Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Nếu không có mỗi của những người này, tất cả các người trong số họ đã cảm hứng cho tôi, hướng dẫn tôi, hỗ trợ tôi, và thông báo với tôi, nó là nghi ngờ rằng cuốn sách này sẽ có bao giờ được viết. Bảo mật máy tính không thể sống với họ, và không thể sống mà không có chúng. Đơn giản chỉ cần đặt, nó là tốt nhất để có một chính sách an ninh tại chỗ tại một công ty và đảm bảo rằng các nhân viên phải tuân thủ. | Computer Vulnerabilities Anatomy of a Vulnerability Page 11 As an example an attack could be initiated by a connection to a server via a server tactic but could also require a man-in-the-middle tactic to complete the exploit. Consequence Unlike severity which states the outcome of a single vulnerability consequence builds a road map for almost any level of access to promote itself to fully interactive administrator rights. One can think of this aspect as the function component of the vulnerability. All vulnerabilities follow a logical input output flow and the end-result operation of the actual exploit itself is covered under consequence. Likewise each consequence implies a step-by-step operation to improving the level of access. Attributes and Vulnerabilities Attributes of vulnerabilities become easy to identify as they are compared against other type of vulnerabilities. The following matrix shows if the attributes require a different taxonomy across different vulnerability types. It shows the rather surprising relationship between logic errors weaknesses social engineering and policy oversight Fault Severity Authentication Perspective Consequence Logic Error Specific Independent Independent Independent Specific Weakness Specific Independent Independent Independent Specific Social Engineering Specific Independent Independent Independent Specific Policy Oversight Specific Independent Independent Independent Specific Although the focus of this book is primarily on logic errors the other aspects of vulnerability -weakness social engineering and policy oversight have different consequences and faults but have the same severity authentication and tactic taxonomies Even more fascinating is there is a direct relationship between the attributes across all four types of vulnerabilities they are the same As an example a man-in-the-middle attack is an attribute of tactic which could apply to logic errors an attack on a protocol weakness a sniffer running capturing packet .