The most unreasonable and most simple form of attack is a denial of service (DoS) attacks. This attack is not to invade the system to obtain sensitive information, its purpose is to make the system collapse, so the user can not respond to legitimate requests. And that such attacks can be very simple, without any technical foundation; its ideological nature of the payload is a breakthrough device.

Recently, one of the world's most popular office software, Adobe Reader 9 and Acrobat 9 as well as their earlier versions, was found "zero-day vulnerabilities." Duba Cloud Security Center is an urgent assessment of the danger of this vulnerability, although the present situation not found in domestic attacks using this vulnerability the case out, but in order to avoid unnecessary loss of businesses and individuals, Duba anti-virus experts will introduce the prevention programs.

Firewall is to protect our network the first barrier, if this line of defense was lost, then our network to danger! So we need to take note of the attention of firewall issues!

[Background]

Construction Bank, Guangdong Branch of the core business systems are currently running on HP 9000/800 server platforms, including the savings system, accounting system, credit card system, a provident fund system. Personnel involved, including system operation and maintenance of post, post operation and maintenance savings, accounting, operation and maintenance Kong, bank card operation and maintenance posts. As the UNIX permissions system, the system shows that there are some security risks of these systems:

The request to allow the user to run programs on the server itself is a security vulnerability, so only when necessary, it allows the user to use these features.

November 28, 2008 reported that, Google announced that, Gmail security flaws in web site was used to kidnap the issue, and upon inspection it actually phishing up to no good.

RSA's supervisor at the RSA Conference in San Francisco said the amount of data continue to soar, the value of the enterprises is also rising, and the constant renovation of various types of modus operandi makes multi-layer enterprise security measures are becoming increasingly more important. While simplifying the implementation of user needs for security have become stronger.

Recently, the security company Secure ScIEnce said Lance James, founder, Skype and Google Voice loopholes, which allow an attacker to monitor the call, even an unauthorized telephone call.

Not long ago, the Internet be exposed Windows 7 Beta's UAC (User Account Control) in the presence of a security vulnerability malicious software or code when trying to close the UAC feature, the system will not prompt the user, and Microsoft has contested Road, this is not a loophole, and that in the official version of Windows 7 will not have to be modified.

Exploits

Microsoft (Microsoft), the total was the most ironic that hackers find vulnerabilities before, when they fell down Windows, Microsoft added a few words come out: "The latest patch has been released, if the customer does not have time to download patches and consequences, we will not be responsible! "

Symantec announced that Norton Internet Security 2007 Vista compatible version, will be randomly installed in the world-renowned computer brand Acer PC. Acer (Acer) is currently the world's fourth-largest PC brand, has sold more than 45 million units of Acer desktop and notebook computers. Acer personal computers of consumers can now experience the Norton Internet Security 2007 (90-day trial version), once industry-leading security products, comprehensive protection for their personal computer from spyware, viruses, worms and hackers user's system, while the use of anti-phishing tools, to avoid visiting fraudulent Web sites. In addition, Norton Internet Security 2007 offers the industry's innovation, "zero hour" protection to consumers from Internet threats.

DDoS attacks are not what people can do, in fact, we must first understand the principles of DDOS attacks that DDoS attacks more difficult to implement because the operator should attack the invasion to master certain skills. We here to tell you often see on the Internet attack tools like we make a detailed explanation, they were trin00 and Tribe Flood Network.

U.S. local time on November 8, Microsoft released this month, the highest severity rating the only security bulletin MS05-053. Notice called loopholes in graphics rendering engine could allow remote code execution (896424). Currently the affected operating systems include all of the above Windows2000 operating system, the latest 64-bit version of the operating system did not escape.

However, according to security expert David Campbell of the calculation, even the security experts recommend users do not use mixed case of letters of the password combinations, using the Amazon cloud computing services provided by the brute force password hacker, the reason for high costs may will not be able to use this service have 12-bit length of the password cracking.

According to security service providers Zscaler network traffic analysis company's latest report found that, with prior e-mail server for the network and focus on different Gongji recently attacker to point the finger more business users, the end user from within the system structure threats, and then use them to access confidential data.

Recently, Microsoft has just released seven new security bulletins: MS07-023 to MS07-029. The security bulletins describe the 18 security issues, relating to the various versions of Microsoft Windows, IE, Office and Exchange Server and other products and services in the holes. However, the Green League, according to technology research team safety test results show: All of the above holes belong to the "emergency" level of risk, an attacker may exploit these vulnerabilities remotely complete control of the invasion and the client system.

IT risk for the growing concern for companies, monitoring and management of this visit is undoubtedly a major challenge. From regulatory compliance, operational efficiency and cost reduction challenges, so that identity and access management systems greatly affect business operations. CIO magazine and PricewaterhouseCoopers report shows that, IT security is a major challenge facing businesses in Asia. The report states that during 2004, 75% of Asian companies had one security problem caused a system crash.

Netscreen-1000 is a high performance firewall, hardware firewall, the target user is the IDC and large e-commerce sites. Hardware firewall is the so-called policy enforcement and processing by the ASIC chip implementation of the decryption, so much faster than any other firewall. Netscreen firewall software features from the point of view is the state detection and application proxy firewall mixed, for most applications is to monitor the communications Netscreen firewall status, communications status, if found to be denied entry into the abnormal protected internal network, FTP or H232 for poor state of communication such as tracking service Netscreen firewall services through the application of agents to ensure safety.

Early glimpse of wireless intrusion

We all used to "wired" invasion of skills, if true, then the invasion of learning, in fact, wireless intrusion is also vital,

Linux, firewall (firewall) from birth to now, the firewall has gone through four major stages: the first stage: router-based firewalls; the second phase of user-based firewall tool kit; the third stage: the establishment of the common operating system firewall; the fourth stage: the operating system has a security firewall. The world's most firewall vendors are combined with the secure operating system software and hardware firewall, like the famous NETEYE, NETSCREEN, TALENTIT so. In the Linux operating system has a lot of firewall software, some of the commercial version of the firewall, and still others are completely free and open source firewall. Most Linux tutorial mentioned in the Linux platform, how to build a firewall using IPCHAINS. Set up and manage Linux operating system firewall is the important work of the network system administrator.

What is a honeypot?

In short, the honeypot is a computer system located on the Internet, its specific purpose is to attract and "trap" trying to infiltrate other people's computer systems hacker. To create a real honey pot, the user needs to do a lot, but requires users to be at least three, first, do not install a patched operating system, and the need to use the default configuration, the second is to ensure that the system does not have any data, Third, add a intruder activity is designed to record the application.

I am sure 0day, is no stranger to the words vulnerabilities in the Internet era, a lot of viruses, Trojans are likely to come through the system's vulnerabilities to spread and produce acts of sabotage, such as shock waves, Sasser and other viruses are very good example. At the same time, many Trojan or backdoor initiative will trick the user activation, or breaking into computers using vulnerabilities. At this time, for most companies and home users, the patch in time to the operating system is a good habit, we will no longer be a system crash, data loss or leakage of confidential information of problem. So what is the system vulnerabilities, system flaws if the patch will not fight any harm, vulnerability patch hit the mainstream market of products which, how can the system faster and better way to patch holes stamped?

Linux is a multi-user system, once people get to your root user after he Jiu Ke Yi in your system manipulation, because single-Yong Hu right system 完全 control permissions to enter if improper operation or others, the consequences could be inconceivable, how to prevent the entry of single users, and has the following aspects of attention.

Microsoft recently had a report condemning the reported existence of Windows Media Player allow remote code execution vulnerability.

Chinese espionage attacks against the network is becoming more and more, China's national security has never been so closely associated with the network. "A recent national authorities to accept the" Global Times, "an exclusive interview. The following conditions for the average person may be quite surprising: there are tens of thousands of foreign IP glued to end horse control in China is controlled by computer, thousands of zombie network control servers for the mainland, and even foreign espionage organizations to set up dozens of network intelligence base, crazy with "wolf tactics", "leapfrog attack" and told me to steal secrets and intelligence penetration of network