计算机专业毕业设计说明书外文翻译(中英对照)

Talking about security loopholes

Richard S. Kraus reference to the core network security business objective is to protect the sustainability of the system and data security, This two of the main threats come from the worm outbreaks, hacking attacks, denial of service attacks, Trojan horse. Worms, hacker attacks problems and loopholes closely linked to, if there is major security loopholes have emerged, the entire Internet will be faced with a major challenge. While traditional Trojan and little security loopholes, but recently many Trojan are clever use of the IE loophole let you browse the website at unknowingly were on the move.

Security loopholes in the definition of a lot, I have here is a popular saying: can be used to stem the "thought" can not do, and are safety-related deficiencies. This shortcoming can be a matter of design, code realization of the problem.

Different perspective of security loo phole s

In the classification of a specific procedure is safe from the many loopholes in classification.

1. Classification from the user groups:

● Public loopholes in the software category. If the loopholes in

Windows, IE loophole, and so on.

● specialized software loophole. If Oracle loopholes, Apach e,

etc. loopholes.

2. Data from the perspective include :

● could not reasonably be read and read data, including the

memory of the data, documents the data, Users input data, the data in the database, network, data transmission and so on.

● designa ted can be written into the designated places

(including the local paper, memory, databases, etc.)

● Input data can be implemented (including native

implementation, according to Shell code execution, by SQL code execution, etc.)

3. From the point of view of the scope of the role are :

● Remote loopholes, an attacker could use the network and

directly through the loopholes in the attack. Such loopholes great harm, an attacker can create a loophole through other people's computers operate. Such loopholes and can easily lead to worm attacks on Windows.

● Local loopholes, the attacker must have the machine

premise access permissions can be launched to attack the loopholes. Typical of the local authority to upgrade loopholes, loopholes in the Unix system are widespread, allow ordinary users to access the highest administrator privileges.

4. Trigger conditions from the point of view can be divided into:

● Initiative trigger loopholes, an attacker can take the initiative to use the loopholes in the attack, If direct access to computers.

● Passive trigger loopholes must be computer operators can be carried out attacks with the use of the loophole. For example, the attacker made to a mail administrator, with a special jpg image files, if the administrator to open image files will lead to a picture of the software loophole was triggered, thereby system attacks, but if managers do not look at the pictures will not be affected by attacks.

5. On an operational perspective can be divided into:

● File opera tion type, mainly for the operation of the target file path can be controlled (e.g., parameters, configuration files, environment variables, the symbolic link HEC), this may lead to the following two questions:

◇Content can be written into control, the contents of the documents can be forged. Upgrading or authority to directly alter the important data (such as revising the deposit and lending data), this has many loopholes. If history Oracle TNS LOG document can be designated loopholes, could lead to any person may control the operation of the Oracle computer services;

◇information content can be output Print content has been