计算机安全新技术(中英文对照)2.doc

安全新技术（1） 黑客与网络安全专业人士之间方兴未艾的战斗已经超出了防火墙的范围，进入了在各个网站和公司服务器上面对面的格斗。 利用独创的方法保护网站和公司网络不受外部和内部的安全威胁的新颖安全武器已经出现。下面是几个最新的（安全）工具，供您选用： 无出口 Gilian公司的G-Server不管黑客是如 何攻入的或者对您的网站可能做了哪些修改。Gilian公司的出口控制技术防止外界看到安全漏洞的后果。 Gilian公司的G-Server位于网站服务器和将网站服务器与因特网相连的路由器或防火墙之间，它检查送出的每一条内容。采用出口控制技术的G-Server含有数字签名的集合，这些签名是在发表过程中从批准的网站内容中产生的。 每次网站的内容生成者发表新的或修改的对象，G-Server就对该对象和数字签名一起做一个数字备份。 签名不匹配就亮出一面红旗，并触发G-Server马上用原件存档的安全副本替换虚假页面，同时立即向有关人员报警。 Tripwire公司的Tripwire for Servers是一个类似的数据与网络完整性产品。但它采用了不同的方法软件被装载到您要保护的服务器中。它监视所有文件的变化，不管这些文件最初是来自公司的内部还是外部，如果一个变化破坏了预定的政策，还将（向有关人士）报告。 蜜罐或诱饵 蜜罐是设计来引诱和捉住网上的入侵者的。蜜罐是诱饵装置，能使攻击脱离开生产系统，并让安全管理员研究或了解网络上正在发生什么事。 Recourse公司的ManTrap是一个强有力的蜜罐产品，如果它是用来转移内部攻击，就部署在数据服务器的旁边，如果用来对抗外部威胁，则放在非军事化区的防火墙的外面。大多数用户将它部署在内部，使可疑活动得到控制。 在这种情况下，设立的ManTrap服务器看上去像一台文件服务器，存储知识产权或业务计划。成功部署ManTrap与多个因素有关，包括品质、命名方案、设置和安全方针等。例如，当部署的数量等于或大于生产系统时，欺骗式防御最有效。蜜罐很贵，这就是为什么公司必须挑选关键的服务器加以保护。 吸引攻击者对ManTrap进行攻击的方法，是将它配制成比其他的服务器更易受到攻击。一旦黑客上了诱饵服务器，安全管理者就能记录黑客的行为，了解入侵者想要达到什么目的。 落入空缺 空缺技术是在可信赖的和不可信赖的网络之间提供一个物理的空缺，为在外部的服务器和公司内部的网络和系统之间建立了一个隔离的通道。供应商包括RVT技术公司、先锋技术公司和鲸鱼通信公司。 鲸鱼公司的e-Gap网站快车是一种非可编程装置，它在两台计算机主机之间转换内存库。e-Gap网站快车在因特网和公司的后台办公系统之间设立一个空缺。公司可以在运行电子商务应用程序的一个外部服务（如在线银行）和可能被外部用户查询的内部数据库之间使用e-Gap网站快车。 e-Gap系统由附加在两台PC主机上的e-Gap设备组成，其中一台是内部主机，另一台是外部主机。内部主机接到公司的内部网，而外部主机置于防火墙前面的非军事化区。 网站页面的所有URL（网址）都指向外部主机的一个假的位置。页面实际上不在此台主机上。外部主机撕开协议报头，只抽出安全套接字层（SSL）信息流的内容，并把它传送给e-Gap网站快车。e-Gap网站快车把加密数据传给使用捆绑e-disk的内部主机。e-Gap内部主机对SSL信息流解密、进行用户认证和过滤URL内容。然后将URL请求送给公司生产用的网站服务器，而该服务器位于后台办公网络上。 内含修正功能 设计供内部使用的安全和易损性评估工具，在出现问题之前就能够检测到一个组织的系统内的弱点，并能修正它们。 eEye公司的Retina 3.0能扫描、监视、警告和自动修正网络安全隐患。该产品在Windows NT 4.0 SP3或更高版本以及Windows 2000上工作。 该软件安装在网络内的任何一部机器上。网管员敲入一组IP地址以便扫描，按一下按钮，该产品就对网络进行扫描，找出隐患、软件缺陷和政策问题，并报告任何隐患。 该产品“修正”功能为网管员提供了对发现的隐患的描述、如何修正它的信息或者访问能本地或远地修理隐患的修正按钮。 粉碎拒绝服务（DoS）攻击 也许最新的一类安全产品是针对拒绝服务（DoS）攻击和其他攻击的。根据定义，DoS攻击是利用软件的漏洞或者造成服务器或网络过载而不让合法用户访问计算机系统资源。此类产品非常新，以至于有的产品还在做beta测试，或者处于即将投放市场的当口。 针对最有恶意的破坏计算机方式之一的拒绝服务攻击，提供(保护)产品的供应商有麻省沃尔瑟姆市的Arbor网络公司、麻省坎布里奇市的Mazu网络公司和西雅图的Asta网络公司。 针对分布式拒绝服务攻击的Mazu解决方案，是通过智能流量分析和整个网络过滤而起作用的。监视设备，如包嗅探器或包分析器，以高达每秒1吉位的速度鉴定网上的包。然后，监视设备决定哪些流量需要被过滤掉。 好的、坏的和丑的 有关所有这些新颖的安全技术的好消息是，它们在理论上为公司提供了又一层的保护，提供更好的整体安全。对商界来说，这终将意味着，在其他手段失败的地方，增加的安全机制能取得成功。另外一个有利之处是，有些新产品对特定的应用，如网站服务器的完整性，是优化的。 然而，对任何技术都要考虑正反两方面。事实上，使用这些新的安全产品有负面作用。例如： 它们都是增加的解决方案，而不是替代方案。 它们需要某些专门技能。 很多供应商是新组建的公司，对于它们能存在多久，是有一定风险的。 很多IT机构担心增加的预防控制会带来(巨大的)开销 一种观点认为通过增加人员投资就能很容易解决(降低开销)。 是不是太多？由于有太多的产品要管理，何时公司会有风险？ 底线是安全是永远做不完的。这是一个持续的过程，新的一批革新公司会做得更有意义。 New Security Techniques（1） The running battle between hackers and network security professionals has moved beyond the perimeter firewall to hand-to-hand combat at individual Web and corporate servers And new security weapons have emerged that use ingenious methods to protect Web sites and corporate networks from external and internal security threatsHere are some of the latest tools at your disposal. No exit Gilian G-Server doesn care how the hacker got in or what changes they may have made to your Web siteGilian Exit Control technology prevents the world from seeing the consequences of a security breach Gilian G-Server sits between the Web server and the router or firewall that connects the Web server to the Internet,inspecting every piece of content that goes out.The Exit Control G-Server contains a collection of digital signatures made from authorized Web content during the publication process Each time the site content producers publish a new or revised object，the G-Server saves a digital backup of the object along with a digital signature. Signatures that don match send up a red flag which triggers the G-Server to immediately replace a bogus page with a secure archived copy of the original，while simultaneously alerting appropriate personnel Tripwire，Inc. Tripwire for Servers is a similar data and network integrity productHowever，Tripwire for Servers takes a different approach its software is loaded onto the server that you want to protectIt monitors all file changes，whether they originate from inside or outside the company，and reports back if a change violates predetermined policies. Honeypots or decoys Honeypots are designed to lure and contain an intruder on the networkHoneypots are decoy devices that can divert attacks from production systems and let security administrators study or understand what happening on the network ManTrap，from Recourse，is a powerful honeypot that deployed next to data servers，if it being used to deflect internal attacks，and located off the firewall in the demilitarized zone (DMZ) if it being used against external threatsThe majority of users deploy it internally to get suspicious activity under control. In that scenario，a ManTrap server would be set up to look like a file server that stores intellectual property or business plansA successful deployment of ManTrap depends on a variety of factors including quality，naming scheme，placement and security policyFor example，deceptive defenses are most effective when deployed in quantities equal to or greater than that of the production systemHoneypots can get expensive which is why companies must pick and choose the critical servers they want to protect. What attracts an attacker to ManTrap is configuring it to make it look more vulnerable than other serversOnce the hacker is on the decoy server，security managers can log the hacker activity and gain insight into what the intruder is trying to accomplish. Fall into the gap Air gap technology provides a physical gap between trusted and untrusted networks, creating an isolated path for moving files between an external server and a company internal network and systems. Vendors include RVT Technologies, Spearhead Technology and Whale Communications. Whale e-Gap Web Shuttle is a nonprogrammable device that switches a memory bank between two computer hosts. The e-Gap Web Shuttle creates an air gap between the Internet and a company back-office systems. Companies might use e-Gap Web Shuttle between an external service running e-commerce applications, such as online banking, and internal databases that might be queried by external users. The e-Gap system consists of the e-Gap appliance that is attached to two PC hosts, one internal and one external. The internal host connects to the company internal network and the external host sits in the DMZ in front of the firewall. All URLs to Web pages are directed to a mock location on the external host. Pages do not actually reside on this host. The external host strips off the protocol headers, extracts only the content of the Secure Sockets Layer (SSL) traffic and passes it to the e-Gap Web Shuttle. The e-Gap Web Shuttle transports the encrypted data to the internal host using a toggling e-disk. The e-Gap internal host decrypts SSL traffic, authenticates the user and filters the URL content. It then passes the URL request to the company production Web server that resides on the back-office network. The fix is in Security and vulnerability assessment tools, designed to be used in-house, can detect weaknesses in an organization systems before problems occur and can fix those problems. Retina 3.0, from eEye, scans, monitors, alerts and automatically fixes network security vulnerabilities. The product works on Windows NT 4.0 SP3 or higher and Windows 2000. The software is installed on any machine within the network. The network administrator types in a range of IP addresses to scan and pushes a button. The product scans the network for vulnerabilities, software flaws and policy problems and reports any vulnerabilities. The product “fix it” feature provides network administrator with a description of any found vulnerabilities, information on how to fix it, or access to a fix it button that can repair the vulnerability locally or remotely. Demolishing DoS attacks Perhaps one of the newest categories of security is products that target denial-of-service (DoS) attacks and more. By definition, DoS attacks make computer systems inaccessible by exploiting software bugs or overloading servers or networks so that legitimate users can no longer access those resources. The product category is so new that some products are still in beta test or on the cusp of entering the marketplace. Going after one of the most malicious types of computer vandalism, the DoS attack, are Arbor Networks, of Waltham, Mass.; Mazu Networks, of Cambridge, Mass.; and Asta Networks in Seattle. Mazus solution to distributed DoS attacks works via intelligent traffic analysis and filtering across the network. A monitoring device, such as a packet sniffer or packet analyzer, evaluates packets on the network at speeds up to 1G bit/sec. A monitoring device then determines which traffic needs to be filtered out. The good, the bad and the ugly The good news about all of these new security techniques is that they theoretically offer companies additional layers of security protection, providing better overall security. What this ultimate