September 2021
Beginner to intermediate
392 pages
12h 13m
Chinese
book
Google系统架构解密: 构建安全可靠的系统
by Heather Adkins, Betsy Beyer, Paul Blankinship, Piotr Lewandowski, Ana Oprea, Adam Stubblefield
Content preview from Google系统架构解密: 构建安全可靠的系统
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
了解攻击者
|
21
2.4
风险评估注意事项
了解潜在的攻击者是谁及其可能使用的方法是复杂又微妙的。在评估各种攻击者造成的风
险时,我们发现以下因素非常重要。
你可能没有意识到你是目标
你的公司、组织或项目是否为攻击者的潜在目标,这可能不会立即显现出来。许多组
织,尽管规模较小或没有参与处理敏感信息,也可能被利用来实施攻击。
2012
年
9
月,
Adobe
(
一家以支持内容创建者的软件而闻名的公司)披露了有攻击者侵入其网络,使
用该公司的官方软件签名证书对其恶意软件进行数字签名,其意图很明确——这使得攻
击者能够部署对防病毒软件和其他安全保护软件来说是合法的恶意软件。考虑你的组织
是否有攻击者感兴趣的资产,无论是为了直接获利还是作为针对其他人的更大型攻击的
一部分。
攻击的复杂程度并不能真的帮你成功预测攻击
即使攻击者拥有大量的资源和技能,也不要认为他们总会选择最困难、最昂贵或最深奥
的方法来实现他们的目标。一般而言,攻击者会选择最简单、最具成本效益的方法来危
害符合其目标的系统。例如,一些最突出、最具影响力的情报收集行动依赖于基本的网
络钓鱼手段——欺骗用户交出密码。因此在设计系统时,与其担心稀奇古怪的攻击路数
(如固件后门),不如先覆盖最基础的安全措施(如使用双因素身份验证)。
不要低估攻击者
不要假设攻击者不能获得资源来实施昂贵或困难的攻击。仔细考虑一下针对你的攻击者
愿意花多少钱。但是,请记住这类情况在很大程度上是例外,而非常态。
归因是很难的
有动机的攻击者可以用创造性的方式隐藏他们的动机和身份,例如,他们可以将自己伪 ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.