• Vulnerability
  • The S.T.R.I.D.E. model
  • Spoofing of user identity Whats the threat
    		•

    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg




    Download 58.92 Kb.
    bet2/9
    Sana12.08.2023
    Hajmi58.92 Kb.
    #78423
    1   2   3   4   5   6   7   8   9
    Bog'liq
    The-Threats-To-Our-Products

    Server operating systems Windows NT/2000 Server

  • Client operating systems Windows NT/2000 Workstation, Win9x, WinCE, Internet Explorer

  • Client/server applications Exchange, SQL, etc.

  • Desktop applications Office, etc.

  • Web and media applications WebEssentials, portal Web sites, etc.

    But first, let's define some important terms that we'll use throughout this piece and that have very precise meaning in security discussions.

    • Threat Any potential occurrence, malicious or otherwise, that can have an undesirable effect on the system resources (files, registry keys, data-on-wire, etc.). Undesirable effects can be a system crash, the ability to read a sensitive file or modify a registry key, and so forth.

    • Vulnerability Some unfortunate characteristic that makes it possible for a threat to occur. Examples include bad security on a file, buffer overflows, and (in a server product running on Windows NT) missing client impersonation calls when servicing client requests.

    • Attack An action taken by a malicious intruder to exploit certain vulnerabilities to enact the threat. Examples of attacks include steps taken by a non-administrator to acquire administrator privileges and a technique that allows private data to be leaked.


    Three aspects of system security
    The S.T.R.I.D.E. model
    Security threats fall into the six major categories listed below. In addition to describing each general threat and the kind of software products or services it typically applies to, we offer a few examples to convey the varying character of the threat. Some of the examples may be specific to certain products or technologies; it is important to understand the threats themselves but not necessarily all of the examples given.
    Spoofing of user identity
    What's the threat? Breaching the user's authentication information. In this case, the hacker has obtained the user's personal information or something that enables him to replay the authentication procedure. Spoofing threats are associated with a wily hacker being able to impersonate a valid system user or resource to get access to the system and thereby compromise system security.

    Download 58.92 Kb.
    • 1   2   3   4   5   6   7   8   9




    Download 58.92 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg

    Download 58.92 Kb.