当前位置:网站首页>Use onedns to perfectly solve the optimization problem of office network
Use onedns to perfectly solve the optimization problem of office network
2022-07-07 17:40:00 【Lin [email protected]】
Preface
Enterprise Office , Do you often encounter the following problems :
- Some inexplicable applications are installed on your computer , Slow down the computer , Affect office efficiency ;
- There are always some advertising pop ups on the computer desktop from time to time , It's annoying ;
- There are other people who always open websites forbidden by the company during working hours , Like web games 、 Gambling websites, etc ;
- The company server always restarts inexplicably in the middle of the night , Suspected of being “ Mining in bad faith ”, But I can't find the specific infected file ……
It's a common problem , Probably DNS Hijack or encounter CSRF attack .
DNS hijacked
DNS Hijacking is domain name hijacking , By matching the original domain name to IP Address to replace , This allows users to access the wrong website , Or an attack that prevents users from accessing the website normally .
CSRF attack
CSRF, Cross-site request forgery ( The full English name is Cross-site request forgery), It is a method of holding a user to log in at the current time Web An attack method that performs unintended operations on an application .
Example :
- The user logs in to the bank , Didn't quit , The browser contains the user's identity authentication information in the bank .
- The attacker will falsify the transfer request , Included in the post .
- When the user keeps logging in the bank website , Browse posts .
- Fake transfer request together with authentication information , Send it to the bank website .
- Bank websites see authentication information , Think it is the legitimate operation of the user , Finally, it causes the loss of users' funds .
How to solve DNS Hijacking and avoidance CSRF attack ?
Method 1
solve DNS hijacked :
Directly through IP Address visit website , To avoid the DNS hijacked
Because domain name hijacking can only be carried out within a specific network , Therefore, some advanced users can make DNS Point to the normal domain name server to achieve normal access to the target web address , For example, computers are preferred DNS The address of the server is fixed as 8.8.8.8.
avoid CSRF attack
- Check Referer Field :HTTP In the header Referer The field records the HTTP The source address of the request . In general , Requests to access a security restricted page come from the same website , And if hackers want to do it CSRF attack , He can only build requests on his own website . therefore , Can be verified by Referer It's worth defending CSRF attack .
- Add validation token: stay HTTP Was added a request in the form of randomly generated parameter token, And build an interceptor on the server side to verify this token, If not in the request token perhaps token The content is not correct , Think it might be CSRF Attack and reject the request .
- Sensitive operation multiple check : For some sensitive operations , In addition to verifying the user's authentication information , You can also confirm by email 、 The verification code confirms multiple verification in this way .
Method 2
install OneDNS
OneDNS Protection principle
OneDNS Get the requested domain name , Real time collision with cloud intelligence base , Secure domain name stable and efficient resolution , Return resolution IP Give users access ; detected Malicious domain names are not resolved , Direct interception , Return to the interception page , Achieve security protection .
OneDNS install
It's easy to install , Direct will DNS The address to OneDNS Of IP address , Interception upon access .
版权声明
本文为[Lin [email protected]]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/188/202207071534044468.html
边栏推荐
猜你喜欢
[video / audio data processing] Shanghai daoning brings you elecard download, trial and tutorial
Share the latest high-frequency Android interview questions, and take you to explore the Android event distribution mechanism
datepicket和timepicket,日期、时间选择器的功能和用法
网络攻防复习篇
Alertdialog create dialog
深度学习-制作自己的数据集
DatePickerDialog和trimepickerDialog
状态模式 - Unity(有限状态机)
TabHOST 选项卡的功能和用法
textSwitch文本切换器的功能和用法
随机推荐
toast会在程序界面上显示一个简单的提示信息
第3章业务功能开发(用户登录)
alertDialog創建对话框
[distributed theory] (I) distributed transactions
利用七种方法对一个文件夹里面的所有图像进行图像增强实战
actionBar 导航栏学习
LeetCode 648(C#)
大笨钟(Lua)
无法链接远程redis服务器(解决办法百分百)
Matplotlib绘制三维图形
Numberpick的功能和用法
深入浅出【机器学习之线性回归】
Vscode three configuration files about C language
[re understand the communication model] the application of reactor mode in redis and Kafka
TabHOST 选项卡的功能和用法
如何在软件研发阶段落地安全实践
本周小贴士#134:make_unique与私有构造函数
本周小贴士#141:注意隐式转换到bool
A tour of grpc:03 - proto serialization / deserialization
目标检测1——YOLO数据标注以及xml转为txt文件脚本实战