TAILIEUCHUNG - Risk Management The Big Picture – Part 2

If attackers are going to take advantage of vulnerabilities, it makes sense that we need to find them before they do. System, network, and telephone vulnerability scanning tools are a powerful method of doing this. Lets take a look at another Internet threat. This is the threat introduced by users who download and run utilities that are designed to share and search for files across the Internet. Examples are the programs Napster, Gnutella, and more recently Scour. In the next two slides we’ll examine Gnutella, its function, and the dangers it introduces | Risk Management The Big Picture - Part 2 Going Around the Firewall and Scanning for Vulnerabilities Information Risk Management- SANS 2001 1 If attackers are going to take advantage of vulnerabilities it makes sense that we need to find them before they do. System network and telephone vulnerability scanning tools are a powerful method of doing this. 2 - 1 Gnutella Designed for peer-to-peer file sharing on the Internet Introduces security weaknesses -Hole in a firewall -Users give away network information -A possible annoyance or DDOS tool Information Risk Management - SANS 2001 2 Lets take a look at another Internet threat. This is the threat introduced by users who download and run utilities that are designed to share and search for files across the Internet. Examples are the programs Napster Gnutella and more recently Scour. In the next two slides we ll examine Gnutella its function and the dangers it introduces. Gnutella is an Internet file sharing utility. Described as a servant Gnutella acts as a server for sharing files while simultaneously acting as a client that searches for and downloads files from other users. The Gnutella net is peer-to-peer with interconnected servants that search and relay one another to make file sharing and storage truly distributed. When searching for a file the Gnutella service will search hosts that you are connected to and hosts they are connected to and so on. Once the file is found a download can be initiated with a TCP connection directly between the client and server . Gnutella was designed to enhance free easy and anonymous exchange of information. However there is a dark side - the distributed nature of the Gnutella net combined with the Gnutella net protocol introduces security weaknesses for Gnutella users. A prime concern is that Gnutella users situated behind firewalls open a hole in their firewall when they connect to an external Gnutella net. The way this works is covered in the next slide. Traces taken from a .

TỪ KHÓA LIÊN QUAN
Đã phát hiện trình chặn quảng cáo AdBlock
Trang web này phụ thuộc vào doanh thu từ số lần hiển thị quảng cáo để tồn tại. Vui lòng tắt trình chặn quảng cáo của bạn hoặc tạm dừng tính năng chặn quảng cáo cho trang web này.