O'Reilly logo

Web Security and Commerce by Gene Spafford, Simson Garfinkel

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Current Major Host Security Problems

To make matters worse, recreational hacking is being fueled by the efforts of folks who appreciate the inner workings of operating systems and network applications. They prize the holes that they find—broadcasting vulnerabilities over Internet Relay Chat, and packaging techniques into do-it-yourself toolkits for joyriders to share. Sometimes the attack starts with a captured password—pulled from the network by a packet sniffer. Often, it comes through a hole in a service, such as a carelessly coded CGI script, or the deliberate overflow of a stack variable. All that is typically needed is a foot in the door: once a hacker has access to a machine under the guise of a legitimate user, he can work from the inside and begin the cycle anew.

While it is impossible to protect against all threats, there are eight widespread practices on the Internet of today[78] that make host security far worse than it needs to be. These practices are:

  • Failure to think about security as a fundamental aspect of system setup and design (establishing policy)

  • Transmitting of plaintext, reusable passwords over networks

  • Failure to use security tools

  • Failure to obtain and maintain software that’s free of all known bugs and security holes

  • Failure to track security developments and take preventative action

  • Lack of adequate logging

  • Lack of adequate backup procedures

  • Lack of adequate system and network monitoring

Policies

Security is defined by policy. In some environments, every user is ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required