会员注册 | 登录 | 微信快捷登录 支付宝快捷登录 QQ登录 微博登录 | 帮助中心 人人文库renrendoc.com美如初恋!
站内搜索 百度文库

热门搜索: 直缝焊接机 矿井提升机 循环球式转向器图纸 机器人手爪发展史 管道机器人dwg 动平衡试验台设计

   首页 人人文库网 > 资源分类 > DOC文档下载

外文翻译--防火墙地址入侵计算机的特点和破坏安全的类型.doc

  • 资源星级:
  • 资源大小:46.50KB   全文页数:8页
  • 资源格式: DOC        下载权限:注册会员/VIP会员
您还没有登陆,请先登录。登陆后即可下载此文档。
  合作网站登录: 微信快捷登录 支付宝快捷登录   QQ登录   微博登录
友情提示
2:本站资源不支持迅雷下载,请使用浏览器直接下载(不支持QQ浏览器)
3:本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰   

外文翻译--防火墙地址入侵计算机的特点和破坏安全的类型.doc

ADDRESSESEachtechnologyhasitsownconventionfortransmittingmessagesbetweentwomachineswithinthesamenetwork.OnaLAN,messagesaresentbetweenmachinesbysupplyingthesixbyteuniqueidentifiertheMACaddress.InanSNAnetwork,everymachinehasLogicalUnitswiththeirownnetworkaddress.DECNET,Appletalk,andNovellIPXallhaveaschemeforassigningnumberstoeachlocalnetworkandtoeachworkstationattachedtothenetwork.Ontopoftheselocalorvendorspecificnetworkaddresses,TCP/IPassignsauniquenumbertoeveryworkstationintheworld.ThisIPnumberisafourbytevaluethat,byconvention,isexpressedbyconvertingeachbyteintoadecimalnumber0to255andseparatingthebyteswithaperiod.Forexample,thePCLubeandTuneserveris130.132.59.234.AnorganizationbeginsbysendingelectronicmailtoHostmasterINTERNIC.NETrequestingassignmentofanetworknumber.ItisstillpossibleforalmostanyonetogetassignmentofanumberforasmallClassCnetworkinwhichthefirstthreebytesidentifythenetworkandthelastbyteidentifiestheindividualcomputer.Theauthorfollowedthisprocedureandwasassignedthenumbers192.35.91.foranetworkofcomputersathishouse.LargerorganizationscangetaClassBnetworkwherethefirsttwobytesidentifythenetworkandthelasttwobytesidentifyeachofupto64thousandindividualworkstations.YalesClassBnetworkis130.132,soallcomputerswithIPaddress130.132..areconnectedthroughYale.TheorganizationthenconnectstotheInternetthroughoneofadozenregionalorspecializednetworksuppliers.Thenetworkvendorisgiventhesubscribernetworknumberandaddsittotheroutingconfigurationinitsownmachinesandthoseoftheothermajornetworksuppliers.Thereisnomathematicalformulathattranslatesthenumbers192.35.91or130.132intoYaleUniversityorNewHaven,CT.ThemachinesthatmanagelargeregionalnetworksorthecentralInternetroutersmanagedbytheNationalScienceFoundationcanonlylocatethesenetworksbylookingeachnetworknumberupinatable.TherearepotentiallythousandsofClassBnetworks,andmillionsofClassCnetworks,butcomputermemorycostsarelow,sothetablesarereasonable.CustomersthatconnecttotheInternet,evencustomersaslargeasIBM,donotneedtomaintainanyinformationonothernetworks.Theysendallexternaldatatotheregionalcarriertowhichtheysubscribe,andtheregionalcarriermaintainsthetablesanddoestheappropriaterouting.NewHavenisinaborderstate,split5050betweentheYankeesandtheRedSox.Inthisspirit,YalerecentlyswitcheditsconnectionfromtheMiddleAtlanticregionalnetworktotheNewEnglandcarrier.Whentheswitchoccurred,tablesintheotherregionalareasandinthenationalspinehadtobeupdated,sothattrafficfor130.132wasroutedthroughBostoninsteadofNewJersey.Thelargenetworkcarriershandlethepaperworkandcanperformsuchaswitchgivensufficientnotice.Duringaconversionperiod,theuniversitywasconnectedtobothnetworkssothatmessagescouldarrivethrougheitherpath.NETWORKFIREWALLSThepurposeofanetworkfirewallistoprovideashellaroundthenetworkwhichwillprotectthesystemsconnectedtothenetworkfromvariousthreats.ThetypesofthreatsafirewallcanprotectagainstincludeUnauthorizedaccesstonetworkresourcesanintrudermaybreakintoahostonthenetworkangainunauthorizedaccesstofiles.Denialofservice–anindividualfromoutsideofthenetworkcould,forexample,sendthousandsofmailmessagestoahostonthenetinanattempttofillavailablediskspaceorloadthenetworklinks.Masquerading–electronicmailappearingtohaveoriginatedfromoneindividualcouldhavebeenforgedbyanotherwiththeintenttoembarrassorcauseharm.Afirewallcanreduceriskstonetworksystemsbyfilteringoutinherentlyinsecurenetworkservices.NetworkFileSystemNFSservices,forexample,couldbepreventedfrombeingusedfromoutsideofanetworkbyblockingallNFStraffictoorfromthenetwork.Thisprotectstheindividualhostswhilestillallowingtheservice,whichisusefulinaLANenvironment,ontheinternalnetwork.Onewaytoavoidtheproblemsassociatedwithnetworkcomputingwouldbetocomputingwouldbetocompletelydisconnectanorganizationsinternalnetworkfromanyotherexternalsystem.This,ofcourseisnotthepreferredmethod.Insteadwhatisneededisawaytofilteraccesstothenetworkwhilestillallowingusersaccesstotheoutsideworld.Inthisconfiguration,theinternetnetworkisseparatedfromexternalnetworkbyafirewallgateway.Agatewayisnormallyusedtoperformrelayservicesbetweentwonetworks.Inthecaseofafirewallgateway,italsoprovidesafilteringservicewhichlimitsthetypesofinformationthatcanbepassedtoorfromhostslocatedontheinternalnetwork.Therearethreebasictechniquesusedforfirewallspacketfiltering,circuitgateway,andapplicationgateways.Often,morethanoneoftheseisusedtoprovidethecompletefirewallservice.Thereareseveralconfigurationschemesoffirewallinthepracticalapplicationofinternetworksecurity.TheyusuallyusethefollowingterminologiesScreeningrouteritcanbeacommercialrouterorahostbasedrouterwithsomekindofpacketfilteringcapability.Bastionhostitisasystemidentifiedbythefirewalladministratorasacriticalstrongpointinthenetworksecurity.Dualhomedgatewaysomefirewallsareimplementedwithoutascreeningrouter,byplacingasystemonboththeprivatenetworkandtheInternet,anddisablingTCP/IPforwarding.Screenedhostgateway–itispossiblythemostcommonfirewallconfiguration.Thisisimplementedusingascreeningrouterandabastionhost.ScreenedsubnetanisolatedsubnetissituatedbetweentheInternetandtheprivatenetwork.Typically,thisnetworkisisolatedusingscreeningrouters,whichmayimplementvaryinglevelsoffiltering.Applicationlevelgatewayitisalsocalledaproxygatewayandusuallyoperatesatauserlevelratherthanthelowerprotocollevelcommontotheotherfirewalltechniques.CHARACTERISTICSOFCOMPUTERINTRUSIONANDKINDSOFSECURITYBREACHES1.CHARACTERISTICSOFCOMPUTERINTRUSIONThetargetofacrimeinvolvingcomputersmaybeanypieceofthecomputingsystem.Acomputingsystemisacollectionofhardware,software,storagemedia,data,andpersonsthatanorganizationusestodocomputingtasks.Whereastheobvioustargetofabankrobberyiscash,alistofnamesandaddressesofdepositorsmightbevaluabletoacomputingbank.Thelistmightbeonpaper,recordedonamagneticmedium,storedininternalcomputermemory,ortransmittedelectronicallyacrossamediumsuchasatelephoneline.Thismultiplicityoftargetsmakescomputersecuritydifficult.Inanysecuritysystem,theweakestpointisthemostseriousvulnerability.Arobberintentonstealingsomethingfromyourhousewillnotattempttopenetrateatwoinchthickmetaldoorifawindowgiveseasieraccess.Asophisticatedperimeterphysicalsecuritysystemdosenotcompensateforunguardedaccessbymeansofasimpletelephonelineandamodem.Theweakestpointphilosophycanberestatedasthefollowingprinciple.PrincipleofEasiestPenetration.Anintrudermustbeexpectedtouseanyavailablemeansofpenetration.Thiswillnotnecessarilybethemostobviousmeans,norwillitnecessarilybetheoneagainstwhichthemostsoliddefensehasbeeninstalledThisprinciplesaysthatcomputersecurityspecialistsmustconsiderallpossiblemeansofpenetration,becausestrengtheningonemayjustmakeanothermeansmoreappealingtointruders,Wenowconsiderwhatconsiderwhatthesemeansofpenetrationare.2.KINDSOFSRCURITYBREACHESInsecurity,anexposureisaformofpossiblelossorharminacomputingsystemexamplesofexposuresareunauthorizedofdata,modificationofdata,ordenialoflegitimateaccesstocomputing.Avulnerabilityisaweaknessinthesecuritysystemthatmightbeexploitedtocauselossorharm.Ahumanwhoexploitsavulnerabilityperpetratesanattackonthesystem.Threatstocomputingsystemsarecircumstancesthathavethepotentialtocauselossorharmhumanattacksareexamplesofthreats,asarenaturaldisasters,inadvertenthumanerrors,andinternalhardwareorsoftwareflaws.Finally,acontrolisaprotectivemeasureanaction,adevice,aprocedure,oratechniquethatreducesavulnerability.Themajorassetsofcomputingarehardware,software,anddata.Therearefourkindsofthreatstothesecurityofacomputingsysteminterruption,interception,modification,andfabrication.Thefourthreatsallexploitvulnerabilitiesoftheassetsincomputingsystems.Inainterruption,anassetofthesystembecomeslostorunavailableorunusable.Anexampleismaliciousdestructionofahardwaredevice,erasureofaprogramordatafile,orfailureofanoperatingsystemfilemanagersothatitcannotfindaparticulardiskfile.Aninterruptionmeansthatsomeunauthorizedpartyhasgainedtoanasset.Theoutsidepartycanbeaperson,aprogram,oracomputingsystem.Examplesofthistypeoffailureareillicitcopyingofprogramordatafiles,orwiretappingtoobtaindatainanetwork.Whilealossmaybediscoveredfairlyquickly,asilentinterceptormayleavenotracesbywhichtheinterceptioncanbereadilydetected.Ifanunauthorizedpartynotonlyaccessesbuttamperswithanasset,thefailurebecomesamodification.Forexample,someonemightmodifythevaluesinadatabase,alteraprogramsothatitperformsanadditionalcomputation,ormodifydatabeingtransmitted.Itisevenpossibleforhardwaretobemodified.Somecasesofmodificationcanbedetectedwithsimplemeasures,whileothermoresubtlechangesmaybealmostimpossibletodetect.Finally,anunauthorizedpartymightfabricatecounterfeitobjectsforacomputingsystem.Theintrudermaywishtoaddspurioustransactionstoanetworkcommunicationsystem,oraddrecordstoanexistingdatabase.Sometimestheseadditionscanbedetectedasforgeries,butifskillfullydone,theyarevirtuallyindistinguishablefromtherealthing.Thesefourclassesofinterferencewithcomputeractivityinterruption,interception,modification,andfabricationcandescribethekindsofexposurespossible.地址每种技术都有它自己的在同样的网络内部两台机器之间传输信息的协定。在一个局域网里面,机器通过提供6字节唯一的标识符(介质访问控制地址)来发

注意事项

本文(外文翻译--防火墙地址入侵计算机的特点和破坏安全的类型.doc)为本站会员(英文资料库)主动上传,人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知人人文库网([email protected]),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。

copyright@ 2015-2017 人人文库网网站版权所有
苏ICP备12009002号-5