計(jì)算機(jī)安全漏洞中英文對(duì)照外文翻譯文獻(xiàn)

計(jì)算機(jī)安全漏洞中英文對(duì)照外文翻譯文獻(xiàn)計(jì)算機(jī)安全漏洞中英文對(duì)照外文翻譯文獻(xiàn)(文檔含英文原文和中文翻譯)Talkingaboutsecurityloopholesreferencetothecorenetworksecuritybusinessobjectiveistoprotectthesustainabilityofthesystemanddatasecurity,Thistwoofthemainthreatscomefromthewormoutbreaks,hackingattacks,denialofserviceattacks,Trojanhorse.Worms,hackerattacksproblemsandloopholescloselylinkedto,ifthereismajorsecurityloopholeshaveemerged,theentireInternetwillbefacedwithamajorchallenge.WhiletraditionalTrojanandlittlesecurityloopholes,butrecentlymanyTrojanarecleveruseoftheIEloopholeletyoubrowsethewebsiteatunknowinglywereonthemove.Securityloopholesinthedefinitionofalot,Ihavehereisapopularsaying:canbeusedtostemthe"thought"cannotdo,andaresafety-relateddeficiencies.Thisshortcomingcanbeamatterofdesign,coderealizationoftheproblem.DifferentperspectiveofsecurityloopholesIntheclassificationofaspecificprocedureissafefromthemanyloopholesinclassification.1.Classificationfromtheusergroups:●Publicloopholesinthesoftwarecategory.IftheloopholesinWindows,IEloophole,andsoon.●specializedsoftwareloophole.IfOracleloopholes,Apache,etc.loopholes.2.Datafromtheperspectiveinclude:●couldnotreasonablybereadandreaddata,includingthememoryofthedata,documentsthedata,Usersinputdata,thedatainthedatabase,network,datatransmissionandsoon.●designatedcanbewrittenintothedesignatedplaces(includingthelocalpaper,memory,databases,etc.)●Inputdatacanbeimplemented(includingnativeimplementation,accordingtoShellcodeexecution,bySQLcodeexecution,etc.)3.Fromthepointofviewofthescopeoftheroleare:●Remoteloopholes,anattackercouldusethenetworkanddirectlythroughtheloopholesintheattack.Suchloopholesgreatharm,anattackercancreatealoopholethroughotherpeople'scomputersoperate.SuchloopholesandcaneasilyleadtowormattacksonWindows.●Localloopholes,theattackermusthavethemachinepremiseaccesspermissionscanbelaunchedtoattacktheloopholes.Typicalofthelocalauthoritytoupgradeloopholes,loopholesintheUnixsystemarewidespread,allowordinaryuserstoaccessthehighestadministratorprivileges.4.Triggerconditionsfromthepointofviewcanbedividedinto:●Initiativetriggerloopholes,anattackercantaketheinitiativetousetheloopholesintheattack,Ifdirectaccesstocomputers.●Passivetriggerloopholesmustbecomputeroperatorscanbecarriedoutattackswiththeuseoftheloophole.Forexample,theattackermadetoamailadministrator,withaspecialjpgimagefiles,iftheadministratortoopenimagefileswillleadtoapictureofthesoftwareloopholewastriggered,therebysystemattacks,butifmanagersdonotlookatthepictureswillnotbeaffectedbyattacks.5.Onanoperationalperspectivecanbedividedinto:●Fileoperationtype,mainlyfortheoperationofthetargetfilepathcanbecontrolled(e.g.,parameters,configurationfiles,environmentvariables,thesymboliclinkHEC),thismayleadtothefollowingtwoquestions:

Contentcanbewrittenintocontrol,thecontentsofthedocumentscanbeforged.Upgradingorauthoritytodirectlyaltertheimportantdata(suchasrevisingthedepositandlendingdata),thishasmanyloopholes.IfhistoryOracleTNSLOGdocumentcanbedesignatedloopholes,couldleadtoanypersonmaycontroltheoperationoftheOraclecomputerservices;

informationcontentcanbeoutputPrintcontenthasbeencontainedtoascreentorecordreadablelogfilescanbegeneratedbythecoreusersreadingpapers,SuchloopholesinthehistoryoftheUnixsystemcrontabsubsystemseenmanytimes,ordinaryuserscanreadtheshadowofprotecteddocuments;●Memorycoverage,mainlyformemorymodulescanbespecified,writecontentmaydesignatesuchpersonswillbeabletoattacktoenforcethecode(bufferoverflow,formatstringloopholes,PTraceloopholes,Windows2000historyofthehardwaredebuggingregistersuserscanwriteloopholes),ordirectlyalterthememoryofsecretsdata.●logicerrors,suchwidegapsexist,butveryfewchanges,soitisdifficulttodiscern,canbebrokendownasfollows:

loopholescompetitiveconditions(usuallyforthedesign,typicalofPtraceloopholes,Theexistenceofwidespreaddocumenttimingofcompetition)

wrongtactic,usuallyindesign.IfthehistoryoftheFreeBSDSmartIOloopholes.

Algorithm(usuallycodeordesigntoachieve),IfthehistoryofMicrosoftWindows95/98sharingpasswordcaneasilyaccessloopholes.

Imperfectionsofthedesign,suchasTCP/IPprotocolofthethree-stephandshakeSYNFLOODledtoadenialofserviceattack.

realizethemistakes(usuallynoproblemforthedesign,butthepresenceofcodinglogicwrong,Ifhistorybettingsystempseudo-randomalgorithm)●Externalorders,Typicalofexternalcommandscanbecontrolled(viathePATHvariable,SHELLimportationofspecialcharacters,etc.)andSQLinjectionissues.6.Fromtimeseriescanbedividedinto:●haslongfoundloopholes:manufacturersalreadyissuedapatchorrepairmethodsmanypeopleknowalready.Suchloopholesareusuallyalotofpeoplehavehadtorepairmacroperspectiveharmrathersmall.●recentlydiscoveredloophole:manufacturersjustmadepatchorrepairmethods,thepeoplestilldonotknowmore.Comparedtogreaterdangerloopholes,ifthewormappearedfoolortheuseofprocedures,sowillresultinalargenumberofsystemshavebeenattacked.●0day:notopentheloopholeintheprivatetransactions.Usuallysuchloopholestothepublicwillnothaveanyimpact,butitwillallowanattackertothetargetbyaimingprecisionattacks,harmisverygreat.DifferentperspectiveontheuseoftheloopholesIfadefectshouldnotbeusedtostemthe"original"cannotdowhatthe(safety-related),onewouldnotbecalledsecurityvulnerability,securityloopholesandgapsinevitablycloselylinkedtouse.Perspectiveuseoftheloopholesis:●DataPerspective:visithadnotvisitedthedata,includingreadingandwriting.Thisisusuallyanattacker'scorepurpose,butcancauseveryseriousdisaster(suchasbankingdatacanbewritten).●CompetencePerspective:MajorPowerstobypassorpermissions.Permissionsareusuallyinordertoobtainthedesireddatamanipulationcapabilities.●Usabilityperspective:accesstocertainservicesonthesystemofcontrolauthority,thismayleadtosomeimportantservicestostopattacksandleadtoadenialofserviceattack.●Authenticationbypass:usuallyusecertificationsystemandtheloopholeswillnotauthorizetoaccess.Authenticationisusuallybypassedforpermissionsordirectdataaccessservices.●Codeexecutionperspective:mainlyproceduresfortheimportationofthecontentsastoimplementthecode,obtainremotesystemaccesspermissionsorlocalsystemofhigherauthority.ThisangleisSQLinjection,memorytypegamespointerloopholes(bufferoverflow,formatstring,Plasticoverflowetc.),themaindriving.Thisangleisusuallybypassingtheauthenticationsystem,permissions,anddatapreparationforthereading.LoopholesexploremethodsmustFirstremovesecurityvulnerabilitiesinsoftwareBUGinasubset,allsoftwaretestingtoolshavesecurityloopholestoexplorepractical.Nowthatthe"hackers"usedtoexplorethevariousloopholesthattherearemeansavailabletothemodelare:●fuzztesting(blackboxtesting),byconstructingproceduresmayleadtoproblemsofstructuralinputdataforautomatictesting.●FOSSaudit(WhiteBox),nowhaveaseriesoftoolsthatcanassistinthedetectionofthesafetyproceduresBUG.ThemostsimpleisyourhandsthelatestversionoftheClanguagecompiler.●IDAanti-compilationoftheaudit(grayboxtesting),andabovethesourceauditareverysimilar.Theonlydifferenceisthatmanytimesyoucanobtainsoftware,butyoucannotgettothesourcecodeaudit,ButIDAisaverypowerfulanti-Seriesplatform,letyoubasedonthecode(thesourcecodeisinfactequivalent)conductedasafetyaudit.●dynamictracking,istherecordofproceedingsunderdifferentconditionsandtheimplementationofallsecurityissuesrelatedtotheoperation(suchasfileoperations),thensequenceanalysisoftheseoperationsifthereareproblems,itiscompetitivecategoryloopholesfoundoneofthemajorways.Othertrackingtaintedspreadalsobelongstothiscategory.●patch,thesoftwaremanufacturersoutofthequestionusuallyaddressedinthepatch.Bycomparingthepatchbeforeandafterthesourcedocument(ortheanti-coding)tobeawareofthespecificdetailsofloopholes.Moretoolswithwhichbothrelatetoacrucialpoint:Artificialneedtofindacomprehensiveanalysisoftheflowpathcoverage.Analysismethodsvariedanalysisanddesigndocuments,sourcecodeanalysis,analysisoftheanti-codecompilation,dynamicdebuggingprocedures.GradingloopholesloopholesintheinspectionharmshouldclosetheloopholesandtheuseofthehazardsrelatedOftenpeoplearenotawareofalltheBufferOverflowVulnerabilityloopholesarehigh-risk.Along-distanceloopholeexampleandbetterdelineation:●RemoteaccesscanbeanOS,applicationprocedures,versioninformation.●openunnecessaryordangerousintheservice,remoteaccesstosensitiveinformationsystems.●Remotecanberestrictedforthedocuments,datareading.●remotelyimportantorrestricteddocuments,datareading.●maybelimitedforlong-rangedocument,datarevisions.●Remotecanberestrictedforimportantdocuments,datachanges.●Remotecanbeconductedwithoutlimitationintheimportantdocuments,datachanges,orforgeneralservicedenialofserviceattacks.●Remotelyasanormaluserorexecutingordersforsystemandnetwork-leveldenialofserviceattacks.●mayberemotemanagementofuseridentitiestotheenforcementoftheorder(limited,itisnoteasytouse).●canberemotemanagementofuseridentitiestotheenforcementoftheorder(notrestricted,accessible).Almostalllocalloopholesleadtocodeexecution,classifiedabovethe10pointssystemfor:●initiativeremotetriggercodeexecution(suchasIEloophole).●passivetriggerremotecodeexecution(suchasWordgaps/chartingsoftwareloopholes).DEMOafirewallsegregation(peacekeepingoperationonlyallowstheDepartmentofvisits)networkswereoperatingaUnixserver;operatingsystemsonlyrootusersandusersmayoraclelandingoperatingsystemrunningApache(nobodyauthority),Oracle(oracleuserrights)services.Anattacker'spurposeistoamendtheOracledatabasetablebillingdata.Itspossibleattackssteps:●1.Accesspeacekeepingoperationofthenetwork.AccesstoapeacekeepingoperationoftheIPaddressinordertovisitthroughthefirewalltoprotecttheUNIXserver.●2.ApacheservicesusingaRemoteBufferOverflowVulnerabilitydirectaccesstoanobody'scompetencehellvisit.●3.Usingacertainoperatingsystemsuidprocedureoftheloopholetoupgradetheircompetencetorootprivileges.●4.Oraclesysdbalandingintothedatabase(locallandingwithoutapassword).●5.Revisedtargettabledata.Overfivedownforprocessanalysis:●Step1:Authenticationbypass●Step2:Remoteloopholescodeexecution(native),Authenticationbypassing●Step3:permissions,authenticationbypass●Step4:Authenticationbypass●Step5:writedata

安全漏洞雜談網(wǎng)絡(luò)安全的核心目標(biāo)是保障業(yè)務(wù)系統(tǒng)的可持續(xù)性和數(shù)據(jù)的安全性，而這兩點(diǎn)的主要威脅來自于蠕蟲的暴發(fā)、黑客的攻擊、拒絕服務(wù)攻擊、木馬。蠕蟲、黑客攻擊問題都和漏洞緊密聯(lián)系在一起，一旦有重大安全漏洞出現(xiàn)，整個(gè)互聯(lián)網(wǎng)就會(huì)面臨一次重大挑戰(zhàn)。雖然傳統(tǒng)木馬和安全漏洞關(guān)系不大，但最近很多木馬都巧妙的利用了IE的漏洞，讓你在瀏覽網(wǎng)頁(yè)時(shí)不知不覺的就中了招。安全漏洞的定義已經(jīng)有很多了，我這里給出一個(gè)通俗的說法就是：能夠被利用來干“原本以為”不能干的事，并且和安全相關(guān)的缺陷。這個(gè)缺陷可以是設(shè)計(jì)上的問題、程序代碼實(shí)現(xiàn)上的問題。一、不同角度看安全漏洞的分類對(duì)一個(gè)特定程序的安全漏洞可以從多方面進(jìn)行分類：1.從用戶群體分類：●大眾類軟件的漏洞。如Windows的漏洞、IE的漏洞等等?！駥Ｓ密浖穆┒?。如Oracle漏洞、Apache漏洞等等。2.從數(shù)據(jù)角度看分為：●能讀按理不能讀的數(shù)據(jù)，包括內(nèi)存中的數(shù)據(jù)、文件中的數(shù)據(jù)、用戶輸入的數(shù)據(jù)、數(shù)據(jù)庫(kù)中的數(shù)據(jù)、網(wǎng)絡(luò)上傳輸?shù)臄?shù)據(jù)等等?！衲馨阎付ǖ膬?nèi)容寫入指定的地方（這個(gè)地方包括文件、內(nèi)存、數(shù)據(jù)庫(kù)等）●輸入的數(shù)據(jù)能被執(zhí)行（包括按機(jī)器碼執(zhí)行、按Shell代碼執(zhí)行、按SQL代碼執(zhí)行等等）3.從作用范圍角度看分為：●遠(yuǎn)程漏洞，攻擊者可以利用并直接通過網(wǎng)絡(luò)發(fā)起攻擊的漏洞。這類漏洞危害極大，攻擊者能隨心所欲的通過此漏洞操作他人的電腦。并且此類漏洞很容易導(dǎo)致蠕蟲攻擊，在Windows。●本地漏洞，攻擊者必須在本機(jī)擁有訪問權(quán)限前提下才能發(fā)起攻擊的漏洞。比較典型的是本地權(quán)限提升漏洞，這類漏洞在Unix系統(tǒng)中廣泛存在，能讓普通用戶獲得最高管理員權(quán)限。4.從觸發(fā)條件上看可以分為：●主動(dòng)觸發(fā)漏洞，攻擊者可以主動(dòng)利用該漏洞進(jìn)行攻擊，如直接訪問他人計(jì)算機(jī)?！癖粍?dòng)觸發(fā)漏洞，必須要計(jì)算機(jī)的操作人員配合才能進(jìn)行攻擊利用的漏洞。比如攻擊者給管理員發(fā)一封郵件，帶了一個(gè)特殊的jpg圖片文件，如果管理員打開圖片文件就會(huì)導(dǎo)致看圖軟件的某個(gè)漏洞被觸發(fā)，從而系統(tǒng)被攻擊，但如果管理員不看這個(gè)圖片則不會(huì)受攻擊。5.從操作角度看可分為：●文件操作類型，主要為操作的目標(biāo)文件路徑可被控制（如通過參數(shù)、配置文件、環(huán)境變量、符號(hào)鏈接燈），這樣就可能導(dǎo)致下面兩個(gè)問題：

寫入內(nèi)容可被控制，從而可偽造文件內(nèi)容，導(dǎo)致權(quán)限提升或直接修改重要數(shù)據(jù)（如修改內(nèi)存數(shù)據(jù)），這類漏洞有很多，如歷史上OracleTNSLOG文件可指定漏洞，可導(dǎo)致任何人可控制運(yùn)行Oracle服務(wù)的計(jì)算機(jī)；

內(nèi)容信息可被輸出，包含內(nèi)容被打印到屏幕、記錄到可讀的日志文件、產(chǎn)生可被用戶讀的core文件等等，這類漏洞在歷史上Unix系統(tǒng)中的crontab子系統(tǒng)中出現(xiàn)過很多次，普通用戶能讀受保護(hù)的shadow文件；●內(nèi)存覆蓋，主要為內(nèi)存單元可指定，寫入內(nèi)容可指定，這樣就能執(zhí)行攻擊者想執(zhí)行的代碼（緩沖區(qū)溢出、格式串漏洞、PTrace漏洞、歷史上Windows2000的硬件調(diào)試寄存器用戶可寫漏洞）或直接修改內(nèi)存中的機(jī)密數(shù)據(jù)。●邏輯錯(cuò)誤，這類漏洞廣泛存在，但很少有范式，所以難以查覺，可細(xì)分為：

條件競(jìng)爭(zhēng)漏洞（通常為設(shè)計(jì)問題，典型的有Ptrace漏洞、廣泛存在的文件操作時(shí)序競(jìng)爭(zhēng)）

策略錯(cuò)誤，通常為設(shè)計(jì)問題，如歷史上FreeBSD的SmartIO漏洞。

算法問題（通常為設(shè)計(jì)問題或代碼實(shí)現(xiàn)問題），如歷史上微軟的Windows95/98的共享口令可輕易獲取漏洞。

設(shè)計(jì)的不完善，如TCP/IP協(xié)議中的3步握手導(dǎo)致了SYNFLOOD拒絕服務(wù)攻擊。

實(shí)現(xiàn)中的錯(cuò)誤（通常為設(shè)計(jì)沒有問題，但編碼人員出現(xiàn)了邏輯錯(cuò)誤，如歷史上博彩系統(tǒng)的偽隨機(jī)算法實(shí)現(xiàn)問題）●外部命令執(zhí)行問題，典型的有外部命令可被控制（通過PATH變量，輸入中的SHELL特殊字符等等）和SQL注入問題。6.從時(shí)序上看可分為：●已發(fā)現(xiàn)很久的漏洞：廠商已經(jīng)發(fā)布補(bǔ)丁或修補(bǔ)方法，很多人都已經(jīng)知道。這類漏洞通常很多人已經(jīng)進(jìn)行了修補(bǔ)，宏觀上看危害比較小。●剛發(fā)現(xiàn)的漏洞：廠商剛發(fā)補(bǔ)丁或修補(bǔ)方法，知道的人還不多。相對(duì)于上一種漏洞其危害性較大，如果此時(shí)出現(xiàn)了蠕蟲或傻瓜化的利用程序，那么會(huì)導(dǎo)致大批系統(tǒng)受到攻擊?！?day：還沒有公開的漏洞，在私下交易中的。這類漏洞通常對(duì)大眾不會(huì)有什么影響，但會(huì)導(dǎo)致攻擊者瞄準(zhǔn)的目標(biāo)受到精確攻擊，危害也是非常之大。二、不同角度看待漏洞利用如果一個(gè)缺陷不能被利用來干“原本”不能干的事（安全相關(guān)的），那么就不能被稱為安全漏洞，所以安全漏洞必然和漏洞利用緊密聯(lián)系在一起。漏洞利用的視角有：●數(shù)據(jù)視角：訪問本來不可訪問的數(shù)據(jù)，包括讀和寫。這一條通常是攻擊者的核心目的，而且可造成非常嚴(yán)重的災(zāi)難（如銀行數(shù)據(jù)可被人寫）?！駲?quán)限視角：主要為權(quán)限繞過或權(quán)限提升。通常權(quán)限提升都是為了獲得期望的數(shù)據(jù)操作能力。●可用性視角：獲得對(duì)系統(tǒng)某些服務(wù)的控制權(quán)限，這可能導(dǎo)致某些重要服務(wù)被攻擊者停止而導(dǎo)致拒絕服務(wù)攻擊?！裾J(rèn)證繞過：通常利用認(rèn)證系統(tǒng)的漏洞而不用受權(quán)就能進(jìn)入系統(tǒng)。通常認(rèn)證繞過都是為權(quán)限提升或直接的數(shù)據(jù)訪問服務(wù)的。