Introduction to Information Security


Typical System Security Threats (continued)



Download 1,39 Mb.
bet23/44
Sana01.04.2022
Hajmi1,39 Mb.
#522548
1   ...   19   20   21   22   23   24   25   26   ...   44
Bog'liq
CSS

Typical System Security Threats (continued)

  • Impersonation or Identity Theft
    • Compromising a password gives an attacker a way to impersonate or hijack a user’s identity
    • Users often do not protect their passwords appropriately
    • Insidious because audit logs can’t distinguish between the real user and the attacker
    • Defense is to teach users the importance of password security

Keystroke Logging

  • A set of methods used to intercept the keystrokes a user enters
  • Types of tools
    • Software tools require privilege to install
    • Hardware tools plug into the keyboard
    • A video camera can be focused on the keyboard
  • Keystroke logging is used for multiple purposes
    • Testing and quality assurance (replay keystrokes for repetitive tests)
    • Evidence collection when inappropriate activity is suspected
    • Malicious attacks when an attacker is able to compromise security

Well-Known Operating System Risks

  • Attackers are well aware of the security vulnerabilities in operating systems
  • The SANS/FBI Twenty Most Critical Internet Security Vulnerabilities is an up-to-date list of known vulnerabilities for Windows and UNIX operating systems
  • Current lists along with detailed descriptions of the vulnerabilities are available at http://www.sans.org/top20/

Well-Known Windows Risks

  • The top three Windows vulnerabilities are:
    • Internet Information Services (IIS), Microsoft’s Web server
      • Vulnerable to unexpected requests and buffer overflows
      • Sample users and applications are often unprotected after installation
    • Microsoft Data Access Components (MDAC) – Remote Data Services
      • Older versions only allow attackers to run commands locally with administrator privilege
    • Microsoft SQL Server
      • Attackers can access database contents because of issues with open ports and insecure default users and sample applications

Download 1,39 Mb.

Do'stlaringiz bilan baham:
1   ...   19   20   21   22   23   24   25   26   ...   44




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish