Recommended
More Related Content
Similar to Host Application and Data Security ch4.pptx
Similar to Host Application and Data Security ch4.pptx (20)
Recently uploaded
Recently uploaded (20)
Host Application and Data Security ch4.pptx
- 23. A security template is a text file that represents a security configuration. You can apply a security template to the local computer, import a security template to Group Policy, or use a security template to analyze security
- 34. SCADA connects the sensors that monitor equipment like motors, pumps, and valves to an onsite or remote server
- 43. Process spawning is a technique in which OS creates a child process
- 47. Data that is considered critical to the organization or needs to be confidential can be tagged as such through DLP. Index matching is so sensitive that even if a handful of lines of source code from 10,000 lines of protected code are entered into an email message, the DLP system will identify it. Thereafter, if even a small part of that document is leaked, the DLP system can recognize the snippet as being from a protected document.
Editor's Notes
- Deterrent :duh·teh·ruhnt: measures to discourage attack.
- Password, new user account and no usb device
- A hotfix or quick-fix engineering update (QFE update) is a single, cumulative package that includes information (often in the form of one or more files) that is used to address a problem in a software product (i.e., a software bug). Typically, hotfixes are made to address a specific customer situation.
- a combination of hardware and software enabling the capture of data within, and automation of, industrial processes. SCADA connects the sensors that monitor equipment like motors, pumps, and valves to an onsite or remote server
- A wrapper function is a subroutine (another word for a function) in a software library or a computer program whose main purpose is to call a second subroutine or a system call with little or no additional computation. In programming languages such as JavaScript, a wrapper is a function that is intended to call one or more other functions, sometimes purely for convenience, and sometimes adapting them to do a slightly different task in the process In any real-world program, it is essential to check every function call for an error return. In Figure 1.5, we check for errors from socket, inet_pton, connect, read, and fputs, and when one occurs, we call our own functions, err_quit and err_sys, to print an error message and terminate the program. We find that most of the time, this is what we want to do. Occasionally, we want to do something other than terminate when one of these functions returns an error, as in Figure 5.12, when we must check for an interrupted system call. https://www.masterraghu.com/subjects/np/introduction/unix_network_programming_v1.3/ch01lev1sec4.html
- Divulges: make known secret information
- A similar type of attack is a cross-site request forgery (XSRF); this attack uses the user’s web browser settings to impersonate the user. When a web browser receives a request from a web application server, it automatically includes any credentials associated with the site (the IP address, the user’s session cookie, any basic authentication credentials, etc.) with the requests. If a user is currently authenticated on a website and is then tricked into loading another webpage, the new page inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf, such as changing the victim’s email address and password or making an online purchase.
- Data that is considered critical to the organization or needs to be confidential can be tagged as such through DLP. A user who then attempts to access the data to disclose it to another unauthorized user will be prevented from doing so.
- Most DLP systems use content inspection. Content inspection is defined as a security analysis of the transaction within its approved context. Content inspection looks at not only the security level of the data, but also who is requesting it, where the data is stored, when it was requested, and where it is going. Snippet a small piece or brief extract.