精品单片机与PC的串行通讯专业外文翻译定Word格式文档下载.docx
《精品单片机与PC的串行通讯专业外文翻译定Word格式文档下载.docx》由会员分享,可在线阅读,更多相关《精品单片机与PC的串行通讯专业外文翻译定Word格式文档下载.docx(13页珍藏版)》请在冰豆网上搜索。
系(院)
计算机科学技术系
专业
通信工程
班级
2008级2班
学生姓名
李华山
学号
2008110311
指导教师
陈瑞斌
职称
讲师
二〇一二年五月二十日
AnintruderwiththerightbackgroundandmaliciousintenthasmanywaystoinfiltrateinternalcompanysystemsandnetworkdevicesthroughtheInternetconnection.Onceinside,thehackerhasfreereigntodestroy,change,orstealdataandtheseactionsbecausevarioussortsofnetworkhavoc.ThemostpopularuseoftheInternet,e-mail,isalsoinsecure.Thesamehackerwithaprotocolanalyzerandaccesstoroutersandothernetworkdevicescaninterceptorchangemessages.ThreatsliketheseconfrontsuchindustriesasInternetcommerceandcorporationsthatwishtointerconnecttheirofficesthroughLANsviatheInternet.
ThenetworksecuritymarketisquicklyrespondingtothethreatsbyapplyingauthenticationandencryptiontechnologiestotheInternetandbydevelopingnewproducts.Theseproductscomeatatimewheremethodsofattackingusernetworksaremoreelaborateandvendorsareimprovingtheirproductstokeepupwiththeincreasedthreats.“Usersneedthesetools[becausetheyrealize]theycan’tusetraditionalmonitoringtoolstostopincreasinglysophisticatedattacks,”saysJimHurley,ananalystwithTheAberdeenGroup.Thisarticledescribesvarioussecuritythreatsandsolutionsneededtoprotectindividualsandcompanies.
TypesofInternetSecurityProtection
1.SecurityPolicy
Internetconnectionswillneverbe100percentsecure.Ratherthanaimingfortotalsecurity,anorganizationhastoassessthevalueoftheinformationitistryingtoprotectandbalancethatagainstthelikelihoodofasecurityviolationandthecostofimplementingvarioussecuritymeasures.Acompany’sfirstline-of-defenseshouldbeeithertodeviseortoreviseitssecuritypolicyfortheorganizationthattakesInternetconnectionsintoaccount.Thispolicyshoulddefineindetailwhichemployeeshaverightstospecificservices.Itshouldalsoeducateemployeesabouttheirresponsibilitiesforprotectingtheorganization’sinformation,suchasprotectingpasswords,andclearlyspelloutactionsthatwillbetakenifasecurityviolationisdetected.Suchapolicycanbethefirststep,explainingtoemployeeswherethecompanystandsonmisuseofInternetconnections.
Partoftheprocesswillrequireevaluatingthecosttothecompanyofdifferenttypesofsecurityviolations.Corporationswillwanttoinvolvepeopleatthehighestlevelsoftheorganizationinthisprocess.Hiringacomputersecurityconsultantmaybeofsomehelp.Onceacompanywidepolicyisimplemented,thecompanythenshouldstartevaluatingtheuseoffirewalls,encryption,andauthentication.
2.Firewall
Afirewallisabarrierbetweentwonetworks,aninternalnetwork(trustednetwork)andanexternalnetwork(untrustednetwork).HeretheexternalnetworkistheInternet.Firewallsexamineincomingandoutgoingpacketsandaccordingtoasetofrulesdefinedbytheadministrator,eitherletthemthroughorblockthemout.FirewallsarenotanInternetsecurityremedy,buttheyareessentialtothestrategy.
Differentkindsoffirewallsfunctiondifferently.Theyscrutinize,examine,andcontrolthenetworktrafficinnumerouswaysdependingontheirsoftwarearchitecture.Belowarefirewallsthatworkindifferentways.
1)PacketFilteringFirewallTechnique
Manyroutersuseafirewalltechniquecalledpacketfiltering,whichexaminesthesourceanddestinationaddressesandportsofincomingTCPandUDPpackets,denyingorallowingpacketstoenterbasedonasetofpredefinedrulessetbytheadministrator.Packetfiltersareinexpensive,transparenttousers,andhaveanegligibleimpactonnetworkperformance.Configuringpacketfilteringisarelativelycomplexprocess,requiringapreciseknowledgeofnetwork,transport,andevenapplicationprotocolstrategy.
Aproblemwithpacketfiltersisthattheyaresusceptibleto“IPspoofing”,atrickthathackersusetogainaccesstoacorporatenetwork.IntrudersfoolthefirewallbychangingInternetProtocoladdressesinpacketheaderstoonesthatareacceptable.
2)TheApplication-GatewayFirewall
Amoresophisticatedandsecuretypeoffirewallisanapplicationgateway,whichisgenerallyconsideredmoresecurethanpacketfilters.ApplicationgatewaysareprogramswrittenforspecificInternetservicessuchasHTTP,FTP,andtelnet;
applicationsthatrunonaserverwithtwonetworkconnections,actingasaservertotheapplicationclientandasaclienttotheapplicationserver.
Applicationgatewaysevaluatenetworkpacketsforvalidspecificdatamakingtheproxiesmoresecurethanpacketfiltering.Mostapplication-gatewayfirewallsalsohaveafeaturecallednetworkaddresstranslationthatpreventsinternalIPaddressesfromappearingtousersoutsidethetrustednetwork.
Therearetwoprimarydisadvantagestoapplicationgateways.Thefirstdisadvantageisaperformancedeclinecausedbytheproxyfunction’sdoubleprocessing.AnotheristhelagtimeforthefirewallvendortosupplyanapplicationproxyforanewlyintroducedInternetservice,suchasRealAudio.
3)SOCKSfirewall
Anothertypeofapplication-proxyfirewallistheSOCKSfirewall.Wherenormalapplication-proxyfirewallsdonotrequiremodificationstonetworkclients,SOCKSfirewallsrequirespeciallymodifiednetworkclients.Thismeansusershavetomodifyeverysystemontheirinternalnetworkthatneedstocommunicatewiththeexternalnetwork.OnaWindowsorOS/2system,thiscanbeaseasyasswappingafewDLLs.
Incaseswhereperformanceisconcerned,organizationsusingapplicationgatewaysshouldnotbeworriedwitha10-MbpsEthernetor100-MbpsFastEthernetconnection.Ifcompaniesuseapplicationproxieswithintheirnetwork,theycanconsiderfasthardware-basedsolutionssuchasCisco’sPIXFirewallorSeattleSoftware’sFirebox.Thecompanymayalsoconsiderinstallingfirewallsoftwareonasystemwithmultipleprocessors.
MajorfirewallvendorshaveincorporatedadditionalsecuritytechnologiesintotheirfirewallproductsandpartneredwithothersecurityvendorstooffercompleteInternetsecuritysolutions.Theseadditionalfeatureswillbediscussedsubsequentlyinthisarticleandincludeencryption,authenticationandprotectionfrommaliciousJavaandActiveXdownloads.
3.Authentication
FirewallsdotheirauthenticationusingIPaddresses,whichcanbefaked.IfacompanywantstogivecertainusersaccessovertheInternettosensitiveinternalfilesanddata,theywillwanttomakesuretoauthenticateeachuser.Authenticationsimplydescribesthenumerousmethodsthatpositivelyidentifyauser.Passwordsarethemostcommonmethodofauthenticationusedtoday,butemployeesarenotoriousformakingpoorpasswordchoicesthatcanbeguessedbyanexperiencedhacker.Inadditiontopasswords,whichareoftenusually“somethingyouknow,”manyorganizationsareturningtosolutionsthatalsorequire“somethingyouhave,”suchastokensandsmartcards.
Tokensaresmall,creditcardorcalculator-sizedevicesthattheremoteusercancarryaround.Smartcardsusedforauthenticationaresimilartotokens,excepttheyneedareadertoprocesstheauthenticationrequest.Bothuseachallengeresponsescheme.Whentheuserattemptstoconnect,anauthenticationserveronthenetworkissuesachallenge,whichtheuserkeysintothetokendevice.Thedevicedisplaystheappropriateresponse,whichtheremoteuserthensendstotheserver.ManyofthesetokensmayalsorequiretheusertotypeinaPIN.Firewallscansupporttheseauthenticationproductswithminoradjustments.Theadministratorsimplyconfiguresthefirewalltoforwardauthenticationforcertainservicestothedesignatedthird-partyserver,orusesanyincludedauthenticationservice.
4.Encryption
AsofficesandorganizationsconnecttotheInternet,manywillconsidertheInternetinfrastructureaninexpensivewayforwide-areaandremoteconnections.Inadditiontocompanies,InternetcommercevendorsneedtoprotectcreditcardandordertransactionsbeingtransferredthroughtheInternet.TousetheInternetforthesepurposes,companieshavetoprotecttheirinformationandcustomerswithencryption.Encryptionistheprocessofusinganencryptionalgorithmtotranslateplaintextintoanincomprehensibleciphertextandthenbacktoplaintextagain.Essentialtoencryptionisanumericvaluecalledthekeythatbecomespartoftheencryptionalgorithm,settingtheencryptionprocessinmotion.
1)TheEncryptionProcess
Apre-hashcodeisderivedmathematicallyfromthemessagetobesent.Thepre-hashcodeisencryptedusingthesender’sprivatekey.Theencryptedpre-hashcodeandthemessageareencryptedusingthesecretkey.Thesenderencryptsthesecretkeywiththerecipient’spublickey,soonlytherecipientcandecryptitwithhis/herprivatekey.
2)TheDecryptionProcess
Thedecryptionprocessessentiallyistheencryptionprocessinreverse.Therecipientuseshis/herprivatekeytodecryptthesecretkey.Therecipientthenusesthesecretkeytodecrypttheencryptedmessageandprehashcode.
5.Virtualprivatenetwork
Virtualprivatenetworking(VPN)isthetermusedtodescriberemoteaccessovertheInternet,aswellasuseoftheInternetinfrastructureforconnectingtwoofficesofanorganizationoreventwodifferentorganizations.Basically,aVPNisanencryptedconnectionbetweenprivatenetworksoverapublicnetwork.Withremoteaccess,theremoteusercallsthelocalISP,andthenconnectstothecentralnetworkovertheInternet.
Twoindustrystandardshaverecentlybecomeinteroperabletomakeremoteaccessandconnectionsovervirtualprivate