I-SCAP isho ukuthini?
I-SCAP isichazamazwi se-Security Content Automation Protocol. Inhloso yalo ukufaka isilinganiso sokuvikela esivele samukelwe kakade ezinhlanganweni ezingenayo okwamanje noma ezinokusebenza okubuthakathaka.
Ngamanye amazwi, ivumela abaphathi bezokuphepha ukuthi bahlole amakhompyutha, isofthiwe, namanye amadivaysi asekelwe kwisisekelo sokuqala esiphezulu sokuphepha ukuze banqume ukuthi ngabe ukucushwa nama-software ama-patches asetshenziswa kanjani kumgomo abaqhathaniswa nawo.
I-National Vulnerability Database (NVD) yindawo yokugcinwa kokuqukethwe kukahulumeni wase-US ye-SCAP.
Qaphela: Ezinye izindinganiso zokuphepha ezifana ne-SCAP zibandakanya i-SACM (Security Automation ne-Continuous Monitoring), i-CC (Imigomo Ejwayelekile), amathegi we-SWID (Software Identification), ne-FIPS (ama-Federal Information Processing Standards).
I-SCAP inezici ezimbili eziyinhloko
Kukhona izingxenye ezimbili ezisemqoka ku-Protocol yokuThuthukiswa kokuqukethwe kokuphepha:
Okuqukethwe kwe-SCAP
Amamojula wokuqukethwe we-SCAP atholakale ngokukhululekile okuqukethwe okuthuthukiswe yi-National Institute of Standards and Technologies (NIST) kanye nabalingani bawo bemikhiqizo. Amamojula wokuqukethwe anziwe "ukuphepha" okulungiselelwe okuvunyelwene yi-NIST nabalingani bayo be-SCAP.
Isibonelo kungaba ukulungiswa kwe-Federal Desktop Core, okuyinto ukulungiswa kanzima kokuphepha kwezinye izinguqulo ze-Microsoft Windows . Okuqukethwe kuyisisekelo sokuqhathaniswa kwezinhlelo ezikhishwa ngamathuluzi wokuskena we-SCAP.
Abashayeli be-SCAP
Iskena se-SCAP yithuluzi elifanisa ikhompiyutha ehlosiwe noma ukusethwa kwesicelo kanye / noma ukulinganisa kwesicelo ngokumelene nesisekelo sokuqukethwe se-SCAP.
Ithuluzi lizophawula noma yikuphi ukwephulwa nokukhiqiza umbiko. Amanye ama-scanners we-SCAP nawo anakho ikhono lokulungisa ikhompyutha ehlosiwe futhi ayihambise ngokuvumelana nesisekelo esivamile.
Kunezinkampani eziningi ze-SCAP zokuhweba ezivulekile futhi ezivulekile zitholakalayo kuye ngokuthi isethi yesici esithandwa. Ezinye izithwebuli zenzelwe ukuskena kwezinga lokubhizinisi kanti ezinye zihloselwe ukusetshenziswa kwe-PC ngayinye.
Ungathola uhlu lwamathuluzi we-SCAP ku-NVD. Ezinye izibonelo zemikhiqizo ye-SCAP zifaka i-ThreatGuard, i-Tenable, i-Red Hat, ne-IBM BigFix.
Abathengisi be-Software abadinga umkhiqizo wabo oqinisekisiwe njengokuhambisana ne-SCAP, bangaxhumana ne-NVLAP lab yokuqinisekiswa kwe-SCAP yokugunyazwa.