목차
DNS
Domain Name System is a decentralized naming system for computers, services, or any resource connected to the internet or a private network.
→ DNS translates human-readable domain names (like example.com) into IP addresses that computers use to identify each other on the network.
DNS operates as a hierarchical and distributed database.
When you type a domain name into your web browser, your device sends a request to a DNS resolver, which then queries DNS servers to find the corresponding IP address for the domain name.
- Several protocols
- Distributed database
- Client-server-server architecture
- Routing
Vulnerability Disclosure (취약점 공개)
Vulnerability Disclosure: process of reporting security vulnerabilities found in software, hardware, or systems to the organization or entity responsible for maintaining or developing the affected product so they can fix the problem.
Private Disclosure
You tell only the vendor (판매 회사)
They decide to do whatever they want
Outcomes: being ignored, legal threats
Public Disclosure
Publishing information about a security vulnerability available to the general public.
The purpose of public disclosure is to raise awareness about the vulnerability, inform affected users or organizations, and encourage them to take appropriate actions to mitigate the risk.
Full Disclosure
The opposite of private disclosure: you tell everyone everything
Only way to bring public scrutiny to vulnerabilities
Specific approach to public disclosure where all details about a security vulnerability are made available to the public, including information about how the vulnerability can be exploited.
In a full disclosure scenario, no information is withheld, and the vulnerability is disclosed in its entirety
Difference between public and full disclosure:
- Public disclosure: some information may not be shared e.g. how to exploit the code, but in full disclosure, it's shared
Responsible Disclosure & Coordinated Vulnerability Disclosure
Full disclosure with an embargo: you give a vendor some time to fix it
After it, you can disclose it
Differences: Coordinated vulnerability disclosure emphasizes collaboration and coordination between the security researcher and vendor
CVD is the preferred term: it removes the onus (책임) on the researcher and has not moralistic label
'학교 > CS' 카테고리의 다른 글
| Lecture 13: Malware and Malware Detection (0) | 2024.04.08 |
|---|---|
| Lecture 12: Software Security and Testing (0) | 2024.04.08 |
| Lecture 11: Cryptography 4 (0) | 2024.04.08 |
| Lecture 10: Cryptography 3 (1) | 2024.04.07 |
| Lecture 9: Cryptography 2 (1) | 2024.04.07 |
댓글