Đang chuẩn bị nút TẢI XUỐNG, xin hãy chờ
Tải xuống
Dễ bị tổn thương hậu quả là trong phạm vi rộng hơn nhiều so với thực tế dễ bị tổn thương gây ra bản thân, nhưng giống như các nguyên nhân có thể, họ là hữu hạn. Tuy nhiên, họ được yêu cầu để phân loại lỗ hổng một cách chính xác để nó có thể mang lại dễ bị tổn thương xử lý tự động hóa, cũng như giải thích ảnh hưởng thực sự của một tình hình cụ thể. | Computer Vulnerabilities Consequence Page 41 Consequence Vulnerability consequence is much broader in scope than the actual vulnerability cause itself but like the possible causes they are finite. However they are required in order to categorize vulnerabilities correctly so that it is possible to bring vulnerability handling closer to automation as well as explaining the true impact of a specific situation. Consequence is the mechanics behind access promotion and is the functionality of each vulnerability. Consequence also demonstrates how a small amount of access can lead to far greater compromises. Unlike fault which is a specific flaw consequence describes the result of the vulnerability in terms of its environment. This section is the broadest section of the taxonomy but is still somewhat manageable in size. Consequence is probably the most confusing aspect of vulnerabilities mostly because it is vague and can be altered according to environment. If you are looking at a vulnerability in terms of fault one may see the problem to be a buffer overflow . But what exactly does that mean Does it allow access to the host Does it crash the computer Does it crash only a specific application running Actually all of those are applicable consequences and all of the consequences apply to the same vulnerability although some consequences can be prevented by additional security measures. This chapter outlines the most commonly associated consequences of the UNIX operating system and applies to other common operating systems as well. The UNIX standard categories of consequence are Logic Interruption Reading of Files Writing of Files Appending to Files Degradation of Performance Identity Modification Bypassing or Changing Logs Snooping and Monitoring Hiding Elements It has to be said at this point that this is specifically for a UNIX environment with a very strong application to other platforms. Consider that the environment always drives consequence so if the vulnerability .