计算机专业文献翻译计算机系统.docx

计算机专业文献翻译计算机系统.docx

《计算机专业文献翻译计算机系统.docx》由会员分享，可在线阅读，更多相关《计算机专业文献翻译计算机系统.docx（15页珍藏版）》请在冰豆网上搜索。

计算机专业文献翻译计算机系统

10.2SomeApproachestoDefense

10.2.1BasicSecurityMeasures

Allcomputersystemsneedasetofbasicsecuritymeasures.WhetherthesystemisasimplepersonalcomputerinyourhomeoramajorcomputernetworksuchastheInternet,itisnecessarytoprotectthehardwareandsoftwarefromtheft,destruction,andmaliciousactsofvandalism.securitymeasurescanbeassimpleaslockingthedoororasadvancedasapplyingvirtuallyunbreakableencryptiontechniquestodata.Let’sbreakthebasicsecurity,surveillance,passwords,auditing,accessrights,standardsystemsattacks,andviruses.

Externalsecurityofacomputersystemoracomputernetworkconsistsofprotectingtheequipmentfromphysicaldamage.Exampleofphysicaldamageincludefire,flood,earthquakes,powersarges,andvandalism.Commonsensedamagepreventiontechniquesareusuallyenoughinmanycasesofexternalsecurity.Roomscontainingcomputerequipmentshouldalwaysbelocked.Unauthorizedpersonsshouldnotbeallowedintoroomscontainingcomputingequipment.Cabling,andthedevicesthatcablespluginto,shouldnotbeexposedifatallpossible.

Iftheequipmentneedstobeintheopenforpublicaccess,theequipmentshouldbelockeddown.Manykindsofanti-theftdevicesexistforlockingcabinets,lockingcablestocabinets,lockingdownkeyboards,andlockingperipheraldevices.Forexample,onemanufacturermakesadevicethattransmitsawirelesssignaltoapagershouldacomputercabinetbeopened.Thepersoncarryingthepagerwillknowimmediatelywhichcabinetisbeingopenedsothatsecuritycanbesenttotheappropriatelocation.

Itisalsofairlycommonknowledgenottoplaceexpensivecomputersystemsinthebasementsofbuildings.Basementscanfloodandarefloodandareoftenhighhumiditylocations.Roomswithalargenumberofexternalwindowsarealsonotadvisable.Windowscanletinsunshine,whichcanincreasethetemperatureofaroom.Computerequipmenttypicallyheatsupawindowlessroom.Withtheadditionofsunlight,theincreaseintemperaturemaystrainthecapacityofanyexistingairconditioningequipment.Astemperaturesrise,thelifeexpectancyofcomputercircuitsdecreases.Also,externalwindowscanincreasetheprobabilityofvandalism.

Topreventelectricaldamagetocomputingequipment,high-qualitysurgeprotectorsshouldbeusedonalldevicesthatrequireelectricalcurrent.Theelectricalcircuitsthatprovidepowertodevicesshouldbelargeenoughtoadequatelysupportthedevicewithoutplacingastrainontheelectricalsystem.Electricalcircuitsthatpowerupanddowncausingpowerfluctuation,suchaslargemotors,shouldbeoncircuitsseparatefromthecomputerdevices.Finally,devicesthataresusceptibletodamagefromstaticelectricitydischargesshouldbeproperlygrounded.

Operationalsecurity

Operationalsecurityofacomputernetworkinvolvesdeciding,andthenlimiting,whocanusethesystemandwhentheycanusethesystem,Consider,forexample,alargecorporationinwhichtherearemanylevelsofemployeeswithvaryingjobdescriptions.Employeeswhodonotnormallycomeincontactwithsensitivedataareasshouldnothaveaccesstosensitivedata.Forexampleifanemployeesimpleperformsdataoperationsmorethanlikelyheorsheshouldnotbeallowedaccesstopayrolldatabase,butmorethanlikelydonotneedaccesstoinformationregardingcorporateresearchprograms.Amanagerofanareawouldprobablyhaveaccesstomuchinformationinhisorherdepartment,buthisorheraccesstoinformationinotherdepartmentswouldlikelybelimited.Finallytop-levelexecutiveoftenhaveaccesstoawiderangeofinformationwithinacompany.However,manycompaniesevenlimitinformationaccesstotop-levelmanagement.

Localareanetworkanddatabasesystemsprovidemuchflexiblyinassigningaccesstightstoindividualsorgroupsofindividuals,asyouwillseeshortly.Computernetworkspecialist,alongwithdatabaseadministratorsandsomeoneatthetoplevelsofmanagementsuchastheChiefInformationOfficer（CIO）,oftendecidehowtobreakthecompanyintoinformationaccessgroups,decidewhoisineachgroup,anddeterminewhataccessrightseachgrouphas.Asyoumightrecallsomenetworkoperatingsystems,suchasNovell’sNet-WareandWindowsNT,areverygoodapplicationforcreatingworkgroupsandassigningrights.

Itisalsopossibletolimitaccesstoasystembythetimeofdayorthedayoftheweek.Iftheprimaryactivityinonepartofyourbusinessisaccessingpersonnelrecords,andthisactivityisonlyperformedduringworkinghoursbyemployeeinthepersonnelorhumanresourcesdepartment,thenitmightbereasonabletodisableaccesstopersonnelrecordsafterworkinghours,suchasfrom5:

30p.m.until7:

00a.m.thenextmorning.Likewise,thenetworkadministratorcouldalsodenyaccesstothissystemonweekends.

Itmayalsobewisetolimitremoteaccesstoasystemduringcertaintimesofthedayorweek.Withappropriatelimitsset,someonedialinginat2:

30a.m.totransferfundsfromoneaccounttoanothermaysignalanillegalactivity.Ifallcorporatefundtransferscanonlyoccurduringtypicalbusinesshours,thisrestrictionwouldbereasonabletoplaceondial-inactivity.

Surveillance

Althoughmanyindividualfeelsurveillanceisanintrusionintoanindividual’sprivacy,manynetworkadministratorsfeelitisagooddeterrenttocomputervandalismandtheft.Theproperplacementofvideocamerasinkeylocationscanbothdetercriminalsandbeusedtoidentifycriminalsintheeventofvandalismortheft.

Thereare,however,otherformsofsurveillanceinadditiontocapturingliveactionwithavideocamera.Forexample,placingatransmitterineachcomputerthatsendsasignaltoapagerifthecomputercabinetisopened,isawirelessfromofsurveillance.Usingaformofsurveillancecalledintrusiondetection,manycompanieselectronicallymonitordataflowandsystemrequestsintoandoutofasystem.Ifunusualactivityisnoticed,protectiveactioncanbetakenimmediately.Intrusiondetectionisagrowingfieldofstudyinnetworksecurity.Companiesthatacceptmerchandiseordersusingthetelephoneoftenmonitoreachtelephonecall.Companiesclaimthisformofsurveillancecanimprovethequalityofcustomerserviceandhelpsettlefuturedisputes.

PasswordsandIDsystems

Almosteverysystemthatstoressensitiveorconfidentialdatarequiresanauthorizedusertoenterapassword,personalIdentificationNumber,orsomeotherformofIDbeforegainingaccesstothesystem.Typically,thispasswordorIDissomethingeitherrememberedbytheuseroraphysicalfeatureofauser,suchasafingerprint.Technologyinthisareaisimprovingrapidlyascompaniestrytoincorporatesystemsthatarelessvulnerabletofraud.

Perhapsthemostcommonformofprotectionfromunauthorizeduseofacomputersystemisthepassword.Anyoneaccessingacomputersystem,bankingsystem,oralongdistancetelephonesystemisrequiredtoenterapasswordsare:

（1）Onlinecomputeraccounts;

（2）Computernetworkandmainframecomputeraccessatworkandschool;

（3）Longdistancetelephonecreditcarduse;

（4）Twenty-fourhourautomaticbankingservices;

（5）Accesstoretirementaccountsandbankingservices;

（6）Accesstoe-mailandvoicemailsystems;andaccesstoInternetwebsitesatwhichacustomerprofileiscreatedandstoredforfuturetransactions.

Althoughthepasswordisthemostcommonformofidentification,itisalsooneoftheweakest.Toooftenpasswordsbecomeknown,or“misplaced”andfallintothewronghands.Occasionallyapasswordiswrittenonpaper,andthepaperisdiscoveredbythewrongpeople.Moreoften,however,thepasswordistoosimpleandsomeoneelseguessesit.Standardrulesthatanindividualshouldfollowwhencreatingorchangingapasswordinclude;

（1）Changeyourpasswordoften;

（2）Pickagoodpasswordbyusingatleasteightcharacters,mixingupperandlowercaseifthecomputersystemiscasesensitive,andmixingletterswithnumbers.

（3）Don’tchoosepasswordsthataresimilartofirstorlastnames,petnames,carnames,orotherchoicesthatcanbeeasilyguessed.

（4）Don’tshareyourpasswordwithothers;doingsoinvitestroubleandmisuse.

Somecomputersystemsgeneraterandompasswordsthatareverydifficulttoguess,butarealsohardtoremember.Often,theuserwhoisgivenarandomlygeneratedpasswordeitherchangesittosomethingsimpler,makingiteasiertoguess,orwritesitdownonapieceofpaper,defeatingthewholepurposeofasecretpassword.Somesystemsalsodisallowobviouspasswordsoralreadyusedpasswords,thusrequiringtheusertobecreativeandselectapasswordthatisdifficulttoguess.

AcommonfallacyamongcomputersystemusersisthattheinternaloperatingsystemfilethatstorestheloginIdsandpasswordsissusceptibletointrusion.Interestingly,mostcomputersystemsstorepasswordsinanencrustedformforwhichthereisnoknowndecryption.Howthendoesthesystemknowwhenyouhaveenteredthecorrectpassword?

WhenauserentershisorherloginIDandpassword,thepasswordisencryptedandcomparedwiththeentryintheencryptedpasswordfile.Ifthetwoencryptedpasswordsmatch,theloginisallowed.Anyonewhogetsaccesstothisencryptedpasswordfilewilldiscoveronlyunreadabletext.Thisencryptedtechniqueexplainswhy.whenyouforgetyourpassword,acomputeroperatorcannotsimplyreadafileandtellyouwhatitis.Thecomputeroperatorcanonlyresetthepasswordtosomethingnew.

Sincetherearesomanyweaknessestothepassword,otherformsofidentificationhaveemerged.Biometrictechniquesthatscansomethingabouttheuser,suchasvoice