Microsoft Press Microsoft Encyclopedia of Security

[ Pobierz całość w formacie PDF ]
.The firewall monitoring theand by monitoring Internet traffic for content that isconnection is thus unable to differentiate the requestcounter to laws or practices in these countries.Thefrom one made to a standard SSL-protectedPeekabooty Project is a project for developing ae-commerce site, and the result is the user has secretlypeer-to-peer (P2P) network that can allow citizens inaccessed prohibited content.these countries to secretly access content that is other-wise censored by local authorities.Web serverwith "forbiddencontent"PFirewall3Getcontent1 2Proxied URL request HTTP request4Encrypted responsePeekabootyUsernodeInternetf0Pes02Peekabooty Project.How Peekabooty works.240PEM perfect forward secrecy (PFS)In order to use Peekabooty, users are not required to �� There are two ways to perform penetration testing on ainstall any software on their client computers (installing �� network:such software might be interpreted by local authorities ��% Remote penetration testing: Trying to uncoveras an illegal act and may get users into trouble).All ��weaknesses in defense from outside the network.users must do to use Peekabooty is configure the proxy ��This can be done either with no prior knowledge ofsettings for their Web browser to forward requests for ��network configuration (no-information penetrationURLs to Peekabooty nodes on the Internet.The hope ��testing) or in conjunction with network documenta��behind Peekabooty is that so many civil libertarians ��tion provided by the company whose network isworldwide will eventually allow their computers to be ��being tested.Although no-information penetrationused as Peekabooty nodes that countries censoring ��testing might seem preferable since it aligns moreInternet content will be unable to block all possible ��closely with how attackers usually work, in practicenodes, enabling users in these countries to always find ��it can be less useful because penetration testing isnew nodes for accessing banned content.This distrib��usually a time-limited evaluation phase and attack��uted model is common in P2P computing and makes it ��ers often have lots more time on their hands.difficult to control once it is deployed, which is the ��whole idea behind Peekabooty: to set up something that �� % Internal penetration testing: Analyzing the secu��authorities can t control.�� rity of the network from within by examining systemconfigurations and performing various tests.ThisFor More Information1approach can be more comprehensive than remoteVisit www.peekabooty.org for more information.��testing, but best practice is usually to combine bothSee Also: firewall, privacy, Publius Project types of testing to ensure potential vulnerabilitiesare not overlooked.PEMMarketplaceA number of organizations provide penetration servicesStands for Privacy Enhanced Mail, a scheme for ensur��for other companies, including En Garde Systems,ing the privacy of e-mail sent over the Internet.KSAJ Inc., the NCC Group, and Procinct Security.See: Privacy Enhanced Mail (PEM)Companies should perform due diligence prior to hiringorganizations that perform such tests because improperlyconducted tests could actually result in damage or harm Ppenetration testingto systems or data.Companies with trained securityTesting the security of network defenses.personnel may be able to perform their own penetrationOverviewtests using popular security tools such as Nmap andConfiguring networks so they are secure is one thing;Nessus.testing configurations to see whether they are secure isanother.Penetration testing is an important part of net- See Also: Nessus, Nmap, vulnerabilitywork security and involves testing various aspects ofnetwork defense to see whether they really work.Pene��perfect forward secrecy (PFS)tration testing can uncover a variety of weaknesses inA property of an encryption scheme that makes it diffi��network defenses, including vulnerable services, proce��cult to compromise.dural weaknesses, ineffective policies, and configura��Overviewtion problems.Penetration testing can test every aspectIf an encryption scheme has perfect forward secrecyof a network including the internal local area network(PFS), attackers cannot compromise a communication(LAN), servers, workstations, dial-in and leased-linesession even if they could eavesdrop to obtain a tran��wide area network (WAN) links, firewalls, operatingscript of an entire conversation and also break into eachsystems, and applications.241perimeter network personal identification device (PID)party s system and steal their long-term secrets.Typical permissions depend on the type of permissions beingencryption schemes that have PFS are those that use considered [ Pobierz całość w formacie PDF ]

download - pobieranie - ebook - do ÂściÂągnięcia - pdf

Menu