| SSH缓冲区溢出漏洞与安全防范探讨 |
| |
| 引用本文: | 宋阳秋. SSH缓冲区溢出漏洞与安全防范探讨[J]. 计算机科学, 2008, 35(4): 85-87 |
| |
| 作者姓名: | 宋阳秋 |
| |
| 作者单位: | 广东女子职业技术学院,广州,511450 |
| |
| 摘 要: | 安全Shell (SSH:Secure Shell)是一种应用层的安全通信协议,提供通信双方相互间身份的认证、通信数据的加解密处理、数据完整性校验等多种安全服务,按照其实现的功能,可归为一种应用层的虚拟专用网(VPN)协议.本文概要说明了SSH协议的基本概念,然后对SSH会话从发起到结束的整个过程,以及扩展协议进行了深入细致的研究和分析,归纳总结了SSH协议本身存在的若干缺陷和不足,并提出一系列实际操作过程中可以参考的建议;对部分安全漏洞,特别是对缓冲区溢出漏洞,进行了研究、分析,修改了其脆弱性,弥补了漏洞,并嵌入了质询-响应认证方法;同时,根据实际应用的需求,基于Windows平台,实现了SSH协议,方便了系统管理和提高了SSH的可用性.
|
| 关 键 词: | SSH 网络安全 Windows 密码协议 |
Discussion of SSH Buffer Overflow Loopholes and Security Ward |
| |
| SONG Yang-Qiu. Discussion of SSH Buffer Overflow Loopholes and Security Ward[J]. Computer Science, 2008, 35(4): 85-87 |
| |
| Authors: | SONG Yang-Qiu |
| |
| Abstract: | Safety Shell (SSH : Secure Shell) is an application layer security protocol, provides communication between the two sides of identity authentication, communications data encryption, data integrity verification, and other security services, according to its function, falls into an Application Layer Virtual Private Network (VPN) protocol. This Paper outlines the SSH protocol basic concepts, then launchs from SSH sessions to the end of the whole process and the expansion of the agreement in detail the research... |
| |
| Keywords: | SSH Network security Windows Cryptographic protocol |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
点击此处可从《计算机科学》下载全文 |
|
