CHAPTER 15 Reporting Security Problems. INTRODUCTION There are two choices that can be made when you find a security problem in some software, hardware.

Slides:



Advertisements
Similar presentations
Marketing support of Dr.Web anti-virus service providers.
Advertisements

1 of 18 Information Dissemination New Digital Opportunities IMARK Investing in Information for Development Information Dissemination New Digital Opportunities.
A.Take the customers telephone number and call if the business decides to stock the printer B.Offer the customer free ink cartridges if a computer is.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
How to Perform a SQL Server Health Check
Intro to Scrum. What is Scrum? An answer to traditional “fixed cost / strict requirements” contracts which had very high rates of failure Recognizes the.
A Quick Review of Unit 2 – Using Windows 7 Computing Fundamentals © CCI Learning Solutions.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
ARE CHARTER SCHOOLS A GOOD WAY TO IMPROVE EDUCATION IN OUR COMMUNITY? A CHOICEWORK DISCUSSION STARTER.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Information Networking Security and Assurance Lab National Chung Cheng University Introduction to Software Security Jared 2004/03/17.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Your Website Chat & Live Customer Support Solution "Instant Customer GratificationSM" Brought to you by: Affordable Business Productivity and Communications.
BUSINESS CONTINUITY PLANNING FOR SMALL TO MEDIUM ENTERPRISES Presented and written by Jamie Whitford-Robson Corporate Business Continuity Lead.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Subject Name: Introduction to Computing Assignment : Advantages And Disadvantages Of Open Source Software Submitted by: Raja Kamran Maroof Khan (FA10-BBA-135)
1. Define the term ‘database’(2) A database is a large and continuously updated collection of stored data structured to allow the various applications.
Information Systems Security Computer System Life Cycle Security.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Introduction (Based on Lecture slides by J. H. Wang)
Endpoint Control. Module Objectives By the end of this module participants will be able to: Define application detection lists to monitor applications.
Information Security Rabie A. Ramadan GUC, Cairo Room C Lecture 2.
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Stakeholders What are stakeholders? – A stakeholder is anyone with an interest in a business. Stakeholders are individuals, groups or organisations that.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
A+ Guide to Hardware: Managing, Maintaining, and Troubleshooting, Sixth Edition Chapter 9, Part 9 Satisfying Customer Needs.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Trinsoft.com Top 10 Security Checklist John C. Stucky TrinSoft, LLC.
FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.
Web Security for Network and System Administrators1 Chapter 2 Security Processes.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
1 Chapter Overview Publishing Resources in Active Directory Service Redirecting Folders Using Group Policies Deploying Applications Using Group Policies.
1 The Likelihood of Vulnerability Rediscovery and the Social Utility of Vulnerability Hunting Andy Ozment Computer Security Group Computer Laboratory University.
Appendix C: Designing an Operations Framework to Manage Security.
Lecture 19 Page 1 CS 236 Online 16. Account Monitoring and Control Why it’s important: –Inactive accounts are often attacker’s path into your system –Nobody’s.
General Security Advice CS5493(7493). 1. Dispel Your Pride Assume there is someone out there that is smarter, more knowledgeable, more capable, and with.
Security Vulnerabilities Linda Cornwall, GridPP15, RAL, 11 th January 2006
Microsoft Security Response Center Presented by Fan Chiang, Chun-Wei( 范姜竣韋 ) 2015/11/14 1 NTUIM.
By Anthony W. Hill & Course Technology 1 Help Desk Operation Beisse.
1 Chapter 1 Introduction to Databases Transparencies.
Module 4: Systems Development Chapter 14: Design And Implementation.
Meeting Minutes and TODOs TG has no distributed monitoring. During incident response, use a manual twiki page to distribute information TG monitors the.
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
Mr C Johnston ICT Teacher
Disaster Recovery and Business Continuity Planning IBK3IBV01 College 7 Paul J. Cornelisse.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005
GVF CyberSecurity Task Force Rakesh Bharania Chair, GVF Security Task Force Network Consulting Engineer, Cisco Tactical Operations 2015 Update on Activities.
JMU GenCyber Boot Camp Summer, Introduction to Reconnaissance Information gathering – Social engineering – Physical break-in – Dumpster diving Scanning.
The Java Open Review Project Brian Chess Founder/Chief Scientist Fortify Software June 14, 2007.
Is finding security holes a good idea? Presented By: Jeff Wheeler CSC 682.
Community Association Property Management Services - Since 1988 Associated Property Management.
Full Disclosure: Is It Beneficial? Project Based Information Systems Tim Schultz 12/02/02.
Zero Day Attacks Jason Kephart. Purpose The purpose of this presentation is to describe Zero-Day attacks, stress the danger they pose for computer security.
By: Mark Reed.  Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,
INTRODUCTION TO DESKTOP SUPPORT
Mr L Challenor ICT Teacher
System Conversion.
CompTIA Security+ Study Guide (SY0-401)
Chapter 6 Application Hardening
Setting Up and Using Lists
Intrusion detection Lewis Knight.
Figure 6-4: Installation and Patching
16. Account Monitoring and Control
An Introduction to System Administration
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

CHAPTER 15 Reporting Security Problems

INTRODUCTION There are two choices that can be made when you find a security problem in some software, hardware or services: 1. Fix the system and move on. 2. Report the findings. When we have decided to report a security problems, we could try contacting: a. the vendor. b. the computer security community. c. the public. d. the press or media.

INTRODUCTION Deciding who to contact normally depends on some factors. There are: 1. The number of people affected by the security problem. 2. Its severity. 3. Either the reporters can supply a workaround themselves or not. 4. Either the vendor who have to produce a patch or not.

FULL DISCLOSURE Full disclosure is a security philosophy that states that all information about a security problem The information including enough details to independently reproduce the problems and should be made available to the public. Advantages: 1. It gave people for the first a glimpse of how insecure product and services really were.

FULL DISCLOSURE 2. It gave people a chance to test their systems for the security problems and to fix them quickly without having to wait for the vendor to react. 3. It pressured vendors to release security fixes quickly and make security a higher priority. 4. It allows people to learn from the mistakes of others and to search for security problems themselves.

FULL DISCLOSURE Disadvantages: 1. It enabling people with less noble intentions to check for the problems in other people’s systems. 2. The bad guys can get benefit from teaching the well-meaning how to find security problems.

PROBLEMS OF REPORTING Reporting security problems may arise some problems. There are: 1. A vendor may sue the person who publishes security problems in their products or services. 2. People may attempt to hold the reporter liable if they get attacked by someone making use of a security problem reported. 3. People will attempt to make use of the information reported in malicious ways. 4. Releasing information about security problems to the public will inform to well-intentioned person.

HOW TO SECURE A system administrator or a vendor can secure from security problems reports by some ways: 1. Monitoring List A system administrator or a vendor should subscribe to vulnerability announcement and discussion mailing lists such as Bugtraq. The mailing lists allow a system administrator keep up with the latest security vulnerabilities and let him know when he should fix his systems.

HOW TO SECURE The mailing lists will give vendors a chance to respond early on the publication of the problem. 2. Vulnerability Databases A system administrator should regularly check publicly available vulnerability databases for problems in products and services deployed or made use of. A vendor should regularly check publicly available vulnerability databases for problems in products and services.

HOW TO SECURE 3. Patches A system administrator should apply patches as top priorities and make sure it is brought to the management for the necessary resources and system downtime. A vendor should make producing security patches the top priority. 4. Response Procedure A system administrator should have a pre- determined written policy of what to do when vulnerability is reported on products or services that he supported.

HOW TO SECURE This should include whether to disable the system temporarily while losing some functionality or put in special monitoring or wait for a vendor or etc. A vendor should have a special contact point, e- mail address and telephone number for security issues. This contact point will follow special security procedures, bypassing the customer service reporting red tape.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.