Introduction to Information Security



Download 1,39 Mb.
bet24/44
Sana01.04.2022
Hajmi1,39 Mb.
#522548
1   ...   20   21   22   23   24   25   26   27   ...   44
Bog'liq
CSS

Well-Known UNIX Risks

  • The top three UNIX vulnerabilities
    • Remote Procedure Calls (RPCs)
      • Can allow an attacker to get access to root privileges on a remote computer
    • Apache Web Server
      • Generally considered more secure than IIS, but still has possible vulnerabilities if not configured carefully
    • Secure Shell (SSH)
      • SSH is considered much more secure than alternatives, but still requires careful configuration and does contain some software vulnerabilities

System Forensics: Scanning and Footprinting

  • Security administrators should regularly assess the current status of a computer by locating and analyzing stored status data
  • Computer forensics is the process of searching for evidence of a specific activity by searching log files and file systems
  • System footprinting (baselining) is a “snapshot” of the computer at a particular point in time for comparison purposes
    • Often first done immediately after a computer is brought online

The Security Auditor’s Role

  • The security auditor and the security administrator should be different people
  • The security auditor’s job is
    • To validate the effectiveness of controls being used to mitigate threats
    • To ensure compliance with the controls
    • To ensure that legal requirements are satisfied
  • The existence of formal auditing can be important in any legal proceedings related to computer security

Assessing Security Risks

  • Risk assessment is the process of identifying potential risks and ranking them
  • To assess risks
    • Start with a list of the assets that must be protected
    • Rank the importance of the assets
    • Create a list of events that could cause data loss, whether from natural, man-made, or malicious causes
      • Make sure to include management in this process
    • Determine which threats can be reasonably addressed
    • Risk priorities are determined using quantitative and qualitative risk analysis techniques

Download 1,39 Mb.

Do'stlaringiz bilan baham:
1   ...   20   21   22   23   24   25   26   27   ...   44




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish