• What do these threats have in common
    		•

    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg




    Download 58.92 Kb.
    bet6/9
    Sana12.08.2023
    Hajmi58.92 Kb.
    #78423
    1   2   3   4   5   6   7   8   9
    Bog'liq
    The-Threats-To-Our-Products

    What products are susceptible? All software products can be vulnerable to information disclosure threats. Therefore, a proactive security review process for every Microsoft product must outline various information disclosure threats and how they will be addressed.
    Denial of Service (D.o.S.)
    What's the threat? Making the system temporarily unavailable or unusable, such as those attacks that could force a reboot or restart of the user's machine. When an attacker can temporarily make the system resources (processing time, storage, etc.) unavailable or unusable, we have a denial of service threat. We must protect against certain types of D.o.S. threats for improved system availability and reliability. However, some types of D.o.S. threats are very hard to protect against, so at a minimum, we must identify and rationalize such threats.
    What do these threats have in common?

    • Processing: consumption of CPU cycles by infinite or very long programmatic looping.

    • Storage: large allocation of memory or file quota that blocks legitimate use of the same.

    • Excessive and unwanted use of screen space, printer paper, and so forth.

    • Causing a crash or error mechanism that interferes with normal usage or that requires restarting.

    • Elevation of privilege can exacerbate D.o.S. by gaining larger resource quotas.

    Examples

    • SYN attacks and packet bombs that use various network protocol vulnerabilities to cause servers to crash.

    • Sophisticated buffer overflow problems, such as parameters with no length, can cause the server to chase a nonexistent memory location and crash. Similarly, GetAdmin-style handcrafted stacks can cause privileged instructions to shut down the system.

    • Common coding errors, such as unhandled memory allocation failures (referencing an invalid pointer), uninitialized memory (bad data used), use of freed memory and resources (referencing invalid memory), and miscalculations (divide by zero), can cause exceptions that would crash the software.

    • Weak policies (inherent in design or due to misconfiguration), such as a process taking up all CPU time.

    • Trojans, such as viruses, can also cause the software to become unusable.


    Download 58.92 Kb.
    1   2   3   4   5   6   7   8   9




    Download 58.92 Kb.
    Bosh sahifa
    Aloqalar
        Bosh sahifa
    Dərs
    Mühazirə
    Qaydalar
    Referat
    Xülasə
    Yazı


    The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg

    Download 58.92 Kb.