版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、We know, information security is so important in our life. Then,it is necessary to know what is information security, and how to guarantee it .Information securityHQYUNNAN UNIVERSITYMain contentsBasic concepts and principles 1Security issues and threatens2Security policy and technology3Popular falla
2、cies and strategies41. Basic concepts and principlesInformation security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.Three core principles: confidentiality, integrity and avail
3、ability. 1. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. 2. Integrity means that data cannot be modified undetectably. 3. Availability: For any information system to serve its purpose, the information must be available when it is n
4、eeded.Security classification for informationThe type of information security classification labels selected and used will depend on the nature of the organisation, look the following examples:1.In the business sector, labels such as: Public, Sensitive, Private, Confidential(保密).2.In the government
5、sector, labels such as: Unclassified, Sensitive But Unclassified, Restricted(限制), Confidential(机密), Secret, Top Secret(绝密) and their non-English equivalents.3.In cross-sectoral formations(跨部门的单位), the Traffic Light Protocol, which consists of: White, Green, Amber(黄色) and Red. Three phasesWe learn in
6、formation security through three phases: data security (emphasis on secure communications)network and information security era (emphasis on network environment) the current era of information assurance (emphasis it can not be passive protection, the need for protection - detection - reaction - resto
7、re, four links). 2. Security problems and threatensMajor problemscyber attacks and attack detection, prevention issues 网络攻击与攻击检测、防范问题 security vulnerabilities and security countermeasures problem 安全漏洞与安全对策问题 Information Security issues security problems within the system 系统内部安全防范问题 problem防病毒问题 data
8、 backup and recovery issues, disaster recovery issues 数据备份与恢复问题、 灾难时恢复问题Security threatens (1) Information disclosure: information is leaked or disclosed to a non-authorized entities. (2) damage to the integrity of information: data is carried out unauthorized deletion, modification or destruction a
9、nd loss. (3) denial of service: information or other resources on the legal access is unconditionally blocked. (4) unlawful use of (unauthorized access): a resource is a non-authorized persons, or unauthorized use. (5) tapping(窃听): Using a variety of possible legal or illegal means to steal system i
10、nformation resources and sensitive information. (6) business flow analysis(业务流分析): long-term monitoring of the system by using the statistical method, which found valuable information and laws. (7) Passing: deception through communications system to impersonate a legitimate user of illegal users. Mo
11、st hackers are using fake attack.(8) Trojan horse(特洛伊木马): an aware of the software contains no harmful block, when it is executed, will destroy the users security. This application is called Trojan horse. (9) Computer virus: A computer system is running against infection and functions to achieve the
12、 program.(10) Physical invasion(物理侵入): to bypass the physical control of the intruder to gain access to the system. ExamplesComputer viruses Network Worms 网络蠕虫Pop-Ups 插入式网络广告Trojan Horses 特洛伊木马Spam 垃圾电子邮件Password Grabbers 密码采集卡Password Crackers 密码破解Hijacked Home Pages 劫持主页DID YOU KNOW?In 1980 a comp
13、uter cracked a 3-character password within one minute.In 1999 a team of computers cracked a 56-character password within one day.(一天之内破获56个字符的密码)In 2004 a computer virus infected 1 million computers within one hour.A computer program Tells a computer what to do and how to do it.Computer viruses, net
14、work worms, Trojan Horse These are computer programs.DIFFERENCES 1) Computer Virus:Needs a host file2) Network Worm:No host (self-contained) Copies itself ExecutableCopies itselfExecutable3) Trojan Horse: No host (self-contained)Does not copy itselfImposter ProgramTYPICAL SYMPTOMSFile deletionFile c
15、orruption 文件损坏Visual effectsPop-Ups 弹出窗口Erratic (and unwanted) behavior不稳定(和不必要的)的行为Computer crashes 死机Why Do We Have This Problem?Software companies rush products to the consumer market (“No program should go online before its time”) Recycling old code reduces development time, but perpetuates(永存)
16、old flaws(缺陷).AND A FEW MORE REASONSMarket share(占有率) is more important than securityInterface(界面) design is more importantthan securityNew feature designs are more important than securityEase of use is more important than securityA Trojan Horse exploits computer ports letting its “friends” enter, a
17、ndSecurity patches often close computer ports and vulnerabilitiesMORE ON THE HORSE.“once a thief gets into your house he opens a rear window for his partners”3. security policy and technology1、Security Policy2、DG map document encryption (图文档加密)3、advanced information security technology 4、strict safe
18、ty management5、formulated strict laws and regulations (制订严格的法律、法规)6、secure operating systemTechnical Overview(简介) Security technology, strictly speaking only three categories: hiding, access control and cryptography(密码学).Currently, more popular technonogies in the market and who can represent the di
19、rection of future development of security products generally have the following categories: 1. user authentication(身份认证): the first is the security door, a variety of security measures can play a role in the premise, authentication technologies. 2. firewall : Firewall is a form of access control pro
20、ducts. It can prevent unsafe access to the internal to external.3. Network Security Isolation(隔离).4. Virtual Private Network ( VPN ).5. Security Server : a LAN security server mainly for internal information storage, transmission security issues . 6. Electronic Travel agencies(签证机构) - CA and PKI pro
21、ducts.7. Security Management Center8. Intrusion Detection System ( IDS ) 入侵检测系统9. Intrusion Prevention System ( IPS ) 入侵防御系统10. Safety Database11. secure operating system12. DG map document encryption4. Popular fallacies and StrategiesIf I never log off then my computer can never get a virusIf I loc
22、k my office door then my computer can never get a virusCompanies create viruses so they can sell anti-virus softwareMy ISP will protect me?Microsoft will protect meISP:互联网服务供应商AND A FEW MORE.I got this disc from my (mother, boss, friend) so it must be okayYou cannot get a virus by opening an attachment from someone you knowBut I only downloaded one fileYou can catch a cold from a computer virusMy friend who knows a lot about computers showed me this is really a cool siteStrategies :BACK IT UP!Offline copies
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2026浙江宁波市慈溪市浒山街道实验幼儿园教育集团教职工招聘笔试题库附完整答案详解【网校专用】
- 宜宾市2025四川宜宾市高县农富文化旅游有限责任公司第一次招聘招聘岗位笔试历年参考题库典型考点附带答案详解
- 天津市2025天津华北地质勘查局所属事业单位第一批招聘高层次人才16人笔试历年参考题库典型考点附带答案详解
- 四川省2025年四川乐至县引进急需紧缺专业人才笔试历年参考题库典型考点附带答案详解
- 乌当区2025贵州贵阳市乌当区农业农村局招聘驻嘉旺屠宰场动物检疫协检人员笔试历年参考题库典型考点附带答案详解
- 宜昌市西陵区招聘社区专职工作人员笔试真题2025
- 2026内蒙古赤峰大学附属中学通过绿色通道引进高中物理教师1人笔试题库含完整答案详解(名校卷)
- 2026中国民航大学高层次人才招聘(常年有效)备考题库附参考答案详解(完整版)
- 建筑工程概预算b试题及答案
- 装卸作业考核试题及答案
- 2026年交管12123学法减分复习考试题库带答案(培优)
- TCBDA63-2022建筑装饰室内石材及瓷板干挂技术规程
- DB21T 4090-2025市政工程文件编制归档规程
- 汇文中学分班试题及答案
- 海事集装箱装箱检查员考试题库及答案
- 履行行政协议决定书范文格式
- 广州市荔湾区白鹤洞街道公开招考1名合同制工作人员管理单位遴选500模拟题附带答案详解
- DBJT13-24-2017 福建省建筑幕墙工程质量验收规程
- GB/T 44373-2024智能网联汽车术语和定义
- 北师大版四年级下小数简便运算练习题
- 沪教版三年级下册数学计算题400道及答案
评论
0/150
提交评论