|
The threats to our products April 1, 1999 By Loren Kohnfelder and Praerit Garg
|
| bet | 2/15 | | Sana | 30.03.2021 | | Hajmi | 58,92 Kb. | | #13786 |
Server operating systems Windows NT/2000 Server
Client operating systems Windows NT/2000 Workstation, Win9x, WinCE, Internet Explorer
Client/server applications Exchange, SQL, etc.
Desktop applications Office, etc.
Web and media applications WebEssentials, portal Web sites, etc.
But first, let's define some important terms that we'll use throughout this piece and that have very precise meaning in security discussions.
Threat Any potential occurrence, malicious or otherwise, that can have an undesirable effect on the system resources (files, registry keys, data-on-wire, etc.). Undesirable effects can be a system crash, the ability to read a sensitive file or modify a registry key, and so forth.
Vulnerability Some unfortunate characteristic that makes it possible for a threat to occur. Examples include bad security on a file, buffer overflows, and (in a server product running on Windows NT) missing client impersonation calls when servicing client requests.
Attack An action taken by a malicious intruder to exploit certain vulnerabilities to enact the threat. Examples of attacks include steps taken by a non-administrator to acquire administrator privileges and a technique that allows private data to be leaked.
Three aspects of system security
|
| |
