2 cissp ® Official Study Guide Eighth Edition


Escalation of Privilege and Rootkits



Download 19,3 Mb.
Pdf ko'rish
bet868/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   864   865   866   867   868   869   870   871   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Escalation of Privilege and Rootkits
Once attackers gain a foothold on a system, they often quickly move on to a second objective—
expanding their access from the normal user account they may have compromised to more 
comprehensive, administrative access. They do this by engaging in 
escalation-of-privilege attacks
.
One of the most common ways that attackers wage escalation-of-privilege attacks is 
through the use of 
rootkits
. Rootkits are freely available on the internet and exploit known 
vulnerabilities in various operating systems. Attackers often obtain access to a standard sys-
tem user account through the use of a password attack or social engineering and then use 
a rootkit to increase their access to the root (or administrator) level. This increase in access 
from standard to administrative privileges is known as an escalation-of-privilege attack.
Administrators can take one simple precaution to protect their systems against
escalation-of-privilege attacks, and it’s nothing new. Administrators must keep themselves 
informed about new security patches released for operating systems used in their envi-
ronment and apply these corrective measures consistently. This straightforward step will 
fortify a network against almost all rootkit attacks as well as a large number of other 
potential vulnerabilities.
Web Application Security
The web allows you to purchase airline tickets, check your email, pay your bills, and pur-
chase stocks all from the comfort of your living room. Almost every business today oper-
ates a website, and many allow you to conduct sensitive transactions through that site.
Along with the convenience benefits of web applications comes a series of new vulner-
abilities that may expose web-enabled organizations to security risks. In the next several 
sections, we’ll cover some common web application attacks. Additional detail on web 
application security can be found in Chapter 9, “Security Vulnerabilities, Threats, and 
Countermeasures.”

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   864   865   866   867   868   869   870   871   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish