Design And Implementation Of TheⅡS Server Secruity System

With the widely spread of the Internet, web application platform has become the communication center of the Internet. But at the same time, the threats to the web application are very serious. How to protect web applications’security is very important.The attacks to the web application, comparing with traditional network attacks,have many new features, such as using HTTP protocol to carry malicious data, which can not be detected by the firewall and intrusion detection system.So we must defense the attacks from the application layer.This paper studys IIS platform architecture and design of the overall framework of the IIS security system firstly. Based on above the research,this paper in-depth researchs cross-site scripting attacks and web tampering attacks which are the two most affected in the web application attacks.This paper proposes the security policy for Web server based on windows platform,and design and implement it.To defend cross-site script attacks,this paper discusses several cross-site script attacks and related defense mechanisms for it,and construct the regular expression to describe the attacks. A protection module is designed and implemented to prevent mechanism against cross-site scritp attacks on the server side.This module can is embedded into the IIS web server software under the windows platform to achieve the goal of real-time blocking attacks and record alarm logs,which detectes the attacks before the HTTP requests handled by the system modules.With the temporary IP blacklist,this module can refuse seve-ral request of the parties which attempt to attack.To defend Web page from tampering,this paper studies and compares the advantages and disadvantages of each defense technology. The function of Web tampering is designed and implemented based on file system filter driver.The web tamper-resistant system can protect web directory operations truncated.by intercepting and analyzing the IRP flow.In order to avoid the filter driver is bypassed, the application layer event trigger mechanism is used to monitor and achieve a more secure and tamper-resistant features.LoadRunner testing showed that, in this paper, the Web site protection system can effectively prevent xss attacks and web-page tampering attacks, the server response latency and load less affected, with very little influence to the web application platform.