信息安全英语翻译.docx

1、信息安全英语翻译信息安全英语：网络安全原理与实践 学院：理学院学号：1308105066班级：信安（3）班姓名：张令宁Chapter 1. An Introduction to Network Security第1章简介网络安全This chapter covers the following key topics:本章包括以下主要内容：Network Security Goals This section discusses the goals of implementing security on a network.Asset Identification This section di

2、scusses the need to define the assets in a network that need to be protected against network attacks.Threat Assessment This section discusses how to recognize the threats unique to a network setup.Risk Assessment We discuss what risk means and how it needs to be evaluated for all network assets in o

3、rder to set up meaningful safeguards.Constructing a Network Security Policy We use this section to discuss how to set up a network security policy in light of the definitions established in the previous sections.Elements of a Network Security Policy We discuss the pieces that come together to form a

4、 network security policy.Implementing a Network Security Policy This section discusses technical and nontechnical aspects of implementing a network security policy.Network Security Architecture Implementation We discuss how the network policy can be translated into a secure network architecture.Audi

5、t and Improvement We discuss how audits and continuous improvements are necessary for a successful network security policy implementation.Case Study You see how the theories discussed in this chapter can be put into effective use.网络安全Goals-本节讨论在网络上实现安全的目标。资产识别 - 本节讨论，需要在需要被保护，以防止网络攻击的网络定义的资产。威胁评估之本节

6、讨论如何识别唯一的网络设置的威胁。风险评估之我们讨论什么风险的手段，以及如何需要它来为所有网络资产，以建立有意义的保障措施进行评估。构建网络安全政策制订我们使用本节讨论如何建立一个网络安全策略鉴于成立了上一节中的定义。网络安全政策制订的要素我们讨论走到一起，形成一个网络安全策略的作品。实施网络安全政策制订本节讨论实施网络安全策略的技术和非技术方面的问题。网络安全体系结构Implementation-我们讨论如何在网络策略可以被翻译成一个安全的网络架构。审计和Improvement-我们讨论审核和持续改进是如何需要一个成功的网络安全策略的实施。案例Study-您怎么看这一章中讨论的理论可以投入有

7、效的使用。This chapter launches the book with a general discussion of developing a motivation for network security. It aims to develop your understanding of some of the common threats against which a network must be protected and discusses at a high level some of the controls that can be put into place t

8、o defend against these attacks. A security policy is the foundation of all network security implementations that occur on any given network. It defines the scope and methodology of the security implementations. We will discuss the basic principles of setting up a meaningful security policy and how i

9、t can be implemented in a network environment. The later sections of the chapter discuss the value of auditing the security policy implementation and how it needs to be continuously tested and improved.本章开发一种动机网络安全的一般性讨论推出这本书。它的目的是发展你的一些共同的威胁，对其中一个网络必须在高层次进行保护，并讨论一些可以到位，以对抗这些攻击的控件的理解。安全策略是任何给定的网络上发生

10、的所有网络安全的实现奠定了基础。它定义了安全实现的范围和方法。我们将讨论建立一个有意义的安全策略，以及它如何在网络环境中实现的基本原理。本章的后面的章节讨论审核安全策略实施的价值以及它如何需要不断测试和改进。Network Security Goals网络安全目标Network security is the process through which a network is secured against internal and external threats of various forms. In order to develop a thorough understanding

11、of what network security is, you must understand the threats against which network security aims to protect a network. It is equally important to develop a high-level understanding of the main mechanisms that can be put into place to thwart these attacks.网络安全是通过该网络被固定以防止各种形式的内部和外部威胁的过程。为了开发一个透彻地了解网络

12、的安全性，必须了解其对网络安全的目的是保护网络中的威胁。同样重要的是，开发了可以放入地方阻止这些攻击的主要机制的高级别理解。Generally, the ultimate goal of implementing security on a network is achieved by following a series of steps, each aimed at clarifying the relationship between the attacks and the measures that protect against them. The following is the

13、generally accepted approach to setting up and implementing security on a site, as suggested by Fites, et al. in Control and Security of Computer Information Systems (M. Fites, P. Kratz, and A. Brebner, Computer Science Press, 1989):一般情况下，实现安全网络上的最终目标是通过以下一系列步骤实现的，每一个旨在澄清的攻击，并保护对他们采取的措施之间的关系。下面是普遍接受的

14、方法来建立和在网站上实现安全性，所建议的Fites，等人。在控制计算机信息系统（M. Fites，P.克拉茨和A.布雷布纳，计算机科学出版社，1989年）的安全性：Step 1.Identify what you are trying to protect.Step 2.Determine what you are trying to protect it from.Step 3.Determine how likely the threats are.Step 4.Implement measures that protect your assets in a cost-effective

15、manner.Step 5.Review the process continuously, and make improvements each time you find a weakness.步骤1：识别你想保护什么。步骤2.确定您要保护它的东西。第3步：确定威胁怎么可能是。第4步实施的保护您的资产以具有成本效益的方式的措施。第5步审查的过程中不断地，你会发现一个弱点，每次进行改进。Asset Identification资产鉴定Most modern networks have many resources that need to be protected. The reason i

16、s that most enterprises today implement network systems to provide information to users across the network in digital format rather than in another form, such as hard copies. Therefore, the number of resources that need to be protected increases significantly. The following list, by no means compreh

17、ensive, identifies network resources that need to be protected from various types of attacks:大多数现代网络具有需要被保护的资源。其原因是，大多数企业目前实施的网络系统提供信息，以在整个网络中的用户的数字格式，而不是另一种形式，诸如硬拷贝。因此，资源的需要的数量要显著保护增大。下面的列表，并不全面，标识需要被保护，免受不同类型的攻击的网络资源：Network equipment such as routers, switches, and firewallsNetwork operations info

18、rmation such as routing tables and access list configurations stored on this equipmentIntangible networking resources such as bandwidth and speedInformation and the information sources connected to the network, such as databases and information serversEnd hosts connecting to the network to make use

19、of various resourcesInformation passing across the network at any given timeThe privacy of the users as identifiable through their usage of the network resources网络设备诸如路由器，交换机，防火墙和网络运营信息，如存储在该设备的路由表和访问控制列表配置无形的网络资源，如带宽和速度连接到网络，如数据库和信息服务器的信息和信息来源，连接到网络的终端主机利用各种资源信息传递通过网络在任何给定时间用户的通过的网络资源的使用量为可识别的隐私所有这

20、些因素都考虑在内的网络资产。你需要通过制定和实施网络安全计划，以保护他们。All these things are considered a networks assets. You need to protect them by formulating and implementing a network security plan.Threat Assessment威胁评估Network attacks are what a network security process aims to protect its network assets against. Network securi

21、ty attacks are attempts, malicious or otherwise, to use or modify the resources available through a network in a way they were not intended to be used. In order to better understand what network attacks are, it is a good idea to look at the types of network attacks. Network attacks in general can be

22、 divided into three main categories:网络攻击是什么样的网络安全处理的目的是保护其网络资产反对。网络安全攻击是企图，恶意的或其他方式，通过在某种程度上它们不旨在用于一个网络使用或修改现有的资源。为了更好地了解网络攻击，这是看网络攻击的类型是个好主意。在一般的网络攻击，可分为三大类：Unauthorized access to resources or information through the use of a networkUnauthorized manipulation and alteration of information on a netwo

23、rkDenial of service通过使用网络的XX访问资源或信息XX的操作和变更信息在网络上拒绝服务Chapter 14, What Is Intrusion Detection?, offers a more detailed examination of the various categories of network attacks.第14章，“什么是入侵检测？”，提供的各类网络攻击的更详细的检查。The key word to note in the first two categories of attacks is unauthorized. A network secur

24、ity policy defines what is authorized and what is not. However, in general terms, unauthorized access occurs when a user attempts to view or alter information that was not intended for his or her specific use. In some situations it can be fairly difficult to define what was intended for the use of a

25、 given user. Therefore, it is imperative to have a security policy in place that is restrictive enough to clearly define a limited number of very specific resources and network elements that a user should be allowed to gain access to.关键的字记下前两类攻击是XX的。网络安全策略定义了什么是授权的，哪些不是。但是，总体而言，当用户试图查看或更改的目的不是为他或她的具

26、体使用信息XX的访问发生。在一些情况下，它可以是相当困难的定义什么是打算利用给定用户的。因此，必须有一个安全策略的地方的是足以限制明确界定的非常具体的资源和网络元素使得用户应允许获得的数量有限。Information on a network can be either the information contained on end devices connected to the network, such as web servers and databases; information passing through the network; or information releva

27、nt to the workings of the networking components, such as the routing tables and access control list configurations. Resources on a network can either be the end devices (network components such as routers and firewalls) or the interconnect mechanisms.一个网络上的信息可以是包含在连接到网络的终端设备，诸如Web服务器和数据库中的信息;信息通过网络;

28、或相关的网络组件，如路由表和访问控制列表的配置的运作信息。一个网络上的资源可以是终端设备（网络组件，如路由器和防火墙）或互连机制。Denial of service is one of the most common types of network attacks. Denial of service occurs when legitimate access to a network resource is blocked or degraded by a malicious act or a mistake.拒绝服务是网络攻击的最常见的类型之一。当合法访问网络资源被阻塞或恶意行为或错误发

29、生降解拒绝服务。It is important to note that a network security attack can be intentional or unintentional. The aim of the security mechanisms in a network is not only to protect against planned and coordinated attacks conducted with malicious intent, but also to protect the network and its resources agains

30、t mistakes made by users. The damages caused by either type of attack can be similar.要注意的是网络安全攻击可以是有意或无意的是重要的。在网络中的安全机制的目的不仅是为了防止有恶意企图进行规划和协调的攻击，还能保护网络及其资源对用户所犯的错误。造成两种类型的攻击所造成的损害可能是相似的。Keeping in mind the attacks just outlined, you can start building an outline of the goals of implementing network

31、security on a network. The ultimate goal is to protect the network against the attacks just described. Therefore, a network security implementation should aim to achieve the following goals:牢记攻击刚才提到，您可以开始构建的网络上实现网络安全的目标的轮廓。最终的目标是保护网络免受刚才所描述的攻击。因此，网络安全的实现应力求实现以下目标：Ascertain data confidentialityMainta

32、in data integrityMaintain data availability探悉数据的保密性维护数据的完整性保持数据的可用性Risk Assessment风险评估Having identified the assets and the factors that threaten them, the next step in formulating a network security implementation is to ascertain how likely the threats are in the environment in which the security is being implemented. Realize that although it can be important to protect against all types of attacks, security does not come cheap. Ther