-
3.1 Web Security
3.2 VoIP Security
3.3 P2P Securitywebsiteweb serverweb applicationweb serverweb
applicationInternetVoIP (Voice over IP) VoIPP2P (peer to
peer)P2PFOXYeMuleBTBitComet..P2PKiller applications: WebVoIPP2P
-
3.1 Web security
3.1.1 Web server
3.1.2 Web site
3.1.3 Web Application
Web SecurityWeb serverWeb ServerApache http
serverMicrosoftInternet Information Services (IIS)Web site(yahoo
searchgoogle search)Web ApplicationWeb Applicationroot
-
3.1.1 Web serverApache NCSARob McCool NCSA HTTPd 1995 Apache
0.6.220002.02.2.8 ApacheUNIXLINUXWindowsHTTPApache Apache 1997 1
Apache Apache Apache2002(Chunk Handling Vulnerability) Apache
Apache
http://httpd.apache.org/
-
3.1.1 Web serverApache-Chunk Handling Vulnerability ():Apache
web server RFC2616 HTTP 1.1 chunk-encoded data chunk-encoded HTTP
requests Sun Microsystems2003Security Sun Alert Archive Reference
for Year 2002Apache38(Security Vulnerability in the Way Apache Web
Servers Handle Data Encoded in Chunks)Apache HTTP serverWebApache
server
apachehttp://httpd.apache.org/info/security_bulletin_20020617.txt
-
3.1.1 Web serverApache Apache(Module)
mod_cgimod_proxyApachemod_python
bugbugApachemod_pythonApachePatch
https://rhn.redhat.com/errata/RHSA-2004-063.html
-
3.1.1 Web serverApache
log
(Access Rights)nobody Apachenobodyroot Apache
root
(Symbolic Links)
Apache
httpd.conf .htaccess options -Indexes
Apache (Nkitohttp://www.cirt.net/code/nikto.shtml)
http://www.cert.org.tw/document/column/show.php?key=83
-
3.1.1 Web serverMicrosoft Internet Information Services
(IIS)MicrosoftWebweb IISHTTPIISFile Transfer
ProtocolFTPFTPWebWebIIS HTTP(Malformed request):
(http://www.microsoft.com/technet/security/bulletin/ms00-086.mspx)
MicrosoftMS00-086IIS 5.0Web Server File Request Parsing IIS
serverexeexeOSIIS serverexeOSIIS server
(http://www.microsoft.com/technet/security/bulletin/MS01-033.mspx)
Internet Server Application Programming Interface (ISAPI)
extensions ASPHTRIDQPHP extensions(Sample
Applications)(http://technet.microsoft.com/en-us/library/bb687367.aspx)
WebWebnewdns.exeiisadmadministrator Microsoft IIS server
http://www.iis.net/default.aspx?tabid=1
-
3.1.1 Web serverMicrosoft 2007 Internet Information Services -
(Remote Code Execution)Microsoft Internet Information
ServicesURL(crafted URL requests)IISIIS
http://www.microsoft.com/technet/security/Bulletin/MS07-041.mspx
-
3.1.1 Web
serverIIS:http://www.cert.org.tw/service/VulDB/sans_group.php?group=sans&key=iishttp://www.microsoft.com/downloads/render.aspx?displaylang=en&content=updateserviceshttp://technet.microsoft.com/en-us/wsus/default.aspxhttp://www.microsoft.com/technet/security/tools/default.mspxhttp://www.microsoft.com/technet/security/tools/hfnetchk.asp
%wwwroot%/scripts ISAPI Extension IIS IIS Lockdown .
http://www.microsoft.com/technet/security/tools/locktool.mspx HTTP
IISHTTPHTTP URLScan Security
Tool:http://www.microsoft.com/technet/security/tools/urlscan.asp
:http://www.microsoft.com/technet/security/tools/urlscan.mspx
-
3.1.2 Web siteWeb sitesMicrosoft2006Internet
Explorer-Vulnerability in Vector Markup Language Could Allow Remote
Code Execution Internet Explorer VML (Vector Markup Language)
Internet Explorer
Windows Update
http://www.microsoft.com/technet/security/Bulletin/MS06-055.mspx
-
3.1.2 Web siteWeb Security
-
3.1.2 Web site(Adware)2001~2004AdwareYahoo toolbarGoogle
toolbarAdwareAdwarehttp://www.zdnet.com.tw/news/software
-
3.1.2 Web sitedomain
namekeyinwww.landbank.com.tw:emaillinklinklink
http://www.itis.tw/node/1545
-
3.1.2 Web
site(Yahoo)GoogleGoogleGooglehttp://www.stopbadware.org/home
http://www.itis.tw/node/603
-
3.1.2 Web site2007 2007
SQL injectionMicrosoft()
webWeb-Based
-
3.1.2 Web site(Web
Threat)http://tw.trendmicro.com/tw/about/news/pr/article/20070903143452.html
HTML_iFrame.CUIPJS_DLOADER.NTJIEMS04-040MS06-057 IT - Italy (44300)
ES - Spain (5754) US - United States (3185) DE - Germany (1956) FR
- France(1333) GB - United Kingdom (1065) NL - Netherlands(962) CA
- Canada (908) CH - Switzerland(826)Web Threat
-
3.1.3 Web ApplicationsWeb ServerWeb ApplicationsWeb MailWeb
Applicationssession cookies Cross Site Scripting (XSS) Buffer
Overflows Injection (SQL Injection) Backup Web ApplicationspatchWeb
Server/Applications
-
3.2 VoIP securityVOICE over Internet Protocol (VoIP)
VoIPIP-based
VoIP IP
VoIPendpoints (VoIP Phone)control nodesgateway nodes (VoIP
Gateway Router)IP-basedVoIPInternetpublic-switched telephone
network (PSTN)VoIP
VoIP
-
3.2 VoIP securityVoIP(signaling)VoIP(encoding)(gateway
control)(signaling) VoIPH.323SIP (Session Initial
Protocol)H.323ITU-T1996VoIP(LAN) SIPVoIP(Multiparty Multimedia
Communications)SIP (encoding &
transport)(VoiceData)VoiceData(encapsulation)(real
time)(decapsulation) VoiceData()(gateway control)VoIP
PhonePSTNVoIP
-
3.2 VoIP securityInternetIP networkVoIPVoIP:
DoSAvailabilityEavesdroppingConfidentialityAlteration of Voice
StreamConfidentiality and IntegrityToll FraudIntegrityRedirection
of CallIntegrity and ConfidentialityAccounting Data
ManipulationIntegrityCaller Identification (ID)
ImpersonationIntegrityUnwanted Calls and Messages
(SPIT)Availability and Integrity
VoIP
-
3.2 VoIP securityDoSAvailability()DoS (Denial of Service)
InternetDoSVoIP VoIP Internet SIP RTP VoIPVoIPInternet TCP SYNPing
of DeathVoIP VoIP() VoIP
-
3.2 VoIP securityEavesdroppingConfidentiality () VoIP Internet
Internet VoIP VoIP (Media stream)SIP (Session Initiation Protocol)
SIP( UDPTCP) VoIP(Media stream) UCP RTP (Real Time Protocol)SIP
RTP(Ethereal)SIP(Uniform Resource Identifier:)
-
3.2 VoIP securityAlteration of Voice StreamConfidentiality and
Integrity ()man-in-the-middle:
-
3.2 VoIP securityToll FraudIntegrity ()
replayimpersonate
-
3.2 VoIP securityRedirection of CallIntegrity and
ConfidentialityVoIPcallercalleeRedirectioncallercalleeredirectcalleeVoIP
Phoneredirectredirect()Accounting Data
ManipulationIntegrityaccounting databasecall data records (CDR) CDR
CDRCDR databaseCaller Identification (ID)
ImpersonationIntegrityIDUnwanted Calls and Messages
(SPIT)Availability and IntegritySPITSPAM over Internet
telephoneVoIPvoice mail boxvoice mail box
-
3.2 VoIP security:
VoIP and Data Traffic
-
3.2 VoIP security VoIP and Data TrafficVoIPData Traffic
Configuration Server(VoIP Phone)VoIPDHCP ServerIPConfiguration
ServerIPConfiguration ServerVoIP PhoneVoIP PhoneVoIP ServiceVoIP
PhoneVoIP
VoIP and Data Traffic
-
3.2 VoIP securityVoIPAVAYA 2005 2 VoIP (VOIPSA) VoIP VOIPSA
VOIPHacking Exposed VoIPVOIPVOIPSAVoIPVoIP Sniffing ToolsVoIP
Scanning and Enumeration ToolsVoIP Packet Creation and Flooding
ToolsVoIP Fuzzing ToolsVoIP Signaling Manipulation ToolsVoIP Media
Manipulation ToolsMiscellaneous ToolsTool Tutorials and
Presentations
http://www.voipsa.org/Resources/tools.php
-
3.3 P2P securityP2PP2PP2Ppeer P2PServerServer
P2P:-(Server)P2P(node)(index)eMuleezPeerKuroFoxyP2P
-P2PP2PserverBitTorrent with DHT
P2P
-
3.3 P2P securityP2P
P2PP2PP2P..P2P
P2PP2P
-
3.3 P2P securityP2P
P2PP2PP2Phttp://www.zdnet.com.tw/news/software/0,2000085678,20116793,00.htm
-
3.3 P2P securityP2P
Anti-VirusAnti-Spyhttp://www.dk101.com/Discuz/archiver/?tid-18800.html
-
3.3 P2P securityP2P(Skype)Anti-Virus
Anti-SpyIDSP2Phttp://www.zdnet.com.tw/news/software/0,2000085678,20102142,00.htm
-
3.3 P2P securityP2PP2PP2PP2PP2P
P2PTrust P2PP2Ppeers
P2PTrust()Reputation Trust ComputingTrust P2P
-
Web SecurityWeb serverWeb siteWeb ApplicationsWeb ServerWeb
siteWeb ApplicationsWeb ApplicationsVoIPVOIPSAVoIPVoIPP2PP2PP2P
-
NSAhttp://www.nsa.gov/snac/downloads_all.cfm.VoIP-NEWShttp://www.voip-news.com:80/.VOIPSAhttp://www.voipsa.org/.OWASPhttp://www.owasp.org/index.php/Main_Page.Apache
server project, http://httpd.apache.org/.RED HAT NETWORK,
https://rhn.redhat.com/.IIS.net,
http://www.iis.net/default.aspx?tabid=1.http://www.cert.org/advisories/CA-2002-17.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-66-234302-1TechNet
Security Center,
http://www.microsoft.com/technet/security/default.mspx.http://www.cert.org.tw/http://ics.stpi.org.tw/http://www.isecutech.com.tw/http://www.itis.tw/
Meier, J.D., Web application security engineering, IEEE Security
& Privacy Magazine, Volume 4, Issue 4, July-Aug. 2006
Page(s):16 24.Butcher, D.; Xiangyang Li; Jinhua Guo;, Security
Challenge and Defense in VoIP Infrastructures, IEEE Transactions on
Systems, Man, and Cybernetics, Part C: Applications and Reviews,
2007.Wesley Chou,Strategies to Keep Your VoIP Network Secure, IT
Professional, Volume 9, Issue 5, Sept.-Oct. 2007 Page(s):42
46.Song, S.; Hwang, K.; Zhou, R.; Kwok, Y.-K., Trusted P2P
Transactions with Fuzzy Reputation Aggregation, Internet Computing,
IEEE Volume 9, Issue 6, Nov.-Dec. 2005 Page(s):24 34.Park, J.S.;
An, G.; Chandra, D.;, Trusted P2P computing environments with
role-based access control, IET Information Security, Volume 1,
Issue 1, March 2007 Page(s):27 35.Song, S.; Hwang, K.; Zhou, R.;
Kwok, Y.-K.;, Trusted P2P transactions with fuzzy reputation
aggregation, IEEE Internet Computing, Volume 9, Issue 6, Nov.-Dec.
2005 Page(s):24 34.
