计算子专业英语第八章.ppt

1、Part Eight Computer Security,Passage A Computer Security Passage B Firewall Passage C Computer Virus Passage D Encryption Reading Material 40 Million People Hacked,Passage A Computer Security Along with the rapid development of the network, computer security is becoming a potentially huge problem. A

2、s more people are logging onto the Internet everyday, computer security becomes a larger issue. 1. What is computer security? Computer security is the process of preventing and detecting unauthorized(未经认证的) use of your computer. Prevention measures help you to stop unauthorized users(also known as “

3、intruders”) from accessing any part of your computer system. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, and what they may have done.,We use computers for everything from banking and investing to shopping and communicating wit

4、h others through e-mail or chat programs. Although you may not consider your communications “top secret”, you probably do not want strangers reading your E-mail, using your computer to attack other systems, sending forged e-mail from your computer, or examining personal information stored on your co

5、mputer (such as financial statements).1 2. Who would want to break into our computer? Intruders (also referred to as hackers(骇客)(Figure 8-1), attackers(攻击者), or crackers) may not care about your identity(身份). Often they want to gain control of your computer so they can use it to launch(发动) attacks o

6、n other computer systems.,Having control of your computer gives them the ability to hide their true location as they launch attacks, often against high-profile computer systems such as government or financial systems. Even if you have a computer connected to the Internet only to play the latest game

7、s or to send e-mail to friends and family, your computer may be a target.2 Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data.3,Figure 8-1 Hacker,3. How easy is it to break into my computer? Unfortun

8、ately, intruders are always discovering new vulnerabilities(弱点) (informally called “holes”(漏洞) to exploit(开拓) in computer software. The complexity of software makes it increasingly difficult to thoroughly test the security of computer systems. When holes are discovered, computer vendors will usually

9、 develop patches to address the problem(s). However, it is up to you, the user, to obtain and install the patches, or correctly configure the software to operate more securely. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrato

10、rs(管理员) and users kept their computers up-to-date with patches and security fixes.,4. How to prevent exploitation of the vulnerabilities of computing systems? The goal of computer security is to institute controls that preserve secrecy，integrity(完整性)，and availability Sometimes these controls are abl

11、e to prevent attacks；other less powerful methods can only detect a breach(侵害) as or after it occurs. In this section we will survey the controls that attempt to prevent exploitation of the vulnerabilities of computing systems (1) Encryption. The most powerful tool in providing computer security is c

12、oding(编码)By transforming data so that it is unintelligible to the outside observer，the value of an interception and the possibility of a modification(修改) or a fabrication(伪造,物) are almost nullified.4 Encryption provides secrecy for dataAdditionally，encryption can be used to achieve integrity，since d

13、ata that cannot be read generally also cannot be changedFurthermore，encryption is important in protocols，which are agreed-upon sequences of actions to accomplish some taskEncryption is an important tool in computer security，but encryption does not solve all computer security problems (2) Software Co

14、ntrols. Programs themselves are the second link in computer security. Programs must be secure enough to exclude outside attack. Software controls may use tools such as hardware components，encryption，or information gathering. Software controls generally affect users directly，and so they are often the

15、 first aspects of computer security that come to mind.5,(3) Hardware Controls. Numerous hardware devices have been invented to assist in computer security. These devices range from hardware implementations of encryption to locks limiting access to theft protection to devices to verify users identiti

16、es. (4) Overlapping(重复) Controls. Several different controls may apply to one exposureFor example，security for a microcomputer application may be provided by a combination of controls on program access to the data，on physical access to the microcomputer and storage media，and even by file locking to

17、control access to the processing programs. 6,(5) Periodic Review. Few controls are permanently effectiveJust when the security specialist finds a way to secure assets against certain kinds of attacks，the opposition doubles its efforts in an effort to defeat the security mechanismThus，judging the eff

18、ectiveness of a control is an ongoing(不间断的) task. Computer security is an important issue. Many methods, for securing computers, have been found out by security specialist. What computer users need to do is choosing the methods.,Key Words and Expressions hacker hk n. 热心于使用电脑的人; 企图不法进入别人有权 益之电脑系统的人(俗

19、称“骇客”或“黑客”) attacker tk n. 攻击者; 进攻者; 抨击者 cracker krk n. (淡或咸的)薄脆饼干; 破碎器; 吹牛者 identity aidentiti n. 身份; 本身; 本体; 个性, 特性 launch l:nt vt. 发射; 发动(战争等) vi. 开始; 积极投入; 下水; 出海 unauthenticated n:entikeitid adj. 未经证实的, 未经鉴定的, 不可靠的 ongoing ngui adj. 前进的; 不间断的 n. 前进; 举止; 事态 target t:git n. 目标, 对象, 靶子,administrat

20、or dminstreit n. 管理员 exploitation eksplitein n. 开发; 开采; 利用; 剥削; 广告推销 vulnerability vlnrbiliti n. 易受伤; 易受责难; 弱点 exploit iksplit vt. 剥削; 利用; 开发, 开拓 n. 功绩, 功勋 integrity integriti n. 正直; 廉正; 完整; 完善; 健全 breach bri:t n. 破坏, 违反; 侵害; 裂痕; 缺口 vt. 破坏, 违反; 侵害; 突破 coding kudi vt. 编码 modification mdifikein n. 修改;

21、 改变; 缓和; 减轻; 修改后 的形式, 变形 fabrication fbrikein n. 制造; 组建; 构造物; 捏造; 虚构物 overlapping uvlpi vt. 与部分重叠; 与部分同时发生 vi. 部分重叠,Notes 1 Although you may not consider your communications “top secret,” you probably do not want strangers reading your E-mail, using your computer to attack other systems, sending for

22、ged e-mail from your computer, or examining personal information stored on your computer (such as financial statements). 尽管你可能不认为你的通信是高机密性的，但你也不会希望陌生人阅读你的电子邮件，用你的计算机攻击其他系统，通过你的计算机发送伪造的电子邮件，或者检查你计算机中的私人信息(例如财务状况)。,2 Even if you have a computer connected to the Internet only to play the latest games o

23、r to send email to friends and family, your computer may be a target. 即使你把计算机连入互联网只是为了玩最新的游戏或者给朋友和家人发送电子邮件，你的计算机也可能成为被攻击的目标。 3 Intruders may be able to watch all your actions on the computer, or cause damage to your computer by reformatting your hard drive or changing your data. 入侵者能监视你计算机上的所有操作，或者能

24、通过重新格式化硬盘、修改数据以破坏你的计算机。,4 By transforming data so that it is unintelligible to the outside observer，the value of an interception and the possibility of a modification or a fabrication are almost nullified 将数据进行变换，使外界看起来都是无规律的，这样截获的数据就是无用的，修改或伪造的可能性都将化为乌有。 5 Software controls generally affect users d

25、irectly，and so they are often the first aspects of computer security that come to mind 软件控制一般会直接影响用户，因而是计算机安全中首先要考虑的。,6 For example，security for a microcomputer application may be provided by a combination of controls on program access to the data，on physical access to the microcomputer and storage

26、media，and even by file locking to control access to the processing programs 例如，微机应用程序的安全可由对程序访问数据的控制以及对计算机和存储媒体的实际访问控制的组合来提供，甚至由对处理程序的控制访问文件加锁来提供。 Exercises . True or False 1. Computer security is preventing users from accessing any part of your computer system. ( ),2. The most powerful tool in prov

27、iding computer security is coding. ( ) 3. Some less powerful methods of defense are able to prevent attacks. ( ) 4. Encrypted data is unintelligible to the outside observer. ( ) 5. We cant overrate encryptions importance. ( ) 6. Ease of use and potency are often cooperative goals in the design of so

28、ftware controls. ( ) 7. Control is effective unless it is used. ( ) 8. Overlapping controls combined several different controls to one exposure. ( ),. Fill in the blanks with appropriate words or phrases found behind this excise. 1. The goal of computer security is to preserve . 2. Methods of defens

29、e provided in this text include 3. Encryption can be used to achieve of data 4. Some ensure availability of resources 5. Types of abuse in computing systems include 6. Tools used by software controls involve 7. Hardware controls include 8. Physical controls in computing systems include of important

30、software and data 9. Factors that affect the effectiveness of controls are ,10. Principle of Effectiveness means that computer security controls must be efficient enough，in terms of a. hardware components, encryption, or information gathering b. backup copies c. secrecy, integrity, and availability

31、d. frequent changes of passwords e. confident f. integrity g. awareness of problem and likelihood of use h. encryption, software controls, hardware controls, overlapping controls and periodic review i. hardware, software and data,j. time, memory space, human activity, or other resources used k. hard

32、ware implementations of encryption, locks limiting access to theft protection devices to verify users identities. l. protocols . Translate the following sentences into Chinese. 1. Detection helps you to determine whether or not someone attempted to break into your system, if they were successful, an

33、d what they may have done. 2. Most of the incident reports of computer break-ins received at the CERT/CC could have been prevented if system administrators and users kept their computers up-to-date with patches and security fixes.,Tips “Hacker” and “Hack” To the popular press, “hacker” means someone

34、 who breaks into computers. Among programmers it means a good programmer. But the two meanings are connected. To programmers, “hacker” connotes mastery in the most literal sense: someone who can make a computer do what he wantswhether the computer wants to or not. To add to the confusion, the noun “

35、hack” also has two senses. It can be either a compliment or an insult. Its called a hack when you do something in an ugly way. But when you do something so clever that you somehow beat the system, thats also called a hack. The word is used more often in the former than the latter sense, probably bec

36、ause ugly solutions are more common than brilliant ones.,按照流行的说法，“hacker”指侵入计算机的人。而从程序员的观点，它是指一个好的程序员。但这两种意思是有联系的。对于程序员，“hacker”从字面上来看暗含了统治的意思一个无论计算机想不想做都能让计算机做他所想做的事的人。 让人迷惑的是，名词“hack”也有两层意思。它不是称赞就是批评。当有人用险恶的方式做事时也被称为“hack”。但当有人用很聪明的方式击败系统时，也被称为“hack”。而前一种意思用的最多，可能是因为险恶的用心多于聪明。,Passage B Firewall 1

37、. What is a firewall? A firewall(防火墙) is a system or group of systems that enforces an access control policy between two or more networks. The actual means by which this is accomplished varies widely, but in principle, the firewall(Figure 8-2) can be thought of as a pair of mechanisms(机制): one which

38、 exists to block traffic, and the other which exists to permit traffic. 1 Some firewalls place a greater emphasis on blocking traffic, while others emphasize permitting traffic.,Figure 8-2 Firewall,What can a firewall protect against? Generally, firewalls are configured to protect against unauthenti

39、cated(未经认证的) interactive logins from the “outside” world. This, more than anything, helps prevent vandals(故意破坏者)from logging into machines on your network. More elaborate(定制) firewalls block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside

40、.2 What cant a firewall protect against? Firewalls cant protect against attacks that dont go through the firewall. Another thing a firewall cant really protect you against is traitors(叛逆者)or idiots(傻瓜) inside your network. Firewalls,cant protect against tunneling over most application protocols to t

41、rojaned or poorly written clients. Firewalls cant protect against bad things being allowed through them. Firewalls cant protect very well against things like viruses or malicious(怀恶意的) software. 2. How many types of firewalls are there? Conceptually(理论上来讲), there are three types of firewalls: networ

42、k layer, application layer, and hybrids. Network layer firewalls are also called packet filtering firewalls, because all packets that want go through the firewalls are analyzed against a set of filters. Packets that make it through the filters are sent to the requesting system and all others are dis

43、carded. Network layer firewalls are customizable, which means that you,can add or remove filters based on server conditions such as IP addresses, protocols and ports.3 A simple router is the “traditional”(传统的) network layer firewall, since it is not able to make particularly sophisticated decisions

44、about what a packet is actually talking to or where it actually came from. Modern network layer firewalls have become increasingly sophisticated(复杂的), and now maintain internal information about the state of connections passing through them, the contents of some of the data streams, and so on. Netwo

45、rk layer firewalls tend to be very fast and tend to be very transparent(透明的) to users.,Application layer firewalls generally are hosts running proxy service, which permit no traffic directly between networks, and which perform elaborate(精心) logging and auditing of traffic passing through them.4 A pr

46、oxy server (sometimes referred to as an application gateway(网关) or forwarder(传送器) is an application that mediates(调停) traffic between a protected network and the Internet. Since the proxy applications are software components running on the firewall, it is a good place to do lots of logging and acces

47、s control. Application layer firewalls tend to provide more detailed audit(审计) reports and tend to enforce more conservative(守旧的) security models than network layer firewalls.,What is the most important thing to recognize firewall? Probably the most important thing to recognize about a firewall is t

48、hat it implements(实现) an access control policy. If you dont have a good idea of what kind of access you want to allow or to deny, a firewall really wont help you. Its also important to recognize that the firewalls configuration, because it is a mechanism for enforcing policy, imposes its policy on e

49、verything behind it. Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility.5,What determine the security of firewall? The level of security you establish will determine how many of threats can be stopped by your firewall. The highest

50、 level of security would be to simply block everything. Obviously that defeats the purpose of having an Internet connection. But a common rule of thumb is to block everything, then begin to select what types of traffic you will allow. You can also restrict traffic that travels through the firewall s

51、o that only certain types of information, such as e-mail, can get through. For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a specific reason to change it.6,3. How to choose firewall product? Firewall may be hardware or software. Hard

52、ware firewall, such as router, usually is expensive and chosen by large company. Software firewall is much cheaper. ISA Server(Figure 8-3) is a popular one. Summary Firewalls can control the traffic between outside and inside. Users must know what can firewall protect and what cant, which can help u

53、sers to choose firewall product.,Figure 8-3 ISA Server 2004,Key Words and Expressions mechanism meknizm n. 机械装置, 机构, 机制 implement implimnt vt. 贯彻, 实现, 执行 n. 工具, 器具 vandal vndl n. 野蛮人; 摧残文化艺术者; 故意破坏者 elaborate ilbreit adj. 精心制作的, 定制的; 详细阐述的 vt. 精心制作, 详细阐述 unplug nplg v. 拔去(塞子, 插头等), 去掉的障碍物 traitor tr

54、eit n. 叛逆者, 叛国者 idiot idit n. 白痴, 愚人, 傻瓜 malicious mlis adj. 怀恶意的, 恶毒的 conceptually knseptuli adv. 概念地 category ktigri n. 种类, (逻)范畴,traditional trdinl adj. 传统的, 惯例的 gateway geitwei n. 门, 通路, 网关 forwarder f:wd 【计】传送器 audit :dit n. 审计, 稽核, 查账 vt. 稽核, 旁听 transparent trnspernt adj. 透明的, 显然的, 明晰的 Notes 1

55、 The actual means by which this is accomplished varies widely, but in principle, the firewall can be thought of as a pair of mechanisms: one which exists to block traffic, and the other which exists to permit traffic. 达到这个目的的方法有很多，但从原理上来讲，防火墙也可被理解为一对机制：一个用来阻止通信，另一个用来允许通信。,2 More elaborate firewalls

56、block traffic from the outside to the inside, but permit users on the inside to communicate freely with the outside. 很多定制的防火墙会阻止从外部流向内部的数据流，但是允许内部自由地访问外部。 3 Network layer firewalls are customizable, which means that you can add or remove filters based on server conditions such as IP addresses, proto

57、cols and ports. 网络层防火墙是可定制的，也就是说可以添加或删除基于服务器条件的过滤器，例如IP地址、协议或端口。,4 Application layer firewalls generally are hosts running proxy servers, which permit no traffic directly between networks, and which perform elaborate logging and auditing of traffic passing through them. 应用层的防火墙一般都是运行代理服务的主机，它们在网络之间允

58、许非直接的通信，并对网络间的流量进行精心的记录和审计。 5 Administrators for firewalls managing the connectivity for a large number of hosts therefore have a heavy responsibility. 防火墙的管理员管理着大量主机的连接，所以有很大的责任。,6 For most of us, it is probably better to work with the defaults provided by the firewall developer unless there is a s

59、pecific reason to change it. 对大部分用户而言，采用防火墙的默认设置就足够了，除非有特殊的原因才会更改默认设置。 Exercises . Choose the correct answer. 1. Router is a firewall. a. network layer b. application layer c. hybrids 2. Proxy servers is a firewall. a. network layer b. application layer c. hybrids,3. What can a firewall protect against? _ a. unauthenticated interactive logins from the “outside” world b. packets dont go through the