会员注册 | 登录 | 微信快捷登录 支付宝快捷登录 QQ登录 微博登录 | 帮助中心 人人文库renrendoc.com美如初恋!
站内搜索 百度文库

热门搜索: 直缝焊接机 矿井提升机 循环球式转向器图纸 机器人手爪发展史 管道机器人dwg 动平衡试验台设计

外文翻译--防火墙地址入侵计算机的特点和破坏安全的类型.doc外文翻译--防火墙地址入侵计算机的特点和破坏安全的类型.doc -- 5 元

宽屏显示 收藏 分享

资源预览需要最新版本的Flash Player支持。
您尚未安装或版本过低,建议您

ADDRESSESEachtechnologyhasitsownconventionfortransmittingmessagesbetweentwomachineswithinthesamenetwork.OnaLAN,messagesaresentbetweenmachinesbysupplyingthesixbyteuniqueidentifiertheMACaddress.InanSNAnetwork,everymachinehasLogicalUnitswiththeirownnetworkaddress.DECNET,Appletalk,andNovellIPXallhaveaschemeforassigningnumberstoeachlocalnetworkandtoeachworkstationattachedtothenetwork.Ontopoftheselocalorvendorspecificnetworkaddresses,TCP/IPassignsauniquenumbertoeveryworkstationintheworld.ThisIPnumberisafourbytevaluethat,byconvention,isexpressedbyconvertingeachbyteintoadecimalnumber0to255andseparatingthebyteswithaperiod.Forexample,thePCLubeandTuneserveris130.132.59.234.AnorganizationbeginsbysendingelectronicmailtoHostmasterINTERNIC.NETrequestingassignmentofanetworknumber.ItisstillpossibleforalmostanyonetogetassignmentofanumberforasmallClassCnetworkinwhichthefirstthreebytesidentifythenetworkandthelastbyteidentifiestheindividualcomputer.Theauthorfollowedthisprocedureandwasassignedthenumbers192.35.91.foranetworkofcomputersathishouse.LargerorganizationscangetaClassBnetworkwherethefirsttwobytesidentifythenetworkandthelasttwobytesidentifyeachofupto64thousandindividualworkstations.YalesClassBnetworkis130.132,soallcomputerswithIPaddress130.132..areconnectedthroughYale.TheorganizationthenconnectstotheInternetthroughoneofadozenregionalorspecializednetworksuppliers.Thenetworkvendorisgiventhesubscribernetworknumberandaddsittotheroutingconfigurationinitsownmachinesandthoseoftheothermajornetworksuppliers.Thereisnomathematicalformulathattranslatesthenumbers192.35.91or130.132intoYaleUniversityorNewHaven,CT.ThemachinesthatmanagelargeregionalnetworksorthecentralInternetroutersmanagedbytheNationalScienceFoundationcanonlylocatethesenetworksbylookingeachnetworknumberupinatable.TherearepotentiallythousandsofClassBnetworks,andmillionsofClassCnetworks,butcomputermemorycostsarelow,sothetablesarereasonable.CustomersthatconnecttotheInternet,evencustomersaslargeasIBM,donotneedtomaintainanyinformationonothernetworks.Theysendallexternaldatatotheregionalcarriertowhichtheysubscribe,andtheregionalcarriermaintainsthetablesanddoestheappropriaterouting.NewHavenisinaborderstate,split5050betweentheYankeesandtheRedSox.Inthisspirit,YalerecentlyswitcheditsconnectionfromtheMiddleAtlanticregionalnetworktotheNewEnglandcarrier.Whentheswitchoccurred,tablesintheotherregionalareasandinthenationalspinehadtobeupdated,sothattrafficfor130.132wasroutedthroughBostoninsteadofNewJersey.Thelargenetworkcarriershandlethepaperworkandcanperformsuchaswitchgivensufficientnotice.Duringaconversionperiod,theuniversitywasconnectedtobothnetworkssothatmessagescouldarrivethrougheitherpath.NETWORKFIREWALLSThepurposeofanetworkfirewallistoprovideashellaroundthenetworkwhichwillprotectthesystemsconnectedtothenetworkfromvariousthreats.ThetypesofthreatsafirewallcanprotectagainstincludeUnauthorizedaccesstonetworkresourcesanintrudermaybreakintoahostonthenetworkangainunauthorizedaccesstofiles.Denialofservice–anindividualfromoutsideofthenetworkcould,forexample,sendthousandsofmailmessagestoahostonthenetinanattempttofillavailablediskspaceorloadthenetworklinks.Masquerading–electronicmailappearingtohaveoriginatedfromoneindividualcouldhavebeenforgedbyanotherwiththeintenttoembarrassorcauseharm.Afirewallcanreduceriskstonetworksystemsbyfilteringoutinherentlyinsecurenetworkservices.NetworkFileSystemNFSservices,forexample,couldbepreventedfrombeingusedfromoutsideofanetworkbyblockingallNFStraffictoorfromthenetwork.Thisprotectstheindividualhostswhilestillallowingtheservice,whichisusefulinaLANenvironment,ontheinternalnetwork.Onewaytoavoidtheproblemsassociatedwithnetworkcomputingwouldbetocomputingwouldbetocompletelydisconnectanorganizationsinternalnetworkfromanyotherexternalsystem.This,ofcourseisnotthepreferredmethod.Insteadwhatisneededisawaytofilteraccesstothenetworkwhilestillallowingusersaccesstotheoutsideworld.Inthisconfiguration,theinternetnetworkisseparatedfromexternalnetworkbyafirewallgateway.Agatewayisnormallyusedtoperformrelayservicesbetweentwonetworks.Inthecaseofafirewallgateway,italsoprovidesafilteringservicewhichlimitsthetypesofinformationthatcanbepassedtoorfromhostslocatedontheinternalnetwork.Therearethreebasictechniquesusedforfirewallspacketfiltering,circuitgateway,andapplicationgateways.Often,morethanoneoftheseisusedtoprovidethecompletefirewallservice.Thereareseveralconfigurationschemesoffirewallinthepracticalapplicationofinternetworksecurity.TheyusuallyusethefollowingterminologiesScreeningrouteritcanbeacommercialrouterorahostbasedrouterwithsomekindofpacketfilteringcapability.Bastionhostitisasystemidentifiedbythefirewalladministratorasacriticalstrongpointinthenetworksecurity.Dualhomedgatewaysomefirewallsareimplementedwithoutascreeningrouter,byplacingasystemonboththeprivatenetworkandtheInternet,anddisablingTCP/IPforwarding.Screenedhostgateway–itispossiblythemostcommonfirewallconfiguration.Thisisimplementedusingascreeningrouterandabastionhost.ScreenedsubnetanisolatedsubnetissituatedbetweentheInternetandtheprivatenetwork.Typically,thisnetworkisisolatedusingscreeningrouters,whichmayimplementvaryinglevelsoffiltering.Applicationlevelgatewayitisalsocalledaproxygatewayandusuallyoperatesatauserlevelratherthanthelowerprotocollevelcommontotheotherfirewalltechniques.CHARACTERISTICSOFCOMPUTERINTRUSIONANDKINDSOFSECURITYBREACHES1.CHARACTERISTICSOFCOMPUTERINTRUSIONThetargetofacrimeinvolvingcomputersmaybeanypieceofthecomputingsystem.Acomputingsystemisacollectionofhardware,software,storagemedia,data,andpersonsthatanorganizationusestodocomputingtasks.Whereastheobvioustargetofabankrobberyiscash,alistofnamesandaddressesofdepositorsmightbevaluabletoacomputingbank.Thelistmightbeonpaper,recordedonamagneticmedium,storedininternalcomputermemory,ortransmittedelectronicallyacrossamediumsuchasatelephoneline.Thismultiplicityoftargetsmakescomputersecuritydifficult.Inanysecuritysystem,theweakestpointisthemostseriousvulnerability.Arobberintentonstealingsomethingfromyourhousewillnotattempttopenetrateatwoinchthickmetaldoorifawindowgiveseasieraccess.Asophisticatedperimeterphysicalsecuritysystemdosenotcompensateforunguardedaccessbymeansofasimpletelephonelineandamodem.Theweakestpointphilosophycanberestatedasthefollowingprinciple.PrincipleofEasiestPenetration.Anintrudermustbeexpectedtouseanyavailablemeansofpenetration.Thiswillnotnecessarilybethemostobviousmeans,norwillitnecessarilybetheoneagainstwhichthemostsoliddefensehasbeeninstalledThisprinciplesaysthatcomputersecurityspecialistsmustconsiderallpossiblemeansofpenetration,becausestrengtheningonemayjustmakeanothermeansmoreappealingtointruders,Wenowconsiderwhatconsiderwhatthesemeansofpenetrationare.2.KINDSOFSRCURITYBREACHESInsecurity,anexposureisaformofpossiblelossorharminacomputingsystemexamplesofexposuresareunauthorizedofdata,modificationofdata,ordenialoflegitimateaccesstocomputing.Avulnerabilityisaweaknessinthesecuritysystemthatmightbeexploitedtocauselossorharm.Ahumanwhoexploitsavulnerabilityperpetratesanattackonthesystem.Threatstocomputingsystemsarecircumstancesthathavethepotentialtocauselossorharmhumanattacksareexamplesofthreats,asarenaturaldisasters,inadvertenthumanerrors,andinternalhardwareorsoftwareflaws.Finally,acontrolisaprotectivemeasureanaction,adevice,aprocedure,oratechniquethatreducesavulnerability.Themajorassetsofcomputingarehardware,software,anddata.Therearefourkindsofthreatstothesecurityofacomputingsysteminterruption,interception,modification,andfabrication.Thefourthreatsallexploitvulnerabilitiesoftheassetsincomputingsystems.Inainterruption,anassetofthesystembecomeslostorunavailableorunusable.Anexampleismaliciousdestructionofahardwaredevice,erasureofaprogramordatafile,orfailureofanoperatingsystemfilemanagersothatitcannotfindaparticulardiskfile.Aninterruptionmeansthatsomeunauthorizedpartyhasgainedtoanasset.Theoutsidepartycanbeaperson,aprogram,oracomputingsystem.Examplesofthistypeoffailureareillicitcopyingofprogramordatafiles,orwiretappingtoobtaindatainanetwork.Whilealossmaybediscoveredfairlyquickly,asilentinterceptormayleavenotracesbywhichtheinterceptioncanbereadilydetected.Ifanunauthorizedpartynotonlyaccessesbuttamperswithanasset,thefailurebecomesamodification.Forexample,someonemightmodifythevaluesinadatabase,alteraprogramsothatitperformsanadditionalcomputation,ormodifydatabeingtransmitted.Itisevenpossibleforhardwaretobemodified.Somecasesofmodificationcanbedetectedwithsimplemeasures,whileothermoresubtlechangesmaybealmostimpossibletodetect.Finally,anunauthorizedpartymightfabricatecounterfeitobjectsforacomputingsystem.Theintrudermaywishtoaddspurioustransactionstoanetworkcommunicationsystem,oraddrecordstoanexistingdatabase.Sometimestheseadditionscanbedetectedasforgeries,butifskillfullydone,theyarevirtuallyindistinguishablefromtherealthing.Thesefourclassesofinterferencewithcomputeractivityinterruption,interception,modification,andfabricationcandescribethekindsofexposurespossible.地址每种技术都有它自己的在同样的网络内部两台机器之间传输信息的协定。在一个局域网里面,机器通过提供6字节唯一的标识符(介质访问控制地址)来发
编号:201311172037107958    大小:46.50KB    格式:DOC    上传时间:2013-11-17
  【编辑】
5
关 键 词:
教育专区 外文翻译 精品文档 外文翻译
温馨提示:
1: 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
2: 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
3.本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
5. 人人文库网仅提供交流平台,并不能对任何下载内容负责。
6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
  人人文库网所有资源均是用户自行上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作他用。
0条评论

还可以输入200字符

暂无评论,赶快抢占沙发吧。

当前资源信息

4.0
 
(2人评价)
浏览:46次
英文资料库上传于2013-11-17

官方联系方式

客服手机:13961746681   
2:不支持迅雷下载,请使用浏览器下载   
3:不支持QQ浏览器下载,请用其他浏览器   
4:下载后的文档和图纸-无水印   
5:文档经过压缩,下载后原文更清晰   

相关资源

相关资源

相关搜索

教育专区   外文翻译   精品文档   外文翻译  
关于我们 - 网站声明 - 网站地图 - 友情链接 - 网站客服客服 - 联系我们
copyright@ 2015-2017 人人文库网网站版权所有
苏ICP备12009002号-5