没有合适的资源?快使用搜索试试~ 我知道了~
计算机专业毕业设计说明书外文翻译(中英对照).doc
1.该资源内容由用户上传,如若侵权请联系客服进行举报
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
2.虚拟产品一经售出概不退款(资源遇到问题,请及时私信上传者)
版权申诉
0 下载量 12 浏览量
2022-06-11
01:47:43
上传
评论
收藏 46KB DOC 举报
温馨提示
试读
12页
计算机专业毕业设计说明书外文翻译(中英对照).doc
资源推荐
资源详情
资源评论
Talking about security loopholes
Richard S. Kraus
reference to the core network security business objective is to protect the
sustainability of the system and data security, This two of the main threats come from
the worm outbreaks, hacking attacks, denial of service attacks, Trojan horse. Worms,
hacker attacks problems and loopholes closely linked to, if there is major security
loopholes have emerged, the entire Internet will be faced with a major challenge.
While traditional Trojan and little security loopholes, but recently many Trojan are
clever use of the IE loophole let you browse the website at unknowingly were on the
move.
Security loopholes in the definition of a lot, I have here is a popular saying: can be
used to stem the "thought" can not do, and are safety-related deficiencies. This
shortcoming can be a matter of design, code realization of the problem.
Different perspective of security loopholes
In the classification of a specific procedure is safe from the many loopholes in
classification.
1. Classification from the user groups:
● Public loopholes in the software category. If the loopholes in Windows, IE
loophole, and so on.
● specialized software loophole. If Oracle loopholes, Apache, etc. loopholes.
2. Data from the perspective include :
● could not reasonably be read and read data, including the memory of the
data, documents the data, Users input data, the data in the database, network,
data transmission and so on.
● designated can be written into the designated places (including the local
paper, memory, databases, etc.)
● Input data can be implemented (including native implementation,
according to Shell code execution, by SQL code execution, etc.)
3. From the point of view of the scope of the role are :
● Remote loopholes, an attacker could use the network and directly through
the loopholes in the attack. Such loopholes great harm, an attacker can create
a loophole through other people's computers operate. Such loopholes and can
easily lead to worm attacks on Windows.
● Local loopholes, the attacker must have the machine premise access
permissions can be launched to attack the loopholes. Typical of the local
authority to upgrade loopholes, loopholes in the Unix system are widespread,
allow ordinary users to access the highest administrator privileges.
4. Trigger conditions from the point of view can be divided into:
● Initiative trigger loopholes, an attacker can take the initiative to use the
loopholes in the attack, If direct access to computers.
● Passive trigger loopholes must be computer operators can be carried out
attacks with the use of the loophole. For example, the attacker made to a mail
administrator, with a special jpg image files, if the administrator to open image
files will lead to a picture of the software loophole was triggered, thereby
system attacks, but if managers do not look at the pictures will not be affected
by attacks.
5. On an operational perspective can be divided into:
● File operation type, mainly for the operation of the target file path can be
controlled (e.g., parameters, configuration files, environment variables, the
symbolic link HEC), this may lead to the following two questions:
◇ Content can be written into control, the contents of the documents can be
forged. Upgrading or authority to directly alter the important data (such as
revising the deposit and lending data), this has many loopholes. If history
Oracle TNS LOG document can be designated loopholes, could lead to any
person may control the operation of the Oracle computer services;
◇ information content can be output Print content has been contained to a
screen to record readable log files can be generated by the core users
reading papers, Such loopholes in the history of the Unix system crontab
subsystem seen many times, ordinary users can read the shadow of
protected documents;
● Memory coverage, mainly for memory modules can be specified, write
content may designate such persons will be able to attack to enforce the code
(buffer overflow, format string loopholes, PTrace loopholes, Windows 2000
history of the hardware debugging registers users can write loopholes), or
directly alter the memory of secrets data.
● logic errors, such wide gaps exist, but very few changes, so it is difficult to
discern, can be broken down as follows : ◇ loopholes competitive conditions
(usually for the design, typical of Ptrace loopholes, The existence of widespread
document timing of competition) ◇ wrong tactic, usually in design. If the
history of the FreeBSD Smart IO loopholes. ◇ Algorithm (usually code or
design to achieve), If the history of Microsoft Windows 95/98 sharing password
can easily access loopholes. ◇ Imperfections of the design, such as TCP / IP
protocol of the three-step handshake SYN FLOOD led to a denial of service
attack. ◇ realize the mistakes (usually no problem for the design, but the
presence of coding logic wrong, If history betting system pseudo-random
algorithm)
● External orders, Typical of external commands can be controlled (via the
PATH variable, SHELL importation of special characters, etc.) and SQL injection
issues.
6. From time series can be divided into:
● has long found loopholes: manufacturers already issued a patch or repair
methods many people know already. Such loopholes are usually a lot of people
have had to repair macro perspective harm rather small.
● recently discovered loophole: manufacturers just made patch or repair
methods, the people still do not know more. Compared to greater danger
loopholes, if the worm appeared fool or the use of procedures, so will result in a
large number of systems have been attacked.
● 0day: not open the loophole in the private transactions. Usually such loopholes
to the public will not have any impact, but it will allow an attacker to the target
剩余11页未读,继续阅读
资源评论
智慧安全方案
- 粉丝: 3650
- 资源: 59万+
下载权益
C知道特权
VIP文章
课程特权
开通VIP
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
- 基于QT的地图可视化桌面系统后台数据库为MySQL5.7源码.zip
- 基于simulink的PLL锁相环系统仿真【包括模型,文档,参考文献,操作步骤】
- 基于EM-GMM模型的目标跟踪和异常行为检测matlab仿真【包括程序,注释,参考文献,操作步骤,说明文档】
- 2109010044_胡晨燕_选课管理数据库设计与实现.prj
- 帕鲁介绍的PPT备份没什么好下的
- demo1-202405
- 两种方式修改Intel网卡MAC地址
- 服务器搭建所需资源:static文件夹
- Vue02的源码学习资料
- Python 程序语言设计模式思路-行为型模式:访问者模式:在不改变被访问对象结构的情况下,定义对其元素的新操作
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功