At present, there is only one common method of vulnerability mining, which is mainly based on manual analysis. In fact, vulnerability mining is largely a personal behavior, and ideas and methods vary from person to person. After analysis, it is found that most of the vulnerabilities are caused by There are several reasons for fixing, and these problems can be checked by software testing technology. The following is the detailed content:
Measures to strengthen operating system security and reduce vulnerabilities include the following:
1. The administrator of the system should designate a special person to be responsible
Passwords should be changed regularly: system users should be divided into account administrators, data administrators, authority administrators, security auditors, and ordinary hierarchical users. Super administrators should be avoided. Important users or administrators need secondary authentication, that is, adopt a two-person management method, add biometric identification, dynamic verification codes, and regularly prompt users to change passwords.
2. Create dedicated users for specific functions
For example, a database user, when operating the database, should use the identity of a dedicated user of the database, and avoid using the identity of a super user.
3. The permissions of users in the system should be set up
When the system sets user permissions, attention should be paid to the appropriate setting of user permissions. It should be ensured that ordinary users cannot have write or delete permissions on user files, and each account is independent of each other.
4. Choice of operating system
It should match the security requirements of the system: an operating system that can meet the user's security requirements should be selected, and the administrator should keep abreast of the dynamics and vulnerability updates released by the operating system and other system software, and install patches in time.
5. Authority distribution
New users, user groups, and new roles can be multi-layer nested structures, and permissions are assigned according to different user levels and group levels.
6. Authority management
There should be no super users in the system, and the rights of roles should follow the principle of least privilege assignment, and administrator-level users should restrict each other.
7. Transmission data security
For the security of transmitted data, according to the needs of users, special protection equipment can be adopted. For example, end-to-end encryption technology is used to protect data, that is, when information needs to be transmitted between two security domains with a certain distance, between the two The boundaries of the two security domains are respectively equipped with data encryption and decryption equipment to protect the transmitted data, so as to achieve the purpose of securely transmitting data between the two security domains.