Holes are in hardware, software, agreement or system security strategy implementation on defects, which can make the attacker can in unauthorized access to or damage the system. Specific for example, for instance in the Intel Pentium chip exist in logic errors, in earlier versions of Sendmail programming errors in NFS authentication protocol approach weaknesses, in the Unix system administrator Settings anonymous Ftp service to misconfiguration problems may be attacked the use, threat to the security of the system. So these can be considered systems exist security vulnerabilities.
A specific system, vulnerability and the relationship between the environment and its related to time characteristics
Leak will affect large scope of software and hardware equipments, including the system itself and its support software, Internet client and server software, network router and secure firewall etc. In other words, in these different hardware and software can be exist different security vulnerabilities problem. In different kinds of software and hardware, the same equipment of different versions of different components between the different between systems, and the same system in different Settings conditions, would have different security vulnerabilities problem.
Loophole problem is with the time closely related. A system from released that day since, as the user further use, systems exist leak will continue to be exposed, these previous discovered loophole unceasingly will also be system supplier released patch, or in the software repair after release new system be corrected. And on the new system corrected old version has holes at the same time, also will be introducing new flaws and mistakes. So with the passage of time, the old leak will constantly disappear, new bugs can appear constantly. Loophole issues will also exist for a long time.
Therefore from specific time and specific system environment to discuss loophole problem is meaningless. Can be aimed at the target system makes the system version and the operation of the software version and service running setting practical environment to specific about which may exist loopholes and feasible solution.
At the same time, should see to loopholes questions research must follow the newest computer system and its safety problems of the latest developments. This point as the computer virus development research similar. If in the work can't keep on new technology tracking, there is no question about system security vulnerabilities of voice, even at a fullfilled work will gradually lose value.
Second, the new WINDOWS system will fill top ten high-risk loopholes
We often say that system vulnerabilities are the most important Trojan virus spread, not timely installation system channel patch computer, will not stop was invaded. A new Windows system, need to install the patch could be as many as 100, and users will worry about piracy installation patch influence Windows activation. At present, can help users installation patch tools or more, the different software, recommend installation patch list will vary slightly, exactly how installation patch to scientific?
Jinshan security experts recommend that users make-over system, must touch the top ten secure high-risk loophole:
1, emergency security update Server service loopholes in (patch name KB958644)
2, IE0day loophole, Trojan virus spread through this loophole, infection amount more than 10 million (patch name KB960714)
3, Internet Explorer 7 for Windows XP security update procedures (patch name KB961260)
4, Internet Explorer for Windows XP security update procedures (patch name KB963027)
5, Internet Explorer for Windows XP security update procedures (patch name KB969897)
6, Windows XP ActiveX Killbit security update procedures (patch name KB973346)
7, Internet Explorer for Windows XP security update procedures (patch name KB972260)
8, Windows XP security update procedures (patch name KB971633)
9, IE aurora holes (patch name KB979352)
10 and Internet Explorer for Windows XP security update procedures (patch name KB978207)
Third, security vulnerabilities and system against the relationship between them
System security vulnerabilities are in system realization and specific use in the error output, but not systems exist mistakes are security vulnerabilities. Only threatens system security mistakes is loopholes. Many mistakes in normal circumstances will not cause harm to system security, only by people in certain condition intentionally when using will affect system security.
Although initially loopholes may exist in the system, but a gap among didn't appear, someone needs to find. In practical use, users will find system error, and intruders are intentionally use some of these errors, and make it become threat system security tools, then people will realize this error is a system security vulnerabilities. Supply systems chamber of commerce for released as soon as possible this vulnerability patch, correct the mistake. This is system security holes were found to be corrected from general process.
System security vulnerabilities attacker is often the discoverer and users, for a system to attack, if cannot discover and use systems exist security vulnerabilities is impossible to succeed. For security level higher system especially such.
System security vulnerabilities and system attacks there is a close relationship between. So shouldn't from system to attack activities to talk about security vulnerabilities problem. Understand common system attack methods, for targeted understanding system vulnerabilities problems, and find the corresponding remedial method is very necessary.
Four, common attack methods and attack process is a simple description
System to attack mean someone use illegal or destroy an information system of resources, and unauthorized make system lose all or part of the service function of behavior.
Usually can attack activities into roughly ranged attack and internal attacked two kinds. Now, with the progress of interconnected networks, including ranged attack technique has achieved great development, greater risk, of which involve the system vulnerability and the related knowledge more also, therefore has the important research value.
Holes are in hardware, software, agreement or system security strategy implementation on defects, which can make the attacker can in unauthorized access to or damage the system. Specific for example, for instance in the Intel Pentium chip exist in logic errors, in earlier versions of Sendmail programming errors in NFS authentication protocol approach weaknesses, in the Unix system administrator Settings anonymous Ftp service to misconfiguration problems may be attacked the use, threat to the security of the system. So these can be considered systems exist security vulnerabilities.A specific system, vulnerability and the relationship between the environment and its related to time characteristicsLeak will affect large scope of software and hardware equipments, including the system itself and its support software, Internet client and server software, network router and secure firewall etc. In other words, in these different hardware and software can be exist different security vulnerabilities problem. In different kinds of software and hardware, the same equipment of different versions of different components between the different between systems, and the same system in different Settings conditions, would have different security vulnerabilities problem.Loophole problem is with the time closely related. A system from released that day since, as the user further use, systems exist leak will continue to be exposed, these previous discovered loophole unceasingly will also be system supplier released patch, or in the software repair after release new system be corrected. And on the new system corrected old version has holes at the same time, also will be introducing new flaws and mistakes. So with the passage of time, the old leak will constantly disappear, new bugs can appear constantly. Loophole issues will also exist for a long time.Therefore from specific time and specific system environment to discuss loophole problem is meaningless. Can be aimed at the target system makes the system version and the operation of the software version and service running setting practical environment to specific about which may exist loopholes and feasible solution.At the same time, should see to loopholes questions research must follow the newest computer system and its safety problems of the latest developments. This point as the computer virus development research similar. If in the work can't keep on new technology tracking, there is no question about system security vulnerabilities of voice, even at a fullfilled work will gradually lose value.Second, the new WINDOWS system will fill top ten high-risk loopholesWe often say that system vulnerabilities are the most important Trojan virus spread, not timely installation system channel patch computer, will not stop was invaded. A new Windows system, need to install the patch could be as many as 100, and users will worry about piracy installation patch influence Windows activation. At present, can help users installation patch tools or more, the different software, recommend installation patch list will vary slightly, exactly how installation patch to scientific?Jinshan security experts recommend that users make-over system, must touch the top ten secure high-risk loophole:1, emergency security update Server service loopholes in (patch name KB958644)2, IE0day loophole, Trojan virus spread through this loophole, infection amount more than 10 million (patch name KB960714)3, Internet Explorer 7 for Windows XP security update procedures (patch name KB961260)4, Internet Explorer for Windows XP security update procedures (patch name KB963027)5, Internet Explorer for Windows XP security update procedures (patch name KB969897)6, Windows XP ActiveX Killbit security update procedures (patch name KB973346)7, Internet Explorer for Windows XP security update procedures (patch name KB972260)8, Windows XP security update procedures (patch name KB971633)9, IE aurora holes (patch name KB979352)10 and Internet Explorer for Windows XP security update procedures (patch name KB978207)Third, security vulnerabilities and system against the relationship between themSystem security vulnerabilities are in system realization and specific use in the error output, but not systems exist mistakes are security vulnerabilities. Only threatens system security mistakes is loopholes. Many mistakes in normal circumstances will not cause harm to system security, only by people in certain condition intentionally when using will affect system security.Although initially loopholes may exist in the system, but a gap among didn't appear, someone needs to find. In practical use, users will find system error, and intruders are intentionally use some of these errors, and make it become threat system security tools, then people will realize this error is a system security vulnerabilities. Supply systems chamber of commerce for released as soon as possible this vulnerability patch, correct the mistake. This is system security holes were found to be corrected from general process.System security vulnerabilities attacker is often the discoverer and users, for a system to attack, if cannot discover and use systems exist security vulnerabilities is impossible to succeed. For security level higher system especially such.System security vulnerabilities and system attacks there is a close relationship between. So shouldn't from system to attack activities to talk about security vulnerabilities problem. Understand common system attack methods, for targeted understanding system vulnerabilities problems, and find the corresponding remedial method is very necessary.Four, common attack methods and attack process is a simple descriptionSystem to attack mean someone use illegal or destroy an information system of resources, and unauthorized make system lose all or part of the service function of behavior.Usually can attack activities into roughly ranged attack and internal attacked two kinds. Now, with the progress of interconnected networks, including ranged attack technique has achieved great development, greater risk, of which involve the system vulnerability and the related knowledge more also, therefore has the important research value.
No comments:
Post a Comment