1、翻译计算机网络安全与防范1.1引言计算机技术的飞速发展提供了一定的技术保障,这意味着计算机应用已经渗透到社会的各个领域。在同一时间,巨大的进步和网络技术的普及,社会带来了巨大的经济利润。然而,在破坏和攻击计算机信息系统的方法已经改变了很多的网络环境下,网络安全问题逐渐成为计算机安全的主流。1.2网络安全1.2.1计算机网络安全的概念和特点计算机网络的安全性被认为是一个综合性的课题,由不同的人,包括计算机科学、网络技术、通讯技术、信息安全技术、应用数学、信息理论组成。作为一个系统性的概念,网络的安全性由物理安全、软件安全、信息安全和流通安全组成。从本质上讲,网络安全是指互联网信息安全。一般来说,
2、安全性、集成性、可用性、可控性是关系到网络信息的相关理论和技术,属于计算机网络安全的研究领域。相反,狭隘“网络信息安全”是指网络安全,这是指保护信息秘密和集成,使用窃听、伪装、欺骗和篡夺系统的安全性漏洞等手段,避免非法活动的相关信息的安全性。总之,我们可以保护用户利益和验证用户的隐私。计算机网络安全有保密性、完整性、真实性、可靠性、可用性、非抵赖性和可控性的特点。隐私是指网络信息不会被泄露给非授权用户、实体或程序,但是授权的用户除外,例如,电子邮件仅仅是由收件人打开,其他任何人都不允许私自这样做。隐私通过网络信息传输时,需要得到安全保证。积极的解决方案可能会加密管理信息。虽然可以拦截,但它只是
3、没有任何重要意义的乱码。完整性是指网络信息可以保持不被修改、破坏,并在存储和传输过程中丢失。诚信保证网络的真实性,这意味着如果信息是由第三方或未经授权的人检查,内容仍然是真实的和没有被改变的。因此保持完整性是信息安全的基本要求。可靠性信息的真实性主要是确认信息所有者和发件人的身份。可靠性表明该系统能够在规定的时间和条件下完成相关的功能。这是所有的网络信息系统的建立和运作的基本目标。可用性表明网络信息可被授权实体访问,并根据自己的需求使用。不可抵赖性要求所有参加者不能否认或推翻成品的操作和在信息传输过程中的承诺。处理不可抵赖性的措施之一是使用数字签名技术。可控性指示控制网络信息传输和内容的能力上
4、。例如,禁止违法和不良信息通过公共网络传输。1.3计算机网络所面临的威胁计算机网络所面临的各种威胁有:恶意攻击,泄漏软件,计算机病毒和自然灾害。1.3.1恶意攻击恶意攻击被认为是计算机网络的严重威胁之一。根据建议可以将人为破坏分为主动攻击和被动攻击。主动攻击旨在破坏网络和信息,通常使用的方式有修改、删除、弄虚作假、欺骗、病毒和逻辑炸弹。一旦成功,它可能会停止网络系统的运行,甚至整个系统的瘫痪。被动攻击是为了获取信息,这通常是进行窃取秘密信息,我们知道的,如在不影响正常运行的情况下进行的窃取贸易和商业秘密、项目计划、投标数字和个人信息。恶意攻击,不管是模仿或者被动,都可能会损坏严重的电脑网络,导
5、致机密数据的泄漏,最终造成不可挽回的损失。1.3.2软件的泄漏和后门(计算)有两种软件泄漏:一种是通过建议精心设计来控制系统和窃取信息为将来使用所准备,另一种是意外,比如因为设计师的疏忽或其他技术元素。然而,由于这些漏洞的存在导致了严重的隐藏的网络安全威胁。例如,为了方便地进入操作系统开发者没有为系统设置进入密码,这将为黑客提供进入系统的通道。进行作业系统时,一些系统进程一直在等待某些条件,一旦一次满意的条件下出现,这一进程将继续运行,这也可以被黑客利用。否则,虽然一直保持保密,由程序员设置了供自己使用的一些后门程序(计算),如果它们泄露出去,或由其他人发现这可能会带来巨大的损害和信息丢失。1
6、.3.3计算机病毒破坏网络安全计算机病毒是一个专门的计算机程序,它通过各种渠道比如磁盘,光盘和计算机网络进行复制和传播。它在20世纪80年代首先发现,到现在的数字已经提高到世界各地的10,000多个。同时,隐瞒、传染和破坏也进一步发展。随着互联网的飞速发展,计算机病毒的扩散速度已经在很大程度上加快,大大破坏和传染世界各地资源。这场灾难对每一个国家和整个世界的信息系统产生了一个严重的影响。美国大约63%的计算机被传染了病毒, 9的情况下已经导致了超过10万美元的损失,根据著名的MIS系统管理和数据任务营销公司进行的研究。在1996年,计算机病毒已经造成美国制造业大1亿美元的经济损失。互联网提供了
7、计算机病毒容易扩散的环境,同时增加了消灭他们的困难。计算机病毒的传播,不仅破坏网络,也使网络信息泄漏。计算机病毒已经严重威胁到网络安全,特别是专用网络。病毒代码很小,通常附在其他文件或程序末尾,因此它们很容易隐藏在系统内部。病毒的自我复制能力使其在网络上传播时能够传染给其他文件和程序,病毒一旦扩散到网络上就非常难以追踪了。1987年,计算机病毒在美国四处蔓延,而且第一种计算机病毒“小球”在当年年底传播到我国。从那以后,已经发现进口和国内的病毒。迄今为止,计算机病毒已经增加到20,000多种;其中90以上能攻击微型计算机。病毒的基本特征有:(1) 传染:计算机病毒作为一个程序,能自我复制到其他正
8、常程序或者系统的某些部件上,例如磁盘的引导部分。这是病毒程序的基本特征。随着网络日益广泛发展,计算机病毒能够在短时间内通过网络广泛传播。(2) 潜伏:隐藏在受感染系统内的病毒并不立即发作;相反,在它发作前,需要一定时间或具备某些条件。在潜伏期内,它并不表现出任何扰乱行动,因此很难发现病毒并且病毒能够继续传播。一旦病毒发作,它能造成严重破坏。(3) 可触发性:一旦具备某些条件,病毒便开始攻击。这一特征称作可触发性。利用这一特征,我们能控制其传染范围和攻击频率。触发病毒的条件可能是预设的日期、时间、文件种类或计算机启动次数等。(4) 破坏:计算机病毒造成的破坏是广泛的它不仅破坏计算机系统、删除文件
9、、更改数据等,而且还能占用系统资源、扰乱机器运行等。其破坏表现出设计者的企图。通过我们已经学过的知识,我们知道病毒有如下的分类:(1) 按寄生分类按寄生,计算机病毒可分成引导病毒、文件病毒和混合病毒。引导病毒:指寄生在磁盘引导部分的那些计算机病毒。它是一种常见病毒,利用计算机系统通常不检查引导部分的内容是否正确的弱点,并且留存在内存中,监视系统运行,一有机会就传染和破坏。按寄生在磁盘的位置,它能进一步分成主引导记录病毒和段引导记录病毒。前者传染硬盘的主引导部分,例如“marijuana”病毒、“2708”病毒、“porch”病毒;段记录病毒传染硬盘上的常用段记录,例如“小球”病毒、“女孩”病毒
10、等。(2) 按后果分类从后果看,计算机病毒能分成“良性”病毒和“恶性”病毒。“良性”病毒将破坏数据或程序,但不会使计算机系统瘫痪。这种病毒的始作俑者大多是胡闹的黑客他们创造病毒不是为了破坏系统,而是为了炫耀他们的技术能力;一些黑客使用这些病毒传播他们的政治思想和主张,例如“小球”病毒和“救护车”病毒。“恶性”病毒将破坏数据和系统,导致整个计算机瘫痪,例如CHI病毒,“Porch”病毒。这些病毒一旦发作,后果将是无法弥补的。应当指出,“危险”是计算机病毒的共同特征。“良性”病毒并非完全不造成危险,而只是危险后果相对较轻。“良性”只是一个相对概念。事实上,所有计算机病毒都是恶性的。1.4计算机网络
11、安全防范措施为了保护网络资源,我们应该指导一些管理和合理的说明。此外,我们必须进行有关的技术措施,旨在解决网络安全中存在的问题,实现网络和数据的保护。在此之后,可以保证定期循环,可以确保合法用户的利益。目前,处理网络安全的措施如下:防火墙技术,加密技术,访问控制技术和病毒防护技术。1.4.1防火墙技术在目前保护计算机网络安全的技术措施中,防火墙可以分割本地网络和主网络,在保护网络和外部网络之间限制信息访问和传输。防火墙是关闭在网络拓扑结构和服务上不安全因素来提高网络的工具。它保护的对象之一就是明确在网络接近临界点的模块,而它远离是外部威胁来保护网络。因此,在公司它首先是适合在专门的网络,尤其是
12、连接公共网络。防火墙三个的基本功能如下:过滤。它可以拒绝未经授权的电脑主机发送TCP / IP协议数据,并拒绝接受未经授权的服务链接要求。网络地址转换。翻译内部主机的IP地址以避免通过外部监视器被检测,或者我们可以说成IP伪装。代理服务。代表主机电脑应用方面具有较高水平,能够完全中断连接之间的跨主机和外部网络层。我们应该更加注重的是没有防火墙可以提供绝对的保护。防火墙具有边界,其中包括来自防火墙外部其他攻击方式的无用保护;难以阻止病毒污染的软件或文件的传输,几乎没有拒绝构成内部用户的威胁;几乎可以防止运行数据的攻击。此外,由于防火墙的安全政策在公司是由网络管理员来控制的,所以他的道德标准似乎更
13、为重要。1.4.2 加密技术加密的目的是为了保护数据、文件、密码和网络上的控制信息,以及保护网络上数据传输。这个过程实际上是进行了各种加密算法,用最低的成本获得一些保护。在大多数情况下,加密是保证信息保密性和重要性的唯一途径。加密系统可以根据分类代码之间信息的发送者和接受密码的方式,通常被划分成对称加密代码(单个键)和公共加密代码(双击键),如典型的代表DES和RSA。伴随着高加密产生的优势之一是对称加密代码管理与安全方式传输信息的难度。公众的加密代码的优势是它可以适用于网络不限成员名额的要求,并实现数字签名和验证。然而,复杂的算法将使数据加密速度放缓。随着现代电子技术和加密技术的发展,公共密
14、码编码算法将逐渐成为网络安全加密系统的主流。人们通常将常规密码和公共密码在网络安全中一起同应用。常规的网络数据加密具有链路、节点和端到端的方式。作为最常用的加密方式,链路加密可以通过链路层和物理层在网络和硬件条件下实现。它用来保护通信节点传输的数据,对用户是透明的。节点加密提高了链路加密和克服链路加密很容易被非法访问的缺陷。它也可以在协议传输层加密,使原始节点和目的节点之间传输的数据进行加密保护。端到端的加密是在网络层,在表示层中的网络和数据传输加密具有高水平的水准,而不是低级别的协议信息。相比链路加密它往往是由软件完成,它具有较低的成本和更高的安全性。1.4.3访问控制技术它是网络安全防范和
15、保护的主要技术。并且关键的任务是确保网络资源不会被非法使用和访问。此技术规范每一个文件和资源,比如可读、可录制和可以修改用户的操作权限。据预计,所有的信息资源可以集中管理,没有任何含糊和以往法规之间也没有冲突。它应该与审计功能记录所有活动作进一步检查,以及提供微控制。为了保障网络系统的安全性和保护网络资源,访问控制技术是保障网络安全的最重要的核心的之一。1.4.4病毒防范技术目前,日益发达的网络技术提供了多种方式的传输,使病毒的极大威胁网络安全与传播的多元化路线。专门的反病毒软件可以被认为是以最常用的方式驱逐电脑病毒,它还可以自动检测和删除在内存、BIOS和磁盘中的病毒。然而,反病毒软件的探索
16、和更新总是远远落后于新病毒的出现,所以它有时可能不能够检测或删除一些病毒。尽管反病毒软件的版本已日益更新和功能大大提高,带有病毒的程序和常规程序有共同的相似性和特异性目标。更重要的是,人们很难预测病毒在未来如何发展和变化,所以我们在探索软件和反病毒硬件设备的时候也有巨大的困难。此外,一旦病毒成功通过穿过系统或违反授权攻击,攻击者通常植入木马程序或者系统逻辑炸弹来为下一步攻击系统提供便利条件。互联网正在挑战很多的反病毒软件。如今,每天都会有几十种新病毒出现,其中大多数是通过互联网传播。为了有效地保护企业的信息化,防病毒软件应该支持所有的因特网协议及可用于所有的企业的邮件系统,保证它能够及时申请和
17、跟上不断变化的世界步伐。有些像诺顿的防病毒软件,McAfee公司做出了很大的进展。不仅有效地切断病毒访问,而且可以保护企业和其他方面避免病毒的爆发和造成经济损失。1.5总结随着计算机技术的飞速发展,计算机已成为一种工具,同时网络已经成为我们的日常工作、学习和生活中的重要组成部分之一。因此,网络安全技术已成为信息网络发展的关键点。当人们踏进信息社会第一步的时候,它已变得对社会发展具有重大的战略意义。网络安全技术是保证社会发展不可替代的保证。中国仍然处于网络安全探索和信息网络技术产品探索的原始阶段,这意味着我们应该大力地研究、开发、探索确保信息安全的措施,从而促进了国民经济的快速发展。附件1:外文
18、原文Security and Precaution On Computer Network1.1 INTRODUCTIONThe rapid development of computer technology has provided certain technological protection, which means computer application has infiltrated into various fields of society. At the same time, enormous progress and popularization of network
19、technology has brought large economic profits to the society. However, ways to sabotage and attack computer information system has changed a lot under the network circumstance which gradually makes network security issues the mainstream of computer security.1.2 NETWORK SECURITY1.2.1 Concept and char
20、acteristics of computer network security.Computer network security is considered to be a comprehensive subject that consists of various ones, including computer science, network technology, communication technology, information security technology, applied mathematics and information theory. As a sy
21、stemic concept, network security is composed by physical security, software security, information security and circulation security. Essentially, network security means Internet information security. Generally speaking, relevant theory and technology on security, integration, availability, and contr
22、ollability that is related to network information belong to research fields of computer network security. On the contrary, narrowly, network information security means security of relevant information on network, which is to protect the information secret and integration, avoiding illegal activities
23、 by using system security vulnerabilities made to wiretap, pretend, spoof and usurp. Above all, we can protect validated users profits and privacy.Computer network security is characterized by privacy, integrity, facticity, reliability, availability, non-repudiation and controllability.Privacy refer
24、s to network information will not be leaked to non-authorized users, entities or procedures, but only for authorized users, for example, mails can merely be opened by addressees, anyone else are not allowed to do that privately. When transferring information with network, privacy needs to be guarant
25、eed. Positive solution might be made to encrypt management on information. Although one can intercept that, its just insignificant Unicode without ay importance.Integrity means network information can be kept not being modified, sabotaged and lost in the process of storage and transmission. Integrit
26、y guarantees facticity, which means if the information is checked by the third party or non-authorized person, the content, is still for real, not being changed. So keeping integrity is the basic requirement for information security.Facticity points to reliability on information, mainly confirms ide
27、ntities of information owner and sender. Reliability indicates that system can accomplish regulated functions with stated conditions and limited time. Its the basic aim for all network information system establishment and operation.Availability shows that network information can be visited by author
28、ized entities and be used according to their demand.Non-repudiation requires all participants that can not deny or repudiate the finished operations and promises in the process of transferring information. One of the measures to deal with non-repudiation is to use digital signature technology. Contr
29、ollability directs at the ability of controlling network information transmission and content. For instance, illegal and unhealthy information are forbidden to transfer through public network.1.3 Treats faced by computer networkThere are various threats confronted by computer network: hostile attack
30、, software leak, computer virus and natural disaster.1.3.1 Hostile attackHostile attack is considered to be one of the serious threats for computer network. Its a man-made destruction with propose that can be divided into initiative attack and passive attack. Initiative attack aims to wreck network
31、and information, usually using ways of modification, delete, falsifications, deception, virus and logical bombs. Once succeed, it could stop operation of network system, even a paralysis of overall system. Passive attack is to get information, which is usually conducted to steal secret information t
32、hat on one is aware of, such as business and trade secret, project plan, bid figures and personal information, without affecting regular operation. Hostile attack, both imitative and passive, could damage badly computer network, lead to leaks of confidential data, finally cause irreparable lost.1.3.
33、2 Software leak and backdoor (computing)There are two kinds of software leaks: one is made by propose, which is intently designed to control system and steal information for the future use; the other one is accidentally made because of negligence or other technological elements by designers. However
34、, the existence of these leas bought serious security hidden dangers to network. For example, for providing convenient access to the system developers without setting up entrance password for system operation will offer channels for hacker as well. When conducting operation system, some system proce
35、sses are always waiting certain conditions, once the satisfied conditions appear the process will go on running, which can also be used by hackers. Otherwise, although have been kept for secrets, some backdoors (computing) set up by programmers for accommodating themselves will possibly bring large
36、damages and lost if they are leaked out or found by others.1.3.3 Damages to network security by computer virusComputer virus is a specially programmed computer process that can be copied and transmitted through various channels, such as disk, CD and computer network. It was firstly discovered in 198
37、0s, and up to now the figures have been to more than 10,000 around the world with high increasing. Meanwhile, the concealment, contamination and destruction are also further developed. With the rapid development of Internet, diffusion rate of computer virus has been accelerated largely, destructed g
38、reatly and contaminated heavily all over the world. This disaster had a serious influence on information system for every country and the whole world. About 63% of computers in America had been infracted by computer virus, and 9% of cases had caused more than US$100,000 damages, according to the res
39、earch carried out by famous MIS Manages and Data Quest marketing company. In 1996, computer virus had damaged US$I 00,000,000 economic lost to American manufacturing industry. Internet has provided easy-diffused environment for computer virus, at the same time increased the difficulty in exterminati
40、ng them. The transmission of computer virus not only produces network destruction, but also the leaks of network information. Computer virus has been a grave threat to network security, especially to the dedicated network.Virus code is very small, usually attached to other documents or procedures at
41、 the end, so they can easily hide in the system. Ability to self-replicating virus on the network so that it can spread infection to other documents and procedures, once the virus spread to the network very difficult to track down.In 1987, computer viruses spread in the United States. The first comp
42、uter virus small ball at the end of the year spread to our country. Since then, has found a virus imported and domestic. So far, computer viruses have risen to more than 20,000 kinds; which can attack more than 90% of micro-computer. The characteristics of computer viruses are:(1) infection: a compu
43、ter virus as a program that can replicate itself to other normal procedures or systems of certain components, such as the disk part of the guide. This is the basic characteristic of the virus program. With the increasingly extensive network development, computer viruses can be widely disseminated th
44、rough the network in a short time.(2) latent: hidden in the infected system the virus does not immediately attack; the contrary, in its pre-attack, the need for a certain period of time or have certain conditions. Within the incubation period, it does not show any disruption of operations, making it
45、 difficult to find the virus and the virus can continue to spread. Once a virus outbreak, it can cause serious damage.(3) can be triggered: Once certain conditions, the virus began to attack. This feature can be triggered is called. Take advantage of this characteristic, we can control its transmiss
46、ion range and frequency of attacks. Conditions may trigger the virus is the default date, time, file type or frequency of the computer to start.(4) damage: the damage caused by computer viruses are a wide range of - it not only undermines the computer system, delete files, change data, but also occu
47、pied system resources, such as disruption of the machine running. Its destruction of the designers attempt to show.By using the knowledge that we have learned, we can know the Computer Virus Classification as follows:(1) by the parasitic CategoryBy parasitic, computer viruses can be divided into lea
48、d-virus, file virus and mixed virus. Boot virus parasites in the disk guide meaning those parts of a computer virus. It is a common virus, the use of computer systems do not usually check the guide part of the content is correct weaknesses, and retained in memory and monitor system operation, one ha
49、s the opportunity to infection and destruction. According to the location of parasites in the disk, it can further be divided into the Master Boot Record boot record viruses and paragraph virus. The former master boot hard drive transmission parts, such as marijuana virus, 2708 virus, porch virus; Record paragraph of transmission of the virus commonly used hard drive R