Académique Documents
Professionnel Documents
Culture Documents
o
~
:J
o
C/)
"i;~
;::.'"
"~"
';;:'
<, ,.~
"YO
::"",,',
""
;i,~~
fi~~t"r7*.~'~'!-tllUM-
...
Q)
...
o
o
a.
~o
.!Q
o
..0
Q)
-..c
--
Q)
C/)
CO
Q)
a..
~)i!
~d.:.Iict:O::XJu:o
810
:0:;
_::::l
o
(/)
Q)
....
....
~o
0..
r--.~
~O ..0
Q)
--- ..c
.....
---.!:
.....
c
---.. os::
0..
....
~.
Q)
0)
r-r-
c
~
>.
o
tt=
ro
.-.- '5.
....
~t
1A1{X.:::.r.>t!'IT!:C{QImat
:.J
..oo:$
"~..a'<:
....
5~~!'....J
o
0..
Q)
'-
I!Ir..
812
c::
"---0
.~
::J
o
rn
-Q)
....
....
-0
~o
0..
i'-'.!Q
,- .8X
~..c
Q)
.....
- .S;
-
.....
c
"i::
0..
....
-...Q)
0)
c::
it:
~ o
CO
...........
.5.
~t:::
o
0..
Q)
....
~~
CO
~~
a.
-.
l!J,,.
814
r--' 0
"
"
~Ta~l1W1UtJB.I~'" C~~I'~njJ
:;::::;
::J
0
(/)
a>
...
...
~0
0
0..
(/)
X
0
.0
a>
+-'
s:
,.......".~
.;::
0..
...
a>
0)
c
~
i+=
>-
0
CO
...
.a.
t
0
0..
r-
a>
...
a>
(/)
CO
a>
a..
816
-0
;0:;
~o ::J
(/)
~O)
~O
~
~
o
a.
- ....
o
-.~
X
=.-.0
.0
-
0)
-.-c
c
c
a.
~
-
0)
0>
C
,.--1::::
o
a.
-0)
0)
~(/)
CO
-0)
a..
818
'-0
:.0:;
_.2
o
(/)
~
...
o
o
a.
- ....
o
-.~
X
o
.0
Q)
--
..c
http://www.owasp.org/index.php/Buffer_Overflow
,-
-,,,
(!J.'1
820
:;::::;
::J
-0
(/)
Q)
'....
o
o
a.
--
o
(/)
~.8x
Q)
.c
....
c
....
c
c
a.
....
Q)
0>
C
>.
o
CO
- '0..
'-t
o
a.
~
Q)
(/)
ro
Q)
a..
reserved.
c
o
;
~
o
~ "
mile2.com
:,'. ~ .
~
E-Maill.inks'.
;~:.l'
, l~
mile~l
'v~~
a'~llrltfr'.*Mni6--':f!I'~m~
(/)
~
L-
o
o
o,
o
(/)
xo
.0
(l)
..c
.....
.....
"C
o,
L-
(l)
0)
c
~
.;;;
~
~
"a.
t
o
a..
(l)
L-
(l)
(/)
CI:l
(l)
a..
.>),.. S'::CHtL
't'itilt.l!rttts;!:
!!~t1
824
c
o
:.;::::;
~o
:::J
(J)
~
....
o
o
0..
.....
o
(J)
.0
(J)
~
~o~
0..
...
(J)
0)
;;::::
~
~
....
0a.
t
o
0..
....
Q)
(J)
(J)
m
(J)
a..
lit
826
~; :~:'e~ss~Sif~StEiptiAi{~ttack''~i~~J
mile2.com
~ ",
~,
::
c+
N'
:0:;
-0
(/)
...
o
o
Q.
-o
.!Q
-.8x
- .c
...
0)
c
-....
c
Q.
...
-0)
C>
C
It=
>.
o
ca
- .0.
...
-t:
,
4: ~
withthema~s
s<cri~
S: M'I
o
Q.
~
0)
(/)
ca
0)
a..
'lh<!~tttV7Ut!Jcl~f..~ttlmM
,"
-0
",>
miJe2.com
~>"
~
MOlie
.;
>.
rt~lfit~"Uiltt:ttl'.&:(iI:){~ltJtlf
:;:;
_::J
o
C/)
Q)
...
...
-0
~-.~
o
0..
o
x
_0
.0
Q)
~ .!:
+'
__ 0t:
0..
...
Q)
0)
/,~.:::,~(=r)'~),\
~(:;:/5 l>
.." . _
~.:,:
c.
'W_-A-~-'''-~''''''_h'"'~'Y~
C)
Mi
p;
!Jf'
~~:~lTn'~Sl~a"s
~~c"J~'"
'."f FCl'~
c
o
~:::l
:;:J
o
(/)
Q)
''o
o
a.
o
--
(/)
~.8x
~.c
Q)
....
,--
....
c
---. ';::
a.
,-
'Q)
C>
C
---...l+=
!t:::
--. >o
ro
''0..
,.-...1:::
o
a.
~
Q)
(/)
tU
~Q)
CL
832
Patch management
Configuration management
Q)
(/)
C\'l
Q)
CL
r!J,,,,
834
836
-5
:;:;
r---,
. . ..
~."""
..SecllIrU!Adminislrator . ....mile~1
mUe2.com:
:~:.;,
"
~~
"
,hN,,"
~
,:;
N
~
~)
V
x-
'""
11':&e!,"l@1n.a~llln04~~IUntJ
'"
.2
o
(/)
-Q)
I-
...
-0
--
o
0o
(/)
-0
.0
Q)
'--..c
.....
.....
c
- os::
0I-
-Q)
O'l
C
It=
~
~
~
>o
co
...
"a.
.---.t::
r--
o
0Q)
...
!In.
838
C)
I"-_""'~<W".,f~
.....;..l'I')O<"~II.NtU""'''''."Jf
'>-0
:~~,::,,;;I.1tiaif~ntf8~m~~iaDc'e:,.
. ~ile_'
::T
mile2.com
"
...'
'l
"
'
'"
t1'61\t!JttWn,ll)!nQ'a.
ClSfJ,Putng
:;:::J
_____
..2
C/)
~
...
o
o
c..
-o
~O
.!Q
X
.0
-.=:.-.-c
~
Q)
.s::
_c
c..
...
>--Q)
0>
-- ~
;,;:::
>-
o
>--- <tl
.
'0.
.........,~
o
o,
,~
---~
<tl
~
Il..
840
-0
:.;::;
~:::l
o
en
...
...
----.Q)
o
a..
- ....
o
.!!!
_0
..0
----.cQ)
+-'
"-'
.~
C
-L:
+-'
a..
...
Q)
0>
C
Implementation and
maintenance
Updating virus signatures
-~
All organizations are at risk of "contracting" computer viruses, Trojans and worms15 if they are
connected to the Internet, or use removable media (e.g., floppy disks and CD-ROMs), or use
shareware/freeware software. The impact of a virus, Trojan, or worm can be as harmless as a popup message on a computer screen, or as destructive as deleting all the files on a hard drive. With
any malicious code, there is also the risk of exposing or destroying sensitive or confidential
information.
There are two primary types of anti-virus programs available: those that are installed on the network
infrastructure and those that are installed on end-user machines. Each has advantages and
disadvantages, but the use of both types of programs is generally required for the highest level of
security.
The virus detector installed on the network infrastructure is usually installed on mail servers or in
conjunction with firewalls at the network border of an organization. Server based virus detection
programs can detect viruses before they enter the network or before users download their e-mail.
Another advantage of server based virus detection is that all virus detectors require frequent
updating to remain effective. This is much easier to accomplish on the server-based programs due
to their limited number relative to client hosts.
c
o
:;::;
::l
o
rJ)
Q)
....
....
o
o
a.
_ x
0
..0
Q)
~..s:::.
+oJ
....
_cc
a.
....
~
Q)
C>
C
- '+=
-
~
>o
-.~
ctI
a.
t::
o
a.
~
?--~
ctI
Q)
a..
844
c:
-0
mile2.com
'.~:'.~.'. . eJi~DgeCoDkol
~
>
III
~Q) ....
....
-0
.-o
~.~
_
x
0
..c
Q)
'-"""..c:
+-'
--- .E:
-c:
~c 0..
....
~Q)
OJ
- '+=
res
mile~l
>
:;::;
...-.,:::J
o
Co
'.
,
l"~j)ti'tY!t~"~OOno.a. r;O,,.wtiM
~5:.;:::;
.~
::J
o
en
...
...
o
a.
------0)
~O
~
-
~~
o
en
X
0
.0
+-'
~.~
+-'
C
--""c
a.
Q)
OJ
,~
-t
t;::
>-
o
CO
...
.0.
o
a.
~
0)
en
CO
0)
a...
The modern networked computing environment brings significant challenges to the development of
contingency plans. Networked computing has changed the scope and focus of what has traditionally
been a local issue. Contingency planning is designed to reduce the consequences of any loss of
data or infrastructure. Contingency planning enables organization personnel to restore critical IT
functions and connectivity rapidly, effectively, and safely. The contingency plan defines the
procedures, resources, tasking, and information required for performing recovery actions in
response to a broad range of events. A well-executed and tested contingency plan also gives
confidence that critical resources will be available when needed and facilitates an organization's
continuity of operations in an emergency situation. The plan is a living document that must be
updated regularly to reflect changes to the system's configuration and operations. Additional
information on contingency planning is provided in NIST SP 800-34, Contingency Planning Guide
for Information Technology Systems. This guide discusses various contingency plans that will help
sustain and recover critical IT services following an emergency.
The contingency plan should address, at a minimum, the following five main components:
supporting information, notification/ activation, recovery, reconstitution, and supporting appendixes.
,~
~~~
,-
._
:;:.
::J
o
(/)
-Q)
~O
~
~
o
a.
Fault-Tolerance
~
,-
.!Q
RAID
Disk duplexing
Disk shadowing (mirroring)
Software check pointing
Redundant servers
Clustering
Backups
Dual backbones
Redundant power
Mesh network topology instead of star, bus,
or ring
0
.0
-~
....
~.;:
....
c
,--. 0i::
a.
~
-
Q)
OJ
C
- '+=
-
~
>o
CO
~
'0..
Mechanisms
LAN
-1::
o
a.
~
Q)
(/)
CO
Q)
Q.
(.>),,,
l!lM
850
c
o
~::J
o
tJ)
~
....
o
o
0..
~o
,-
tJ)
X
0
.0
-~
....
,~ .!:
....
c
~- c
0..
....
~Q)
0)
i+=
>.
o
m
....
"a..
-'"t:
o
0..
If the system
experiences ..a glitch,
then system state data
is used to try and
recoverstatean
user
.data
Controller is not t
. single pointof fail
~
Q)
tJ)
m
Q)
0...
852
o.tU;."tt~i"tf~roJt'j:f
1~A1H:m
-:!t'XJ1l:r~
....stn.mAM:1i
:;;
::l
o
(/)
~
'o
o
o,
-(/)
.0
Q)
.c:
System Configuration
_ c
>U
ell
- "0.
'-
-1::
o
o,
~
Q)
(/)
ell
Q)
a..
854
~o c
:;::;
~o
:::J
(/)
~(])
...
:'
...
o
0..
~ .....
o
~.~
x
-.8
(])
~.L::.
....
....
c
-"L:
0..
...
~(])
tn
"......-t;::
"
/,,;WiliL/;;) ~ ,~ >l'::;~
~, ,
101.t&'
"'
'\~t,;~:
'",
: ~
:~,. Ba'tctl'Bacl(ups:c(,k;7P
~O
, Real-time, orr-ear
real-time, backups
Usually used for
critical databases
e,Electronic,va ulting
technology
"
'"
Frequency of
backup depends
upon how often
datacha nges
e Backing up of ...
Data
Software products
Databases
Utility programs
856
1;",;
a~tt*
~:rolt"M'
1tW'~;;'i'!QW A!<!a.H'tAAcf
Ri!fil;z;J.
c0
+:;
:::J
en
<D
...
...
0
0
0...
r'_
en
><
0
.0
<D
.c
....
c
....
c
"C
0...
...
<D
C>
C
'~+=
>-
o
m
...
"a..
t:::
0
0...
<D
...
<D
en
ro
<D
0...
858
o
:;:;
.'
mi1e2.com
.?a .. ...
h
.
,
;.:
"'~,
'
"
f't>8"~u:tiWTUll\lrl4J ~U~
:::l
(5
CJ)
Q)
...
...
o
0..
CJ)
.0
Q)
L:.
....
...
c
';::
0..
...
Q)
0>
C
i+=
~
~
es
...
'0..
t::
o
0..
Q)
...
Q)
CJ)
m
Q)
a..
860
~'.al~ij's~f6at
N'eel'la'~:Bi!'~greel III'ao"JLi.:
!Ii'
~ ....
o
-
.!Q
-.8x
Q)
.~..c
....
c
.....
c
--co,
....
-Q)
C)
C
,:?::~"o/.,
":?~~:'
'i.~~
.,.
("\1 ~ : //(~':~}'~\:'\_
//--
/l
U:J'\':::5 ,/
Mile2 All rights reserved.
p21
c::
-0
:;::;
~o
~Q)
:::J
en
...
...
_0
~o
a.
o
.!!?
><
-.8
-~
Q)
-.~
Q)
en
CO
Q)
-a.
1!J'>1 864
~o c::
~
""."
""
. ".~.:,;'.~'.:
J~~llet[alion:;!1esti
aig: ";~~' odle'll
: ~ ~ "
mUe2.com
>
y~
~~>,>'
"'i
,"
;:.
',,,,
~,
".j
}'U~ntnv:Tt.I":!nOi.~~mM
~o ::l
If)
~Q)
...
...
_0
--
o
0..
o
~.~
-.8x
Q)
-- .~
-.t::,
-...
c::
__ 0;::
0..
-0)
0>
r--
c::
Ii=
r!l,,,
866
-0
:z:;
mile2.co~', "
,'"
":':
'~',,','
::J
r-o
(/)
,~~
~oo
--
a.
o
~.~
-..8x
Q)
-...
~..c
-.!:
c
a.
--."C
-Q)
0>
~o c
+='::l
'"'""'0
en
,-.... (I)
L..
...
o
c..
-0
---
o
.!a
(I)
..c
-.8x
c
...........-
Characteristics
t!J",
870
~-.~
o
,-Ex
0>
.~~
....
0t:
...
0-
-0>
--
C>
i,i:
Degaussing
Machine that works as a large magnet
I!JrM 872
c::
--0
:0:;
r--- -:::l
"~
<',,,
"
Jt tUlltlty
"IUllWtlo;
A~tAtlmf'4J
o
II)
...
...
,-
Q)
-r-r-
0
o
0..
~o
r-
.~
X
_0
.D
Q)
~~ ....
-
.!:
....
c::
.;---.. "i:::
c..
...
.-Q)
0>
c::
,,-- ij::
~
~
>-
access
Physical loggers
Connector between keyboard. and
computer
Holds all data that user types in
Attacker plants logger and retrieves it at a
later
m
...
'0.
-1:::
o
0..
------
...
Q)
!ITM
874
~o c
_:l
o
en
~(1)
....
....
~-0
o
a.
o
en
_0><
.o
~- ~
~
-t
>-
ctI
....
"0..
o
a.
-(1)
....
(.),~
876
~oc
:;::::;
~::I
~Q)
o
c/)
'o
c..
- '0
~o
c/)
X
-0
.0
~~
-
.....
o!:
.....
c
00..
~t::
o
o,
--Q)
'-