Electron建议开发者定义定义内容安全策略
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Electron建议开发者定义定义内容安全策略相关的知识,希望对你有一定的参考价值。
参考技术A 从2.0版本开始,如果使用electron的开发人员没有定义Content-Security-Policy,Electron就会在DevTool console发出警告在electron文档的安全性一章中,列出了17个应当遵循的规则,第六个就是对CSP的要求: https://www.electronjs.org/docs/tutorial/security#6-define-a-content-security-policy 。
内容安全策略(CSP) 是一个确保内容安全的控制方式,应对跨站脚本攻击(XSS),数据嗅探攻击(Sniffing)和数据注入攻击(Data injection)的一层保护措施。
Electron建议任何载入到Electron的站点都要开启,以确保应用程序的安全,两种方法可以启用 CSP:
两种方式的规则都是一样的, default-src 代表默认规则,'self'表示限制所有的外部资源,只允许当前域名加载资源。
一般情况下,默认规则可以包揽大多数的需求,但凡事都有例外,资源繁多的时候通常需要特殊配置,最值得关心的是script的安全,这至关重要,一旦被注入恶意script,很多安全控制就会荡然无存,可以使用 script-src 这一指令设置:
例如我们要引入google-analytics分析流量,可以这样设置:
另外,样式安全以及各种内嵌内容,例如 frame-src,child-src 有时也需要控制,表单提交也可以单独控制,指令是 form-action ,设置多个指令需要用 ; 隔开:
所有的指令可以在MDN官网找到
如果页面请求的内容都是HTTPS的,可以设置:
Macfee自定义安全策略
路径: VirusScan Enterprise > Access Protection Policies
Port blocking rules
|
Rule 1-1 Alerts when Powershell opens a remote HTTP session |
|---|
| Process | powershell.exe |
| Port | 80 |
| Direction | Outbound |
| Action | Report |
| Rule name | Powershell HTTP remote session |
File/folder blocking rule
|
Rule 2-1 Alerts when Microsoft Word spawns a cmd session FP Risk: Low |
|---|
| Process | winword.exe |
| File |
C:WindowsSys*cmd.exe |
| File actions | Files being executed |
| Action | Block, Report |
| Rule name | Word cmd execution |
|
Rule 2-2 Alerts when Microsoft Excel spawns a cmd session FP Risk: Medium |
|---|
| Process | excel.exe |
| File |
C:WindowsSys*cmd.exe |
| File actions | Files being executed |
| Action | Report |
| Rule name | Excel cmd execution |
|
Rule 2-3 Alerts when Microsoft Word spawns a powershell session FP Risk: Low |
|---|
| Process | winword.exe |
| File |
C:WindowsSys*powershell.exe |
| File actions | Files being executed |
| Action | Block, Report |
| Rule name | Word powershell execution |
|
Rule 2-4 Alerts when Microsoft Excel spawns a powershell session FP Risk: Medium |
|---|
| Process | excel.exe |
| File |
C:WindowsSys*powershell.exe |
| File actions | Files being executed |
| Action | Block, Report |
| Rule name | Excel powershell execution |
|
Rule 2-5 Protects against recent Emotet campaigns seen in the wild FP Risk: Low |
|---|
| Process | powershell.exe |
| File |
C:UsersPublic*.exe |
| File actions |
New files being created, Files being executed |
| Action |
Block, Report |
| Rule name |
Powershell emotet launcher |
|
Rule 2-6 Prevents possible Trojans from being launched from AppData FP Risk: Low |
|---|
| Process | * |
| File |
C:Users*AppData*.exe |
| File actions |
New files being created, Files being executed |
| Action |
Block, Report |
| Rule name |
AppData File Execution |
|
Rule 2-7 Blocks the Tor browser from being launched FP Risk: Very Low |
|---|
| Process | * |
| File |
tor.exe |
| File actions |
New files being created, Files being executed |
| Action |
Block, Report |
| Rule name |
Tor process launched |
|
Rule 2-8 rundll32 file executions in AppData FP Risk: Low |
|---|
| Process | rundll32.exe |
| File |
C:Users*AppData* |
| File actions |
Files being executed |
| Action |
Block, Report |
| Rule name |
rundll32 AppData file execution |
|
Rule 2-9 Word uses certutil to decode encrypted commands in macros FP Risk: Low |
|---|
| Process | winword.exe |
| File |
C:WindowsSystem32certutil.exe |
| File actions |
Files being executed |
| Action |
Block, Report |
| Rule name |
Word certutil execution |
|
Rule 2-10 Excel uses certutil to decode encrypted commands in macros FP Risk: Low |
|---|
| Process | excel.exe |
| File |
C:WindowsSystem32certutil.exe |
| File actions |
Files being executed |
| Action |
Block, Report |
| Rule name |
Excel certutil execution |
|
Rule 2-11 regsvr32 launches with sct file FP Risk: Low |
|---|
| Process | regsvr32.exe |
| File |
*.sct* |
| File actions |
Files being executed |
| Action |
Block, Report |
| Rule name |
Regsvr32 sct file execution |
|
Rule 2-12 mshta.exe launches with a .hta file FP Risk: Low |
|---|
| Process | mshta.exe |
| File |
*.hta* |
| File actions |
Files being executed |
| Action |
Block, Report |
| File name |
hta file execution |
Registry blocking rule
|
Rule 3-1 Monitors programs added to autostart for persistence for all users FP Risk: Medium |
|---|
| Process | * |
| Key |
HKLM/Software/Microsoft/Windows/CurrentVersion/Run |
| Reg actions |
Create key or value |
| Action |
Report |
| Rule name |
HKLM Persistence |
|
Rule 3-2 Monitors programs added to autostart for persistence for local user FP Risk: Medium |
|---|
| Process | * |
| Key |
HKCU/Software/Microsoft/Windows/CurrentVersion/Run |
| Reg actions |
Create key or value |
| Action |
Report |
| Rule name |
HKCU Persistence |
以上是关于Electron建议开发者定义定义内容安全策略的主要内容,如果未能解决你的问题,请参考以下文章