+设为首页 +添加到收藏夹
security+ 笔记
1. day zero attacks: a day zero attacks occurs when an attacker discovers and exploits a previously unknown flaw. 【程序编程相关:入侵检测系统FAQ(全)】
chap 1 【推荐阅读:Windows命令使用大全(贡献给CU的】
integrity完整真实: ensures that information is correct and no unauthorized person or malicious software program can or has altered that data. 【扩展信息:AS/400系统安全】
2. information security protects:
confidentially信任: ensures that only authorized parties can view information.
availability: restrict access attempts by unauthorized users, it must still make the data available to allow authorized users immediate access.
真对国家安全性的: cyberterrorism
3. asset: something that has a value---- employee database
threat: an event or object that might defeat the security measures in place and results in a loss ---- steal data
threat agent: a person or thing that has the power to carry out a threat ---- attacker, virus, tornado
vulnerability: weakness that allows a threat agent to bypass security ---- software defect
exploiting: taking advantage of the vulnerability ---- send virus to unprotected email server
risk: the likehood that sth will be stolen ---- educate users
chap 2
攻击者种类
1 hackers: except for the normal way of understanding, theres also the ethical hackers, which who claims their motive is to improve security, consider it their responsiblity to seek our security holes so they can be fixed.
2 crackers: who violates system security with malicious intent.(harm and break)
... 下一页