Microsoft Press Microsoft Encyclopedia of Security

ebook * pobieranie * download * do ÂściÂągnięcia * pdf

[ Pobierz całość w formacie PDF ]
.form by providing a bounded, trusted environmentwithin which the code can run.An example of a pro�See: Security Accounts Manager (SAM)gramming environment built around the sandbox modelof code security is the Java programming language, inwhich an applet downloaded from a Web server toa user machine is sandboxed to prevent it from291Sandwich Test SANS Instituteperforming any malicious actions that could harm the or actually saw her buy the sandwich from a vendor thatuser s data.Within the sandbox the actions the applet had an acceptable level of cleanliness in its operation.may perform are limited; for example, an applet mayThe same principle applies to e-mail received from peo�not do the following:ple you know when they forward you attachments�% Read or write to the hard disk they ve received from others on the Internet.Most ofthe time they go straight into my Deleted Items folder�% Spawn a new processwithout being opened what about you? The whole�% Load a dynamic-link library (DLL) by directly calling idea here is that it s not technology that keeps our sys�a native application programming interface (API) tems and networks secure, it s our brains that really doit technology is dumb unless the people who use it are�% Establish a new network connectionsmart (Tulloch s Principle of Least Smartness ).Sandbox models exist for other programming environ�See Also: spam, Trojanments such as Python and TCL.sanitized nameSandwich TestA standard format for certificate authority (CA) names.A rule of thumb for deciding whether to open e-mailattachments.OverviewA sanitized name is the form of a CA name used for aOverviewfile name when storing such information in a PublicIn an age of script kiddies and proliferating spam,Key Infrastructure (PKI) system.For example, the san�e-mail attachments can sometimes contain maliciousitized version of a common CA name would be usedscripts, Trojans, or other malware that could do harm towithin a certificate revocation list (CRL), a list ofthe system of the user who opens them.E-mail filteringrevoked certificates maintained by a CA.When a CAtools and security patches such as the Microsoft Out-name is sanitized, any illegal characters are removed,look E-mail Security Update can help protect e-mailsuch as characters that are not allowed in file names,clients like Microsoft Outlook from malicious attach�registry key names, Distinguished Names (DNs) or forments, if they are installed and properly configured.some other technology-specific reason.However, sometimes it simply comes down to ShouldI open this mail attachment or not? and the Sandwich In Microsoft Certificate Services, sanitizing a commonTest is a simple and proverbial method for deciding how CA name causes any illegal characters to be convertedto answer this question.into a five-character string of the form !xxxx, where ! isemployed as an escape character and xxxx representsThe idea is this: if you met a stranger on the street andfour hexadecimal integers that uniquely identifies thehe offered you a sandwich, would you eat it? Probablycharacter that is converted.not; so don t open attachments from strangers as well.SWhat if your sister handed you the sandwich instead? See Also: certificate authority (CA), certificate revoca�Well, that depends on what sort of relationship you have tion list (CRL), Public Key Infrastructure (PKI)with your sister, for instance, where she might have gotthe sandwich, and perhaps whether you think she sSANS Institutesmart enough to tell a nasty sandwich from a healthyA cooperative research and education organizationone.I don t know about you, but I d probably thank mydevoted to information security research, certification,sister, put the sandwich in my pocket, and toss it in theand education.trash when she is not looking, unless I was either starving292SARA screened subnetOverview tise of its supporting members and scope of the insti�The SANS Institute, established in 1989 and compris� tute s activities.ing security practitioners from government, business,See Also: Global Information Assurance Certificationand academia, is a trusted leader in information secu�(GIAC)rity.The institute provides news, security alerts,research papers, training courses, and other resourcesSARAfor professional development of system administrators,network administrators, auditors, and security profes�Stands for Security Auditor s Research Assistant, a toolsionals.Some of the programs and initiatives developedfor auditing the security of a network.by SANS include the following:See: Security Auditor s Research Assistant (SARA)�% SANS Computer & Information Security Train�ing (www.sans.org): Online and instructor-ledSAScourses covering practical steps necessary for pro�Stands for secure attention sequence, a special sequencetecting systems and networks against commonof events that enables a user to log on or off a computerthreatsrunning Microsoft Windows NT or later.�% SANS/FBI Top 20 List (www.sans [ Pobierz całość w formacie PDF ]
zanotowane.pl
doc.pisz.pl
pdf.pisz.pl
rozszczep.opx.pl

Darmowy hosting zapewnia PRV.PL