1. Server Hardening (Fortification)
Basic Concepts
- Principle of Least Privilege, Principle of Least Functionality
- Attack Surface Reduction
- Defense in Depth (Multi-layered Defense)
- Sub-keywords: Risk Assessment, Baseline Configuration, Security Posture
Specific Countermeasures
- Disabling Unnecessary Services and Closing Ports
- Patch Management, Security Updates
- Access Control (Firewall, ACL)
- Sub-keywords: Change Management, Vulnerability Scanning, Configuration Hardening
Account Management
- Deleting Unnecessary Accounts, Password Policy
- Prohibiting Root Login, Proper sudo Configuration
- Sub-keywords: Password Complexity, Account Lockout, Privilege Escalation Prevention
Advanced Security
- Log Configuration and Monitoring
- Mandatory Access Control (SELinux, AppArmor)
- chroot Environment, Sandboxing
- Sub-keywords: Container Security, Kernel Hardening, System Integrity
2. Web Server Security
Major Vulnerabilities
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Sub-keywords: Reflected XSS, Stored XSS, DOM-based XSS
Path and Session Attacks
- Directory Traversal
- Session Management Vulnerabilities (Session Hijacking, Fixation)
- HTTP Header Injection
- Sub-keywords: Path Manipulation, Session Timeout, Token-based Authentication
File Upload Vulnerabilities
- Unrestricted File Upload
- Remote Code Execution
- Sub-keywords: File Type Validation, MIME Type Checking, Upload Directory Permissions
Countermeasure Technologies
- WAF (Web Application Firewall)
- Input Validation, Sanitization
- HTTPS Implementation (SSL/TLS)
- Sub-keywords: Certificate Management, Perfect Forward Secrecy, TLS 1.3
Secure Headers and Cookies
- Secure HTTP Headers (HSTS, CSP, X-Frame-Options)
- Cookie Security Attributes (Secure, HttpOnly, SameSite)
- Sub-keywords: Clickjacking Prevention, Content Security Policy, CORS
Error Handling
- Proper Error Handling (Concealing Detailed Information)
- Disabling Directory Listing
- Sub-keywords: Custom Error Pages, Information Disclosure Prevention, Stack Trace Suppression
3. DNS Server Security
Major Threats
- DNS Cache Poisoning
- DNS Spoofing
- DNS Amplification Attack (DDoS)
- Sub-keywords: Kaminsky Attack, Birthday Attack, Reflection Attack
Zone Transfer Issues
- Unauthorized Zone Transfer Exploitation
- DNS Tunneling
- Sub-keywords: AXFR Restriction, Data Exfiltration, Covert Channels
Countermeasures
- DNSSEC (DNS Security Extensions) Implementation
- Zone Transfer Restrictions
- Recursive Query Limitations
- Sub-keywords: Chain of Trust, Key Signing Key (KSK), Zone Signing Key (ZSK)
Rate Limiting and Architecture
- Rate Limiting, Response Rate Limiting (RRL)
- Separation of Authoritative and Cache Servers
- Source Port Randomization
- Sub-keywords: Query Flooding, Anycast, Split DNS
Maintenance
- Regular Patch Application
- Sub-keywords: Version Disclosure Prevention, BIND Alternatives, DNS Monitoring
4. Proxy Server Security
Types and Roles
- Forward Proxy vs Reverse Proxy
- Transparent Proxy vs Non-transparent Proxy
- Sub-keywords: Load Balancing, SSL Offloading, Caching Strategy
Security Countermeasures
- Access Control (Authentication, ACL)
- Content Filtering
- Logging and Monitoring
- Sub-keywords: URL Filtering, Category-based Blocking, Whitelist/Blacklist
SSL/TLS Inspection
- SSL/TLS Inspection
- Cache Poisoning Countermeasures
- Sub-keywords: Certificate Pinning, Man-in-the-Middle Detection, Encrypted Traffic Analysis
Prevention Measures
- Open Proxy Prevention
- Rate Limiting, Bandwidth Control
- Virus Scanning Integration
- Sub-keywords: Anonymous Proxy Detection, Connection Pooling, Request Throttling
Threats
- Unauthorized Proxy Usage
- Man-in-the-Middle Attack (MITM)
- Information Leakage via Proxy
- Sub-keywords: Proxy Chaining, Header Manipulation, Request Smuggling
5. Database Server Security
Major Threats
- SQL Injection
- Privilege Escalation Attack
- Unauthorized Database Access
- Sub-keywords: Second-order SQL Injection, Time-based Blind SQLi, Out-of-band SQLi
Data Protection Threats
- Data Leakage
- Backup Data Theft
- Sub-keywords: Insider Threats, Data Exfiltration, Shadow IT
Countermeasures - Query Security
- Prepared Statements (Parameterized Queries)
- Stored Procedure Usage
- Sub-keywords: ORM Frameworks, Query Whitelisting, Input Sanitization
Access Control
- Principle of Least Privilege (User Privilege Management)
- Deleting/Changing Default Accounts
- Network-level Access Restrictions
- Sub-keywords: Role-based Access Control (RBAC), Attribute-based Access Control (ABAC), Connection Pooling
Encryption
- Database Encryption (Transparent Encryption, Column-level Encryption)
- Communication Encryption (SSL/TLS Connection)
- Backup Encryption and Secure Storage
- Sub-keywords: Key Management, Data-at-rest Encryption, Tokenization
Monitoring and Protection
- Audit Log Recording
- Database Firewall
- Database Activity Monitoring (DAM)
- Sub-keywords: Anomaly Detection, Real-time Alerting, Compliance Reporting
Other Important Items
- Blind SQL Injection
- NoSQL Injection
- Data Masking
- Sub-keywords: Dynamic Data Masking, Static Data Masking, Synthetic Test Data
Study Tips: It's important to understand these keywords and concepts, and memorize the principles and implementation methods of countermeasures for each threat. I especially recommend learning each attack technique together with its corresponding countermeasures as a set.