Principle 7:Promote privacy Privacy of users,but also of systems Counterexample:services tend to give information about themselves that can help the attacker figure out how to break in. -Telnet service tends to give the operating system name and version. ->telnet somemachine Trying 1.2.3.4 Connected to somemachine (1.2.3.4) Red Hat Linux release 7.0(Hedwig) Kernel 1.2.3.4 on an i686 login: -Solution 1:use firewalls to block unnecessary services Solution 2:remove such info from software (e.g.,changing telenet login) -Solution 3:give the WRONG info!No hurt to lie to attackers! Counterexample:SQL error messages on webpage Counterexample:HTTP (http://www.cse.msu.edu/~alexliu/a.html) ■CSE825 16CSE825 16 Principle 7: Promote privacy  Privacy of users, but also of systems  Counterexample: services tend to give information about themselves that can help the attacker figure out how to break in. ─ Telnet service tends to give the operating system name and version. – > telnet somemachine Trying 1.2.3.4 Connected to somemachine (1.2.3.4) Red Hat Linux release 7.0 (Hedwig) Kernel 1.2.3.4 on an i686 login: ─ Solution 1: use firewalls to block unnecessary services ─ Solution 2: remove such info from software (e.g., changing telenet login) ─ Solution 3: give the WRONG info! No hurt to lie to attackers!  Counterexample: SQL error messages on webpage  Counterexample: HTTP (http://www.cse.msu.edu/~alexliu/a.html)