편집
1,319
번
바뀜
새 문서: STRIDE 위협 모델은 Microsoft가 컴퓨터 보안 위협을 분류하고 체계적으로 방어하기 위해 만든 모델이다. # Spoofing 신분위장 (An attacker tries to be...
STRIDE 위협 모델은 Microsoft가 컴퓨터 보안 위협을 분류하고 체계적으로 방어하기 위해 만든 모델이다.
# Spoofing 신분위장 (An attacker tries to be something or someone he/she isn't)
# Tampering 데이터 조작 (An attacker attempts to modify data that's exchanged between your application and a legitimate user)
# Repudiation 자기부인 (An attacker or actor can perform an action with your applicatoin that is not attributable)
# Information Disclosure 정보유출 (An attacker can read the private data that your application is transmitting or storing)
# Denial of Service 서비스 거부 (An attacker can prevent your legitimate users from accessing your application or service)
# Elevation of Privilege 권한상승 (An attacker is able to gain elevated access rights through unauthorized means)
각 위협 유형별 대응책은 다음과 같다.
* Spoofing - 사용자 식별
* Tampering - 해시(hash)
* Repudiation - 전자서명(digital signature)
* Information Disclosure - 암호화(encryption)
* Denial of Service - 네트워크 필터링
* Elevation of Privilege - 최소권한(least privilege) 원칙 준수
[[분류:보안]]
[[분류:CISSP]]
# Spoofing 신분위장 (An attacker tries to be something or someone he/she isn't)
# Tampering 데이터 조작 (An attacker attempts to modify data that's exchanged between your application and a legitimate user)
# Repudiation 자기부인 (An attacker or actor can perform an action with your applicatoin that is not attributable)
# Information Disclosure 정보유출 (An attacker can read the private data that your application is transmitting or storing)
# Denial of Service 서비스 거부 (An attacker can prevent your legitimate users from accessing your application or service)
# Elevation of Privilege 권한상승 (An attacker is able to gain elevated access rights through unauthorized means)
각 위협 유형별 대응책은 다음과 같다.
* Spoofing - 사용자 식별
* Tampering - 해시(hash)
* Repudiation - 전자서명(digital signature)
* Information Disclosure - 암호화(encryption)
* Denial of Service - 네트워크 필터링
* Elevation of Privilege - 최소권한(least privilege) 원칙 준수
[[분류:보안]]
[[분류:CISSP]]