XXX电子商务网站安全加固报告目录电子商务网站安全加固报告...........................................................................................................1目录..........................................................................................................................................2一、加固主机列表...................................................................................................................3二、加固实施..........................................................................................................................42.1操作系统加固............................................................................................................42.1.1补丁安装.......................................................................................................42.1.2帐号、口令策略修改...................................................................................42.1.3网络与服务加固...........................................................................................42.1.4文件系统加固...............................................................................................52.1.5日志审核增强...............................................................................................62.1.6安全性增强...................................................................................................72.1.7推荐安装安全工具.......................................................................................82.2IIS服务加固............................................................................................................82.2.1补丁安装.......................................................................................................82.2.2网站实例权限分配.......................................................................................82.2.3IIS配置安全增强........................................................................................92.2.4安全控件加固...............................................................................................92.3代码审核加固.........................................................................................................102.3.1清除WebShell代码...................................................................................102.3.2清除SQL注入漏洞.....................................................................................102.3.3修正权限认证缺陷.....................................................................................102.3.4减少上传风险威胁.....................................................................................112.3.5正确处理数据库文件.................................................................................11三、推荐安全注意事项.........................................................................................................123.1为新增网站实例分配权限......................................................................................123.2使用SSL加密FTP传输..........................................................................................123.3加强管理员安全习惯.............................................................................................12四、签字确认........................................................................................................................13附录:..............
