计算机专业文献翻译计算机系统.docx
《计算机专业文献翻译计算机系统.docx》由会员分享,可在线阅读,更多相关《计算机专业文献翻译计算机系统.docx(15页珍藏版)》请在冰豆网上搜索。
计算机专业文献翻译计算机系统
10.2SomeApproachestoDefense
10.2.1BasicSecurityMeasures
Allcomputersystemsneedasetofbasicsecuritymeasures.WhetherthesystemisasimplepersonalcomputerinyourhomeoramajorcomputernetworksuchastheInternet,itisnecessarytoprotectthehardwareandsoftwarefromtheft,destruction,andmaliciousactsofvandalism.securitymeasurescanbeassimpleaslockingthedoororasadvancedasapplyingvirtuallyunbreakableencryptiontechniquestodata.Let’sbreakthebasicsecurity,surveillance,passwords,auditing,accessrights,standardsystemsattacks,andviruses.
Externalsecurityofacomputersystemoracomputernetworkconsistsofprotectingtheequipmentfromphysicaldamage.Exampleofphysicaldamageincludefire,flood,earthquakes,powersarges,andvandalism.Commonsensedamagepreventiontechniquesareusuallyenoughinmanycasesofexternalsecurity.Roomscontainingcomputerequipmentshouldalwaysbelocked.Unauthorizedpersonsshouldnotbeallowedintoroomscontainingcomputingequipment.Cabling,andthedevicesthatcablespluginto,shouldnotbeexposedifatallpossible.
Iftheequipmentneedstobeintheopenforpublicaccess,theequipmentshouldbelockeddown.Manykindsofanti-theftdevicesexistforlockingcabinets,lockingcablestocabinets,lockingdownkeyboards,andlockingperipheraldevices.Forexample,onemanufacturermakesadevicethattransmitsawirelesssignaltoapagershouldacomputercabinetbeopened.Thepersoncarryingthepagerwillknowimmediatelywhichcabinetisbeingopenedsothatsecuritycanbesenttotheappropriatelocation.
Itisalsofairlycommonknowledgenottoplaceexpensivecomputersystemsinthebasementsofbuildings.Basementscanfloodandarefloodandareoftenhighhumiditylocations.Roomswithalargenumberofexternalwindowsarealsonotadvisable.Windowscanletinsunshine,whichcanincreasethetemperatureofaroom.Computerequipmenttypicallyheatsupawindowlessroom.Withtheadditionofsunlight,theincreaseintemperaturemaystrainthecapacityofanyexistingairconditioningequipment.Astemperaturesrise,thelifeexpectancyofcomputercircuitsdecreases.Also,externalwindowscanincreasetheprobabilityofvandalism.
Topreventelectricaldamagetocomputingequipment,high-qualitysurgeprotectorsshouldbeusedonalldevicesthatrequireelectricalcurrent.Theelectricalcircuitsthatprovidepowertodevicesshouldbelargeenoughtoadequatelysupportthedevicewithoutplacingastrainontheelectricalsystem.Electricalcircuitsthatpowerupanddowncausingpowerfluctuation,suchaslargemotors,shouldbeoncircuitsseparatefromthecomputerdevices.Finally,devicesthataresusceptibletodamagefromstaticelectricitydischargesshouldbeproperlygrounded.
Operationalsecurity
Operationalsecurityofacomputernetworkinvolvesdeciding,andthenlimiting,whocanusethesystemandwhentheycanusethesystem,Consider,forexample,alargecorporationinwhichtherearemanylevelsofemployeeswithvaryingjobdescriptions.Employeeswhodonotnormallycomeincontactwithsensitivedataareasshouldnothaveaccesstosensitivedata.Forexampleifanemployeesimpleperformsdataoperationsmorethanlikelyheorsheshouldnotbeallowedaccesstopayrolldatabase,butmorethanlikelydonotneedaccesstoinformationregardingcorporateresearchprograms.Amanagerofanareawouldprobablyhaveaccesstomuchinformationinhisorherdepartment,buthisorheraccesstoinformationinotherdepartmentswouldlikelybelimited.Finallytop-levelexecutiveoftenhaveaccesstoawiderangeofinformationwithinacompany.However,manycompaniesevenlimitinformationaccesstotop-levelmanagement.
Localareanetworkanddatabasesystemsprovidemuchflexiblyinassigningaccesstightstoindividualsorgroupsofindividuals,asyouwillseeshortly.Computernetworkspecialist,alongwithdatabaseadministratorsandsomeoneatthetoplevelsofmanagementsuchastheChiefInformationOfficer(CIO),oftendecidehowtobreakthecompanyintoinformationaccessgroups,decidewhoisineachgroup,anddeterminewhataccessrightseachgrouphas.Asyoumightrecallsomenetworkoperatingsystems,suchasNovell’sNet-WareandWindowsNT,areverygoodapplicationforcreatingworkgroupsandassigningrights.
Itisalsopossibletolimitaccesstoasystembythetimeofdayorthedayoftheweek.Iftheprimaryactivityinonepartofyourbusinessisaccessingpersonnelrecords,andthisactivityisonlyperformedduringworkinghoursbyemployeeinthepersonnelorhumanresourcesdepartment,thenitmightbereasonabletodisableaccesstopersonnelrecordsafterworkinghours,suchasfrom5:
30p.m.until7:
00a.m.thenextmorning.Likewise,thenetworkadministratorcouldalsodenyaccesstothissystemonweekends.
Itmayalsobewisetolimitremoteaccesstoasystemduringcertaintimesofthedayorweek.Withappropriatelimitsset,someonedialinginat2:
30a.m.totransferfundsfromoneaccounttoanothermaysignalanillegalactivity.Ifallcorporatefundtransferscanonlyoccurduringtypicalbusinesshours,thisrestrictionwouldbereasonabletoplaceondial-inactivity.
Surveillance
Althoughmanyindividualfeelsurveillanceisanintrusionintoanindividual’sprivacy,manynetworkadministratorsfeelitisagooddeterrenttocomputervandalismandtheft.Theproperplacementofvideocamerasinkeylocationscanbothdetercriminalsandbeusedtoidentifycriminalsintheeventofvandalismortheft.
Thereare,however,otherformsofsurveillanceinadditiontocapturingliveactionwithavideocamera.Forexample,placingatransmitterineachcomputerthatsendsasignaltoapagerifthecomputercabinetisopened,isawirelessfromofsurveillance.Usingaformofsurveillancecalledintrusiondetection,manycompanieselectronicallymonitordataflowandsystemrequestsintoandoutofasystem.Ifunusualactivityisnoticed,protectiveactioncanbetakenimmediately.Intrusiondetectionisagrowingfieldofstudyinnetworksecurity.Companiesthatacceptmerchandiseordersusingthetelephoneoftenmonitoreachtelephonecall.Companiesclaimthisformofsurveillancecanimprovethequalityofcustomerserviceandhelpsettlefuturedisputes.
PasswordsandIDsystems
Almosteverysystemthatstoressensitiveorconfidentialdatarequiresanauthorizedusertoenterapassword,personalIdentificationNumber,orsomeotherformofIDbeforegainingaccesstothesystem.Typically,thispasswordorIDissomethingeitherrememberedbytheuseroraphysicalfeatureofauser,suchasafingerprint.Technologyinthisareaisimprovingrapidlyascompaniestrytoincorporatesystemsthatarelessvulnerabletofraud.
Perhapsthemostcommonformofprotectionfromunauthorizeduseofacomputersystemisthepassword.Anyoneaccessingacomputersystem,bankingsystem,oralongdistancetelephonesystemisrequiredtoenterapasswordsare:
(1)Onlinecomputeraccounts;
(2)Computernetworkandmainframecomputeraccessatworkandschool;
(3)Longdistancetelephonecreditcarduse;
(4)Twenty-fourhourautomaticbankingservices;
(5)Accesstoretirementaccountsandbankingservices;
(6)Accesstoe-mailandvoicemailsystems;andaccesstoInternetwebsitesatwhichacustomerprofileiscreatedandstoredforfuturetransactions.
Althoughthepasswordisthemostcommonformofidentification,itisalsooneoftheweakest.Toooftenpasswordsbecomeknown,or“misplaced”andfallintothewronghands.Occasionallyapasswordiswrittenonpaper,andthepaperisdiscoveredbythewrongpeople.Moreoften,however,thepasswordistoosimpleandsomeoneelseguessesit.Standardrulesthatanindividualshouldfollowwhencreatingorchangingapasswordinclude;
(1)Changeyourpasswordoften;
(2)Pickagoodpasswordbyusingatleasteightcharacters,mixingupperandlowercaseifthecomputersystemiscasesensitive,andmixingletterswithnumbers.
(3)Don’tchoosepasswordsthataresimilartofirstorlastnames,petnames,carnames,orotherchoicesthatcanbeeasilyguessed.
(4)Don’tshareyourpasswordwithothers;doingsoinvitestroubleandmisuse.
Somecomputersystemsgeneraterandompasswordsthatareverydifficulttoguess,butarealsohardtoremember.Often,theuserwhoisgivenarandomlygeneratedpasswordeitherchangesittosomethingsimpler,makingiteasiertoguess,orwritesitdownonapieceofpaper,defeatingthewholepurposeofasecretpassword.Somesystemsalsodisallowobviouspasswordsoralreadyusedpasswords,thusrequiringtheusertobecreativeandselectapasswordthatisdifficulttoguess.
AcommonfallacyamongcomputersystemusersisthattheinternaloperatingsystemfilethatstorestheloginIdsandpasswordsissusceptibletointrusion.Interestingly,mostcomputersystemsstorepasswordsinanencrustedformforwhichthereisnoknowndecryption.Howthendoesthesystemknowwhenyouhaveenteredthecorrectpassword?
WhenauserentershisorherloginIDandpassword,thepasswordisencryptedandcomparedwiththeentryintheencryptedpasswordfile.Ifthetwoencryptedpasswordsmatch,theloginisallowed.Anyonewhogetsaccesstothisencryptedpasswordfilewilldiscoveronlyunreadabletext.Thisencryptedtechniqueexplainswhy.whenyouforgetyourpassword,acomputeroperatorcannotsimplyreadafileandtellyouwhatitis.Thecomputeroperatorcanonlyresetthepasswordtosomethingnew.
Sincetherearesomanyweaknessestothepassword,otherformsofidentificationhaveemerged.Biometrictechniquesthatscansomethingabouttheuser,suchasvoice