doccontents
download 
Report Transcription
contents
CONTENTS 2-6 NSFOCUS 2008 07 2 Alert2008-04 5 Alert2008-05 6 7-19 7 11 16 20-38 20 P2P 23 SQL 31 33 39-49 39 IP 41 46 50-56 50 52 54 3 NSFOCUS 2008 07 NSFOCUS 1 security@nsfocus.com LDAP DNS 4.DBMS_AQELM NSFOCUS ID: 12124 2 7 http://www.nsfocus.net/vulndb/12124 NSFOCUS ID: 12137 DNS http://www.nsfocus.net/vulndb/12137 TCP/IP DNS DNS IP Oracle Database DNS 3. 16 ID Oracle DNS 2008 DLoader Class ActiveX DonwloadAndInstall 7 ID Oracle NSFOCUS ID: 12147 Oracle DNS DNS http://www.nsfocus.net/vulndb/12147 1.WWV_RENDER_REPORT PLSQL 2.Linux UC Linux P2P set-uid DNS UC 3.Internet Directory 4 ss ActiveX DLoader ClaDonw- loadAndInstall 6 Windows MS08-0 38 NSFOCUS ID: 12118 http://www.nsfocus.net/vulndb/12118 Microsoft Windows 5 4. Microsoft SQL Server MS08-040 Sun Java JDK/JRE .search-ms .search-ms NSFOCUS ID: 12135 http://www.nsfocus.net/vulndb/12135 NSFOCUS ID: 12128 Windows Windows http://www.nsfocus.net/vulndb/12128 Solaris Microsoft SQL Server JAVA Sun Java SQL Java applet JMX JWS XML SQL Server 7. Microsoft Access ctiveX SQL Server NSFOCUS ID: 12108 INSERT http://www.nsfocus.net/vulndb/12108 5 A- CSS Microsoft Access URI CSS Office Microsoft Access ActiveX Access 10. Linux Kernel sys32_ptrace NSFOCUS ID: 12129 http://www.nsfocus.net/vulndb/12129 9. Mozilla Firefox URI NSFOCUS ID: 12140 Linux Kernel Linux Linux Kernel arch/x86/kernel/ptrace. http://www.nsfocus.net/vulndb/12140 8. Firefox CSSValue c Firefox sys32_ptrace() WEB task_struct NSFOCUS ID: 12146 Firefox x86-64 http://www.nsfocus.net/vulndb/12146 URI Firefox Firefox Mozilla CSS URI Firefox URI CSSValue Firefox URI 6 Firefox refcount (Alert2008-04) SQL 2008-06-04 2008 5 14 400 IIS Web Server SQL Server </¡-] </ ASP SQL Server xp_cmdshell Web title¡-] SQL Network World 5 http://www.nsfocus.net/index.php?act=alert SQL 4 3 Microsoft 10 000 NSFocus Google ASP SQL SQL Server 7 (Alert2008-04) 6 2008-06-11 4. MS08-033 DirectX 5. MS08-034 WINS 951698 948745 6. MS08-035 6 7 953235 10 4 7. MS08-036 50762 PGM 9 Windows 6 036 7 MS08-030 10 IE http://www.nsfocus.net/index.php?act=alert MS08Windows DirectX 1. MS08-030 951376 2. MS08-031 Internet Explorer 3. MS08-032 ActiveX Kill Bit 950759 950760 8 4 2 4 29 4.29 5 58 XSS SQL Web 20 Web 9 IT XSS SQL 4.29 Internet 10 XSS SQL Internet 11 4.29 5 IT 12 20 80 Packet filter HTTP 80 P2P IT 1 2008 2 90 2.21 2 CNCERT CC 2007 IP 2006 IT 995154 22 3 2007 623 362 x86 CPU VPN UTM IPS 4 2007 61228 DDoS 2006 5 1.5 90 P2P TCP/IP WEB IM 13 ASIC NP IP WEB DDoS UTM UnifiedThreatManagement 1 ASIC/NP X86 CPU ASIC NP X86 CPU CPU UTM Unified Threat Managem- ASIC ent NP VPN IPS X86 PCI NP UTM ASIC 14 3 UTM 5 UTM IPS UTM NGSG NGSG NGSG WEB VoIP DDoS IM TCP/IP Smart Tunnel P2P P2P 1 4 2 3 4 2 NGSG NGSG Next Generation Security Gateway 15 P2P NGSG CPU X86 CPU CPU CPU NP CPU CPU NP NGSG CPU X86 CPU NGSG UTM NGSG ASIC NP NGSG ASIC NP X86 CPU IPS X86 ASIC NP NGSG NGSG NGSG 3 CPU 16 IDS NGSG NP ASIC WEB P2P IDS IPS/ NGSG 10G G 4 NGSG 17 WEB/MAIL/P2P NGSG 1 2004 9 2.1 1994 2004 66 2007 2007 6 43 2008 2007 43 147 2007 2007 861 2003 43 2003 2 27 2008 18 861 2.2 GB17859-1999 3.2 2007 60 3 2008 1 29 2007 44 32 3.1 2007 7 3.2 20 43 19 3.3 4.2 4 4.2.1 4.1 3.4 20 4.2.2 4.2.2.1 4.2.2.2 4.2.2.3 4.2.2.4 4.3 21 22 Web Server Adobe Acrobat Reader Web Web Web Web Site Script SQL Injection SQL XSS Cross RFI Remote File Inclusion Web 23 Adobe Acrobat Reader Microsoft Word Outlook 24 P2P P2P P2P P2P FTP HTTP P2P P2P P2P P2P P2P P2P Peer-to-peer P2P P2P P2P P2P P2P P2P Sun IBM P2P ent BitComet P2P P2P Client Server BT BitTorrent BT POCO PP 25 eMule kugoo VaGaa Maze P2P BitTorr- P2P 2006 Instant Messenger IM P2P CDN ICQ QQ 2.96 4792 MSN Messenger 410 89 Win- IM dows Media Real iResearch Real System 1000 P2P IM 25 P2P P2P 2010 6300 P2P 2006 P2P 40 ICQ MSN Messenger Skype QQ P2P Yahoo Messenger UC QQ VoIP IP Voice over IP P2P MSN IP IP IP VoIP P2P UUSee QQLive PPLive Joost PPStream VoIP P2P VoIP 26 Google AOL Yahoo MSN Skype P2P VoIP 60 P2P Skype 1.5 Skype 2 KaZaA P2P P2P Skype-out P2P P2P P2P Skype Skype Skype Skype Skype 1 P2P Skype botnet P2P Skype P2P P2P P2P P2P VoIP 3 P2P 40-60 90 P2P 27 4 1 Tracker Tracker Tracker P2P 5 Tracker P2P P2P 6 QoS P2P QoS BT P2P P2P P2P P2P P2P P2P Tracker DHT Tracker 28 2 P2P DHT DHT Tracker P2P Distributed Hash Table P2P DHT P2P DHT P2P 1 P2P P2P BitComet DHT BT V0.63 BitTorrent DHT RC4 Azureus uTorrent BT P2P P2P Skype Vonage VoIP P2P P2P 2 P2P DHT DHT P2P Http Ftp BT Emule 29 P2P P2P BT Emule 8080 Http P2SP P2P S P2SP 80 P2P CIO S P2P P2SP P2P 2 P2P P2P P2P VoIP P2P P2P P2S P2P Smart Tunnel P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P 1 P2P TCP/UDP P2P Edonkey 4662 BT 4661 6881-6890 IP Smart Tunnel P2P P2P 30 P2P P2P P2P RFC P2P P2P P2P P2P 1 P2P P2P P2P RFC IP HTTP FTP DNS SMTP RFC P2P P2P P2P P2P P2P P2P TCP IP TCP P2P P2P P2P P2P IP P2P 10Mbps 31 BT BT 5Mbps MSN BT IP 300Kbps 30Kbps 200Kbps P2P BT IP P2P P2P 50Kbps P2P MSN 5Mbps BT P2P 2Mbps MSN BT P2P CDN 5Mbps HTTP P2P cache P2P 2 P2P P2P MSN P2P P2P cache MSN P2P P2P P2P MSN MSN BT P2P MSN P2P P2P P2P cache MSN Messenger P2P MSN P2P P2P cache P2P P2P P2P cache P2P 32 P2P SQL Web Web SQL SQL Wikipedia WEB 66% Web Gartner W WW C/S SQL ERP Email WWW Web Web Web Web Google Web Office Live Web 1 Web Web Amazon Google Apps Web CGI Web CGI MySpace Web Web CGI Web Google eBay Symantec Blogger Web Hotmail 2007 Web 33 CGI 6 CGI SQL SQL 1999 2 Allaire SQL SQL SQL Google SQL Web 1999 5 CGI RFP Matthew Astley NT ODBC Web VBA SQL 2000 SQL Access SQL 2 RFP Packetstrom SQL SQL wwwthreads wwwthreads SQL Web 2000 SQL 9 David Litchfield Blackhat IIS SQL 1 insertion SQL ASP 2 Web SQL Structured Query Language SQL 2000 2 ANSI 1998 SQL 12 Rain Forest Puppy RFP Phrack NT Web 54 SQL 2001 34 FAQ 4 David Litchfield ODBC RFP SQL SQL- SQL SQL SQL URL Chip Andrews Security.com Web Web 10 Web SQL Blackhat 2002 1 Chris Anley SQL Server 10 000 SQL SQL 4 Google ASP SQL 2002 6 Chris Anley SQL 1 2004 Blackhat SQL 3 SQL Server 0x90.org SQeaL Absinthe SQL SQL 10 2007 SQL Web SQL ASP Network World 2008 5 13 SQL 5 4 3 SQL SQL 5 35 5 2 Web SQL SQL 3 100 3 Web Web Web Web Web Web Web SQL 1 Web SQL Web root SQL Web 10 36 1998 Web Web 2007 2008 SQL Web [1] The Web Application Hacker’s Handbook, Dafydd Stuttard & Marcus Pinto, 2008 [2] Data-mining with SQL Injection and Inference, David Litchfield, 2005 [3] Advanced Topics on SQL Injection Protection, Sam NG, SQLBlock.com, 2006[4] Mass SQL injection attack targets Chinese Web sites http://www.networkworld.com/news/2008/051908-mass-sql-injection-attack-targets.html [5] SQL Injection Attack http://blogs.technet.com/swi/archive/2008/05/29/sql-injectionattack.aspx [6] XFocus Team 2005 37 38 TELNET FTP ORALCE SQL SERVER MY SQL DB2 Sybase Infomix SQL Server Oracle IP MS Word Html JPG TCPKiller SQL IP IP SSL 39 1 40 ISO 27001 IT ISO IT 27001 IT IT IT ISO 27001 ISO 27001 41 42 IP IP IP 1 P2P BGP VoIP (1) (2) 2 (3) DDoS SPAN Netflow DDoS SYN Flooding ACK Flooding sFlow SNMP ICMP Flooding UDP Flooding DDoS CC SIP DNS Payload ARP Flooding ARP 43 TCP-flag Flooding SYN 3.1 3.2 3.2.1 ICMP 10:1 ICMP Req/Rsp ICMP 3.2.2 3 24 SYN 288 44 N 5 N 3.2 5 5 3.2 3.2.4 3.1 3.3 3.1 3.2.3 45 5 3.3.1 DDoS 3.3.4 P2P P2P 5 1) 10% IP 90% P2P 2) P2P 3) P2P P2P 4) P2P P2P P2P 3.3.2 DDoS 5) P2P 5 10% 3.3.3 IP P2P 3.1 3.2 IP 46 IP P2P P2P P2P P2P 4 3.2 3.3 P2P P2P 47 3.3 security level PL/ SQL security level MAC Oracle Label Security Oracle8i Oracle 10g DAC Oracle Label Security Oracle MS SQLServer Oracle DB2 Informix DAC Oracle9i SQL Oracle9i WHERE MAC SQL Trusted Oracle 7 Oracle8i/9i/10g/11g DB2 9 Informix Dynamic Server 11 MAC Label Security RBAC Oracle8i/9i/10g/11g DB2 9 Informix 48 Dynamic Server 11 MS SQLServer C2 RBAC RBAC 5 users 3) B A roles perms B1 objects B1 operators B2 B3 B2 A sessions MS SQLServer DB2 Informix Oracle C2 B2 Oracle Informix Online Secure NCSC B1 authentication authorization Access Control B B3 Encrypt DB Inference Control Privacy Protection TCSEC DB Monitor 4) 1) 2) A D C verified design A C1 Inference Channel C2 49 4 1 4 2 Compartmentalize 3 User Least Privilege 50 Reduce Your Attack Surface Defense in Depth Do Not Trust User Input Check at the Gate Fail Securely Secure the Weakest Link Create Secure Defaults 51 NSPS 4 14 16 2007 30 52 6 1988 8 RSA 4 The Great Socialist People's Libyan Arab Jamahiriya IDC 6 3 IDC DDoS IDC IDC 2008 53 50 NTA SP2000 NTA SE2000 8 DDoS Netflow sFlow SP2000 SE2000 SP2000 54 2007 6 6 IP 55 2003 CIO CIO 3 3 13 CIO 27 2008 NSPS CIO 2007 2008 CIO 300 CIO CIO 56 2008 4 22 8 NSPS 57 4 20 2000 6 9 13 2008 Interop Tokyo Interop West Coast Labs SOX Juniper Nokia Avaya Cisco NTT NEC Panasonic Fujitsu Interop 4 7 RSA Conference 58