Security in Computing (4th Edition) by Pfleeger Charles P. & Pfleeger Shari Lawrence
Author:Pfleeger, Charles P. & Pfleeger, Shari Lawrence [Pfleeger, Charles P.]
Language: eng
Format: mobi
Publisher: Pearson Education
Published: 2007-01-22T16:00:00+00:00
Protocol Failures and Implementation Flaws
Each protocol is a specification of a service to be provided; the service is then implemented in software, which, as discussed in Chapter 3, may be flawed. Network protocol software is basic to the operating system, so flaws in that software can cause widespread harm because of the privileges with which the software runs and the impact of the software on many users at once. Certain network protocol implementations have been the source of many security flaws; especially troublesome have been SNMP (network management), DNS (addressing service), and e-mail services such as SMTP and S/MIME. Although different vendors have implemented the code for these services themselves, they often are based on a common (flawed) prototype. For example, the CERT advisory for SNMP flaws (Vulnerability Note 107186) lists approximately 200 different implementations to which the advisory applies.
Or the protocol itself may be incomplete. If the protocol does not specify what action to take in a particular situation, vendors may produce different results. So an interaction on Windows, for example, might succeed while the same interaction on a Unix system would fail.
The protocol may have an unknown security flaw. In a classic example, Bellovin [BEL89] points out a weakness in the way packet sequence numbers are assigned—an attacker could intrude into a communication in such a way that the intrusion is accepted as the real communication and the real sender is rejected.
Attackers can exploit all of these kinds of errors.
Download
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.
| Cryptography | Encryption |
| Hacking | Network Security |
| Privacy & Online Safety | Security Certifications |
| Viruses |
Effective Threat Investigation for SOC Analysts by Yahia Mostafa;(6535)
Practical Memory Forensics by Svetlana Ostrovskaya & Oleg Skulkin(6253)
Machine Learning Security Principles by John Paul Mueller(6228)
Attacking and Exploiting Modern Web Applications by Simone Onofri & Donato Onofri(5896)
Operationalizing Threat Intelligence by Kyle Wilhoit & Joseph Opacki(5859)
Solidity Programming Essentials by Ritesh Modi(4011)
Microsoft 365 Security, Compliance, and Identity Administration by Peter Rising(3655)
Operationalizing Threat Intelligence by Joseph Opacki Kyle Wilhoit(3384)
Future Crimes by Marc Goodman(3346)
Mastering Python for Networking and Security by José Manuel Ortega(3344)
Mastering Azure Security by Mustafa Toroman and Tom Janetscheck(3330)
Blockchain Basics by Daniel Drescher(3294)
Learn Computer Forensics - Second Edition by William Oettinger(3148)
Mobile App Reverse Engineering by Abhinav Mishra(2880)
Mastering Bitcoin: Programming the Open Blockchain by Andreas M. Antonopoulos(2868)
Incident Response with Threat Intelligence by Roberto Martínez(2868)
The Code Book by Simon Singh(2823)
From CIA to APT: An Introduction to Cyber Security by Edward G. Amoroso & Matthew E. Amoroso(2779)
Building a Next-Gen SOC with IBM QRadar: Accelerate your security operations and detect cyber threats effectively by Ashish M Kothekar(2710)
