Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
A: Giáo dục là phương tiện chính cho việc xây dựng awareness.You đã dành nhiều thời gian giáo dục tất cả các thành viên của tổ chức của bạn. Từ các nhà quản lý dòng trên cùng, nhóm phát triển, và dịch vụ khách hàng người-an ninh cần được mind. | Secure Web Site Design Chapter 3 181 Figure 3.8 L0phtCrack Is a Tool Used to Reveal Passwords from the file when the operating system is running you could access the SAM file from a backup Emergency Repair Disk or from the repair directory on the system hard disk. SMB Packet Capture Tools menu which allows you to capture packets containing password hashes over the network. After this is acquired you then select Options from the Tools menu and determine the level of attack used to crack the passwords. After you ve set this you can press F4 or select Run Crack from the Tools menu.This will begin the process of auditing passwords. Another tool that can be used to gather information on users and passwords and more is the Cerberus Internet Scanner CIS which is developed by Cerberus Information Security Ltd. This tool is available for download from www.cerberus-infosec.co.uk cis.shtml. It will run approximately 300 tests on your system including the Web site FTP SMTP POP3 Windows NT NetBIOS and MS-SQL. After it has completed the tests it will provide detailed information in the form of an HTML document as shown in Figure 3.9. As you can see by the results of a scan on a Web server CIS provides a comprehensive listing of information. As Figure 3.9 shows this may www.syngress.com 182 Chapter 3 Secure Web Site Design also include revealing Administrator passwords. Other information provided by CIS can show the groups on your system and the users who are members of these groups Registry settings services running on your operating system various Web service security issues and whether anonymous logons are permitted by FTP. Figure 3.9 Cerberus Internet Scanner Results as Displayed through a Web Browser To obtain information about your system using CIS complete the following steps 1. After CIS is running click Select Host from the File menu. 2. When the dialog box appears enter the name or IP address of the server you want to test and then click OK. 3. Click Select Modules on .