信息管理专业英语翻译.doc

1 A vulnerability is a weakness that a person can eXploit to accomplish something that is notauthorized or intended as legitimate use of a network or system.一个漏洞是一个软弱,一个人要有所成就,能利用未被授权或打算作为合法使用网络或系统。When a vulnerability is exploited to compromise the security of systems or information on those systems，the result is a security incident,Vulnerabilities may be caused by engineering or design errors，or faulty implementation.当一个漏洞是利用妥协的安全系统或信息在这些系统中,其结果是一个安全漏洞事件,可能是由于工程或设计错误,或错误的实现。Why the Internet Is Vulnerable（为什么互联网是脆弱）2 Many early network protocols that now form part of the Internet infrastructure were designe without security in mind.许多早期的网络协议,现在互联网基础设施的组成部分是不安全的理念,设计。Without a fundamentally secwre infrastructure，network defense becomes more diffcult.没有从根本上安全的基础设施、网络防御变得更加困难。Furthermore, the Internet is an extremely dynamic environment, in terms of both topology and emerging technology。此外,互联网是一个极端地动态环境的要求,包括拓扑和新兴技术。3 Because of the interent opnness of the Internet and the original design of the protocols,Internet attacks in general are quick,easy, inexpensive。and may be hard to detect or trace。An attacker does not have to be phsically present to carry out the attack.由于互联网的营销公开和原设计的协议、网络攻击通常是快速,简单,便宜,而且可能很难检测或跟踪一个攻击者不必一股脑的礼物进行攻击。In fact,many attacks can be launched readily from anywhere in the word, and the location of the attacker can easily be hidden.事实上,许多攻击可以启动容易从任何地方在词的位置,攻击者可以很容易的被隐藏。Nor is it always necessary to“break in”to a site (gain privileges on it ) to compromise confidentiality,integrity,or availability of its information on service.也不是一定要“打破”网站(获得特权)妥协的保密性,完整性或可用性的信息服务。4 Even so,many sites place unwarranted trust in the Internet.即便如此,许多网站在互联网的地方毫无根据的信任。It is common for sites to be unaware of the risks or unconcerned about the amount of trust they place in the Intemet.这是常见的网站不知道或不关心的风险量的信任他们的地方在因特网。They may not be aware of what can happen to their information and systems.他们可能还不知道会发生什么,他们的信息和系统。They may believe that their site will not be a target or that precautions they have taken are sufficient.他们可能认为,他们的网站将不是一个目标,或者他们已经采取足够的预防措施。Because the technology is constantly changing and intruders are constantly developing new tools and techniques，solutions do not remain effective indefinitely.因为技术是不断变化的,不断发展新的入侵者是工具和技术,解决方案不能无限期地保持有效。5 Since much of the traffic on the Internet is not encrypted,confidentiality and integrity are diffcult to achieve.因为大部分的交通网络是不加密的,保密性和完整性都难实现。This situation undermines not only annlications (such as financial applications that are network-based ) but also more fundamental mechanisms such as authentication and non-repudiation.这种情况不仅annlications破坏(如金融应用程序,这些应用程序是基于网络的),但也更根本的机制,比如身份验证和不可抵赖性。As a result, sites may be affected by a security compromise at another site over which they have no control .因此,网站可能会受到安全妥协在另一个网站而失去控制。An example of this is a packet sniffer that is installed at one site but allows the intruder to gather information about other domains (possibly in other counties).一个例子是一个数据包嗅探器,安装在一个站点上但允许入侵者收集信息关于其他域(可能在其他国家)。6 Another factor that contributes to the vulnerability of the Internet is the rapid growth and use of the netword,accompanied by rapid deployment of network services involving complex applications.另一个因素导致的脆弱性是互联网快速发展和使用网络,伴随着快速部署的网络服务涉及复杂的应用程序。Often,these services are not designed, configured,or maintained securely.通常,这些服务不是设计、配置或维护安全。In the rush to yet new products to market developers do not adequately ensure that they do not repeat previous mistakes or introduce new vulnerabilities在急于然而新产品市场开发人员不充分确保他们不重复以前的错误或引入新的漏洞7Compounding the problem, operating system security is rarely a purchase criterion.让问题更加复杂的是,操作系统安全是很少购买标准。Commercial operating system vendors often report that sales are driven by customer demand for performance,price,easy of use,maintenance,and support.商业操作系统供应商经常报告,销售是由客户要求的性能、价格、容易使用、维护和支持。As a result ,off-the-shelf operating systems are shipped in an easy-to-use but insecure configuration that allow sits to use the system soon after installation.因此,现成的操作系统是在一个易于使用的但不安全的运来配置,允许坐使用系统安装后不久。These host/sites are often not fully configured from a security perspective before connecting.这些主机/网站常常没有完全配置之前从安全角度连接。This lack of secure configuration makes them vulnerable to attacks,which sometimes occur within minutes of connection.这种缺乏安全的配置使他们容易受到攻击,这有时发生后几分钟内连接。8Finally, the explosive growth of the Intemet has expanded the need for well-trained and experienced people to engineer and manage the network in a secure manner.最后,爆炸性增长的互联网已扩大需要训练有素、经验丰富的人,工程师和管理网络安全的方式。Because the need for network security experts far exceeds the supply,inexperienced people are called upon secure systems,opening windows of opportunity for the intruder community.因为需要网络安全专家供不应求,没有经验的人呼吁安全的系统,开放的机会窗口为入侵者社区。Type of Technical Vulnerabilities技术漏洞的类型9The following taxonomy is useful in understanding the technical cause behind successful intrusion techniques,and helps experts identify general solutions for addressing each type of problem.以下分类是有用的在理解技术原因成功入侵技术,并帮助专家识别通用于解决每种类型的问题。Flaws in Software or Protocol缺陷在软件或协议10Protocols define the rules and conventions for computers to communicate on a network.协议定义了规则和惯例来进行计算机通信网络。If a protocol has a fundamental deign flaw,it is vulnerable to exploitation no matter how well it is implemented.如果一个协议有一个基本的设计缺陷,它是容易受到剥削无论它如何被实现。An example of this is the Network file System (NFS),which allows systems to share files.一个例子是网络文件系统(NFS),它允许系统共享文件。This protocol does not include a provision for authentication; that is，there is no way of verifying that a person logging in really is whom he or she claims to be.这个协议不包括提供认证;那就是,没有办法验证登录,一个人真的是被他或她声称是。NFS servers are targets for the intruder community.NFS服务器目标社区的入侵者。11When software is designed or specified,often security is left out of the initial description and is later added on to the system.当软件被设计或指定,通常安全是排除在最初的描述和后来的“添加”到系统。Because the additional components were not part of the original design,the software may not behave as planned and unexpected vulnerabilities may be present.因为额外的组件是属于原始设计,软件可能不像计划和意想不到的可能出现的漏洞。Weaknesses in How Protocols and Software Are Implemented弱点在协议和软件如何实现12 Even when a protocol is well designed，it can be vulnerable because of the way it is implemented.甚至当一个协议是良好设计的,它可以是脆弱的,因为它是如何实现的。For example,a protocol for electronic mail may be implemented in a way that permits intruders to connect to the mail port of the victims machine and fool the machine into performing a task not intended by the service.例如,一个协议,电子邮件可能实施的方式,允许入侵者连接到邮件港口受害者的机器和傻瓜机器到执行任务不能由服务. .If intruders supply certain data for the “To:”field instead of a correct E-mail address,they may be able to fool the machine into sending them user and password information or granting them access to the victims machine with privileges to read protected files or run programs on the system.如果入侵者提供某些数据的“:”字段,而不是一个正确的电子邮件地址,他们也许能够愚弄机进入发送用户和密码信息或向他们授予访问权限的受害者的机读文件或运行程序保护系统上。This tune of vulnerability enables intruders to attack the victims machine from remote sites without access to an account on the victims system.这首曲子的脆弱性使入侵者攻击受害者的机器从远程站点没有获得一个帐户在受害者的系统。This tune of attack often is just a first step leading to the exploitation of flaws in system or application software.这首曲子的攻击往往只是第一步导致缺陷的开发系统或应用程序软件。13Software may he vulnerable because of flaws that were not identified before the software was released.This type of vulnerability has a wide range of subclasses,which intruders often exploit using their oen attack tools.For readers who are familiar with software desgin,the following examples of subclasses are inciuded:软件可能他脆弱,是因为缺陷,没有明确的软件发布之前。这种类型的漏洞已经广泛的子类,入侵者经常利用他们的厄恩攻击工具。让读者熟悉软件设计,下面的例子包括子类:race conditions in file access在文件访问竞争条件non-existent checking of data content and size不存在的检查数据内容和大小non-existent checking for success or failure不存在检查成功或失败inability to adapt to resource exhaustion无法适应资源枯竭incomplete checking of operating environment不完整的检查的操作环境inappropriate use of system calls不恰当的使用系统调用re-use of software modules for purposes other than their intended ones重用软件模块以外的任何其他目的的预期14By exaloiting program weaknesses，intruders at a remote site can gail access to a victims system. Even if thev have access to a non-privileged user account on the victims system they can often gain additional,authorized nrivileges.利用程序弱点,入侵者在远程站点可以盖尔访问受害者的系统。即使根据事实推断获得一个非特权用户帐户在受害者的系统他们常常可以获得更多,授权权限。Weaknesses in system and Network Configurations（弱点在系统和网络配置）15 Vulnerabilities in the category of system and network configurations are not caused by problem inherent in protocols or software programs. Rether, the vulnerabilities are a result of the way these components are set up and used.Products may be delivered with default settings that int