Python Notes for mca i year students osmania university.docx
Host Application and Data Security ch4.pptx
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23. A security template is a text file that represents a
security configuration. You can apply a security template
to the local computer, import a security template to
Group Policy, or use a security template to analyze
security
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34. SCADA connects the sensors that monitor equipment like motors,
pumps, and valves to an onsite or remote server
47. Data that is considered critical to the organization or needs to be confidential can be
tagged as
such through DLP.
Index matching is so sensitive that even if a handful of lines of
source code from 10,000 lines of protected code are entered into
an email message, the DLP system will identify it.
Thereafter, if even a small part of that document is leaked, the
DLP system can recognize the snippet as being from a protected
document.
Editor's Notes
Deterrent :duh·teh·ruhnt: measures to discourage attack.
Password, new user account and no usb device
A hotfix or quick-fix engineering update (QFE update) is a single, cumulative package that includes information (often in the form of one or more files) that is used to address a problem in a software product (i.e., a software bug). Typically, hotfixes are made to address a specific customer situation.
a combination of hardware and software enabling the capture of data within, and automation of, industrial processes. SCADA connects the sensors that monitor equipment like motors, pumps, and valves to an onsite or remote server
A wrapper function is a subroutine (another word for a function) in a software library or a computer program whose main purpose is to call a second subroutine or a system call with little or no additional computation.
In programming languages such as JavaScript, a wrapper is a function that is intended to call one or more other functions, sometimes purely for convenience, and sometimes adapting them to do a slightly different task in the process
In any real-world program, it is essential to check every function call for an error return. In Figure 1.5, we check for errors from socket, inet_pton, connect, read, and fputs, and when one occurs, we call our own functions, err_quit and err_sys, to print an error message and terminate the program. We find that most of the time, this is what we want to do. Occasionally, we want to do something other than terminate when one of these functions returns an error, as in Figure 5.12, when we must check for an interrupted system call. https://www.masterraghu.com/subjects/np/introduction/unix_network_programming_v1.3/ch01lev1sec4.html
Divulges: make known secret information
A similar type of attack is a cross-site request forgery (XSRF); this attack uses the user’s web
browser settings to impersonate the user. When a web browser receives a request from a web
application server, it automatically includes any credentials associated with the site (the IP
address, the user’s session cookie, any basic authentication credentials, etc.) with the requests.
If a user is currently authenticated on a website and is then tricked into loading another webpage,
the new page inherits the identity and privileges of the victim to perform an undesired
function on the victim’s behalf, such as changing the victim’s email address and password or
making an online purchase.
Data that is considered critical to the organization or needs to be confidential can be tagged as
such through DLP. A user who then attempts to access the data to disclose it to another unauthorized
user will be prevented from doing so.
Most DLP systems use content inspection. Content inspection is defined as a security analysis
of the transaction within its approved context. Content inspection looks at not only the security
level of the data, but also who is requesting it, where the data is stored, when it was
requested, and where it is going.
Snippet a small piece or brief extract.
