1、精品单片机与PC的串行通讯专业外文翻译定专业外文翻译题 目Internet Security系 (院)计算机科学技术系专 业通信工程班 级2008级2班学生姓名李华山学 号2008110311指导教师陈瑞斌职 称讲师二一二年五月二十日Internet SecurityAn intruder with the right background and malicious intent has many ways to infiltrate internal company systems and network devices through the Internet connection. O
2、nce inside, the hacker has free reign to destroy, change, or steal data and these actions because various sorts of network havoc. The most popular use of the Internet, e-mail, is also insecure. The same hacker with a protocol analyzer and access to routers and other network devices can intercept or
3、change messages. Threats like these confront such industries as Internet commerce and corporations that wish to interconnect their offices through LA Ns via the Internet.The network security market is quickly responding to the threats by applying authentication and encryption technologies to the Int
4、ernet and by developing new products. These products come at a time where methods of attacking user networks are more elaborate and vendors are improving their products to keep up with the increased threats. “Users need these tools because they realize they cant use traditional monitoring tools to s
5、top increasingly sophisticated attacks,” says Jim Hurley, an analyst with The Aberdeen Group. This article describes various security threats and solutions needed to protect individuals and companies.Types of Internet Security Protection1. Security PolicyInternet connections will never be 100 percen
6、t secure. Rather than aiming for total security, an organization has to assess the value of the information it is trying to protect and balance that against the likelihood of a security violation and the cost of implementing various security measures. A companys first line-of-defense should be eithe
7、r to devise or to revise its security policy for the organization that takes Internet connections into account. This policy should define in detail which employees have rights to specific services. It should also educate employees about their responsibilities for protecting the organizations informa
8、tion, such as protecting passwords, and clearly spell out actions that will be taken if a security violation is detected. Such a policy can be the first step, explaining to employees where the company stands on misuse of Internet connections.Part of the process will require evaluating the cost to th
9、e company of different types of security violations. Corporations will want to involve people at the highest levels of the organization in this process. Hiring a computer security consultant may be of some help. Once a companywide policy is implemented, the company then should start evaluating the u
10、se of firewalls, encryption, and authentication.2. FirewallA firewall is a barrier between two networks, an internal network (trusted network) and an external network (untrusted network). Here the external network is the Internet. Firewalls examine incoming and outgoing packets and according to a se
11、t of rules defined by the administrator, either let them through or block them out. Firewalls are not an Internet security remedy, but they are essential to the strategy.Different kinds of firewalls function differently. They scrutinize, examine, and control the network traffic in numerous ways depe
12、nding on their software architecture. Below are firewalls that work in different ways.1)Packet Filtering Firewall TechniqueMany routers use a firewall technique called packet filtering, which examines the source and destination addresses and ports of incoming TCP and UDP packets, denying or allowing
13、 packets to enter based on a set of predefined rules set by the administrator. Packet filters are inexpensive, transparent to users, and have a negligible impact on network performance. Configuring packet filtering is a relatively complex process, requiring a precise knowledge of network, transport,
14、 and even application protocol strategy.A problem with packet filters is that they are susceptible to“IP spoofing”, a trick that hackers use to gain access to a corporate network. Intruders fool the firewall by changing Internet Protocol addresses in packet headers to ones that are acceptable.2)The
15、Application-Gateway Firewall A more sophisticated and secure type of firewall is an application gateway, which is generally considered more secure than packet filters. Application gateways are programs written for specific Internet services such as HTTP, FTP, and telnet; applications that run on a s
16、erver with two network connections, acting as a server to the application client and as a client to the application server.Application gateways evaluate network packets for valid specific data making the proxies more secure than packet filtering. Most application-gateway firewalls also have a featur
17、e called network address translation that prevents internal IP addresses from appearing to users outside the trusted network.There are two primary disadvantages to application gateways. The first disadvantage is a performance decline caused by the proxy functions double processing. Another is the la
18、g time for the firewall vendor to supply an application proxy for a newly introduced Internet service, such as Real Audio.3)SOCKS firewallAnother type of application-proxy firewall is the SOCKS firewall. Where normal application-proxy firewalls do not require modifications to network clients, SOCKS
19、firewalls require specially modified network clients. This means users have to modify every system on their internal network that needs to communicate with the external network. On a Windows or OS/2 system, this can be as easy as swapping a few DLLs.In cases where performance is concerned, organizat
20、ions using application gateways should not be worried with a 10-Mbps Ethernet or 100-Mbps Fast Ethernet connection. If companies use application proxies within their network, they can consider fast hardware-based solutions such as Ciscos PIX Firewall or Seattle Softwares Firebox. The company may als
21、o consider installing firewall software on a system with multiple processors.Major firewall vendors have incorporated additional security technologies into their firewall products and partnered with other security vendors to offer complete Internet security solutions. These additional features will
22、be discussed subsequently in this article and include encryption, authentication and protection from malicious Java and ActiveX downloads.3. AuthenticationFirewalls do their authentication using IP addresses, which can be faked. If a company wants to give certain users access over the Internet to se
23、nsitive internal files and data, they will want to make sure to authenticate each user. Authentication simply describes the numerous methods that positively identify a user. Passwords are the most common method of authentication used today, but employees are notorious for making poor password choice
24、s that can be guessed by an experienced hacker. In addition to passwords, which are often usually “something you know,” many organizations are turning to solutions that also require “something you have,” such as tokens and smart cards.Tokens are small, credit card or calculator-size devices that the
25、 remote user can carry around. Smart cards used for authentication are similar to tokens, except they need a reader to process the authentication request. Both use a challenge response scheme. W hen the user attempts to connect, an authentication server on the network issues a challenge, which the u
26、ser keys into the token device. The device displays the appropriate response, which the remote user then sends to the server. Many of these tokens may also require the user to type in a PIN. Firewalls can support these authentication products with minor adjustments. The administrator simply configur
27、es the firewall to forward authentication for certain services to the designated third-party server, or uses any included authentication service.4. EncryptionAs offices and organizations connect to the Internet, many will consider the Internet infrastructure an inexpensive way for wide-area and remo
28、te connections. In addition to companies, Internet commerce vendors need to protect credit card and order transactions being transferred through the Internet. To use the Internet for these purposes, companies have to protect their information and customers with encryption. Encryption is the process
29、of using an encryption algorithm to translate plain text into an incomprehensible cipher text and then back to plain text again. Essential to encryption is a numeric value called the key that becomes part of the encryption algorithm, setting the encryption process in motion.1)The Encryption ProcessA
30、 pre-hash code is derived mathematically from the message to be sent. The pre-hash code is encrypted using the senders private key. The encrypted pre-hash code and the message are encrypted using the secret key. The sender encrypts the secret key with the recipients public key, so only the recipient
31、 can decrypt it with his/her private key.2)The Decryption ProcessThe decryption process essentially is the encryption process in reverse. The recipient uses his/her private key to decrypt the secret key. The recipient then uses the secret key to decrypt the encrypted message and pre hash code.5. Vir
32、tual private networkVirtual private networking (VPN) is the term used to describe remote access over the Internet, as well as use of the Internet infrastructure for connecting two offices of an organization or even two different organizations. Basically, a VPN is an encrypted connection between private networks over a public network. With remote access, the remote user calls the local ISP, and then connects to the central network over the Internet. Two industry standards have recently become interoperable to make remote access and connections over virtual private
copyright@ 2008-2022 冰豆网网站版权所有
经营许可证编号:鄂ICP备2022015515号-1