网络入侵与防范研究外文翻译.doc

大 学毕业设计(论文)外文资料翻译院（系）： 专 业： 姓 名： 学 号： (用外文写)外文出处： 附 件： 1.外文译文；2.外文原文。完成日期： 年月日 网络安全1第一步，信息安全 网络安全一般是用来作为企业抵御黑客的边界。在网络的领域，网络安全的专业领域包括网络管理员采取的规定和政策以阻止和监视未授权的访问，滥用，修改或拒绝计算机网络和网络可用资源。2 网络安全的概念网络安全起始于对用户的认证，一般都是通过用户名和密码。因为这种需要除了用户名只是一种东西，换言之，密码是你“知道”的东西，有时这也被称作是单一因素认证。有两个因素认证是你“拥有”也在被用（如安全令牌或“加密狗”，提款卡，或移动电话），或有三个因素认证是你“是”也在使用的（如指纹或视网膜扫描）。一旦通过认证，防火墙即执行访问策略，如网络用户被允许那些访问。虽然已经有效的阻止未授权的访问，该组件仍可能不能检查出潜在的危害内容，例如蠕虫或木马在网络的传播。反病毒软件或入侵检测系统帮助探测和抑制这种恶意软件的行动。一种基于异常的入侵检测系统可以监视网络和传输的意外（即可疑）内容或行为和其他异常以保护资源，例如拒绝服务式攻击或者雇员在陌生的时间访问文件。个人在网络上发生的事件可能会记录为审计目的和更高层次的分析。3.安全管理网络安全管理应对不同的情况方法是不同的。小型家庭或办公室只需要基本的安全，而大型企业将需要高额的维护和先进的软件和硬件，以防止黑客和垃圾邮件的恶意攻击。3.1 小的家庭1. 一个基本的防火墙或统一威胁管理系统。2. 对于Windows用户来说，基本的防病毒软件。一个反间谍软件程序也将是一个好主意。也有其他类型的反病毒或反间谍软件可以考虑。3. 如果使用无线：更改默认的SSID网络名称，还可以禁用SSID广播，因为这功能是为家庭使用不必要的。4. 启用MAC地址过滤，以保持所有的家庭网络连接到路由器的MAC设备的轨道。、5. 分配静态IP地址的网络设备。6. 禁用ICMP ping通路由器。7. 回顾路由器或防火墙日志以帮助识别异常的网络连接或通信到互联网。8. 所有账户都使用密码。9提高关于信息安全对儿童的影响的意识。3.2中等事业单位 1. 一个相当强大的防火墙或统一威胁管理系统 2. 强大的防病毒软件和网络安全软件。 3. 对于身份验证，使用强密码，并更改每周或每月更改一次。 4. 当使用无线连接，使用强大的密码。 5.提高对员工的物理安全意识。 6. 使用一个可选的网络分析仪或网络监视器。 7. 一个开明的管理者或经理。3.3大的事业单位 1. 一个强大的防火墙和代理以阻止不速之客的进入。 2. 一个强大的防病毒软件和互联网安全软件包。 3. 对于身份验证，使用强密码，并更改每周或每月更改一次。 4.锻炼员工的物理安全防范措施。 5. 准备一个网络分析仪或网络监测和必要时使用它。 6. 实现诸如入境区和限制区闭路电视物理安全管理。 7. 安全人员可以帮助最大限度地提高安全性。3.4学校 1. 可调节的防火墙和代理允许授权用户从外部和内部访问。 2. 一个强大的防病毒软件和互联网安全软件包。 3.直通防火墙的无线连接。 4.儿童互联网保护法规定。5.网络监督，以保证更新和改变流行的网站的使用。6.由教师，图书管理员和系统管理员不断监督以保证免于遭受互联网和人工网络来源的攻击。3.5大的政府 1. 一个强大的防火墙和代理以阻止不速之客的进入。 2. 一个强大的防病毒软件和互联网安全软件包。8 3.强大的密码。 4. 白名单授权的可以无线连接，阻止其他的一切连接。 5. 所有的网络硬件在安全区。 6. 所有主机应在专用网络，是从外面看不到的。 7. 在DMZ中放置Web服务器，或从外面，从内部防火墙。8.设置周边安全栏，以在这个范围内标记周长和设置无线连接。Network security1. The first step to information securityNetwork security is generally taken as providing protection at the boundaries of an organization by keeping out intruders (hackers). In the field of networking, the specialist area of network security consists of the provisions and policies adopted by the network administrator to prevent and monitor unauthorized access, misuse, modification, or denial of the computer network and network-accessible resources. 2. Network security conceptsNetwork security starts from authenticating the user, commonly with a username and a password. Since this requires just one thing besides the user name, i.e. the password which is something you know, this is sometimes termed one factor authentication. With two factor authentication something you have is also used (e.g. a security token or dongle, an ATM card, or your mobile phone), or with three factor authentication something you are is also used (e.g. a fingerprint or retinal scan).Once authenticated, a firewall enforces access policies such as what services are allowed to be accessed by the network users. Though effective to prevent unauthorized access, this component may fail to check potentially harmful content such as computer worms or Trojans being transmitted over the network. Anti-virus software or an intrusion prevention system (IPS) help detect and inhibit the action of such malware. An anomaly-based intrusion detection system may also monitor the network and traffic for unexpected (i.e. suspicious) content or behavior and other anomalies to protect resources, e.g. from denial of service attacks or an employee accessing files at strange times. Individual events occurring on the network may be logged for audit purposes and for later high level analysis.3. Security managementSecurity Management for networks is different for all kinds of situations. A small home or an office would only require basic security while large businesses will require high maintenance and advanced software and hardware to prevent malicious attacks from hacking and spamming.3.1. Small homes1. A basic firewall or a unified threat management system.2. For Windows users, basic Antivirus software. An anti-spyware program would also be a good idea. There are many other types of antivirus or anti-spyware programs out there to be considered.3. If using Wireless: Change the default SSID network name, also disable SSID Broadcast; as this function is unnecessary for home use.4. Enable MAC Address filtering to keep track of all home network MAC devices connecting to your router.5. Assign STATIC IP addresses to network devices.6. Disable ICMP ping on router.7. Review router or firewall logs to help identify abnormal network connections or traffic to the Internet.8. Use passwords for all accounts.10. Raise awareness about information security to children.3.2. Medium businesses1. A fairly strong firewall or Unified Threat Management System2. Strong Antivirus software and Internet Security Software.3. For authentication, use strong passwords and change it on a bi-weekly/monthly basis.4. When using a wireless connection, use a robust password.5. Raise awareness about physical security to employees.6. Use an optional network analyzer or network monitor.7. An enlightened administrator or manager.3.3. Large businesses1. A strong firewall and proxy to keep unwanted people out.2. A strong Antivirus software package and Internet Security Software package.3. For authentication, use strong passwords and change it on a weekly/bi-weekly basis.4. Exercise physical security precautions to employees.5. Prepare a network analyzer or network monitor and use it when needed.6. Implement physical security management like closed circuit television for entry areas and restricted zones.7. Security guards can help to maximize security.3.4. School1. An adjustable firewall and proxy to allow authorized users access from the outside and inside.2. Strong Antivirus software and Internet Security Software packages.3. Wireless connections that lead to firewalls.4. Childrens Internet Protection Act compliance.5. Supervision of network to guarantee updates and changes based on popular site usage.6.