My Comments on Information Security Policy when I was a young student
The information security policies that were explained on this lecture are policies when handling vulnerabilities. I strongly agree to this policy due to my past experience in modifying systems. Most of the time I broke the system and the best way after that is to rebuild the system from the beginning. In summary the policies on this lecture is mainly about identifying the vulnerabilities and plan the action that must be done, backup the system and make sure it can be restored, and finally we may modify the system. This lectures explained the policies when facing vulnerabilities in the kernel, server program, and server common gateway interface (CGI). This is the third assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.
1. Kernel Vulnerabilities
- Design of the kernel itself.
- Drivers embedded in the kernel.
- The driver’s module.
If it is the kernel design then we have no choice but to modify the whole system. The same applies if the driver is directly embedded in the kernel. If it is only the driver module then we can only focus on the module.
2. Server Program and CGI Vulnerabilities
- Program’s and Common Gateway Interface (CGI)’s design.
- Problem on some modules.
For the design itself we must reprogram the whole thing. If it’s due to misconfiguration for example allows code injections, and unintentionally leave an open port, we reconfigure the configuration usually by editing the configuration file. If…