• 软件测试技术
  • 软件测试博客
  • 软件测试视频
  • 开源软件测试技术
  • 软件测试论坛
  • 软件测试沙龙
  • 软件测试资料下载
  • 软件测试杂志
  • 软件测试人才招聘
    暂时没有公告

字号: | 推荐给好友 上一篇 | 下一篇

security + 笔记

发布: 2007-5-25 12:09 | 作者: 未知 | 来源: Blog.ChinaUnix.net | 查看: 29次 | 进入软件测试论坛讨论

领测软件测试网 security plus notes

security+ 笔记

Chap 1

1. Day zero attacks: a day zero attacks occurs when an attacker discovers and exploits a previously unknown flaw.

2. information security protects:

Integrity完整真实: ensures that information is correct and no unauthorized person or malicious software program can or has altered that data.

Confidentially信任: ensures that only authorized parties can view information.

Availability: restrict access attempts by unauthorized users, it must still make the data available to allow authorized users immediate access.

真对国家安全性的: cyberterrorism

3. Asset: something that has a value---- Employee database

Threat: an event or object that might defeat the security measures in place and results in a loss ---- steal data

Threat agent: a person or thing that has the power to carry out a threat ---- Attacker, virus, tornado

Vulnerability: weakness that allows a threat agent to bypass security ---- Software defect

Exploiting: taking advantage of the vulnerability ---- send virus to unprotected email server

Risk: the likehood that sth will be stolen ---- educate users

Chap 2

攻击者种类

1 Hackers: except for the normal way of understanding, there's also the ethical hackers, which who claims their motive is to improve security, consider it their responsiblity to seek our security holes so they can be fixed.

2 Crackers: who violates system security with malicious intent.(harm and break)

3 Script kiddies: unskilled users, do their work by downloading automated hacking software from web sites. considered more dangerous coz of the lack technical skills.

4 spies: hired to break into a computer and steal information for personal profit.

5 employees

6 cybertrrorists: consider the internet a prime target. attacks the network and computer infrastructure to cause panic. motivation as ideology or the sake of their principles or beliefs. attacks in ways that have not been used before.

攻击种类

basic attacks:

social engineering :

1 dumpster diving (我认为有病的一种)

2 phishing -- esnding people electronic requests for information that apears to come from a valid source.

password guessing :

1 Brute force: attempts to create every possible password combination by systematically changing one character at a time in a hypothetical password. (remenber a standard personal computer can easily create more than 1,000,000 possible password combinations per second.)

***win2k and xp passwords are stored in windows\system32\config directory (SAM file), linux passwords are stored in file /etc/passwd***

2 Dictionary attack: takes each word from a dictionary and encodes it 这种方式叫做 hasing。 in the same way a computer encodes a user's passwordand then compares the encoded dictionary words against those in the encoded password file.

3 Software exploitation: takes advantage of any weakness in software to bypass security that requires a password.

buffer overflow: occours when a computer program attempts to stuff more data into a temporary storage area (a buffer) than it can hold. the extra data overwrites valid computer data and can contain instrctions telling the computer what to do.

*** AMD芯片 separates the parts of memory that execute a program from those that accepts user input, preventing a buffer overflow. xp sp2 needed for this feature.***

4 Weak keys:

cryptography: 希腊crypto meaning hidden, and graph meaning writing.

encryption: changing the original text to a secret message using cryptography is known as encryption.

decryption: changing the message back to its original form.

sucess of cryptography depends on the process to encrypt and decrypt messages, this proccess is based on a procedure called algorithm.

algorithm is given a value known as a key uses to encrypt the message

keys that create the type of repeating pattern are know as weak keys

5 Mathematical :

cryptanalysis: process of attempting to break an encrypted message

mathematical attack: develops a statistical analysis of the characters in an encrpted text and then analyzes the statistics to discover the keys and decrpt the data.

6 Birthday attacks:

见到一个人时你有1/365=0.27%的机率那人跟你生日一样,遇见 23个人时,机率变成50%。而不是6.3%。60人时机率会超过99%,这种现象叫做 birthday paradox. 其实就是要说明任意挑选密匙很快会造成密匙的重复性。

7 man in the middle: seems two computers are communicating with each other, when actually they are sending and receving data with a compuuter between them.

举例,一个hacker 建立自己的网站假象于合法的,从中拦截应该到真实网站的数据。

种类: passive, attacker captures the sensitive data that is being transmitted and then sends it on to the original recipient without his presence being detected.

active, message are intercepted and altered before they are sent on.

8 Replay

captures message and sends again later.

从网络设备中截获的发给文件服务器的消息,发送给服务器,服务器回应并认定为可靠来源,这样就建立了信任关系,接下来尝试更改信息内容,只要服务器回应便可认证modifications are correct,最终得出解码方式。

9 TCP/IP hijacking:

with wired network, hijacking uses a technique called spoofing, pretends to be the legitimate owner when you are not.

最常用的一种spoofing is, APR spoofing.---- change address table, so packets are directed to your computer.

with wireless networks, hijacking adds a twist, attackers setup their own bads station to trick all wireless devices to communicate with the imposter AP.

10 DoS

attempts to make a server or other network device unavilable by flodding it with requests, 服务器回应每个请求,发送机器programmed to 不回应,保持连接的open, 过段时间服务器歇菜,known as SYN attacks, coz of exploits the SYN/ACK handshake.

another way called smurf attack: send request to all computers appears as a server is asking for a response, each computer responds to the server, overwhelming it, and causing the server to crash.

DoS变形, DDos: >>breaks into a large computer with plenty of disk space and fast internet connection, this computer is called the handler. >>special software is loaded onto the handler computer to scan thousands of computers, looking for those that have a software vulnerability in the OS. >> locates the machine with a vulnerability, handler installs software on this computer known as a zombie,moves on to the next. >> the handler instructs all of the zombie computers to flood a specific server with requests.

1 Virus: secreatly attaches itself to another document or program and executes when that document or program is opened. like it's biological equivalent, viruses require a host to carry them from one system to another.

2 Defense: antivirus software. which can scan for infection and isolate a file that contains a virus. monitor computer activity scan all documents. drawbacks: must be updated to recognize new viruses, known as definition files or sifnature files.

Worms: can travel by itself, replicate themselves until they clog all available resources. ----self excuting

# program with multiple extensions, like Readme.txt.exe

# program extension .scr, actually .scr files are executable programs.

3 Logic Bombs: type of malicious code. a program lies dormant untill it is triggered by a specific event.

4 Trojan horses: files Erase_hard_drive_on_april18.exe + Free_screen_saver.exe = Free_for_you.exe

5 Back doors: viruse creates a backdoor, antiviruse removes the viruse but does not detect the backdoor.

延伸阅读

文章来源于领测软件测试网 https://www.ltesting.net/


关于领测软件测试网 | 领测软件测试网合作伙伴 | 广告服务 | 投稿指南 | 联系我们 | 网站地图 | 友情链接
版权所有(C) 2003-2010 TestAge(领测软件测试网)|领测国际科技(北京)有限公司|软件测试工程师培训网 All Rights Reserved
北京市海淀区中关村南大街9号北京理工科技大厦1402室 京ICP备2023014753号-2
技术支持和业务联系:info@testage.com.cn 电话:010-51297073

软件测试 | 领测国际ISTQBISTQB官网TMMiTMMi认证国际软件测试工程师认证领测软件测试网