计算机专业英语10 网络和计算机安全039Word下载.docx
《计算机专业英语10 网络和计算机安全039Word下载.docx》由会员分享,可在线阅读,更多相关《计算机专业英语10 网络和计算机安全039Word下载.docx(12页珍藏版)》请在冰豆网上搜索。
1.SecurityViolationDefinition
Computerornetworksecurityhasbeenviolatedwhenunauthorizedaccessbyanypartyoccurs.
2.WhySecurity?
Computersecurityisrequiredbecausemostorganizationscanbedamagedbyhostilesoftwareorintruders.Theremaybeseveralformsofdamagewhichareobviouslyinterrelated.Theseinclude:
•Damageordestructionofcomputersystems.
•Damageordestructionofinternaldata.
•Lossofsensitiveinformationtohostileparties.
•Useofsensitiveinformationtostealitemsofmonetaryvalue.
•Useofsensitiveinformationagainsttheorganization'
scustomerswhichmayresultinlegalactionbycustomersagainsttheorganizationandlossofcustomers.
•Damagetothereputationofanorganization.
•Monetarydamageduetolossofsensitiveinformation,destructionofdata,hostileuseofsensitivedata,ordamagetotheorganization'
sreputation.
Themethodsusedtoaccomplishtheseunscrupulousobjectivesaremanyandvarieddependingonthecircumstances.Thisguidewillhelpadministratorsunderstandsomeofthesemethodsandexplainsomecountermeasures.
3.SecurityIssues
Computersecuritycanbeverycomplexandmaybeveryconfusingtomanypeople.Itcanevenbeacontroversialsubject.Networkadministratorsliketobelievethattheirnetworkissecureandthosewhobreakintonetworksmayliketobelievethattheycanbreakintoanynetwork.Ibelievethatoverconfidenceplaysanimportantroleinallowingnetworkstobeintrudedupon.Therearemanyfallaciesthatnetworkadministratorsmayfallvictimto.Thesefallaciesmayallowadministratorstowrongfullybelievethattheirnetworkismoresecurethanitreallyis.
Thisguidewillattempttoclarifymanyissuesrelatedtosecuritybydoingthefollowing:
•Helpyoudeterminewhatyouareprotecting.
•Breakcomputersecurityintocategories.
•Explainsecuritytermsandmethods.
•Pointoutsomecommonfallaciesthatmayallowadministratorstobeoverconfident.
•Categorizemanycommonattacksagainstnetworksandcomputers.
•Explainsomeattackmethods.
•Describetoolsthatcanbeusedtohelpmakeanetworkmoresecure.
4.SecurityInterdependence
Therearemanydifferentaspectstocomputerandnetworksecurity.Thesedifferentareasofcomputersecurityareinterdependentoneachotherinorderforanetworktobesecure.Ifoneormoreareasofcomputersecurityareignored,thentheentiresecurityintegrityoftheorganization'
snetworkmaybecompromised.Aclearexampleofthisisintheareaofcomputervirusorwormprotection.Computervirusprotectionprogramscanonlyfilterknownvirusesorworms.Therearevirusesorwormsthatarenotyetrecognizedasvirusprogramsimmediatelyaftertheirrelease.Thebestwaytomakeunrecognizedvirusorwormprogramslesseffectiveisbyquicklyremovingthevulnerabilitiesthattheyuse.Someofthesevulnerabilitiesareoperatingsystemandapplicationprogramerrors.Whensecuritypatchesarecreatedforsoftware,theyshouldbequicklyapplied.Inthiswaythevulnerabilitytovirusesisminimizedbutnoteliminated.Thereareotherstepswhichmayfurtherreducethisvulnerability,butitcanneverbecompletelyeliminated.
5.SecurityLimitationsandApplications
Ifyouarereadingthisdocumentandarethinkingthatyoucangetalltheinformationrequiredtomakeyournetworkcompletelysecure,thenyouaresadlymistaken.Inmanyways,computersecurityisalmostastatisticalgame.Youcanreducebutnoteliminatethechancethatyoumaybepenetratedbyanintruderorvirus.Thisismainlyforonereason:
Noonecaneverknowallthesoftwarevulnerabilitiesofallsoftwareusedonasystem.
Thisiswhyeventhosewhoconsiderthemselveshackerswillsaythatthenumberonecomputersecuritythreatisthelackofqualityintheapplicationsandoperatingsystems.
Thebottomlinehereisthatunlessyoucanremovealltheapplicationandoperatingsystemproblemsthatallowvirusesandintruderstopenetratenetworks,youcanneversecureyournetwork.Additionallytheusersonyournetworkarepotentiallyagreatersecurityriskthananyprograms.Obviouslyremovingallvulnerabilitiesisimpossibleandwillnotsecureyournetworkagainstusererrors.Ihaveevenconsideredthepossibilitythatanoperatingsystemwithoutanetworkinterfacecanbecompletelysecure,buteventhiscannotbeguaranteed.UnknownvirusesorTrojanprogramscancreepinwithapplicationsonCDsorfloppies.Thishasbeenknowntohappen.Althoughanattackermaynotbeabletogetdatafromthesystem,theycandamageordestroydata.
6.LayeredSecurity
Thefactthatcompletesecurityisimpossibleisthereasonsecurityexpertsrecommend"
layeredsecurity"
.Theideaistohavemultiplewaysofpreventinganintrusiontodecreasethechancethatintrusionswillbesuccessful.Forexample,youshouldhavevirusprotectiononyourclientcomputers.Tohelplayerthissecurityyoushouldalsofiltervirusesatyouremailserver.Tohelpevenmore,youshouldblockthemostdangeroustypesofemailattachmentstopreventunrecognizedvirusesandotherhostilesoftwarefromenteringyournetwork.Anothergooddefenselayerwouldalsoincludeeducatingyourusersaboutviruses,howtheyspread,andhowtoavoidthem.
Hackers
Therearemanydocumentsthatattempttodefinethetermhacker.Ibelievethatthetermhackerisaconnotativeterm.Thismeansthatitismoredefinedbypeople'
sbeliefsratherthanbyadictionary.Somebelievethatahackerisaveryskilledcomputerperson.Othersbelievethathackersarethosethatperformunauthorizedbreakintocomputersystems.Themediaandmanysourceshavecausedmanyuninformedpeopletobelievethatahackerisathreattocomputerandnetworksecuritywhilethisisnotthecase.Ahackerisnomorelikelytobreakthelawthananyoneelse.Iusethemoreaccuratedescriptiveterm,"
intruder"
todescribethosewhointrudeintonetworksorsystemswithoutauthorization.
8.PhysicalSecurity
Thisguidewillnottalkaboutphysicalcomputersecuritybeyondthisparagraph.Yourorganizationshouldbeawarehowphysicallysecureeveryaspectofitsnetworkisbecauseifanintrudergetsphysicalaccess,theycangetyourdata.Besurethatyourorganizationproperlysecureslocationsandconsiderthefollowing:
•Servers-Containyourdataandinformationabouthowtoaccessthatdata.
•Workstations-Maycontainsomesensitivedataandcanbeusedtoattackothercomputers.
•Routers,switches,bridges,hubsandanyothernetworkequipmentmaybeusedasanaccesspointtoyournetwork.
•Networkwiringandmediaandwheretheypassthroughmaybeusedtoaccessyournetworkorplaceawirelessaccesspointtoyournetwork.
•Externalmediawhichmaybeusedbetweenorganizationalsitesortoothersitestheorganizationdoesbusinesswith.
•Locationsofstaffwhomayhaveinformationthatahostilepartycanuse.
•Someemployeesmaytakedatahomeormaytakelaptopshomeoruselaptopsontheinternetfromhomethenbringthemtowork.Anyinformationontheselaptopsshouldbeconsideredtobeatriskandtheselaptopsshouldbesecureaccordingtoproperpolicywhenconnectedexternallyonthenetwork.
9.SomeTerms
Thisparagraphdescribessomecommonlyusedcomputersecurityterms.
•Protocol-Welldefinedspecificationallowingcomputercommunication.
•Confidentiality-Informationisavailableonlytopeoplewithrightfulaccess.
•Integrity-Informationcanonlybechangedbyauthorizedpersonnel.Thereceiverofthemessageshouldbeabletotellthemessagewasnotmodified.
•Availability-Informationisavailabletoonlythosewhoneedit.
•Verification-nonrepudiation-Thereisproofthatthesendersentthemessage
•Authentification-Thereceiverofthemessageshouldbeabletobesureoftheoriginofthemessage.Requiresadigitalsignature(Onewayhash,publickeyalgorithm,andsymmetricalgorithm)orapublickeyalgorithm.
•Spyware-Acomputerprogramwhosepurposeistospyonyourinternetactivitiesusuallyformarketingpurposesandusuallydonebyashadycorporateentity.
•Malware-Acomputerprogramwithsomeevilintent.Itmayonthesurfacehaveagoodoru