Design And Implement Of IIS-based Web Server Proactive Defense System

With the development of information technology, network applications and services have widely influenced people’s lives. As enjoying the happiness and convenience brought by network, we are also facing the more and more serious and complicated network security threats and risks. As the most widely services in Internet, WWW(World Wide Web) is a direct window between we people and the network, for example, Paperless office, E-commerce, Information sharing and exchange, etc. For the inevitable defects of the Web programmes, hackers can start an attack to the web servers, especially to the widely used IIS servers. If we can stop the attack before the completion, then the security of IIS servers will be protected to a large extent, and the expansion of network security threation will be stopped.This work mainly focus on the research of how to stop the attacks built on the programme design defects of the Website.The protection system of the IIS-based Web servers is built on two aspects:For the one side, the security configuration of IIS server’s operating system is reinforced. The directory authority, local security category, services, regedit and ports are configged automatically. Through the inforce of security configuration, even the hackers has obtained the Websites authority, that is, the WEBSHELL, we still can stop the intruding.For the other side, we actively prevent the hackers writing Trojan data to IIS servers by using the defects. If a hacker wants to obtain the WEBSHELL, he must write the WEBSHELL data to the server first. The Active Defense System will watch the write operation of IIS, through matching the signature, the files which may contain Trojan data will be deleted or the system will fire an alarm. At that time, even the Trojan data is writed, the Trojan files can not be excuted, for the Trojan files are deleted.By using this system, the security of IIS server will be protected effectively, the attack will be stopped beforehand, the IIS data is protected, and the other nodes on the net connected to the IIS server are also protected.