MITM MPSA M Overview The Microsoft TechNet Security site contains a vast amount of information useful to IT information tech- nology professionals who need to ensure Microsoft platforms
Trang 1MITM MPSA
M
Overview
The Microsoft TechNet Security site contains a vast
amount of information useful to IT (information tech-
nology) professionals who need to ensure Microsoft
platforms and products are deployed, configured, and
administered securely Some of the topics covered by
the site include the following:
● Access to the latest security bulletins from
Microsoft Corporation and information on how to
subscribe to the Microsoft Security Notification
Service
● Security resources, including assessment tools,
checklists, best practices, how-to tutorials, case
studies, security tips, service packs, rollup pack-
ages, and hotfixes
● Access to security-related newsgroups and infor-
mation on how to contact the Microsoft Security
Team
● Information on how to protect, detect, defend,
recover, and manage security-related issues
● Links to security-related training, books, and
third-party products and services
For More Information
Visit www.microsoft.com/technet/security/ for more
information
See Also: Microsoft Security & Privacy
MITM
Stands for man-in-the-middle attack, an attack in which
the attacker impersonates both ends of a secure commu-
nication channel
See: man-in-the-middle (MITM) attack
Morris worm
A notorious Internet worm that also acted as a virus
Overview
The Morris worm was one of the first worms to cause
damage to systems and achieve widespread media recog-
nition The worm was developed by Robert Morris, Jr., a
student at Cornell University, and though originally designed simply to spread and not cause harm, a coding error caused the worm to repeatedly replicate itself until
it consumed available memory, filled free space on hard drives, and drove processor utilization to 100 percent The result was denial of service (DoS) for legitimate users and systems that crashed and needed their hard drives to be cleaned before they could restart
The Morris worm first appeared in November 1988 and spread rapidly across the Internet, infecting Sun servers and VAX minicomputers by exploiting vulnerabilities
in the Sendmail, Fingerd, Rsh, and Exec daemons on UNIX platforms The worm infected at least 6000 sys- tems, which at the time represented about 10 percent of the Internet, and the resulting cleanup costs and busi- ness downtime was estimated at $98 million
One of the results of the Morris worm was the forma- tion of the Computer Emergency Response Team (CERT), later the CERT Coordination Center (CERT/ CC), at Carnegie Mellon University, to respond to such incidents in the future Another result was Morris’s con- viction under the Computer Fraud and Abuse Act, a U.S federal law that was first applied in the Morris case After several appeals, Morris was eventually sen- tenced to three years probation, a $10,050 fine, and 400 hours of community service, and he went on to become
an assistant professor at Massachusetts Institute of Technology (MIT) Interestingly, Morris’s father, Robert Morris, Sr., was a famous cryptographer at the National Computer Security Center (NCSC) of the National Security Agency (NSA)
See Also: CERT Coordination Center (CERT/CC),
worm
MPSA Stands for Microsoft Personal Security Analyzer, a tool for identifying common security misconfigurations in Microsoft products, now supplanted by the Microsoft Baseline Security Analyzer (MBSA)
See: Microsoft Personal Security Analyzer (MPSA)
198
Trang 2MITM MPSA
M
Overview
The Microsoft TechNet Security site contains a vast
amount of information useful to IT (information tech-
nology) professionals who need to ensure Microsoft
platforms and products are deployed, configured, and
administered securely Some of the topics covered by
the site include the following:
● Access to the latest security bulletins from
Microsoft Corporation and information on how to
subscribe to the Microsoft Security Notification
Service
● Security resources, including assessment tools,
checklists, best practices, how-to tutorials, case
studies, security tips, service packs, rollup pack-
ages, and hotfixes
● Access to security-related newsgroups and infor-
mation on how to contact the Microsoft Security
Team
● Information on how to protect, detect, defend,
recover, and manage security-related issues
● Links to security-related training, books, and
third-party products and services
For More Information
Visit www.microsoft.com/technet/security/ for more
information
See Also: Microsoft Security & Privacy
MITM
Stands for man-in-the-middle attack, an attack in which
the attacker impersonates both ends of a secure commu-
nication channel
See: man-in-the-middle (MITM) attack
Morris worm
A notorious Internet worm that also acted as a virus
Overview
The Morris worm was one of the first worms to cause
damage to systems and achieve widespread media recog-
nition The worm was developed by Robert Morris, Jr., a
student at Cornell University, and though originally designed simply to spread and not cause harm, a coding error caused the worm to repeatedly replicate itself until
it consumed available memory, filled free space on hard drives, and drove processor utilization to 100 percent The result was denial of service (DoS) for legitimate users and systems that crashed and needed their hard drives to be cleaned before they could restart
The Morris worm first appeared in November 1988 and spread rapidly across the Internet, infecting Sun servers and VAX minicomputers by exploiting vulnerabilities
in the Sendmail, Fingerd, Rsh, and Exec daemons on UNIX platforms The worm infected at least 6000 sys- tems, which at the time represented about 10 percent of the Internet, and the resulting cleanup costs and busi- ness downtime was estimated at $98 million
One of the results of the Morris worm was the forma- tion of the Computer Emergency Response Team (CERT), later the CERT Coordination Center (CERT/ CC), at Carnegie Mellon University, to respond to such incidents in the future Another result was Morris’s con- viction under the Computer Fraud and Abuse Act, a U.S federal law that was first applied in the Morris case After several appeals, Morris was eventually sen- tenced to three years probation, a $10,050 fine, and 400 hours of community service, and he went on to become
an assistant professor at Massachusetts Institute of Technology (MIT) Interestingly, Morris’s father, Robert Morris, Sr., was a famous cryptographer at the National Computer Security Center (NCSC) of the National Security Agency (NSA)
See Also: CERT Coordination Center (CERT/CC),
worm
MPSA Stands for Microsoft Personal Security Analyzer, a tool for identifying common security misconfigurations in Microsoft products, now supplanted by the Microsoft Baseline Security Analyzer (MBSA)
See: Microsoft Personal Security Analyzer (MPSA)
198