modular A Infrastructure setting and security reinforcement

need A Module environment private

One 、 Project and task description ：

Suppose you are a network security engineer in an enterprise , For enterprise server system , Ensure the normal operation of all services according to the task requirements , And through the comprehensive use of login and password policies 、 Traffic integrity protection strategy 、 Event monitoring strategy 、 Firewall strategy and other security strategies to improve the network security defense ability of the server system . This module requires screenshots of specific tasks and corresponding text descriptions , With word Document writing , With PDF Format preservation , Take the match number as the file name .

Two 、 Server environment description

Log: Log server (Splunk), The operating system is Linux

Web:IIS The server , The operating system is Windows

A-1 Task a Login security

Please check the server Web Make corresponding settings as required , Improve the security of the server .

1. Password policy （Web）

a. The minimum password length shall not be less than 8 Characters , Screenshot of the attribute configuration interface of the minimum password length ;

b. The password policy must satisfy both upper and lower case letters 、 Numbers 、 Special characters , Screenshot of the attribute configuration interface where the password must meet the complexity requirements .

2. Login strategy （Web）

a. When the user logs in to the system , Should have “For authorized users only” Prompt information , A screenshot of the warning message window will pop up when logging in to the system ;

b. Only... Are allowed for one minute 5 Failed login attempts , exceed 5 Time , Login account locked 1 minute , Screenshot of the account locking policy configuration interface ;（ Be careful , More than five locks , So the lock threshold here should be 6 Time , In the screenshot, if 5 No score for times ）

c. The remote user inactive session connection timeout should be less than or equal to 5 minute , take RDP-Tcp Screenshot of the configuration interface corresponding to the property .

3. User security management (Web)

a. Remote management security of server SSL strengthening , Prevent sensitive information disclosure from being monitored , take RDP-Tcp Screenshot of the configuration interface corresponding to the property ;

b. Only the super administrator account is allowed to shut down the system , Screenshot of the configuration interface of system properties will be closed . 

A-2 Task 2 Web Safety reinforcement (Web)

1. In order to prevent web in .mdb Illegal download of database file , Yes, please. Web Secure the configuration file , take C:\Windows\System32\inetsrv\config\applicationHost Screenshot of the corresponding part in the configuration file ;

2. Restrict directory execution permissions , Yes picture and upload Set the execution permission of the directory to none , Screenshot of the configuration interface for editing function permissions ;

picture Directory permission settings

or

upload Directory permission settings

or

Give all points

3. Turn on IIS Log audit records for ( The log file is saved in W3C, Only record the date 、 Time 、 client IP Address 、 user name 、 Method ), take W3C Screenshot of the configuration interface of logging field ;

4. In order to reduce the load on the website , Set the maximum number of concurrent connections for the website to 1000, Screenshot of the configuration interface that will edit website restrictions ;

5. Prevent file enumeration vulnerability to enumerate network server root files , prohibit IIS Short file name leaked , Screenshot of the configuration command ;

6. close IIS Of WebDAV Function to enhance the security of the website , Take a screenshot of the alert message . 

A-3 Task three Flow integrity protection and event monitoring （Web,Log）

1. In order to prevent the password from being stolen when logging in or transmitting information , Log in with a certificate only SSH（Log）, take /etc/ssh/sshd_config Screenshot of the corresponding part in the configuration file ; 

2. take Web The server turns on the audit policy

Login Events success / Failure ;

Privilege use success ;

Policy changes success / Failure ;

Process tracking success / Failure ;

Take a screenshot of the configuration interface of the audit policy ;

3. To configure Splunk receive Web The server , Security log , system log ,CPU load , Memory , disk space , Network state . Transfer transponder ： Screenshot of the successfully deployed page .

A-4 Task 4 Firewall policy

All servers turn on the firewall , In order to prevent blackmail virus attack, the firewall is reinforced ：

1.Windows System Disabled 445 port , Screenshot of inbound rule of firewall ;

2.Linux System Disabled 23 port , take iptables Screenshot of configuration command ;

3.Linux The system forbids others ping through , take iptables Screenshot of configuration command ;

4.Linux In order to ensure safety, the system prohibits everyone from connecting SSH except 172.16.1.1 This ip, take iptables Screenshot of configuration command .

Points will be given only if the two pictures are all right