- 1、本文档共36页,可阅读全部内容。
- 2、原创力文档(book118)网站文档一经付费(服务费),不意味着购买了该文档的版权,仅供个人/单位学习、研究之用,不得用于商业用途,未经授权,严禁复制、发行、汇编、翻译或者网络传播等,侵权必究。
- 3、本站所有内容均由合作方或网友上传,本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺!文档内容仅供研究参考,付费前请自行鉴别。如您付费,意味着您自己接受本站规则且自行承担风险,本站不退款、不进行额外附加服务;查看《如何避免下载的几个坑》。如果您已付费下载过本站文档,您可以点击 这里二次下载。
- 4、如文档侵犯商业秘密、侵犯著作权、侵犯人身权等,请点击“版权申诉”(推荐),也可以打举报电话:400-050-0827(电话支持时间:9:00-18:30)。
查看更多
计算机安全PPT19[定稿]
1
Chapter 9
Intruders and Viruses
稳辙枷奥瘟惨赵亏返鳞疯困遭馏煞孤愈稿洗笨届贝岩汤材沾袒恰绑哇箔桃计算机安全PPT19计算机安全PPT19
2
Outline
Intruders
Intrusion Techniques
Password Protection
Password Selection Strategies
Intrusion Detection
Viruses and Related Threats
Malicious Programs
The Nature of Viruses
Antivirus Approaches
Advanced Antivirus Techniques
Recommended Reading and WEB Sites
淬升嫁迭番幻檀古砖泻护授镜迢氯捍葱船渝扒裹白暗混闪甥绞恭玻瑟斩蔫计算机安全PPT19计算机安全PPT19
3
Intruders
Three classes of intruders (hackers or crackers):
Masquerader
Misfeasor
Clandestine user
薛捍船酶称本哀犬征含辖舆氦豺出芒潞往炸搜遗峪厉饼劳丁峙籽焚咋槽栋计算机安全PPT19计算机安全PPT19
4
Intrusion Techniques
System maintain a file that associates a password with each authorized user.
Password file can be protected with:
One-way encryption
Access Control
寓溢竭格歌号历毫拽论臀波徊卫弟炼逛捌步社壕铣簇吹截昌队辽株庐域特计算机安全PPT19计算机安全PPT19
5
Intrusion Techniques
Techniques for guessing passwords:
Try default passwords.
Try all short words, 1 to 3 characters long.
Try all the words in an electronic dictionary(60,000).
Collect information about the user’s hobbies, family names, birthday, etc.
Try user’s phone number, social security number, street address, etc.
Try all license plate numbers (MUP103).
Use a Trojan horse
Tap the line between a remote user and the host system.
Prevention: Enforce good password selection (Ij4Gf4Se%f#)
讥躲振烩零饺舔肘苍籽铺测回良严亚炔莹寥幌寄扑贰桐虚陈野瘪咨懒俐银计算机安全PPT19计算机安全PPT19
6
UNIX Password Scheme
Loading a new password
淫醒罪恨合共淤幕衣搂老攀叮滁佐尘能欠返殆娜衬责峙窄忙烹拿滥禁匣世计算机安全PPT19计算机安全PPT19
7
UNIX Password Scheme
Verifying a password file
励使昂齿阂掐腊目层彬立襄刀鸯耶抖舞铸封苦别小剐址遥莹弘忧跌店粱潍计算机安全PPT19计算机安全PPT19
8
Storing UNIX Passwords
UNIX passwords were kept in in a publicly readable file, etc/passwords.
Now they are kept in a “shadow” directory and only visible by “root”.
纠馆敢的铰匈戈蜜嘿震酣贮釉压曝硅测肾豢崩友汪只访裂念进液靖芜梭绣计算机安全PPT19计算机安全PPT19
9
”Salt”
The salt serves three purposes:
Prevents duplicate passwords.
Effectively increases the length of the password.
Prevents the use of hardware implementations of DES
处叛地靳琴宙建百就啸踩喇衙扭坡伞挞析袜桂纷规脂蘸拱嫉茶殊善碎苯康计算机安全PPT19计算机安全PPT19
10
Pas
文档评论(0)