| In the information times, sharing, access and release of information have become themain features of modern life. And the rapid development of internet technology, internetapplication mode has experienced from web page, web application to web service. Taken as anew solution of the distributed applications, Web services have solved the problems of theindependence and the tightness of middleware and distributed-object in the web environmentof traditional web applications. Because of advantages in web services, it can make thesystem which has different distributed framework work together conveniently. Though theopenness and the complexity are the properties of web services,there are much potential ofapplication and development for web services. When the convenience of web services areenjoyed, the security problems are put more attention.Taken as a large-scale storage solution of on-line information, the Web applicationmakes visitors and customers easily get resources, so on-line security risks of web applicationreaches an unprecedented height. After web evolution, web services have become thearchitecture of the new web application, and it has a new character of the latest stage in thecomputer world. In the view of users, web services are objects deployed on the Web Server.When traditional Web application technology solves how people use the services provided byWeb application, the Web services solve how the computer systems user the services providedby the web application.Traditional Web server can not often get the effective protection of the defensemechanism, making it the weakest link in the network. Such as buffer overflows, SQLinjection attacks, denial of service script, based on the theft and cross-site resources, poses agreat threat to the security and stability in the Web server, and the lack of an effective way topresent the defense and protection. This paper introduces a different method of attack, Webserver, and then designs a Web server intrusion prevention system, and implemented under theWindows platform through the IIS server ISAPI protection. Intrusion prevention system canmeasure all of the strategies, actions by accessing the Web servers, Web servers againstmalicious attacks. System security policy engine can load and transfer strategies, Lua script language, it makes easier the preparation of the policy script. Display the correspondingcharacters read Latin alphabet。... |
PDF Full Text Request