐÅÑÅ.2 ×ÅÐÅÇ URL ÍÅ ÄÎËÆÅÍ ÏÅÐÅÄÀÂÀÒÜ-Ñß ÊÎÄ JAVASCRIPT, ÝÒÎ ÑÅÐÜÅÇÍÀßÎØÈÁÊÀ. ÒÀÊÈÅ ÂÅÙÈ ÍÓÆÍÎ ÏÅÐÅÄÀ-ÂÀÒÜ ÌÅÒÎÄÎÌ POST. ÅÑËÈ ÇÀÏÐÅÒÈÒÜ È ÏÐÎÈÇÂÎÄÍÛÅ, ÒÎ ÌÎÆÍÎÎÁËÅÃ×ÈÒÜ ÑÅÁÅ ÆÈÇÍÜ. ÍÎ ÒÎËÜÊÎÎÁËÅÃ×ÈÒÜ, ÒÀÊ ÊÀÊ ÅÑÒÜ ÊÓ×À ÏÐÎÈÇ-ÂÎÄÍÛÕ, ÏËÞÑ ÊÎÄÈÐÎÂÀÍÈÅ ÑÎÄÅÐ-ÆÈÌÎÃÎ ÑÒÐÎÊÈ. ÕÀÊÅÐ ÌÎÆÅÒ ÇÀÌÓ-ÒÈÒÜ ÒÀÊÎÉ ÇÀÏÐÎÑ, ÊÎÒÎÐÛÉ ÎÁÎÉ-ÄÅÒ ÔÈËÜÒÐÛ, ÍÎ ÓÑËÎÆÍÈÒÜ ÅÌÓÆÈÇÍÜ ÒÛ ÏÐÎÑÒÎ ÎÁßÇÀÍ.3 Â URL ÍÅ ÄÎËÆÍÎ ÁÛÒÜ ÎÄÈÍÀÐÍÎÉÊÀÂÛ×ÊÈ, À ÂÑÅ ÏÀÐÀÌÅÒÐÛ, ÏÅÐÅÄÀ-ÂÀÅÌÛÅ ÑÖÅÍÀÐÈÞ, ÏÐÈ ÈÑÏÎËÜÇÎÂÀ-ÍÈÈ Â ÇÀÏÐÎÑÀÕ ÎÁßÇÀÒÅËÜÍÎ ÄÎËÆ-ÍÛ ÁÛÒÜ ÇÀÊËÞ×ÅÍÛ Â ÎÄÈÍÀÐÍÛÅÊÀÂÛ×ÊÈ.Ìîäóëü mod_security ïðîâåðÿåò íà îñíîâå çàäàííûõôèëüòðîâ àäðåñ URL, è åñëè îí íàðóøàåò ïðàâèëà,òî çàïðîñ îòêëîíÿåòñÿ. Ñàì ìîäóëü ìîæíî âçÿòüñ ñàéòà www.modsecurity.org. Ïîñëå óñòàíîâêè â ôàéëåhttpd.conf ìîæíî áóäåò èñïîëüçîâàòü äîïîëíèòåëüíûåäèðåêòèâû:— SECFILTERENGINE ONÂÊËÞ×ÈÒÜ ÐÅÆÈÌ ÔÈËÜÒÐÀÖÈÈÇÀÏÐÎÑÎÂ;— SECFILTERCHECKURLENCODING ONÏÐÎÂÅÐßÒÜ ÊÎÄÈÐÎÂÊÓ;— SECFILTERFORCEBYTERANGE 32 126ÐÀÇÐÅØÀÒÜ ÈÑÏÎËÜÇÎÂÀÍÈÅ ÑÈÌÂÎ-ËÎÂ Ñ ÊÎÄÀÌÈ ÒÎËÜÊÎ ÈÇ ÓÊÀÇÀÍÍÎ-ÃÎ ÄÈÀÏÀÇÎÍÀ.Ñèìâîëû, êîäû êîòîðûõ ìåíåå 32, ïðèíàäëåæàò ñëóæåáíûìñèìâîëàì òèïà ïåðåâîäà êàðåòêè èëè êîíöàñòðîêè. Áîëüøèíñòâî èç ýòèõ ñèìâîëîâ íåâèäèìû, íîäëÿ íèõ ñóùåñòâóþò êîäû, ÷òîáû ìîæíî áûëî îáðàáàòûâàòüíàæàòèÿ ñîîòâåòñòâóþùèõ êëàâèø íà êëàâèàòóðå.Òî åñòü õàêåð íå ìîæåò ââåñòè íåâèäèìûéñèìâîë â URL, íî âïîëíå ìîæåò ââåñòè åãî êîä. Íàïðèìåð,÷òîáû óêàçàòü ñèìâîë ñ êîäîì 13, íåîáõîäèìîóêàçàòü â URL àäðåñå «%13». Ñèìâîëû ìåíåå 32è áîëåå 126 ÿâëÿþòñÿ íåäîïóñòèìûìè äëÿ àäðåñà,ïîýòîìó âïîëíå ëîãè÷íî èõ îòñåêàòü åùå äî îáðàáîòêèweb-ñåðâåðîì.— SECAUDITLOG LOGS/AUDIT_LOGÑ ÏÎÌÎÙÜÞ ÝÒÎÃÎ ÏÀÐÀÌÅÒÐÀ ÇÀÄÀ-ÅÒÑß ÔÀÉË ÆÓÐÍÀËÀ, Â ÊÎÒÎÐÎÌ ÁÓ-ÄÅÒ ÑÎÕÐÀÍßÒÜÑß ÈÍÔÎÐÌÀÖÈßÎÁ ÀÓÄÈÒÅ;— SECFILTERDEFAULTACTION«DENY,LOG,STATUS:406» — ÏÀÐÀÌÅÒÐÇÀÄÀÅÒ ÄÅÉÑÒÂÈÅ ÏÎ ÓÌÎË×À-ÍÈÞ (Â ÄÀÍÍÎÌ ÑËÓ×ÀÅ ÓÊÀÇÀÍÏÎ ÓÌÎË×ÀÍÈÞ ÇÀÏÐÅÒ — DENY);— SECFILTER XXX REDIRECT:HTTP://WWW.WEBKREATOR.COM — ÅÑËÈÔÈËÜÒÐ ÑÐÀÁÀÒÛÂÀÅÒ, ÒÎ ÏÎËÜÇÎÂÀ-ÒÅËÜ ÏÅÐÅÀÄÐÅÑÓÅÒÑß ÍÀ ÑÀÉÒHTTP://WWW.WEBKREATOR.COM;— SECFILTER YYY LOG,EXEC:/HOME/APACHE/REPORT-AT-TACK.PL — ÅÑËÈ ÔÈËÜÒÐ ÑÐÀÁÀÒÛÂÀÅÒ,ÒÎ ÁÓÄÅÒ ÂÛÏÎËÍÅÍ ÑÖÅÍÀÐÈÉ/HOME/APACHE/REPORT-ATTACK.PL;— SECFILTER /ETC/PASSWORDÂ ÇÀÏÐÎÑÅ ÏÎËÜÇÎÂÀÒÅËß ÍÅ ÄÎËÆÍÎJail óïðîùàåò ñîçäàíèå èíäèâèäóàëüíîãî îêðóæåíèÿ
41ÁÛÒÜ ÎÁÐÀÙÅÍÈß Ê ÔÀÉËÓ/ETC/PASSWD (ÒÀÊÈÌ ÆÅ ÎÁÐÀÇÎÌÑËÅÄÓÅÒ ÄÎÁÀÂÈÒÜ ÇÀÏÐÅÒÍÀ ÎÁÐÀÙÅÍÈÅ Ê ÔÀÉËÓ /ETC/SHADOW);— SECFILTER /BIN/LSÂ ÇÀÏÐÎÑÅ ÏÎËÜÇÎÂÀÒÅËß ÍÅ ÄÎËÆÍÎÁÛÒÜ ÎÁÐÀÙÅÍÈß Ê ÏÐÎÃÐÀÌÌÀÌ(Â ÄÀÍÍÎÌ ÑËÓ×ÀÅ ÇÀÏÐÅÙÀÅÒÑßÊÎÌÀÍÄÀ LS, ÊÎÒÎÐÀß ÌÎÆÅÒ ÏÎÇÂÎ-ËÈÒÜ ÕÀÊÅÐÓ ÓÂÈÄÅÒÜ ÑÎÄÅÐÆÈÌÎÅÊÀÒÀËÎÃÎÂ, ÅÑËÈ Â ÑÖÅÍÀÐÈÈ ÅÑÒÜÎØÈÁÊÀ), ÑÒÎÈÒ ÇÀÏÐÅÒÈÒÜÎÁÐÀÙÅÍÈß Ê ÒÀÊÈÌ ÊÎÌÀÍÄÀÌ ÊÀÊCAT, RM, CP, FTP È ÄÐÓÃÈÌ;— SECFILTER «\.\./»ÊËÀÑÑÈ×ÅÑÊÀß ÀÒÀÊÀ, ÊÎÃÄÀÂ URL ÓÊÀÇÛÂÀÞÒÑß ÑÈÌÂÎËÛÒÎ×ÅÊ, ÏÎÝÒÎÌÓ ÈÕ ÒÀÌ ÁÛÒÜÍÅ ÄÎËÆÍÎ;— SECFILTER «DELETE[[:SPACE:]]+FROM»ÇÀÏÐÅÒ ÒÅÊÑÒÀ DELETE … FROM,×ÒÎ ×ÀÙÅ ÂÑÅÃÎ ÈÑÏÎËÜÇÓÅÒÑßÂ SQL-ÇÀÏÐÎÑÀÕ ÄËß ÓÄÀËÅÍÈßÄÀÍÍÛÕ.Ïîìèìî ýòîãî ðåêîìåíäóåòñÿ óñòàíîâèòü ñëåäóþùèåòðè ôèëüòðà:1 SECFILTER «INSERT[[:SPACE:]]+INTO»ÈÑÏÎËÜÇÓÅÒÑß Â SQL-ÇÀÏÐÎÑÀÕÄËß ÄÎÁÀÂËÅÍÈß ÄÀÍÍÛÕ.2 SECFILTER «SELECT.+FROM»ÈÑÏÎËÜÇÓÅÒÑß Â SQL-ÇÀÏÐÎÑÀÕÄËß ×ÒÅÍÈß ÄÀÍÍÛÕ ÈÇ ÁÀÇÛ.3 SECFILTER «» È SECFILTER«
Page 1: 02(75)ÔÅÂÐÀËÜ 2007ÅÆÅÌÅ
Page 4 and 5: ÅÆÅÌÅÑß×ÍÛÉÒÅÌÀÒÈ
Page 6 and 7: timeline2000{çàðîæäåíèå}
Page 8: 06 /37 ÃËÎÁÀËÜÍÀß ÝÏÈ
Page 11 and 12: 9æåò âûïîëíÿòü íåñê
Page 13 and 14: 11ñåðâåðå åñòü òàáë
Page 15 and 16: 13Ïîïðîáóåì âñàäèòü
Page 17 and 18: ÝÍÖÈÊËÎÏÅÄÈßGamePostÎ
Page 19 and 20: 17ÝÊÑÏËÎÉÒÀ ÏÎÄ ÊÀÊ
Page 21 and 22: 19çíà÷åíèå èìååò $var1
Page 23 and 24: VERSUS4,3 KENTSFIELD SLINVIDIA Ge
Page 25 and 26: 23ïðèòîíûèíòåðíåòà
Page 27 and 28: 255 /5BugTraq.Ruwww.bugtraq.ru3,5 /
Page 29 and 30: 27Òàáëèöà 1Òàáëèöà 2
Page 31 and 32: 29abstract class Decorator extends
Page 33 and 34: 31PHPÑîçäàâ òàêîé ôàé
Page 36 and 37: 34 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 38 and 39: 36 ÃËÎÁÀËÜÍÀß ÝÏÈÄÅ
Page 40: 38 /67 ÎØÈÁÊÈÌÎËÎÄÎÑÒ
Page 45 and 46: 1 ÌÅÑÒÎ 2 ÌÅÑÒÎ 3 ÌÅÑ
Page 47 and 48: 45ïðîèçâîäèì ïðîâåð
Page 49 and 50: 47CyD NET Utilswww.cydsoft.comshare
Page 52 and 53: 50 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 54 and 55: 52 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 56: 54 ÎØÈÁÊÈ ÌÎËÎÄÎÑÒÈ
Page 59 and 60: 57Q: Êàê îò SQL injection è X
Page 61 and 62: æå ëþäÿì, ïðîñòî îð
Page 63 and 64: http://www.gameland.ru/ Dark Fall:
Page 65 and 66: 63Íó è, íàêîíåö, Perl î
Page 67 and 68: 65Íåñêîëüêî ñëîâ î Ne
Page 69 and 70: 67http://dm9.ru/cgi-bin/perltest/sc
Page 71 and 72: 69î ïîäëîãå. Îïÿòü æ
Page 73 and 74: 71ñåíêó ïîä íîìåðîì
Page 75 and 76: 73ÊÀÊÈÅ ÑÏÎÑÎÁÛ ÁÎÐ
Page 77: {IT}Ñ ÌÀÐÒÀÂÑÅ ÁÓÄÅÒ
Page 82 and 83: 80 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07È
Page 84 and 85: 82 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ï
Page 86 and 87: 84 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07è
Page 88 and 89: 86 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ì
Page 90 and 91: 88 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07ã
Page 92:
90 ÑÏÅÖ-TOPIC ÑÏÅÖ 02-07Ò
Page 95 and 96:
93DEEPNESS IN THE SKYby MFXAETHERby
Page 97 and 98:
îáùåíèÿ äèñêóññèè.
Page 99 and 100:
Vista Manager 1.0.3winxp-manager.co
Page 101 and 102:
MSI MEGABOOKS430($1199) 6 áàëë
Page 103 and 104:
MSI MEGABOOKS430($1199) 6 áàëë
Page 105 and 106:
2Àíäðåé Êàðàìíîââå
Page 107 and 108:
105 |ìÿ îíëàéí, æäåò â
Page 109 and 110:
Ðûêîâ áûë óâåðåí: î
Page 111 and 112:
ìîæíîãî çàêëàäûâàí
Page 113 and 114:
Õâàëþ. Íàì áû ñ âàìè
Page 115:
Думаешь, что посмот
show all

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?

Ã‘ÂÃ‘Â‚ÃÂ¾ÃÂ¼ - Xakep Online