위협의 종류와 대응책

Microsoft가 분류하는 위협의 종류와  각 항목에 대한 대응책에 대해서 정리해봅니다.

 

Threat Countermeasures
Spoofing user identity
(거짓된 ID사용하여 접근권한 획득)

Use strong authentication.
Do not store secrets (for example, passwords) in plaintext.
Do not pass credentials in plaintext over the wire.
Protect authentication cookies with Secure Sockets Layer (SSL)

Tampering with data
(인가받지않은 데이타 변조)

Use data hashing and signing.
Use digital signatures.
Use strong authorization.
Use tamper-resistant protocols across communication links.
Secure communication links with protocols that provide message
integrity.

Repudiation
(부인)

Create secure audit trails.
Use digital signatures.

Information disclosure
(정보유출)

Use strong authorization.
Use strong encryption.
Secure communication links with protocols that provide message
confidentiality.
Do not store secrets (for example, passwords) in plaintext.

Denial of service
(서비스 거부)

Use resource and bandwidth throttling techniques.
Validate and filter input.

Elevation of privilege
(권한 상승)

Follow the principle of least privilege and use least privileged service
accounts to run processes and access resources.

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다