精品单片机与PC的串行通讯专业外文翻译定.docx

精品单片机与PC的串行通讯专业外文翻译定.docx

《精品单片机与PC的串行通讯专业外文翻译定.docx》由会员分享，可在线阅读，更多相关《精品单片机与PC的串行通讯专业外文翻译定.docx（13页珍藏版）》请在冰豆网上搜索。

精品单片机与PC的串行通讯专业外文翻译定

专业外文翻译

题目

InternetSecurity

系（院）

计算机科学技术系

专业

通信工程

班级

2008级2班

学生姓名

李华山

学号

2008110311

指导教师

陈瑞斌

职称

讲师

二〇一二年五月二十日

InternetSecurity

AnintruderwiththerightbackgroundandmaliciousintenthasmanywaystoinfiltrateinternalcompanysystemsandnetworkdevicesthroughtheInternetconnection.Onceinside,thehackerhasfreereigntodestroy,change,orstealdataandtheseactionsbecausevarioussortsofnetworkhavoc.ThemostpopularuseoftheInternet,e-mail,isalsoinsecure.Thesamehackerwithaprotocolanalyzerandaccesstoroutersandothernetworkdevicescaninterceptorchangemessages.ThreatsliketheseconfrontsuchindustriesasInternetcommerceandcorporationsthatwishtointerconnecttheirofficesthroughLANsviatheInternet.

ThenetworksecuritymarketisquicklyrespondingtothethreatsbyapplyingauthenticationandencryptiontechnologiestotheInternetandbydevelopingnewproducts.Theseproductscomeatatimewheremethodsofattackingusernetworksaremoreelaborateandvendorsareimprovingtheirproductstokeepupwiththeincreasedthreats.“Usersneedthesetools[becausetheyrealize]theycan’tusetraditionalmonitoringtoolstostopincreasinglysophisticatedattacks,”saysJimHurley,ananalystwithTheAberdeenGroup.Thisarticledescribesvarioussecuritythreatsandsolutionsneededtoprotectindividualsandcompanies.

TypesofInternetSecurityProtection

1.SecurityPolicy

Internetconnectionswillneverbe100percentsecure.Ratherthanaimingfortotalsecurity,anorganizationhastoassessthevalueoftheinformationitistryingtoprotectandbalancethatagainstthelikelihoodofasecurityviolationandthecostofimplementingvarioussecuritymeasures.Acompany’sfirstline-of-defenseshouldbeeithertodeviseortoreviseitssecuritypolicyfortheorganizationthattakesInternetconnectionsintoaccount.Thispolicyshoulddefineindetailwhichemployeeshaverightstospecificservices.Itshouldalsoeducateemployeesabouttheirresponsibilitiesforprotectingtheorganization’sinformation,suchasprotectingpasswords,andclearlyspelloutactionsthatwillbetakenifasecurityviolationisdetected.Suchapolicycanbethefirststep,explainingtoemployeeswherethecompanystandsonmisuseofInternetconnections.

Partoftheprocesswillrequireevaluatingthecosttothecompanyofdifferenttypesofsecurityviolations.Corporationswillwanttoinvolvepeopleatthehighestlevelsoftheorganizationinthisprocess.Hiringacomputersecurityconsultantmaybeofsomehelp.Onceacompanywidepolicyisimplemented,thecompanythenshouldstartevaluatingtheuseoffirewalls,encryption,andauthentication.

2.Firewall

Afirewallisabarrierbetweentwonetworks,aninternalnetwork（trustednetwork）andanexternalnetwork（untrustednetwork）.HeretheexternalnetworkistheInternet.Firewallsexamineincomingandoutgoingpacketsandaccordingtoasetofrulesdefinedbytheadministrator,eitherletthemthroughorblockthemout.FirewallsarenotanInternetsecurityremedy,buttheyareessentialtothestrategy.

Differentkindsoffirewallsfunctiondifferently.Theyscrutinize,examine,andcontrolthenetworktrafficinnumerouswaysdependingontheirsoftwarearchitecture.Belowarefirewallsthatworkindifferentways.

1）PacketFilteringFirewallTechnique

Manyroutersuseafirewalltechniquecalledpacketfiltering,whichexaminesthesourceanddestinationaddressesandportsofincomingTCPandUDPpackets,denyingorallowingpacketstoenterbasedonasetofpredefinedrulessetbytheadministrator.Packetfiltersareinexpensive,transparenttousers,andhaveanegligibleimpactonnetworkperformance.Configuringpacketfilteringisarelativelycomplexprocess,requiringapreciseknowledgeofnetwork,transport,andevenapplicationprotocolstrategy.

Aproblemwithpacketfiltersisthattheyaresusceptibleto“IPspoofing”,atrickthathackersusetogainaccesstoacorporatenetwork.IntrudersfoolthefirewallbychangingInternetProtocoladdressesinpacketheaderstoonesthatareacceptable.

2）TheApplication-GatewayFirewall

Amoresophisticatedandsecuretypeoffirewallisanapplicationgateway,whichisgenerallyconsideredmoresecurethanpacketfilters.ApplicationgatewaysareprogramswrittenforspecificInternetservicessuchasHTTP,FTP,andtelnet;applicationsthatrunonaserverwithtwonetworkconnections,actingasaservertotheapplicationclientandasaclienttotheapplicationserver.

Applicationgatewaysevaluatenetworkpacketsforvalidspecificdatamakingtheproxiesmoresecurethanpacketfiltering.Mostapplication-gatewayfirewallsalsohaveafeaturecallednetworkaddresstranslationthatpreventsinternalIPaddressesfromappearingtousersoutsidethetrustednetwork.

Therearetwoprimarydisadvantagestoapplicationgateways.Thefirstdisadvantageisaperformancedeclinecausedbytheproxyfunction’sdoubleprocessing.AnotheristhelagtimeforthefirewallvendortosupplyanapplicationproxyforanewlyintroducedInternetservice,suchasRealAudio.

3）SOCKSfirewall

Anothertypeofapplication-proxyfirewallistheSOCKSfirewall.Wherenormalapplication-proxyfirewallsdonotrequiremodificationstonetworkclients,SOCKSfirewallsrequirespeciallymodifiednetworkclients.Thismeansusershavetomodifyeverysystemontheirinternalnetworkthatneedstocommunicatewiththeexternalnetwork.OnaWindowsorOS/2system,thiscanbeaseasyasswappingafewDLLs.

Incaseswhereperformanceisconcerned,organizationsusingapplicationgatewaysshouldnotbeworriedwitha10-MbpsEthernetor100-MbpsFastEthernetconnection.Ifcompaniesuseapplicationproxieswithintheirnetwork,theycanconsiderfasthardware-basedsolutionssuchasCisco’sPIXFirewallorSeattleSoftware’sFirebox.Thecompanymayalsoconsiderinstallingfirewallsoftwareonasystemwithmultipleprocessors.

MajorfirewallvendorshaveincorporatedadditionalsecuritytechnologiesintotheirfirewallproductsandpartneredwithothersecurityvendorstooffercompleteInternetsecuritysolutions.Theseadditionalfeatureswillbediscussedsubsequentlyinthisarticleandincludeencryption,authenticationandprotectionfrommaliciousJavaandActiveXdownloads.

3.Authentication

FirewallsdotheirauthenticationusingIPaddresses,whichcanbefaked.IfacompanywantstogivecertainusersaccessovertheInternettosensitiveinternalfilesanddata,theywillwanttomakesuretoauthenticateeachuser.Authenticationsimplydescribesthenumerousmethodsthatpositivelyidentifyauser.Passwordsarethemostcommonmethodofauthenticationusedtoday,butemployeesarenotoriousformakingpoorpasswordchoicesthatcanbeguessedbyanexperiencedhacker.Inadditiontopasswords,whichareoftenusually“somethingyouknow,”manyorganizationsareturningtosolutionsthatalsorequire“somethingyouhave,”suchastokensandsmartcards.

Tokensaresmall,creditcardorcalculator-sizedevicesthattheremoteusercancarryaround.Smartcardsusedforauthenticationaresimilartotokens,excepttheyneedareadertoprocesstheauthenticationrequest.Bothuseachallengeresponsescheme.Whentheuserattemptstoconnect,anauthenticationserveronthenetworkissuesachallenge,whichtheuserkeysintothetokendevice.Thedevicedisplaystheappropriateresponse,whichtheremoteuserthensendstotheserver.ManyofthesetokensmayalsorequiretheusertotypeinaPIN.Firewallscansupporttheseauthenticationproductswithminoradjustments.Theadministratorsimplyconfiguresthefirewalltoforwardauthenticationforcertainservicestothedesignatedthird-partyserver,orusesanyincludedauthenticationservice.

4.Encryption

AsofficesandorganizationsconnecttotheInternet,manywillconsidertheInternetinfrastructureaninexpensivewayforwide-areaandremoteconnections.Inadditiontocompanies,InternetcommercevendorsneedtoprotectcreditcardandordertransactionsbeingtransferredthroughtheInternet.TousetheInternetforthesepurposes,companieshavetoprotecttheirinformationandcustomerswithencryption.Encryptionistheprocessofusinganencryptionalgorithmtotranslateplaintextintoanincomprehensibleciphertextandthenbacktoplaintextagain.Essentialtoencryptionisanumericvaluecalledthekeythatbecomespartoftheencryptionalgorithm,settingtheencryptionprocessinmotion.

1）TheEncryptionProcess

Apre-hashcodeisderivedmathematicallyfromthemessagetobesent.Thepre-hashcodeisencryptedusingthesender’sprivatekey.Theencryptedpre-hashcodeandthemessageareencryptedusingthesecretkey.Thesenderencryptsthesecretkeywiththerecipient’spublickey,soonlytherecipientcandecryptitwithhis/herprivatekey.

2）TheDecryptionProcess

Thedecryptionprocessessentiallyistheencryptionprocessinreverse.Therecipientuseshis/herprivatekeytodecryptthesecretkey.Therecipientthenusesthesecretkeytodecrypttheencryptedmessageandprehashcode.

5.Virtualprivatenetwork

Virtualprivatenetworking（VPN）isthetermusedtodescriberemoteaccessovertheInternet,aswellasuseoftheInternetinfrastructureforconnectingtwoofficesofanorganizationoreventwodifferentorganizations.Basically,aVPNisanencryptedconnectionbetweenprivatenetworksoverapublicnetwork.Withremoteaccess,theremoteusercallsthelocalISP,andthenconnectstothecentralnetworkovertheInternet.

Twoindustrystandardshaverecentlybecomeinteroperabletomakeremoteaccessandconnectionsovervirtualprivate