TAILIEUCHUNG - Lecture Information systems security - Chapter 3: Protecting systems

Objectives in chapter 3: Explain how to harden operating systems, list ways to prevent attacks through a Web browser, define SQL injection and explain how to protect against it, explain how to protect systems from communications-based attacks, describe various software security applications. | Protecting Systems Drive-by Downloads At least one in ten web pages are booby-trapped with malware Just viewing an infected Web page installs malware on your computer, if your operating system and browser are vulnerable Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define SQL injection and explain how to protect against it Explain how to protect systems from communications-based attacks Describe various software security applications Hardening the Operating System Three Steps Updates to the operating system Protecting against buffer overflows Configuring operating system protections Managing Operating System Updates Operating systems are huge and contain many bugs (errors in code) Linux contains bug per 1,000 lines of code Typical commercial software contains 20-30 bugs per 1,000 lines of code 81 bugs a day were reported for Windows Vista Beta 2 Some of those bugs create vulnerabilities Managing Operating System Updates Managing Operating System Updates Update Terminology Security patch A general software security update intended to cover vulnerabilities that have been discovered Hotfix addresses a specific customer situation Often may not be distributed outside that customer’s organization Service pack A cumulative package of all security updates plus additional features Update Terminology Patch Management Techniques Automatic Updates Options Patches can sometimes create new problems Automated Patch Update Service Used to manage patches locally instead of relying upon the vendor’s online update service Advantages Administrators can test patches before deploying them Every machine is updated simultaneously Users cannot disable or circumvent updates Can save bandwidth and time Computers that do not have Internet access can receive updates Buffer Overflow Protection Buffer overflow Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage .

• An ninh - Bảo mật
• Information systems security
• Lecture Information systems security
• Information security
• Protecting systems
• Harden operating systems
• Communications based attack
• Lecture On safety and security of information systems
• On safety and security of information systems
• Introduction to information systems security
• History of information security
• Bài giảng Bảo mật hệ thống thông tin
• Goals of information security
• Security process
• Security topologies
• Wireless network security
• Wireless security protections
• IEEE 802
• 11 security
• Conducting security audits
• Privilege audits
• Privilege management
• Controls for information security
• Accounting information systems
• Lecture Accounting information systems
• Hệ thống thông tin kế toán
• Trust services framework
• Potential risks
• Privilege escalation
• Các phần mềm có hại
• Cryptography basics
• Cryptographic terminology
• Transposition cipher
• Public key infrastructure
• Cryptographic attacks
• Public domain cryptography
• Access control
• Access control models
• Authentication models
• Virtual Private Network
• Authentication credentials
• Risk management
• Attributes of assets
• Determining relative value
• Cryptographic hash funtionns
• Simple hash functions
• Requirements and security
• Accounting information systems
• Lecture Accounting information systems
• Information systems controls
• System reliability
• Management information systems
• Information systems
• Lecture Management information systems
• Computer based information systems
• Managing information resources
• Monitoring activity
• Intrusion detection
• Secure network
• Malicious attacks
• Malicious Attack
• The common types of malicious attacks
• Basic terminology of cryptography
• History of cryptography
• Symmetric cipher
• Symmetric ciphers
• Block cipher principles
• Data encryption standard
• Advanced encryption standard
• Asymmetric ciphers
• Principles of public Key cryptosystems
• Four parts of access control
• Types of access control
• Firewall concept
• Commercial firewalls
• Network Security Fundamentals
• Guide to Network Security Fundamentals
• Security Baselines
• Disable nonessential systems
• Introduction to management information systems
• Business information technology
• Information security management
• Data safeguards are available