Privacy Terms

發布日期
Who We Are At Walk In The Cloud, we are committed to maintaining the trust and confidence of all visitors to our web site. In particular, we want you to know that Walk In The Cloud is not in the business of selling, renting or trading email lists with other companies and businesses for marketing purposes.  In this Privacy Policy, we’ve provided detailed information on when and why we collect personal information, how we use it, the limited conditions under which we may disclose it to others, and how we keep it secure.  We take your privacy seriously and take measures to provide all visitors and users of Walk In The Cloud with a safe and secure environment. Cookies  Walk In The Cloud may set and access Walk In The Cloud cookies on your computer.  Cookies are used to provide our system with the basic information to provide the services you are requesting.  Cookies can be cleared at any time from your internet browser settings.  Google Analytics When someone v...
0

網頁資安問題解決筆記

發布日期
一、Slow HTTP Denial of Service Attack

俗稱的DDOS攻擊,解決方法有很多種。


  • 方法一:以Apache來說的話,可安裝套件 Mod_Antiloris。
1. 下載檔案


cd /usr/local/src
wget http://sourceforge.net/projects/mod-antiloris/files/mod_antiloris-0.4.tar.bz2
tar -xvjf mod_antiloris-0.4.tar.bz2
cd mod_antiloris-*
apxs -a -i -c mod_antiloris.c

2. 重啟apache
service httpd restart

3. 檢查是否有掛載mod_antiloris
httpd -M | grep antiloris


  • 方法二:更改防火牆設定

      iptables -I INPUT -p tcp --dport 80 \ -m connlimit --connlimit-above 20 --connlimit-mask 40 -j DROP


二、RC4 cipher suites detected、SSL weak ciphers

在conf檔裡加上以下的設定:

 SSLProtocol all -SSLv2 -SSLv3
 SSLHonorCipherOrder on
 # Compression is disabled by default on my distribution (CentOS 6)
 # SSLCompression off
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS

三、The FREAK attack (export cipher suites supported)



四、SSL certificate public key less than 2048 bit

 openssl genrsa -out test.key 2048
openssl genrsa -des3 -out test.key 2048
openssl req -new -key test.key -out test.csr
  

留言

張貼留言