September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
12
|
第
2
章
本章将深入研究破坏安全性的恶意攻击者,以帮助各个领域的专家培养对抗的思维方式。你
可能会从流行的刻板印象角度来想象恶意攻击者:在黑暗的地下室中,拥有聪明绰号的攻击
者在暗中搞破坏。尽管确实存在如此个性鲜明的角色,但是任何有时间、有知识或有钱的人
都可能破坏系统的安全性。只需支付少量费用,任何人都可以购买软件,接管他们可以接触
的计算机或手机。黑客通常会购买或构建软件,以破坏其目标系统。研究人员经常探查系统
的安全机制,以了解其工作原理。因此,我们鼓励对系统攻击者保持客观的看法。
没有相同的两次攻击,也没有相同的两个攻击者。我们建议先看看第
21
章
,以了解与攻
击者打交道的文化。即使是对知识丰富的安全专家来说,预测未来的安全事故在大多数时
候也只是猜谜游戏。下面几节介绍了多年来我们发现的有助于理解攻击者的三个框架:探
索攻击者的潜在动机、常见攻击者的画像,以及如何思考攻击者的方法。我们还分别提供
了三个框架的演示性案例,希望你能感受到其中的趣味。
2.1
攻击者动机
破坏安全性的首要攻击者是人(至少目前是)。因此,我们可以通过攻击者的视角来考虑
其目的。这样做能让我们更好地了解如何采取主动的(系统设计时)和被动的(应急响应
时)措施。请考虑以下攻击动机。
好玩
破坏系统安全纯粹是为了好玩,知道系统可以被攻破。
声望
为了炫技而得恶名。
激进主义
为了发表观点或传播信息,通常是政治观点。
获得金钱
为了赚钱。
胁迫
故意让受害者做他们不想做的事。
操纵
为了达到预期目的或者改变他人的行为,例如发布造假的数据或信息。
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.