The first post on the community: Make your system more secure – Permissions validation documents server permissions validation. This article has collected some security-related Settings that can also improve system security

System security protection policy

The server

  • Set a password validity period policy
  • Password complexity: The password must contain 6 to 24 letters and digits
  • Account lock policy: The account is locked for M minutes after entering the password N times
  • Empty password accounts and guest accounts are prohibited
  • Idle Session disconnection time
  • Disable shutdown when not logged inSecurity Settings local Policies security options. Set Shutdown: Allow system shutdown when not logged in to disabled
  • Install only required software
  • LinuxSystem Prohibit directrootUsers log in, create other accounts, and manage permissions (Prevent database deletion to escape)

The application system

Network access

  • addSSLThe certificate,httpsAccessing web sites
    • httpsAvoid many web session security issues (leaks, tampering)
  • webApplication directories cannot be exposed (For example, the IIS directory is enabled)

Identity check

  • Password complexity verification: The password must contain 6 to 24 characters in case of letters and digits
  • Perform more than two types of security verification for login: account password + verification code/token
  • Account locking policy (The above prevents brute force cracking)
  • Login prevents SQL injection validation
  • User passwords cannot be stored in the database in plain text
  • Verify system permissions (page and operation) : Verify the front and back ends. If the back end does not verify, access the system directlyapiIllegal users may overstep their rights
  • Restrict the same user to log in multiple times or clear resources (such as returning to the token after login and logging in again to clear the old token so as not to be randomly acquired)
  • Critical operations require secondary identification (For example, you need to change important information or confirm payment by password or SMS code)

Most system vulnerabilities are caused by laziness, the server should not trust any data from the client, to carefully check and verify the judgment

You can enable IP access restriction in certain cases, for example, the database can only be accessed through the Intranet

Access to resources

  • Photo /cdnEnable anti-theft chainPrevent CDN from being abused by others and loss of a large amount of traffic
  • The frequency of sending SMS messages and emails is limited