보안 취약점 비교 Linux vs. Windows

Slides:



Advertisements
Similar presentations
The Web Wizards Guide to Freeware/Shareware Chapter Six Open Source Software.
Advertisements

Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.
Server-Side vs. Client-Side Scripting Languages
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
Version Control Systems Phil Pratt-Szeliga Fall 2010.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Server Operating Systems Last Update Copyright Kenneth M. Chipps Ph.D. 1.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
Microsoft ® Office SharePoint ® Server 2007 Training SharePoint calendars I: Make the most of your team calendar Bellwood-Antis School District presents:
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
IT:Network:Microsoft Applications
Electronic EDI e-EDI. The EDI has been in use since 1999 using a paper-based system and computerized spreadsheets to collect and manage EDI data. Over.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
SYST Web Technologies SYST Web Technologies Installing a Web Server (XAMPP)
HWINTRO1 OPERATING INSTALLING AN OPERATING SYSTEM.
Programming and Application Packages
Software Assurance Session 15 INFM 603. Bug hunting vs. vulnerability spotting Bugs are your code not behaving as you designed it. Many can be found by.
CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.
Introduction to Computer Ethics
Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.
Microsoft Internet Explorer and the Internet Using Microsoft Explorer 5.
FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.
CSCD 303 Essential Computer Security Spring 2013 Lecture 8 - Desktop Security OS Security Compared Reading: See References.
1 Application Security: Electronic Commerce and Chapter 9 Copyright 2003 Prentice-Hall.
SVN in Eclipse Presented by David Eisler 10/09/2014.
Site License Advisory Team Mar. 30, 2012 meeting.
©2010 Check Point Software Technologies Ltd. | [Unrestricted] For everyone SmartEvent (Intro) Антон Разумов Консультант по безопасности.
Computer Viruses and Worms By: Monika Gupta Monika Gupta.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
Web Development Web development never ends: 1.Find out what the stakeholders need (sponsors, users, etc.) 2.Investigate available technology 3.Plan the.
Risk Management How To Develop a Risk Response Plan alphaPM Inc.
Affected Products –Java SE JDK and JRE 6 update 23 and earlier JDK 5.0 Update 27 and earlier SDK 1.4.2_29 and earlier –JRockit R and earlier (JDK/JRE.
Improving Security through Software Dr Warren Toomey School of Computer Science Australian Defence Force Academy.
Windows Small Business Server 2003 R2 Powering Small Businesses.
Writing Security Alerts tbird Last modified 2/25/2016 8:55 PM.
Is finding security holes a good idea? Presented By: Jeff Wheeler CSC 682.
XAMPP.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
Virus Infections By: Lindsay Bowser. Introduction b What is a “virus”? b Brief history of viruses b Different types of infections b How they spread b.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Chapter 25 – Configuration Management 1Chapter 25 Configuration management.
An Introduction to. Where did Fedora come from? Boxed set every 6 months == Failed business model [
1 January 14, Evaluating Open Source Software William Cohen NCSU CSC 591W January 14, 2008 Based on David Wheeler, “How to Evaluate Open Source.
CJA 234 MART The power of possibility/cja234martdotcom POS 420 Entire Course FOR MORE CLASSES VISIT POS 420 Week 1 UNIX and Linux.
Systems Analysis and Design in a Changing World, Fifth Edition
Shadow Brokers – Details on Leaked Cyberintelligence Tools and Vulnerabilities A brief research note for Info-Tech’s members.
Web Development Web development never ends:
POS 420 STUDY Imagine Your Future /pos420study.com
Chapter 6 Application Hardening
Managing the Project Lifecycle
Web Development Web Servers.
CompTIA Server+ Certification (Exam SK0-004)
Overview – SOE PatchTT November 2015.
Overview – SOE PatchTT December 2013.
^ About the.
Discussion about 'Shellshock' fixes--Ubuntu and OS X
Building A Web-based University Archive
Firewalls.
Retail Market Messaging Support Issues
DHCP, DNS, Client Connection, Assignment 1 1.3
Nessus Vulnerability Scanning
CNA Processes CVE Team.
UNITY TEAM PROJECT TOPICS: [1]. Unity Collaborate
Figure 6-4: Installation and Patching
IS3440 Linux Security Unit 8 Software Management
Module 3 Using Linux.
5/12/2019 2:57 PM © Microsoft Corporation. All rights reserved.
PerformanceBridge Application Suite and Practice 2.0 IT Specifications
Presentation transcript:

보안 취약점 비교 Linux vs. Windows 기술 사업부 (주)한국마이크로소프트

MITRE Security Vulnerabilities in 2002 연구 결과에 따르면 380개 이상의 CAN/CVE 항목이 2002년 벤더 목록에 추가되었음. 전체 CAN 항목중 2/3이상이 OSS(Open Source Software)에 영향을 줌 CAN: Candidate for CVE status CVE: Common Vulnerabilities and Exposures 총발견 갯수 : 386개 http://www.cve.mitre.org/cve

SQL Server 2000 vs. Oracle 9iAS Don’t have all the minor release dates for Oracle 9iAS. They don’t seem to be posted.

IIS 5 vs. Apache 패치가 아닌 버전 업그레이드가 많다는 의미는 관리자들의 시스템 유지 보수에 부담을 주는 영역이다

IIS 5 vs. Apache

Exchange 2000 vs. Sendmail Key Point: Customers running Microsoft Exchange 2000 over its lifecycle experienced less TCO than those who ran sendmail due to less severe security issues and fewer upgrades to keep the product current. Message: In this first slide, I’ve documented the security issues with Microsoft Exchange 2000 from its release date with the Sendmail equivalent. There were six CAN entries during this period, and in late 2002, there was one instance of where the security of the sendmail download site and its mirror sites was compromised and the originals replaced with trojaned copies of sendmail. For nine days, the FTP site and its mirrors distributed the trojaned copies to its customers. Ironically sendmail was not immune this type of attack. Two other instances of trojaned sources also occurred during 2002. What’s especially important on this slide is to see that sendmail also had 14 minor version upgrades during this time period compared to 3 for Microsoft Exchange. Upgrades are very frequent, with versions only lasting for a few weeks or months. Skipping released could put a customer a risk for security issues. Sendmail usually includes their security fixes in the next version rather than patch software, so keeping up to date with this application is critical to maintaining security. I’ll address sendmail security in a little more detail later. Let’s move on to the next comparison. Background: Due to vendor inconsistency in publishing security bulletins, the CAN/CVE entries here will not match up with the CAN/CVE spreadsheet I created. Many vendors decided to simply update their sendmail packages rather than send a bulletin. You’ll see evidence of that in a later slide. References: http://www.cert.org/advisories/CA-2002-28.html CERT® Advisory CA-2002-28 Trojan Horse Sendmail Distribution http://www.cert.org/advisories/CA-2002-30.html CERT® Advisory CA-2002-30 Trojan Horse tcpdump and libpcap Distributions http://www.cert.org/advisories/CA-2002-24.html CERT® Advisory CA-2002-24 Trojan Horse OpenSSH Distribution

ISA Server 2000 vs. Squid Key points: ISA Server 2000 over its entire life cycle has been more secure than the Squid, its nearest open source comparable. Message: In this chart, its very easy to see that since its release, Internet Security and Acceleration Server 2000 (ISA Server 2000) has historically been more secure than Squid, and has had fewer software updates. This is even more dramatic when you consider that ISA Server 2000 is often exposed directly to the internet, whereas Squid is often hidden behind another firewall.

Linux Distributions Lag Behind OSS {Warning!! 1 Build in this slide!!} Key Points: Linux distributions, such as RedHat do not update their packages in the same time frame as OSS vendors do. This lag time leaves RedHat customers at risk. Message: In this slide we break down the release history of Sendmail during the calendar year 2002. Sendmail customers who relied on Redhat to keep their sendmail package up to date were vulnerable to a number of issues during 2002. There were a total of six issues reported by sendmail in 2002. Two received CAN assignments from MITRE. The trojaned distribution mentioned earlier and indicated here on the timeline by the red band, earned a warning to the general public from CERT, the Computer Emergency Response Team from Carnegie Mellon. Note the

All CVE’s : 1/1999-6/2001 연도별 취약점 발생 현황 Windows와 Unix의 모든 취약점 마이크로소프트와 Linux

Benefits of Microsoft’s Responsible Disclosure method 2002년에 보안 관련 문제로 인한 대처가 평균 2주 이내에 이루어 졌으며, 이는 Linux 제품군에 비해 최소 2주 이상 빠른 대응이다. 보안 패치 제공 평균 소요 시간

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.