RSS |
 |
| W O R K S H O P | |
|
|
|
Securing Windows NT Server
April 3, 2000 |
||
|
|
The Evolution of an Exploit Before you dive into lockdown techniques, you must understand how application and system vulnerabilities are discovered and how this knowledge is propagated and used. OS and application vulnerabilities are discovered by widely different individuals--ranging from the talented folks in the "underground" to system and network administrators who have stumbled into bizarre situations. While the manipulation of certain bugs simply results in odd system behavior, other bugs will crash systems entirely. And some even allow for unauthorized administrator-level access. Many of these flaws are reported to vendors initially, but just as many are not. The release strategy surrounding discovered security bugs depends on the person who discovers the flaw. Some people report the problem to the vendor, some send a warning to public forums like Bugtraq (www.securityfocus.com), some code an application or script to automate the exploitation of the bug, and others do all of the above. The vulnerabilities that are not public knowledge--the ones the vendors are unaware of--will always be a problem. As long as vendors continue to release flawed code, there's very little we can do to protect ourselves (short of not using the product). As a community, we will continually fall victim to these attacks, but we can defend ourselves against known vulnerabilities. Most attackers leverage known holes. If a security flaw is known, both system administrators and attackers are likely aware of it. The result is a race against time, pitting the attacker against the system administrator. Whoever strikes first, wins. So if you aren't patching your systems in a timely manner against known problems, you're inviting disaster. The intruder's specialty is watching for new holes and entry methods, so if you're not ready and willing to match wits when that intruder comes for your servers, you will lose. |
|
|
|
PAGE: 1 I 2 I 3 I 4 I NEXT PAGE |
||
