Presentation is loading. Please wait.

Presentation is loading. Please wait.

CHAPTER 15 Reporting Security Problems. INTRODUCTION There are two choices that can be made when you find a security problem in some software, hardware.

Published byDylan Robertson Modified over 8 years ago

Similar presentations

Presentation on theme: "CHAPTER 15 Reporting Security Problems. INTRODUCTION There are two choices that can be made when you find a security problem in some software, hardware."— Presentation transcript:

1 CHAPTER 15 Reporting Security Problems

2 INTRODUCTION There are two choices that can be made when you find a security problem in some software, hardware or services: 1. Fix the system and move on. 2. Report the findings. When we have decided to report a security problems, we could try contacting: a. the vendor. b. the computer security community. c. the public. d. the press or media.

3 INTRODUCTION Deciding who to contact normally depends on some factors. There are: 1. The number of people affected by the security problem. 2. Its severity. 3. Either the reporters can supply a workaround themselves or not. 4. Either the vendor who have to produce a patch or not.

4 FULL DISCLOSURE Full disclosure is a security philosophy that states that all information about a security problem The information including enough details to independently reproduce the problems and should be made available to the public. Advantages: 1. It gave people for the first a glimpse of how insecure product and services really were.

5 FULL DISCLOSURE 2. It gave people a chance to test their systems for the security problems and to fix them quickly without having to wait for the vendor to react. 3. It pressured vendors to release security fixes quickly and make security a higher priority. 4. It allows people to learn from the mistakes of others and to search for security problems themselves.

6 FULL DISCLOSURE Disadvantages: 1. It enabling people with less noble intentions to check for the problems in other people’s systems. 2. The bad guys can get benefit from teaching the well-meaning how to find security problems.

7 PROBLEMS OF REPORTING Reporting security problems may arise some problems. There are: 1. A vendor may sue the person who publishes security problems in their products or services. 2. People may attempt to hold the reporter liable if they get attacked by someone making use of a security problem reported. 3. People will attempt to make use of the information reported in malicious ways. 4. Releasing information about security problems to the public will inform to well-intentioned person.

8 HOW TO SECURE A system administrator or a vendor can secure from security problems reports by some ways: 1. Monitoring List A system administrator or a vendor should subscribe to vulnerability announcement and discussion mailing lists such as Bugtraq. The mailing lists allow a system administrator keep up with the latest security vulnerabilities and let him know when he should fix his systems.

9 HOW TO SECURE The mailing lists will give vendors a chance to respond early on the publication of the problem. 2. Vulnerability Databases A system administrator should regularly check publicly available vulnerability databases for problems in products and services deployed or made use of. A vendor should regularly check publicly available vulnerability databases for problems in products and services.

10 HOW TO SECURE 3. Patches A system administrator should apply patches as top priorities and make sure it is brought to the management for the necessary resources and system downtime. A vendor should make producing security patches the top priority. 4. Response Procedure A system administrator should have a pre- determined written policy of what to do when vulnerability is reported on products or services that he supported.

11 HOW TO SECURE This should include whether to disable the system temporarily while losing some functionality or put in special monitoring or wait for a vendor or etc. A vendor should have a special contact point, e- mail address and telephone number for security issues. This contact point will follow special security procedures, bypassing the customer service reporting red tape.

Download ppt "CHAPTER 15 Reporting Security Problems. INTRODUCTION There are two choices that can be made when you find a security problem in some software, hardware."

Similar presentations

Marketing support of Dr.Web anti-virus service providers.

Marketing support of Dr.Web anti-virus service providers.
1 of 18 Information Dissemination New Digital Opportunities IMARK Investing in Information for Development Information Dissemination New Digital Opportunities.

1 of 18 Information Dissemination New Digital Opportunities IMARK Investing in Information for Development Information Dissemination New Digital Opportunities.
A.Take the customers telephone number and call if the business decides to stock the printer B.Offer the customer free ink cartridges if a computer is.

A.Take the customers telephone number and call if the business decides to stock the printer B.Offer the customer free ink cartridges if a computer is.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
How to Perform a SQL Server Health Check

How to Perform a SQL Server Health Check
Intro to Scrum. What is Scrum? An answer to traditional “fixed cost / strict requirements” contracts which had very high rates of failure Recognizes the.

Intro to Scrum. What is Scrum? An answer to traditional “fixed cost / strict requirements” contracts which had very high rates of failure Recognizes the.
A Quick Review of Unit 2 – Using Windows 7 Computing Fundamentals © CCI Learning Solutions.

A Quick Review of Unit 2 – Using Windows 7 Computing Fundamentals © CCI Learning Solutions.
1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.

1 CHAPTER 1 POLITICS. 2 Definitions Of The Word Hacker Hacker – someone who has achieved some level of expertise with a computer Hacker – someone who.
ARE CHARTER SCHOOLS A GOOD WAY TO IMPROVE EDUCATION IN OUR COMMUNITY? A CHOICEWORK DISCUSSION STARTER.

ARE CHARTER SCHOOLS A GOOD WAY TO IMPROVE EDUCATION IN OUR COMMUNITY? A CHOICEWORK DISCUSSION STARTER.
SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.

SOA Security Chapter 12 SOA for Dummies. Outline User Authentication/ authorization Authenticating Software and Data Auditing and the Enterprise Service.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
Information Networking Security and Assurance Lab National Chung Cheng University Introduction to Software Security Jared 2004/03/17.

Information Networking Security and Assurance Lab National Chung Cheng University Introduction to Software Security Jared 2004/03/17.
1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.

1 Securing Passwords Against Dictionary Attacks Base on an article by Benny Pinkas & Tomas Sander 2002 Presented by Tomer Conforti.
Your Website Chat & Live Customer Support Solution Instant Customer GratificationSM Brought to you by: Affordable Business Productivity and Communications.

Your Website Chat & Live Customer Support Solution "Instant Customer GratificationSM" Brought to you by: Affordable Business Productivity and Communications.
BUSINESS CONTINUITY PLANNING FOR SMALL TO MEDIUM ENTERPRISES Presented and written by Jamie Whitford-Robson Corporate Business Continuity Lead.

BUSINESS CONTINUITY PLANNING FOR SMALL TO MEDIUM ENTERPRISES Presented and written by Jamie Whitford-Robson Corporate Business Continuity Lead.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
Subject Name: Introduction to Computing Assignment : Advantages And Disadvantages Of Open Source Software Submitted by: Raja Kamran Maroof Khan (FA10-BBA-135)

Subject Name: Introduction to Computing Assignment : Advantages And Disadvantages Of Open Source Software Submitted by: Raja Kamran Maroof Khan (FA10-BBA-135)
1. Define the term ‘database’(2) A database is a large and continuously updated collection of stored data structured to allow the various applications.

1. Define the term ‘database’(2) A database is a large and continuously updated collection of stored data structured to allow the various applications.
Information Systems Security Computer System Life Cycle Security.

Information Systems Security Computer System Life Cycle Security.
11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Similar presentations

Ads by Google