Distributed Communication Methods and Role-Based Access Control For
Total Page:16
File Type:pdf, Size:1020Kb
Load more
Recommended publications
-
Derivation of the Required Elements for a Definition of the Term Middleware
Rochester Institute of Technology RIT Scholar Works Theses 2002 Derivation of the required elements for a definition of the term middleware Maya Mathew Follow this and additional works at: https://scholarworks.rit.edu/theses Recommended Citation Mathew, Maya, "Derivation of the required elements for a definition of the term middleware" (2002). Thesis. Rochester Institute of Technology. Accessed from This Thesis is brought to you for free and open access by RIT Scholar Works. It has been accepted for inclusion in Theses by an authorized administrator of RIT Scholar Works. For more information, please contact [email protected]. Derivation of the Required Elements for a Definition of the Term Middleware By Maya Mathew Thesis submitted in partial fulfillment ofthe requirements for the degree ofMaster ofScience in Information Technology Rochester Institute ofTechnology B. Thomas Golisano College Of Computing and Information Sciences May 2002 - 1 - Rochester Institute of Technology B. Thomas Golisano College Of Computing and Information Sciences Master of Science in Information Technology Thesis Approval Form Student Name: Maya Mathew Thesis Title: Derivation of the Required Elements for a Definition of the Term Middleware Thesis Committee Name Signature Date Prof. William Stratton Chair Prof. Andy Phelps ?-/ z /qL-.-- Committee Member I I :-.P.:...::ro~f.~J~e;.:..:.ff...::L:.:::a.=..:sk~y ~ 17, d-fIoJ--. Committee Member ~ Thesis Reproduction Permission Form Rochester Institute of Technology B. Thomas Golisano College Of Computing and Information Sciences Derivation of the Required Elements For a Definition of the Term Middleware I, Maya Mathew, hereby grant permission to the Wallace Library of the Rochester Institute of Technology to reproduce my thesis in whole or in part. -
Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asyncronous, and Fileless Backdoor Matt Graeber
Abusing Windows Management Instrumentation (WMI) to Build a Persistent, Asyncronous, and Fileless Backdoor Matt Graeber Black Hat 2015 Introduction As technology is introduced and subsequently deprecated over time in the Windows operating system, one powerful technology that has remained consistent since Windows NT 4.01 and Windows 952 is Windows Management Instrumentation (WMI). Present on all Windows operating systems, WMI is comprised of a powerful set of tools used to manage Windows systems both locally and remotely. While it has been well known and utilized heavily by system administrators since its inception, WMI was likely introduced to the mainstream security community when it was discovered that it was used maliciously as one component in the suite of exploits and implants used by Stuxnet3. Since then, WMI has been gaining popularity amongst attackers for its ability to perform system reconnaissance, AV and VM detection, code execution, lateral movement, persistence, and data theft. As attackers increasingly utilize WMI, it is important for defenders, incident responders, and forensic analysts to have knowledge of WMI and to know how they can wield it to their advantage. This whitepaper will introduce the reader to WMI, actual and proof-of-concept attacks using WMI, how WMI can be used as a rudimentary intrusion detection system (IDS), and how to perform forensics on the WMI repository file format. WMI Architecture 1 https://web.archive.org/web/20050115045451/http://www.microsoft.com/downloads/details.aspx?FamilyID=c17 4cfb1-ef67-471d-9277-4c2b1014a31e&displaylang=en 2 https://web.archive.org/web/20051106010729/http://www.microsoft.com/downloads/details.aspx?FamilyId=98A 4C5BA-337B-4E92-8C18-A63847760EA5&displaylang=en 3 http://poppopret.blogspot.com/2011/09/playing-with-mof-files-on-windows-for.html WMI is the Microsoft implementation of the Web-Based Enterprise Management (WBEM)4 and Common Information Model (CIM)5 standards published by the Distributed Management Task Force (DMTF)6. -
Teradata Call-Level Interface Version 2 Reference for Channel-Attached Systems
Teradata Call-Level Interface Version 2 Reference for Channel-Attached Systems Release 13.10 B035-2417-020A February 2010 The product or products described in this book are licensed products of Teradata Corporation or its affiliates. Teradata, BYNET, DBC/1012, DecisionCast, DecisionFlow, DecisionPoint, Eye logo design, InfoWise, Meta Warehouse, MyCommerce, SeeChain, SeeCommerce, SeeRisk, Teradata Decision Experts, Teradata Source Experts, WebAnalyst, and You’ve Never Seen Your Business Like This Before are trademarks or registered trademarks of Teradata Corporation or its affiliates. Adaptec and SCSISelect are trademarks or registered trademarks of Adaptec, Inc. AMD Opteron and Opteron are trademarks of Advanced Micro Devices, Inc. BakBone and NetVault are trademarks or registered trademarks of BakBone Software, Inc. EMC, PowerPath, SRDF, and Symmetrix are registered trademarks of EMC Corporation. GoldenGate is a trademark of GoldenGate Software, Inc. Hewlett-Packard and HP are registered trademarks of Hewlett-Packard Company. Intel, Pentium, and XEON are registered trademarks of Intel Corporation. IBM, CICS, RACF, Tivoli, and z/OS are registered trademarks of International Business Machines Corporation. Linux is a registered trademark of Linus Torvalds. LSI and Engenio are registered trademarks of LSI Corporation. Microsoft, Active Directory, Windows, Windows NT, and Windows Server are registered trademarks of Microsoft Corporation in the United States and other countries. Novell and SUSE are registered trademarks of Novell, Inc., in the United States and other countries. QLogic and SANbox are trademarks or registered trademarks of QLogic Corporation. SAS and SAS/C are trademarks or registered trademarks of SAS Institute Inc. SPARC is a registered trademark of SPARC International, Inc. Sun Microsystems, Solaris, Sun, and Sun Java are trademarks or registered trademarks of Sun Microsystems, Inc., in the United States and other countries. -
Database Administration Guide for SAP on IBM Db2 for Linux, UNIX, and Windows Company
Administration Guide | PUBLIC Document Version: 2.5 – 2021-09-23 Database Administration Guide for SAP on IBM Db2 for Linux, UNIX, and Windows company. All rights reserved. All rights company. affiliate THE BEST RUN 2021 SAP SE or an SAP SE or an SAP SAP 2021 © Content 1 Introduction................................................................7 1.1 Document History............................................................ 8 1.2 Naming Conventions..........................................................10 2 Administration Tools and Tasks.................................................12 2.1 Administration Tools..........................................................12 2.2 Administration Tasks..........................................................13 3 Architectural Overview.......................................................16 3.1 SAP Application Server for ABAP.................................................16 3.2 SAP Application Server for Java..................................................17 3.3 Db2 Components............................................................18 3.4 Db2 Client Connectivity........................................................19 4 User Management and Security................................................ 21 4.1 SAP System Users and Groups...................................................21 Access Authorizations for Db2 Directories and Database-Related Files....................25 4.2 Role-Based Security Concept for Database Users..................................... 27 Database Roles for -
Welcome to Discussion on Ingres Code Architecture
Welcome to discussion on Ingres Code Architecture. In this presentation we will discuss the • Various components of Ingres database, • Their interrelationship and • Their code architecture. 1 To an Ingres user, an Ingres database stores and retrieves data based on an SQL query. For example here is a screen shot of Ingres Terminal monitor session connected to database testdb. Here we wish to retrieve the details of all employees in a company. We enter our SQL query <Click To Animate > “Select * from emp” The database server processes the query <Click to Animate> 2 We obtain the results of our query. To understand the code architecture of Ingres. <Click Here> let us examine how Ingres processes this query <Click Here> 3 1. The Query is processed by Global Communications facility which communicates the data and results between the terminal monitor to the DBMS server. <Click Here to Animate> 2. The DBMS server and its associated processes process the query and send the results to the client through GCF. <Click Here to Animate> 3. Broadly categorizing we can summarize the code into • User interface facilities • Connectivity and Communications • DBMS server • And Utility libraries to interact with Operating system. 1. Ingres has several kinds of user interface for example 1. Embedded SQL precompiler for programmatic operations of database. 2. Ingres applications like, SQL Terminal Monitor, Query by forms (QBF), Report by Forms (RBF), VISION etc. 3. We have Ingres Internet Commerce (ICE) for web deployment. These user interfaces and others can be commonly grouped as Front End for Ingres. • Similarly in connectivity tools we have • Java Database connectivity (JDBC) driver • Open Database connectivity driver (ODBC) driver • Dot Net Data provider • Open API a C api to Ingres etc. -
The US Government's Open System Environment Profile OSE/1 Version
C NIST Special Publication 500-21 Computer Systems APPLICATION PORTABILITY PROFILE Technology (APP) The U.S. Government's U.S. DEPARTMENT OF COMMERCE Technology Administration Open System Environment Profile National Institute of Standards and Technology OSE/1 Version 2.0 Nisr NAT L !NST."OF STAND i TECH R.I.C. llllllllllllllllllll NIST PUBLICATIONS AlllDM QEETfll APPLICA TION PORTABILITYPROFILE j)JT)) The U S. Government's ^ k^Open System Environment IL Profile OSE/1 Version 2.0 -QG 100 .U57 #500-210 1993 7he National Institute of Standards and Technology was established in 1988 by Congress to "assist industry in the development of technology . needed to improve product quality, to modernize manufacturing processes, to ensure product reliability . and to facilitate rapid commercialization ... of products based on new scientific discoveries." NIST, originally founded as the National Bureau of Standards in 1901, works to strengthen U.S. industry's competitiveness; advance science and engineering; and improve public health, safety, and the environment. One of the agency's basic functions is to develop, maintain, and retain custody of the national standards of measurement, and provide the means and methods for comparing standards used in science, engineering, manufacturing, commerce, industry, and education with the standards adopted or recognized by the Federal Government. As an agency of the U.S. Commerce Department's Technology Administration, NIST conducts basic and applied research in the physical sciences and engineering and performs related services. The Institute does generic and precompetitive work on new and advanced technologies. NIST's research facilities are located at Gaithersburg, MD 20899, and at Boulder, CO 80303. -
Microsoft Patches Were Evaluated up to and Including CVE-2019-1303
Honeywell Security Group 2700 Blankenbaker Pkwy, Suite 150 Louisville, KY 40299 Phone: 1-502-297-5700 Phone: 1-800-323-4576 Fax: 1-502-666-7021 https://www.security.honeywell.com The purpose of this document is to identify the patches that have been delivered by Microsoft® which have been tested against Pro-Watch. All the below listed patches have been tested against the current shipping version of Pro-Watch with no adverse effects being observed. Microsoft Patches were evaluated up to and including CVE-2019-1303. Patches not listed below are not applicable to a Pro-Watch system. 2019 – Microsoft® Patches Tested with Pro-Watch .NET Quality Rollup for .NET Framework CVE-2019-1371 Internet Explorer Memory Corruption Vulnerability CVE-2019-1368 Windows Secure Boot Security Feature Bypass Vulnerability CVE-2019-1367 Scripting Engine Memory Corruption Vulnerability CVE-2019-1366 Chakra Scripting Engine Memory Corruption Vulnerability CVE-2019-1365 Microsoft IIS Server Elevation of Privilege Vulnerability CVE-2019-1359 Jet Database Engine Remote Code Execution Vulnerability CVE-2019-1358 Jet Database Engine Remote Code Execution Vulnerability CVE-2019-1357 Browser Spoofing Vulnerability Microsoft Edge based on Edge HTML Information Disclosure CVE-2019-1356 Vulnerability CVE-2019-1347 Windows Denial of Service Vulnerability CVE-2019-1346 Windows Denial of Service Vulnerability CVE-2019-1345 Windows Kernel Information Disclosure Vulnerability CVE-2019-1344 Windows Code Integrity Module Information Disclosure Vulnerability CVE-2019-1343 Windows -
MLS DBMS Interoperability Study*
MLS DBMS Interoperability Study* Rae K. Burns, AGCS, Inc. Yi-Fang Koh, Raytheon Electronic Systems ESC/AXS, Building 1704, Hanscom AFB, MA 01731 burns/[email protected] Interoperability among heterogeneous databases is a fundamental requirement of many emerging Department of Defense (DoD) systems. Often these systems also have requirements for Multilevel-Secure (MLS) operation, where data is labeled to reflect its sensitivity level (e.g., UNCLASSIFIED, SECRET, etc.). The Air Force Rome Laboratory MLS Database Management System (DBMS) Interoperability Study has surveyed the available Commercial- Off-The-Shelf (COTS) products supporting interoperability and tested several of them in a multilevel environment. We selected representative products and implemented test scenarios in the ESC/AXS Security Products Transition Analysis Facility (STAF). Our test environment included three commercial MLS DBMS products (Trusted ORACLE7, Informix Online/Secure, and Sybase Secure SQL Server) on several different MLS Operating System (OS) platforms. We also employed “system high” platforms running standard versions of the DBMS and OS products. We successfully moved data to and from the MLS databases using different COTS interoperability solutions. This paper describes our testing efforts and summarizes the lessons learned. 1. Introduction The Multilevel Secure Database Management System Interoperability Study was initiated by Air Force Rome Laboratory to expedite the transition of trusted database technology into operational Air Force C4I environments. The overall goal of the study is twofold: 1) To examine the theoretical basis for heterogeneous trusted database interoperability, identify issues, and transition findings to the communities involved in future development (vendors, DoD users, and applicable standards groups). 2) To develop demonstrable examples of database interoperability that illustrate the advantages of MLS DBMS products in support of Air Force operational requirements for multilevel security. -
Windows Management Instrumentation (WMI) Offense, Defense, and Forensics
WHITE PAPER WINDOWS MANAGEMENT INSTRUMENTATION (WMI) OFFENSE, DEFENSE, AND FORENSICS William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, FireEye, Inc. SECURITY REIMAGINED Windows Management Instrumentation William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, (WMI) Offense, Defense, and Forensics FireEye, Inc. CONTENTS Introduction 2 Revision History 6 WMI Architecture 7 WMI Classes and Namespaces 8 Querying WMI 10 Instance Queries 10 Event Queries 11 Meta Queries 12 Interacting with WMI 13 PowerShell 13 wmic.exe 13 wbemtest.exe 14 WMI Explorer 15 CIM Studio 16 Windows Script Host (WSH) languages 16 C/C++ via IWbem* COM API 17 .NET System.Management classes 17 winrm.exe 17 wmic and wmis-pth for Linux 17 Remote WMI 17 Distributed Component Object Model (DCOM) 18 Windows Remote Management (WinRM) 18 WMI Eventing 19 Eventing Requirements 19 Event Filters 20 Intrinsic Events 20 Extrinsic Events 21 Event Consumers 21 Malicious WMI Persistence Example 22 WMI Attacks 23 Reconnaissance 23 Anti-Virus/VM Detection 23 2 Windows Management Instrumentation William Ballenthin, Matt Graeber, Claudiu Teodorescu FireEye Labs Advanced Reverse Engineering (FLARE) Team, (WMI) Offense, Defense, and Forensics FireEye, Inc. Code Execution and Lateral Movement 26 Win32_Process Create Method 26 Event consumers 27 Covert Data Storage 28 WMI as a C2 Channel 28 “Push” Attack 29 “Pull” Attack 30 WMI Providers 31 Malicious WMI Providers 32 WMI Defense 32 -
Embedded SQL Precompiling Embedded SQL Call Level Interface
Embedded SQL Call level interface (CLI) Extract from C program: An application programming interface (API), i.e.itprovides a set of EXEC SQL BEGIN DECLARE SECTION; function calls. short DEPT, DNO; In the SQL standards wor ld, ‘‘CLI’’means ‘‘not Embedded SQL’’ char NAME[26]; EXEC SQL END DECLARE SECTION; (which is also referred to as and API). main() •aclean separation between the application programand SQL. { GetInput(&DEPT); EXEC SQL DECLARE C1 CURSOR FOR •building a programissimpler ; no preprocessor (although calls to SELECT ENAME, DEPTNO FROM EMP WHERE DEPTNO = :DEPT; the DBMS runtime librar y are the same). EXEC SQL OPEN C1 while (SQLCODE == 0) { EXEC SQL FETCH C1 INTO :NAME, :DNO •debugging is simpler;you debug your own code rather than code } generated byaprecompiler. EXEC SQL CLOSE C1 } Precompilers from different vendors will produce different code. Graham Kemp,University of Aberdeen Graham Kemp,University of Aberdeen Precompiling Embedded SQL Programming models for relational systems The precompiler and DBMS interact in severalways: What if wewant to change the DBMS that our application uses? Embedded SQL •The DBMS parser checks the syntax of the SQL statements. Requires compiling application programusing newDBMS vendor’s precompiler.Wemight not have the source code (e.g. ‘‘shr ink- •The DMBS checks the semantics of the SQL statements (table wrapped’’applications). and column names are correct, data types of host language variables are correct, etc.) Vendor-specific API Requires changing the source code to use the newDBMS vendor’s •Ifthe SQL statements are OK, optimise them to produce an API, and recompiling with the newDBMS vendor’slibrar ies.Again, access plan, which is stored in the database. -
SQL ENVIRONMENTS FEDERAL INFORMATIONPROCESSINGSTANDARDSPUBLICATION 1995 FEBRUARY3 FIPS PUB193 National Instituteofstandardsandtechnology U.S
REFERENCE U.S. DEPARTMENT OF COMMERCE Technology Administration National Institute of Standards and Technology ItL'S FIPS PUB 193 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION SQL ENVIRONMENTS Category: Software Standard Subcategory: Database 1995 FEBRUARY 3 193 PUB FIPS . A8A3 NO.193 1995 i - ( FIPS PUB 193 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION SQL ENVIRONMENTS Category: Software Standard Subcategory: Database Computer Systems Laboratory National Institute of Standards and Technology Gaithersburg, MD 20899-0001 Issued February 3, 1995 U.S. Department of Commerce Ronald H. Brown, Secretary Technology Administration Mary L. Good, Under Secretary for Technology National Institute of Standards and Technology Arati Prabhakar, Director Foreword The Federal Information Processing Standards Publication Series of the National Institute of Standards and Technology (NIST) is the official publication relating to standards and guidelines adopted and promulgated under the provisions of Section 111 (d) of the Federal Property and Administrative Services Act of 1949 as amended by the Computer Security Act of 1987, Public Law 100-235. These mandates have given the Secretary of Commerce and NIST important responsibilities for improving the utilization and management of computer and related telecommunications systems in the Federal Government. The NIST, through its Computer Systems Laboratory, provides leadership, technical guidance, and coordination of Government efforts in the development of stan¬ dards and guidelines in these areas. -
Acu4gl® Version 8.1.3
User’s Guide Acu4GL® Version 8.1.3 Micro Focus (IP) Ltd. 9920 Pacific Heights Blvd, Suite 150 San Diego, CA 92121 858.795.1900 © Copyright Micro Focus (IP) Ltd, 1998-2010. All rights reserved. Acucorp, ACUCOBOL-GT, Acu4GL, AcuBench, AcuConnect, AcuServer, AcuSQL, AcuXDBC, extend, and “The new face of COBOL” are registered trademarks or registered service marks of Micro Focus (IP) Ltd. “COBOL Virtual Machine” is a trademark of Micro Focus (IP) Ltd. Acu4GL is protected by U.S. patent 5,640,550, and AcuXDBC is protected by U.S. patent 5,826,076. Microsoft and Windows are registered trademarks of Microsoft Corporation in the United States and/or other countries. UNIX is a registered trademark of the Open Group in the United States and other countries. Solaris is a trademark of Sun Microsystems, Inc., in the United States and other countries. Other brand and product names are trademarks or registered trademarks of their respective holders. DB2 Connect is a trademark, and IBM, AIX, DB2, Informix, MQSeries, AS/400, OS/390, PowerPC, RS/6000, WebSphere, pSeries, and zSeries are registered trademarks of IBM in the United States. E-01-UG-100501-Acu4GL-8.1.3 Contents Chapter 1: Acu4GL Overview 1.1 Welcome to Acu4GL .......................................................................................................1-2 1.2 Document Overview ........................................................................................................ 1-3 1.3 Accessing Data ...............................................................................................................