tailieunhanh - Lecture Information systems security - Chapter 3: Protecting systems

Objectives in chapter 3: Explain how to harden operating systems, list ways to prevent attacks through a Web browser, define SQL injection and explain how to protect against it, explain how to protect systems from communications-based attacks, describe various software security applications. | Protecting Systems Drive-by Downloads At least one in ten web pages are booby-trapped with malware Just viewing an infected Web page installs malware on your computer, if your operating system and browser are vulnerable Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define SQL injection and explain how to protect against it Explain how to protect systems from communications-based attacks Describe various software security applications Hardening the Operating System Three Steps Updates to the operating system Protecting against buffer overflows Configuring operating system protections Managing Operating System Updates Operating systems are huge and contain many bugs (errors in code) Linux contains bug per 1,000 lines of code Typical commercial software contains 20-30 bugs per 1,000 lines of code 81 bugs a day were reported for Windows Vista Beta 2 Some of those bugs create vulnerabilities Managing Operating System Updates Managing Operating System Updates Update Terminology Security patch A general software security update intended to cover vulnerabilities that have been discovered Hotfix addresses a specific customer situation Often may not be distributed outside that customer’s organization Service pack A cumulative package of all security updates plus additional features Update Terminology Patch Management Techniques Automatic Updates Options Patches can sometimes create new problems Automated Patch Update Service Used to manage patches locally instead of relying upon the vendor’s online update service Advantages Administrators can test patches before deploying them Every machine is updated simultaneously Users cannot disable or circumvent updates Can save bandwidth and time Computers that do not have Internet access can receive updates Buffer Overflow Protection Buffer overflow Occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage . | Protecting Systems Drive-by Downloads At least one in ten web pages are booby-trapped with malware Just viewing an infected Web page installs malware on your computer, if your operating system and browser are vulnerable Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define SQL injection and explain how to protect against it Explain how to protect systems from communications-based attacks Describe various software security applications Hardening the Operating System Three Steps Updates to the operating system Protecting against buffer overflows Configuring operating system protections Managing Operating System Updates Operating systems are huge and contain many bugs (errors in code) Linux contains bug per 1,000 lines of code Typical commercial software contains 20-30 bugs per 1,000 lines of code 81 bugs a day were reported for Windows Vista Beta 2 Some of those bugs create vulnerabilities Managing Operating System Updates .

• An ninh - Bảo mật
• Information systems security
• Lecture Information systems security
• Information security
• Protecting systems
• Harden operating systems
• Communications based attack